Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
121
Directory and Authentication / Re: [SOLVED] Configuring DNS updates for all DHCP leases (not just domain members)?
« on: April 20, 2022, 10:09:02 am »Hi
Anyone else has gotten this?
going insanse trying to fix this issueCode: [Select]r 19 18:35:46 zentyal named[14741]: samba_dlz: cancelling transaction on zone test.local
Apr 19 18:35:49 zentyal dhcpd[3779]: DHCPREQUEST for 192.168.0.21 from 54:ee:75:98:1f:c1 via eth0: unknown lease 192.168.0.21.
Apr 19 18:35:49 zentyal named[14741]: samba_dlz: starting transaction on zone test.local
Apr 19 18:35:49 zentyal named[14741]: client @0x7f0c3c11da90 192.168.0.22#53411: update 'test.local/IN' denied
Apr 19 18:35:49 zentyal named[14741]: samba_dlz: cancelling transaction on zone test.local
Apr 19 18:35:49 zentyal named[14741]: samba_dlz: starting transaction on zone test.local
Apr 19 18:35:49 zentyal named[14741]: samba_dlz: disallowing update of signer=WINDOWS10-PC\$\@TEST.LOCAL name=windows10-pc.test.local type=AAAA error=insufficient access rights
Apr 19 18:35:49 zentyal named[14741]: client @0x7f0c3c11da90 192.168.0.22#61540/key WINDOWS10-PC\$\@TEST.LOCAL: updating zone 'test.local/NONE': update failed: rejected by secure update (REFUSED)
Apr 19 18:35:49 zentyal named[14741]: samba_dlz: cancelling transaction on zone test.local
Apr 19 18:36:40 zentyal named[14741]: resolver priming query complete
Apr 19 18:36:49 zentyal dhcpd[3779]: DHCPREQUEST for 192.168.0.21 from 54:ee:75:98:1f:c1 via eth0: unknown lease 192.168.0.21.
Apr 19 18:37:50 zentyal dhcpd[3779]: DHCPREQUEST for 192.168.0.21 from 54:ee:75:98:1f:c1 via eth0: unknown lease 192.168.0.21.
Apr 19 18:38:46 zentyal samba[1864]: [2022/04/19 18:38:46.438481, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Apr 19 18:38:46 zentyal samba[1864]: /usr/sbin/samba_kcc: ldb_wrap open of secrets.ldb
Apr 19 18:38:50 zentyal dhcpd[3779]: DHCPREQUEST for 192.168.0.21 from 54:ee:75:98:1f:c1 via eth0: unknown lease 192.168.0.21.
Apr 19 18:39:50 zentyal dhcpd[3779]: DHCPREQUEST for 192.168.0.21 from 54:ee:75:98:1f:c1 via eth0: unknown lease 192.168.0.21.
Apr 19 18:40:49 zentyal named[14741]: samba_dlz: starting transaction on zone test.local
Apr 19 18:40:49 zentyal named[14741]: client @0x7f0c3c100b70 192.168.0.22#65076: update 'test.local/IN' denied
Apr 19 18:40:49 zentyal named[14741]: samba_dlz: cancelling transaction on zone test.local
Apr 19 18:40:49 zentyal named[14741]: samba_dlz: starting transaction on zone test.local
Apr 19 18:40:49 zentyal named[14741]: samba_dlz: disallowing update of signer=WINDOWS10-PC\$\@TEST.LOCAL name=windows10-pc.test.local type=AAAA error=insufficient access rights
Apr 19 18:40:49 zentyal named[14741]: client @0x7f0c3c100b70 192.168.0.22#53010/key WINDOWS10-PC\$\@TEST.LOCAL: updating zone 'test.local/NONE': update failed: rejected by secure update (REFUSED)
Hi,
Those messages are normal either if you don't have enabled the feature DDNS or your Windows machines use the DNS option 'Register this connections addresses in DNS'.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
122
Spanish / Re: no eliminar interfaz bridge
« on: April 20, 2022, 10:03:42 am »
Buenos días,
Puedes resetear un módulo usando el script '/usr/share/zentyal/clean-conf' . En tu caso sería:
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
Puedes resetear un módulo usando el script '/usr/share/zentyal/clean-conf' . En tu caso sería:
Code: [Select]
sudo /usr/share/zentyal/clean-conf network
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
123
Other modules / Re: Problems saving network data
« on: April 20, 2022, 10:00:46 am »
Hi,
Unfortunately that information is not helpful. Did you analyse the log file '/var/log/syslog'?
If you can't find anything useful in the log files, you will need to disable all of them, and start enable one by one.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
Unfortunately that information is not helpful. Did you analyse the log file '/var/log/syslog'?
If you can't find anything useful in the log files, you will need to disable all of them, and start enable one by one.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
124
Other modules / Re: Problems saving network data
« on: April 11, 2022, 01:32:50 pm »
Hi,
You can do 2 things:
1. Enable the debug mode in Zentyal in order to identify the network error in the log file '/var/log/zentyal/zentyal.log'.
2. Disable all the modules, and enable one by one. NOTE: This option is risky because there is a chance that the modules cannot start again due the error.
In case you want to try the first option, do the following:
1. Modify the option 'debug' to 'yes' in the configuration file '/etc/zentyal/zentyal.conf'
2. Restart the webadmin module:
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
You can do 2 things:
1. Enable the debug mode in Zentyal in order to identify the network error in the log file '/var/log/zentyal/zentyal.log'.
