Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - stefanobr

Pages: [1]
Directory and Authentication / Samba SSL Certificates - Zentyal 5
« on: July 09, 2020, 02:58:25 am »
Hi all,

An external company did a pen test on our Zentyal servers and found some issues with the samba certificates, namely:
SSL Certificate Signed Using Weak Hashing Algorithm
SSL Medium Strength Cipher Suites Supported (SWEET32)

How would I go about solving this? Do I need to issue new, self signed certificates for samba? Or am I completely off track?

Thank you so much in advance!


Directory and Authentication / "Map to guest" samba on Zentyal 5
« on: July 09, 2020, 02:53:15 am »
Hi all,

I've been trying to modify the above parameter in /etc/samba/smb.conf with no success;  "Bad User" and "Bad Password" are accepted but I need to change it to "Never" to avoid Null session attacks.
If I try to modify this parameter and set it to "Never", testparm just skips it altogether. Even just commenting it out didn't work, as "Never" is the default behaviour I kinda hoped I had found a workaround but no joy, I'm still able to reproduce a null session.

I know that Zentyal uses stubs in some cases for certain configurations, and in fact I was able to find the right one (I thought) at this location: /usr/share/zentyal/stubs/samba.
But even changing the stub there did not yield any results (if that is the intended behaviour, I'm not entirely sure).

I also found another configuration file in /etc/zentyal, but it looks like that takes care more of the GUI elements in Zentyal web interface rathen than samba itself? Please correct me if I'm wrong.

Am I missing something obvious or do you have any ideas?
Oh, also my smb.conf is untouched, apart from that modification I wanted to make, so it's all standard Zentyal so to speak.

Thank you very much!

Directory and Authentication / Radius module missing
« on: February 17, 2020, 12:05:08 pm »
Hi all,

It appears that the 'zentyal-radius' module is missing from my configuration? It doesn't show up in the web GUI or in the 'apt' list. I've attached a couple of screenshots to show you what I mean. I've tried to attach a couple of screenshots but had no luck... I'm copy/pasting below (sorry about the long list)

--Web GUI--
Zentyal components

Install Update 0 Delete
Component   Latest Version   Select

Antivirus   5.1.1   
Certification Authority   5.1   
FTP   5.1   
HTTP Proxy   5.1   
Intrusion Prevention System   5.1.1   
Jabber   5.1   
Mail   5.1   
Mail Filter   5.1   
VPN   5.1   
Web Mail   5.1   

--Apt search list--
zentyal/unknown,unknown,now 5.1 all [installed]
  Zentyal - Core metapackage

zentyal-all/unknown,unknown 5.1 all
  Zentyal - All Modules

zentyal-antivirus/unknown,unknown 5.1.1 all
  Zentyal - Antivirus

zentyal-ca/unknown,unknown 5.1 all
  Zentyal - Certification Authority

zentyal-core/unknown,unknown,now 5.1.3 all [installed,automatic]
  Zentyal - Core

zentyal-dhcp/unknown,unknown,now 5.1.1 all [installed]
  Zentyal - DHCP Server

zentyal-dns/unknown,unknown,now 5.1 all [installed,automatic]
  Zentyal - DNS Server

zentyal-firewall/unknown,unknown,now 5.1 all [installed,automatic]
  Zentyal - Firewall

zentyal-ftp/unknown,unknown 5.1 all
  Zentyal - FTP

zentyal-groupware/unknown,unknown 5.1 all
  Zentyal - Mail and Groupware

zentyal-ips/unknown,unknown 5.1.1 all
  Zentyal - Intrusion Prevention System

zentyal-jabber/unknown,unknown 5.1 all
  Zentyal - Jabber

zentyal-mail/unknown,unknown 5.1 all
  Zentyal - Mail

zentyal-mailfilter/unknown,unknown 5.1 all
  Zentyal - Mail Filter

zentyal-network/unknown,unknown,now 5.1 all [installed,automatic]
  Zentyal - Network Configuration

zentyal-ntp/unknown,unknown,now 5.1 all [installed,automatic]
  Zentyal - NTP Service

zentyal-openvpn/unknown,unknown 5.1 all
  Zentyal - VPN

zentyal-samba/unknown,unknown,now 5.1.2 all [installed]
  Zentyal - Domain Controller and File Sharing

zentyal-software/unknown,unknown,now 5.1 all [installed,automatic]
  Zentyal - Software Management

zentyal-sogo/unknown,unknown 5.1 all
  Zentyal - Web Mail

zentyal-squid/unknown,unknown 5.1 all
  Zentyal - HTTP Proxy

zsupporttools/unknown,unknown 5.1 all
  Zentyal - Support Tools

Is it possible that I have to activate some other module(s) before I am able to access the radius one?

Thank you in advance!


Pages: [1]