Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
31
Installation and Upgrades / Can't connect to PPTP server
« on: July 25, 2011, 01:16:43 pm »
I have installed Zentyal 2.1 into an Oracle Virtualbox machine.
Everything is up-to-date.
The virtual machine (VM) has 2 NICs defined: eth0, external (192.168.3.134) and another one eth1, internal (10.0.0.1).
From within the VM I have connectivity to the outside.
I am managing the VM from the host via Web GUI and Putty SSH client, so I have connectivity to the VM.
I have installed PPTP, configured it and started it.
The host is running Windows 7 Ultimate.
Because initial tests failed, I enabled "debug" in /usr/share/zentyal/stubs/pptp/pptpd.conf.mas.
The VPN Network Address is 192.168.210.0.
The primary nameserver is 10.0.0.1, which is working well (already tested it with nslookup).
I have added a couple of PPTP users, whithout specifying their client IP address.
In Windows 7 I created a new connection to 192.168.3.134.
The fact of both client and server being on the same subnet could be a problem?
In the Security Tab I set the type of VPN to PPTP.
Data Encryption is optional.
In Authentication, I allow all protocols.
In Networking Tab, IPv4 is set to Obtain an IP address automatically.
Upon restarting the PPTP server in Zentyal, I get the following lines in /var/log/syslog:
No entries are added to the log while the Windows connection is in progress.
On the Windows side I get an error message.
I have attached the output of commands iptables -t filter -L -n -v and iptables -t nat -L -n -v.
Everything is up-to-date.
The virtual machine (VM) has 2 NICs defined: eth0, external (192.168.3.134) and another one eth1, internal (10.0.0.1).
From within the VM I have connectivity to the outside.
I am managing the VM from the host via Web GUI and Putty SSH client, so I have connectivity to the VM.
I have installed PPTP, configured it and started it.
The host is running Windows 7 Ultimate.
Because initial tests failed, I enabled "debug" in /usr/share/zentyal/stubs/pptp/pptpd.conf.mas.
The VPN Network Address is 192.168.210.0.
The primary nameserver is 10.0.0.1, which is working well (already tested it with nslookup).
I have added a couple of PPTP users, whithout specifying their client IP address.
In Windows 7 I created a new connection to 192.168.3.134.
The fact of both client and server being on the same subnet could be a problem?
In the Security Tab I set the type of VPN to PPTP.
Data Encryption is optional.
In Authentication, I allow all protocols.
In Networking Tab, IPv4 is set to Obtain an IP address automatically.
Upon restarting the PPTP server in Zentyal, I get the following lines in /var/log/syslog:
Code: [Select]
Jul 25 11:38:53 zenbox22 pptpd[17751]: MGR: connections limit (100) reached, extra IP addresses ignored
Jul 25 11:38:53 zenbox22 pptpd[17752]: MGR: Manager process started
Jul 25 11:38:53 zenbox22 pptpd[17752]: MGR: Maximum of 100 connections available
No entries are added to the log while the Windows connection is in progress.
On the Windows side I get an error message.
Code: [Select]
Connecting to 192.168.3.134 using 'WAN Miniport (PPTP)'.
Error 807: The network connection between your computer and the VPN server was interrupted.
...
I have attached the output of commands iptables -t filter -L -n -v and iptables -t nat -L -n -v.
32
Installation and Upgrades / Re: Zentyal 2.1 Beta - PPTP; Captive Portal questions
« on: July 25, 2011, 12:41:33 pm »
jsalamero, I' opening a new thread, as I feel that I am hijacking this one.
33
Installation and Upgrades / Re: Zentyal 2.1 Beta - PPTP; Captive Portal questions
« on: July 25, 2011, 11:46:52 am »
I have also tried PPTP and it didn't work (nor IPSec, by that matter).
The PPTP server appeared to be running but I couldn't find any logs nor any meaningful error message.
The PPTP server appeared to be running but I couldn't find any logs nor any meaningful error message.
34
Installation and Upgrades / Re: Active Directory Windows Server 2008R2 and Zentyal Settings
« on: July 25, 2011, 11:37:38 am »
Shaun,
it appears that the first synchronization only downloads the user names and groups, but their passwords are random. You need to change each user's passwords on the Windows server after installing the software. The Zentyal's software will intercept that change and transmit the right password to the slave.
Try it for one of the users and see if it works.
it appears that the first synchronization only downloads the user names and groups, but their passwords are random. You need to change each user's passwords on the Windows server after installing the software. The Zentyal's software will intercept that change and transmit the right password to the slave.
Try it for one of the users and see if it works.
35
Installation and Upgrades / Re: Synchronization LDAP
« on: July 25, 2011, 11:17:14 am »
Read http://doc.zentyal.org/en/directory.html.
