Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Leo Moss

Pages: [1]
1
Other modules / Zentyal 7 DNS: QUERY REFUSED
« on: June 15, 2021, 08:27:06 pm »
Hello,
        after update to zentyal 7.0.4 we are getting DNS: query refused on VPN subnets.
we modified /usr/share/zentyal/stubs/dns/named.conf.local.mas and added the subnets without luck.

Any ideas? :)
 

2
Directory and Authentication / Re: Users account locked
« on: April 06, 2021, 07:22:49 pm »
Hi,

Perhaps it is caused by the default settings of Samba. You can check it out with the following command:

Code: [Select]
samba-tool domain passwordsettings show

hi
Password complexity: on
Store plaintext passwords: off
Password history length: 10
Minimum password length: 8
Minimum password age (days): 0
Maximum password age (days): 60
Account lockout duration (mins): 30  // i DONNO why but i can change this parameter
Account lockout threshold (attempts): 6
Reset account lockout after (mins): 15372286728

3
Directory and Authentication / Users account locked
« on: March 29, 2021, 11:07:56 pm »
Hello, im having problems with users account sudently locked without reason, if u unlock it from RSAT the account  its locked again in a few seconds.. the only workarround that works is change the user password from RSAT.

Any ideas? i put the log level of samba to 4 but i can not see anything related.

Where i can found the bad passwords attemps ?

4
Directory and Authentication / Re: GPO's under user configuration
« on: February 22, 2021, 04:35:19 pm »
any ideas? :(

5
Installation and Upgrades / Re: upgrade from 6.2 to 7.0
« on: February 17, 2021, 05:42:41 pm »
same problem..

anyone tried to upgrade?

6
Directory and Authentication / Re: GPO's under user configuration
« on: January 31, 2021, 06:17:35 pm »
Hi leo, you have syntax error in   
Quote
wbinfo --uid-info=3000002

sintax ok :wbinfo --uid-info= 3000002
root@rosdc001:/home/administrator# wbinfo --uid-info= 3000002
failed to call wbcGetpwuid: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not get info for uid 0
root@rosdc001:/home/administrator# wbinfo --uid-info= 3000003
CONTACTCENTER\administrator:*:0:2513::/home/administrator:/bin/bash
root@rosdc001:/home/administrator# wbinfo --uid-info= 3000007
CONTACTCENTER\administrator:*:0:2513::/home/administrator:/bin/bash
root@rosdc001:/home/administrator# wbinfo --uid-info= 3000010
CONTACTCENTER\administrator:*:0:2513::/home/administrator:/bin/bash
root@rosdc001:/home/administrator# wbinfo --uid-info= 3000019
CONTACTCENTER\administrator:*:0:2513::/home/administrator:/bin/bash

now create new gpo but, Not for "users" or "user authenticated ", you search  "groups" for gpo "active"                                                                   

i could delete the gpo but i didnt understood this quite well.. i createad a new gpo.. delete Authenticated users from scope and added a group of mine the user that is trying to "map drive" belongs to this group.
I tried but didnt work :(

7
Directory and Authentication / Re: GPO's under user configuration
« on: January 29, 2021, 04:23:25 pm »
  Sorry man;


  wbinfo --uid-info= 3000002
  wbinfo --uid-info= 3000003
  wbinfo --uid-info= 3000007
  wbinfo --uid-info= 3000010
  wbinfo --uid-info= 3000019

root@rosdc001:/home/administrator# wbinfo --uid-info=3000002
failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for uid 3000002
root@rosdc001:/home/administrator# wbinfo --uid-info=3000003
failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for uid 3000003
root@rosdc001:/home/administrator# wbinfo --uid-info=3000007
failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for uid 3000007
root@rosdc001:/home/administrator# wbinfo --uid-info=3000010
failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for uid 3000010
root@rosdc001:/home/administrator# wbinfo --uid-info=3000019
failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for uid 3000019

8
Directory and Authentication / Re: GPO's under user configuration
« on: January 27, 2021, 03:36:33 pm »
Sorry for the time, please post;

wbinfo --uid-info= (all user)

This is de cmld? thx in advance 4 your help

root@rosdc001:/home/administrator# wbinfo --uid-info= all user
CONTACTCENTER\administrator:*:0:2513::/home/administrator:/bin/bash

