[Upgrading from 4.2 to 6.1]

When upgrading ESET Clients, you should uninstall and reinstall. Had a lot of trouble that clients lost their configuration after doing a manual or automatic upgrade. (include the setting to connect to the eras)

[Using LDAP/AD Authentication in V6 ERA]

It is hard to say what is wrong. Winbind is very picky about its configuration. My experience is only with joining AD on domain controller and that requires:

Mine to, and there works all fine But this is no AD.

 

1. DNS needs to be configured correctly.

It is.

2. Time needs to be synchronised with domain controller.

It is.

3. Kerberos needs to be configured.

There is no Kerberos, it's an Samba 3 Domain.

4. Samba needs to be configured.

It is.

5. Domain join is necessary.

Join works fine. Missed to mentioned it in the post above.

 

All these steps are done automatically in ERA Server Appliance.

I'm using the Appliance. How can you automatically join the domain?!

If you want, you can deploy it as a test in VirtualBox (or VMWare Player) and go through manual installation. Afterwards you can look at created configuration files. There is also '/root/help-with-domain.txt' file that in more details explains all steps.

There is no such file in the appliance. Appliance was installed on 2015/01/08. Are there different versions?

 

setting 

winbind use default domain = Yes

let wbinfo -i <username> works, but wbinfo -g (which is used by eras) still not work.

[ESET NOD32 Antivirus Business Edition for Mac OS X version 4.1.98 has been released and is available to download.]

Downloaded the german version, but after installation, it reported as 4.1.97.

 

Old version or wrong version number?

 

Best,

meg

[Appliance OS update]

This task is not scheduled by default in my ERA. Should I set it manually?

 

"Triggers everytime a client joins the dynamic group: Computers with outdated operating system"

 

Possible it didn't see that the OS is outdated?

[Using LDAP/AD Authentication in V6 ERA]

Can't get winbind running complete.

 

wbinfo -u works, ntlm_auth works, but

wbinfo -i meg
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user meg

wbinfo -g
failed to call wbcListGroups: WBC_ERR_INVALID_RESPONSE
Error looking up domain groups

Winbindd Version: 3.6.23-14.el6_6

OS: CentOS, ESET Appliance

 

Any ideas or conclusions? 

 

Samba Settings:

[global]
	workgroup = RZ
	server string = Samba Server Version %v
	security = DOMAIN
	log file = /var/log/samba/log.%m
	max log size = 50
	wins server = 1xx.1x.1xx.1xx
	idmap config * : backend = tdb
	cups options = raw

[Appliance OS update]

Not needed, the ERAS did it himself via "Operation System update" task

[ERA Agent]

There's no self-defense mechanism (yet). Without the agent, ERAS won't be able to communicate with the client but updates should work.

:/ 

 

So we have 

a.) no control over the configuration and

b.) no control over our licenses?

[Change Language of ERAS 6 (Linux)]

After upgrading to 6.1.450, where can I change the language of the user interface?

 

seems there are two values in config.cfg, but didn't know which values represents the other languages.

 

THX 4 help

[Using LDAP/AD Authentication in V6 ERA]

***PUSH***

 

 

 

 

A LDAP only user backend isn't possible?

 

 

Any how to use ldap (openldap) as a direct authentication/syncronisation backend?

[Deploy ESET Remote Administrator Agent]

Send an Email to the user (and/or provide an website, where he can download the agent).

 

In the point of migrating von 5 to 6, I've got the same question. How deploy the agent (e.g. via ERA5) without interaction with the user (like an V5 Upgrade).

[ERA Agent]

Hi,

 

some questions about the Agent:

 

How to prevent agent to get removed by the user (on ERA 5 we have the password protection)?

- On Windows

- On Linux

- On OSX

 

What happens to the client if the agent will removed?

- Licenses

- Updates

- ...

 

Thx for informations,

meg

[Remote Administrator on Linux - Help File Changes]

I appreciate the patience on this issue, we have new steps for using the LDAP with simple authentication in order to get active directory to sync, which can be found here:

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3665

 

This has been very successful in getting the active directory structure to sync within the Linux deployment of Remote Administrator, please let me know if you run into any issues.

Is there also such a solution for Mapped Domain Security Groups?

[Creating install package in ERA6]

I think rekun is right. ATM I didn't see any way for a working (automated) migration from V5 to V6.

We have 1500-2000 Clients from V5 down till V3 (cause eset removed the PCU - seems it didn't work proper, like the remote upgrade).

In this point of view, the new architecture seems a bit more robust and stable but there need to be migration pathes.

[Upgrade Windows Client Error]

Same for

4.2.67 -> 5.0.2237

4.2.71 -> 5.0.2237

ERAS 5.2.26

These Version updates works on other Systems. Is there any Matrix which updates are possible?

[Using LDAP/AD Authentication in V6 ERA]

* standard domain joining process via winbind

* make sure ldapsearch utility is in place, openldap-clients package on centos

* tasks like "Static Group Synchronization" will have some hidden gems like LOGIN, takes form similar to "CN=connect-user,CN=Users,DC=your-domain,DC=com" depends on your LDAP structure.

Thx, will try a domain join later.

 

A LDAP only user backend isn't possible?

[Using LDAP/AD Authentication in V6 ERA]

So it looks like I have to join the appliance via winbindd to the existent samba domain?

 

Is this anywhere documented?

[ESET Remote Administrator version 5.2.26 has been released - wrong download link?]

Hi,

 

tried to download the german language version today. Site told me it should be 5.2.26. Installer told me that it is 5.2.22.

 

Any fixes which aren't described in the change log? (E.g. the remote-upgrade problematic?)

 

Best,

Meg

[Using LDAP/AD Authentication in V6 ERA]

Not familiar with LDAP for Centos. Could you just enter the group's SID manually?

I could, but this has no effects.

 

Cause it is an appliance, i think it is not recommended to chance anything on the hostsystem?

 

No official statements? Guides?

[Updating version 6 clients]

ESET products v6 can only be updated either directly from ESET's servers (e.g. via Apache Web Proxy that is a part of the ERA v6 bundle) or from a mirror created by Endpoint v6. Updates from a mirror created by older versions shouldn't work.

Why that increase of complexity? So I had to setup and maintain X mirros (for every version) insead of one?

 

Is there anywhere a matrix which software can update from which mirror?

[Using LDAP/AD Authentication in V6 ERA]

When you click the SELECT box next to GROUP SID [found under ADMIN-->ACCESS RIGHTS-->MAPPED DOMAIN SECURITY GROUPS-->NEW], do you not get a list of all the groups in your domain?

Nope, i got an error. Thats why I ask where I can configure it.

 

Or is it a windows only feature which uses the local windows settings? (Running the appliance on centos)

[Using LDAP/AD Authentication in V6 ERA]

Noone?

Not possible? But why the "mapped domain security groups" entry?

[Using LDAP/AD Authentication in V6 ERA]

Where to setup external authentication sources?

[MDM on Appliance.]

There is an ova file with ESET Mobile Connector which works as a separate virtual appliance.

Yeah, seen it after ask this question

 

But there is no all in one Appliance? Is it supported/recommended to install the mdm rpm on the RA Appliance?

[MDM on Appliance.]

Is it possible to install or add the mdm to the server appliance or is it not nessary for managing eset on mobile devices?

[rpm extraction in release 4.0.10.0]

Works fine for me. (zypper/yum repository)

 

Whats the concrete problem?