It doesn't make sense to me either, but it's there, as you have already noticed.
Quote
There is an important limitation of the master/slave architecture. The master Zentyal server cannot have modules which depend of users and groups, for example filesharing and mail. If the master has any of these modules installed, they must be un-installed before trying to register any slave.This is a well known limitation.
It doesn't make sense to me either, but it's there, as you have already noticed.
36
Spanish / Re: Dominio con extension .local
« on: July 23, 2011, 03:04:48 pm »
De acuerdo con la documentación de la misma Microsoft, la extensión ".local" es recomendada cuando se quiere garantizar que no hay confusiones entre dominios externos válidos y dominios locales (que no se pretende que sean accesibles desde fuera). Ver http://support.microsoft.com/kb/296250.
Zentyal, sin embargo, bloquea en el propio código esa opción. Ver http://trac.zentyal.org/browser/tags/2.0-series/samba-2.0.12/src/EBox/Samba/Model/GeneralSettings.pm, líneas 102-111.
Se corresponde al fichero /usr/share/perl5/EBox/Samba/Model/GeneralSettings.pm.
Si realmente se quiere usar esa extensión, se pueden comentar las líneas dentro del procedimiento _checkDomainName.
Alternativamente, se puede usar cualquier otra extensión que no se puede rutear, como por ejemplo ".lan", ".localdomain", etc.
Zentyal, sin embargo, bloquea en el propio código esa opción. Ver http://trac.zentyal.org/browser/tags/2.0-series/samba-2.0.12/src/EBox/Samba/Model/GeneralSettings.pm, líneas 102-111.
Se corresponde al fichero /usr/share/perl5/EBox/Samba/Model/GeneralSettings.pm.
Si realmente se quiere usar esa extensión, se pueden comentar las líneas dentro del procedimiento _checkDomainName.
Alternativamente, se puede usar cualquier otra extensión que no se puede rutear, como por ejemplo ".lan", ".localdomain", etc.
37
Installation and Upgrades / Re: itis possible ot have HTTP web based file server with authentication?
« on: July 22, 2011, 11:00:02 am »
If you use a VPN you don't need a File Web Browser.
38
Spanish / Re: Problema con DNS cache
« on: July 19, 2011, 01:39:35 pm »Quote
Tengo un servidor zentyal que hace de firewall+dhcp+DNS de una pequeña red.Esta configuración funcionaba en el pasado e introduciste algún cambio que causó este problema, o es la primera vez que pruebas esta configuración?
Por otro lado, si a los clientes les dices que tu servidor es un DNS, y después no tienes ningún DNS, es normal que falle.
Prueba a desactivar el módulo de DNS y vuélvelo a intentar.
39
Spanish / Re: configurar RAID
« on: July 18, 2011, 11:04:10 am »
Josejad, no entiendo para qué quieres un único disco en RAID 0 ... es complicarse la vida sin cualquier benefício, aunque tampoco puedo hablar mucho porque desconozco el hardware que usas.
Por otro lado puede haber un problema de comunicación: tú accedes al ambiente gráfico, pero yo hago la administración siempre remota (es decir, usando la interfaz Web o directamente SSH). Cuando hablas del administrador de archivos te refieres al interfaz gráfico, porque eso no existe en la interfaz Web.
Lo que dices de que te aparecen no sé cuantos volúmenes, no me parece que sea un problema, quizás sólo falta de coherencia del sistema, que no debería mostrar volúmenes que no puede gestionar.
Si ese es el caso y todavía quieres usar LVM, tendrás que desmontar /home y crear los volúmenes en el RAID1.
Por otro lado puede haber un problema de comunicación: tú accedes al ambiente gráfico, pero yo hago la administración siempre remota (es decir, usando la interfaz Web o directamente SSH). Cuando hablas del administrador de archivos te refieres al interfaz gráfico, porque eso no existe en la interfaz Web.
Lo que dices de que te aparecen no sé cuantos volúmenes, no me parece que sea un problema, quizás sólo falta de coherencia del sistema, que no debería mostrar volúmenes que no puede gestionar.
Quote
Otro problema es que cuando estoy intentando ahora configurar el LVM mediante la herramiento system-config-lvm en modo gráfico, solo me aparece /dev/sda1 como no inicializado, pero no aparece el RAID.Si has creado un RAID1 y está montado en /home, quiere decir que no sólo has creado un RAID como también que has creado un sistema de ficheros sobre él (si no, no estaría montado).
Si ese es el caso y todavía quieres usar LVM, tendrás que desmontar /home y crear los volúmenes en el RAID1.
