This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / Re: Zentyal locks during boot
« on: January 24, 2018, 11:39:51 pm »
Another thanks to rubic. Worked for me too.
2
Installation and Upgrades / Kernel management
« on: January 24, 2018, 05:09:09 am »
Is there a recommended policy for managing the application of kernels to a Zentyal installation? I was not paying attention to this and had assumed that Zentyal was updating kernels as part of its core updates, but discovered that I was still running a two year old kernel after a recent update. I can't find anything in the documentation to guide on which kernels are recommended or compatible with Zentyal releases. If we are left to manage the kernels independently of the Zentyal core updates, is there a recommended technique? Thanks.
3
Installation and Upgrades / Re: [SOLVED] Network module: flush-fwmarks stalls when ip enters infinite loop
« on: January 24, 2018, 04:54:49 am »4
Installation and Upgrades / [SOLVED] Network module: flush-fwmarks stalls when ip enters infinite loop
« on: January 24, 2018, 04:06:24 am »
At the end of the upgrade to core 5.0.10 (with network 5.0.9) the attempt to restart the network module stalled. Eventually I logged onto the system via ssh and found that 'ip' was running at 100% CPU. Seeing that it was called from flush-fwmarks, I tried the call to 'ip rules ls' myself and found that it entered an infinite loop returning a constant stream of "0: from all lookup local". Please advise what might be causing this and ideas on how to reset the configuration to correct it. Thanks.
5
Directory and Authentication / Re: [UNRESOLVED] How to troubleshoot samba backup domain controller function?
« on: June 28, 2017, 11:51:03 pm »
Two months after the 5.0.6 upgrade mysteriously fixed the problem, the issue is back. If anybody has any ideas on where to look to better diagnose the issue, please let me know. Thanks.
6
Directory and Authentication / Re: How to troubleshoot samba backup domain controller function?
« on: April 20, 2017, 02:46:46 am »
Problem was mysteriously resolved after updating the Domain Controller and File Sharing component from 5.0.3 to 5.0.6. I do not know what the corrective change was.
7
Directory and Authentication / Re: How to troubleshoot samba backup domain controller function?
« on: April 19, 2017, 11:53:08 pm »
Additional info:
- "samba-tool testparm" completes without error
- "samba-tool user list" or "wbinfo -u" (and the group equivalents) return all the domain accounts, so the service is sufficiently operable to identify the domain objects from the command line.
- "samba-tool drs showrepl" is the only samba-tool command for which I am yet to see a failure on the BDC and not on the PDC. It reports:
"Cannot reach a KDC we require to contact ldap/BDC.MYDOMAIN.NET@MYDOMAIN.NET : kinit for BDC$@MYDOMAIN.NET failed (Cannot contact any KDC for requested realm)" and
"Failed to connect to ldap URL 'ldap://bdc.mydomain.net' - LDAP client internal error: NT_STATUS_CONNECTION_REFUSED"
8
Directory and Authentication / [UNRESOLVED] How to troubleshoot samba backup domain controller function?
« on: April 19, 2017, 09:11:55 pm »
Was marked as SOLVED on April 20, 2017 but was observed to have recurred sometime before June 28, 2017. Upgrade to 5.0.6 apparently was not a permanent fix. All symptoms are the same as originally reported.
Running Zentyal 5.0
I used the web interface a couple years ago (before upgrading to 5.0 a few months back) to configure a Zentyal server as both a backup domain controller and a file server. This was working fine. I recently discovered that it is no longer operating as a BDC and I don't know how long this has been the case, so I can't trace it to any particular event. It may or may not have been coincident with the 5.0 upgrade, but I would think I would have noticed it then if it was. Anyway, there are three observed problems:
"service smbd status" returns:
and "samba-tool processes" returns:
I've also grepped the various samba log files for "ldap" and nothing turns up.
I'm at a bit of a loss now as to where to go looking to figure out why the samba LDAP \ DC function isn't working properly. Please advise on suggested next steps for locating the source of the problem. Thanks.
Running Zentyal 5.0
I used the web interface a couple years ago (before upgrading to 5.0 a few months back) to configure a Zentyal server as both a backup domain controller and a file server. This was working fine. I recently discovered that it is no longer operating as a BDC and I don't know how long this has been the case, so I can't trace it to any particular event. It may or may not have been coincident with the 5.0 upgrade, but I would think I would have noticed it then if it was. Anyway, there are three observed problems:
- When I try to access the 'Users and Computers' page in the BDC web interface it reports "FATAL: Could not connect to samba LDAP server: connect: Connection refused".
- I am unable to connect to the BDC through the Windows ADExplorer tool - it reports "The server is not operational".
If my Windows client PC is using the BDC as the logon server, I can logon but am unable to query users and groups for ACLs.From a Windows client, I am unable to query users and groups for ACLs on any of the BDC shares.
