Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
16
Installation and Upgrades / [Solved] openfire AD integration with Zentyal
« on: September 20, 2014, 04:39:12 am »
I have Openfire 3.9.3 running on Ubuntu 14 LTS on one server
And I have Zentyal 3.5 on another server.
I'm trying to do the config part and connect my Openfire to my Zentyal PDC. There don't seem to be many options here, but it seems to not be working.
So here are the settings I'm using:
Type: Active Directory
Hostname: IPof.My.Zentyal.Server (I'm using a local IP since they are on the same LAN)
Port: 389
Base DN: CN=Users,DC=local,DC=mydomain,DC=com
Administrator DN: CN=Adminname,CN=Users,DC=local,DC=mydomain,DC=com
Password=Adminname'sPW
It seems pretty straight forward. Am I missing something here?
I've successfully joined a NAS and several Windows Workstations to this same Zentyal box, but all using a username@local.mydomain.com + password authentication scheme. This is the first time I am using a DN authentication scheme, but again, it seems pretty straightforward...
Is there anywhere I can check for a little more info on what is happening behind the scenes? The only way I can progress past this point is if I get some error codes or something. I tried looking in /var/log/zentyal and /var/log/samba, but I don't see anything about AD connection attempts...
And I have Zentyal 3.5 on another server.
I'm trying to do the config part and connect my Openfire to my Zentyal PDC. There don't seem to be many options here, but it seems to not be working.
So here are the settings I'm using:
Type: Active Directory
Hostname: IPof.My.Zentyal.Server (I'm using a local IP since they are on the same LAN)
Port: 389
Base DN: CN=Users,DC=local,DC=mydomain,DC=com
Administrator DN: CN=Adminname,CN=Users,DC=local,DC=mydomain,DC=com
Password=Adminname'sPW
It seems pretty straight forward. Am I missing something here?
I've successfully joined a NAS and several Windows Workstations to this same Zentyal box, but all using a username@local.mydomain.com + password authentication scheme. This is the first time I am using a DN authentication scheme, but again, it seems pretty straightforward...
Is there anywhere I can check for a little more info on what is happening behind the scenes? The only way I can progress past this point is if I get some error codes or something. I tried looking in /var/log/zentyal and /var/log/samba, but I don't see anything about AD connection attempts...
17
Installation and Upgrades / Re: Domain name of server, whow should it be named?
« on: September 19, 2014, 10:39:23 pm »
A server can have more than one hostname (like myserver.local and myserver.mycompany.com), and it can have multiple certificates. But it can basically only have one certificate per service. So basically, yes if you are going to use active sync over port 443 you need to choose to either use a certificate with myserver.local or myserver.mycompany.com and use that for access from ANYWHERE whether external, internal, or over VPN. Usually this means using a "real" domain name like myserver.mycompany.com.
18
Installation and Upgrades / Re: Domain name of server, whow should it be named?
« on: September 18, 2014, 04:12:19 pm »
It can be the same or it can be different. I don't know anything about your Outlook sync problems, but the certificate problems probably come from the servers using self-signed certificates. To get rid of those errors you will need to install the certificates keys into the trust centers of each machine (or portable device) which will connect to the server.
This is one "advantage" of using a "real" domain name. If you purchase widgetzoots.com and you make your company domain something like local.widgetzoots.com you can purchase a "real" certificate from a major provider like Verisign, Geotrust, or Comodo. Unfortunately no one will sell you a "real" certificate for a .local domain, so you have to tell your computers to trust it manually.
This is one "advantage" of using a "real" domain name. If you purchase widgetzoots.com and you make your company domain something like local.widgetzoots.com you can purchase a "real" certificate from a major provider like Verisign, Geotrust, or Comodo. Unfortunately no one will sell you a "real" certificate for a .local domain, so you have to tell your computers to trust it manually.
19
Installation and Upgrades / Re: Domain name of server, whow should it be named?
