JJJakus

It looks like the one in section II. Upload License File During Activation: of this KB article: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3615&actp=search&viewlocale=en_US&searchid=1428478351574

I am using ZMC to push the agent and the client worldwide. The agent works great without the need for Internet (Machine in some locations do not have Internet) Now I am trying to build a bundle to build a bundle that suppresses the Activation Prompt immediately after the install. I have been looking but can't find a policy or switch to disable it. Any ideas? Thanks, John

Great:-D

To fix the AD Sync, please look at my instructions in https://forum.eset.com/topic/4477-static-group-synchronizationfailed-ldap-server-authentication-failed/ Cheers, John

The isses came to to SELINUX. Windows does not have SELINUX. SELINUX sets ACL on files and was not giving the erauser the correct rights to the eraserver. Windows would work completely different. Noting to do with Samba, LDAP or kerberos. They are working as they should be, but there mechanism did not have the correct access to the keystore. Cheers, John

This one stumped me for awhile and I finally figured it out. I run Novell Domain Services for Windows to emulate my AD environement and I was having the same ldap issue. I did packet captures, ldap traces all kind of stuff. Once I determed the problem was on the appliance, this is my method of troubleshootnig and the way I solved it: Synchronization Mode - Active Directory/Open Directory/LDAP When attempting to browsing the directory it would immediately fail. Found the the logv/var/log/eset/RemoteAdministrator/Server/trace.log 2015-03-31 17:10:42 Error: ConsoleApiModule [Thread 7fcc35de2700]: 9 Error while getting synchronization nodes: SearchLdap: 'ldapsearch' failed with 254 exit code, stderr: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache permissions incorrect) 2015-03-31 17:10:44 Error: CServerStaticGroupsModule [Thread 7fcc37be5700]: SearchLdap: 'ldapsearch' failed with 254 exit code, stderr: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache permissions incorrect) 2015-03-31 17:10:44 Error: ConsoleApiModule [Thread 7fcc35de2700]: 9 Error while getting synchronization nodes: SearchLdap: 'ldapsearch' failed with 254 exit code, stderr: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache permissions incorrect) This error points to permission problems with the krb5 keystore file. Kinit works fine and klist shows: [root@eset-us audit]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: User@DOMAIN.COM Valid starting Expires Service principal 03/31/15 12:14:41 03/31/15 22:14:41 krbtgt/DOMAIN.COM@DOMAIN.COM renew until 04/01/15 12:14:47 03/31/15 12:14:42 03/31/15 22:14:41 ldap/server.domain.com@ renew until 04/01/15 12:14:47 03/31/15 12:14:42 03/31/15 22:14:41 ldap/server.domain.com@DOMAIN.COM renew until 04/01/15 12:14:47 Looked at the keystore file /tmp/krb5cc_0 [root@eset-us tmp]# ls -l krb5cc_0 -rw-------. 1 root root 3524 Mar 31 12:14 krb5cc_0 [root@eset-us tmp]# ls -Z krb5cc_0 -rw-------. root root unconfined_u:object_r:user_tmp_t:s0 krb5cc_0 Looked in the SELINUX audit log and found: type=AVC msg=audit(1427479161.221:395): avc: denied { unlink } for pid=21111 comm="kinit" name="krb5cc_0" dev=dm-0 ino=262297 scontext=system_u:system_r:eraserver_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file showing that the keystore file was in the wrong context that SELINUX wanted it so it was denied access. Edited the /etc/selinux/config file and changed the entries: From: SELINUX=enforcing To: SELINUX=permissive Next reloaded SELINUX semodule -R I can't remember if I had to reboot or not but it started working. Looked at the keystore file /tmp/krb5cc_0 again [root@eset-us tmp]# ls -l krb5cc_0 -rw-------. 1 root root 3524 Mar 31 12:14 krb5cc_0 [root@eset-us tmp]# ls -Z krb5cc_0 -rw-------. root root system_u:object_r:eraserver_tmp_t:s0 krb5cc_0 Notice the context changed to match the what the audit log had expected. system_u and eraserver_tmp_t Again edited the /etc/selinux/config file and changed the entries: From: SELINUX=permissive To: SELINUX=enforcing Next reloaded SELINUX semodule -R Did not change after the reboot. So the browse function is still working. Hope this helps