Messages

1

Installation and Upgrades / Upgrade (manualy) Samba 4.7.x to 4.10.x

« on: August 07, 2019, 12:41:10 am »

Hello,
I've Zentyal 6.0 with Samba 4.7.6 but i need Samba 4.10.x ¿is possible upgrade this service manualy?


Thanks.

2

Directory and Authentication / Re: Add record to DNS give error to restart

« on: June 13, 2019, 06:23:09 pm »

Hi!

It signifies that there's not synchronicity on your whole system. 

But this is bizarre as far as you have configured your Zentyal as domain controller and this option enables automatically NTP... 

Do  you have some additional domain controller that isn't synchronized ?

Cheers!

Hello,
yes i've two additional domain controllers . MMmm,, i see some errors:

root@zentyal1:~# samba-tool drs showrepl 2>&1
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:zentyal1.example.local[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name zentyal1.example.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name zentyal1.example.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name zentyal1.example.local<0x20>
GSS client Update(krb5)(1) Update failed:  Miscellaneous failure (see text): Clock skew too great
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for ldap/zentyal1.example.local failed (next[ntlmssp]): NT_STATUS_LOGON_FAILURE
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Default-First-Site-Name\ZENTYAL1
DSA Options: 0x00000001
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
DSA invocationId: b0a91b8a-3bd6-4489-b846-ddba28dcf5a4

==== INBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=example,DC=local
   Default-First-Site-Name\ZENTYAL2 via RPC
      DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
      Last attempt @ Thu Jun 13 12:13:47 2019 -04 failed, result 1326 (WERR_LOGON_FAILURE)
      445 consecutive failure(s).
      Last success @ Tue Jun 11 23:16:56 2019 -04

DC=ForestDnsZones,DC=example,DC=local
   Default-First-Site-Name\ZENTYAL3 via RPC
      DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
      Last attempt @ Thu Jun 13 12:13:47 2019 -04 was successful
      0 consecutive failure(s).
      Last success @ Thu Jun 13 12:13:47 2019 -04

DC=DomainDnsZones,DC=example,DC=local
   Default-First-Site-Name\ZENTYAL2 via RPC
      DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
      Last attempt @ Thu Jun 13 12:16:19 2019 -04 failed, result 1326 (WERR_LOGON_FAILURE)
      2305 consecutive failure(s).
      Last success @ Tue Jun 11 23:16:56 2019 -04

DC=DomainDnsZones,DC=example,DC=local
   Default-First-Site-Name\ZENTYAL3 via RPC
      DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
      Last attempt @ Thu Jun 13 12:13:47 2019 -04 was successful
      0 consecutive failure(s).
      Last success @ Thu Jun 13 12:13:47 2019 -04

DC=example,DC=local
   Default-First-Site-Name\ZENTYAL2 via RPC
      DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
      Last attempt @ Thu Jun 13 12:13:47 2019 -04 failed, result 1326 (WERR_LOGON_FAILURE)
      929 consecutive failure(s).
      Last success @ Tue Jun 11 23:16:59 2019 -04

DC=example,DC=local
   Default-First-Site-Name\ZENTYAL3 via RPC
      DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
      Last attempt @ Thu Jun 13 12:13:49 2019 -04 was successful
      0 consecutive failure(s).
      Last success @ Thu Jun 13 12:13:49 2019 -04

CN=Schema,CN=Configuration,DC=example,DC=local
   Default-First-Site-Name\ZENTYAL2 via RPC
      DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
      Last attempt @ Thu Jun 13 12:13:50 2019 -04 failed, result 1326 (WERR_LOGON_FAILURE)
      446 consecutive failure(s).
      Last success @ Tue Jun 11 23:16:59 2019 -04

CN=Schema,CN=Configuration,DC=example,DC=local
   Default-First-Site-Name\ZENTYAL3 via RPC
      DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
      Last attempt @ Thu Jun 13 12:13:50 2019 -04 was successful
      0 consecutive failure(s).
      Last success @ Thu Jun 13 12:13:50 2019 -04

CN=Configuration,DC=example,DC=local
   Default-First-Site-Name\ZENTYAL2 via RPC
      DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
      Last attempt @ Thu Jun 13 12:13:50 2019 -04 failed, result 1326 (WERR_LOGON_FAILURE)
      447 consecutive failure(s).
      Last success @ Tue Jun 11 23:16:59 2019 -04

CN=Configuration,DC=example,DC=local
   Default-First-Site-Name\ZENTYAL3 via RPC
      DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
      Last attempt @ Thu Jun 13 12:13:50 2019 -04 was successful
      0 consecutive failure(s).
      Last success @ Thu Jun 13 12:13:50 2019 -04

==== OUTBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=example,DC=local
   Default-First-Site-Name\ZENTYAL2 via RPC
      DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
      Last attempt @ Thu Jun 13 12:17:26 2019 -04 failed, result 1326 (WERR_LOGON_FAILURE)
      14 consecutive failure(s).
      Last success @ NTTIME(0)

DC=ForestDnsZones,DC=example,DC=local
   Default-First-Site-Name\ZENTYAL3 via RPC
      DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
      Last attempt @ NTTIME(0) was successful
      0 consecutive failure(s).
      Last success @ NTTIME(0)

DC=DomainDnsZones,DC=example,DC=local
   Default-First-Site-Name\ZENTYAL2 via RPC
      DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
      Last attempt @ Thu Jun 13 12:17:26 2019 -04 failed, result 1326 (WERR_LOGON_FAILURE)
      14 consecutive failure(s).
      Last success @ NTTIME(0)