« on: September 17, 2014, 11:06:57 pm »
They can definitely be the same, and I think it is actually best practices now that the name you choose for your domain be a domain name that you actually control. I believe things like .local and .lan are "reserved" for local LAN use, in that no one can buy them, so that is always an option.
In my case, I have a domain that I purchased: mydomain.com (example).
For e-mail, people can e-mail someone@mydomain.com. For the purposes of user and computer administration, my domain is something like local.mydomain.com.
In my case, I have a domain that I purchased: mydomain.com (example).
For e-mail, people can e-mail someone@mydomain.com. For the purposes of user and computer administration, my domain is something like local.mydomain.com.
20
Installation and Upgrades / how often/when do Zentyal servers replicate?
« on: September 17, 2014, 10:47:49 pm »
I have a PDC and an ADC connected over a VPN.
How often and when do they replicate?
Is there any way to force a replication right now?
Is there a reason why it seems like my PDC replicates to my ADC but not the other way around?
How often and when do they replicate?
Is there any way to force a replication right now?
Is there a reason why it seems like my PDC replicates to my ADC but not the other way around?
21
Installation and Upgrades / Re: How to delete old computers from users and computers
« on: September 17, 2014, 10:39:42 pm »
Well this is amazing.
Just for kicks I tried RSAT again. I didn't change ANYTHING. I logged in on my PC as my Domain Administrator again. Users and Computers was already in the recently used section of my Start menu. I double-clicked on it and ... bam there was the duplicate Computer1. I didn't even have to navigate anywhere because it was already in the Computers section from my last attempt. And it deleted quickly and easily.
The only thing I can guess is that, as I had my PDC and my ADC both defined in my local Domain DNS server, that the first time I tried to connect I had actually connected to the PDC (on the remote network), and that is why I didn't see the duplicate.
Just for kicks I tried RSAT again. I didn't change ANYTHING. I logged in on my PC as my Domain Administrator again. Users and Computers was already in the recently used section of my Start menu. I double-clicked on it and ... bam there was the duplicate Computer1. I didn't even have to navigate anywhere because it was already in the Computers section from my last attempt. And it deleted quickly and easily.
The only thing I can guess is that, as I had my PDC and my ADC both defined in my local Domain DNS server, that the first time I tried to connect I had actually connected to the PDC (on the remote network), and that is why I didn't see the duplicate.
22
Installation and Upgrades / Re: How to delete old computers from users and computers
« on: September 17, 2014, 08:07:47 pm »
Well I must be stupid
I followed this guide to setup webmin: http://ubuntuhandbook.org/index.php/2013/12/install-webmin-official-repository-ubuntu/
Everything seemed to work fine and I logged into webmin
Then Servers -> Samba Windows File Sharing -> Samba Users
I only see one listing for Computer1$
Where is the duplicate hiding?
Edit: No, I am stupid. I see the duplicates as there are two listings for Computer1$ (apparently it doesn't list it in anything close to alphabetical order so they are far apart in the list). However, I still don't know WHICH one to delete. In Zentyal one listing of Computer1 shows a CNF # which is like CNF:cb5531b9-9-etc.etc. In webmin I see the same numbers I saw when using pdbedit: Unix UID. Which doesn't match at all.
Edit2: Just for "fun" I decided to try deleting the second Computer1$ in the list. I received the following error and there are still two in the list:
I'm not sure if this has something to do with root access as I am logging in as the Zentyal admin user. I tried going to Webmin -> Webmin Users -> Configure UNIX User Authentication and made sure that "Allow users who can run all commands via sudo to login as root". I even added my Zentyal admin user to the list of "Allow UNIX users listed below to login..." "As Webmin user" "root".
I still can't login as "root" directly from the login page, and logging in as the Zentyal admin user again still returns the same error when trying to delete the duplicate Computer1$
Edit3: Absolute failure in every regard. I tried
Everything returns the same error as above:
I followed this guide to setup webmin: http://ubuntuhandbook.org/index.php/2013/12/install-webmin-official-repository-ubuntu/
Everything seemed to work fine and I logged into webmin
Then Servers -> Samba Windows File Sharing -> Samba Users
Where is the duplicate hiding?
