Author Topic: Installing Zentyal on VPS  (Read 7315 times)

AaronS

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Installing Zentyal on VPS
« on: July 13, 2012, 01:32:43 pm »
Hey Guys,

I am trying to get Zentyal working on a VPS. I have installed it, and everything seems to be working.

However, I do have a few questions:

1. The DHCP range is in the same range as my hosting company IP addresses. Anyidea how to fix that?

2. I can't get a windows computer to connect to the domain - I am thinking something is wrong with my DHCP/DNS?

3. I am trying to connect to the domain via Internet, with NO VPN. Will this work?

Might be forced to use VPN, but I would like to try to do it without.

The one interface I have is configured as internal. The firewall is off (for now)

Anyone every install on a VPS want to help me out?  :)


AaronS

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Installing Zentyal on VPS
« Reply #1 on: July 13, 2012, 01:33:54 pm »
Opps, can someone move this to Installation and Configuration?  :(

christian

  • Guest
Re: Installing Zentyal on VPS
« Reply #2 on: July 13, 2012, 02:03:58 pm »
1. The DHCP range is in the same range as my hosting company IP addresses. Anyidea how to fix that?

humm... what do you expect ? if there is no VPN, you will have to use public IP otherwise there is no routing. Public IP is most likely in the range of your hosting company. So why do you want something different? To me solution is VPN if you want to keep it "private"  but... why do you want DHCP then ?

Quote
2. I can't get a windows computer to connect to the domain - I am thinking something is wrong with my DHCP/DNS?
See my comment above. DHCP while deploying on VPS make very little sense, for what I understand, at least to me  ;)

AaronS

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Installing Zentyal on VPS
« Reply #3 on: July 13, 2012, 04:08:42 pm »
Thanks for your reply christian.

I thought DHCP was required for PDC, I have disabled it but still can not connect.

I am connecting to corp.mydomain.net - that should work right?

AaronS

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Installing Zentyal on VPS
« Reply #4 on: July 13, 2012, 04:13:11 pm »
Maybe If I took screenshots that would help?

robb

  • Guest
Re: Installing Zentyal on VPS
« Reply #5 on: July 13, 2012, 04:53:27 pm »
If I understand correctly, you are trying to use a VPS as a domain controller.

You create a Zentyal server on a remote location. If you want your clients to authenticate against Zentyal as workstation in a Sambadomain, you will have to create some sort of 'local' connection for your server with your clients. Practically this will only be workable if you set up a VPN connection between your clients and your server, or host your server on your local LAN.
Creating a VPN can be either done by setting up a VPN for each client, or have a router setup a Zentyal-Zentyal connection between the VPS and the local LAN.
« Last Edit: July 13, 2012, 04:55:18 pm by robb »

christian

  • Guest
Re: Installing Zentyal on VPS
« Reply #6 on: July 13, 2012, 05:28:53 pm »
I thought DHCP was required for PDC

as you understand now, DHCP is not required. Because of Microsoft's approach mixing and hiding everything behind one single interface, this is not always easy to distinguish between component and services. Everything looks like it is "Windows domain controller".
I wonder how many here know what a domain controller is  ??? 
Back to DHCP: in order to access domain controller, you need network up and running (both sides  ;)) and client side, it means that workstation got an IP address, either static or dynamic.

To me, domain controller is "only" security part of your Windows server: account management and authentication.

AaronS

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Installing Zentyal on VPS
« Reply #7 on: July 14, 2012, 01:50:53 am »
Thanks everyone for your posts, I am learning a lot  :)

I was thinking that I could set my DNS server on my client computer to the DNS IP addess for the Zentyal VPS, this way I could connect to the domain, but no luck...

It is tricky because the VPS only has 1 interface. I have the firewall and DHCP off.

I was able to connect to the VPN, but I still can't join the domain. Am I crazy?

Is there no way to do this without VPN?

AaronS

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Installing Zentyal on VPS
« Reply #8 on: July 15, 2012, 02:04:40 am »
Ok, I think I am close here..... :(

When I try to add a computer to the domain, it keeps saying it is missing SRV records?

