Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
Installation and Upgrades / Re: Error - Unable to get kerberos ticket to bind to LDAP
« on: May 22, 2014, 08:49:22 am »
Hi,
I forgot what I did since its been a while now. Don't know if it was arranged with an update from Zentyal sorry.
I forgot what I did since its been a while now. Don't know if it was arranged with an update from Zentyal sorry.
2
Installation and Upgrades / Re: Zentyal 3.2 - Kerberos Problem Help! [SOLVED]
« on: May 09, 2014, 01:41:01 pm »
Hi,
I have solved the problem by removing Zentyal from the domain and adding it again! Thanks for your help
I have solved the problem by removing Zentyal from the domain and adding it again! Thanks for your help
3
Installation and Upgrades / Zentyal 3.2 - Kerberos Problem Help! [SOLVED]
« on: May 09, 2014, 09:17:50 am »
Hi,
Unfortunately I am experiencing different errors lately. The HTTP Proxy is not being able to bind to LDAP. I have formatted the computer to make sure I start from scratch and I still having the following error:
"Unable to get kerberos ticket to bind to LDAP: could not acquire credentials using an initial credentials context: Already tried ENC-TS-info, looping"
The strange thing is that the Users and Computers module is working correctly since I am able to see all users and groups from the domain.
I have issued the "klist" command and it seems that I am getting a kerberos ticket successfully but somehow zentyal/squid is not seeing that. I have also issued the command "kinit administrator" to check again but still no luck. I appreciate your help please. Thanks
Unfortunately I am experiencing different errors lately. The HTTP Proxy is not being able to bind to LDAP. I have formatted the computer to make sure I start from scratch and I still having the following error:
"Unable to get kerberos ticket to bind to LDAP: could not acquire credentials using an initial credentials context: Already tried ENC-TS-info, looping"
The strange thing is that the Users and Computers module is working correctly since I am able to see all users and groups from the domain.
I have issued the "klist" command and it seems that I am getting a kerberos ticket successfully but somehow zentyal/squid is not seeing that. I have also issued the command "kinit administrator" to check again but still no luck. I appreciate your help please. Thanks
4
Installation and Upgrades / Re: HTTP Proxy Service Stopping [SOLVED]
« on: May 08, 2014, 04:00:50 pm »
It appears that one category from the blacklist was bad and it was stopping the HTTP proxy module
5
Installation and Upgrades / HTTP Proxy Service Stopping [SOLVED]
« on: May 08, 2014, 01:46:08 pm »
Hi,
I have configured Zentyal 3.2 with both HTTP Proxy + Users and Computers. I have downloaded a categorized list, made some filters and applied those filters to domain groups. When these filters are applied to these domain groups, the HTTP proxy service stops working. I have restarted Zentyal several times, removed and re-installed both Users and Computers + HTTP Proxy modules but without avail. I don't know if the last update on Users and Computers module caused such problem.
I am not 100% sure BUT when the filters had fewer decisions (Apply all and Deny all) on several categories, the HTTP proxy was not doing such problem. Any ideas please? Thanks
I have configured Zentyal 3.2 with both HTTP Proxy + Users and Computers. I have downloaded a categorized list, made some filters and applied those filters to domain groups. When these filters are applied to these domain groups, the HTTP proxy service stops working. I have restarted Zentyal several times, removed and re-installed both Users and Computers + HTTP Proxy modules but without avail. I don't know if the last update on Users and Computers module caused such problem.
I am not 100% sure BUT when the filters had fewer decisions (Apply all and Deny all) on several categories, the HTTP proxy was not doing such problem. Any ideas please? Thanks
6
Installation and Upgrades / Re: HTTP Proxy - Multiple Groups Per User Help
« on: May 02, 2014, 12:28:00 pm »
Thanks a lot jbahillo so in that case we can still work something out 
.
.
7
Installation and Upgrades / Re: HTTP Proxy - Multiple Groups Per User Help
« on: May 02, 2014, 09:38:38 am »
Hi Robb,
You have answered my question to the full. That's exactly what's happening in fact. When Zentyal matches the first rule, it does not check the other other rules too. My thinking was if Zentyal would be able to match two rules together on separate groups. I will wait for others maybe there is a solution but doesn't look like it.
You have answered my question to the full. That's exactly what's happening in fact. When Zentyal matches the first rule, it does not check the other other rules too. My thinking was if Zentyal would be able to match two rules together on separate groups. I will wait for others maybe there is a solution but doesn't look like it.