Edit: No, I am stupid. I see the duplicates as there are two listings for Computer1$ (apparently it doesn't list it in anything close to alphabetical order so they are far apart in the list). However, I still don't know WHICH one to delete. In Zentyal one listing of Computer1 shows a CNF # which is like CNF:cb5531b9-9-etc.etc. In webmin I see the same numbers I saw when using pdbedit: Unix UID. Which doesn't match at all.
Edit2: Just for "fun" I decided to try deleting the second Computer1$ in the list. I received the following error and there are still two in the list:
Code: [Select]
Access control violationask_epass.cgi : /usr/bin/pdbedit failed :
params.c:pm_process() - Processing configuration file "/etc/samba/printers.conf"
Processing section "[global]"
ldb_wrap open of idmap.ldbI'm not sure if this has something to do with root access as I am logging in as the Zentyal admin user. I tried going to Webmin -> Webmin Users -> Configure UNIX User Authentication and made sure that "Allow users who can run all commands via sudo to login as root". I even added my Zentyal admin user to the list of "Allow UNIX users listed below to login..." "As Webmin user" "root".
I still can't login as "root" directly from the login page, and logging in as the Zentyal admin user again still returns the same error when trying to delete the duplicate Computer1$
Edit3: Absolute failure in every regard. I tried
Code: [Select]
sudo pdbedit -x -m -u Computer1and alsoCode: [Select]
sudo pdbedit -x -m -u Computer1$and alsoCode: [Select]
sudo pdbedit -x -m -u Computer1/$and alsoCode: [Select]
sudo pdbedit -x -m -u COMPUTER1and alsoCode: [Select]
sudo pdbedit -x -m -u COMPUTER1$and alsoCode: [Select]
sudo pdbedit -x -m -u COMPUTER1/$Everything returns the same error as above:
Code: [Select]
params.c:pm_process() - Processing configuration file "/etc/samba/printers.conf"
Processing section "[global]"
ldb_wrap open of idmap.ldb
machine Computer1$ does not exist in the passdb
23
Installation and Upgrades / Re: How to delete old computers from users and computers
« on: September 17, 2014, 04:14:34 pm »In the latest release of zentyal webmin works not always from a client pc in the network ( this is since zentyal do not use apache2 anymore fore the administration gui ).
I'm using Zentyal 3.5, does that mean webmin won't work?
24
Installation and Upgrades / Re: question about Zentyal replication and AD authentication
« on: September 17, 2014, 03:55:28 pm »
I think I need more clarification on this. The computers and NAS2 on Network2 are only pointing to ZenServ2 as their domain name server. ZenServ2 has itself listed first in the list of Domain controllers, would they not try to authorize with ZenServ2 first?
25
Installation and Upgrades / Re: How to delete old computers from users and computers
« on: September 17, 2014, 01:54:48 am »
anyone?
26
Installation and Upgrades / Re: question about Zentyal replication and AD authentication
« on: September 16, 2014, 11:55:31 pm »
I'm going to have to reopen this. Sometimes my NAS2 will authenticate with my ZenServ2, and sometimes it won't.
I've been having some trouble with my VPN connection this day as well, so that will interrupt the communication between ZenServ2 and ZenServ1. I'm wondering, can NAS2 not authenticate with ZenServ2 if ZenServ2 can't reach ZenServ1? That seems retarted, since I always assumed that the purpose of an ADC was to be like a local cache of users for exactly those situations when remote connections are disrupted.
Another thing I have noticed: it doesn't seem like changes made to ZenServ2 are replicating to ZenServ1. Only the other way around. Is that how Zentyal is supposed to behave? The documentation indicates that it is two-way replication.