2. Disable all the modules, and enable one by one. NOTE: This option is risky because there is a chance that the modules cannot start again due the error.
In case you want to try the first option, do the following:
1. Modify the option 'debug' to 'yes' in the configuration file '/etc/zentyal/zentyal.conf'
2. Restart the webadmin module:
Code: [Select]
sudo zs webadmin restart
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
125
Other modules / Re: DNS error when changing/adding or restarting
« on: April 07, 2022, 04:16:01 pm »
Hi,
I got that error a few months ago and I was able to fix it by doing the following:
1. I disabled the modules: Domain controller and DNS and save changes.
2. I did a mark in the log files: /var/log/zentyal/zentyal.log and /var/log/syslog.
3. I enabled the DNS module and checked its status, including the mentioned log files.
4. Then, I enabled the domain controller module and again, I checked its status and the log files.
5. Finally, I tried to restart the DNS module just to see if the module still failed.
Hope it helps.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
I got that error a few months ago and I was able to fix it by doing the following:
1. I disabled the modules: Domain controller and DNS and save changes.
2. I did a mark in the log files: /var/log/zentyal/zentyal.log and /var/log/syslog.
3. I enabled the DNS module and checked its status, including the mentioned log files.
4. Then, I enabled the domain controller module and again, I checked its status and the log files.
5. Finally, I tried to restart the DNS module just to see if the module still failed.
Hope it helps.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
126
Other modules / Re: IDS/IPS doesnt work
« on: March 28, 2022, 11:20:43 am »
Hi,
IDS module has a bug, it might be the reason of your error. Below you have the link to the report.
* https://github.com/zentyal/zentyal/issues/2037
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
IDS module has a bug, it might be the reason of your error. Below you have the link to the report.
* https://github.com/zentyal/zentyal/issues/2037
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
127
Directory and Authentication / Re: File disappeared without a trace
« on: March 24, 2022, 01:04:24 pm »
Hi,
If you have the audit feature enable (conf file: /etc/zentyal/samba.conf , option: disable_fullaudit), you should see all the traces in the log file '/var/log/syslog'.
Also, you should check the permissions of that file and the directory where is located, just to confirm that everything is correct.
Finally, it might be a Antivirus actions, perhaps this module has detected the XLS file as a threat.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
If you have the audit feature enable (conf file: /etc/zentyal/samba.conf , option: disable_fullaudit), you should see all the traces in the log file '/var/log/syslog'.
Also, you should check the permissions of that file and the directory where is located, just to confirm that everything is correct.
Finally, it might be a Antivirus actions, perhaps this module has detected the XLS file as a threat.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
128
Directory and Authentication / Re: LDAP Proxy for Google Secure LDAP
« on: March 21, 2022, 10:30:42 am »
Hi,
If you want to use a certificate to secure the communications in the domain controller module, you have to follow the below link:
* https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC
Just remember that you will need to use the stubs to configure file 'smb.conf'.
* https://doc.zentyal.org/en/appendix-c.html#stubs
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
If you want to use a certificate to secure the communications in the domain controller module, you have to follow the below link:
* https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC
Just remember that you will need to use the stubs to configure file 'smb.conf'.
* https://doc.zentyal.org/en/appendix-c.html#stubs
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
129
Installation and Upgrades / Re: Samba copying symlinks
« on: March 18, 2022, 01:36:05 pm »
Hi,
If you want to modify a configuration file, you need to use stubs not hooks. Below you have the link from the documentation.
* https://doc.zentyal.org/en/appendix-c.html#stubs
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
If you want to modify a configuration file, you need to use stubs not hooks. Below you have the link from the documentation.
* https://doc.zentyal.org/en/appendix-c.html#stubs
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
130
Directory and Authentication / Re: Dynamic DNS not working? DHCP
« on: March 14, 2022, 12:56:37 pm »
Hi,
It's the reverse zone update which produces the error.
As you can see, the zone '0.168.192.in-addr.arpa.' is giving non 0 exit code. So, it fails.
I did a quick test and it worked in my env. Below all the trace in the log file '/var/log/syslog' when I configure the IP address of a Windows 7 computer as DHCP (this computer does not belong to the domain):
And then, I checked the zone through Samba and the computer (w7cl01) was added correctly:
I recommend you to compare all my information from my test env with yours.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
It's the reverse zone update which produces the error.
Code: [Select]
Mar 13 10:05:45 apolo sh[1206]: + nsupdate -g -d
Mar 13 10:05:45 apolo sh[1206]: Sending update to 127.0.0.1#53
Mar 13 10:05:45 apolo sh[1206]: Outgoing update query:
Mar 13 10:05:45 apolo sh[1206]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 38967
Mar 13 10:05:45 apolo sh[1206]: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
Mar 13 10:05:45 apolo sh[1206]: ;; ZONE SECTION:
Mar 13 10:05:45 apolo sh[1206]: ;0.168.192.in-addr.arpa.#011#011IN#011SOA
Mar 13 10:05:45 apolo sh[1206]: ;; UPDATE SECTION:
Mar 13 10:05:45 apolo sh[1206]: 129.0.168.192.in-addr.arpa. 0#011ANY#011PTR
Mar 13 10:05:45 apolo sh[1206]: 129.0.168.192.in-addr.arpa. 3600 IN#011PTR#011computer0142.domain.local.
