Zentyal Forums
Jarrell Campbell
I know this has been talked about everywhere for ages, but I wanted to get some fresh input from these forums since members here have so much in common in terms of infrastructure and software with mine and my clients deployments.
I would like to find a free and open source on premise solution for identity and access management. Essentially to recreate MS Active Directory functionality with just the following capabilities:
User Account Management (with groups)
Computer/Device account management
DNS and Netbios integration
SSO with respect to using different devices on the same network.
I am working on my new lab network and storage. I have Truenas running well on a 6 drive z2 and will build out the XCP-NG server now - then the migration. I plan to setup whichever LDAP/IA server on the XCP-NG hypervisor.
I am facing this issue in file sharing of zentyal server 5.0 as I have configured the file sharing properly but I am getting this kind of error when I am trying to access from windows system as well as in Ubuntu 16.04. Kindly look into this error. Even the person is added to the file-sharing folder but cannot access it.
Hi @IT_admin,
Wlcome to the NethServer community. As @Stefano_Zamboni mentioned, this is the NethServer forums and not the Zentyal forums. But since both NethServer and Zentyal use samba packages for filesharing, we might be able to help you with your issue. We have several ex Zentyal users in our forums, that switched from Zentyal to NethServer. So maybe with a bit of help we can solve your issue anyway.
In the meantime, you could start thinking of switching to NethServer instead of Zentyal too. I came from Zentyal a few years ago and after getting used to CentOS instead of Ubuntu, I never regretted the switch.
By default each LDAP user has a personal /home/ directory on the server. If the File Sharing module is active this directory will be accessible to the specific user (and only to the user) through SMB/CIFS. Furthermore, if a Windows client host is joined to the domain this directory will be automounted as drive H:.
This is NOT desirable in my environment. I've searched high and low for a way to turn this off, but I have been unsuccessful. There does not appear to be a way to disable this functionality in the web console and if I modify the configuration in dsa.msc the configuration is re-set after a minute or two.
There are a few forum posts on the Zentyal forums which have users asking about the same thing, but these either have no answer or in the case of the last one, relies on setting a group policy to fight override Zentyal.
Imho, Domain Services and File Share should be two separate and disparate components that you would install separately. Following this pattern, disabling the home drive configuration is good, but disabling or removing Samba entirely would be even more ideal. Domain Controllers hosting files seems like a terrible design flaw and security hole in my mind, which is likely why Windows Server best practice says that you should NEVER install Domain Service and File Share roles on the same server.
I don't know if the two configuration items from the initial user have any effect. However, in my environment, I have both of those set to no and I've commented out my [homes] configuration. The configuration for this item is held in /etc/samba/shares.conf on Zentyal Development 6.0.1, so if you can't find it in /etc/samba/smb.conf that's why.
Although Zentyal UI interface greatly eases the system administratorwork, some configuration tasks through the interface can be tedious ifyou have to perform them repeatedly. For example, adding 100 new useraccounts or enabling an e-mail account for all 100 users.
These tasks can be automated easily through the ApplicationProgramming Interface (API) which is provided by Zentyal. You only needa basic knowledge of Perl(1), and to know the publicmethods exposed by the Zentyal modules you want to use. In fact, Zentyal webinterface uses the same programming interface.
You may need to extend Zentyal's modules functionality to suit your needs.Zentyal offers you two different mechanisms to do so in such a way that youcan still benefit from the abstraction, automation and context offered bythe framework.
hooks: Scripts that will be triggered during specific checkpoints of the life cycle of a module, for exampleadding a rule that marks certain types of traffic in the firewall after refreshing Zentyal's rules.
The Zentyal modules, onceenabled, overwrite the original system configuration files for theservices they manage. Modules do this through templates thatessentially contain the structure of a configuration filefor the service. Some parts of the resulting file are parametrized throughvariables provided by the framework.
