This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / NGinx 504 Gateway Timeout error
« on: December 29, 2014, 10:10:37 pm »
Hi:
I have a zentyal community 4.0.5 install running domain controller and file sharing, openchange, mail and jabber services, for some 500 users (not all connected at the same time). The problem we are having at the moment is that we are experiencing very frequent nginx 504 Gateway time-out errors when attempting to access the managenent console.
The machine running zentyal is a 4 core 4 GB RAM server. top shows samba using 100% of one core fairly often, but the total load average rarely reaches 2. Web access to email works just fine. I am guessing some tuning is required for the perl connection to nginx and/or nginx timeout settings, however, being no expert in any of them, I was wondering if any of you could provide some advice about it.
Thanks,
E.
I have a zentyal community 4.0.5 install running domain controller and file sharing, openchange, mail and jabber services, for some 500 users (not all connected at the same time). The problem we are having at the moment is that we are experiencing very frequent nginx 504 Gateway time-out errors when attempting to access the managenent console.
The machine running zentyal is a 4 core 4 GB RAM server. top shows samba using 100% of one core fairly often, but the total load average rarely reaches 2. Web access to email works just fine. I am guessing some tuning is required for the perl connection to nginx and/or nginx timeout settings, however, being no expert in any of them, I was wondering if any of you could provide some advice about it.
Thanks,
E.
2
Installation and Upgrades / LDAP replication between two domain controllers
« on: February 08, 2013, 12:23:19 am »
Hi:
I have setup 2 zentyal 3.0 servers. Let's call the first one Zentyal A on LAN A and the second one, Zentyal B on LAN B. Zentyal A was set up as a domain controller. Zentyal B was set up as an additional domain controller for the same domain.
Now, on Zentyal A I create users under the users and groups modules and set up my DNS hostnames under the DNS module. Then, if I join a machine from lan B to the domain (which, on that lan, is handled by zentyal B), it autheticates just fine with users created on Zentyal A. Similarly, if I do DNS queries to zentyal B, I get the right answers for hostnames defined on Zentyal A.
But, if I query the LDAP server from Zentyal B, I do not get the results of users and groups created and managed from zentyal A. I would expect that to happen, since I would expect to have some sort of LDAP replication in very much the same way there is a DNS replication.
Is there any way to accomplish this? Thanks.
I have setup 2 zentyal 3.0 servers. Let's call the first one Zentyal A on LAN A and the second one, Zentyal B on LAN B. Zentyal A was set up as a domain controller. Zentyal B was set up as an additional domain controller for the same domain.
Now, on Zentyal A I create users under the users and groups modules and set up my DNS hostnames under the DNS module. Then, if I join a machine from lan B to the domain (which, on that lan, is handled by zentyal B), it autheticates just fine with users created on Zentyal A. Similarly, if I do DNS queries to zentyal B, I get the right answers for hostnames defined on Zentyal A.
But, if I query the LDAP server from Zentyal B, I do not get the results of users and groups created and managed from zentyal A. I would expect that to happen, since I would expect to have some sort of LDAP replication in very much the same way there is a DNS replication.
Is there any way to accomplish this? Thanks.
3
Installation and Upgrades / Site 2 site VPN is Intermittent
« on: August 03, 2012, 02:53:32 pm »
Hi, all:
I have a site 2 site VPN set up with two zentyal servers on each side.
One of the servers has double WAN interfaces, which are configured for traffic balance and failover. I also set up a gateway rule so that all traffic going from the LAN to the other site goes through one of the WAN interfaces. When de VPN is up, I can ping machines from the private network of one of the sides to the other one.
The issue is that, several times a day, no traffic seems to get from one LAN to the other; Zentyal dashboard says the VPN is up, but I can't access the other side. Sometimes ping just stops responding, and other times it says that destination is unreachable Then I wait a couple of minutes, and it is back online...
Any hints?
E.
I have a site 2 site VPN set up with two zentyal servers on each side.
One of the servers has double WAN interfaces, which are configured for traffic balance and failover. I also set up a gateway rule so that all traffic going from the LAN to the other site goes through one of the WAN interfaces. When de VPN is up, I can ping machines from the private network of one of the sides to the other one.