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "studertech.net":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.domain.net

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

108.161.129.122

- One or more of the following zones do not include delegation to its child zone:

studertech.net
net
. (the root zone)

Any help would be great!

christian

  • Guest
Re: Installing Zentyal on VPS
« Reply #9 on: July 15, 2012, 08:10:38 am »
You may find this interesting.
You also have to notice that Zentyal permits to maintain, using GUI, TXT and SRV record in Zentyal DNS.
However, this is Zentyal DNS. In your case:
- Zentyal DNS is remote
- not available for local clients unless you tweak VPN so that such VPN is used

Thus, if I understand well, you have to define such SRV record in your local (existing) DNS server.

AaronS

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Installing Zentyal on VPS
« Reply #10 on: July 15, 2012, 05:19:41 pm »
First, I want to thank everyone for there help, and I big THANK YOU to christian for all your help!  :D

I WAS ABLE TO GET IT TO WORK!!!  :) :) :)

Now the only problem I have now is that I can not log in, as I can't get the OpenVPN client to start before log in. I have been reading 3 different way to do this, but for some reason I just can't get it to work. Any ideas?  :-\

So close.... Once again THANK YOU!

AaronS

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Installing Zentyal on VPS
« Reply #11 on: July 15, 2012, 05:25:08 pm »
Also, I have a dd-wrt Router. Does anyone know how I could use that to connect? Does Zentyal support PPTP Client?

Here are the settings I need to fill out:

PPTP Client

Server IP or DNS Name
Remote Subnet
Remote Subnet Mask
MPPE Encryption
MTU (Default: 1450)
MRU (Default: 1450)
NAT Enable or Disable
User Name
Password

AaronS

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Installing Zentyal on VPS
« Reply #12 on: July 15, 2012, 06:30:53 pm »
Never mind the PPTP Client, I upgrade my router to a firmware that support OpenVPN =)

Still not working tho  :(

Log

Serverlog Clientlog 20120715 18:23:59 I OpenVPN 2.2.1 mipsel-linux [SSL] [LZO2] [EPOLL] built on Dec 8 2011
20120715 18:23:59 MANAGEMENT: TCP Socket listening on 127.0.0.1:5001
20120715 18:23:59 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20120715 18:23:59 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20120715 18:23:59 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20120715 18:23:59 I LZO compression initialized
20120715 18:23:59 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
20120715 18:23:59 Socket Buffers: R=[114688->131072] S=[114688->131072]
20120715 18:23:59 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
20120715 18:23:59 Local Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20120715 18:23:59 Expected Remote Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20120715 18:23:59 Local Options hash (VER=V4): 'd79ca330'
20120715 18:23:59 Expected Remote Options hash (VER=V4): 'f7df56b8'
20120715 18:23:59 I UDPv4 link local: [undef]
20120715 18:23:59 I UDPv4 link remote: 108.161.129.122:1194
20120715 18:24:00 TLS: Initial packet from 108.161.129.122:1194 sid=3ee026e2 0ea1f46d
20120715 18:24:00 VERIFY OK: depth=1 /C=US/ST=CT/L=Columbia/O=Studer_Technical_Services/CN=Certification_Authority_Certificate
20120715 18:24:00 VERIFY OK: depth=0 /C=US/ST=CT/L=Columbia/O=Studer_Technical_Services/CN=vpn-VPNServer
20120715 18:24:17 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 18:24:17 D MANAGEMENT: CMD 'state'
20120715 18:24:17 MANAGEMENT: Client disconnected
20120715 18:24:17 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 18:24:17 D MANAGEMENT: CMD 'state'
20120715 18:24:17 MANAGEMENT: Client disconnected
20120715 18:24:17 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 18:24:17 D MANAGEMENT: CMD 'state'
20120715 18:24:17 MANAGEMENT: Client disconnected
20120715 18:24:17 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 18:24:17 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00


AaronS

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Installing Zentyal on VPS
« Reply #13 on: July 15, 2012, 07:45:32 pm »
Ok, I think I am getting somewhere  :P but I still can not connect to domain... =(

