This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
Installation and Upgrades / Re: Ad Sync Error - user name does not exist
« on: September 15, 2010, 10:16:12 pm »
Ok, it's just that I've never seen a username that looked like: j<Öçöz@ºöï
Good luck,
João Miguel Neves
Good luck,
João Miguel Neves
2
Portuguese / Re: Actualizacao Ebox para Zentyal.
« on: September 14, 2010, 11:41:02 pm »
Não tenho a certeza absoluta, mas toda a informação que tenho lido diz que não há nenhum upgrade automático.
Cumprimentos,
João Miguel Neves
Cumprimentos,
João Miguel Neves
3
Installation and Upgrades / Re: 1.4 issues
« on: September 14, 2010, 11:40:10 pm »
Do you have any errors in the logs? Particularly: /var/log/ebox/ebox.log and the files under /var/log/samba/*?
4
Installation and Upgrades / Re: Ad Sync Error - user name does not exist
« on: September 14, 2010, 04:02:38 pm »
Ok, this is a hard one.
First check: Is that username a valid one? Did it ever existed in your windows?
If not, check that your 16 characters secret key is the same on both sides.
If it is, the windows program for AD synchronization has the bad behaviour of stopping sending data at the first failure and remembering passwords for users that no longer exist. I have no idea how to correct that. But there is a workaround.
Attention: the steps from here on may result in loss of synchronized passwords. Either make sure noone is changing creation of users or accept that, for some users, they'll need to change their password.
From here on the system should return to normal behaviour and the issues should not reappear.
Best regards,
João Miguel Neves
First check: Is that username a valid one? Did it ever existed in your windows?
If not, check that your 16 characters secret key is the same on both sides.
If it is, the windows program for AD synchronization has the bad behaviour of stopping sending data at the first failure and remembering passwords for users that no longer exist. I have no idea how to correct that. But there is a workaround.
Attention: the steps from here on may result in loss of synchronized passwords. Either make sure noone is changing creation of users or accept that, for some users, they'll need to change their password.
- cd /usr/share/ebox-usersandgroups/
- cp ebox-pwdsync-server ebox-pwdsync-server-ignore-errors
- Edit ebox-pwdsync-server-ignore-errors, replace "$sock->write('E', 1);" with "$sock->write('0', 1);"
- Stop the password synchronization server: killall ebox-pwdsync-server
- Run ./ebox-ad-sync to make sure all current users are created.
- Run ./ebox-pwdsync-server-ignore-errors
- Wait for the windows application to send the information. It will dump all the password information it has. The ones causing errors will be ignored.
- Ctrl+c to stop the password synchronization server.
- Run the normal password synchronization server: ./ebox-pwdsync-server &
From here on the system should return to normal behaviour and the issues should not reappear.
Best regards,
João Miguel Neves
5
Installation and Upgrades / Re: Zentyal 2.0 and Active Directory Integration
« on: September 14, 2010, 03:31:08 pm »
There are two stages in integration: ad-sync and pwdsync.
ad-sync creates the users.
pwdsync synchronizes the passwords.
Which one is failing? If it's the first, make sure the login and password for user eboxadsync match on both machines.
Check for error messages in Zentyal's log.
Best regards,
João Miguel Neves
PS: how many users do you have?
ad-sync creates the users.
pwdsync synchronizes the passwords.
Which one is failing? If it's the first, make sure the login and password for user eboxadsync match on both machines.
Check for error messages in Zentyal's log.
Best regards,
João Miguel Neves
PS: how many users do you have?
6
Installation and Upgrades / Re: Sync two masters
« on: September 10, 2010, 07:42:34 am »
If I understand correctly, you want to put all your users and groups together?
If so, you should choose a master and configure your other boxes as slaves.
Best regards,
João Miguel Neves
If so, you should choose a master and configure your other boxes as slaves.
Best regards,
João Miguel Neves
7
Installation and Upgrades / Re: [bug] setting a dhcp dynamic domain doesn't work
« on: September 10, 2010, 07:37:12 am »
The solution is in the bug report referred by sixstone: http://trac.zentyal.org/ticket/1898 (you just need to configure app armor to let dhcpd read that file).
