Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - killmasta93

Pages: [1] 2 3 ... 5
1
Installation and Upgrades / Re: odd issue with bind?
« on: January 11, 2022, 11:34:42 pm »
Thanks for the reply, it seems that changing the DNS forwarders to my pfsense seemed to fix the issue

2
Installation and Upgrades / Re: odd issue with bind?
« on: December 27, 2021, 07:01:46 pm »
Thanks for the reply,
This is my config i currently i have
its currently trusted

Code: [Select]
options {
        sortlist {
                192.168.1.0/24;
        };
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you might need to uncomment the query-source
    // directive below.  Previous versions of BIND always asked
    // questions using port 53, but BIND 8.1 and later use an unprivileged
    // port by default.

    //query-source address * port 53;
    //transfer-source * port 53;
    //notify-source * port 53;

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        forward first;
        forwarders {
                8.8.8.8;
        };

        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";

    auth-nxdomain no;    # conform to RFC1035

    allow-query { any; };
    allow-recursion { trusted; };
    allow-query-cache { trusted; };
    allow-transfer { internal-local-nets; };
};

logging { category lame-servers { null; }; };

3
Installation and Upgrades / odd issue with bind?
« on: December 21, 2021, 05:25:50 am »
Hi i was wondering if someone else has had this issue before,
Recently the server was working fine but im getting to see this error
Code: [Select]
root@apolo:~# service bind9 status
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2021-12-20 23:13:55 -05; 8min ago
     Docs: man:named(8)
 Main PID: 2774 (named)
    Tasks: 4 (limit: 2279)
   CGroup: /system.slice/bind9.service
           └─2774 /usr/sbin/named -f -u bind -4

Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied

its when i try to connect to VPN which i use openvpn pfsense, whcih it does not let me navigate, but whats odd it was working fine before

4
Directory and Authentication / Re: Netlogon? Scripts
« on: December 09, 2021, 03:43:04 pm »
Thanks for the reply,
so i fixed the permission issue
currently logged in as admin in the windows machine but not getting the net logon im attaching pictures

https://imgur.com/rGULNnK.png

5
Directory and Authentication / Re: Netlogon? Scripts
« on: December 09, 2021, 05:05:43 am »
so it seems an issue with the netlogon it says that i do now have permission which is odd any ideas?

6
go with 6.2 zentyal i have it working with windows server 2012r2 and 2019

7
Directory and Authentication / Netlogon? Scripts
« on: December 09, 2021, 01:10:15 am »
Hi
I was wondering if zentyal is compatible with netlogon script
Currently i have a windows server 2012r2 and were using netlogon which is a script, this is part of the script

Code: [Select]
@echo off

rem desconecte las unidades de red
net use f: /delete
net use g: /delete
net use h: /delete
net use i: /delete
net use j: /delete
net use k: /delete
net use l: /delete
net use m: /delete
net use n: /delete
net use o: /delete
net use p: /delete
net use q: /delete
net use r: /delete
net use s: /delete
net use t: /delete
net use u: /delete
net use v: /delete
net use x: /delete
net use y: /delete

if not exist g:\ net use G: "\\192.168.3.81\unidadg"

if "%1" == "administrador"         goto grupo_tecnologia


:grupo_tecnologia
net use f: "\\192.168.3.81\Manifiestos"
net use H: "\\192.168.3.81\TI"


:fin
cls
exit


when i try to access the zentyal server though the shares dont see the netlogon folder

Thank you

8
Directory and Authentication / Re: Issue with Bind?
« on: November 07, 2021, 06:54:11 pm »
Hi,

Did you check the configuration of the '/etc/resolv.conf'? Or perhaps is something about Bind cache.

Could you explain which actions you do when you said 'i create a dns host overide to resolve erp.mydomain.com to 192.168.0.160'?

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever"

Thanks for the reply, the action i create was on pfsense created a DNS overide, because on zentyal the DNS forwarder is pointing to pfSense,

9
Directory and Authentication / Issue with Bind?
« on: October 29, 2021, 11:19:25 pm »
Hi
I was wondering if someone else has had this issue before,
Currently i have DNS forwarder to my firewall and on the firewall i create a dns host overide to resolve erp.mydomain.com to 192.168.0.160.
then on zentyal i restart bind9 and starts working fine, but around few hours it starts resolving by the WAN ip instead of the LAN IP so i have to restart bind9 every time

any ideas how to make it stick?

Thank you

10
Directory and Authentication / Quick question about GPO on ubuntu
« on: May 26, 2021, 09:22:31 pm »
Hi,
i was wondering if its possible connecting a normal ubuntu desktop to the domain and apply GPO passwords policy? or does it only apply for windows?