State
Server: : Local Address: Remote Address: Client: CONNECTED: SUCCESS Local Address: 192.168.1.2 Remote Address:

Status

Log
Serverlog Clientlog 20120715 19:40:30 I LZO compression initialized
20120715 19:40:30 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
20120715 19:40:30 Socket Buffers: R=[114688->131072] S=[114688->131072]
20120715 19:40:30 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
20120715 19:40:30 Local Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-client'
20120715 19:40:30 Expected Remote Options String: 'V4 dev-type tap link-mtu 1574 tun-mtu 1532 proto UDPv4 comp-lzo cipher BF-CBC auth SHA1 keysize 128 key-method 2 tls-server'
20120715 19:40:30 Local Options hash (VER=V4): 'd79ca330'
20120715 19:40:30 Expected Remote Options hash (VER=V4): 'f7df56b8'
20120715 19:40:30 I UDPv4 link local: [undef]
20120715 19:40:30 I UDPv4 link remote: 108.161.129.122:1194
20120715 19:40:30 TLS: Initial packet from 108.161.129.122:1194 sid=ca2e2ba4 0d0a9e8e
20120715 19:40:31 VERIFY OK: depth=1 /C=US/ST=CT/L=Columbia/O=Studer_Technical_Services/CN=Certification_Authority_Certificate
20120715 19:40:31 VERIFY OK: depth=0 /C=US/ST=CT/L=Columbia/O=Studer_Technical_Services/CN=vpn-VPNServer
20120715 19:40:31 N TLS Error: Unroutable control packet received from 108.161.129.122:1194 (si=3 op=P_CONTROL_V1)
20120715 19:40:32 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
20120715 19:40:32 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20120715 19:40:32 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
20120715 19:40:32 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20120715 19:40:32 Control Channel: TLSv1 cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA 1024 bit RSA
20120715 19:40:32 I [vpn-VPNServer] Peer Connection Initiated with 108.161.129.122:1194
20120715 19:40:34 SENT CONTROL [vpn-VPNServer]: 'PUSH_REQUEST' (status=1)
20120715 19:40:34 PUSH: Received control message: 'PUSH_REPLY route 108.161.129.0 255.255.255.0 route-gateway 192.168.1.1 ping 10 ping-restart 120 ifconfig 192.168.1.2 255.255.255.0'
20120715 19:40:34 OPTIONS IMPORT: timers and/or timeouts modified
20120715 19:40:34 OPTIONS IMPORT: --ifconfig/up options modified
20120715 19:40:34 OPTIONS IMPORT: route options modified
20120715 19:40:34 NOTE: --mute triggered...
20120715 19:40:34 1 variation(s) on previous 5 message(s) suppressed by --mute
20120715 19:40:34 I TUN/TAP device tap1 opened
20120715 19:40:34 TUN/TAP TX queue length set to 100
20120715 19:40:34 I /sbin/ifconfig tap1 192.168.1.2 netmask 255.255.255.0 mtu 1500 broadcast 192.168.1.255
20120715 19:40:34 /sbin/route add -net 108.161.129.0 netmask 255.255.255.0 gw 192.168.1.1
20120715 19:40:34 I Initialization Sequence Completed
20120715 19:40:37 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120715 19:40:41 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120715 19:40:46 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120715 19:40:50 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120715 19:40:54 N read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: No route to host (code=148)
20120715 19:40:57 NOTE: --mute triggered...
20120715 19:41:12 4 variation(s) on previous 5 message(s) suppressed by --mute
20120715 19:41:12 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 19:41:12 D MANAGEMENT: CMD 'state'
20120715 19:41:12 MANAGEMENT: Client disconnected
20120715 19:41:12 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 19:41:12 D MANAGEMENT: CMD 'state'
20120715 19:41:12 MANAGEMENT: Client disconnected
20120715 19:41:12 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 19:41:12 D MANAGEMENT: CMD 'state'
20120715 19:41:12 MANAGEMENT: Client disconnected
20120715 19:41:12 MANAGEMENT: Client connected from 127.0.0.1:5001
20120715 19:41:12 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00

