1
Directory and Authentication / Re: Configuring Zentyal 8.0 Servers for Realm Sign-Ins (And Basic DC Configuration)
« Last post by hortimech1 on December 07, 2024, 02:01:49 pm »OK, first things first.
realmd has nothing to do with a Samba AD DC, so I suggest you stop using it.
When you say 'server' it is a bit unclear whether you are referring to the Samba DC or a client. Now if it is a 'Unix client', then you can use realmd to join the domain and then use sssd to get authentication, but if you want to serve files from the client, then you need to install and configure Samba correctly, part of which is removing realmd & sssd.
When you provision the first Samba AD DC in a domain, it is automatically joined to the domain, so your attempt to use realmd to join it, should have no effect.
realmd has nothing to do with a Samba AD DC, so I suggest you stop using it.
When you say 'server' it is a bit unclear whether you are referring to the Samba DC or a client. Now if it is a 'Unix client', then you can use realmd to join the domain and then use sssd to get authentication, but if you want to serve files from the client, then you need to install and configure Samba correctly, part of which is removing realmd & sssd.
When you provision the first Samba AD DC in a domain, it is automatically joined to the domain, so your attempt to use realmd to join it, should have no effect.
2
Directory and Authentication / Re: Configuring Zentyal 8.0 Servers for Realm Sign-Ins (And Basic DC Configuration)
« Last post by aehimself on December 05, 2024, 08:10:46 am »I think what you are looking for is Users and Computers -> LDAP settings -> PAM settings -> Enable PAM. This will allow AD domain users to log in to your Zentyal machine via SSH.
After this, add them to the sudoers file and maybe that will be enough for them to log in to the web interface as well.
After this, add them to the sudoers file and maybe that will be enough for them to log in to the web interface as well.
3
Directory and Authentication / Re: Configuring Zentyal 8.0 Servers for Realm Sign-Ins (And Basic DC Configuration)
« Last post by bryanvh on December 04, 2024, 03:28:06 pm »Thanks for responding!
This Zentyal server won't be part of a Windows domain. It's supposed to be the start of its own domain/realm specifically for my Linux env.
Your second point is what I was trying to address in the work that I did (realm joining the Zentyal server to the realm is was the DC for). I created the users and groups for the domain in Zentyal. And, as I am used to, they weren't available as system users without the server being joined to the realm in order for LDAP authentication to work. That's why I realm joined the server (so that the users and groups created on the domain would be available for use as system accounts). But, if Samba is independently able to manage that (no realmd required), what do I need to do with the Samba config on the Zentyal DC (lone DC in its own domain (no Windows)) to allow domain accounts to be recognized by the local system?
Apologies that that's probably basic. In the past, the need to config samba was always obfuscated by the realm join taking care of most of it.
This Zentyal server won't be part of a Windows domain. It's supposed to be the start of its own domain/realm specifically for my Linux env.
Your second point is what I was trying to address in the work that I did (realm joining the Zentyal server to the realm is was the DC for). I created the users and groups for the domain in Zentyal. And, as I am used to, they weren't available as system users without the server being joined to the realm in order for LDAP authentication to work. That's why I realm joined the server (so that the users and groups created on the domain would be available for use as system accounts). But, if Samba is independently able to manage that (no realmd required), what do I need to do with the Samba config on the Zentyal DC (lone DC in its own domain (no Windows)) to allow domain accounts to be recognized by the local system?
Apologies that that's probably basic. In the past, the need to config samba was always obfuscated by the realm join taking care of most of it.
4
Directory and Authentication / Re: Configuring Zentyal 8.0 Servers for Realm Sign-Ins (And Basic DC Configuration)
« Last post by Siroco on December 04, 2024, 12:03:04 pm »Hi,
Zentyal uses Samba to perform domain controller (DC) functions. Specifically, Zentyal 8.0 uses Samba 4.15.13, which comes from the official Ubuntu repositories. If your goal is to join a Zentyal server to a domain managed by a Windows server, it is important to consider Samba's recommendations and limitations, as well as the specific version of Samba used by Zentyal.
You can consult the official Samba documentation for more details on how to join a server to a Windows domain.
https://wiki.samba.org/index.php/Joining_a_Windows_Client_or_Server_to_a_Domain
Here is a link to the official documentation on integrating Zentyal with an existing domain:
https://doc.zentyal.org/en/directory.html#joining-zentyal-server-to-an-existing-domain.
