Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / Re: User change password through web UI.
« on: March 09, 2015, 03:49:33 pm »
Hi,
Is there a functionality like that in plan for the future or is this currently not in plans? Is something like that required by more users than just myself and would be a good idea to implement? I'm thinking out loud.
Is there a functionality like that in plan for the future or is this currently not in plans? Is something like that required by more users than just myself and would be a good idea to implement? I'm thinking out loud.
2
Installation and Upgrades / User change password through web UI.
« on: March 04, 2015, 06:32:43 pm »
Hi,
Does Zentyal support changing passwords through Zentyal web interface? I would like to enable users to easily change their domain passwords without using the instructions outlined below: https://wiki.zentyal.org/wiki/En/3.5/Users,_Computers_and_File_Sharing#Changing_the_user_password
If you're a Linux/Mac user then you'll have a hard time changing the password. Additionally, some of my Windows users don't want to be joined into a domain, which prevents them from changing a password.
Thank you
Does Zentyal support changing passwords through Zentyal web interface? I would like to enable users to easily change their domain passwords without using the instructions outlined below: https://wiki.zentyal.org/wiki/En/3.5/Users,_Computers_and_File_Sharing#Changing_the_user_password
If you're a Linux/Mac user then you'll have a hard time changing the password. Additionally, some of my Windows users don't want to be joined into a domain, which prevents them from changing a password.
Thank you
3
Installation and Upgrades / Re: Authenticate Gitlab users to Zentyal LDAP
« on: March 01, 2015, 09:01:49 pm »
The following settings did the job beautifully:
Code: [Select]
ldap:
enabled: true
host: 'zentyal'
base: 'DC=domain,DC=com'
port: 389
method: 'plain'
uid: 'sAMAccountName'
allow_username_or_email_login: true
bind_dn: 'CN=Gitlab,OU=Servers,DC=domain,DC=com'
password: 'password'
4
Installation and Upgrades / Re: PFSense OpenVPN with Zentyal Samba Backend
« on: November 18, 2014, 10:18:44 pm »
Hi,
So what you're basically doing is the following:
1. Create a user in LDAP in Zentyal, which has appropriate username and password. A new certificate for the user is NOT created in Zentyal, but rather in Pfsense.
2. Create a new certificate in Pfsense by using built-in certificate manager?
3. Export the OpenVPN profile through Client Export in Pfsense and use that to connect to the VPN server.
I still have a couple of questions:
1. If I understand your words correctly, you keep the users information in Zentyal, while the certificates are stored in Pfsense?
2. When creating a new certificate in pfsense, how do you ensure it's linked with an existing user from Zentyal?
3. How do you ensure that a certificate of a user B is not allowed to be used to authenticate user A?
I'm still not completely sure how your setup is configured. Can you write a more detailed answer of the steps that you need to take to add a new openvpn user to your setup: zentyal + pfsense?
Thank you
So what you're basically doing is the following:
1. Create a user in LDAP in Zentyal, which has appropriate username and password. A new certificate for the user is NOT created in Zentyal, but rather in Pfsense.
2. Create a new certificate in Pfsense by using built-in certificate manager?
3. Export the OpenVPN profile through Client Export in Pfsense and use that to connect to the VPN server.
I still have a couple of questions:
1. If I understand your words correctly, you keep the users information in Zentyal, while the certificates are stored in Pfsense?
2. When creating a new certificate in pfsense, how do you ensure it's linked with an existing user from Zentyal?
3. How do you ensure that a certificate of a user B is not allowed to be used to authenticate user A?
I'm still not completely sure how your setup is configured. Can you write a more detailed answer of the steps that you need to take to add a new openvpn user to your setup: zentyal + pfsense?
Thank you
5
Installation and Upgrades / Re: Authenticate Gitlab users to Zentyal LDAP
« on: November 18, 2014, 10:11:25 pm »
Hi,
As I've said, in Zentyal 3.5 onwards Samba is used as a LDAP server, not OpenLDAP, which was used before. Therefore, there are a myriad of changes that need to be configured in order for everything to work as it should. The following is shown if I visit LDAP settings in zentyal:
As I've said, in Zentyal 3.5 onwards Samba is used as a LDAP server, not OpenLDAP, which was used before. Therefore, there are a myriad of changes that need to be configured in order for everything to work as it should. The following is shown if I visit LDAP settings in zentyal:
6
Installation and Upgrades / Re: Authenticate Gitlab users to Zentyal LDAP
« on: November 17, 2014, 10:56:44 pm »
Hi,
I believe this has changed when moving to Zentyal 3.5 and now sAMAccountName is used to distinguish users, isn't that so? What did you mean by "zentyal LDAP root reader"?
