Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - turalyon

Pages: [1] 2 3 ... 6
1
Other modules / Re: Problems saving network data
« on: May 19, 2022, 03:47:50 pm »
Hi,

If I were you, I would disable the Antivirus and Mailfilter modules temporarily so the log files (syslog and zentyal.log) could be easier to read while debugging the issue.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

2
Hi Faisal,

The password policies are managed by Samba itself through the command: 'samba-tool domain passwordsettings'. For this particular case, you cannot use a GPO. Below you have the link that explains how to configure those password policies.

* https://wiki.samba.org/index.php/Password_Settings_Objects

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

3
Hi Faisal,

The things I would do are:

1. Create a shell script that formats the output as I wish.
2. Create a cron job that runs the script each hour and sends (redirects) the results to a log file in the directory '/var/log/'.

Hope it helps.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

4
Other modules / Re: Problems saving network data
« on: May 18, 2022, 11:21:35 am »
Hi,

Well, basically Apparmor is blocking the script that manages the DDNS feature. So, as the link explains, you have 2 alternatives:

1. Disable apparmor.
2. Tune the dhcpd profile of Apparmor.

Once you have applied one of those 2 solutions, I recommend you enable the debug in the script, so you can analyze each step until you confirm that it worked correctly. To do this, just add 'set -x' in the second line of the script located at '/usr/share/zentyal-dhcp/dhcp-dyndns.sh'.

Once you did all the above, try again to get a DHCP IP from a computer while you monitor the log file '/var/log/syslog'.

Code: [Select]
sudo tail -f /var/log/syslog

I hope it helps you.

5
Hi,

Unfortunately, you cannot use roaming profile feature in a Zentyal server that was configured as an additional domain controller. Below are a few things you can try:

1. Retrieve the information of one domain user who uses the roaming profile.

Code: [Select]
ldbsearch -H /var/lib/samba/private.sam sAMAccountName=some_user_name

2. After you get that information, you will see an attribute that points to the 'old' server.

3. Through an LDIF file, change the value of that attribute for your current Zentyal. Below is an example:

Code: [Select]
## LDIF content
dn: CN=Gabriel Batistuta,CN=Users,DC=lab,DC=lan
changetype: modify
replace: profilePath
profilePath: \\additional.LAB.LAN\profiles\gabriel

## Command to apply the LDIF
ldbmodify -H /var/lib/samba/private/sam.ldb roaming-profile.ldif

NOTE: I didn't use this method for a while, so try it in a test environment.

4. Copy the domain user personal roaming folder to the other Zentyal server.

NOTE: Be careful with the permissions and the directory structure. It must the same on both servers.

5. Try to login with that domain user and check if it worked.

Hope it helps.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

6
Hi,

You can get that information from the log file '/var/log/samba/samba.log'. So, the best approach is to create a shell script that search, parse and display the information as you want.

Below you have two commands that you can try to retrieve the information you are looking for:

Code: [Select]
## Login
grep -B 1 'connect to service netlogon' /var/log/samba/samba.log

## Logout
grep -B 1  -P 'closed connection to service (?!.*IPC|netlogon)' /var/log/samba/samba.log

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

7
Other modules / Re: Problems saving network data
« on: April 25, 2022, 04:56:13 pm »
I have now checked the syslog, there I found the following errors:

Apr 24 10:00:45 srvdc01 systemd[11870]: zentyal.antivirus-clamonacc.service: Failed to execute command: No such file or directory
Apr 24 10:00:45 srvdc01 systemd[11870]: zentyal.antivirus-clamonacc.service: Failed at step EXEC spawning /usr/bin/clamonacc: No such file or directory
Apr 24 10:00:45 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Main process exited, code=exited, status=203/EXEC
Apr 24 10:00:45 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Failed with result 'exit-code'.
Apr 24 10:00:50 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Service hold-off time over, scheduling restart.
Apr 24 10:00:50 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Scheduled restart job, restart counter is at 47.
Apr 24 10:00:50 srvdc01 systemd[1]: Stopped Executable for On-Access scans.
Apr 24 10:00:50 srvdc01 systemd[1]: Started Executable for On-Access scans.
Apr 24 10:00:50 srvdc01 systemd[11926]: zentyal.antivirus-clamonacc.service: Failed to execute command: No such file or directory
Apr 24 10:00:50 srvdc01 systemd[11926]: zentyal.antivirus-clamonacc.service: Failed at step EXEC spawning /usr/bin/clamonacc: No such file or directory
Apr 24 10:00:50 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Main process exited, code=exited, status=203/EXEC
Apr 24 10:00:50 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Failed with result 'exit-code'.
Apr 24 10:00:53 srvdc01 dhcpd[5585]: Commit: IP: 192.168.1.20 DHCID: 48:e1:e9:71:21:1d Name: Meross_Smart_Plug
Apr 24 10:00:53 srvdc01 kernel: [  612.267609] audit: type=1400 audit(1650787253.510:24): apparmor="DENIED" operation="exec" profile="/usr/sbin/dhcpd" name="/usr/share/zentyal-dhcp/dhcp-dyndns.sh" pid=11955 comm="dhcpd" requested_mask="x" denied_mask="x" fsuid=118 ouid=0
Apr 24 10:00:53 srvdc01 dhcpd[5585]: execute_statement argv[0] = /usr/share/zentyal-dhcp/dhcp-dyndns.sh
Apr 24 10:00:53 srvdc01 dhcpd[5585]: execute_statement argv[1] = add
Apr 24 10:00:53 srvdc01 dhcpd[5585]: execute_statement argv[2] = 192.168.1.20
Apr 24 10:00:53 srvdc01 dhcpd[5585]: execute_statement argv[3] = 48:e1:e9:71:21:1d
Apr 24 10:00:53 srvdc01 dhcpd[5585]: execute_statement argv[4] = Meross_Smart_Plug
Apr 24 10:00:53 srvdc01 dhcpd[11955]: Unable to execute /usr/share/zentyal-dhcp/dhcp-dyndns.sh: Permission denied
Apr 24 10:00:53 srvdc01 dhcpd[5585]: execute: /usr/share/zentyal-dhcp/dhcp-dyndns.sh exit status 32512
Apr 24 10:00:53 srvdc01 dhcpd[5585]: DHCPREQUEST for 192.168.1.20 from 48:e1:e9:71:21:1d (Meross_Smart_Plug) via eth0
Apr 24 10:00:53 srvdc01 dhcpd[5585]: DHCPACK on 192.168.1.20 to 48:e1:e9:71:21:1d (Meross_Smart_Plug) via eth0
Apr 24 10:00:55 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Service hold-off time over, scheduling restart.
Apr 24 10:00:55 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Scheduled restart job, restart counter is at 48.
Apr 24 10:00:55 srvdc01 systemd[1]: Stopped Executable for On-Access scans.
Apr 24 10:00:55 srvdc01 systemd[1]: Started Executable for On-Access scans.
Apr 24 10:00:55 srvdc01 systemd[12088]: zentyal.antivirus-clamonacc.service: Failed to execute command: No such file or directory
Apr 24 10:00:55 srvdc01 systemd[12088]: zentyal.antivirus-clamonacc.service: Failed at step EXEC spawning /usr/bin/clamonacc: No such file or directory
Apr 24 10:00:55 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Main process exited, code=exited, status=203/EXEC
Apr 24 10:00:55 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Failed with result 'exit-code'.
Apr 24 10:00:56 srvdc01 systemd[1]: Started Session c3 of user ejabberd.
Apr 24 10:00:57 srvdc01 dhcpd[5585]: Commit: IP: 192.168.1.40 DHCID: 48:e1:e9:71:0e:cf Name: Meross_Smart_Plug
Apr 24 10:00:57 srvdc01 dhcpd[5585]: execute_statement argv[0] = /usr/share/zentyal-dhcp/dhcp-dyndns.sh
Apr 24 10:00:57 srvdc01 dhcpd[5585]: execute_statement argv[1] = add
Apr 24 10:00:57 srvdc01 dhcpd[5585]: execute_statement argv[2] = 192.168.1.40
Apr 24 10:00:57 srvdc01 dhcpd[5585]: execute_statement argv[3] = 48:e1:e9:71:0e:cf
Apr 24 10:00:57 srvdc01 dhcpd[5585]: execute_statement argv[4] = Meross_Smart_Plug
Apr 24 10:00:57 srvdc01 dhcpd[12272]: Unable to execute /usr/share/zentyal-dhcp/dhcp-dyndns.sh: Permission denied
Apr 24 10:00:57 srvdc01 dhcpd[5585]: execute: /usr/share/zentyal-dhcp/dhcp-dyndns.sh exit status 32512
Apr 24 10:00:57 srvdc01 kernel: [  616.354148] audit: type=1400 audit(1650787257.598:25): apparmor="DENIED" operation="exec" profile="/usr/sbin/dhcpd" name="/usr/share/zentyal-dhcp/dhcp-dyndns.sh" pid=12272 comm="dhcpd" requested_mask="x" denied_mask="x" fsuid=118 ouid=0
Apr 24 10:00:57 srvdc01 dhcpd[5585]: DHCPREQUEST for 192.168.1.40 from 48:e1:e9:71:0e:cf (Meross_Smart_Plug) via eth0
Apr 24 10:00:57 srvdc01 dhcpd[5585]: DHCPACK on 192.168.1.40 to 48:e1:e9:71:0e:cf (Meross_Smart_Plug) via eth0

regarding DHCP I have executed the following command:
/usr/share/zentyal-dhcp/dhcp-dyndns.sh