Thank you

11
Directory and Authentication / bitlocker question
« on: May 11, 2021, 12:55:18 am »
Hi
I was wondering if bitlocker recovery keys can be saved though GPO?
I was looking but could not find

Thank you

12
Installation and Upgrades / DHCP server options?
« on: February 02, 2021, 11:59:14 pm »
Hi i was wondering if someone else knows how to add option 252 for the DHCP options? I used to be able to do this on the DHCP server options on windows server but not sure how its does on zentyal

Thank you

13
Directory and Authentication / Re: issue not resolving?
« on: December 26, 2020, 04:48:04 am »
solved it: it was apparmor

do the following it should work

Code: [Select]
ln -s /etc/apparmor.d/usr.sbin.dhcpd /etc/apparmor.d/disable/
apparmor_parser -R /etc/apparmor.d/usr.sbin.dhcpd

and reconnect your devices should see the logs correctly

14
Directory and Authentication / Re: issue not resolving?
« on: December 26, 2020, 04:25:18 am »
i think the issue is this part

Code: [Select]
Dec 25 22:19:48 apolo dhcpd[1853]: execute: /usr/share/zentyal-dhcp/dhcp-dyndns.sh exit status 32512

but on the dhcp config shows correctly

Code: [Select]
   on release {
        set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
        set ClientDHCID = concat (
        suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":",
        suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":",
        suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":",
        suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":",
        suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":",
        suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2)
        );
        log(concat("Release: IP: ", ClientIP));
        execute("/usr/share/zentyal-dhcp/dhcp-dyndns.sh", "delete", ClientIP, ClientDHCID);
    }

and i think the permissions are correct

Code: [Select]
root@apolo:~# ls -l -h /usr/share/zentyal-dhcp/dhcp-dyndns.sh
-rwxr-xr-x 1 root root 4.4K Oct  5 05:05 /usr/share/zentyal-dhcp/dhcp-dyndns.sh


15
Directory and Authentication / Re: issue not resolving?
« on: December 26, 2020, 04:11:47 am »
thanks for the reply,

Code: [Select]
root@apolo:~# cat /etc/dhcp/dhcpd.conf
# DHCP server is authoritative for all networks
authoritative;

# extra options
# RFC3442 routes
option rfc3442-classless-static-routes code 121 = array of inxxxer 8;
# MS routes
option ms-classless-static-routes code 249 = array of inxxxer 8;
# Cisco IP phones
option voip-tftp-servers code 150 = array of ip-address;
option shoretel-director-server code 155 = ip-address;

pid-file-name "/var/run/dhcp-server/dhcpd.pid";

ddns-update-style    none;
ddns-updates         on;
update-static-leases on;

option domain-name-servers 127.0.0.1;

allow booting;
allow bootp;

default-lease-time 1800;
max-lease-time 7200;

include "/etc/dhcp/ddns-keys/keys";

shared-network eth0 {

    subnet 192.168.100.0 netmask 255.255.255.0 {
       
        option routers 192.168.100.1;
        option domain-name "xxx.local";
        option domain-name-servers 192.168.100.200;
        option ntp-servers 192.168.100.200;
        option netbios-name-servers 192.168.100.200;
        option netbios-node-type 8;
        default-lease-time 1800;
        max-lease-time 7200;

        option host-name = config-option server.ddns-hostname;
        ddns-hostname = pick-first-value( option fqdn.hostname,
                                          option host-name,
                                          concat("dhcp-", binary-to-ascii(10, 8, "-", leased-address)));
        ddns-domainname      "xxx.local.";
        zone xxx.local. {
            primary 127.0.0.1;
            key xxx.local;
        }
        zone 100.168.192.in-addr.arpa. {
            primary 127.0.0.1;
            key xxx.local;
        }

        pool {
           

           
            next-server 192.168.100.200;

            range 192.168.100.10 192.168.100.100;
        }
    }

    on commit {
        set noname = concat("dhcp-", binary-to-ascii(10, 8, "-", leased-address));
        set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
        set ClientDHCID = concat (
        suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":",
        suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":",
        suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":",
        suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":",
        suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":",
        suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2)
        );
        set ClientName = pick-first-value(option host-name, config-option-host-name, client-name, noname);
        log(concat("Commit: IP: ", ClientIP, " DHCID: ", ClientDHCID, " Name: ", ClientName));
        execute("/usr/share/zentyal-dhcp/dhcp-dyndns.sh", "add", ClientIP, ClientDHCID, ClientName);
    }

    on release {
        set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
        set ClientDHCID = concat (
        suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":",
        suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":",
        suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":",
        suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":",
        suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":",
        suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2)
        );
        log(concat("Release: IP: ", ClientIP));
        execute("/usr/share/zentyal-dhcp/dhcp-dyndns.sh", "delete", ClientIP, ClientDHCID);
    }