The issue is that, several times a day, no traffic seems to get from one LAN to the other; Zentyal dashboard says the VPN is up, but I can't access the other side. Sometimes ping just stops responding, and other times it says that destination is unreachable Then I wait a couple of minutes, and it is back online...
Any hints?
E.
4
Installation and Upgrades / DNS delegation
« on: July 03, 2012, 03:10:25 pm »
Hi, all:
This is my setup:
My company has 2 offices, one main, one branch. Both offices have a zentyal box and are connected via a Zentyal to Zentyal VPN, so I can ping and connect from any box on one office to any other box on the other one. So far, so good.
Now, what I would like to do is have my main office zentyal be a DNS server for private / internal domain company.invalid (which I can do easily) and also delegate the domain branch01.company.invalid to the branch zentyal server. The final goal is to have the following:
1. DHCP with Dynamic DNS entries both for main and branch offices, each one provided by its corresponding zentyal box.
2. Be able to resolve by name a host on any office. For example, while being at the branch, be able to resolve server1.company.invalid and while being at the main office, be able to resolve branch01.company.invalid.
So far I have not found any way in the documentation to, first, delegate branch01.company.invalid to another zentyal, and second, tell the delegated / child DNS server to resolve company.invalid via the main office zentyal instead of trying (and failing) to do it via the root servers.
Is it possible to achieve this with zentyal?
Thanks.
This is my setup:
My company has 2 offices, one main, one branch. Both offices have a zentyal box and are connected via a Zentyal to Zentyal VPN, so I can ping and connect from any box on one office to any other box on the other one. So far, so good.
Now, what I would like to do is have my main office zentyal be a DNS server for private / internal domain company.invalid (which I can do easily) and also delegate the domain branch01.company.invalid to the branch zentyal server. The final goal is to have the following:
1. DHCP with Dynamic DNS entries both for main and branch offices, each one provided by its corresponding zentyal box.
2. Be able to resolve by name a host on any office. For example, while being at the branch, be able to resolve server1.company.invalid and while being at the main office, be able to resolve branch01.company.invalid.
So far I have not found any way in the documentation to, first, delegate branch01.company.invalid to another zentyal, and second, tell the delegated / child DNS server to resolve company.invalid via the main office zentyal instead of trying (and failing) to do it via the root servers.
Is it possible to achieve this with zentyal?
Thanks.
5
Installation and Upgrades / No NAT
« on: June 28, 2012, 09:33:36 pm »
Is it possible to set up zentyal to perform as a gateway *without* performing NAT for the internal network? My current set up includes my ISP router doing NAT, and it seems pointless to have Zentyal do a second layer fo NATting.
Thanks.
E.
Thanks.
E.
6
Installation and Upgrades / DNS replication
« on: April 12, 2012, 06:58:03 am »
Hi:
I have a zentyal box as authoritative DNS server for my domain. I would like to have a second one, but I don't want to have to enter any DNS changes in the configuration on both boxes. Would it be possible to make the changes in just one of them and have them replicated in the other one? Sort of like LDAP's master-slave replication?
Thanks.
I have a zentyal box as authoritative DNS server for my domain. I would like to have a second one, but I don't want to have to enter any DNS changes in the configuration on both boxes. Would it be possible to make the changes in just one of them and have them replicated in the other one? Sort of like LDAP's master-slave replication?
Thanks.
7
Installation and Upgrades / Several network interfaces as a switch
« on: April 10, 2012, 04:27:12 pm »
Hi:
I have a box with 5 network interfaces. I'd like to set one of them as WAN (no problem, just mark it as external on zentyal). I also want the remaining 4 to behave as a switch for my LAN. Is this possible to achieve with Zentyal? How?
Thanks,
E:
I have a box with 5 network interfaces. I'd like to set one of them as WAN (no problem, just mark it as external on zentyal). I also want the remaining 4 to behave as a switch for my LAN. Is this possible to achieve with Zentyal? How?
