Recent Posts
1
Installation and Upgrades / Re: quick question on migrating server 2012r2
« Last post by Thanatos on January 16, 2020, 05:35:23 pm »Hi!
It could be great if you have the time to redact a "howto" with your experience.
It's really sad that the "Contributions / Tips & Tricks / Features Requests" board is almost unutilized.
Cheers!
It could be great if you have the time to redact a "howto" with your experience.
It's really sad that the "Contributions / Tips & Tricks / Features Requests" board is almost unutilized.
Cheers!
2
Installation and Upgrades / Re: quick question on migrating server 2012r2
« Last post by killmasta93 on January 16, 2020, 03:44:12 pm »EDIT: so these are the steps to migrate, only one issue is that i demoted the windows server but it still appears domain controllers on zentyal so odd
STEPS:
But before take a snapshot of the OS of windows server and were going to downgrade the forest and domain to windows 2008r2 go to powershell on windows
now ssh the zentyal server
then say Y
then demote the windows server
STEPS:
But before take a snapshot of the OS of windows server and were going to downgrade the forest and domain to windows 2008r2 go to powershell on windows
Code: [Select]
`Set-ADForestMode -Identity "YOURDOMAIN.local" -ForestMode Windows2008R2Forest`
`Set-ADDomainMode -Identity "YOURDOMAIN.local" -DomainMode Windows2008R2Domain`now ssh the zentyal server
Code: [Select]
`cd /usr/share/zentyal-samba`Code: [Select]
`chmod +x ad-migrate`
Code: [Select]
`./ad-migrate`then say Y
then demote the windows server
3
Directory and Authentication / [Question] 2x Wan, Send traffic only through one. Use second only as backup.
« Last post by darnoq on January 16, 2020, 10:54:57 am »Hi,
I have 2x Wan on eth1 (Main) and eth3 (Backup). I want to send all traffic trought 1 unless connection fails.
With:
1. Disabled traffic balancing
2. Gateways for traffic balance - selected only Main
3. Multigateways rules - interface any/source any/ destination any/service any/gateway Main
I can't ping thorugh Backup
with:
1. Disabled traffic balancing
2. Gateways for traffic balance - selected Main and BACKUP
3. Multigateways rules - interface any/source any/ destination any/service any/gateway Main
I can ping from both Main and Backup but traffic balancing seems to be working randomly and it send traffic trough both gateways.
I've also setup enabled failover ping to gateway.
What I'm doing wrong? I don't want traffic balancing I want all traffic to go through Main untill it fails then switch to backup.
Zentyal 5.1
I have 2x Wan on eth1 (Main) and eth3 (Backup). I want to send all traffic trought 1 unless connection fails.
With:
1. Disabled traffic balancing
2. Gateways for traffic balance - selected only Main
3. Multigateways rules - interface any/source any/ destination any/service any/gateway Main
I can't ping thorugh Backup
with:
1. Disabled traffic balancing
2. Gateways for traffic balance - selected Main and BACKUP
3. Multigateways rules - interface any/source any/ destination any/service any/gateway Main
I can ping from both Main and Backup but traffic balancing seems to be working randomly and it send traffic trough both gateways.
I've also setup enabled failover ping to gateway.
What I'm doing wrong? I don't want traffic balancing I want all traffic to go through Main untill it fails then switch to backup.
Zentyal 5.1
4
Spanish / Re: Problemas DNS y Youtube
« Last post by doncamilo on January 15, 2020, 12:30:43 pm »
¡Hola Maekar!
Yo en tu lugar comprobaría si el problema afecta al propio controlador de dominio. Aprovecha un momento en que se manifieste el problema para hacer una query sobre el dominio afectado desde el propio DC. Supongamos que la dirección de tu GATEWAY/DNS es 192.168.0.1
Code: [Select]
# En el DC
host -a youtube.com 127.0.0.1
host -a youtube.com 192.168.0.1
(Puedes hacer las mismas consultas desde el cliente windows con nslookup para ver si el problema es de la cache del navegador)
Ya me dirás qué sale.
5
Spanish / Problemas DNS y Youtube
« Last post by Maekar on January 15, 2020, 09:54:33 am »Buenos días, había comentado algo en el subforo inglés pero viendo que @doncamilo habla español y yo me manejo mejor así lo pongo aquí también.
Tengo un servidor que hace de Firewall, Gateway, DNS, DHCP, etc.
Y por otro lado tengo un Zentyal como controlador de dominio y nada más. Las consultas DNS las reenvía al primer servidor.
En los dispositivos que usan como DNS primario el primer servidor, todo funciona perfecto.
En los clientes del dominio, que usan Zentyal como DNS primario, estoy sufriendo gravísimos problemas de acceso a Youtube. Adjunto imagen del error que aparece, de forma intermitente (a veces va bien): https://ibb.co/Fs53tgj
Zentyal está completamente actualizado y no sé qué hacer para solventar el problema.
Su configuración es muy simple y mínima, solo tiene instalado el módulo Samba y sus dependencias, y se hizo una instalación limpia en verano, no se restauró nada que pueda hacer conflicto.
Si cambio el DNS primario en los clientes, no hay fallo, pero necesito que sea Zentyal para que las carpetas del usuario se automonten.
Agradecería cualquier ayuda porque no sé cómo solventar el problema. Se me ocurre el parámetro "forward only;" en el DNS de Zentyal en lugar de "forward first;", pero no sé cómo afectaría eso al dominio ni si serviría.
No sé si es un problema de keys con samba, ya que no tengo DHCP server activado y tampoco funcionan las actualizaciones DynDNS.
