Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - ovecka

Pages: [1] 2
You can use RSAT tools from any client station connected to the domain just like you would with a Windows Server. You can manage your shares from there as well.

Directory and Authentication / Re: AD Stop Working on Windows 11 22H2
« on: November 18, 2022, 07:52:43 pm »

For me, after a long research, feature and process testing, and more than 20 lab test migrations of my current systems (and after completing the first production transparent migration), my alternative is Univention (

Univention even has a plugin called adtakeover, that can migrate a whole domain (users, groups, passwords, etc.)

On their forums I noticed that you had some issues with the migration to Univention. You got no response there. Did you solve those issues? And if you did then how?

I think your firewall trouble is kind of secondary to your primary problem.
You put your devices (be it the client or the Proxmox machines) on a /32 netmask. By doing that you completely isolate those devices from any networks (both LAN and WAN) unless you set a static route to your router on them. Why would you assign that to a device you want to be a part of your network? You basically disconnect them from your network and then wonder why they can't see each other. Set your netmask to /24 everywhere and you get rid of your problem whatsoever. :)

Other modules / Re: Trying to confirm use case- newbie question
« on: December 08, 2020, 11:55:50 am »
You can't manage GPOs directly from the Zentyal GUI but you can user Remote Server Administration Tools from any Windows computer conntected to the domain. There is a link in the "Domain section" of Zentyal GUI.

Other modules / Successful RADIUS logins can't be filtered in GUI logs
« on: December 03, 2020, 07:29:49 pm »
I found a problem with RADIUS logs in the GUI. When a successful login occurs, it's doesn't show as a "Login OK" event but rather, it is reported as an empty event which can't be filtered. Failures are displayed correctly. The actual /var/log/freeradius/radius.log properly logs the "Login OK" messages but they are not picked up by the GUI. Is it just some simple typo in the web function that can be fixed on my side?

Directory and Authentication / Re: Help first installation!
« on: December 30, 2018, 08:57:16 am »
Do you need more than an official guide?

There were issues for me when I transferred all FSMO roles to Zenyal's ADC, copied the sysvol directory and shut the PDC for good.
The GUI still thinks it's an ADC. That means that I am unable to activate Roaming profiles and set the home directory letter via the GUI and when I create a new user there, the profile path and home directory aren't properly mapped. Since then, I have been forced to create all new user's links through Windows' RSAT. Unfortunately, I hadn't found any solution to the problem and eventually gave up.

I forgot to mention that all the other domain functions work well, incl. user authentication, samba shares, GPOs,...

Unfortunately going back is resulting in the same loop for me. Can't use old apt to install packages for 5.1 or 5.1.1. He demands I update apt first which is broken afterwards. using the same version of apt, libapt and  APTPKG_5.0 libraries is not changing me having this issue.

I looked into this a bit more and it could be related to juju somehow. I tried re linking the libraries to the correct once which was suggested in a Ubuntu forum thread but to no avail.

That's strange. I have just tried to install the DHCP and IPS modules with 1.2.27 apt and I can install Zentyal modules without any hassle. 1.2.29 gives me the same error you get. Didn't you forget to install the apt-utils package? Either that or your issue might be connected to your inability to install SOGo in the first place. I hesitate to try it myself as I don't really want to put our server down. ;)

Same here. My system updates ended with the same error. Apt and apt-get no longer available.  :-\

Solved it by manually reinstalling apt's older version (1.2.28 and above don't work)

Code: [Select]
sudo dpkg -i apt_1.2.27_amd64.deb apt-utils_1.2.27_amd64.deb

The dashboard doesn't report AD users logged in. Only the system users. Maybe making the AD users system users in Users and Computers/LDAP settings would help but I have never tested it myself so take it just as an idea.
Your other problem could be an issue with /home/samba/profiles folder permissions. Did you  change the default ones?

The easiest way would be to install Remote server administration tools (RSAT) if it hasn't already been installed.

The GUI uses system admin password to log in not the Domain Admin one. You entered it during the installation. Use if you forgot it.

Other modules / Firewall drops random packets on proxy and http ports
« on: April 04, 2018, 07:56:12 pm »
I'm trying to figure out why our Zentyal firewall sometimes drops packets that by the rules should go through easily.

Our 3.5 Zentyal is connected to eth0 (internal) parallel to all other devices and acts as a PDC, DHCP, RADIUS  server and an explicit proxy for around 50 devices. NATting is done on VDSL modem which is set as a default gateway and properly distributed to clients by DHCP. Everything kind of works correctly but for the past two weeks, the firewall module has started dropping some packets from random devices on ports 3128 (inbound) and 80 (outbound) even though the Zentyal outbound traffic rule is set to allow everything and I didn't alter any HTTP proxy service rule. Even explicitly creating a rule to allow port 3128 traffic in "Internal networks to Zentyal" (and setting it as the topmost) doesn't solve the problem and the dropping continues (see picture below). On those affected devices, everything seems to work including internet. Apparently, only a very small fraction of packets is dropped so the user doesn't notice anything while browsing.

The only change I made in /etc/zentyal/firewall.conf is changing nat_enable to "no"
I didn't make any changes to iptables or firewall.postservice hook.

Is it a bug or it has something to do with spoofing protection? Any ideas or advices?

Unfortunately, I can't add any images and iptables printout to the post (upload folder full).

If I understand it correctly, you successfuly joined the domain with pbis-open but are unable to login to the workstation using AD credentials. You can see the connection in /opt/pbis/bin/get-status and that workstation is visible in the Zentyal web interface. Is that right?

If that's the case, there should be no problem for your users to login. Of that there might be two causes:

1) You used bash to join the domain (domainjoin-cli) and didn't specify the domain prefix:
Code: [Select]
domainjoin-cli join adminuser
Test that by trying to log in from the terminal:
Code: [Select]
su - testuser
No passwd entry for 'testuser'

vs (mind the capitals and double backslash)

Code: [Select]
su - YOURDOMAIN\\testuser

You can either log by using the domain prefix or (which is easier) run pbis-open config to handle it:
Code: [Select]
sudo /opt/pbis/bin/config AssumeDefaultDomain true

2) Your users can actually login from the bash but your greeter (Login screen) doesn't show them or allow them to specify their username.

On my Mint 18 machines I solve this by adding:

Code: [Select]

to /etc/lightdm/lightdm.conf.d/70-linuxmint.conf.

Also, keep in mind that there is a good habit in setting bash as the default shell and setting user's home directories to something more appropriate (%H/%U in my case) as described in the guide on linoxide. Suit that to your liking.

The easiest way to join a Linux computer to a Zentyal PDC is through pbis-open package.



You can find more straightforward step by step guides on the web.

Pages: [1] 2