Zentyal setup

[tbr]

im having lots of issues with Zentyal setup.
first of all....
im a Windows network admin and have been for around 10 years(dont hold that against me) and this is slowly driving me nuts. - trying to work out if its mostly me (probably) or Zentyal.

My aim:
To have all my machines use my Zentyal for DNS, file and print, Mail server - basic SBS.
possibly eventually as a webserver too.
I would prefer to keep DHCP, and Gateway as is.
I have a mixture of Windows 7 home premium, Win7 pro, Ubuntu 10, and Ubuntu 11.10 pcs.

1. i already have a network setup using DHCP from a physical firewall, which is also the gateway. with it configured as my DNS server/pass through everything works. As soon as i try and configure anything to go through Zentyal i lose the ability to resolve names, access the internet etc.

2. as a file server whenever i create a new samba share and grant admin access to my 1 userGroup which has all my users in and their names/passwords are the same as the local names/passwords on the pc's - the share doesnt appear to any windows machine. i have access to the users home folder and the 2 Zentyal folders. - can view all through Ubuntu.

Info:
network 145.145.0.x
Zentyal server 145.145.0.145 - static
gateway/firewall 145.145.0.254 - static

DNS settings on firewall - DHCP config points all DNS to 145.145.0.145
Zentyal DNS -  transparent, using forwarders to opendns servers

any help would be much appreciated, as until i can overcome the DNS issues i dont want to tackle the mail server.....

Tim

[innocenti_jr]

True  1st setup DNS to work correctly.
You configured it to be transparent, but it should operate as a master for your LAN.
So follow this:
http://doc.zentyal.org/en/dns.html#configuration-of-an-authoritative-dns-server-with-zentyal
to create a master zone.

[tbr]

If only it were that simple.....

i tried already with and without DNS as transparent and it made no difference.

do i need to create it manually with a config file??

[innocenti_jr]

Did you also follow:
http://doc.zentyal.org/en/dns.html#dns-cache-server-configuration-with-zentyal
and went to "Network - DNS and set 127.0.0.1 as the first (and only) DNS server"?
For your setup, I'd recommend to turn DNS-transparent off.
And no, you don't have to edit any config file.

[tbr]

Yes, already had it set to 127.0.0.1
And have restarted dns and the server just in case.

[robb]

Why don't you use a private range for your internal network? Or do you have a large subnet that has direct internet access?? (do you want this??)

Can you give some more info on how you built your network? How are your subnets configured?

something like:

i-net - (ip-address) router (ip-address) - lan (subnet)

Where did you place Zentyal in your lan?
How is DNS configured and on what interfaces?
regards,

[christian]

I fully share your approach that is to focus on DNS first 
I also second robb's comment: why do you use public IP range for internal network? anyway, this may not prevent DNS to work, depending on what is configured outside.

This said, it would help to understand better what your issue is because DNs service is used everywhere but in somewhat different way depending on other infrastructure components.
e.g. if you look at HTTP service, if you are using transparent proxy, then name is solve by workstation itself meaning workstations inside your LAN must be able to solve external names while if proxy is set in non transparent mode, names are resolved by proxy only.
So, is your issue due to failure with internal names or external names "only"?

[tbr]

right.....

following your posts, i decide that i would stop using my historic range (145.145......) and just setup the whole network from scratch using Zentyal for DHCP, DNS, and just use my firewall as a gateway.

This failed miserably yet again with DNS. however, DHCP worked fine and gave out addresses, inc DNS and WINS. 

i have decided to start again from scratch using a decent box instead of the old dell pc i had.

i will be back if i have simila problems on the new server.

[robb]

I'm quite amazed you have that much trouble with DNS since it is quite straightforward. Personally I use a cahcing DNS server and use the DNS servers of openDNS for internet resolving.

If you can put your router in transparent mode (bridge mode) your zentyal can have an external IP address. If not, you can 'double NAT':

internet -- (external IP address) router (internal IP address like 192.168.0.1) -- (external IP address for Zentyal in same subnet like 192.168.0.2 on eth0) ZENTYAL (internal IP address for Zentyal with same subnet as LAN like 192.168.1.2 on eth1) -- LAN (with subnet 192.168.1.0/24)

Have your Zentyal server act as DHCP server on eth1 with DHCP range of (example) 192.168.1.50 - 100

For DNS I added for local DNS resolving: localhost and the router (if you have a router in bridge mode this is not necessary) and for external resolving I use the DNS servers of OpenDNS. (see atachment)

Can you change your DNS accordingly and report back?

[tbr]

Hi robb,
thanks for all the feedback. i will try again.
my setup is not that simple.....

i have two internet lines (one ethenet one fibre) going into my router which has its own fixed ip(eg 192.168.50.1) on the internal side - forwards traffic to the external side of my hadware firewall (on the same subnet obviously- eg 192.168.50.2), which curently runs the DHCP, DNS on the internal lan (eg192.168.0.2) with range 192.168.0.10-50.

the hardware firewall also runs a version of linux and does caching and also has openDNS fo internet resolution.

when setting up the zentyal as the DHCP and DNS server it is almost identical to my firewall. i then disable DNS on the firewall and turn off DHCP. on the lan settings of the firewall i point it to the Zentyal server, with the external network having opendns still(not that it should matter as Zentyal should do the resolution (i have tried turning this off just in case when i started clutching at straws).

on the Zentyal i have DHCP turned on (just telling you about DHCP for Completeness) - and DNS. in network settings i put 127.0.0.1 as the DNS server. i have the gateway pointed to my fiewall.  to rule out firewall issues, i have also tried forwading all traffic to my router.


thanks for your help. i will try one more time, and spend a bit longer looking at the logs. - meanwhile back to the day job!
Tim

[robb]

Your firewall also route from 1 private subnet to another private subnet.

In that case, Zentyal should not act as a Gateway. If I understand your situation correctly, zentyal only needs 1 NIC and can be put anywhere on the 192.168.0.0/24 subnet.

If you just disable DHCP and DNS on your firewall, and let Zentyal do that for you, you should be set.

Now you have:

internet -- external IP (fibre) router -- 192.168.50.0/24 subnet -- Firewall -- 192.168.0.0/24 subnet

In that last subnet you can just place Zentyal as a DNS and DHCP server.