Messages

1

Directory and Authentication / Re: AD Stop Working on Windows 11 22H2

« on: October 08, 2022, 12:16:54 am »

I'm on Zentyal 6.1 and was able to join the domain fine but I'm not able to log into the domain account from Win 11? If I log into that machine with a local account I can then access the samba shares by logging in with user@domain but those same credentials will not let me log into the computer. No issues with several machines that where already on the domain with Win 10 and then upgraded to Win 11. This one is a brand new native Win 11 install.

I tried the DES encryption workaround but it made no difference for me. Any other ideas or workarounds?

2

Directory and Authentication / Re: Samba access logs

« on: October 19, 2018, 02:01:48 am »

Has anyone gotten this to work? I need access logs but can't seem to get them to work through Zentyal.

3

Directory and Authentication / Separate Zentyal OS from SMB Storage

« on: August 09, 2018, 02:06:12 am »

I run Zentyal in a ProxMox VM for PDC, DNS and file shares for about 35 Windows clients. All of my shares are in the Zentyal VM install and the total server size is up around 7TB. Whenever I do Zentyal/OS updates I like to do a full VM backup so I can get back up and running quick if something goes wrong. The problem is that the backups take about 5-6 hours so it takes forever to do an OS upgrade and I have to do it on non-working hours. I could use some advice from you experts on moving the storage space to a separate VM. Could you give opinions or options on what has worked for you? I want to continue to use Zentyal as user/share/permissions manager.
I have tons of free HD space (36TB), memory (128GB) and CPU (32x Xeon) on the server.
FreeNAS (Overkill? Don't want or need the management)
Barebones Linux + NFS mount?

4

Installation and Upgrades / Upgrade from 4.2 to 5.0

« on: December 31, 2017, 12:54:57 am »

I am trying to upgrade my Development Edition from version 4.2 to version 5 and am getting errors in both the GUI and the command line saying that my "License key cannot be validated." Does anyone know how to fix that?

5

Directory and Authentication / Re: Multifactor Authentication - 2FA

« on: July 07, 2017, 08:53:23 pm »

I asked their support and management and it's not on Zentyal's roadmap to integrate any 2FA or multi factor auth. What we ended up doing is to segregate all the documents that fall under CUI (Controlled Unclassified Information). We store all those docs in a cloud based storage service that is compliant to the NIST standard. Look for 'FedRAMP High JAB' certification. It was just to onerous and expensive for us to implement NIST 800-171 company wide.

6

Directory and Authentication / Multifactor Authentication - 2FA

« on: March 03, 2017, 06:00:06 pm »

Are there any methods to enable multifactor authentication in Zentyal? I see that there is a PAM module that uses Google Authenticator and Samba4 can do the same. I'm not sure how the AD and Kerberos parts work and I haven't started any testing yet. Many companies (like mine) are being forced to be compliant to cyber security standard NIST 800-171 and it requires 2FA.

7

Installation and Upgrades / Re: Zentyal 4.2 - BUG: soft lockup - CPU #1, after latest update

« on: April 21, 2016, 11:42:13 pm »

That sucks. I just upgraded to that -58 kernel. 

8

Installation and Upgrades / Re: Zentyal 4.2 - BUG: soft lockup - CPU #1, after latest update

« on: April 12, 2016, 05:54:31 pm »

@Andreas
I am currently using 3.19.0-49 on my server without issue for 9 days. I ran into the bug when I upgraded the kernel to the 3.19.0-53 version. I know at the time I was having issues I had found the 'ip route ls' command and tested on these two versions and the -53 version kept running the line over and over until CTRL-C while the -49 exited on it's own. That is pretty much all the testing I did. It's not clear if Carlos or anyone else has ever tried to run the 'ip route ls' command on -56 or -58 kernels. It may not be an indicator at all or is unrelated. Hopefully someone finds a reliable way to test it. I'm going to work on a test bed today as I can't mess with my production server during the day.

9

Installation and Upgrades / Re: Zentyal 4.2 - BUG: soft lockup - CPU #1, after latest update

« on: April 11, 2016, 10:35:07 pm »

The 'ip route ls' command I mentioned earlier has worked for me to test that the bug exists or does not in a given kernel. See this post for more info:
https://forum.zentyal.org/index.php/topic,26954.msg99367.html#msg99367

It stems from a bug in the kernel that makes the ip command output the first rule infinitely.  You can use this command to see if you're affected:
ip route ls

Broken Output:
0:   from all lookup local
0:   from all lookup local
0:   from all lookup local
0:   from all lookup local
0:   from all lookup local
0:   from all lookup local
0:   from all lookup local
<repeats indefinitely - ctrl+c to quit>

In Zentyal, this causes one of the network scripts to hang because it's waiting for that command to end.  This prevents loading of other services and resulted in my network being severely broken.