AaronS

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Installing Zentyal on VPS
« Reply #14 on: July 15, 2012, 08:29:05 pm »
Here is the log file from the OpenVPN Software Client:

Sun Jul 15 14:25:20 2012 OpenVPN 2.2.0 Win32-MSVC++ [SSL] [LZO2] built on Apr 26 2011
Sun Jul 15 14:25:20 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Sun Jul 15 14:25:20 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Jul 15 14:25:21 2012 LZO compression initialized
Sun Jul 15 14:25:21 2012 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Jul 15 14:25:21 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jul 15 14:25:21 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Jul 15 14:25:21 2012 Local Options hash (VER=V4): 'd79ca330'
Sun Jul 15 14:25:21 2012 Expected Remote Options hash (VER=V4): 'f7df56b8'
Sun Jul 15 14:25:21 2012 UDPv4 link local: [undef]
Sun Jul 15 14:25:21 2012 UDPv4 link remote: 108.161.129.122:1194
Sun Jul 15 14:25:21 2012 TLS: Initial packet from 108.161.129.122:1194, sid=eb5fad0b 13c25299
Sun Jul 15 14:25:21 2012 VERIFY OK: depth=1, /C=US/ST=CT/L=Columbia/O=Studer_Technical_Services/CN=Certification_Authority_Certificate
Sun Jul 15 14:25:21 2012 VERIFY X509NAME OK: /C=US/ST=CT/L=Columbia/O=Studer_Technical_Services/CN=vpn-VPNServer
Sun Jul 15 14:25:21 2012 VERIFY OK: depth=0, /C=US/ST=CT/L=Columbia/O=Studer_Technical_Services/CN=vpn-VPNServer
Sun Jul 15 14:25:22 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jul 15 14:25:22 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jul 15 14:25:22 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jul 15 14:25:22 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jul 15 14:25:22 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Jul 15 14:25:22 2012 [vpn-VPNServer] Peer Connection Initiated with 108.161.129.122:1194
Sun Jul 15 14:25:24 2012 SENT CONTROL [vpn-VPNServer]: 'PUSH_REQUEST' (status=1)
Sun Jul 15 14:25:24 2012 PUSH: Received control message: 'PUSH_REPLY,route 108.161.129.0 255.255.255.0,route-gateway 192.168.1.1,ping 10,ping-restart 120,ifconfig 192.168.1.2 255.255.255.0'
Sun Jul 15 14:25:24 2012 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jul 15 14:25:24 2012 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jul 15 14:25:24 2012 OPTIONS IMPORT: route options modified
Sun Jul 15 14:25:24 2012 OPTIONS IMPORT: route-related options modified
Sun Jul 15 14:25:24 2012 WARNING: potential TUN/TAP adapter subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
Sun Jul 15 14:25:24 2012 ROUTE default_gateway=192.168.1.1
Sun Jul 15 14:25:24 2012 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{BBA19AA2-4F35-41BE-BC9C-78C80D98F8DF}.tap
Sun Jul 15 14:25:24 2012 TAP-Win32 Driver Version 9.8
Sun Jul 15 14:25:24 2012 TAP-Win32 MTU=1500
Sun Jul 15 14:25:24 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.1.2/255.255.255.0 on interface {BBA19AA2-4F35-41BE-BC9C-78C80D98F8DF} [DHCP-serv: 192.168.1.0, lease-time: 31536000]
Sun Jul 15 14:25:24 2012 Successful ARP Flush on interface [14] {BBA19AA2-4F35-41BE-BC9C-78C80D98F8DF}
Sun Jul 15 14:25:29 2012 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=1 u/d=up
Sun Jul 15 14:25:29 2012 C:\WINDOWS\system32\route.exe ADD 108.161.129.0 MASK 255.255.255.0 192.168.1.1
Sun Jul 15 14:25:29 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Jul 15 14:25:29 2012 Route addition via IPAPI succeeded [adaptive]
Sun Jul 15 14:25:29 2012 Initialization Sequence Completed