Messages

16

Installation and Upgrades / eGroupware and Ldap AddressBook

« on: August 06, 2009, 11:51:02 am »

I have tried to convert the egroupware addressbook to ldap but without success.
I used these docs to start my work:
http://www.egroupware.org/viewvc/egroupware/branches/1.6/phpgwapi/doc/ldap/README?view=markup
http://anton.frols.com/reviews/egroupware/

Egw needs the rfc2307bis.schema for ldap. Instead ubuntu, like other distribution, use nis.schema as default. Only the latests OpenSuse use the rfc2307bis.schema.
The mayor problem seems to be samba, and in particular the tool smbldap_tools, part of samba package, that support only nis.schema.
Suse/novell, to resolve this issue, developed another app, ldapsmb:
http://en.opensuse.org/Talk:Howto_setup_SUSE_11.1_as_Samba_PDC

I found other useful links of other persons that patched smbldap_tools for the same problem:
http://edin.no-ip.com/content/main-difference-between-nis-schema-and-rfc2307bis-schema
http://edin.no-ip.com/content/smbldap-populate-hack-rfc2307bis-schema-support

But if i understand correctly, ebox write directly in to ldap database so the hack would be in the ebox code base, or i'm wrong?

Can some ebox developer point me in the right direction?

Thank you very much

17

Installation and Upgrades / Re: Error with OpenVPN after upgrade from 0.10 to 1.0

« on: May 08, 2009, 11:04:01 pm »

These problems appeared when i tried to create a new OpenVPN server.
However i have solved deleting all the rules in the firewall and inserting new. After this i was able to create a new OpenVPN server istance.
Thank you

18

Installation and Upgrades / Error with OpenVPN after upgrade from 0.10 to 1.0

« on: May 08, 2009, 04:05:11 pm »

I have upgraded from a previous Ebox 0.10 (Debian Sarge) to stable 1.0 but i have a problem with openvpn.
All the users and other configs are ok, only OpenVPN have errors. When i try to activate the module i have this error with debug enabled:

Code: [Select]

\n$VAR1 = bless( {
                 '-stacktrace' => 'Cannot activate the server because  is not fully configured; please edit the configuration and retry at /usr/share/perl5/EBox/OpenVPN/Model/Servers.pm line 269
EBox::OpenVPN::Model::Servers::_validateService(\'EBox::OpenVPN::Model::Servers=HASH(0xa428c20)\', \'add\', \'HASH(0xab14f7c)\', \'HASH(0xab14f7c)\') called at /usr/share/perl5/EBox/OpenVPN/Model/Servers.pm line 177
EBox::OpenVPN::Model::Servers::validateTypedRow(\'EBox::OpenVPN::Model::Servers=HASH(0xa428c20)\', \'add\', \'HASH(0xab14f7c)\', \'HASH(0xab14f7c)\') called at /usr/share/perl5/EBox/Model/DataTable.pm line 902
EBox::Model::DataTable::addTypedRow(\'EBox::OpenVPN::Model::Servers=HASH(0xa428c20)\', \'HASH(0xab14f7c)\', \'readOnly\', \'undef\', \'id\', \'undef\') called at /usr/share/perl5/EBox/Model/DataTable.pm line 838
EBox::Model::DataTable::addRow(\'EBox::OpenVPN::Model::Servers=HASH(0xa428c20)\', \'filter\', \'\', \'advertisedNetworks\', \'undef\', \'name\', \'ProfitsGroup\', \'interfaceNumber\', \'undef\', ...) called at /usr/share/perl5/EBox/CGI/Controller/DataTable.pm line 79
EBox::CGI::Controller::DataTable::addRow(\'EBox::CGI::Controller::DataTable=HASH(0xaadc0d8)\') called at /usr/share/perl5/EBox/CGI/Controller/DataTable.pm line 201
EBox::CGI::Controller::DataTable::_process(\'EBox::CGI::Controller::DataTable=HASH(0xaadc0d8)\') called at /usr/share/perl5/EBox/CGI/ClientRawBase.pm line 166
EBox::CGI::ClientRawBase::run(\'EBox::CGI::Controller::DataTable=HASH(0xaadc0d8)\') called at /usr/share/perl5/EBox/CGI/Run.pm line 86
EBox::CGI::Run::run(\'EBox::CGI::Run\', \'OpenVPN/Controller/Servers\') called at /usr/share/ebox/cgi/ebox.cgi line 19
ModPerl::ROOT::ModPerl::Registry::usr_share_ebox_cgi_ebox_2ecgi::handler(\'Apache2::RequestRec=SCALAR(0x8d88914)\') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
eval {...} called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
ModPerl::RegistryCooker::run(\'ModPerl::Registry=HASH(0x8d889b0)\') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 170
ModPerl::RegistryCooker::default_handler(\'ModPerl::Registry=HASH(0x8d889b0)\') called at /usr/lib/perl5/ModPerl/Registry.pm line 31
ModPerl::Registry::handler(\'ModPerl::Registry\', \'Apache2::RequestRec=SCALAR(0x8d88914)\') called at -e line 0
eval {...} called at -e line 0
',
                 '-file' => '/usr/share/perl5/EBox/OpenVPN/Model/Servers.pm',
                 '-text' => 'Cannot activate the server because  is not fully configured; please edit the configuration and retry',
                 '-line' => 269,
                 '-package' => 'EBox::OpenVPN::Model::Servers'
               }, 'EBox::Exceptions::External' );