    on expiry {
        set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
        # cannot get a ClientMac here, apparently this only works when actually receiving a packet
        log(concat("Expired: IP: ", ClientIP));
        # cannot get a ClientName here, for some reason that always fails
        execute("/usr/share/zentyal-dhcp/dhcp-dyndns.sh", "delete", ClientIP, "", "0");
    }
   

    group {
        option routers 192.168.100.1;
        option domain-name "xxx.local";
        option domain-name-servers 192.168.100.200;
        option ntp-servers 192.168.100.200;
        option netbios-name-servers 192.168.100.200;
        option netbios-node-type 8;
        default-lease-time 1800;
        max-lease-time 7200;

        option host-name = config-option server.ddns-hostname;
        ddns-hostname = pick-first-value ( host-decl-name,
                                           option fqdn.hostname,
                                           concat("static-", binary-to-ascii(10, 8, "-", leased-address)));
        ddns-domainname      "xxx.local.";
        zone xxx.local. {
            primary 127.0.0.1;
            key xxx.local;
        }
        zone 100.168.192.in-addr.arpa.                       {
            primary 127.0.0.1;
            key xxx.local;
        }

    }

}


# Add option 150 (0x96) and 155 (0x9b)
if exists dhcp-parameter-request-list {
option dhcp-parameter-request-list=concat(option dhcp-parameter-request-list,96,9b);
}

Code: [Select]
root@apolo:~# cat /etc/samba/smb.conf
[global]
    workgroup = xxx
    realm = XXX.LOCAL
    netbios name = apolo
    server string = Zentyal Server
    server role = dc
    server role check:inhibit = yes
    server services = -dns
    server signing = auto
    dsdb:schema update allowed = yes
    ldap server require strong auth = no
    drs:max object sync = 1200

    idmap_ldb:use rfc2307 = yes

    winbind enum users = yes
    winbind enum groups = yes
    template shell = /bin/bash
    template homedir = /home/%U

    rpc server dynamic port range = 49152-65535

    interfaces = lo,eth0
    bind interfaces only = yes

    map to guest = Bad User

    log level = 3
    log file = /var/log/samba/samba.log
    max log size = 100000



    include = /etc/samba/shares.conf




[netlogon]
    path = /var/lib/samba/sysvol/xx.local/scripts
    browseable = no
    read only = yes

[sysvol]
    path = /var/lib/samba/sysvol
    read only = no

Code: [Select]
root@apolo:~# cat /etc/bind/named.conf.local
// Generated by Zentyal

acl "trusted" {
    localhost;
    localnets;
};

acl "internal-local-nets" {
    192.168.100.0/24;
};

dlz "AD DNS Zone" {
    database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
};



zone "100.168.192.in-addr.arpa" {
    type master;
    file "/var/lib/bind/db.100.168.192";
    update-policy {
        // The only allowed dynamic updates are PTR records
        grant xxx.local. subdomain 100.168.192.in-addr.arpa. PTR TXT;
        // Grant from localhost
        grant local-ddns zonesub any;
    };
};

zone "10.in-addr.arpa" {
    type master;
    file "/etc/bind/db.empty";
};
zone "16.172.in-addr.arpa" {
    type master;
    file "/etc/bind/db.empty";
};
zone "17.172.in-addr.arpa" {
    type master;
    file "/etc/bind/db.empty";
};
zone "18.172.in-addr.arpa" {
    type master;
    file "/etc/bind/db.empty";
};
zone "19.172.in-addr.arpa" {
    type master;
    file "/etc/bind/db.empty";
};
zone "20.172.in-addr.arpa" {
    type master;
    file "/etc/bind/db.empty";
};
zone "21.172.in-addr.arpa" {
    type master;
    file "/etc/bind/db.empty";
};
zone "22.172.in-addr.arpa" {
    type master;
    file "/etc/bind/db.empty";
};
zone "23.172.in-addr.arpa" {
    type master;
    file "/etc/bind/db.empty";
};
zone "24.172.in-addr.arpa" {
    type master;
    file "/etc/bind/db.empty";
};
zone "25.172.in-addr.arpa" {
    type master;
    file "/etc/bind/db.empty";
};
zone "26.172.in-addr.arpa" {
    type master;
    file "/etc/bind/db.empty";
};
zone "27.172.in-addr.arpa" {
    type master;
    file "/etc/bind/db.empty";
};
zone "28.172.in-addr.arpa" {
    type master;
    file "/etc/bind/db.empty";
};
zone "29.172.in-addr.arpa" {
    type master;
    file "/etc/bind/db.empty";
};
zone "30.172.in-addr.arpa" {
    type master;
    file "/etc/bind/db.empty";
};
zone "31.172.in-addr.arpa" {
    type master;
    file "/etc/bind/db.empty";
};
zone "168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/db.empty";
};

Pages: [1] 2 3 ... 5