Besides the previously mentioned fix of rolling back the kernel, you can modify the script in question:
/usr/share/zentyal-network/flush-fwmarks

10

Installation and Upgrades / Re: Zentyal 4.2 - BUG: soft lockup - CPU #1, after latest update

« on: April 09, 2016, 01:47:22 am »

FYI
This is a kernel bug https://bugs.launchpad.net/ubuntu/+source/linux-lts-utopic/+bug/1514785. You can test whether it's fixed by running the command: 'ip rule show' It should just spit out the rules and exit but on any versions with the bug it just loops and never exits. Zentyal must use this command somewhere and after a while it eats up all CPU and memory resources and results in the CPU soft hang.

Quick way to test it instead of waiting a week for Zentyal to crap out.

11

Installation and Upgrades / Re: Zentyal 4.2 - BUG: soft lockup - CPU #1, after latest update

« on: February 26, 2016, 04:02:08 pm »

I was having this same issue and thanks to your help here have rolled back to the 3.19.0-47 kernel and everything seems to be normal again. Has anyone tested the 3.19.0.51.36 vivid kernel yet? I'm on a production server and can't really test it out.

12

Installation and Upgrades / Re: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication

« on: July 28, 2015, 11:56:00 pm »

Still no luck with the NONE at the end. I am not able to telnet to port 389 using PuTTY. I get a Network Error: Software caused connection abort.

I can however use JXplorer (jxplorer.org) to log in and browse the entire LDAP tree. ldapsearch also works fine from another Linux client. With JXplorer I can see that the Administrator user indeed has the sAMAccountName attribute and it is set to Administrator. The distinguishedName  is set to "CN=Administrator Zentyal,CN=Users,CN=deidomain,CN=lan" though. When I set the Administrator password through the Zentyal GUI it will not save without having something in the Last Name field so I added the Zentyal part. Doubt that has anything to do with it. To log in with JXplorer I use the following settings:



I use another service called LogicalDOC that also authenticates against this server with these same credentials. I'm pretty sure the Zentyal/Samba4 side is OK it's just a matter of the Apache settings.

13

Installation and Upgrades / Re: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication

« on: July 28, 2015, 07:25:11 pm »

I am using Apache 2.4.7. I have tried without the alias and get the exact same results but will go ahead and eliminate the alias for now. Any idea if the Apache error log means the Bind DN is failing or the user login is failing?

14

Installation and Upgrades / Re: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication

« on: July 27, 2015, 11:43:28 pm »

I still can't get this to work. With this setup I always get:

Code: [Select]

[Mon Jul 27 14:34:44.938751 2015] [auth_basic:error] [pid 29828:tid 140253874984704] [client 127.0.0.1:46336] AH01617: user jwilliams: authentication failure for "/test": Password MismatchNot sure if it's even getting to the LDAP server or if it can't supply the correct password. I am positive that both the Administrator Bind password is correct as well as the user password through the broswer. Here is my relevant Apache code. This is inside of the <VirtualHost *:80> container. I have tried a <Location> container instead of <Directory> but it doesn't make any difference.

Code: [Select]

Alias /test "/apachetest/"
<Directory /apachetest/>
Options Indexes FollowSymLinks Includes ExecCGI MultiViews
AllowOverride None
AuthBasicProvider ldap
AuthType Basic
    AuthName "DEI Internal Website"
AuthLDAPURL "ldap://192.168.2.12:389/cn=Users,dc=deidomain,dc=lan,?sAMAccountName?sub?(objectClass=*)"
    AuthLDAPBindDN "cn=Administrator,cn=Users,dc=deidomain,dc=lan"
AuthLDAPBindPassword "password"
    Require valid-user
</Directory>


15

Installation and Upgrades / Re: Zentyal 4.1.2 and Zimbra 8 - LDAP Authentication

« on: July 26, 2015, 06:39:25 am »

Has anyone been able to get Apache to authenticate to the Zentyal 4.1 LDAP? I have tried everything I can find but have had no luck. I have other services working with it so I know it's working on the Zentyal server side. My other services use DOMAINNAME\Administrator style for the Bind DN but Apache gives a 500 internal server error when I use that. cn=Administrator,cn=Users,dc=domainname,dc=lan style gives me a Password Mismatch error in the Apache log.