Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - jneves

Pages: [1] 2
1
Installation and Upgrades / Re: Ad Sync Error - user name does not exist
« on: September 15, 2010, 10:16:12 pm »
Ok, it's just that I've never seen a username that looked like: j<Öçöz@ºöï

Good luck,
João Miguel Neves

2
Portuguese / Re: Actualizacao Ebox para Zentyal.
« on: September 14, 2010, 11:41:02 pm »
Não tenho a certeza absoluta, mas toda a informação que tenho lido diz que não há nenhum upgrade automático.

Cumprimentos,
João Miguel Neves

3
Installation and Upgrades / Re: 1.4 issues
« on: September 14, 2010, 11:40:10 pm »
Do you have any errors in the logs? Particularly: /var/log/ebox/ebox.log and the files under /var/log/samba/*?

4
Installation and Upgrades / Re: Ad Sync Error - user name does not exist
« on: September 14, 2010, 04:02:38 pm »
Ok, this is a hard one.

First check: Is that username a valid one? Did it ever existed in your windows?

If not, check that your 16 characters secret key is the same on both sides.

If it is, the windows program for AD synchronization has the bad behaviour of stopping sending data at the first failure and remembering passwords for users that no longer exist. I have no idea how to correct that. But there is a workaround.

Attention: the steps from here on may result in loss of synchronized passwords. Either make sure noone is changing creation of users or accept that, for some users, they'll need to change their password.

  • cd /usr/share/ebox-usersandgroups/
  • cp ebox-pwdsync-server ebox-pwdsync-server-ignore-errors
  • Edit ebox-pwdsync-server-ignore-errors, replace "$sock->write('E', 1);" with "$sock->write('0', 1);"
  • Stop the password synchronization server: killall ebox-pwdsync-server
  • Run ./ebox-ad-sync to make sure all current users are created.
  • Run ./ebox-pwdsync-server-ignore-errors
  • Wait for the windows application to send the information. It will dump all the password information it has. The ones causing errors will be ignored.
  • Ctrl+c to stop the password synchronization server.
  • Run the normal password synchronization server: ./ebox-pwdsync-server &

From here on the system should return to normal behaviour and the issues should not reappear.

Best regards,
João Miguel Neves

5
There are two stages in integration: ad-sync and pwdsync.

ad-sync creates the users.

pwdsync synchronizes the passwords.

Which one is failing? If it's the first, make sure the login and password for user eboxadsync match on both machines.

Check for error messages in Zentyal's log.

Best regards,
João Miguel Neves

PS: how many users do you have?

6
Installation and Upgrades / Re: Sync two masters
« on: September 10, 2010, 07:42:34 am »
If I understand correctly, you want to put all your users and groups together?

If so, you should choose a master and configure your other boxes as slaves.

Best regards,
João Miguel Neves

7
The solution is in the bug report referred by sixstone: http://trac.zentyal.org/ticket/1898 (you just need to configure app armor to let dhcpd read that file).

Best regards,
João Miguel Neves

8
Installation and Upgrades / Re: vpn client does not work
« on: September 09, 2010, 10:26:26 am »
I see your problem. Your client is in a 192.168.5.0/24 network. When it connects to the vpn, the client is reconfigured to send the packets to 192.168.5.0/24 (the announced network) through the vpn, resulting in the failure situation you report.

Solution: change the networks to differ.

Work around, create a specific route in the client to the gateway, like:

sudo route add -host 192.168.5.1 dev eth0

As the netmask is more specific than the announced network one (255.255.255.255 vs 255.255.255.0) the routing will be done through it.

Good luck,
João Miguel Neves

9
Installation and Upgrades / Re: vpn client does not work
« on: September 08, 2010, 04:56:48 pm »
What is the local network configuration of the client (IP address, netmask and gateway)?

What are the announced networks configured on the vpn server? What is the internal addresses configured on the vpn server configuration?

Does the client local network overlaps the vpn server announced networks or the vpn server internal network? If that's the case, then you need to change either the local network or either the announced networks or internal network of the vpn server, so the client is still able to reach its gateway.

Best regards,
João Miguel Neves

10
Can Zentyal act as a printer server on AD Slave mode?

I've been trying with an eBox 1.4 installation, but file sharing, printer sharing and user corner fail to recognize the passwords. The synchronization is working well.

Any tips/suggestions are very welcome.

Best regards,
João Miguel Neves

11
Good afternoon,

I have a Xerox ColorQube 9203 printer that sends scans by email. Unfortunately it does not do any kind of authentication (If I enable auth on the printer for system messages, postfix logs an authentication error). It has a fixed address on the network.

Is there someplace in eBox 1.4 that I can setup up for it to accept relaying from this ip address? Or must I edit the postfix template?

Thanks in advance,
João Miguel Neves

PS: In case anyone is curious, the authentication error I get on postfix is:

Sep  1 12:40:41 ebox postfix/smtpd[4838]: connect from unknown[10.1.1.247]
Sep  1 12:40:41 ebox postfix/smtpd[4838]: lost connection after AUTH from unknown[10.1.1.247]
Sep  1 12:40:41 ebox postfix/smtpd[4838]: disconnect from unknown[10.1.1.247]

12
http://trac.ebox-platform.com/ticket/1872 - I'm starting to suspect that I'm finding the same problem as this bug report.

13
Current situation: this works:

ldapsearch -h localhost  -D "cn=ebox,dc=mydc" -x -W -b "dc=mydc" '(objectClass=*)' dn

Replacing the -D for one user, fails with "ldap_bind: Invalid credentials (49)".

Any clues are welcome,
João Miguel Neves

14
Have a look at: http://trac.ebox-platform.com/wiki/Document/Documentation/EBoxDesktop#ChangesonServerSidetoMakeitWork

I had already reviewed those. Our current issues are:

1) When syncing from AD, the homeDirectory variable in LDAP is set to the default in the UsersAndGroups module (/nonexistent). I'm building a script to reset that.

2) pam_ldap is refusing to bind with any user. This is getting fun... I'll update the info as soon as I have more information. getent passwd works, showing up all users.

Thanks,
João Miguel Neves

15
Thanks.

I haven't tried to debug the authentication after importing it (the 1st attempt I had the wrong dc in /etc/ldap.conf).

At the moment I'm fighting with the LDAP's homeDirectory attribute being defined as /nonexistent. Any clues on how to work around that?

loginShell was also undefined, but nss_default_attribute_value worked well for that case.

Thanks in advance,
João Miguel Neves

Pages: [1] 2