Mar 13 10:05:45 apolo sh[1206]: ;; TSIG PSEUDOSECTION:
Mar 13 10:05:45 apolo sh[1206]: domain.local.#011#0110#011ANY#011TSIG#011hmac-md5.sig-alg.reg.int. 1647183945 300 16 Ydfh3gHQ+6JpafevDI/ugw== 38967 NOERROR 0
Mar 13 10:05:45 apolo sh[1206]: Reply from update query:
Mar 13 10:05:45 apolo sh[1206]: ;; ->>HEADER<<- opcode: UPDATE, status: NOTAUTH, id: 38967
Mar 13 10:05:45 apolo sh[1206]: ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
Mar 13 10:05:45 apolo sh[1206]: ;; ZONE SECTION:
Mar 13 10:05:45 apolo sh[1206]: ;0.168.192.in-addr.arpa.#011#011IN#011SOA
Mar 13 10:05:45 apolo sh[1206]: ;; TSIG PSEUDOSECTION:
Mar 13 10:05:45 apolo sh[1206]: domain.local.#011#0110#011ANY#011TSIG#011hmac-md5.sig-alg.reg.int. 1647183945 300 16 bHQ2fl/tXHqapHt7WnY9Pg== 38967 NOERROR 0
Mar 13 10:05:45 apolo sh[1206]: + result2=2
Mar 13 10:05:45 apolo sh[1206]: + result=02
Mar 13 10:05:45 apolo sh[1206]: + '[' 02 '!=' 00 ']'
Mar 13 10:05:45 apolo sh[1206]: + logger 'DHCP-DNS Update failed: 02'
As you can see, the zone '0.168.192.in-addr.arpa.' is giving non 0 exit code. So, it fails.
I did a quick test and it worked in my env. Below all the trace in the log file '/var/log/syslog' when I configure the IP address of a Windows 7 computer as DHCP (this computer does not belong to the domain):
Code: [Select]
Mar 14 12:44:02 zentyal named[11380]: resolver priming query complete
Mar 14 12:44:04 zentyal dhcpd[11742]: DHCPDISCOVER from 08:00:27:12:b1:0f via eth1
Mar 14 12:44:05 zentyal dhcpd[11742]: DHCPOFFER on 192.168.62.50 to 08:00:27:12:b1:0f (w7cl01) via eth1
Mar 14 12:44:05 zentyal dhcpd[11742]: Commit: IP: 192.168.62.50 DHCID: 08:00:27:12:b1:0f Name: w7cl01
Mar 14 12:44:05 zentyal dhcpd[11742]: execute_statement argv[0] = /usr/share/zentyal-dhcp/dhcp-dyndns.sh
Mar 14 12:44:05 zentyal dhcpd[11742]: execute_statement argv[1] = add
Mar 14 12:44:05 zentyal dhcpd[11742]: execute_statement argv[2] = 192.168.62.50
Mar 14 12:44:05 zentyal dhcpd[11742]: execute_statement argv[3] = 08:00:27:12:b1:0f
Mar 14 12:44:05 zentyal dhcpd[11742]: execute_statement argv[4] = w7cl01
Mar 14 12:44:05 zentyal sh[11742]: ++ grep -v SBINDIR
Mar 14 12:44:05 zentyal sh[11742]: ++ grep BINDIR
Mar 14 12:44:05 zentyal sh[11742]: ++ awk '{print $NF}'
Mar 14 12:44:05 zentyal sh[11742]: ++ samba -b
Mar 14 12:44:05 zentyal sh[11742]: + BINDIR=/usr/bin
Mar 14 12:44:05 zentyal sh[11742]: + WBINFO=/usr/bin/wbinfo
Mar 14 12:44:05 zentyal sh[11742]: ++ hostname -d
Mar 14 12:44:05 zentyal sh[11742]: + domain=zentyal-domain.lan
Mar 14 12:44:05 zentyal sh[11742]: + '[' -z zentyal-domain.lan ']'
Mar 14 12:44:05 zentyal sh[11742]: ++ echo ZENTYAL-DOMAIN.LAN
Mar 14 12:44:05 zentyal sh[11742]: + REALM=ZENTYAL-DOMAIN.LAN
Mar 14 12:44:05 zentyal sh[11742]: + NSUPDFLAGS=-d
Mar 14 12:44:05 zentyal sh[11742]: + export KRB5CCNAME=/tmp/dhcp-dyndns.cc
Mar 14 12:44:05 zentyal sh[11742]: + KRB5CCNAME=/tmp/dhcp-dyndns.cc
Mar 14 12:44:05 zentyal sh[11742]: + SETPRINCIPAL=dhcpduser@ZENTYAL-DOMAIN.LAN
Mar 14 12:44:05 zentyal sh[11742]: ++ /usr/bin/wbinfo -u
Mar 14 12:44:05 zentyal sh[11742]: + TESTUSER='ZENTYAL-DOMAIN\administrator
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\guest
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\krbtgt
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\dns-zentyal
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\admindc
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\andrea
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\maria