Gracias de antemano,
Tengo un servidor que hace de Firewall, Gateway, DNS, DHCP, etc.
Y por otro lado tengo un Zentyal como controlador de dominio y nada más. Las consultas DNS las reenvía al primer servidor.
En los dispositivos que usan como DNS primario el primer servidor, todo funciona perfecto.
En los clientes del dominio, que usan Zentyal como DNS primario, estoy sufriendo gravísimos problemas de acceso a Youtube. Adjunto imagen del error que aparece, de forma intermitente (a veces va bien): https://ibb.co/Fs53tgj
Zentyal está completamente actualizado y no sé qué hacer para solventar el problema.
Su configuración es muy simple y mínima, solo tiene instalado el módulo Samba y sus dependencias, y se hizo una instalación limpia en verano, no se restauró nada que pueda hacer conflicto.
Si cambio el DNS primario en los clientes, no hay fallo, pero necesito que sea Zentyal para que las carpetas del usuario se automonten.
Agradecería cualquier ayuda porque no sé cómo solventar el problema. Se me ocurre el parámetro "forward only;" en el DNS de Zentyal en lugar de "forward first;", pero no sé cómo afectaría eso al dominio ni si serviría.
No sé si es un problema de keys con samba, ya que no tengo DHCP server activado y tampoco funcionan las actualizaciones DynDNS.
Gracias de antemano,
6
Directory and Authentication / Re: External SSO provider (Okta or Jumpcloud)
« Last post by doncamilo on January 14, 2020, 02:50:55 pm »I have no experience in this type of systems but as far as Zentyal uses samba and Jumpcloud claims to be able to work with samba, it should be possible. https://support.jumpcloud.com/support/s/article/enabling-samba-support-with-jumpcloud-ldap-2019-08-21-10-36-47
Cheers!
7
Directory and Authentication / Re: External SSO provider (Okta or Jumpcloud)
« Last post by SteveD on January 14, 2020, 01:55:29 pm »Has no one had any experience of this?
8
Other modules / DHCP - All Ranges end up on same domain (expected different domains)
« Last post by plarsson on January 14, 2020, 12:42:05 pm »I have created 2 domains in Zentyal
ws.xxx.lan
dev.xxx.lan
I have 2 nics, one for each domain - each with it's own DHCP server
DHCP for ws.xxx.lan is set to use 192.168.5.2 - 100
DHCP for dev.xxx.lan is set to use 192.168.11.2 - 100
Each DHCP is set for use dynamic DNS and the dynamic DNS is set to use the appropriate domain.
So far I only have one device on the dev domain that is getting it's ip from DHCP
But it seems to be resolving as it's located on the ws domain; not the dev domain (It's getting IP from the dev DHCP at 192168.11.15).
Static IP addresses resolve on the correct domain.
Any suggestions on what I'm doing wrong?
ws.xxx.lan
dev.xxx.lan
I have 2 nics, one for each domain - each with it's own DHCP server
DHCP for ws.xxx.lan is set to use 192.168.5.2 - 100
DHCP for dev.xxx.lan is set to use 192.168.11.2 - 100
Each DHCP is set for use dynamic DNS and the dynamic DNS is set to use the appropriate domain.
So far I only have one device on the dev domain that is getting it's ip from DHCP
But it seems to be resolving as it's located on the ws domain; not the dev domain (It's getting IP from the dev DHCP at 192168.11.15).
Static IP addresses resolve on the correct domain.
Any suggestions on what I'm doing wrong?
9
Contributions / Tips&Tricks / Features Requests / Added Security Modules
« Last post by royceb on January 14, 2020, 04:57:26 am »Long time Zen user here curious if the feedback section was still looked at from time to time. I am curious if there were some easy steps that could be taken to start hardening/securing some of Zentyal's features. How hard would it be to implement items like
1.Semi-granular Fail2ban for services like OpenVPN/SSH/Web(Web-Admin)/Email
2.Two factor authentication for services like OpenVPN/SSH/Web(Web-Admin)/Email - Tie this into Zen SAMBA4/AD authentication and you have a winner
3.More granular control of OpenVPN cert/cryptography settings exposed in the Web-Admin
As a service I find Zentyal extremely robust and consistent in it's feature sets but increasingly I've been utilizing other solutions that aren't as capable as Zentyal but do offer some of these basic security features.
1.Semi-granular Fail2ban for services like OpenVPN/SSH/Web(Web-Admin)/Email
2.Two factor authentication for services like OpenVPN/SSH/Web(Web-Admin)/Email - Tie this into Zen SAMBA4/AD authentication and you have a winner
3.More granular control of OpenVPN cert/cryptography settings exposed in the Web-Admin
As a service I find Zentyal extremely robust and consistent in it's feature sets but increasingly I've been utilizing other solutions that aren't as capable as Zentyal but do offer some of these basic security features.
10
Spanish / necesito ayuda con las reglas de acceso del servidor proxy
« Last post by danielc on January 13, 2020, 05:00:02 pm »hola en mi empresa me pidieron que un grupo de usuarios solo tengan acceso a la navegacion sin limites de 7:30 am a 9:00 am y de 4:00pm a 5:00pm y de 9:00 am a 4:pm solo tengan acceso al dominio .cu yo cree estas reglas pero cuando va a cambiar de una regla para la otra la conexion a internet se cae en su totalidad para todo los usuarios y tengo que reiniciar el servidor proxy para que todo vuelva a funcionar con normalidad si alguien me pudiera ayudar de alguna manera lo agradeceria porque no tengo idea de que pueda ser