9
Directory and Authentication / Re: GPO's under user configuration
« on: January 21, 2021, 06:29:26 pm »
im creating the GPO's on RSAT, it is showed on SYSVOL, on event viewer of clients there is no errors related with gpo and if u do a gpresult the gpo is there but nothing happens. ( not even a simple gpo to  map a drive )

I think "fast" solution is delete this gpo and create new one, if also dont work, could be permissions problem, please post results;

samba-tool gpo listall
samba-tool gpo show (uid gpo)
getfacl /var/lib/samba/sysvol/yourdomain/Policies/selectyougpo

Sadly this is happening with every GPO under USER CONFIGURATION.
This is a new gpo trying to MAP a drive (SYSVOL) where everyone has RO
 
 samba-tool gpo show {350F6B90-53FB-4609-8EC8-1788A79AB62D}
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.CONTACTCENTER.COM<0x0>
resolve_lmhosts: Attempting lmhosts lookup for name ROSDC002.contactcenter.com<0x20>
GPO          : {350F6B90-53FB-4609-8EC8-1788A79AB62D}
display name : MAP DRIVE
path         : \\contactcenter.com\SysVol\contactcenter.com\Policies\{350F6B90-53FB-4609-8EC8-1788A79AB62D}
dn           : CN={350F6B90-53FB-4609-8EC8-1788A79AB62D},CN=Policies,CN=System,DC=contactcenter,DC=com
version      : 262144
flags        : NONE
ACL          : <hidden>


getfacl /var/lib/samba/sysvol/contactcenter.com/Policies/{350F6B90-53FB-4609-8EC8-1788A79AB62D}
getfacl: Removing leading '/' from absolute path names
# file: var/lib/samba/sysvol/contactcenter.com/Policies/{350F6B90-53FB-4609-8EC8-1788A79AB62D}
# owner: CONTACTCENTER\134da-leonmosq
# group: CONTACTCENTER\134domain\040admins
user::rwx
user:CONTACTCENTER\134da-leonmosq:rwx
user:3000002:rwx
user:3000003:r-x
user:3000007:rwx
user:3000010:r-x
user:3000019:r-x
group::rwx
group:CONTACTCENTER\134domain\040admins:rwx
group:NT\040AUTHORITY\134system:rwx
group:NT\040AUTHORITY\134authenticated\040users:r-x
group:CONTACTCENTER\134enterprise\040admins:rwx
group:NT\040AUTHORITY\134serverlogon:r-x
group:CONTACTCENTER\134domain\040computers:r-x
mask::rwx
other::---
default:user::rwx
default:user:CONTACTCENTER\134da-leonmosq:rwx
default:user:3000002:rwx
default:user:3000003:r-x
default:user:3000007:rwx
default:user:3000010:r-x
default:user:3000019:r-x
default:group::---
default:group:CONTACTCENTER\134domain\040admins:rwx
default:group:NT\040AUTHORITY\134system:rwx
default:group:NT\040AUTHORITY\134authenticated\040users:r-x
default:group:CONTACTCENTER\134enterprise\040admins:rwx
default:group:NT\040AUTHORITY\134serverlogon:r-x
default:group:CONTACTCENTER\134domain\040computers:r-x
default:mask::rwx
default:other::---









10
Directory and Authentication / Re: GPO's under user configuration
« on: January 06, 2021, 02:16:50 pm »
im creating the GPO's on RSAT, it is showed on SYSVOL, on event viewer of clients there is no errors related with gpo and if u do a gpresult the gpo is there but nothing happens. ( not even a simple gpo to  map a drive )

11
Directory and Authentication / GPO's under user configuration
« on: January 04, 2021, 02:43:11 pm »
Hello all, i have zentyal 6.2 and trying to do GPO's under USER CONFIGURATION but nothing work's ( it works under COMPUTER CONFIGURATION) im missing something?  Clients are W10

12
Directory and Authentication / Re: Logon Script
« on: December 02, 2020, 02:23:01 pm »
Problem-Solved  i was putting the full path and wanst working. i just put the name of the file and it works!
thx guys!

13
Directory and Authentication / Re: Logon Script
« on: December 01, 2020, 01:33:17 pm »
did you install the GPO addon on a windows machine to deploy the script?
Im not doing from gpo,, im trying to add a logon script for a user, is this option working on zentyal 6.2?


14
Directory and Authentication / Logon Script
« on: November 30, 2020, 02:40:07 pm »
Hello,  i just installed zentyal 6.2  and try to add a logon script from microsoft snap-in ( active directory users and computers ) and doesn't work.

Any ideas?

Regards.-

Pages: [1]