Recent Posts

Pages: [1] 2 3 ... 10
1
Installation and Upgrades / Block Porn and Malicious sites
« Last post by always_humble on July 22, 2021, 02:50:25 pm »
Hi there,

just installed version 7, running on Hyper-V... 2 NICs, Domain Controller

How do I block PORN and MALICIOUS sites ?

Thanks
2
Directory and Authentication / Re: can't create or edit users
« Last post by a.chirkov on July 22, 2021, 12:31:24 pm »
No errors:
Quote
root@zentyal:/home/user# samba-tool dbcheck --cross-ncs
Checking 3808 objects
Checked 3808 objects (0 errors)
3
Directory and Authentication / Re: can't create or edit users
« Last post by turalyon on July 22, 2021, 12:11:25 pm »
Did you check the status of the internal database of Samba?

* https://wiki.samba.org/index.php/Dbcheck
4
Directory and Authentication / can't create or edit users
« Last post by a.chirkov on July 22, 2021, 09:21:34 am »
Hi. I have Zentyal 6.2 as addition ad controller to windows server 2008r2.
Connects to the domain without errors, I see users in the web interface.
But then i try edit or create users I get the error:
Quote
There was an error updating LDAP: The request referenced an attribute that does not exist .<br/> Operation parameters:'modify [ \'add\', [ \'objectClass\', [ \'systemQuotas\' ] ] ] ' at /usr/share/perl5/EBox/Samba/LdapObject.pm line 433
In logs:
Quote
Command output: .
Exit value: 1 at root command set -e
rm -f '/var/lib/zentyal/conf/samba.keytab'
samba-tool domain exportkeytab '/var/lib/zentyal/conf/samba.keytab' --principal='ÐÑÑаÑоÑ@EP.LOC'
chown 'ebox:ebox' '/var/lib/zentyal/conf/samba.keytab'
chmod 400 '/var/lib/zentyal/conf/samba.keytab' failed.
Error output: GENSEC backend 'gssapi_spnego' registered
 GENSEC backend 'gssapi_krb5' registered
 GENSEC backend 'gssapi_krb5_sasl' registered
 GENSEC backend 'spnego' registered
 GENSEC backend 'schannel' registered
 GENSEC backend 'naclrpc_as_system' registered
 GENSEC backend 'sasl-EXTERNAL' registered
 GENSEC backend 'ntlmssp' registered
 GENSEC backend 'ntlmssp_resume_ccache' registered
 GENSEC backend 'http_basic' registered
 GENSEC backend 'http_ntlm' registered
 GENSEC backend 'krb5' registered
 GENSEC backend 'fake_gssapi_krb5' registered
 Export one principal to /var/lib/zentyal/conf/samba.keytab
 chown: cannot access '/var/lib/zentyal/conf/samba.keytab': No such file or directory

Command output: .
Exit value: 1 at /usr/share/perl5/EBox/Module/Service.pm line 971
EBox::Module::Service::restartService('EBox::Samba=HASH(0x561a5296b3d0)', 'restartModules', 1) called at /usr/share/perl5/EBox/Util/Init.pm line 121
eval {...} at /usr/share/perl5/EBox/Util/Init.pm line 119
EBox::Util::Init::moduleAction('samba', 'restartService', 'start') called at /usr/share/perl5/EBox/Util/Init.pm line 87
EBox::Util::Init::start at /usr/bin/zs line 35
main::main at /usr/bin/zs line 82
2021/07/22 11:55:42 INFO> Service.pm:965 EBox::Module::Service::restartService - Restarting service for module: webadmin
2021/07/22 11:55:45 INFO> Init.pm:90 EBox::Util::Init::start - Start modules finished
2021/07/22 11:55:49 INFO> SyncDaemon.pm:340 EBox::Samba::SyncDaemon::run - Samba sync daemon started
2021/07/22 11:56:06 ERROR> LdapObject.pm:433 EBox::Samba::LdapObject::save - There was an error updating LDAP: The request referenced an attribute that does not exist
Ok, based on this instruction https://wiki.samba.org/index.php/Keytab_Extraction created a keytab on the windows server and copied to  /var/lib/zentyal/conf/samba.keytab', but it didn't help and after restarting the service the keytab file was gone.
if i run command manualy:
Quote
user@zentyal:~$ sudo samba-tool domain exportkeytab '/var/lib/zentyal/conf/samba.keytab' --principal='ÐÑÑаÑоÑ@EP.LOC'
Quote
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Export one principal to /var/lib/zentyal/conf/samba.keytab
When i edit or create user from windows on zentyal controller - all work fine, in zentual log:
Quote
INFO> SyncDaemon.pm:125 EBox::Samba::SyncDaemon::checkUsers - Set user 'CN=test2,CN=Users,DC=EP,DC=LOC' uidNumber=65727
SyncDaemon.pm:131 EBox::Samba::SyncDaemon::checkUsers - Set user 'CN=test2,CN=Users,DC=EP,DC=LOC' gidNumber=2513

