Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - killmasta93

Pages: [1] 2
1
Directory and Authentication / Quick question about GPO on ubuntu
« on: May 26, 2021, 09:22:31 pm »
Hi,
i was wondering if its possible connecting a normal ubuntu desktop to the domain and apply GPO passwords policy? or does it only apply for windows?

Thank you

2
Directory and Authentication / bitlocker question
« on: May 11, 2021, 12:55:18 am »
Hi
I was wondering if bitlocker recovery keys can be saved though GPO?
I was looking but could not find

Thank you

3
Installation and Upgrades / DHCP server options?
« on: February 02, 2021, 11:59:14 pm »
Hi i was wondering if someone else knows how to add option 252 for the DHCP options? I used to be able to do this on the DHCP server options on windows server but not sure how its does on zentyal

Thank you

4
Directory and Authentication / local admin GPO greyedout?
« on: December 23, 2020, 03:39:28 am »
Hi,
I was wondering if someone else has had this issue, with zentyal 6.2 not sure if its zentyal or the windows, i tried creating local admin though GPO but the password is greyed out which is very odd

Thank you

https://imgur.com/6l5wC8K.png

5
Directory and Authentication / issue not resolving?
« on: December 22, 2020, 07:47:46 pm »
Hi currently running zentyal 6.2 what i noticed is that cannot seem to resolve by IP but by name it works
currently tick the box  Dynamic DNS Options but not sure what i missed?


Code: [Select]
C:\Users\administrador.xx>nslookup
Servidor predeterminado:  apolo.xx.local
Address:  192.168.100.200

> pc-23
Servidor:  apolo.xxx.local
Address:  192.168.100.200

Nombre:  pc-23.xx.local
Address:  192.168.100.59

> 192.168.100.59
Servidor:  apolo.xx.local
Address:  192.168.100.200

*** apolo.xx.local no encuentra 192.168.100.59: Non-existent domain

just checked the logs and found this

Code: [Select]
Dec 22 13:51:34 apolo dhcpd[17404]: execute: /usr/share/zentyal-dhcp/dhcp-dyndns.sh exit status 32512
and whats even odd is that i check the service of DHCP which shows on but on the WebGui shows stopped

Code: [Select]
root@apolo:~# service isc-dhcp-server status
● isc-dhcp-server.service - ISC DHCP IPv4 server
   Loaded: loaded (/lib/systemd/system/isc-dhcp-server.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-12-22 13:50:16 -05; 3min 26s ago
     Docs: man:dhcpd(8)
 Main PID: 17404 (dhcpd)
    Tasks: 1 (limit: 4620)
   CGroup: /system.slice/isc-dhcp-server.service
           └─17404 dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf /etc/dhcp/dhcpd.conf

Dec 22 13:53:30 apolo dhcpd[17404]: DHCPACK on 192.168.100.48 to f8:1f:32:c6:19:b4 via eth0
Dec 22 13:53:30 apolo dhcpd[17404]: Commit: IP: 192.168.100.49 DHCID: c0:cb:38:15:96:79 Name: PC-07
Dec 22 13:53:30 apolo dhcpd[17404]: execute_statement argv[0] = /usr/share/zentyal-dhcp/dhcp-dyndns.sh
Dec 22 13:53:30 apolo dhcpd[17404]: execute_statement argv[1] = add
Dec 22 13:53:30 apolo dhcpd[17404]: execute_statement argv[2] = 192.168.100.49
Dec 22 13:53:30 apolo dhcpd[17404]: execute_statement argv[3] = c0:cb:38:15:96:79
Dec 22 13:53:30 apolo dhcpd[17404]: execute_statement argv[4] = PC-07
Dec 22 13:53:30 apolo dhcpd[17404]: execute: /usr/share/zentyal-dhcp/dhcp-dyndns.sh exit status 32512
Dec 22 13:53:30 apolo dhcpd[17404]: DHCPREQUEST for 192.168.100.49 from c0:cb:38:15:96:79 (PC-07) via eth0
Dec 22 13:53:30 apolo dhcpd[17404]: DHCPACK on 192.168.100.49 to c0:cb:38:15:96:79 (PC-07) via eth0

https://imgur.com/QtTnZuL.png

6
Directory and Authentication / Samba issue with scan printer
« on: November 21, 2020, 06:12:20 am »
Hi
I was wondering if someone else has had this issue before.  Currently running Aficio MP 4002 and on windows i can scan to a samba share it works unfortunately  smbv1, i tried enabling on the samba share doing the following on the nano /etc/samba/smb.conf

and adding this under global then restart

service samba-ad-dc restart


client min protocol = NT1
server min protocol = NT1


But not sure what else i missed?

