This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
31
Installation and Upgrades / Re: odd issue with bind?
« on: January 11, 2022, 11:34:42 pm »
Thanks for the reply, it seems that changing the DNS forwarders to my pfsense seemed to fix the issue
32
Installation and Upgrades / Re: odd issue with bind?
« on: December 27, 2021, 07:01:46 pm »
Thanks for the reply,
This is my config i currently i have
its currently trusted
This is my config i currently i have
its currently trusted
Code: [Select]
options {
sortlist {
192.168.1.0/24;
};
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
//query-source address * port 53;
//transfer-source * port 53;
//notify-source * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
forward first;
forwarders {
8.8.8.8;
};
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
auth-nxdomain no; # conform to RFC1035
allow-query { any; };
allow-recursion { trusted; };
allow-query-cache { trusted; };
allow-transfer { internal-local-nets; };
};
logging { category lame-servers { null; }; };
33
Installation and Upgrades / odd issue with bind? (solved)
« on: December 21, 2021, 05:25:50 am »
Hi i was wondering if someone else has had this issue before,
Recently the server was working fine but im getting to see this error
its when i try to connect to VPN which i use openvpn pfsense, whcih it does not let me navigate, but whats odd it was working fine before
Recently the server was working fine but im getting to see this error
Code: [Select]
root@apolo:~# service bind9 status
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-12-20 23:13:55 -05; 8min ago
Docs: man:named(8)
Main PID: 2774 (named)
Tasks: 4 (limit: 2279)
CGroup: /system.slice/bind9.service
└─2774 /usr/sbin/named -f -u bind -4
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied
its when i try to connect to VPN which i use openvpn pfsense, whcih it does not let me navigate, but whats odd it was working fine before
34
Directory and Authentication / Re: Netlogon? Scripts
« on: December 09, 2021, 03:43:04 pm »
Thanks for the reply,
so i fixed the permission issue
currently logged in as admin in the windows machine but not getting the net logon im attaching pictures
https://imgur.com/rGULNnK.png
so i fixed the permission issue
currently logged in as admin in the windows machine but not getting the net logon im attaching pictures
https://imgur.com/rGULNnK.png
35
Directory and Authentication / Re: Netlogon? Scripts
« on: December 09, 2021, 05:05:43 am »
so it seems an issue with the netlogon it says that i do now have permission which is odd any ideas?
36
Directory and Authentication / Re: Zentyal's Samba 4.11 not compatible with AD 2012R2 for some reason?
« on: December 09, 2021, 01:11:29 am »
go with 6.2 zentyal i have it working with windows server 2012r2 and 2019
37
Directory and Authentication / Netlogon? Scripts
« on: December 09, 2021, 01:10:15 am »
Hi
I was wondering if zentyal is compatible with netlogon script
Currently i have a windows server 2012r2 and were using netlogon which is a script, this is part of the script
when i try to access the zentyal server though the shares dont see the netlogon folder
Thank you
I was wondering if zentyal is compatible with netlogon script
Currently i have a windows server 2012r2 and were using netlogon which is a script, this is part of the script
Code: [Select]
@echo off
rem desconecte las unidades de red
net use f: /delete
net use g: /delete
net use h: /delete
net use i: /delete
net use j: /delete
net use k: /delete
net use l: /delete
net use m: /delete
net use n: /delete
net use o: /delete
net use p: /delete
net use q: /delete
net use r: /delete
net use s: /delete
net use t: /delete
net use u: /delete
net use v: /delete
net use x: /delete
net use y: /delete
if not exist g:\ net use G: "\\192.168.3.81\unidadg"
if "%1" == "administrador" goto grupo_tecnologia
:grupo_tecnologia
net use f: "\\192.168.3.81\Manifiestos"
net use H: "\\192.168.3.81\TI"
:fin
cls
exit
when i try to access the zentyal server though the shares dont see the netlogon folder
Thank you
38
Directory and Authentication / Re: Issue with Bind?
« on: November 07, 2021, 06:54:11 pm »Hi,
Did you check the configuration of the '/etc/resolv.conf'? Or perhaps is something about Bind cache.
Could you explain which actions you do when you said 'i create a dns host overide to resolve erp.mydomain.com to 192.168.0.160'?
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever"
Thanks for the reply, the action i create was on pfsense created a DNS overide, because on zentyal the DNS forwarder is pointing to pfSense,
39
Directory and Authentication / Issue with Bind?