Message:
Required keytab /etc/dhcp/samba-keys/dhcpduser.keytab not found, it needs to be created.
Use the following commands as root
samba-tool domain exportkeytab --principal=dhcpduser@ZENTYAL-DOMAIN.LAN /etc/dhcp/samba-keys/dhcpduser.keytab
chown XXXX:XXXX /etc/dhcp/samba-keys/dhcpduser.keytab
Replace 'XXXX:XXXX' with the user & group that dhcpd runs as on your distro
chmod 400 /etc/dhcp/samba-keys/dhcpduser.keytab

Executed the following command:
sudo samba-tool domain exportkeytab --principal=dhcpduser@ZENTYAL-DOMAIN.LAN /etc/dhcp/samba-keys/dhcpduser.keytab
sudo chown root:dhcpd /etc/dhcp/samba-keys/dhcpduser.keytab

But unfortunately the problem remains

Hi,

Well, you're facing 2 bugs:

1. With the antivirus module:

Code: [Select]
/usr/bin/clamonacc: No such file or directory

The binary 'clamonacc' has changed. Now I thing is '/usr/sbin/' instead of '/usr/bin/'. You need to change the daemon located at '/lib/systemd/system/zentyal.antivirus-clamonacc.service'. Remember to reload the Systemd configuration before restart the antivirus module.

Code: [Select]
sudo systemctl daemon-reload
sudo zs antivirus restart

2. Apparmor is blocking the usage of DDNS script.

Code: [Select]
Apr 24 10:00:57 srvdc01 kernel: [  616.354148] audit: type=1400 audit(1650787257.598:25): apparmor="DENIED" operation="exec" profile="/usr/sbin/dhcpd" name="/usr/share/zentyal-dhcp/dhcp-dyndns.sh" pid=12272 comm="dhcpd" requested_mask="x" denied_mask="x" fsuid=118 ouid=0

The link with the fix below:

* https://github.com/zentyal/zentyal/issues/1930

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

8
i keep seeing logs saying dhcp-dns failed 02
PM if someone want to fix this and will get payed

Did you consider to contact with Zentyal and buy a ticket? Perhaps the official support can help you.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

9
Installation and Upgrades / Re: Migration From Linux LDAP NT4 PDC?
« on: April 22, 2022, 10:33:57 am »
Hi,

You can export the domain groups and users and perhaps, their passwords too, however, the computers cannot be migrated. You will need to unjoin and join them again to the new domain controller.

Zentyal has two scripts that allow to import domain users and group from a csv files. Below you have more information about it.

* https://doc.zentyal.org/en/directory.html#importing-and-exporting-users-and-groups

To create those csv files from your current Samba, you could create a shell script that uses ldapsearch/ldbsearch command to retrieve the required information.