Thank you

7
Directory and Authentication / GPO script logon not working?
« on: September 30, 2020, 06:45:55 pm »
Hi,
Currently trying to install a startup script though GPO, before trying on zentyal i did with a window server 2012r2 and it worked. So i think it might be a bug on zentyal.
on the GPO i added the startup script to the location of the script. All the users have permission to have access of the folder. I checked on event viewer and got the
1130 Group policy error

https://imgur.com/r2BRPre.png

https://imgur.com/gOc0eAw.png

any ideas?
Thank you

8
Directory and Authentication / A record Issue not replicating?
« on: September 20, 2020, 05:57:17 pm »
Hi
Currently installed a new VM which automatically got the DHCP from zentyal which it automatic create the dynamic DNS record on zentyal.
The issue is that i changed the IP of the VM and needed to add A record and PTR record which i did on the WEBgui.
But i keep seeing the old IP
i checked in nano /var/lib/bind/db.0.168.192
which only shows PTR info

https://imgur.com/0hr8iPa.png

https://imgur.com/2vtmnrG.png

Thank you

9
Directory and Authentication / Password expired DNS-user? (solved)
« on: September 20, 2020, 02:49:01 am »
Hi
 I needed to create on A record on the web interface and restart the DNS but getting this issue

Code: [Select]
Command output: .
Exit value: 1
2020/09/19 20:17:33 ERROR> Service.pm:971 EBox::Module::Service::restartService - root command kinit -k -t /var/lib/samba/private/dns.keytab dns-apolo failed.
2020/09/19 20:17:33 ERROR> RestartService.pm:61 EBox::SysInfo::CGI::RestartService::_process - Restart of DNS from dashboard failed: root command kinit -k -t /var/lib/samba/private/dns.keytab dns-apolo failed.
Error output: Password has expired
 dns-apolo@MYDOMAIN.LOCAL's Password:

So my question is on the user DNS-APOLO can i reset the password? or how do i by pass this error without screwing it up?

Thank you

edit: solved by running this

Code: [Select]
sudo samba-tool user setexpiry dns-apolo --noexpiry

10
Directory and Authentication / SPN? (solved)
« on: September 20, 2020, 01:45:33 am »
Hi
I was wondering if someone could shed some light on the issue im having.
Currently trying to create  SPN user to my linux MSSQL which i have to do though powershell, So i have a windows server which is connected to the domain of zentyal
But i tried running this powershell command, the zentyal server is 192.168.0.200

Code: [Select]
New-ADUser -Server 192.168.0.200 mssql -AccountPassword (Read-Host -AsSecureStri
ng "Enter Password") -PasswordNeverExpires $true -Enabled $true

but i get an error saying could not establish to server

But whats concerning i would need to run this on the powershell also, so how would i make the windows server to be able to import the active directory services? or maybe this can be done on zentyal?

Code: [Select]
ktpass /princ MSSQLSvc/hercules.mydomain.local:1433@mydomain.local      /ptype KRB5_NT_PRINCIPAL /crypto aes256-sha1 /mapuser mydomain\mssql   /out mssql.keytab                   -setpass -setupn /kvno 4 /pass mypassword
ktpass /princ MSSQLSvc/hercules.mydomain.local:1433@mydomain.local     /ptype KRB5_NT_PRINCIPAL /crypto rc4-hmac-nt /mapuser mydomain\mssql   /in mssql.keytab /out mssql.keytab -setpass -setupn /kvno 4 /pass mypassword
ktpass /princ MSSQLSvc/192.168.3.155:1433@mydomain.local                      /ptype KRB5_NT_PRINCIPAL /crypto aes256-sha1 /mapuser mydomain\mssql   /in mssql.keytab /out mssql.keytab -setpass -setupn /kvno 4 /pass mypassword
ktpass /princ MSSQLSvc/192.168.3.155:1433@mydomain.local                    /ptype KRB5_NT_PRINCIPAL /crypto rc4-hmac-nt /mapuser mydomain\mssql  /in mssql.keytab /out mssql.keytab -setpass -setupn /kvno 4 /pass mypassword
ktpass /princ mssql@mydomain.local       /ptype KRB5_NT_PRINCIPAL /crypto aes256-sha1 /mapuser mydomain\mssql   /in  mssql.keytab /out mssql.keytab  -setpass -setupn /kvno 4 /pass mypassword
ktpass /princ mssql@mydomain.local        /ptype KRB5_NT_PRINCIPAL /crypto rc4-hmac-nt /mapuser mydomain\mssql   /in  mssql.keytab /out mssql.keytab  -setpass -setupn /kvno 4 /pass mypassword

Thank you

EDIT: first create the MSSQL user by the AD instead though Powershell
then run the commands on powershell with no issue to create the mssql.keytab

11
Installation and Upgrades / email alert?
« on: February 27, 2020, 03:15:10 am »
Hi,
I was wondering if someone else is having this issue before? currently running 6.1 and constantly getting email alert with this
Code: [Select]
/etc/cron.hourly/90zentyal-manage-logs:
/etc/cron.hourly/90zentyal-manage-logs: line 3: /usr/share/zentyal/manage-logs: No such file or directory
run-parts: /etc/cron.hourly/90zentyal-manage-logs exited with return code 127

Thank you

12
Directory and Authentication / Issue with Computer Name not changing
« on: January 28, 2020, 03:49:06 am »
Hi,
I was wondering if someone else has had this issue before, Currently changed name of a PC which was illustrator-pc to illustrators-pc adding the s at the end i check on zentyal web and it does not change

adding the screen shots

https://imgur.com/a/bkZRURI

Thank you

13
Directory and Authentication / issue shares permissions (solved)
« on: January 27, 2020, 04:41:44 am »
Hi,

I was wondering if someone could shed some light on the issue im having.
I have a folder called shares

inside that folder im going to create another folder called Users

So far so good that folder shares and Users can be accessed and modify by the users of the domain.

