Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - turalyon

Pages: [1] 2 3 ... 6
1
Spanish / Re: Permisos en recurso compartido
« on: May 26, 2022, 10:27:38 am »
Hola,

Si he entendido bien, tienes un recurso compartido llamado 'DATOS', y dentro de él, has copiado el contenido que tienes en un disco duro secundario, cuyo origen de datos es otro servidor Linux. Y el problema radica que al tratar de acceder a la información de este recurso compartido desde un Windows te está dando problemas de acceso. ¿Es correcto?

Suponiendo que lo haya entendido bien, probablemente la incidencia sea causada por la falta de algún permiso esencial que se requiere y que los datos del recurso compartido carecen. Para que puedas identificar los permisos que establece Zentyal en sus recursos compartidos y puedas compararlos, te recomendaría que hicieras lo siguiente:

1. Crea otro recurso compartido temporal y establece unos permisos sencillos como RO para un usuario y RWX para un grupo.
2. Desde el mismo Windows que tiene problemas de acceso al recurso de 'DATOS'.
3. Crea un archivo en el recurso temporal para confirmar su funcionamiento.
4. En el servidor Zentyal, revisa los permisos (ACLs) que tiene tanto el directorio 'padre' como el contenido dentro de él.
Code: [Select]
sudo getfacl /home/samba/shares/nombre-del-recurso-temporal
sudo getfacl -R /home/samba/shares/nombre-del-recurso-temporal
5. Revisa los permisos (ACLs) del recurso compartido 'DATOS'.
Code: [Select]
sudo getfacl /home/samba/shares/DATOS
sudo getfacl -R /home/samba/shares/DATOS
6. Compara los permisos de ambos recursos.

Espero que te sea de ayuda.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

2
Other modules / Re: Problems saving network data
« on: May 23, 2022, 10:53:13 am »
I didn't see that error before. Perhaps it is time to contact sales so they can inform you about getting a support ticket.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

3
Hi,

I don't know a simpler method than the above.

My recommendation is:

1. Mark a mark in the log file '/var/log/samba/samba.log'
2. Log in and log out of a domain computer with a domain user.
3. Make another mark in the log file.
4. Analyze the records from the marks.
5. 'Create' the command that retrieves the records in the format you like (you can use the commands: 'grep', 'cut', 'awk').

I hope it helps.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

4
Other modules / Re: Problems saving network data
« on: May 19, 2022, 03:47:50 pm »
Hi,

If I were you, I would disable the Antivirus and Mailfilter modules temporarily so the log files (syslog and zentyal.log) could be easier to read while debugging the issue.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

5
Hi Faisal,

The password policies are managed by Samba itself through the command: 'samba-tool domain passwordsettings'. For this particular case, you cannot use a GPO. Below you have the link that explains how to configure those password policies.

* https://wiki.samba.org/index.php/Password_Settings_Objects

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

6
Hi Faisal,

The things I would do are:

1. Create a shell script that formats the output as I wish.
2. Create a cron job that runs the script each hour and sends (redirects) the results to a log file in the directory '/var/log/'.

Hope it helps.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

7
Other modules / Re: Problems saving network data
« on: May 18, 2022, 11:21:35 am »
Hi,

Well, basically Apparmor is blocking the script that manages the DDNS feature. So, as the link explains, you have 2 alternatives:

1. Disable apparmor.
2. Tune the dhcpd profile of Apparmor.

Once you have applied one of those 2 solutions, I recommend you enable the debug in the script, so you can analyze each step until you confirm that it worked correctly. To do this, just add 'set -x' in the second line of the script located at '/usr/share/zentyal-dhcp/dhcp-dyndns.sh'.

Once you did all the above, try again to get a DHCP IP from a computer while you monitor the log file '/var/log/syslog'.

Code: [Select]
sudo tail -f /var/log/syslog

I hope it helps you.

8
Hi,

Unfortunately, you cannot use roaming profile feature in a Zentyal server that was configured as an additional domain controller. Below are a few things you can try:

1. Retrieve the information of one domain user who uses the roaming profile.

Code: [Select]
ldbsearch -H /var/lib/samba/private.sam sAMAccountName=some_user_name

2. After you get that information, you will see an attribute that points to the 'old' server.

3. Through an LDIF file, change the value of that attribute for your current Zentyal. Below is an example:

Code: [Select]
## LDIF content
dn: CN=Gabriel Batistuta,CN=Users,DC=lab,DC=lan
changetype: modify
replace: profilePath
profilePath: \\additional.LAB.LAN\profiles\gabriel

## Command to apply the LDIF
ldbmodify -H /var/lib/samba/private/sam.ldb roaming-profile.ldif

NOTE: I didn't use this method for a while, so try it in a test environment.