Hope it helps you.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

10
Hi
Anyone else has gotten this?
going insanse trying to fix this issue

Code: [Select]
r 19 18:35:46 zentyal named[14741]: samba_dlz: cancelling transaction on zone test.local
Apr 19 18:35:49 zentyal dhcpd[3779]: DHCPREQUEST for 192.168.0.21 from 54:ee:75:98:1f:c1 via eth0: unknown lease 192.168.0.21.
Apr 19 18:35:49 zentyal named[14741]: samba_dlz: starting transaction on zone test.local
Apr 19 18:35:49 zentyal named[14741]: client @0x7f0c3c11da90 192.168.0.22#53411: update 'test.local/IN' denied
Apr 19 18:35:49 zentyal named[14741]: samba_dlz: cancelling transaction on zone test.local
Apr 19 18:35:49 zentyal named[14741]: samba_dlz: starting transaction on zone test.local
Apr 19 18:35:49 zentyal named[14741]: samba_dlz: disallowing update of signer=WINDOWS10-PC\$\@TEST.LOCAL name=windows10-pc.test.local type=AAAA error=insufficient access rights
Apr 19 18:35:49 zentyal named[14741]: client @0x7f0c3c11da90 192.168.0.22#61540/key WINDOWS10-PC\$\@TEST.LOCAL: updating zone 'test.local/NONE': update failed: rejected by secure update (REFUSED)
Apr 19 18:35:49 zentyal named[14741]: samba_dlz: cancelling transaction on zone test.local
Apr 19 18:36:40 zentyal named[14741]: resolver priming query complete
Apr 19 18:36:49 zentyal dhcpd[3779]: DHCPREQUEST for 192.168.0.21 from 54:ee:75:98:1f:c1 via eth0: unknown lease 192.168.0.21.
Apr 19 18:37:50 zentyal dhcpd[3779]: DHCPREQUEST for 192.168.0.21 from 54:ee:75:98:1f:c1 via eth0: unknown lease 192.168.0.21.
Apr 19 18:38:46 zentyal samba[1864]: [2022/04/19 18:38:46.438481,  0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Apr 19 18:38:46 zentyal samba[1864]:   /usr/sbin/samba_kcc: ldb_wrap open of secrets.ldb
Apr 19 18:38:50 zentyal dhcpd[3779]: DHCPREQUEST for 192.168.0.21 from 54:ee:75:98:1f:c1 via eth0: unknown lease 192.168.0.21.
Apr 19 18:39:50 zentyal dhcpd[3779]: DHCPREQUEST for 192.168.0.21 from 54:ee:75:98:1f:c1 via eth0: unknown lease 192.168.0.21.
Apr 19 18:40:49 zentyal named[14741]: samba_dlz: starting transaction on zone test.local
Apr 19 18:40:49 zentyal named[14741]: client @0x7f0c3c100b70 192.168.0.22#65076: update 'test.local/IN' denied
Apr 19 18:40:49 zentyal named[14741]: samba_dlz: cancelling transaction on zone test.local
Apr 19 18:40:49 zentyal named[14741]: samba_dlz: starting transaction on zone test.local
Apr 19 18:40:49 zentyal named[14741]: samba_dlz: disallowing update of signer=WINDOWS10-PC\$\@TEST.LOCAL name=windows10-pc.test.local type=AAAA error=insufficient access rights
Apr 19 18:40:49 zentyal named[14741]: client @0x7f0c3c100b70 192.168.0.22#53010/key WINDOWS10-PC\$\@TEST.LOCAL: updating zone 'test.local/NONE': update failed: rejected by secure update (REFUSED)

Hi,

Those messages are normal either if you don't have enabled the feature DDNS or your Windows machines use the DNS option 'Register this connections addresses in DNS'.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

11
Spanish / Re: no eliminar interfaz bridge
« on: April 20, 2022, 10:03:42 am »
Buenos días,

Puedes resetear un módulo usando el script '/usr/share/zentyal/clean-conf' . En tu caso sería:

Code: [Select]
sudo /usr/share/zentyal/clean-conf network

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

12
Other modules / Re: Problems saving network data
« on: April 20, 2022, 10:00:46 am »
Hi,

Unfortunately that information is not helpful. Did you analyse the log file '/var/log/syslog'?

If you can't find anything useful in the log files, you will need to disable all of them, and start enable one by one.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

13
Other modules / Re: Problems saving network data
« on: April 11, 2022, 01:32:50 pm »
Hi,

You can do 2 things:

1. Enable the debug mode in Zentyal in order to identify the network error in the log file '/var/log/zentyal/zentyal.log'.
2. Disable all the modules, and enable one by one. NOTE: This option is risky because there is a chance that the modules cannot start again due the error.

In case you want to try the first option, do the following:

1. Modify the option 'debug' to 'yes' in the configuration file '/etc/zentyal/zentyal.conf'
2. Restart the webadmin module:

Code: [Select]
sudo zs webadmin restart

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

14
Other modules / Re: DNS error when changing/adding or restarting
« on: April 07, 2022, 04:16:01 pm »
Hi,

I got that error a few months ago and I was able to fix it by doing the following:

1. I disabled the modules: Domain controller and DNS and save changes.
2. I did a mark in the log files: /var/log/zentyal/zentyal.log and /var/log/syslog.
3. I enabled the DNS module and checked its status, including the mentioned log files.
4. Then, I enabled the domain controller module and again, I checked its status and the log files.
5. Finally, I tried to restart the DNS module just to see if the module still failed.

Hope it helps.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

15
Other modules / Re: IDS/IPS doesnt work
« on: March 28, 2022, 11:20:43 am »
Hi,

IDS module has a bug, it might be the reason of your error. Below you have the link to the report.

* https://github.com/zentyal/zentyal/issues/2037

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

Pages: [1] 2 3 ... 6