40
Installation and Upgrades / Re: Synchronizing Active Directory Windows Server 2008R2 Couldn't bind to LDAP serve
« on: July 18, 2011, 10:27:33 am »
Have you checked that everything is Ok on the Zentyal's end?
Are the AD sync settings properly filled?
Also, have you opened the LDAP port in the firewall?
Can you query your own LDAP from the Zentyal's server?
Are the AD sync settings properly filled?
Also, have you opened the LDAP port in the firewall?
Can you query your own LDAP from the Zentyal's server?
41
Installation and Upgrades / Re: Windows 7 & Roaming Profiles
« on: July 18, 2011, 10:11:58 am »
I will not be able to help you much, but just to let you know that I'm also interested in this subject.
You may want to alleviate the issue by upgrading your network to 1Gbps.
Another consideration is that with Windows Server 2008 and Windows 7 there redirected folders are cached automatically.
Also, you may have folder redirection without the Home profiles. In this way you would have no traffic at all (still 100Mbps is too slow by today's standards).
Good luck with this.
You may want to alleviate the issue by upgrading your network to 1Gbps.
Another consideration is that with Windows Server 2008 and Windows 7 there redirected folders are cached automatically.
Also, you may have folder redirection without the Home profiles. In this way you would have no traffic at all (still 100Mbps is too slow by today's standards).
Good luck with this.
42
Installation and Upgrades / Re: Reduncy in mail servers how?
« on: July 15, 2011, 05:42:37 pm »
If you need it, you can add another MX record to your public DNS records, pointing to another server facing the Internet.
That's why you have the option in DNS with different priority numbers.
That's why you have the option in DNS with different priority numbers.
43
Installation and Upgrades / Re: login / logout with XP without restart
« on: July 15, 2011, 05:10:48 pm »
I know the problem.
We solved by creating a short script in Windows called disconnect.bat.
Contents should be:
Mark the script to run as Administrator if you can.
Test it and let us know how it works for you.
We solved by creating a short script in Windows called disconnect.bat.
Contents should be:
Code: [Select]
net use \\<yourservername /delete /yes
net use * /delete /yesMark the script to run as Administrator if you can.
Test it and let us know how it works for you.
44
Installation and Upgrades / Re: AD Slave issues
« on: July 11, 2011, 11:10:19 am »
Well ... apparently it is working now. 
Here are some of the entries in /var/log/ebox/ebox.log after enabling debug in /etc/ebox/99ebox.conf:
Then, in Windows I reset the password for user 'cris' and a few seconds later I could see the following entries in /var/log/ebox/ebox.log:
(10.0.0.1 is the Windows server)
This whole thing is odd, because I tried resetting the password several times during the weekend (even after enabling debug) and I did not have any success until this morning, after restarting both systems.
Moreover, the following search failed:
Adding "ou=Users" to the mix seems to do the trick:
Also, during the trials, I managed to do/undo the connection, and the home folders created for one user initially ended up belonging to someone else and I had to fix the permissions by hand.
Thanks go to jsalamero for promptly responding to my post with suggestions, that allowed me to continue.
If anyone has gone though similar experiences with AD Slave configurations, it would be interesting that they shared them.
Here are some of the entries in /var/log/ebox/ebox.log after enabling debug in /etc/ebox/99ebox.conf:
Code: [Select]
2011/07/11 09:07:08 INFO> Service.pm:706 EBox::Module::Service::restartService - Restarting service for module: apache
2011/07/11 09:10:03 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] Updating existing user 'cris'.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] Updating existing user 'Administrator'.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] Updating existing user 'Guest'.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] Updating existing user 'eboxadsync'.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] Updating existing user 'krbtgt'.
...
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] Adding new group 'SQLServer2005MSFTEUser$WIN2008$MICROSOFT##SSEE'.
2011/07/11 09:10:04 DEBUG> UsersAndGroups.pm:1551 EBox::UsersAndGroups::addGroup - Invalid value for group name: SQLServer2005MSFTEUser$WIN2008$MICROSOFT##SSEE.
2011/07/11 09:10:04 WARN> ebox-ad-sync:161 main::__ANON__ - [ad-sync] Error adding group 'SQLServer2005MSFTEUser$WIN2008$MICROSOFT##SSEE'.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] Skipping adding users to not existing group 'SQLServer2005MSFTEUser$WIN2008$MICROSOFT##SSEE' (probably ignored).
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] Adding new group 'SQLServer2005MSSQLUser$WIN2008$MICROSOFT##SSEE'.
2011/07/11 09:10:04 DEBUG> UsersAndGroups.pm:1551 EBox::UsersAndGroups::addGroup - Invalid value for group name: SQLServer2005MSSQLUser$WIN2008$MICROSOFT##SSEE.