8
Installation and Upgrades / Re: HTTP Proxy - Multiple Groups Per User Help
« on: May 02, 2014, 06:47:55 am »
Bump
9
Installation and Upgrades / HTTP Proxy - Multiple Groups Per User Help
« on: April 30, 2014, 08:53:05 am »
Hi,
I want to configure the HTTP proxy to be able to work with multiple groups per user. I am facing a difficulty since each group has different policies.
For example lets take the below scenario:
Group Basic - can access any website except Social Networking, Webmail and Online Shopping
Group Social Networking - can access all of the Group Basic + Social Networking
Group Webmail - can access all of the Group Basic + Webmail
Group Online Shopping - can access all of the Group Basic + Online Shopping
User 1 - can access Group Basic Only
User 2 - can access Group Basic + Social Networking
User 3 - can access Group Basic + Social Networking + Webmail
User 4 - can access Group Basic + Online Shopping + Webmail
As you can see from the examples above, each user is a member of different groups that each have different policies. The problem is that if I put Group Basic as the FIRST policy, other users that are members of the other three groups and which are all members of the Group Basic cannot access Facebook, Gmail etc... Reason being since these are being blocked by the Group Basic policy. In such case, do I need to create all the different combinations of groups and users? Don't know if Zentyal would be able to compare two different groups and decide if the website will be blocked or allowed? Thanks
I want to configure the HTTP proxy to be able to work with multiple groups per user. I am facing a difficulty since each group has different policies.
For example lets take the below scenario:
Group Basic - can access any website except Social Networking, Webmail and Online Shopping
Group Social Networking - can access all of the Group Basic + Social Networking
Group Webmail - can access all of the Group Basic + Webmail
Group Online Shopping - can access all of the Group Basic + Online Shopping
User 1 - can access Group Basic Only
User 2 - can access Group Basic + Social Networking
User 3 - can access Group Basic + Social Networking + Webmail
User 4 - can access Group Basic + Online Shopping + Webmail
As you can see from the examples above, each user is a member of different groups that each have different policies. The problem is that if I put Group Basic as the FIRST policy, other users that are members of the other three groups and which are all members of the Group Basic cannot access Facebook, Gmail etc... Reason being since these are being blocked by the Group Basic policy. In such case, do I need to create all the different combinations of groups and users? Don't know if Zentyal would be able to compare two different groups and decide if the website will be blocked or allowed? Thanks
10
Installation and Upgrades / Re: Error - Unable to get kerberos ticket to bind to LDAP
« on: October 04, 2013, 01:31:49 pm »
Bump
11
Installation and Upgrades / Error - Unable to get kerberos ticket to bind to LDAP
« on: October 03, 2013, 08:03:13 am »
Hi,
When I am trying to add a source group in HTTP proxy module, I am getting this error:
Unable to get kerberos ticket to bind to LDAP: could not store credentials: Rename of file from /tmp/krb5cc_qEoPnO to /var/lib/zentyal/tmp//etc/squid3/HTTP.keytab.ccache failed: No such file or directory
If the source group in HTTP proxy is set to Any, such error does not appear and the proxy module works perfect. Attached is a screenshot of my current layout. Thanks
When I am trying to add a source group in HTTP proxy module, I am getting this error:
Unable to get kerberos ticket to bind to LDAP: could not store credentials: Rename of file from /tmp/krb5cc_qEoPnO to /var/lib/zentyal/tmp//etc/squid3/HTTP.keytab.ccache failed: No such file or directory
If the source group in HTTP proxy is set to Any, such error does not appear and the proxy module works perfect. Attached is a screenshot of my current layout. Thanks
12
Installation and Upgrades / Re: Error creating computer account for Zentyal server
« on: October 03, 2013, 07:58:26 am »
Hi Christian,
The problem got solved by NOT enabling the DNS module in Zentyal
. Thanks
The problem got solved by NOT enabling the DNS module in Zentyal
. Thanks
13
Installation and Upgrades / Error creating computer account for Zentyal server [SOLVED]
« on: October 01, 2013, 01:15:05 pm »
Hi,
I have joined Zentyal server with my AD (Windows Server 2008). When I try to enable the HTTP proxy module, I get the following error:
Error creating computer account for Zentyal server: msktutil -N -c -b 'CN=COMPUTERS' -s 'HTTP/zentyal.matthew.com' -k '/var/lib/zentyal/tmp/http.keytab' --computer-name 'ZENTYAL' --upn 'zentyalServices/zentyal.matthew.com' --server 'srv2008.matthew.com' --user-creds-only --verbose failed. Error output: Error: could not find any credentials to authenticate with. Neither keytab, default machine password, nor calling user's tickets worked. Try "kinit"ing yourself some tickets with permission to create computer objects, or pre-creating the computer object in AD and selecting 'reset account'. Command output: -- init_password: Wiping the computer password structure -- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-pPJ5P7 -- reload: Reloading Kerberos Context -- finalize_exec: SAM Account Name is: ZENTYAL$ -- try_user_creds: Checking if default ticket cache has tickets... -- try_user_creds: Error: krb5_cc_get_principal failed (No credentials cache found) -- try_user_creds: User ticket cache was not valid. -- ~KRB5Context: Destroying Kerberos Context . Exit value: 1
I appreciate any help please thanks.