How do I fix this problem?
5
Spanish / Integración de Zimbra con autenticación en Zentyal
« Last post by GuidoC on July 21, 2021, 09:27:44 pm »
Este método funciona desde la versión de Zentyal 4.2 hasta Zentyal 7 y desde la versión de Zimbra 7.x hasta Zimbra 9.x.

  • Primero ingresamos a Zentyal y creamos un usuario que este en el grupo de administradores de dominio, este usuario servirá para la sincronización de cuentas y autenticación entre Zentyal y Zimbra.
  • En la pantalla inicial de Zimbra configuramos un nuevo dominio
  • En el modo de autenticación usaremos los siguientes valores:
    • Filtro LDAP = (samAccountName=%u):  Se tienen 2 opciones %n para validar nombre de usuario y dominio "usuario@dominio.com" y %u si se quiere validar el nombre de usuario sin @ "usuario", este último parámetro es muy útil cuando se tiene un nombre de  dominio interno (guidocutipa.local) diferente al nombre de dominio publicado en internet (guidocutipa.blog.bo)
    • Base de búsqueda de LDAP = DC=guidocutipa,DC=blog,DC=bo
  • En configuración de autenticación, se debe escribir el nombre de usuario y contraseña creado en el primer punto de esta lista

Una descripción más detalla se puede encontrar en el siguiente enlace https://guidocutipa.blog.bo/integracion-de-zimbra-con-autenticacion-de-usuarios-en-zenyal/
6
Installation and Upgrades / Re: Zentyal 7.0 Install on a LXC Container
« Last post by Daniel Joven on July 20, 2021, 04:48:34 pm »
Hi Deslack,

The command that you used to fix the Suricata public key is defined in the script:

Code: [Select]
## Adding Suricata repositorio for zentyal-ips module
if ! grep -qR 'http://ppa.launchpad.net/oisf/suricata-stable/ubuntu' /etc/apt/sources.list*
  then
    echo "deb http://ppa.launchpad.net/oisf/suricata-stable/ubuntu $(lsb_release -sc) main" >> /etc/apt/sources.list
    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ${SURI_KEY}
fi

Is it possible that you already had that repository in your Ubuntu server? How many times times did you run the script?

Best regards, Daniel Joven.
7
Installation and Upgrades / Re: Setup and configuration Opendkim
« Last post by gabor.strama on July 19, 2021, 03:29:20 pm »
Hi!

I need some small help:
I created and i configured the DKIM on this article.
But when i try to cerate the internal dkim record i allways got this error message:

2021/07/19 15:22:45 ERROR> GlobalImpl.pm:653 EBox::GlobalImpl::saveAllModules - Failed to save changes in module dns: root command nsupdate -g -4 -t 10 /var/lib/zentyal/tmp/hZmjYbr4h9 failed.
Error output: 19-Jul-2021 15:22:45.229 dns_rdata_fromtext: buffer-0x7fcb88860e70:1: near '"v=DKIM1;': syntax error
 invalid rdata format: syntax error
 syntax error

Command output: .