Regarding logging into the Zentyal server, it's important to remember that there is a distinction between domain users and groups, and system users and groups. To log into Zentyal as an administrator, you must use a system user that belongs to the sudo group. This is necessary to have administrative privileges within the Linux system on Zentyal.
Regards.
Zentyal uses Samba to perform domain controller (DC) functions. Specifically, Zentyal 8.0 uses Samba 4.15.13, which comes from the official Ubuntu repositories. If your goal is to join a Zentyal server to a domain managed by a Windows server, it is important to consider Samba's recommendations and limitations, as well as the specific version of Samba used by Zentyal.
You can consult the official Samba documentation for more details on how to join a server to a Windows domain.
https://wiki.samba.org/index.php/Joining_a_Windows_Client_or_Server_to_a_Domain
Here is a link to the official documentation on integrating Zentyal with an existing domain:
https://doc.zentyal.org/en/directory.html#joining-zentyal-server-to-an-existing-domain.
Regarding logging into the Zentyal server, it's important to remember that there is a distinction between domain users and groups, and system users and groups. To log into Zentyal as an administrator, you must use a system user that belongs to the sudo group. This is necessary to have administrative privileges within the Linux system on Zentyal.
Regards.
5
Directory and Authentication / Configuring Zentyal 8.0 Servers for Realm Sign-Ins (And Basic DC Configuration)
« Last post by bryanvh on December 03, 2024, 04:31:48 pm »Hi everyone! I'm relatively new to Zentyal and am impressed by what I've seen so far. For some background, I have pretty extensive experience in the Windows world and administering AD. But, thanks to that time, I have sort of grown to hate Microsoft and am basically a Linux guy through and through now. . I've got my share of experience administering Linux systems but always in the context of realm joining them to a Windows AD. This is my first time trying to do this without Windows (and I really don't want the only 2 Windows servers in my env to be the DCs haha).
Apologies if these are basic questions (I have the gut feeling that I'm misunderstanding a few things about Zentyal leading to my current predicament).
I started out setting up my primary Zentyal DC and everything went smoothly as expected and I started building out users and security groups. The DC automatically got listed as a Domain Controller in the Zentyal interface and everything looked good. But, what I wanted to do was move one step further and enable the members of a security group (Zentyal_Admins) to sign into the Zentyal server for its management rather than the zentyal admin account created during setup. (From my time on the Windows side, that makes sense and isn't terribly hard to accomplish. Putting my Linux cap on, I 'knew' that the server would need to be a member of the realm, that security group would need to be permitted to authenticate, and that it would need to be added to the sudoers.d config file.)
First, I went to check that the server was part of the realm, noticed that realmd wasn't installed so I installed that package. Checked for realm membership and the Zentyal DC reported back that it wasn't part of the realm (which seemed odd).
Then, I went ahead and joined it to the realm using one of the Domain Admins I had created and that worked.
However, as soon as I did that, the bottom half of the domain administration menu on the left of the web gui disappeared.
This is where I decided I likely had a problem and had done something dumb out of not understanding what Zentyal wanted. I had tried searching through the documentation but didn't land on anything that really described what I had been looking to do or explained what I was looking at. Presumably I can leave the realm and the DC will 'gain' back its management. But at this point, can anyone explain what I misunderstood about Zentyal DC's and how they're supposed to authenticate as part of the realm? And, from there, can anyone explain how I should have gone about setting up the authentication I wanted since joining the server to the realm it was managing seemed to be the wrong call?
Thank you!! And, again, apologies that this is probably (hopefully) a basic question. I'd love to get familiar enough with Zentyal to ditch Windows for good without having to give up on common authentication and management.
Apologies if these are basic questions (I have the gut feeling that I'm misunderstanding a few things about Zentyal leading to my current predicament).
I started out setting up my primary Zentyal DC and everything went smoothly as expected and I started building out users and security groups. The DC automatically got listed as a Domain Controller in the Zentyal interface and everything looked good. But, what I wanted to do was move one step further and enable the members of a security group (Zentyal_Admins) to sign into the Zentyal server for its management rather than the zentyal admin account created during setup. (From my time on the Windows side, that makes sense and isn't terribly hard to accomplish. Putting my Linux cap on, I 'knew' that the server would need to be a member of the realm, that security group would need to be permitted to authenticate, and that it would need to be added to the sudoers.d config file.)
