Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / Zentyal 3.5.1 Dynamic DNS no PTR Records
« on: July 29, 2014, 12:32:27 am »
Zentyal appears to handle three distinct types of automatic DNS registrations:
1. hosts added to the DNS Hostnames list will be nicely registered, both forward and reverse entries. This mechanism seems to work OK;
2. when DHCP "Dynamic DNS Option" is ENABLED, forward and reverse DNS records will be created each time DHCP issues a new lease. This mechanism also seems to work OK;
3. when DHCP "Dynamic DNS Option" IS NOT enabled, forward DNS records will be created each time a client so requests, e.g. when Windows workstations are powered up or upon ipconfig /release + ipconfig /renew or ipconfig /registerdns; however, PTR records ARE NOT created. This is the mechanism which IS NOT working for reverse records.
I have verified that PTR records can be made to work under these circumstances if the "update-policy" statement which controls updates from machines other than the local machine, in the declaration of reverse zones of file "/etc/bind/named.conf.local", is changed to update-policy {grant * wildcard * PTR TXT;};
Other more restrictive policies, such as specifying the wildcard *.0.168.192.in-addr.arpa in the tname field, also works with the "wildcard" matchtype. However I could not make work any policy utilizing matchtypes "subdomain" (as configured by Zentyal), "self", "tcp-self" or any others. It seems "tcp-self" would be the most appropriate matchtype for the job here.
Success or failure of a remote ipconfig/renew request can be monitored by "tail -f /var/log/syslog".
I was able to change the relevant line(s) of named.conf.local, by editing "/usr/share/zentyal/stubs/dns/named.conf.local.mas".
1. hosts added to the DNS Hostnames list will be nicely registered, both forward and reverse entries. This mechanism seems to work OK;
2. when DHCP "Dynamic DNS Option" is ENABLED, forward and reverse DNS records will be created each time DHCP issues a new lease. This mechanism also seems to work OK;
3. when DHCP "Dynamic DNS Option" IS NOT enabled, forward DNS records will be created each time a client so requests, e.g. when Windows workstations are powered up or upon ipconfig /release + ipconfig /renew or ipconfig /registerdns; however, PTR records ARE NOT created. This is the mechanism which IS NOT working for reverse records.
I have verified that PTR records can be made to work under these circumstances if the "update-policy" statement which controls updates from machines other than the local machine, in the declaration of reverse zones of file "/etc/bind/named.conf.local", is changed to update-policy {grant * wildcard * PTR TXT;};
Other more restrictive policies, such as specifying the wildcard *.0.168.192.in-addr.arpa in the tname field, also works with the "wildcard" matchtype. However I could not make work any policy utilizing matchtypes "subdomain" (as configured by Zentyal), "self", "tcp-self" or any others. It seems "tcp-self" would be the most appropriate matchtype for the job here.
Success or failure of a remote ipconfig/renew request can be monitored by "tail -f /var/log/syslog".
I was able to change the relevant line(s) of named.conf.local, by editing "/usr/share/zentyal/stubs/dns/named.conf.local.mas".
2
Installation and Upgrades / Switching server roles betwee Domain Controller and Additional Domain Controller
« on: August 09, 2013, 09:59:04 pm »
I have two identical Zentyal 3.0.23 servers, dc02 configured as a DC and dc01 as an Additional DC.
Replication between them works fine and most everything is working OK. I wanted to switch their server roles, making dc01 assume the DC role and dc02 the Additional DC. To this end, I transferred the 5 FSMO roles from dc02 to dc01 and then manually edited the fSMORoleOwner of DC=DomainDnsZones, CN=Infrastructure and of DC=ForestDnsZones, CN= Infrastructure, changing "DC02" to "DC01" at both places. It appears that dc01 is now indeed behaving as the DC and dc02 as the Additional DC, as I intended. However, in the Zentyal WebGUI, "File Sharing" has not changed and continues to show dc02 as the DC and dc01 as the Additional DC. Why ?
Replication between them works fine and most everything is working OK. I wanted to switch their server roles, making dc01 assume the DC role and dc02 the Additional DC. To this end, I transferred the 5 FSMO roles from dc02 to dc01 and then manually edited the fSMORoleOwner of DC=DomainDnsZones, CN=Infrastructure and of DC=ForestDnsZones, CN= Infrastructure, changing "DC02" to "DC01" at both places. It appears that dc01 is now indeed behaving as the DC and dc02 as the Additional DC, as I intended. However, in the Zentyal WebGUI, "File Sharing" has not changed and continues to show dc02 as the DC and dc01 as the Additional DC. Why ?
3
Installation and Upgrades / NexentaStor unable to join Zentyal 3 domain
« on: April 04, 2013, 09:07:55 pm »
What procedure should be followed to make NexentaStor 3.1.3.5 CE join a Samba4 domain controlled by a Zentyal 3.0.16 Domain Controller ?
I have unsuccessfully tried running Zentyal at domain levels 2003, 2008 and 2008 R2,where it now sits.