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\abraham
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\zentyal-mail-zentyal
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\dhcpduser | grep '\''dhcpduser'\'')'
Mar 14 12:44:05 zentyal sh[11742]: + '[' -z 'ZENTYAL-DOMAIN\administrator
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\guest
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\krbtgt
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\dns-zentyal
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\admindc
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\andrea
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\maria
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\abraham
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\zentyal-mail-zentyal
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\dhcpduser | grep '\''dhcpduser'\'')' ']'
Mar 14 12:44:05 zentyal sh[11742]: + '[' '!' -f /etc/dhcp/samba-keys/dhcpduser.keytab ']'
Mar 14 12:44:05 zentyal sh[11742]: + action=add
Mar 14 12:44:05 zentyal sh[11742]: + ip=192.168.62.50
Mar 14 12:44:05 zentyal sh[11742]: + DHCID=08:00:27:12:b1:0f
Mar 14 12:44:05 zentyal sh[11742]: + name=w7cl01
Mar 14 12:44:05 zentyal sh[11742]: + '[' -z 192.168.62.50 ']'
Mar 14 12:44:05 zentyal sh[11742]: + '[' -z 08:00:27:12:b1:0f ']'
Mar 14 12:44:05 zentyal sh[11742]: + '[' w7cl01 = '' ']'
Mar 14 12:44:05 zentyal sh[11742]: ++ awk -F . '{print $4"."$3"."$2"."$1".in-addr.arpa"}'
Mar 14 12:44:05 zentyal sh[11742]: ++ echo 192.168.62.50
Mar 14 12:44:05 zentyal sh[11742]: + ptr=50.62.168.192.in-addr.arpa
Mar 14 12:44:05 zentyal sh[11742]: ++ awk -F . '{print $3"."$2"."$1".in-addr.arpa"}'
Mar 14 12:44:05 zentyal sh[11742]: ++ echo 192.168.62.50
Mar 14 12:44:05 zentyal sh[11742]: + rzone=62.168.192.in-addr.arpa
Mar 14 12:44:05 zentyal sh[11742]: ++ cut -d '"' -f 2
Mar 14 12:44:05 zentyal sh[11742]: ++ grep secret
Mar 14 12:44:05 zentyal sh[11742]: ++ grep -A 2 zentyal-domain.lan
Mar 14 12:44:05 zentyal sh[11742]: ++ cat /etc/dhcp/ddns-keys/keys
Mar 14 12:44:05 zentyal sh[11742]: + secret=a/cmVSVMYXAW7ERsbOuKag==
Mar 14 12:44:05 zentyal sh[11742]: + case "${action}" in
Mar 14 12:44:05 zentyal sh[11742]: + _KERBEROS
Mar 14 12:44:05 zentyal sh[11742]: ++ date '+%d-%m-%y %H:%M:%S'
Mar 14 12:44:05 zentyal sh[11742]: + test='14-03-22 12:44:05'
Mar 14 12:44:05 zentyal sh[11742]: + klist -c /tmp/dhcp-dyndns.cc -s
Mar 14 12:44:05 zentyal sh[11742]: + '[' 1 '!=' 0 ']'
Mar 14 12:44:05 zentyal sh[11742]: + logger '14-03-22 12:44:05 [dyndns] : Getting new ticket, old one has expired'
Mar 14 12:44:05 zentyal dhcpd: 14-03-22 12:44:05 [dyndns] : Getting new ticket, old one has expired
Mar 14 12:44:05 zentyal sh[11742]: + kinit -F -k -t /etc/dhcp/samba-keys/dhcpduser.keytab -c /tmp/dhcp-dyndns.cc dhcpduser@ZENTYAL-DOMAIN.LAN
Mar 14 12:44:05 zentyal sh[11742]: + '[' 0 '!=' 0 ']'
Mar 14 12:44:05 zentyal sh[11742]: + nsupdate -g -d
Mar 14 12:44:05 zentyal sh[11742]: Reply from SOA query:
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26802
Mar 14 12:44:05 zentyal sh[11742]: ;; flags: qr aa ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
Mar 14 12:44:05 zentyal sh[11742]: ;; QUESTION SECTION:
Mar 14 12:44:05 zentyal sh[11742]: ;w7cl01.zentyal-domain.lan.#011IN#011SOA
Mar 14 12:44:05 zentyal sh[11742]: ;; AUTHORITY SECTION:
Mar 14 12:44:05 zentyal sh[11742]: zentyal-domain.lan.#0110#011IN#011SOA#011zentyal.zentyal-domain.lan. hostmaster.zentyal-domain.lan. 29 900 600 86400 3600