I believe this has changed when moving to Zentyal 3.5 and now sAMAccountName is used to distinguish users, isn't that so? What did you mean by "zentyal LDAP root reader"?
7
Installation and Upgrades / Re: PFSense OpenVPN with Zentyal Samba Backend
« on: November 17, 2014, 10:53:38 pm »
Hi,
Thank you for your reply. Can you also tell me how are the usernames and certificates tied together in Zentyal. Do you allow access to OpenVPN only through user+pass credentials or do you require certificates only. Did you use any special schema for your users, which also enable the certificates field to be used with the users.
I also don't know how does the OpenVPN server running on pfsense gets it's hands on the user certificates?
Thank you
Thank you for your reply. Can you also tell me how are the usernames and certificates tied together in Zentyal. Do you allow access to OpenVPN only through user+pass credentials or do you require certificates only. Did you use any special schema for your users, which also enable the certificates field to be used with the users.
I also don't know how does the OpenVPN server running on pfsense gets it's hands on the user certificates?
Thank you
8
Installation and Upgrades / Zentyal backuping files
« on: November 11, 2014, 11:36:23 pm »
Hi,
I'm using zentyal 3.5, but want to switch to 4.0 in the near future. I would like to know whether keeping the following files backup-ed can be used for backuping purposes:
I'm currently using an existing backuping solution in my network and keeping Zentyal up-to-date is a breeze; I just have to specify the directories that I want to sychronize.
Can anybody think of any other directory that would be worth keeping in sync?
Thank you
I'm using zentyal 3.5, but want to switch to 4.0 in the near future. I would like to know whether keeping the following files backup-ed can be used for backuping purposes:
Quote
File = "/etc"
File = "/home"
File = "/var/lib/mysql"
File = "/var/lib/zentyal/CA"
File = "/var/lib/zentyal/conf/"
File = "/var/lib/zentyal/sql-tables/"
File = "/var/lib/zentyal/extra-backup-data/"
I'm currently using an existing backuping solution in my network and keeping Zentyal up-to-date is a breeze; I just have to specify the directories that I want to sychronize.
Can anybody think of any other directory that would be worth keeping in sync?
Thank you
9
Installation and Upgrades / Authenticate Gitlab users to Zentyal LDAP
« on: November 10, 2014, 01:07:25 pm »
Hi,
I've setup gitlab by using the following settings, where the user/pass was taken from /etc/dovecot/dovecot-ldap.conf.
If I use a LDAP client I have no problems connecting to the Zentyal LDAP, but for some reason the Gitlab doesn't want to authenticate my existing users in the LDAP database. How can I debut the Samba at the time authentication takes place in order to determine what's going on?
This started happening a few days ago, when I've updated Zentyal 3.5 with the latest available packages. I'm guessing it has something to do with Zentyal 4.0 being pushed out. It used to be the case that I could login with "Gitlab" user, but not only the zentyal-mail-zentyal user is accepted.
Can anybody provide any possible solutions to figure out what's going on?
I've setup gitlab by using the following settings, where the user/pass was taken from /etc/dovecot/dovecot-ldap.conf.
Quote
## LDAP settings
ldap:
enabled: true
host: '192.168.1.2'
base: 'DC=domain,DC=com'
port: 389
method: 'plain'
#port: 636
#method: 'ssl'
uid: 'sAMAccountName'
allow_username_or_email_login: true
bind_dn: 'CN=zentyal-mail-zentyal,CN=Users,DC=domain,DC=com'
password: 'password'
If I use a LDAP client I have no problems connecting to the Zentyal LDAP, but for some reason the Gitlab doesn't want to authenticate my existing users in the LDAP database. How can I debut the Samba at the time authentication takes place in order to determine what's going on?