When I set lmauth_level=4 at the Nexenta side, I get the following errors after running "smbadm join -u Administrator mydomain.loc":
Apr 4 09:58:37 nexenta04 smbd[10056]: [ID 972153 daemon.error] smbns_ksetpwd: KPASSWD protocol exchange failed (Message stream modified)
Apr 4 09:58:37 nexenta04 smbd[10056]: [ID 702911 daemon.notice] Failed to set machine password.
Apr 4 09:58:37 nexenta04 smbd[10056]: [ID 871254 daemon.error] smbd: failed joining mydomain.loc (UNSUCCESSFUL)
If I set lmauth_level=2, the error then becomes:
Apr 4 15:43:32 nexenta04 smbd[10056]: [ID 807464 daemon.error] ndr_rpc_bind: smbrdr_ctx_new(S=dc02, D=mydomain.loc, U=Administrator), err=48
Apr 4 15:43:32 nexenta04 last message repeated 3 times
Apr 4 15:43:32 nexenta04 smbd[10056]: [ID 871254 daemon.error] smbd: failed joining mydomain.loc (LOGON_FAILURE)
What can be inferred from the above two sets of messages ? Is there a problem with kpasswd or kerberos ? What is a sensible way to debug this ?
This problem persists since Zentyal 3.0.3.
Note 1: The same NexentaStor installation joins a Windows Server 2003 domain without effort.
Note 2: The prior Solaris 11 11/11 joins the domain controlled by Zentyal also effortlessly BUT the more recent Solaris 11.1ga does not.
Help will be appreciated.
I have unsuccessfully tried running Zentyal at domain levels 2003, 2008 and 2008 R2,where it now sits.
When I set lmauth_level=4 at the Nexenta side, I get the following errors after running "smbadm join -u Administrator mydomain.loc":
Apr 4 09:58:37 nexenta04 smbd[10056]: [ID 972153 daemon.error] smbns_ksetpwd: KPASSWD protocol exchange failed (Message stream modified)
Apr 4 09:58:37 nexenta04 smbd[10056]: [ID 702911 daemon.notice] Failed to set machine password.
Apr 4 09:58:37 nexenta04 smbd[10056]: [ID 871254 daemon.error] smbd: failed joining mydomain.loc (UNSUCCESSFUL)
If I set lmauth_level=2, the error then becomes:
Apr 4 15:43:32 nexenta04 smbd[10056]: [ID 807464 daemon.error] ndr_rpc_bind: smbrdr_ctx_new(S=dc02, D=mydomain.loc, U=Administrator), err=48
Apr 4 15:43:32 nexenta04 last message repeated 3 times
Apr 4 15:43:32 nexenta04 smbd[10056]: [ID 871254 daemon.error] smbd: failed joining mydomain.loc (LOGON_FAILURE)
What can be inferred from the above two sets of messages ? Is there a problem with kpasswd or kerberos ? What is a sensible way to debug this ?
This problem persists since Zentyal 3.0.3.
Note 1: The same NexentaStor installation joins a Windows Server 2003 domain without effort.
Note 2: The prior Solaris 11 11/11 joins the domain controlled by Zentyal also effortlessly BUT the more recent Solaris 11.1ga does not.
Help will be appreciated.
4
Installation and Upgrades / Installing phpldapadmin on a Zentyal 3.0.8 server
« on: December 18, 2012, 05:19:06 pm »
Is there a procedure to install phpldapadmin on a Zentyal 3.0.8 server, configured to run under apache2 ?
Which dependencies must be satisfied ?
Which dependencies must be satisfied ?
5
Installation and Upgrades / Solaris v11.1 unable to join Zentyal 3.0.8 Domain
« on: December 13, 2012, 05:46:05 pm »
I have joined without major issues several Solaris 11/11 x86 servers to Zentyal Samba4 domains, in essence following instructions in Solaris documentation available at the Oracle site.
However, I had no success joining the newer Solaris v11.1 x86 to the same domains. All the same procedures are followed but upon issueing on the Solaris v11.1:
root@solaris03:~# smbadm join -u Administrator mydomain.loc
root@solaris03:~# tail /var/adm/messages shows the following:
Dec 13 13:44:02 solaris03 smbd[1171]: [ID 232655 daemon.notice] ldap_modify: Constraint violation
Dec 13 13:44:02 solaris03 smbd[1171]: [ID 702911 daemon.notice] Workstation trust account update failed
Curious thing is I am unable to find any log activity anywhere on the Zentyal 3.0.8 server and suspect I am not looking in the right places.
I would appreciate suggestions to help me join a Solaris v11.1 x86 to a Zentyal Samba4 domain.
However, I had no success joining the newer Solaris v11.1 x86 to the same domains. All the same procedures are followed but upon issueing on the Solaris v11.1:
root@solaris03:~# smbadm join -u Administrator mydomain.loc
root@solaris03:~# tail /var/adm/messages shows the following:
Dec 13 13:44:02 solaris03 smbd[1171]: [ID 232655 daemon.notice] ldap_modify: Constraint violation
Dec 13 13:44:02 solaris03 smbd[1171]: [ID 702911 daemon.notice] Workstation trust account update failed
Curious thing is I am unable to find any log activity anywhere on the Zentyal 3.0.8 server and suspect I am not looking in the right places.
I would appreciate suggestions to help me join a Solaris v11.1 x86 to a Zentyal Samba4 domain.
Pages: [1]