Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - killmasta93

Pages: 1 [2]
16
Directory and Authentication / GPO script logon not working?
« on: September 30, 2020, 06:45:55 pm »
Hi,
Currently trying to install a startup script though GPO, before trying on zentyal i did with a window server 2012r2 and it worked. So i think it might be a bug on zentyal.
on the GPO i added the startup script to the location of the script. All the users have permission to have access of the folder. I checked on event viewer and got the
1130 Group policy error

https://imgur.com/r2BRPre.png

https://imgur.com/gOc0eAw.png

any ideas?
Thank you

17
Directory and Authentication / A record Issue not replicating?
« on: September 20, 2020, 05:57:17 pm »
Hi
Currently installed a new VM which automatically got the DHCP from zentyal which it automatic create the dynamic DNS record on zentyal.
The issue is that i changed the IP of the VM and needed to add A record and PTR record which i did on the WEBgui.
But i keep seeing the old IP
i checked in nano /var/lib/bind/db.0.168.192
which only shows PTR info

https://imgur.com/0hr8iPa.png

https://imgur.com/2vtmnrG.png

Thank you

18
Directory and Authentication / Password expired DNS-user? (solved)
« on: September 20, 2020, 02:49:01 am »
Hi
 I needed to create on A record on the web interface and restart the DNS but getting this issue

Code: [Select]
Command output: .
Exit value: 1
2020/09/19 20:17:33 ERROR> Service.pm:971 EBox::Module::Service::restartService - root command kinit -k -t /var/lib/samba/private/dns.keytab dns-apolo failed.
2020/09/19 20:17:33 ERROR> RestartService.pm:61 EBox::SysInfo::CGI::RestartService::_process - Restart of DNS from dashboard failed: root command kinit -k -t /var/lib/samba/private/dns.keytab dns-apolo failed.
Error output: Password has expired
 dns-apolo@MYDOMAIN.LOCAL's Password:

So my question is on the user DNS-APOLO can i reset the password? or how do i by pass this error without screwing it up?

Thank you

edit: solved by running this

Code: [Select]
sudo samba-tool user setexpiry dns-apolo --noexpiry

19
Directory and Authentication / SPN? (solved)
« on: September 20, 2020, 01:45:33 am »
Hi
I was wondering if someone could shed some light on the issue im having.
Currently trying to create  SPN user to my linux MSSQL which i have to do though powershell, So i have a windows server which is connected to the domain of zentyal
But i tried running this powershell command, the zentyal server is 192.168.0.200

Code: [Select]
New-ADUser -Server 192.168.0.200 mssql -AccountPassword (Read-Host -AsSecureStri
ng "Enter Password") -PasswordNeverExpires $true -Enabled $true

but i get an error saying could not establish to server

But whats concerning i would need to run this on the powershell also, so how would i make the windows server to be able to import the active directory services? or maybe this can be done on zentyal?

Code: [Select]
ktpass /princ MSSQLSvc/hercules.mydomain.local:1433@mydomain.local      /ptype KRB5_NT_PRINCIPAL /crypto aes256-sha1 /mapuser mydomain\mssql   /out mssql.keytab                   -setpass -setupn /kvno 4 /pass mypassword
ktpass /princ MSSQLSvc/hercules.mydomain.local:1433@mydomain.local     /ptype KRB5_NT_PRINCIPAL /crypto rc4-hmac-nt /mapuser mydomain\mssql   /in mssql.keytab /out mssql.keytab -setpass -setupn /kvno 4 /pass mypassword
ktpass /princ MSSQLSvc/192.168.3.155:1433@mydomain.local                      /ptype KRB5_NT_PRINCIPAL /crypto aes256-sha1 /mapuser mydomain\mssql   /in mssql.keytab /out mssql.keytab -setpass -setupn /kvno 4 /pass mypassword
ktpass /princ MSSQLSvc/192.168.3.155:1433@mydomain.local                    /ptype KRB5_NT_PRINCIPAL /crypto rc4-hmac-nt /mapuser mydomain\mssql  /in mssql.keytab /out mssql.keytab -setpass -setupn /kvno 4 /pass mypassword
ktpass /princ mssql@mydomain.local       /ptype KRB5_NT_PRINCIPAL /crypto aes256-sha1 /mapuser mydomain\mssql   /in  mssql.keytab /out mssql.keytab  -setpass -setupn /kvno 4 /pass mypassword
ktpass /princ mssql@mydomain.local        /ptype KRB5_NT_PRINCIPAL /crypto rc4-hmac-nt /mapuser mydomain\mssql   /in  mssql.keytab /out mssql.keytab  -setpass -setupn /kvno 4 /pass mypassword

Thank you

EDIT: first create the MSSQL user by the AD instead though Powershell
then run the commands on powershell with no issue to create the mssql.keytab

20
Installation and Upgrades / email alert?
« on: February 27, 2020, 03:15:10 am »
Hi,
I was wondering if someone else is having this issue before? currently running 6.1 and constantly getting email alert with this
Code: [Select]
/etc/cron.hourly/90zentyal-manage-logs:
/etc/cron.hourly/90zentyal-manage-logs: line 3: /usr/share/zentyal/manage-logs: No such file or directory
run-parts: /etc/cron.hourly/90zentyal-manage-logs exited with return code 127

Thank you

21
Directory and Authentication / Issue with Computer Name not changing
« on: January 28, 2020, 03:49:06 am »
Hi,
I was wondering if someone else has had this issue before, Currently changed name of a PC which was illustrator-pc to illustrators-pc adding the s at the end i check on zentyal web and it does not change

adding the screen shots

https://imgur.com/a/bkZRURI

Thank you

22
Directory and Authentication / issue shares permissions (solved)
« on: January 27, 2020, 04:41:44 am »
Hi,

I was wondering if someone could shed some light on the issue im having.
I have a folder called shares

inside that folder im going to create another folder called Users

So far so good that folder shares and Users can be accessed and modify by the users of the domain.