4. Copy the domain user personal roaming folder to the other Zentyal server.

NOTE: Be careful with the permissions and the directory structure. It must the same on both servers.

5. Try to login with that domain user and check if it worked.

Hope it helps.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

9
Hi,

You can get that information from the log file '/var/log/samba/samba.log'. So, the best approach is to create a shell script that search, parse and display the information as you want.

Below you have two commands that you can try to retrieve the information you are looking for:

Code: [Select]
## Login
grep -B 1 'connect to service netlogon' /var/log/samba/samba.log

## Logout
grep -B 1  -P 'closed connection to service (?!.*IPC|netlogon)' /var/log/samba/samba.log

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

10
Other modules / Re: Problems saving network data
« on: April 25, 2022, 04:56:13 pm »
I have now checked the syslog, there I found the following errors:

Apr 24 10:00:45 srvdc01 systemd[11870]: zentyal.antivirus-clamonacc.service: Failed to execute command: No such file or directory
Apr 24 10:00:45 srvdc01 systemd[11870]: zentyal.antivirus-clamonacc.service: Failed at step EXEC spawning /usr/bin/clamonacc: No such file or directory
Apr 24 10:00:45 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Main process exited, code=exited, status=203/EXEC
Apr 24 10:00:45 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Failed with result 'exit-code'.
Apr 24 10:00:50 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Service hold-off time over, scheduling restart.
Apr 24 10:00:50 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Scheduled restart job, restart counter is at 47.
Apr 24 10:00:50 srvdc01 systemd[1]: Stopped Executable for On-Access scans.
Apr 24 10:00:50 srvdc01 systemd[1]: Started Executable for On-Access scans.
Apr 24 10:00:50 srvdc01 systemd[11926]: zentyal.antivirus-clamonacc.service: Failed to execute command: No such file or directory
Apr 24 10:00:50 srvdc01 systemd[11926]: zentyal.antivirus-clamonacc.service: Failed at step EXEC spawning /usr/bin/clamonacc: No such file or directory
Apr 24 10:00:50 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Main process exited, code=exited, status=203/EXEC
Apr 24 10:00:50 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Failed with result 'exit-code'.
Apr 24 10:00:53 srvdc01 dhcpd[5585]: Commit: IP: 192.168.1.20 DHCID: 48:e1:e9:71:21:1d Name: Meross_Smart_Plug
Apr 24 10:00:53 srvdc01 kernel: [  612.267609] audit: type=1400 audit(1650787253.510:24): apparmor="DENIED" operation="exec" profile="/usr/sbin/dhcpd" name="/usr/share/zentyal-dhcp/dhcp-dyndns.sh" pid=11955 comm="dhcpd" requested_mask="x" denied_mask="x" fsuid=118 ouid=0
Apr 24 10:00:53 srvdc01 dhcpd[5585]: execute_statement argv[0] = /usr/share/zentyal-dhcp/dhcp-dyndns.sh
Apr 24 10:00:53 srvdc01 dhcpd[5585]: execute_statement argv[1] = add
Apr 24 10:00:53 srvdc01 dhcpd[5585]: execute_statement argv[2] = 192.168.1.20
Apr 24 10:00:53 srvdc01 dhcpd[5585]: execute_statement argv[3] = 48:e1:e9:71:21:1d
Apr 24 10:00:53 srvdc01 dhcpd[5585]: execute_statement argv[4] = Meross_Smart_Plug
Apr 24 10:00:53 srvdc01 dhcpd[11955]: Unable to execute /usr/share/zentyal-dhcp/dhcp-dyndns.sh: Permission denied
Apr 24 10:00:53 srvdc01 dhcpd[5585]: execute: /usr/share/zentyal-dhcp/dhcp-dyndns.sh exit status 32512
Apr 24 10:00:53 srvdc01 dhcpd[5585]: DHCPREQUEST for 192.168.1.20 from 48:e1:e9:71:21:1d (Meross_Smart_Plug) via eth0
Apr 24 10:00:53 srvdc01 dhcpd[5585]: DHCPACK on 192.168.1.20 to 48:e1:e9:71:21:1d (Meross_Smart_Plug) via eth0
Apr 24 10:00:55 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Service hold-off time over, scheduling restart.
Apr 24 10:00:55 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Scheduled restart job, restart counter is at 48.
Apr 24 10:00:55 srvdc01 systemd[1]: Stopped Executable for On-Access scans.
Apr 24 10:00:55 srvdc01 systemd[1]: Started Executable for On-Access scans.
Apr 24 10:00:55 srvdc01 systemd[12088]: zentyal.antivirus-clamonacc.service: Failed to execute command: No such file or directory
Apr 24 10:00:55 srvdc01 systemd[12088]: zentyal.antivirus-clamonacc.service: Failed at step EXEC spawning /usr/bin/clamonacc: No such file or directory
Apr 24 10:00:55 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Main process exited, code=exited, status=203/EXEC
Apr 24 10:00:55 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Failed with result 'exit-code'.
Apr 24 10:00:56 srvdc01 systemd[1]: Started Session c3 of user ejabberd.
Apr 24 10:00:57 srvdc01 dhcpd[5585]: Commit: IP: 192.168.1.40 DHCID: 48:e1:e9:71:0e:cf Name: Meross_Smart_Plug
Apr 24 10:00:57 srvdc01 dhcpd[5585]: execute_statement argv[0] = /usr/share/zentyal-dhcp/dhcp-dyndns.sh
Apr 24 10:00:57 srvdc01 dhcpd[5585]: execute_statement argv[1] = add
Apr 24 10:00:57 srvdc01 dhcpd[5585]: execute_statement argv[2] = 192.168.1.40
Apr 24 10:00:57 srvdc01 dhcpd[5585]: execute_statement argv[3] = 48:e1:e9:71:0e:cf
Apr 24 10:00:57 srvdc01 dhcpd[5585]: execute_statement argv[4] = Meross_Smart_Plug
Apr 24 10:00:57 srvdc01 dhcpd[12272]: Unable to execute /usr/share/zentyal-dhcp/dhcp-dyndns.sh: Permission denied
Apr 24 10:00:57 srvdc01 dhcpd[5585]: execute: /usr/share/zentyal-dhcp/dhcp-dyndns.sh exit status 32512
Apr 24 10:00:57 srvdc01 kernel: [  616.354148] audit: type=1400 audit(1650787257.598:25): apparmor="DENIED" operation="exec" profile="/usr/sbin/dhcpd" name="/usr/share/zentyal-dhcp/dhcp-dyndns.sh" pid=12272 comm="dhcpd" requested_mask="x" denied_mask="x" fsuid=118 ouid=0
Apr 24 10:00:57 srvdc01 dhcpd[5585]: DHCPREQUEST for 192.168.1.40 from 48:e1:e9:71:0e:cf (Meross_Smart_Plug) via eth0
Apr 24 10:00:57 srvdc01 dhcpd[5585]: DHCPACK on 192.168.1.40 to 48:e1:e9:71:0e:cf (Meross_Smart_Plug) via eth0