DC=DomainDnsZones,DC=example,DC=local
   Default-First-Site-Name\ZENTYAL3 via RPC
      DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
      Last attempt @ NTTIME(0) was successful
      0 consecutive failure(s).
      Last success @ NTTIME(0)

DC=example,DC=local
   Default-First-Site-Name\ZENTYAL2 via RPC
      DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
      Last attempt @ Thu Jun 13 12:17:26 2019 -04 failed, result 1326 (WERR_LOGON_FAILURE)
      13 consecutive failure(s).
      Last success @ NTTIME(0)

DC=example,DC=local
   Default-First-Site-Name\ZENTYAL3 via RPC
      DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
      Last attempt @ NTTIME(0) was successful
      0 consecutive failure(s).
      Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=example,DC=local
   Default-First-Site-Name\ZENTYAL2 via RPC
      DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
      Last attempt @ Thu Jun 13 12:17:27 2019 -04 failed, result 1326 (WERR_LOGON_FAILURE)
      14 consecutive failure(s).
      Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=example,DC=local
   Default-First-Site-Name\ZENTYAL3 via RPC
      DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
      Last attempt @ NTTIME(0) was successful
      0 consecutive failure(s).
      Last success @ NTTIME(0)

CN=Configuration,DC=example,DC=local
   Default-First-Site-Name\ZENTYAL2 via RPC
      DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
      Last attempt @ Thu Jun 13 12:17:27 2019 -04 failed, result 1326 (WERR_LOGON_FAILURE)
      14 consecutive failure(s).
      Last success @ NTTIME(0)

CN=Configuration,DC=example,DC=local
   Default-First-Site-Name\ZENTYAL3 via RPC
      DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
      Last attempt @ NTTIME(0) was successful
      0 consecutive failure(s).
      Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
   Connection name: 36a4786c-c9de-4fc1-b2b7-390c0d7f4dba
   Enabled        : TRUE
   Server DNS name : zentyal2.example.local
   Server DN name  : CN=NTDS Settings,CN=ZENTYAL2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=local
      TransportType: RPC
      options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
   Connection name: f74e48dd-ca6a-43a3-8c7e-ddba4203a12f
   Enabled        : TRUE
   Server DNS name : zentyal3.example.local
   Server DN name  : CN=NTDS Settings,CN=ZENTYAL3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=local
      TransportType: RPC
      options: 0x00000001
Warning: No NC replicated for Connection!

3

Directory and Authentication / Add record to DNS give error to restart

« on: June 13, 2019, 03:33:28 pm »

Hello.
I've Zentyal 5.0 and with Samba A/D and DNS, ntp, etc modules. I try add host into DNS service and have error after save and restart service.

2019/06/12 23:22:36 INFO> GlobalImpl.pm:625 EBox::GlobalImpl::saveAllModules - Saving config and restarting services: firewall dns
2019/06/12 23:22:37 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns
2019/06/12 23:22:42 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2019/06/12 23:22:46 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command kinit -k -t /var/lib/samba/private/dns.keytab dns-zentyal1 failed.
Error output: kinit: krb5_get_init_creds: Clock skew too great

Command output: .
Exit value: 1 at root command kinit -k -t /var/lib/samba/private/dns.keytab dns-zentyal1 failed.
Error output: kinit: krb5_get_init_creds: Clock skew too great

What's wrong?


Thanks

4

Installation and Upgrades / Re: ZENTYAL 5.0.7 unable to connect to Windows 2008 Domain

« on: April 22, 2017, 01:19:25 am »

Hello,
I've the same error with Zentyal 5.0 when i try setting additional domain controller:

2017/04/21 19:50:57 ERROR> GlobalImpl.pm:661 EBox::GlobalImpl::saveAllModules - Failed to save changes in module samba: root command kinit -e arcfour-hmac-md5 --password-file='/var/lib/zentyal/tmp/nrACf9' 'user@EXAMPLE.COM' failed.
Error output: kinit: krb5_get_init_creds: unable to reach any KDC in realm EXAMPLE.COM

Command output: .
Exit value: 1

1. Both (primary and secondary) have the same date (sync with ntp)
2. I dont have firewall between servers
3. Telnet to primary server to 88 port is ok

5

Directory and Authentication / Re: Zentyal 4.2.2 samba high memory usage

« on: October 14, 2016, 10:06:27 pm »

Hello,
Search in the Samba list but i dont found similar case. In the next thread people have similar problem (memory, cpu)  with the Samba 4.x an kernel 3.19.x.x and the solution is downgrade the kernel to 3.19.0-43 https://forum.zentyal.org/index.php/topic,27362.60.html .

Regards.

6

Directory and Authentication / Re: Zentyal 4.2.2 samba high memory usage

« on: October 05, 2016, 07:10:41 pm »

Hello,
I've the same behavior with Samba (PDC). The service run ok some days and after it uses all memory ram the service is
degraded. The solution is restart samba service (service zentyal samba restart)

Zentyal versión 4.2.2
Samba versión Version 4.3.4-Zentyal
Kernel version 3.19.0-65-generic
Server ram 8GB
VCPU 8

7

Directory and Authentication / domain controller replication time (additional domain controller)

« on: July 13, 2016, 09:59:37 pm »

Hello,
I've Zentyal 4.2  and setting PDC (pdcl1) with domain controller module for 1000 users, the master server replicate ldap to two additional domain controller (pdc2, pdc3) my question is about the replication time. For example, i create the new user in the pdc1 and the replication to pdc2 is fast (delay 30 seconds) but the delay to pdc3 is about two minutes . ¿Is normal the delay to pdc3? ¿Is possible sync pdc3 before pdc2? ¿Why replicate pdc2 before pdc3?.

Thanks.