But inside that folder Users im going to create user1folder and user2folder but i dont want all the users of the domain to have access of those folder

So normally i disable the inheritance and remove the users of the domain and only give test1 to access to user1folder and test2 to user2folder

which means that test2 cannot see user1folder and test1 cannot see user2folder

so this is what i need so not sure if i have to do on samba or on windows?

when i try on windows i get the error when enumerating objects in the container access was denied


This is the smb share conf

Code: [Select]
[shares]
    path = /data
    browseable = yes
    force create mode = 0660
    force directory mode = 0660
    valid users = @"Domain Users"
    read list =
    write list = @"Domain Users"
    admin users =
    vfs objects = acl_xattr full_audit recycle shadow_copy2
#    full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = mkdir rename unlink rmdir pwrite pread connect disconnect
full_audit:facility = local5
full_audit:priority = notice
shadow: snapdir = .zfs/snapshot
shadow: sort = desc
shadow: format = _%Y-%m-%d_%H:%M:%S
shadow: snapprefix = ^pyznap
shadow: delimiter = _
shadow:localtime = no
    recycle: excludedir = /tmp|/var/tmp
    recycle: directory_mode = 0700
    recycle: inherit_nt_acl = Yes
    recycle: keeptree = Yes
    recycle: versions = Yes
    recycle: repository = RecycleBin

https://ibb.co/TtC6BsJ

Thank you


23
Directory and Authentication / Samba Issue with shadow copy
« on: January 09, 2020, 04:05:10 am »
HI,
I was wondering if someone else has any experience with this before? Currently Version: 6.1 zentyal and Samba version 4.7.6-Ubuntu
The time in the shadow copy does not show correct on the windows previous versions, as soon as i put shadow:localtime = yes and restart samba does not show previous versions which therefore i have to put shadow:localtime = no
Currently using pyznap for the snapshots of the ZFS file system
see pictures on the times not correct but both windows and zentyal have the correct time just the previous versions are now. The hour difference is about 5 hours behind the last snapshot was 6:10pm on zentyal and on the previous versions on windows show 1:10 pm

Picture

https://ibb.co/PZTgXFB

This is my samba share

Code: [Select]
[test]
    path = /data
    browseable = yes
    force create mode = 0660
    force directory mode = 0660
    valid users = @"Domain Users"
    read list =
    write list = @"Domain Users"
    admin users =
    vfs objects = acl_xattr full_audit recycle shadow_copy2
#    full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = mkdir rename unlink rmdir pwrite pread connect disconnect
full_audit:facility = local5
full_audit:priority = notice
    recycle: inherit_nt_acl = Yes
    recycle: versions = Yes
    recycle: excludedir = /tmp|/var/tmp
    recycle: keeptree = Yes
    recycle: repository = RecycleBin
    recycle: directory_mode = 0700
shadow: snapdir = .zfs/snapshot
shadow: sort = desc
# Specify snapshot name: frequent, hourly, daily... as desired
shadow: format = _%Y-%m-%d_%H:%M:%S
shadow: snapprefix = ^pyznap
shadow: delimiter = _
shadow:localtime = no



Thank you

24
Directory and Authentication / samba audit?
« on: December 28, 2019, 01:47:35 am »
Hi,
I was wondering if someone else has accomplish to enable the samba audit to log on another file?
This is what i have so far  first inside of rsyslog the 50.default.conf
added this at the end
Code: [Select]
if $programname == 'smbd_audit' then /var/log/audit.log
if $programname == 'smbd_audit' then ~

then on the shares.conf this is what i have
Code: [Select]
# Shares

[shares]
    path = /disk2
    browseable = yes
    force create mode = 0660
    force directory mode = 0660
    valid users = @"Domain Users"
    read list =
    write list = @"Domain Users"
    admin users =
    vfs objects = acl_xattr full_audit recycle
full_audit:prefix = %S|%u|%I|%m
full_audit:success = chdir mkdir open opendir read rename rmdir write link unlink
full_audit:failure = none
full_audit:facility = local7
full_audit:priority = notice

    recycle: inherit_nt_acl = Yes
    recycle: directory_mode = 0700
    recycle: repository = RecycleBin
    recycle: keeptree = Yes
    recycle: excludedir = /tmp|/var/tmp
    recycle: versions = Yes

then restarted samba and rsyslog but not seeing the logs comming in

Thank you





25
Installation and Upgrades / quick question on migrating server 2012r2
« on: December 06, 2019, 01:04:10 am »
Hi,
i was wondering if its possible to migrate users from 2012r2 to zentyal, i saw that the roles can only migrate if one has 2008r2, but not if migrating the users applies to that same concept?

Thank you

26
Directory and Authentication / questions about DNS?
« on: May 27, 2019, 12:01:32 am »
Hi,
I was wondering if someone could shed some light on the issue im having. Currently wanting to swich from windows to zentyal, as running a test enviroment first i wanted to see how it goes. So far so good only 3  things i didnt understand.

1) as for the DNS i can resolve the name but when i try to resolve by IP it cannot find it, in theory the DHCP should inject it

2) howcome the DHCP works so differnt as to add static has to be out of the DHCP scope, i guess it applies in all linux servers which give out DHCP like pfSense

3) as the network share how can i remove the Drive which auto mount it, or how could i change the home location to save into another drive inside of zentyal?

Thank you

Pages: 1 [2]