2011/07/11 09:10:04 WARN> ebox-ad-sync:161 main::__ANON__ - [ad-sync] Error adding group 'SQLServer2005MSSQLUser$WIN2008$MICROSOFT##SSEE'.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] Skipping adding users to not existing group 'SQLServer2005MSSQLUser$WIN2008$MICROSOFT##SSEE' (probably ignored).
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for CN=Domain Users,CN=Users,DC=mydomain,DC=local.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=mydomain,DC=local.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=mydomain,DC=local.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for CN=S-1-5-17,CN=ForeignSecurityPrincipals,DC=mydomain,DC=local.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for CN=Read-only Domain Controllers,CN=Users,DC=mydomain,DC=local.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for CN=Group Policy Creator Owners,CN=Users,DC=mydomain,DC=local.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for CN=Domain Admins,CN=Users,DC=mydomain,DC=local.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for CN=Cert Publishers,CN=Users,DC=mydomain,DC=local.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for CN=Enterprise Admins,CN=Users,DC=mydomain,DC=local.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for CN=Schema Admins,CN=Users,DC=mydomain,DC=local.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for CN=Domain Controllers,CN=Users,DC=mydomain,DC=local.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=mydomain,DC=local.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for CN=Domain Guests,CN=Users,DC=mydomain,DC=local.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=mydomain,DC=local.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for cris.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for eboxadsync.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for krbtgt.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for Administrator.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for Guest.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for CN=Domain Admins,CN=Users,DC=mydomain,DC=local.
2011/07/11 09:10:04 DEBUG> ebox-ad-sync:413 main::logIfDebug - [ad-sync] can't get userPrincipalName for CN=Enterprise Admins,CN=Users,DC=mydomain,DC=local.
...
Then, in Windows I reset the password for user 'cris' and a few seconds later I could see the following entries in /var/log/ebox/ebox.log:
Code: [Select]
2011/07/11 09:15:22 DEBUG> ebox-pwdsync-server:63 main:: - [ad-pwdsync] connection from 10.0.0.1
2011/07/11 09:15:22 DEBUG> ebox-pwdsync-server:92 main::handleRequest - [ad-pwdsync] handleRequest() called
2011/07/11 09:15:22 DEBUG> ebox-pwdsync-server:110 main::handleRequest - [ad-pwdsync] received encoded data: qf58UAuicIWO8/6dJ88bk0ugq1u60KwbgXjHQU2L0es=
2011/07/11 09:15:22 DEBUG> ebox-pwdsync-server:122 main::handleRequest - [ad-pwdsync] username = cris
2011/07/11 09:15:23 DEBUG> ebox-pwdsync-server:72 main:: - [ad-pwdsync] password updated successfully
(10.0.0.1 is the Windows server)
This whole thing is odd, because I tried resetting the password several times during the weekend (even after enabling debug) and I did not have any success until this morning, after restarting both systems.
Moreover, the following search failed:
Code: [Select]
root@zBackup:~# ldapsearch -x -v -b dc=mydomain,dc=local -D uid=cris,dc=mydomain,dc=local -W
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
Adding "ou=Users" to the mix seems to do the trick:
Code: [Select]
root@zBackup:~# ldapsearch -x -v -b dc=mydomain,dc=local -D uid=cris,ou=Users,dc=mydomain,dc=local -W
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
filter: (objectclass=*)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <dc=mydomain,dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# mydomain.local
dn: dc=mydomain,dc=local
objectClass: organization
objectClass: dcObject
objectClass: top
dc: mydomain
o: mydomain
# Users, mydomain.local
dn: ou=Users,dc=mydomain,dc=local
objectClass: organizationalUnit
...
Also, during the trials, I managed to do/undo the connection, and the home folders created for one user initially ended up belonging to someone else and I had to fix the permissions by hand.
Thanks go to jsalamero for promptly responding to my post with suggestions, that allowed me to continue.
If anyone has gone though similar experiences with AD Slave configurations, it would be interesting that they shared them.
45
Spanish / Re: configurar RAID
« on: July 11, 2011, 01:38:42 am »
Quizás sea un problema específico con tu hardware.
No necesitas hacerlo todo en un único paso. Puedes instalar el SO en la partición sda1. Más tardes configuras la RAID, instalas LVM e vas creando volúmenes que montas en los directorios que te interesen.
Yo tengo una configuración parecida y también opté por instalar LVM sobre RAID 1 (en mi caso, sólo por software).
No necesitas hacerlo todo en un único paso. Puedes instalar el SO en la partición sda1. Más tardes configuras la RAID, instalas LVM e vas creando volúmenes que montas en los directorios que te interesen.
Yo tengo una configuración parecida y también opté por instalar LVM sobre RAID 1 (en mi caso, sólo por software).