This started happening a few days ago, when I've updated Zentyal 3.5 with the latest available packages. I'm guessing it has something to do with Zentyal 4.0 being pushed out. It used to be the case that I could login with "Gitlab" user, but not only the zentyal-mail-zentyal user is accepted.
Can anybody provide any possible solutions to figure out what's going on?
10
Installation and Upgrades / PFSense OpenVPN with Zentyal Samba Backend
« on: November 09, 2014, 09:31:36 pm »
Hi,
I would like to setup pfsense with zentyal backend, where the users with their passwords and certificates are stored in Zentyal. I've setup pfsense so that it queries the LDAP correctly: I'm not sure whether I've correctly specified the naming attributes, which are presented on the picture below. I followed these rules: https://forum.zentyal.org/index.php?topic=22954.0 , but those are for Zentyal 3.2, but Zentyal 3.5 started using Samba as LDAP server (openldap is not supported anymore).
Therefore, I would like to know the following:
1. The naming attributes that I need to use when Samba LDAP backend is in use. The details of my current user are presented below, which should make it easier to give me a few tips.
2. The user declaration above doesn't hold any certificate information. I've installed VPN module in Zentyal, but I don't want to actually run OpenVPN on the Zentyal server: I would just like to manage users on Zentyal. Therefore, if incorporating users with a certificate is possible in a simple manner, it would be very good to know.
Basically I would like to run Pfsense in front of Zentyal, but pfsense should query zentyal for user credentails and certificates. This is something we would like to have, since managing certificate authority in Zentyal is a breeze.
Any viewpoints are appreciated.
Thank you
I would like to setup pfsense with zentyal backend, where the users with their passwords and certificates are stored in Zentyal. I've setup pfsense so that it queries the LDAP correctly: I'm not sure whether I've correctly specified the naming attributes, which are presented on the picture below. I followed these rules: https://forum.zentyal.org/index.php?topic=22954.0 , but those are for Zentyal 3.2, but Zentyal 3.5 started using Samba as LDAP server (openldap is not supported anymore).
Therefore, I would like to know the following:
1. The naming attributes that I need to use when Samba LDAP backend is in use. The details of my current user are presented below, which should make it easier to give me a few tips.
Quote
dn: CN=Name Surname,CN=Users,DC=domain,DC=com
cn: Name Surname
sn: Surname
givenName: name
instanceType: 4
whenCreated: 20140802111349.0Z
displayName: Name Surname
uSNCreated: 3859
name: Name Surname
objectGUID:: 4sA53BVs1RS1L6D3ThlZiQ==
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid:: AZUAAABBBAUVAABBBNg17vN/27QtOhL68UQQAAA==
accountExpires: 8122377126854785807
logonCount: 0
sAMAccountName: name.surname
sAMAccountType: 8056306568
userPrincipalName: name.surname@domain.COM
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com
uidNumber: 2502
gidNumber: 2513
pwdLastSet: 130514516290000000
userAccountControl: 512
homeDrive: H:
homeDirectory: \\zentyal.domain.COM\name.surname
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: systemQuotas
objectClass: organizationalPerson
objectClass: user
memberOf: CN=OpenVPN,CN=Groups,DC=domain,DC=com
mail: name@domain.com
quota: 5000
whenChanged: 20141109102704.0Z
uSNChanged: 3942
distinguishedName: CN=Name Surname,CN=Users,DC=domain,DC=com
2. The user declaration above doesn't hold any certificate information. I've installed VPN module in Zentyal, but I don't want to actually run OpenVPN on the Zentyal server: I would just like to manage users on Zentyal. Therefore, if incorporating users with a certificate is possible in a simple manner, it would be very good to know.
Basically I would like to run Pfsense in front of Zentyal, but pfsense should query zentyal for user credentails and certificates. This is something we would like to have, since managing certificate authority in Zentyal is a breeze.
Any viewpoints are appreciated.
Thank you
11
Installation and Upgrades / Re: VPN + Certificates
« on: August 05, 2014, 07:53:54 pm »
Hi, can you elaborate on your answer; please provide more details.
Thank you
Thank you
12
Installation and Upgrades / VPN + Certificates
« on: August 02, 2014, 02:54:33 pm »
I'm curious whether it's possible to setup OpenVPN on another server to authenticate against LDAP users on Zentyal by using certificates stored in the Zentyal LDAP database.