« on: October 29, 2021, 11:19:25 pm »
Hi
I was wondering if someone else has had this issue before,
Currently i have DNS forwarder to my firewall and on the firewall i create a dns host overide to resolve erp.mydomain.com to 192.168.0.160.
then on zentyal i restart bind9 and starts working fine, but around few hours it starts resolving by the WAN ip instead of the LAN IP so i have to restart bind9 every time
any ideas how to make it stick?
Thank you
I was wondering if someone else has had this issue before,
Currently i have DNS forwarder to my firewall and on the firewall i create a dns host overide to resolve erp.mydomain.com to 192.168.0.160.
then on zentyal i restart bind9 and starts working fine, but around few hours it starts resolving by the WAN ip instead of the LAN IP so i have to restart bind9 every time
any ideas how to make it stick?
Thank you
40
Directory and Authentication / Quick question about GPO on ubuntu
« on: May 26, 2021, 09:22:31 pm »
Hi,
i was wondering if its possible connecting a normal ubuntu desktop to the domain and apply GPO passwords policy? or does it only apply for windows?
Thank you
i was wondering if its possible connecting a normal ubuntu desktop to the domain and apply GPO passwords policy? or does it only apply for windows?
Thank you
41
Directory and Authentication / bitlocker question
« on: May 11, 2021, 12:55:18 am »
Hi
I was wondering if bitlocker recovery keys can be saved though GPO?
I was looking but could not find
Thank you
I was wondering if bitlocker recovery keys can be saved though GPO?
I was looking but could not find
Thank you
42
Installation and Upgrades / DHCP server options?
« on: February 02, 2021, 11:59:14 pm »
Hi i was wondering if someone else knows how to add option 252 for the DHCP options? I used to be able to do this on the DHCP server options on windows server but not sure how its does on zentyal
Thank you
Thank you
43
Directory and Authentication / Re: issue not resolving?
« on: December 26, 2020, 04:48:04 am »
solved it: it was apparmor
do the following it should work
and reconnect your devices should see the logs correctly
do the following it should work
Code: [Select]
ln -s /etc/apparmor.d/usr.sbin.dhcpd /etc/apparmor.d/disable/
apparmor_parser -R /etc/apparmor.d/usr.sbin.dhcpd
and reconnect your devices should see the logs correctly
44
Directory and Authentication / Re: issue not resolving?
« on: December 26, 2020, 04:25:18 am »
i think the issue is this part
but on the dhcp config shows correctly
and i think the permissions are correct
Code: [Select]
Dec 25 22:19:48 apolo dhcpd[1853]: execute: /usr/share/zentyal-dhcp/dhcp-dyndns.sh exit status 32512
but on the dhcp config shows correctly
Code: [Select]
on release {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = concat (
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2)
);
log(concat("Release: IP: ", ClientIP));
execute("/usr/share/zentyal-dhcp/dhcp-dyndns.sh", "delete", ClientIP, ClientDHCID);
}
and i think the permissions are correct
Code: [Select]
root@apolo:~# ls -l -h /usr/share/zentyal-dhcp/dhcp-dyndns.sh
-rwxr-xr-x 1 root root 4.4K Oct 5 05:05 /usr/share/zentyal-dhcp/dhcp-dyndns.sh
45
Directory and Authentication / Re: issue not resolving?