"service smbd status" returns:
Code: [Select]
● smbd.service - Samba SMB Daemon
Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2017-04-19 11:12:46 PDT; 42min ago
Docs: man:smbd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 20688 (smbd)
Status: "smbd: ready to serve connections..."
CGroup: /system.slice/smbd.service
├─20688 /usr/sbin/smbd
├─20689 /usr/sbin/smbd
├─20690 /usr/sbin/smbd
├─20692 /usr/sbin/smbd
├─20695 /usr/sbin/smbd
├─20696 /usr/sbin/smbd
├─20729 /usr/sbin/smbd
├─20830 /usr/sbin/smbd
├─21189 /usr/sbin/smbd
├─21671 /usr/sbin/smbd
├─21675 /usr/sbin/smbd
└─21677 /usr/sbin/smbd
and "samba-tool processes" returns:
Code: [Select]
Service: PID
-----------------------------
dnsupdate 4790
cldap_server 4783
rpc_server 4778
rpc_server 4778
nbt_server 4780
winbind_server 3810
winbind_server 10520
kdc_server 4784
notify-daemon 20689
ldap_server 4782
ldap_server 4782
ldap_server 4782
ldap_server 4782
kccsrv 4789
samba 4789
dreplsrv 4785
I've also grepped the various samba log files for "ldap" and nothing turns up.
I'm at a bit of a loss now as to where to go looking to figure out why the samba LDAP \ DC function isn't working properly. Please advise on suggested next steps for locating the source of the problem. Thanks.
9
Installation and Upgrades / Re: Troubles with NTACL xattr
« on: November 24, 2016, 02:13:33 am »
Just wanted to post my experience in case it helps anybody else. For unknown reasons I wasn't able to use samba-tool to reset the security.NTACL xattr so I used setfattr instead by copying from the 'good' file or directory:
In my case there was a whole tree with an unknown number of bad NTACLs, so I used 'find' to reset everything:
In the end, everything in the tree had the same 'good' permissions and was fully accessible from Windows.
Code: [Select]
# Capture the NTACL attribute from the good file or directory
ACL=$(getfattr -e base64 -n security.NTACL /path/to/good/file_or_directory)
# Strip off the headers so that the ACL variable only holds the base64 value
ACL=${ACL#*=}
# Set security.NTACL on the bad file or directory
setfattr -n security.NTACL -v $ACL /path/to/bad/file_or_directory
In my case there was a whole tree with an unknown number of bad NTACLs, so I used 'find' to reset everything:
Code: [Select]
cd /root/of/bad/tree
# Use steps above to set DIRACL and FILEACL from good directory and good file
find . -type d -exec setfattr -n security.NTACL -v $DIRACL "{}" \;
find . -type f -exec setfattr -n security.NTACL -v $FILEACL "{}" \;
In the end, everything in the tree had the same 'good' permissions and was fully accessible from Windows.
10
Other modules / How does DNS update when using a separate DHCP server?
« on: February 18, 2016, 09:39:32 pm »
We're running Zentyal 4.2.1.3 with DNS Server 4.2.0.3. The Zentyal server is strictly a domain controller. A separate firewall appliance is acting as the DHCP server and pointing to the Zentyal server as the DNS and WINS server. Names of some PCs which have been joined to the Zentyal managed domain do not resolve and I'm trying to figure out why this occurs.
My understanding is that when Zentyal is both the DNS and DHCP server it automatically refreshes DNS when DHCP leases are granted. How does it add or update DNS entries when there is a separate DHCP server? Does it come from WINS?
Of the PCs listed in the domain which do not resolve, I have regular debugging access to one of them and it is (perhaps not so coincidentally) an Ubuntu box that was joined to the domain via PBIS. Is there a configuration that should be applied to Linux joined PCs to cause DNS updates after obtaining DHCP leases?
Thanks for any guidance you can offer.
My understanding is that when Zentyal is both the DNS and DHCP server it automatically refreshes DNS when DHCP leases are granted. How does it add or update DNS entries when there is a separate DHCP server? Does it come from WINS?
Of the PCs listed in the domain which do not resolve, I have regular debugging access to one of them and it is (perhaps not so coincidentally) an Ubuntu box that was joined to the domain via PBIS. Is there a configuration that should be applied to Linux joined PCs to cause DNS updates after obtaining DHCP leases?
Thanks for any guidance you can offer.
11
Installation and Upgrades / Re: (SOLVED) Windows 8.1 + Zentyal 4.1 = Error Credentials
« on: August 17, 2015, 10:26:31 am »
There's a simpler way to do this on the client side, and it works for Windows 10 - see the ProtectionPolicy registry workaround on KB3000850. It also appears that Samba 4.2 has the fix for this but I wasn't brave enough to try and upgrade to that within Zentyal, so I used the client side registry workaround. With Windows 10 released it seems like it should be a priority for Zentyal to adopt 4.2 as soon as possible.
Pages: [1]