Mar 14 12:44:05 zentyal sh[11742]: Found zone name: zentyal-domain.lan
Mar 14 12:44:05 zentyal sh[11742]: The master is: zentyal.zentyal-domain.lan
Mar 14 12:44:05 zentyal sh[11742]: start_gssrequest
Mar 14 12:44:05 zentyal sh[11742]: send_gssrequest
Mar 14 12:44:05 zentyal sh[11742]: Outgoing update query:
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56665
Mar 14 12:44:05 zentyal sh[11742]: ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
Mar 14 12:44:05 zentyal sh[11742]: ;; QUESTION SECTION:
Mar 14 12:44:05 zentyal sh[11742]: ;1967011370.sig-zentyal.zentyal-domain.lan. ANY TKEY
Mar 14 12:44:05 zentyal sh[11742]: ;; ADDITIONAL SECTION:
Mar 14 12:44:05 zentyal sh[11742]: 1967011370.sig-zentyal.zentyal-domain.lan. 0 ANY TKEY gss-tsig. 1647258245 1647258245 3 NOERROR 1419 YIIFhwYJKoZIhvcSAQICAQBuggV2MIIFcqADAgEFoQMCAQ6iBwMFACAA AACjggRiYYIEXjCCBFqgAwIBBaEUGxJaRU5UWUFMLURPTUFJTi5MQU6i LDAqoAMCAQGhIzAhGwNETlMbGnplbnR5YWwuemVudHlhbC1kb21haW4u bGFuo4IEDTCCBAmgAwIBF6EDAgEBooID+wSCA/dwET6+L0kL0k9cF1GL BTpZI72uSU0MD7vQBgAK/l6Vj0bqVf+i+o93MbT7KwGeKJx3EeLNb6Nn nFGlUzvSdlDlqixC+ygOaQdX1AgWl/kpSK+iMRrMVJh8lHSamNQxmkPv spqXaOzDNhl3Z2C0Xkd3XDRB5dquEWDCNx7rAZHS/ivewsh5txHJQj++ 7u6/jMf0a/Ph/BYCtbm9pzUgSswp877GLMQEqHX/QEUqRwMZQYL7qagi pLdDIQP6bWbzKurF3FnlE1ARrp7jYY5I6W9EjbfHG7odA865vunr957A DrRG8+A1oHT73iC+Lx9WMtRG7Ml6VVUL16Jv6sXfBLohOBySY/Xwt3rs 0kI+sqstZDaRabb560DIWpF1sA73uDwRRHRsdKU0yBW858nL3s+t0HM6 U++kYIxvUgm0GK+wROEvOm4+rKkePkLcyPMgIW+QxKQhjBrC4ehtjgwv BSP6Xtp+RgVhMHlK0ZAntq69yRuaHuCAwVkBF9mrrmNynrFxL02OHa1z 7OtbIknPeh7GzHuIhzyh4KQ6Y+9+916WTeVx2hTrPTtsS3uwbdT/1IZH zwFTdX7S2YK+XqIcjBYo6VLa+n62GDUpDjXNJ47L32J/6+Jt+YfJEW78 3o2HT6gp6wrsdKU/KDUreRQ/BBgoZwvB+Ox742F97H2nvSXnYMB0cLq+ /zWKW+EFFf0lOu/Jo05vpyYXbkX7dTGKIJJd450jVLA01MWHvTllakPK e1huAey1gRsFo9A1dE0YP2PxbNamNndl6UaXq2athSTFRQwB/n/MZSdD +rQGp9XQosIQnUWlTytZORGYdGGDoKtmQI/DIEwK7gipI430pT4nMlld PMeOmKj9LBuUGML4LZ+Um3JZUZnpQ6zEvf8afn98yyiCcgdztaWZA4jt o8LejY8vTFJdnGyn1h8yTH/rnd2x24bJZl/an7nTQ4QpsVfVhFbhlLwR E6/LAi1lQqCBml6I+pY3+FaT6/ZKhm1AjU8TD04gVCk7uVzCgu6Q2I4v CJpJ3f9IDW3jbl5S1/7rVxQ+laPzIoVHFtLdSh166mBwngx9LGpL5mMP yqQXi3c/R6XQvObRNJ13tH9PR9nL7PlvEj/vY53qKqnSAn3XuZWx3wOD zNPb+ktQoySukT+MGyQQEyGSzdrtsFBRw60eQJ9kuMuS/FefkxLOuw9x 14K8sgFpCeFmOy9W0PIa5hp6SioW6LswLPvJfUolQqw+4IX5eWbmMvSL gTSZOlHxIdVaSiHG62Ug8CRVOPUstKC1wdtTsm3kDOnkZI01eoq4i66J FSb2cUjSB1ZvUCIyoy1EKdePtG9MmEuK3d6zhH1th4WR8g8xpIH2MIHz oAMCAReigesEgeglf7GulAEd9V2ZFXgvUIrKwhQ8+rVoDPOCFGK4+pv3 IrXHOdIWS8/m9FE6bpcqwM7GyREaSznYHLHIB8rkPkMoibZyw5hSIKaJ sNiZlGZkY4liNAHNhf1wBU1T6b/Brv5kl/Tw+lyjctf8naoyvCZYFu1R +bylEri3/28Av11kpK9y2OHs8qYbz21o0oX+Vw4NwMcJJ6VrBaHTUCC7 kD2r9Me3yMUTCsjtcapUeBiJACp70KG2DcWoFx/bh/uCdDn8I0MfSc0b jvXJdWcvZ3lQCiX8lsFkSwm+y+Z6SIEgmq+6V8psNUIk 0
Mar 14 12:44:05 zentyal sh[11742]: recvmsg reply from GSS-TSIG query
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56665
Mar 14 12:44:05 zentyal sh[11742]: ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
Mar 14 12:44:05 zentyal sh[11742]: ;; QUESTION SECTION:
Mar 14 12:44:05 zentyal sh[11742]: ;1967011370.sig-zentyal.zentyal-domain.lan. ANY TKEY
Mar 14 12:44:05 zentyal sh[11742]: ;; ANSWER SECTION:
Mar 14 12:44:05 zentyal sh[11742]: 1967011370.sig-zentyal.zentyal-domain.lan. 0 ANY TKEY gss-tsig. 1647258245 1647261845 3 NOERROR 152 YIGVBgkqhkiG9xIBAgICAG+BhTCBgqADAgEFoQMCAQ+idjB0oAMCARei bQRrKon8O+IwDTFYnKLrR7FzRyICLBwhYN1GzQSGcge4yFAW6UuYjh2g 03lxTpka6F5C44MhKXSNJSP7PwmOuATVjYASqeMbXkMSyP8B4h9uJTlB 3tGZYcEUKy8cxL4Qi+lplFrsNqajpsX92as= 0