regarding DHCP I have executed the following command:
/usr/share/zentyal-dhcp/dhcp-dyndns.sh

Message:
Required keytab /etc/dhcp/samba-keys/dhcpduser.keytab not found, it needs to be created.
Use the following commands as root
samba-tool domain exportkeytab --principal=dhcpduser@ZENTYAL-DOMAIN.LAN /etc/dhcp/samba-keys/dhcpduser.keytab
chown XXXX:XXXX /etc/dhcp/samba-keys/dhcpduser.keytab
Replace 'XXXX:XXXX' with the user & group that dhcpd runs as on your distro
chmod 400 /etc/dhcp/samba-keys/dhcpduser.keytab

Executed the following command:
sudo samba-tool domain exportkeytab --principal=dhcpduser@ZENTYAL-DOMAIN.LAN /etc/dhcp/samba-keys/dhcpduser.keytab
sudo chown root:dhcpd /etc/dhcp/samba-keys/dhcpduser.keytab

But unfortunately the problem remains

Hi,

Well, you're facing 2 bugs:

1. With the antivirus module:

Code: [Select]
/usr/bin/clamonacc: No such file or directory

The binary 'clamonacc' has changed. Now I thing is '/usr/sbin/' instead of '/usr/bin/'. You need to change the daemon located at '/lib/systemd/system/zentyal.antivirus-clamonacc.service'. Remember to reload the Systemd configuration before restart the antivirus module.

Code: [Select]
sudo systemctl daemon-reload
sudo zs antivirus restart

2. Apparmor is blocking the usage of DDNS script.

Code: [Select]
Apr 24 10:00:57 srvdc01 kernel: [  616.354148] audit: type=1400 audit(1650787257.598:25): apparmor="DENIED" operation="exec" profile="/usr/sbin/dhcpd" name="/usr/share/zentyal-dhcp/dhcp-dyndns.sh" pid=12272 comm="dhcpd" requested_mask="x" denied_mask="x" fsuid=118 ouid=0

The link with the fix below:

* https://github.com/zentyal/zentyal/issues/1930

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

11
i keep seeing logs saying dhcp-dns failed 02
PM if someone want to fix this and will get payed

Did you consider to contact with Zentyal and buy a ticket? Perhaps the official support can help you.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

12
Installation and Upgrades / Re: Migration From Linux LDAP NT4 PDC?
« on: April 22, 2022, 10:33:57 am »
Hi,

You can export the domain groups and users and perhaps, their passwords too, however, the computers cannot be migrated. You will need to unjoin and join them again to the new domain controller.