If i remember correctly before was activated the firewall and was enabled all the traffic in eth0 (the only installed interface). Now the firewall is deactivated because if i activate it i have another (from /var/log/ebox/ebox.log):

Code: [Select]

2009/05/08 16:01:32 INFO> Global.pm:360 EBox::Global::saveAllModules - Saving config and restarting services: firewall mailfilter
2009/05/08 16:01:32 INFO> Module.pm:159 EBox::Module::save - Restarting service for module: firewall
2009/05/08 16:01:33 WARN> Logs.pm:309 EBox::Logs::getModTableInfos - tableInfo() in openvpnmust return a reference to a list of hashes not the hash itself
2009/05/08 16:01:33 WARN> Logs.pm:309 EBox::Logs::getModTableInfos - tableInfo() in squidmust return a reference to a list of hashes not the hash itself
2009/05/08 16:01:33 DEBUG> LogFiltering.pm:70 EBox::Events::Model::Watcher::LogFiltering::new - Missing argument: tableInfo
2009/05/08 16:01:33 WARN> Events.pm:572 EBox::Events::__ANON__ - model EBox::Events::Model::Watcher::LogFiltering cannot be instantiated
2009/05/08 16:01:34 DEBUG> Services.pm:175 EBox::Services::serviceConfiguration - id serv7862 not esiste.

19

Installation and Upgrades / Re: PPTP VPN server with Ebox PDC authentication

« on: May 02, 2009, 09:24:37 pm »

To all people that have problems with winbind follow the steps of this ticket (particularly the third comment):

http://trac.ebox-platform.com/ticket/1268

20

Installation and Upgrades / Re: Add Recycle Bin to samba shares

« on: January 20, 2009, 01:08:26 pm »

There is an error in the script

Code: [Select]

/etc/cron.daily/purge_samba_recycle"xargs -rf"  don't delete file names with space. So modify to:

Code: [Select]

#!/bin/sh
#
find /home/*/*/.recycle/* -atime 30 -exec rm {} \;
It's slower but works.

21

Installation and Upgrades / Re: PPTP VPN server with Ebox PDC authentication

« on: January 14, 2009, 10:55:59 am »

I am using the router to share my internet access and using the dhcp function on my router as well!

Shall I need to start the dhcp server in Ebox when I use your method to install the PPTP server on my ebox ??

No, the client addresses are assigned by PPTPD daemon (option remoteip).

22

Installation and Upgrades / Add Recycle Bin to samba shares

« on: December 15, 2008, 03:06:58 pm »

This little guide explain how to add an hidden .recycle folder in top of each samba share.

Code: [Select]

sudo nano /usr/share/ebox/stubs/samba/smb.conf.mas
Add in each section of [home] , [<% $group->{'sharename'} %>] and [<% $share->{share} %>] after the browseable row this:

Code: [Select]

vfs object = recycle
recycle:keeptree = Yes
recycle:versions = Yes
recycle:touch = Yes
recycle:maxsize = 500000000
recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??

Do some changes in the samba ebox module so it rewrite the smb.conf.

With the above settings the recycle bin will not save the files above 500MB. See the samba manual for other useful settings: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/VFS.html#id2644353

Add a script to /etc/cron.daily to delete the files after 30days of deletion:

Code: [Select]

sudo nano /etc/cron.daily/purge_samba_recycleand write in it:

Code: [Select]

#!/bin/sh
#
find /home/samba/*/*/.recycle/* -atime 30 | xargs rm -rf
Make the script executable

Code: [Select]

sudo chmod +x /etc/cron.daily/purge_samba_recycle

Francesco

PS: remember to rewrite these mods if you update the samba ebox module

23

Installation and Upgrades / PPTP VPN server with Ebox PDC authentication

« on: December 13, 2008, 12:17:50 am »

I like OpenVPN, especially for Site-to-Site VPN. But for road warriors, PPTP is more simple to setup and immediately available in Windows and Max OSX.
This simple guide explain how to setup a PPTP server in Ebox using the Ebox Samba credentials.
I know that at the moment  the internal Ebox firewall does not support the Protocol IP 47 GRE (is it right?) and so i think it's a problem. In my setup i use an external router with port forwarding of 1723/TCP to the lan ip of Ebox and works well.

Install winbind and pptpd

Code: [Select]

sudo apt-get install winbind pptpdYou can leave all the default settings and modify only a few things:

Code: [Select]

sudo nano /etc/pptpd.conf and add

Code: [Select]

remoteip 192.168.1.230-250 This is the range of unused IP address for the clients in the same subnet of the Ebox server (my server is for example at 192.168.1.10).

Enable the Samba/PDC authentication in PPTP instead of the flat chap secrets:

Code: [Select]

sudo nano /etc/ppp/pptpd-optionsand add

Code: [Select]

plugin winbind.so
ntlm_auth-helper "/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1"
Restart PPTPD:

Code: [Select]

sudo /etc/init.d/pptpd restart
UPDATE 06/08/2009

Perhaps the winbind version supplied with Ubuntu Hardy is buggy, i don't know. But you must join the domain to make it works:

Code: [Select]

sudo net rpc join -U administratorwhere "administrator" is an ebox user with administration rights.

Now on a windows client create a connection toward the public IP address of the server and login with the ebox username/password (PDC account must be enabled)
In the Windows client remember to remove from the VPN connection the "default remote gateway" options in the TCP/IP properties.

Francesco