I have joined Zentyal server with my AD (Windows Server 2008). When I try to enable the HTTP proxy module, I get the following error:
Error creating computer account for Zentyal server: msktutil -N -c -b 'CN=COMPUTERS' -s 'HTTP/zentyal.matthew.com' -k '/var/lib/zentyal/tmp/http.keytab' --computer-name 'ZENTYAL' --upn 'zentyalServices/zentyal.matthew.com' --server 'srv2008.matthew.com' --user-creds-only --verbose failed. Error output: Error: could not find any credentials to authenticate with. Neither keytab, default machine password, nor calling user's tickets worked. Try "kinit"ing yourself some tickets with permission to create computer objects, or pre-creating the computer object in AD and selecting 'reset account'. Command output: -- init_password: Wiping the computer password structure -- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-pPJ5P7 -- reload: Reloading Kerberos Context -- finalize_exec: SAM Account Name is: ZENTYAL$ -- try_user_creds: Checking if default ticket cache has tickets... -- try_user_creds: Error: krb5_cc_get_principal failed (No credentials cache found) -- try_user_creds: User ticket cache was not valid. -- ~KRB5Context: Destroying Kerberos Context . Exit value: 1
I appreciate any help please thanks.
14
Installation and Upgrades / User password and confirm user password does not match
« on: September 24, 2013, 01:23:16 pm »
Hi,
During the installation wizard of squid, I had an option to connect with an External AD Domain. I chose such option and when it asked me for the password, it was telling me "User password and confirm user password does not match". I have tried the password several times but no luck. Can anyone help me please? Thanks
Zentyal Version 3.2
During the installation wizard of squid, I had an option to connect with an External AD Domain. I chose such option and when it asked me for the password, it was telling me "User password and confirm user password does not match". I have tried the password several times but no luck. Can anyone help me please? Thanks
Zentyal Version 3.2
15
Installation and Upgrades / Read Error or Connection to localhost failed
« on: May 24, 2013, 02:10:56 pm »
Hi,
I am making use of different access rules (with different time periods) in Zentyal V3. A strange thing which is happening all of a sudden is that when the HTTP proxy 'bounces' from one access rule to another (since the time period has expired), there will be no Internet connection to the client. If on the other hand I restart the HTTP proxy, the access rule works perfectly. This means that the HTTP proxy is making a match with the desired access rule but for some reason no Internet connection is provided.
To give an example:
1) Access rule 1 with time slot 07:00 - 12:00
2) Access rule 2 with time slot 12:00 - 14:00
So in the morning the first access rule works great till 12:00. After 12:00, the HTTP proxy does go to the second access rule but no Internet connection is provided UNLESS I restart the HTTP proxy module, which does not make sense after all.
Below I am attaching a screenshot of squid3 configuration file as created by Zentyal template script. Thanks
I am making use of different access rules (with different time periods) in Zentyal V3. A strange thing which is happening all of a sudden is that when the HTTP proxy 'bounces' from one access rule to another (since the time period has expired), there will be no Internet connection to the client. If on the other hand I restart the HTTP proxy, the access rule works perfectly. This means that the HTTP proxy is making a match with the desired access rule but for some reason no Internet connection is provided.
To give an example:
1) Access rule 1 with time slot 07:00 - 12:00
2) Access rule 2 with time slot 12:00 - 14:00
So in the morning the first access rule works great till 12:00. After 12:00, the HTTP proxy does go to the second access rule but no Internet connection is provided UNLESS I restart the HTTP proxy module, which does not make sense after all.
Below I am attaching a screenshot of squid3 configuration file as created by Zentyal template script. Thanks