Megachip
-
Posts
166 -
Joined
-
Last visited
Posts posted by Megachip
-
-
It is hard to say what is wrong. Winbind is very picky about its configuration. My experience is only with joining AD on domain controller and that requires:
Mine to, and there works all fine But this is no AD.
1. DNS needs to be configured correctly.
It is.
2. Time needs to be synchronised with domain controller.
It is.
3. Kerberos needs to be configured.
There is no Kerberos, it's an Samba 3 Domain.
4. Samba needs to be configured.
It is.
5. Domain join is necessary.
Join works fine. Missed to mentioned it in the post above.
All these steps are done automatically in ERA Server Appliance.
I'm using the Appliance. How can you automatically join the domain?!
If you want, you can deploy it as a test in VirtualBox (or VMWare Player) and go through manual installation. Afterwards you can look at created configuration files. There is also '/root/help-with-domain.txt' file that in more details explains all steps.
There is no such file in the appliance. Appliance was installed on 2015/01/08. Are there different versions?
setting
winbind use default domain = Yes
let wbinfo -i <username> works, but wbinfo -g (which is used by eras) still not work.
-
Downloaded the german version, but after installation, it reported as 4.1.97.
Old version or wrong version number?
Best,
meg
-
This task is not scheduled by default in my ERA. Should I set it manually?
"Triggers everytime a client joins the dynamic group: Computers with outdated operating system"
Possible it didn't see that the OS is outdated?
-
Can't get winbind running complete.
wbinfo -u works, ntlm_auth works, but
wbinfo -i meg failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user meg wbinfo -g failed to call wbcListGroups: WBC_ERR_INVALID_RESPONSE Error looking up domain groups
Winbindd Version: 3.6.23-14.el6_6
OS: CentOS, ESET ApplianceAny ideas or conclusions?Samba Settings:[global] workgroup = RZ server string = Samba Server Version %v security = DOMAIN log file = /var/log/samba/log.%m max log size = 50 wins server = 1xx.1x.1xx.1xx idmap config * : backend = tdb cups options = raw
-
Not needed, the ERAS did it himself via "Operation System update" task
-
There's no self-defense mechanism (yet). Without the agent, ERAS won't be able to communicate with the client but updates should work.
:/
So we have
a.) no control over the configuration and
b.) no control over our licenses?
-
After upgrading to 6.1.450, where can I change the language of the user interface?
seems there are two values in config.cfg, but didn't know which values represents the other languages.
THX 4 help
-
***PUSH***
A LDAP only user backend isn't possible?
Any how to use ldap (openldap) as a direct authentication/syncronisation backend?
-
Send an Email to the user (and/or provide an website, where he can download the agent).
In the point of migrating von 5 to 6, I've got the same question. How deploy the agent (e.g. via ERA5) without interaction with the user (like an V5 Upgrade).
-
Hi,
some questions about the Agent:
How to prevent agent to get removed by the user (on ERA 5 we have the password protection)?
- On Windows
- On Linux
- On OSX
What happens to the client if the agent will removed?
- Licenses
- Updates
- ...
Thx for informations,
meg
-
I appreciate the patience on this issue, we have new steps for using the LDAP with simple authentication in order to get active directory to sync, which can be found here:
hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3665
This has been very successful in getting the active directory structure to sync within the Linux deployment of Remote Administrator, please let me know if you run into any issues.
Is there also such a solution for Mapped Domain Security Groups?
-
I think rekun is right. ATM I didn't see any way for a working (automated) migration from V5 to V6.
We have 1500-2000 Clients from V5 down till V3 (cause eset removed the PCU - seems it didn't work proper, like the remote upgrade).
In this point of view, the new architecture seems a bit more robust and stable but there need to be migration pathes.
-
Same for
4.2.67 -> 5.0.2237
4.2.71 -> 5.0.2237
ERAS 5.2.26
These Version updates works on other Systems. Is there any Matrix which updates are possible?
-
* standard domain joining process via winbind
* make sure ldapsearch utility is in place, openldap-clients package on centos
* tasks like "Static Group Synchronization" will have some hidden gems like LOGIN, takes form similar to "CN=connect-user,CN=Users,DC=your-domain,DC=com" depends on your LDAP structure.
Thx, will try a domain join later.
A LDAP only user backend isn't possible?
-
So it looks like I have to join the appliance via winbindd to the existent samba domain?
Is this anywhere documented?
-
Hi,
tried to download the german language version today. Site told me it should be 5.2.26. Installer told me that it is 5.2.22.
Any fixes which aren't described in the change log? (E.g. the remote-upgrade problematic?)
Best,
Meg
-
Not familiar with LDAP for Centos. Could you just enter the group's SID manually?
I could, but this has no effects.
Cause it is an appliance, i think it is not recommended to chance anything on the hostsystem?
No official statements? Guides?
-
ESET products v6 can only be updated either directly from ESET's servers (e.g. via Apache Web Proxy that is a part of the ERA v6 bundle) or from a mirror created by Endpoint v6. Updates from a mirror created by older versions shouldn't work.
Why that increase of complexity? So I had to setup and maintain X mirros (for every version) insead of one?
Is there anywhere a matrix which software can update from which mirror?
-
When you click the SELECT box next to GROUP SID [found under ADMIN-->ACCESS RIGHTS-->MAPPED DOMAIN SECURITY GROUPS-->NEW], do you not get a list of all the groups in your domain?
Nope, i got an error. Thats why I ask where I can configure it.
Or is it a windows only feature which uses the local windows settings? (Running the appliance on centos)
-
Noone?
Not possible? But why the "mapped domain security groups" entry?
-
Where to setup external authentication sources?
-
There is an ova file with ESET Mobile Connector which works as a separate virtual appliance.
Yeah, seen it after ask this question
But there is no all in one Appliance? Is it supported/recommended to install the mdm rpm on the RA Appliance?
-
Is it possible to install or add the mdm to the server appliance or is it not nessary for managing eset on mobile devices?
-
Works fine for me. (zypper/yum repository)
Whats the concrete problem?
Upgrading from 4.2 to 6.1
in ESET Endpoint Products
Posted
When upgrading ESET Clients, you should uninstall and reinstall. Had a lot of trouble that clients lost their configuration after doing a manual or automatic upgrade. (include the setting to connect to the eras)