Thanks,
E:
8
Installation and Upgrades / Virtual interface management
« on: April 10, 2012, 04:25:16 pm »
Hi:
Is there anyway to set Zentyal to manage interfaces created via tunctl or brctl? I have a few servers that use this kind of interfacesin order to allow some virtual machines access to the network, and I'd really like to configure them via Zentyal instead of handwritten iptables policies.
Thanks,
E.
Is there anyway to set Zentyal to manage interfaces created via tunctl or brctl? I have a few servers that use this kind of interfacesin order to allow some virtual machines access to the network, and I'd really like to configure them via Zentyal instead of handwritten iptables policies.
Thanks,
E.
9
Installation and Upgrades / Unable to access published hosts from internal network
« on: November 14, 2009, 10:03:50 pm »
Hi:
I have the setup show in http://imagebin.ca/view/L7Qut2Xn.html .eBox
has Firewall, DNS, transparent proxy and mail services. Server with IP
address 10.10.1.13 hosts a website that needs to be publicly
available. eBox DNS has a corresponding hostname, say www.example.com,
that resolves to the IP of interface eth0 - Web, and a corresponding
Port redirection rule forwarding everything directed to ebox TCP port
80 on interface eth0 - Web to 10.10.1.13 port 80. This works without
issues.
Now, the problem arises when a machine from the internal network, say
10.10.1.220, needs to access the website at www.example.com. When the
address is entered on the browser, I get a connection refused error. I
also defined a redirection rule saying that anything coming from
interface eth1 - Interna to ebox TCP port 80 should be redirected to
10.10.1.13. See http://imagebin.ca/view/BrO81knn.html
But the redirection does not work.
Any hints?
THanks.
Updated:
I think that what is happening is the following: host sends http request to public IP, it is intercepted by transparent proxy. squid attempts to contact TCP port 80 of public IP in eth0 - Web but since no apache runs on port 80 of eBox, it fails. The redirection rule is not being applied because the traffic does not get to port 80 of eth0 from packets coming from eth0, but packets coming from the same machine (dunno, localhost, perhaps?) so they do not meet the criteria for redirection.
I have the setup show in http://imagebin.ca/view/L7Qut2Xn.html .eBox
has Firewall, DNS, transparent proxy and mail services. Server with IP
address 10.10.1.13 hosts a website that needs to be publicly
available. eBox DNS has a corresponding hostname, say www.example.com,
that resolves to the IP of interface eth0 - Web, and a corresponding
Port redirection rule forwarding everything directed to ebox TCP port
80 on interface eth0 - Web to 10.10.1.13 port 80. This works without
issues.
Now, the problem arises when a machine from the internal network, say
10.10.1.220, needs to access the website at www.example.com. When the
address is entered on the browser, I get a connection refused error. I
also defined a redirection rule saying that anything coming from
interface eth1 - Interna to ebox TCP port 80 should be redirected to
10.10.1.13. See http://imagebin.ca/view/BrO81knn.html
But the redirection does not work.
Any hints?
THanks.
Updated:
I think that what is happening is the following: host sends http request to public IP, it is intercepted by transparent proxy. squid attempts to contact TCP port 80 of public IP in eth0 - Web but since no apache runs on port 80 of eBox, it fails. The redirection rule is not being applied because the traffic does not get to port 80 of eth0 from packets coming from eth0, but packets coming from the same machine (dunno, localhost, perhaps?) so they do not meet the criteria for redirection.
10
Installation and Upgrades / BUG? Unable to access SMTP port from outside network despite firewall policies
« on: September 22, 2009, 05:07:47 am »
Hi:
I am setting up eBox as gateway, DNS and mail server. Probelm is I cannot connect from an outside network to SMTP port, even though I have a policy from external networks to ebox specifying that traffic to service Mail System should be accepted.
Connections from the internal networks work fine.
Any hints?
E.
I am setting up eBox as gateway, DNS and mail server. Probelm is I cannot connect from an outside network to SMTP port, even though I have a policy from external networks to ebox specifying that traffic to service Mail System should be accepted.
Connections from the internal networks work fine.
Any hints?
E.
Pages: [1]