First, I went to check that the server was part of the realm, noticed that realmd wasn't installed so I installed that package. Checked for realm membership and the Zentyal DC reported back that it wasn't part of the realm (which seemed odd).
Then, I went ahead and joined it to the realm using one of the Domain Admins I had created and that worked.
However, as soon as I did that, the bottom half of the domain administration menu on the left of the web gui disappeared.
This is where I decided I likely had a problem and had done something dumb out of not understanding what Zentyal wanted. I had tried searching through the documentation but didn't land on anything that really described what I had been looking to do or explained what I was looking at. Presumably I can leave the realm and the DC will 'gain' back its management. But at this point, can anyone explain what I misunderstood about Zentyal DC's and how they're supposed to authenticate as part of the realm? And, from there, can anyone explain how I should have gone about setting up the authentication I wanted since joining the server to the realm it was managing seemed to be the wrong call?
Thank you!! And, again, apologies that this is probably (hopefully) a basic question. I'd love to get familiar enough with Zentyal to ditch Windows for good without having to give up on common authentication and management.
6
Installation and Upgrades / Re: installation version 7.1 on PROXMOX VE
« Last post by Daniel Joven on November 19, 2024, 01:29:51 pm »Hi bvduser,
Thank you for letting us know. We have fixed the reference in the documentation. The new link is:
* https://raw.githubusercontent.com/zentyal/zentyal/master/extra/ubuntu_installers/zentyal_installer_7.1.sh
Best regards, Daniel Joven.
Thank you for letting us know. We have fixed the reference in the documentation. The new link is:
* https://raw.githubusercontent.com/zentyal/zentyal/master/extra/ubuntu_installers/zentyal_installer_7.1.sh
Best regards, Daniel Joven.
7
Installation and Upgrades / installation version 7.1 on PROXMOX VE
« Last post by bvduser on November 19, 2024, 08:07:52 am »When installing version 7.1 from ISO on PROXMOX VE 8.1, only Ubuntu server is installed, the Zentyal components are not installed. The wget https://zentyal.com/zentyal_installer_7.1.sh command ends with Error 404: Not Found
8
Other modules / Configuring OpenVPN net2net
« Last post by Serezha500 on November 18, 2024, 11:12:47 am »Hello everyone, are there any specialists here who can tell you about setting up OpenVPN Zentyal in the net2net variant, while you need to connect two different networks, on one side of which Zentyal, on the other OpenVPN based on IPFire. Is it even possible?
9
Spanish / ¿Donde añado el registro TXT en el módulo DNS? etc/opendkim/keys/mail.txt:
« Last post by kadir on November 18, 2024, 09:48:24 am »Estoy instalando DKIM y en el paso de agregar ahi me perdi bastante " Después tenemos que añadir el registro TXT en el módulo DNS con el contenido definido en e archivo de configuración ubicado en /etc/opendkim/keys/mail.txt"
por que la idea que tengo es entrar al modulo DNS y donde esta "Registros TXT" agregarlos, pero ahi no es, si pudieran ayudarme les agradeceria.Saludos
por que la idea que tengo es entrar al modulo DNS y donde esta "Registros TXT" agregarlos, pero ahi no es, si pudieran ayudarme les agradeceria.Saludos
10
Installation and Upgrades / Re: Recover login and password for Webadmin
« Last post by Siroco on November 15, 2024, 12:54:26 pm »Hi,
According to the Zentyal documentation, any system user from the sudo group can access the Zentyal interface.
https://doc.zentyal.org/en/installation.html#installation-guide
So you can try to recover your initial user password with the following commands:
If you already have access to the root account or can access the system in recovery mode, log in with root privileges.
Change the system user's password:
If you cannot recover the old user's password, you can create a new user with administrator privileges and add it to the sudo group.
Create a new user:
Regards.
According to the Zentyal documentation, any system user from the sudo group can access the Zentyal interface.
https://doc.zentyal.org/en/installation.html#installation-guide
So you can try to recover your initial user password with the following commands:
If you already have access to the root account or can access the system in recovery mode, log in with root privileges.
Change the system user's password:
Code: [Select]
sudo passwd user_name
Verify or add the user to the sudo group:Code: [Select]
sudo usermod -aG sudo user_name
If you cannot recover the old user's password, you can create a new user with administrator privileges and add it to the sudo group.
Create a new user:
Code: [Select]
sudo useradd -m -d /home/new_user -s /bin/bash -G sudo new_user
sudo passwd new_user
Regards.