Mar 14 12:44:05 zentyal sh[11742]: Sending update to 127.0.0.1#53
Mar 14 12:44:05 zentyal sh[11742]: Outgoing update query:
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 7101
Mar 14 12:44:05 zentyal sh[11742]: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
Mar 14 12:44:05 zentyal sh[11742]: ;; UPDATE SECTION:
Mar 14 12:44:05 zentyal sh[11742]: w7cl01.zentyal-domain.lan. 0#011ANY#011A
Mar 14 12:44:05 zentyal sh[11742]: w7cl01.zentyal-domain.lan. 3600#011IN#011A#011192.168.62.50
Mar 14 12:44:05 zentyal sh[11742]: ;; TSIG PSEUDOSECTION:
Mar 14 12:44:05 zentyal sh[11742]: 1967011370.sig-zentyal.zentyal-domain.lan. 0 ANY TSIG gss-tsig. 1647258245 300 28 BAQE//////8AAAAAFXp/7B58xb5O9MHTGJqrQw== 7101 NOERROR 0
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: starting transaction on zone zentyal-domain.lan
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: allowing update of signer=dhcpduser\@ZENTYAL-DOMAIN.LAN name=w7cl01.zentyal-domain.lan tcpaddr=127.0.0.1 type=A key=1967011370.sig-zentyal.zentyal-domain.lan/160/0
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: allowing update of signer=dhcpduser\@ZENTYAL-DOMAIN.LAN name=w7cl01.zentyal-domain.lan tcpaddr=127.0.0.1 type=A key=1967011370.sig-zentyal.zentyal-domain.lan/160/0
Mar 14 12:44:05 zentyal named[11380]: client @0x7f2ce513b740 127.0.0.1#41943/key dhcpduser\@ZENTYAL-DOMAIN.LAN: updating zone 'zentyal-domain.lan/NONE': deleting rrset at 'w7cl01.zentyal-domain.lan' A
Mar 14 12:44:05 zentyal named[11380]: client @0x7f2ce513b740 127.0.0.1#41943/key dhcpduser\@ZENTYAL-DOMAIN.LAN: updating zone 'zentyal-domain.lan/NONE': adding an RR at 'w7cl01.zentyal-domain.lan' A 192.168.62.50
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: added rdataset w7cl01.zentyal-domain.lan 'w7cl01.zentyal-domain.lan.#0113600#011IN#011A#011192.168.62.50'
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: subtracted rdataset zentyal-domain.lan 'zentyal-domain.lan.#0113600#011IN#011SOA#011zentyal.zentyal-domain.lan. hostmaster.zentyal-domain.lan. 29 900 600 86400 3600'
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: added rdataset zentyal-domain.lan 'zentyal-domain.lan.#0113600#011IN#011SOA#011zentyal.zentyal-domain.lan. hostmaster.zentyal-domain.lan. 30 900 600 86400 3600'
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: committed transaction on zone zentyal-domain.lan
Mar 14 12:44:05 zentyal sh[11742]: Reply from update query:
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 7101
Mar 14 12:44:05 zentyal sh[11742]: ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
Mar 14 12:44:05 zentyal sh[11742]: ;; ZONE SECTION:
Mar 14 12:44:05 zentyal sh[11742]: ;zentyal-domain.lan.#011#011IN#011SOA
Mar 14 12:44:05 zentyal sh[11742]: ;; TSIG PSEUDOSECTION:
Mar 14 12:44:05 zentyal sh[11742]: 1967011370.sig-zentyal.zentyal-domain.lan. 0 ANY TSIG gss-tsig. 1647258245 300 28 BAQF//////8AAAAADUVZ+FPqG82uAV/BPt0bTw== 7101 NOERROR 0
Mar 14 12:44:05 zentyal sh[11742]: + result1=0
Mar 14 12:44:05 zentyal sh[11742]: + nsupdate -g -d
Mar 14 12:44:05 zentyal sh[11742]: Sending update to 127.0.0.1#53
Mar 14 12:44:05 zentyal named[11380]: client @0x7f2ce523cf60 127.0.0.1#58713/key zentyal-domain.lan: updating zone '62.168.192.in-addr.arpa/IN': deleting rrset at '50.62.168.192.in-addr.arpa' PTR
Mar 14 12:44:05 zentyal named[11380]: client @0x7f2ce523cf60 127.0.0.1#58713/key zentyal-domain.lan: updating zone '62.168.192.in-addr.arpa/IN': adding an RR at '50.62.168.192.in-addr.arpa' PTR w7cl01.zentyal-domain.lan.