But inside that folder Users im going to create user1folder and user2folder but i dont want all the users of the domain to have access of those folder

So normally i disable the inheritance and remove the users of the domain and only give test1 to access to user1folder and test2 to user2folder

which means that test2 cannot see user1folder and test1 cannot see user2folder

so this is what i need so not sure if i have to do on samba or on windows?

when i try on windows i get the error when enumerating objects in the container access was denied


This is the smb share conf

Code: [Select]
[shares]
    path = /data
    browseable = yes
    force create mode = 0660
    force directory mode = 0660
    valid users = @"Domain Users"
    read list =
    write list = @"Domain Users"
    admin users =
    vfs objects = acl_xattr full_audit recycle shadow_copy2
#    full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = mkdir rename unlink rmdir pwrite pread connect disconnect
full_audit:facility = local5
full_audit:priority = notice
shadow: snapdir = .zfs/snapshot
shadow: sort = desc
shadow: format = _%Y-%m-%d_%H:%M:%S
shadow: snapprefix = ^pyznap
shadow: delimiter = _
shadow:localtime = no
    recycle: excludedir = /tmp|/var/tmp
    recycle: directory_mode = 0700
    recycle: inherit_nt_acl = Yes
    recycle: keeptree = Yes
    recycle: versions = Yes
    recycle: repository = RecycleBin

https://ibb.co/TtC6BsJ

Thank you


14
Directory and Authentication / Samba Issue with shadow copy
« on: January 09, 2020, 04:05:10 am »
HI,
I was wondering if someone else has any experience with this before? Currently Version: 6.1 zentyal and Samba version 4.7.6-Ubuntu
The time in the shadow copy does not show correct on the windows previous versions, as soon as i put shadow:localtime = yes and restart samba does not show previous versions which therefore i have to put shadow:localtime = no
Currently using pyznap for the snapshots of the ZFS file system
see pictures on the times not correct but both windows and zentyal have the correct time just the previous versions are now. The hour difference is about 5 hours behind the last snapshot was 6:10pm on zentyal and on the previous versions on windows show 1:10 pm

Picture

https://ibb.co/PZTgXFB

This is my samba share

Code: [Select]
[test]
    path = /data
    browseable = yes
    force create mode = 0660
    force directory mode = 0660
    valid users = @"Domain Users"
    read list =
    write list = @"Domain Users"
    admin users =
    vfs objects = acl_xattr full_audit recycle shadow_copy2
#    full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = mkdir rename unlink rmdir pwrite pread connect disconnect
full_audit:facility = local5
full_audit:priority = notice
    recycle: inherit_nt_acl = Yes
    recycle: versions = Yes
    recycle: excludedir = /tmp|/var/tmp
    recycle: keeptree = Yes
    recycle: repository = RecycleBin
    recycle: directory_mode = 0700
shadow: snapdir = .zfs/snapshot
shadow: sort = desc
# Specify snapshot name: frequent, hourly, daily... as desired
shadow: format = _%Y-%m-%d_%H:%M:%S
shadow: snapprefix = ^pyznap
shadow: delimiter = _
shadow:localtime = no



Thank you

15
Directory and Authentication / samba audit?
« on: December 28, 2019, 01:47:35 am »
Hi,
I was wondering if someone else has accomplish to enable the samba audit to log on another file?
This is what i have so far  first inside of rsyslog the 50.default.conf
added this at the end
Code: [Select]
if $programname == 'smbd_audit' then /var/log/audit.log
if $programname == 'smbd_audit' then ~

then on the shares.conf this is what i have
Code: [Select]
# Shares

[shares]
    path = /disk2
    browseable = yes
    force create mode = 0660
    force directory mode = 0660
    valid users = @"Domain Users"
    read list =
    write list = @"Domain Users"
    admin users =
    vfs objects = acl_xattr full_audit recycle
full_audit:prefix = %S|%u|%I|%m
full_audit:success = chdir mkdir open opendir read rename rmdir write link unlink
full_audit:failure = none
full_audit:facility = local7
full_audit:priority = notice

    recycle: inherit_nt_acl = Yes
    recycle: directory_mode = 0700
    recycle: repository = RecycleBin
    recycle: keeptree = Yes
    recycle: excludedir = /tmp|/var/tmp
    recycle: versions = Yes

then restarted samba and rsyslog but not seeing the logs comming in

Thank you





Pages: [1] 2