Zentyal has two scripts that allow to import domain users and group from a csv files. Below you have more information about it.

* https://doc.zentyal.org/en/directory.html#importing-and-exporting-users-and-groups

To create those csv files from your current Samba, you could create a shell script that uses ldapsearch/ldbsearch command to retrieve the required information.

Hope it helps you.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

13
Hi
Anyone else has gotten this?
going insanse trying to fix this issue

Code: [Select]
r 19 18:35:46 zentyal named[14741]: samba_dlz: cancelling transaction on zone test.local
Apr 19 18:35:49 zentyal dhcpd[3779]: DHCPREQUEST for 192.168.0.21 from 54:ee:75:98:1f:c1 via eth0: unknown lease 192.168.0.21.
Apr 19 18:35:49 zentyal named[14741]: samba_dlz: starting transaction on zone test.local
Apr 19 18:35:49 zentyal named[14741]: client @0x7f0c3c11da90 192.168.0.22#53411: update 'test.local/IN' denied
Apr 19 18:35:49 zentyal named[14741]: samba_dlz: cancelling transaction on zone test.local
Apr 19 18:35:49 zentyal named[14741]: samba_dlz: starting transaction on zone test.local
Apr 19 18:35:49 zentyal named[14741]: samba_dlz: disallowing update of signer=WINDOWS10-PC\$\@TEST.LOCAL name=windows10-pc.test.local type=AAAA error=insufficient access rights
Apr 19 18:35:49 zentyal named[14741]: client @0x7f0c3c11da90 192.168.0.22#61540/key WINDOWS10-PC\$\@TEST.LOCAL: updating zone 'test.local/NONE': update failed: rejected by secure update (REFUSED)
Apr 19 18:35:49 zentyal named[14741]: samba_dlz: cancelling transaction on zone test.local
Apr 19 18:36:40 zentyal named[14741]: resolver priming query complete
Apr 19 18:36:49 zentyal dhcpd[3779]: DHCPREQUEST for 192.168.0.21 from 54:ee:75:98:1f:c1 via eth0: unknown lease 192.168.0.21.
Apr 19 18:37:50 zentyal dhcpd[3779]: DHCPREQUEST for 192.168.0.21 from 54:ee:75:98:1f:c1 via eth0: unknown lease 192.168.0.21.
Apr 19 18:38:46 zentyal samba[1864]: [2022/04/19 18:38:46.438481,  0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Apr 19 18:38:46 zentyal samba[1864]:   /usr/sbin/samba_kcc: ldb_wrap open of secrets.ldb
Apr 19 18:38:50 zentyal dhcpd[3779]: DHCPREQUEST for 192.168.0.21 from 54:ee:75:98:1f:c1 via eth0: unknown lease 192.168.0.21.
Apr 19 18:39:50 zentyal dhcpd[3779]: DHCPREQUEST for 192.168.0.21 from 54:ee:75:98:1f:c1 via eth0: unknown lease 192.168.0.21.
Apr 19 18:40:49 zentyal named[14741]: samba_dlz: starting transaction on zone test.local
Apr 19 18:40:49 zentyal named[14741]: client @0x7f0c3c100b70 192.168.0.22#65076: update 'test.local/IN' denied
Apr 19 18:40:49 zentyal named[14741]: samba_dlz: cancelling transaction on zone test.local
Apr 19 18:40:49 zentyal named[14741]: samba_dlz: starting transaction on zone test.local
Apr 19 18:40:49 zentyal named[14741]: samba_dlz: disallowing update of signer=WINDOWS10-PC\$\@TEST.LOCAL name=windows10-pc.test.local type=AAAA error=insufficient access rights
Apr 19 18:40:49 zentyal named[14741]: client @0x7f0c3c100b70 192.168.0.22#53010/key WINDOWS10-PC\$\@TEST.LOCAL: updating zone 'test.local/NONE': update failed: rejected by secure update (REFUSED)

Hi,

Those messages are normal either if you don't have enabled the feature DDNS or your Windows machines use the DNS option 'Register this connections addresses in DNS'.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

14
Spanish / Re: no eliminar interfaz bridge
« on: April 20, 2022, 10:03:42 am »
Buenos días,

Puedes resetear un módulo usando el script '/usr/share/zentyal/clean-conf' . En tu caso sería:

Code: [Select]
sudo /usr/share/zentyal/clean-conf network

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

15
Other modules / Re: Problems saving network data
« on: April 20, 2022, 10:00:46 am »
Hi,

Unfortunately that information is not helpful. Did you analyse the log file '/var/log/syslog'?

If you can't find anything useful in the log files, you will need to disable all of them, and start enable one by one.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

Pages: [1] 2 3 ... 6