I would also like to know how the certificate authority used in Zentyal correlates between users in LDAP DB and user certificates stored in CA?
Thank you
I would also like to know how the certificate authority used in Zentyal correlates between users in LDAP DB and user certificates stored in CA?
Thank you
13
Installation and Upgrades / Samba LDAP + Gitlab
« on: August 02, 2014, 02:52:14 pm »
Hi,
I've just installed the new 3.5 version of Zentyal and I'm testing it out. The problem is that I cannot connect my Gitlab server to authenticate users stored in zentyal LDAP (in the previous version where OpenLDAP was used, this worked flawlessly). My Gitlab settings in /home/git/gitlab/config/gitlab.yml are the following:
The gitlab@domain.com user exists in the LDAP and authentication works if I use:
When I try to autenticate the user in Gitlab web interface, the following is printed in the Gitlab log:
Zentyal log contains the following:
Does anybody know what could be the problem?
I've just installed the new 3.5 version of Zentyal and I'm testing it out. The problem is that I cannot connect my Gitlab server to authenticate users stored in zentyal LDAP (in the previous version where OpenLDAP was used, this worked flawlessly). My Gitlab settings in /home/git/gitlab/config/gitlab.yml are the following:
Code: [Select]
## LDAP settings
ldap:
enabled: true
host: 'zentyalhost'
base: 'DC=domain,DC=com'
port: 389
uid: 'uid'
method: 'plain' # "ssl" or "plain"
bind_dn: 'gitlab@domain.com'
password: 'password'
allow_username_or_email_login: true
The gitlab@domain.com user exists in the LDAP and authentication works if I use:
Code: [Select]
# ldapsearch -h zentyalhost -p 389 -b "DC=domain,DC=com" -D "gitlab@domain.com" -W '(uid=*)'
# extended LDIF
#
# LDAPv3
# base <DC=domain,DC=com> with scope subtree
# filter: (uid=*)
# requesting: ALL
#
# search reference
ref: ldap://domain.com/CN=Configuration,DC=domain,DC=com
# search reference
ref: ldap://domain.com/DC=DomainDnsZones,DC=domain,DC=com
# search reference
ref: ldap://domain.com/DC=ForestDnsZones,DC=domain,DC=com
# search result
search: 2
result: 0 Success
# numResponses: 4
# numReferences: 3
When I try to autenticate the user in Gitlab web interface, the following is printed in the Gitlab log:
Code: [Select]
==> /home/git/gitlab/log/production.log <==
Processing by OmniauthCallbacksController#failure as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "username"=>"name.surname@domain.com", "password"=>"[FILTERED]"}
Redirected to https://gitlab/users/sign_in
Completed 302 Found in 5ms (ActiveRecord: 0.0ms)
Started GET "/users/sign_in" for 127.0.0.1 at 2014-08-02 14:41:38 +0200
Processing by Devise::SessionsController#new as HTML
Rendered devise/sessions/_new_ldap.html.haml (1.4ms)
Rendered devise/sessions/_new_base.html.haml (2.0ms)
Rendered devise/sessions/_oauth_providers.html.haml (0.1ms)
Rendered devise/sessions/new.html.haml within layouts/devise (5.2ms)
Rendered layouts/_head.html.haml (0.9ms)
Rendered layouts/_flash.html.haml (0.1ms)
Completed 200 OK in 14ms (Views: 7.7ms | ActiveRecord: 0.0ms)
Zentyal log contains the following:
Code: [Select]
# tail -f /var/log/samba/{log.nmbd,log.smbd,samba.log}
[2014/08/02 14:51:16.104771, 3] ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2014/08/02 14:51:16.111895, 3] ../source4/auth/ntlm/auth.c:270(auth_check_password_send)
auth_check_password_send: Checking password for unmapped user [DOMAIN]\[gitlab]@[(null)]
auth_check_password_send: mapped user is: [DOMAIN]\[gitlab]@[(null)]
[2014/08/02 14:51:16.131978, 3] ../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2014/08/02 14:51:16.132288, 3] ../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
Does anybody know what could be the problem?
Pages: [1]