I've been having some trouble with my VPN connection this day as well, so that will interrupt the communication between ZenServ2 and ZenServ1. I'm wondering, can NAS2 not authenticate with ZenServ2 if ZenServ2 can't reach ZenServ1? That seems retarted, since I always assumed that the purpose of an ADC was to be like a local cache of users for exactly those situations when remote connections are disrupted.
Another thing I have noticed: it doesn't seem like changes made to ZenServ2 are replicating to ZenServ1. Only the other way around. Is that how Zentyal is supposed to behave? The documentation indicates that it is two-way replication.
27
Installation and Upgrades / Re: How to delete old computers from users and computers
« on: September 16, 2014, 08:34:42 pm »
Is there any GUI version of ldbedit? I'm scared 
edit: alternatively is there a good guide for using ldbedit in Zentyal?
edit2: can anyone give me a sample of how to use ldbedit to remove a Computer?
edit: alternatively is there a good guide for using ldbedit in Zentyal?
edit2: can anyone give me a sample of how to use ldbedit to remove a Computer?
28
Installation and Upgrades / [Solved] how to setup a virtual interface on eth0 (standalone server)
« on: September 16, 2014, 07:50:26 pm »
I see under Network -> Interfaces, I have the option to create a Virtual Interface on my LAN port. This should be simple but what keeps throwing me is the "Name" field and there is no guidance either in the webadmin or in the online documentation, except for the errors I get.
I tried putting a descriptive name like: "Secondary.Connection" and Zentyal said NO: Invalid value for Virtual interface name
I tried putting a linux name like "eth0:1" and Zentyal said NO: Invalid value for Virtual interface name
I tried putting a useless name like "abcd" and finally Zentyal said YES.
"1" also worked.
Is this correct?
I tried putting a descriptive name like: "Secondary.Connection" and Zentyal said NO: Invalid value for Virtual interface name
I tried putting a linux name like "eth0:1" and Zentyal said NO: Invalid value for Virtual interface name
I tried putting a useless name like "abcd" and finally Zentyal said YES.
"1" also worked.
Is this correct?
29
Installation and Upgrades / Re: How to delete old computers from users and computers
« on: September 16, 2014, 07:38:58 pm »
I REALLY NEED HELP WITH THIS ! 
@jbahillo Read my post, I did exactly that and still could not delete the duplicate entry.
Hello:
The right way to do this is to use RSAT tools
@jbahillo Read my post, I did exactly that and still could not delete the duplicate entry.
I installed MS Admin Tools (RSAT), logged in to my computer, connected to the ADC2 network, as a local admin, and then launched the Users and Computers Administration tool. Under computers, only "Computer 1" appears, and only once. So I see no way to delete the duplicate Computer 1 in either the Zentyal webadmin nor through the MS tools.
30
Installation and Upgrades / Re: How to delete old computers from users and computers
« on: September 14, 2014, 12:54:17 am »
Based on this thread: https://forum.zentyal.org/index.php?topic=13887.0
On ADC2, I tried using
But I get an error saying that the machine "Computer1" does not exist in the passdb
This thread explains how a CNF entry occurs (which is pretty much exactly what happened with me): http://windowsitpro.com/windows/i-have-objects-my-active-directory-ad-domain-have-cnf-their-name-followed-globally-unique-id
The problem is, how do I convert a the GUID from the CNF:GUID format into something that Samba can recognize? When I do
I can see that each entry has a User SID and a Primary Group SID, but neither of those seems to correspond to the CNF number
On ADC2, I tried using
Code: [Select]
pdbedit -x -m Computer1But I get an error saying that the machine "Computer1" does not exist in the passdb
This thread explains how a CNF entry occurs (which is pretty much exactly what happened with me): http://windowsitpro.com/windows/i-have-objects-my-active-directory-ad-domain-have-cnf-their-name-followed-globally-unique-id
The problem is, how do I convert a the GUID from the CNF:GUID format into something that Samba can recognize? When I do
Code: [Select]
pdbedit -L -vI can see that each entry has a User SID and a Primary Group SID, but neither of those seems to correspond to the CNF number