Please can you help in this case?

BR,
GáborS
8
Installation and Upgrades / Zentyal 7.0 Install on a LXC Container
« Last post by Deslack on July 16, 2021, 04:10:57 pm »

Hello guys,

Just installed Zentyal 7.0 on a Ubuntu 20.04 LTS using the install script as highlighted here:

https://doc.zentyal.org/en/installation.html#installation-on-top-of-ubuntu-20-04-lts-server-or-desktop

I tried it and got it running with a minor kink as follow

Code: [Select]
# ./zentyal_installer.sh
Do you want to install the Zentyal Graphical environment? (n|y) n

 - Checking Ubuntu version...
...OK

 - Checking for broken packages...
...OK

 - Checking for available disk space...
...OK

 - Checking if the system is up-to-date...
W: GPG error: http://ppa.launchpad.net/oisf/suricata-stable/ubuntu focal InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY D7F87B2966EB736F
E: The repository 'http://ppa.launchpad.net/oisf/suricata-stable/ubuntu focal InRelease' is not signed.

Which I remedied with:

Code: [Select]
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D7F87B2966EB736F
to add the suricata's pubkey to the repository. After that, ./zentyal-installer.sh ran fine.

Just a heads up for you guys.
9
News and Announcements / Re: Upgrade from Zentyal 6.2 to 7.0 is now available
« Last post by hjt on July 15, 2021, 08:22:40 pm »
Hangs during upgrade.

Code: [Select]
*** Preparing for upgrade to Zentyal 7.0...
+ echo

+ prepareZentyalRepositories
+ wget -qO - keys.zentyal.org/zentyal-7.0-packages.asc
+ sudo apt-key add -
OK
+ '[' -f /etc/apt/sources.list.d/zentyal-archive.list ']'
+ '[' -f /var/lib/zentyal/.commercial-edition ']'
+ sed -ri '/zentyal(.)6.2/d' /etc/apt/sources.list
+ echo 'deb http://packages.zentyal.org/zentyal 7.0 main extra'
+ grep -qR http://ppa.launchpad.net/oisf/suricata-stable/ubuntu /etc/apt/sources.list /etc/apt/sources.list~ /etc/apt/sources.list.d
+ echo 'deb http://ppa.launchpad.net/oisf/suricata-stable/ubuntu focal main'
+ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D7F87B2966EB736F
Executing: /tmp/apt-key-gpghome.LfsjAz87zp/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys D7F87B2966EB736F

I had the same, solution was to deinstall IPS before upgrading to 7.
10
Other modules / Re: Zentyal 7 DNS: QUERY REFUSED
« Last post by kcurtis on July 14, 2021, 07:37:34 pm »
I am having the same issue after restarting the DNS module.

This is what the syslog is showing. It is streaming these 'denied' messages all the time as the workstations make DNS calls
Code: [Select]
Jul 14 12:23:48 zdomain named[569313]: client @0x7fc06801a410 172.16.1.41#61070 (perr.h-cdn.com): query (cache) 'perr.h-cdn.com/A/IN' denied
Jul 14 12:23:49 zdomain named[569313]: client @0x7fc060050890 172.16.1.53#56381 (www.gstatic.com): query (cache) 'www.gstatic.com/A/IN' denied
Jul 14 12:23:50 zdomain named[569313]: client @0x7fc06801a410 172.16.1.162#56110 (www.facebook.com): query (cache) 'www.facebook.com/A/IN' denied

This is what I get when I try to do an nslookup from the workstations

Code: [Select]
[HostName].[Domainname].lan  can't find google.com; query refused

***************Update***************
FYI - I went back and tried adding my vLANs to /usr/share/zentyal/stubs/dns/named.conf.local.mas restarted the DNS and it DID start working fine.
Pages: [1] 2 3 ... 10