« on: December 26, 2020, 04:11:47 am »
thanks for the reply,
Code: [Select]
root@apolo:~# cat /etc/dhcp/dhcpd.conf
# DHCP server is authoritative for all networks
authoritative;
# extra options
# RFC3442 routes
option rfc3442-classless-static-routes code 121 = array of inxxxer 8;
# MS routes
option ms-classless-static-routes code 249 = array of inxxxer 8;
# Cisco IP phones
option voip-tftp-servers code 150 = array of ip-address;
option shoretel-director-server code 155 = ip-address;
pid-file-name "/var/run/dhcp-server/dhcpd.pid";
ddns-update-style none;
ddns-updates on;
update-static-leases on;
option domain-name-servers 127.0.0.1;
allow booting;
allow bootp;
default-lease-time 1800;
max-lease-time 7200;
include "/etc/dhcp/ddns-keys/keys";
shared-network eth0 {
subnet 192.168.100.0 netmask 255.255.255.0 {
option routers 192.168.100.1;
option domain-name "xxx.local";
option domain-name-servers 192.168.100.200;
option ntp-servers 192.168.100.200;
option netbios-name-servers 192.168.100.200;
option netbios-node-type 8;
default-lease-time 1800;
max-lease-time 7200;
option host-name = config-option server.ddns-hostname;
ddns-hostname = pick-first-value( option fqdn.hostname,
option host-name,
concat("dhcp-", binary-to-ascii(10, 8, "-", leased-address)));
ddns-domainname "xxx.local.";
zone xxx.local. {
primary 127.0.0.1;
key xxx.local;
}
zone 100.168.192.in-addr.arpa. {
primary 127.0.0.1;
key xxx.local;
}
pool {
next-server 192.168.100.200;
range 192.168.100.10 192.168.100.100;
}
}
on commit {
set noname = concat("dhcp-", binary-to-ascii(10, 8, "-", leased-address));
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = concat (
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2)
);
set ClientName = pick-first-value(option host-name, config-option-host-name, client-name, noname);
log(concat("Commit: IP: ", ClientIP, " DHCID: ", ClientDHCID, " Name: ", ClientName));
execute("/usr/share/zentyal-dhcp/dhcp-dyndns.sh", "add", ClientIP, ClientDHCID, ClientName);
}
on release {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = concat (
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2)
);
log(concat("Release: IP: ", ClientIP));
execute("/usr/share/zentyal-dhcp/dhcp-dyndns.sh", "delete", ClientIP, ClientDHCID);
}
on expiry {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
# cannot get a ClientMac here, apparently this only works when actually receiving a packet
log(concat("Expired: IP: ", ClientIP));
# cannot get a ClientName here, for some reason that always fails
execute("/usr/share/zentyal-dhcp/dhcp-dyndns.sh", "delete", ClientIP, "", "0");
}
group {
option routers 192.168.100.1;
option domain-name "xxx.local";
option domain-name-servers 192.168.100.200;
option ntp-servers 192.168.100.200;
option netbios-name-servers 192.168.100.200;
option netbios-node-type 8;
default-lease-time 1800;
max-lease-time 7200;
option host-name = config-option server.ddns-hostname;
ddns-hostname = pick-first-value ( host-decl-name,
option fqdn.hostname,
concat("static-", binary-to-ascii(10, 8, "-", leased-address)));
ddns-domainname "xxx.local.";
zone xxx.local. {
primary 127.0.0.1;
key xxx.local;
}
zone 100.168.192.in-addr.arpa. {
primary 127.0.0.1;
key xxx.local;
}
}
}
# Add option 150 (0x96) and 155 (0x9b)
if exists dhcp-parameter-request-list {
option dhcp-parameter-request-list=concat(option dhcp-parameter-request-list,96,9b);
}
Code: [Select]
root@apolo:~# cat /etc/samba/smb.conf
[global]
workgroup = xxx
realm = XXX.LOCAL
netbios name = apolo
server string = Zentyal Server
server role = dc
server role check:inhibit = yes
server services = -dns
server signing = auto
dsdb:schema update allowed = yes
ldap server require strong auth = no
drs:max object sync = 1200
idmap_ldb:use rfc2307 = yes
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
template homedir = /home/%U
rpc server dynamic port range = 49152-65535
interfaces = lo,eth0
bind interfaces only = yes
map to guest = Bad User
log level = 3
log file = /var/log/samba/samba.log
max log size = 100000
include = /etc/samba/shares.conf
[netlogon]
path = /var/lib/samba/sysvol/xx.local/scripts
browseable = no
read only = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = no
Code: [Select]
root@apolo:~# cat /etc/bind/named.conf.local
// Generated by Zentyal
acl "trusted" {
localhost;
localnets;
};
acl "internal-local-nets" {
192.168.100.0/24;
};
dlz "AD DNS Zone" {
database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
};
zone "100.168.192.in-addr.arpa" {
type master;
file "/var/lib/bind/db.100.168.192";
update-policy {
// The only allowed dynamic updates are PTR records
grant xxx.local. subdomain 100.168.192.in-addr.arpa. PTR TXT;
// Grant from localhost
grant local-ddns zonesub any;
};
};
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "16.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "17.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "18.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "19.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "20.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "21.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "22.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "23.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "24.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "25.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "26.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "27.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "28.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "29.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "30.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "31.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};