Mar 14 12:44:05 zentyal sh[11742]: Outgoing update query:
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 64981
Mar 14 12:44:05 zentyal sh[11742]: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
Mar 14 12:44:05 zentyal sh[11742]: ;; ZONE SECTION:
Mar 14 12:44:05 zentyal sh[11742]: ;62.168.192.in-addr.arpa.#011IN#011SOA
Mar 14 12:44:05 zentyal sh[11742]: ;; UPDATE SECTION:
Mar 14 12:44:05 zentyal sh[11742]: 50.62.168.192.in-addr.arpa. 0#011ANY#011PTR
Mar 14 12:44:05 zentyal sh[11742]: 50.62.168.192.in-addr.arpa. 3600 IN#011PTR#011w7cl01.zentyal-domain.lan.
Mar 14 12:44:05 zentyal sh[11742]: ;; TSIG PSEUDOSECTION:
Mar 14 12:44:05 zentyal sh[11742]: zentyal-domain.lan.#0110#011ANY#011TSIG#011hmac-md5.sig-alg.reg.int. 1647258245 300 16 TZKwChtckcx1L4PVqS8hzA== 64981 NOERROR 0
Mar 14 12:44:05 zentyal sh[11742]: Reply from update query:
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 64981
Mar 14 12:44:05 zentyal sh[11742]: ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
Mar 14 12:44:05 zentyal sh[11742]: ;; ZONE SECTION:
Mar 14 12:44:05 zentyal sh[11742]: ;62.168.192.in-addr.arpa.#011IN#011SOA
Mar 14 12:44:05 zentyal sh[11742]: ;; TSIG PSEUDOSECTION:
Mar 14 12:44:05 zentyal sh[11742]: zentyal-domain.lan.#0110#011ANY#011TSIG#011hmac-md5.sig-alg.reg.int. 1647258245 300 16 RRXEWnCVhJp+0KtGq9lIjA== 64981 NOERROR 0
Mar 14 12:44:05 zentyal sh[11742]: + result2=0
Mar 14 12:44:05 zentyal sh[11742]: + result=00
Mar 14 12:44:05 zentyal sh[11742]: + '[' 00 '!=' 00 ']'
Mar 14 12:44:05 zentyal sh[11742]: + logger 'DHCP-DNS Update succeeded'
Mar 14 12:44:05 zentyal dhcpd: DHCP-DNS Update succeeded
Mar 14 12:44:05 zentyal sh[11742]: + exit 00
Mar 14 12:44:05 zentyal dhcpd[11742]: DHCPREQUEST for 192.168.62.50 (192.168.62.1) from 08:00:27:12:b1:0f (w7cl01) via eth1
Mar 14 12:44:05 zentyal dhcpd[11742]: DHCPACK on 192.168.62.50 to 08:00:27:12:b1:0f (w7cl01) via eth1
And then, I checked the zone through Samba and the computer (w7cl01) was added correctly:
Code: [Select]
samba-tool dns query 127.0.0.1 zentyal-domain.lan @ ALL -Uadmindc
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:127.0.0.1[,sign]
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
Password for [ZENTYAL-DOMAIN\admindc]:
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
Name=, Records=3, Children=0
SOA: serial=30, refresh=900, retry=600, expire=86400, minttl=3600, ns=zentyal.zentyal-domain.lan., email=hostmaster.zentyal-domain.lan. (flags=600000f0, serial=29, ttl=3600)
NS: zentyal.zentyal-domain.lan. (flags=600000f0, serial=29, ttl=259200)
A: 192.168.62.1 (flags=600000f0, serial=29, ttl=259200)
Name=_kerberos, Records=1, Children=0
TXT: "zentyal-domain.lan" (flags=f0, serial=5, ttl=259200)
Name=_msdcs, Records=0, Children=0
Name=_sites, Records=0, Children=1
Name=_tcp, Records=0, Children=5
Name=_udp, Records=0, Children=3
Name=DomainDnsZones, Records=0, Children=2
Name=ForestDnsZones, Records=0, Children=2
Name=shares, Records=1, Children=0
CNAME: zentyal.zentyal-domain.lan. (flags=f0, serial=28, ttl=259200)
Name=w7cl01, Records=1, Children=0
A: 192.168.62.50 (flags=f0, serial=29, ttl=3600)
Name=zentyal, Records=1, Children=0
A: 192.168.62.1 (flags=f0, serial=28, ttl=259200)
I recommend you to compare all my information from my test env with yours.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
131
Directory and Authentication / Re: Dynamic DNS not working? DHCP
« on: March 11, 2022, 12:36:49 pm »
Hi,
To confirm if the issue is caused by Apparmor, you can run the following command:
Also, you can add 'set -x' in the second line of the script (/usr/share/zentyal-dhcp/dhcp-dyndns.sh) in order to enable the debug mode. Then, you can check again the log files and check what commands are failing (probably, you will need to restart the DHCP or DC module).
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
To confirm if the issue is caused by Apparmor, you can run the following command:
Code: [Select]
sudo egrep -i apparmor /var/log/syslog
Also, you can add 'set -x' in the second line of the script (/usr/share/zentyal-dhcp/dhcp-dyndns.sh) in order to enable the debug mode. Then, you can check again the log files and check what commands are failing (probably, you will need to restart the DHCP or DC module).
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
132
Spanish / Re: Zentyal 7 no carga el Dashboard después de actualizar.