Modifying the configuration files directly is incorrect, because these files will be overwritteneach time the templates are processed (saving changes, for example). Zentyal's own configurationtemplates can be found in /usr/share/zentyal/stubs, and their names are the original configurationfile, plus the .mas extension, for example /usr/share/zentyal/stubs/dns/named.conf.mas.Modifying these templates is not a good solution either, because they will be overwritten if the software packageis updated or reinstalled.
sudo mkdir /etc/zentyal/stubs/dnssudo cp /usr/share/zentyal/stubs/dns/named.conf.options.mas/etc/zentyal/stubs/dnsAnother advantage of copying the templates to /etc/zentyal/stubs/ isthat you can keep control of the modifications that you have done over theoriginal templates, and you will always be able to check these differences usingthe 'diff' tool. For example, for the former case:
diff /etc/zentyal/stubs/dns/named.conf.options.mas/usr/share/zentyal/stubs/dns/named.conf.options.masFor the next example, let's suppose you don't want to allow the DMZ network, which is internal but not so trusted, to perform DNS fullzone transfers.
It is possible that you need to perform certain additional actions atsome point of the execution state of a module. For example, whenZentyal saves changes related to the firewall, the first thing the firewallmodule does is to remove all existing rules, and then add the ones configured inZentyal. If you manually add a custom iptables rule that is not covered byZentyal interface, it will disappear when saving firewall module changes. Totweak that behavior, Zentyal lets you run scripts while the saving changes process isbeing performed. There are six points during the process when you may executethese scripts, also known as hooks. Two of them are general and the remainingfour are per module:
Let's suppose your server has a transparent proxy, but you wish to exclude a certain networksegment from the automatic redirection of HTTP connections. You will create the file/etc/zentyal/hooks/firewall.postservice with the following content:
Anyone with Perl language knowledge may take advantage of the Zentyaldevelopment framework to create web interfaces, and also benefit from theintegration with the rest of the modules and the common features from thevast Zentyal library.
Zentyal design is completely object-oriented and it takes advantage ofthe Model-View-Controller (MVC) design pattern (2), so the developer onlyneeds to define those features required by the data model. Theremaining parts are generated automatically by Zentyal.
Zentyal is designed to be installed on a dedicated machine. Thisrecommendation is also extended to the developing scheme. Developingon the same host is highly discouraged. The recommended option isto deploy a virtual system to develop as Appendix A: Test environment with VirtualBox explains indepth.
Commercial Editions release cycle will be extended to 24 months and solely shippedwith the most recent version of Ubuntu server LTS available during the developmentphase. The schedule has nevertheless been chosen on purpose and will always supplythe latest version of Ubuntu Server LTS (Long-Term Support) with Zentyal. With thischange, partners and end customers will benefit from an extended product lifetimeclose to 4 years and a half instead of 3 years support as of today.
Commercial editions will benefit from security updates and bug fixing throughQ/A PPA repositories. Furthermore software updates and additions will be providedwithin Service Packs and delivered through this same PPA. This is one of the majorupdates of this release strategy: Zentyal intends to provide better quality andstabilized softwares to its paying customers, reducing the overall risk of highor critical issues one's user may encounter. This achievement will be reachedthrough a new software inclusion process to be detailed in feature addition section.
Community Edition release cycle will be shorten to 3 months and always shippedwith the most recent version of Ubuntu standard release available prior thebeginning of the development phase. The general release cycle of Communityedition is linked to commercial one. First of all, community edition is nowde facto the laboratory where new experimentations and features are first being deployed.It is next processed as part of extensive beta testing cycles and finally get stabilized.It is only when a feature is stabilized in the community edition that it can be back portedto commercial one. Secondly, community edition will gradually upgrade to new Ubuntu standardreleases whenever available, aiming at offering an overall better consistency and stabilityto paying customer upon new commercial release. This methodology helps reducing paths toinconsistencies across different LTS versions (new software version or operating systeminternals updates) and provide longer and better quality assurance testing and updates.The upgrade path from one Ubuntu release to the next one is shorten, reducing the effort required to bridge the gap.
Each open source software project has its own bug management policy. As mentionedpreviously, the stable Zentyal versions are supported for three years during whichsupport for all security issues is granted. In addition to security issues, othermodifications might be added to fix several bugs at once. The latest Zentyal versionalways includes all the bug fixes.
c80f0f1006