« on: March 08, 2022, 10:54:26 am »Hola instalé Zentyal 7 y realice las configuraciones basicas como controlador de dominio principal, dns, y servidor de correo. Luego de esto me percaté que no estaba recibiendo correo de cuentas externas al servidor, en los logs de mi servidor decia que no encontraba el usuario en el ldap. Entonces procedi a actualizar el servidor. Luego de actualizar y sin configurar nada mas ya recibe correos de cuentas externas pero ahora cuado pongo el usuario y la contraseña para entrar al Dashboard se cuelga y nunca llega a cargarlo. Si pudieran ayudarme. Gracias.
¿Has revisado si el servidor va bien de recursos?
Code: [Select]
htop
df -h
¿Probaste a parar temporalmente e iniciar nuevamente el módulo de Webadmin?
Code: [Select]
sudo zs webadmin stop
sudo zs webadmin start
Un saludo.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
133
Installation and Upgrades / Re: Trying to recover a completely broken system after 7.0 Upgrade
« on: February 21, 2022, 10:02:23 am »
Hi,
In case you still have the issue, below you have the workaround developed by Zentyal for Radius module during the upgrade:
* https://github.com/zentyal/zentyal/blob/support/6.2/main/core/src/scripts/release-upgrade#L219
Also, there is a link in the documentation where explains some common issues that could occur after the upgrade:
* https://doc.zentyal.org/en/upgrade.html#troubleshooting
Regarding the message 'FATAL: Could not connect to samba LDAP server: connect: Permission denied', you need to analyse the following log files in order to identify the location of that 'permission denied'.
* /var/log/zentyal/zentyal.log
* /var/log/syslog
* /var/log/samba/samba.log
Finally, you must check if Ubuntu was upgraded and also, if some of the Zentyal modules too. Below you have the commands that you must run:
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
In case you still have the issue, below you have the workaround developed by Zentyal for Radius module during the upgrade:
* https://github.com/zentyal/zentyal/blob/support/6.2/main/core/src/scripts/release-upgrade#L219
Also, there is a link in the documentation where explains some common issues that could occur after the upgrade:
* https://doc.zentyal.org/en/upgrade.html#troubleshooting
Regarding the message 'FATAL: Could not connect to samba LDAP server: connect: Permission denied', you need to analyse the following log files in order to identify the location of that 'permission denied'.
* /var/log/zentyal/zentyal.log
* /var/log/syslog
* /var/log/samba/samba.log
Finally, you must check if Ubuntu was upgraded and also, if some of the Zentyal modules too. Below you have the commands that you must run:
Code: [Select]
## To see if Ubuntu was upgrade
lsb_release -a
## To get the version of each module
dpkg -l | egrep 'zen(buntu|tyal)-'
## To get the packages that are not correctly installed oh held
dpkg -l | egrep -v '^ii'
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
134
Installation and Upgrades / Re: how can i Bock usb to sepcifc Organizational Unit???
« on: February 14, 2022, 03:59:49 pm »
Hi,
There is not difference between how to create and manage GPOs in a Windows server or in a Zentyal server. So, you just need to figure how that task is done in a Windows server out.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
There is not difference between how to create and manage GPOs in a Windows server or in a Zentyal server. So, you just need to figure how that task is done in a Windows server out.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
135
Other modules / Re: Error after RNDC Reload
« on: February 04, 2022, 10:51:10 am »
Hi,
If I were you, I'll do the following:
1. Check the owner of the FSMO roles:
2. Ensure that there is connection between the owner of the FSMO roles and your Zentyal server.
3. If your Zentyal server does not owns the FSMO roles, make sure that the Domain controller that owns them it is working correctly, and also, check that there is not any firewall rule that could be blocking the Samba's ports.
* https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
4. Fix the issues with the internal database of Samba:
5. Make a mark in the important log files:
6. Through Zentyal GUI, disable the modules: Domain Controller and DNS.
7. Through Zentyal GUI, enable DNS module, save changes, check its status and analyze the log files from step 5..
8. Do the same but with Domain Controller module.
NOTE: The above steps could cause a system failure, specially from step 4, so, make sure that you have a backup of your Zentyal server.
Hope it helps you.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
If I were you, I'll do the following:
1. Check the owner of the FSMO roles:
Code: [Select]
sudo samba-tool fsmo show
2. Ensure that there is connection between the owner of the FSMO roles and your Zentyal server.
Code: [Select]
ping ns1.indomaret.group
3. If your Zentyal server does not owns the FSMO roles, make sure that the Domain controller that owns them it is working correctly, and also, check that there is not any firewall rule that could be blocking the Samba's ports.
* https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
4. Fix the issues with the internal database of Samba:
Code: [Select]
sudo samba-tool dbcheck --fix --yes
5. Make a mark in the important log files:
Code: [Select]
for i in /var/log/zentyal/zentyal.log /var/log/syslog /var/log/samba/samba.log; do echo "#### DEBUGGING" | sudo tee -a $i; done
6. Through Zentyal GUI, disable the modules: Domain Controller and DNS.
7. Through Zentyal GUI, enable DNS module, save changes, check its status and analyze the log files from step 5..
8. Do the same but with Domain Controller module.
NOTE: The above steps could cause a system failure, specially from step 4, so, make sure that you have a backup of your Zentyal server.
Hope it helps you.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".