Best regards,
João Miguel Neves
Best regards,
João Miguel Neves
8
Installation and Upgrades / Re: vpn client does not work
« on: September 09, 2010, 10:26:26 am »
I see your problem. Your client is in a 192.168.5.0/24 network. When it connects to the vpn, the client is reconfigured to send the packets to 192.168.5.0/24 (the announced network) through the vpn, resulting in the failure situation you report.
Solution: change the networks to differ.
Work around, create a specific route in the client to the gateway, like:
sudo route add -host 192.168.5.1 dev eth0
As the netmask is more specific than the announced network one (255.255.255.255 vs 255.255.255.0) the routing will be done through it.
Good luck,
João Miguel Neves
Solution: change the networks to differ.
Work around, create a specific route in the client to the gateway, like:
sudo route add -host 192.168.5.1 dev eth0
As the netmask is more specific than the announced network one (255.255.255.255 vs 255.255.255.0) the routing will be done through it.
Good luck,
João Miguel Neves
9
Installation and Upgrades / Re: vpn client does not work
« on: September 08, 2010, 04:56:48 pm »
What is the local network configuration of the client (IP address, netmask and gateway)?
What are the announced networks configured on the vpn server? What is the internal addresses configured on the vpn server configuration?
Does the client local network overlaps the vpn server announced networks or the vpn server internal network? If that's the case, then you need to change either the local network or either the announced networks or internal network of the vpn server, so the client is still able to reach its gateway.
Best regards,
João Miguel Neves
What are the announced networks configured on the vpn server? What is the internal addresses configured on the vpn server configuration?
Does the client local network overlaps the vpn server announced networks or the vpn server internal network? If that's the case, then you need to change either the local network or either the announced networks or internal network of the vpn server, so the client is still able to reach its gateway.
Best regards,
João Miguel Neves
10
Installation and Upgrades / Can Zentyal act as a printer server on AD Slave mode?
« on: September 07, 2010, 09:04:58 pm »
Can Zentyal act as a printer server on AD Slave mode?
I've been trying with an eBox 1.4 installation, but file sharing, printer sharing and user corner fail to recognize the passwords. The synchronization is working well.
Any tips/suggestions are very welcome.
Best regards,
João Miguel Neves
I've been trying with an eBox 1.4 installation, but file sharing, printer sharing and user corner fail to recognize the passwords. The synchronization is working well.
Any tips/suggestions are very welcome.
Best regards,
João Miguel Neves
11
Installation and Upgrades / Is it possible to whitelist an ip address for smtp?
« on: September 01, 2010, 03:12:47 pm »
Good afternoon,
I have a Xerox ColorQube 9203 printer that sends scans by email. Unfortunately it does not do any kind of authentication (If I enable auth on the printer for system messages, postfix logs an authentication error). It has a fixed address on the network.
Is there someplace in eBox 1.4 that I can setup up for it to accept relaying from this ip address? Or must I edit the postfix template?
Thanks in advance,
João Miguel Neves
PS: In case anyone is curious, the authentication error I get on postfix is:
I have a Xerox ColorQube 9203 printer that sends scans by email. Unfortunately it does not do any kind of authentication (If I enable auth on the printer for system messages, postfix logs an authentication error). It has a fixed address on the network.
Is there someplace in eBox 1.4 that I can setup up for it to accept relaying from this ip address? Or must I edit the postfix template?
Thanks in advance,
João Miguel Neves
PS: In case anyone is curious, the authentication error I get on postfix is:
Sep 1 12:40:41 ebox postfix/smtpd[4838]: connect from unknown[10.1.1.247]
Sep 1 12:40:41 ebox postfix/smtpd[4838]: lost connection after AUTH from unknown[10.1.1.247]
Sep 1 12:40:41 ebox postfix/smtpd[4838]: disconnect from unknown[10.1.1.247]
12
Installation and Upgrades / Re: Authenticating an ubuntu desktop against ebox in ad slave mode
« on: May 03, 2010, 11:04:00 pm »
http://trac.ebox-platform.com/ticket/1872 - I'm starting to suspect that I'm finding the same problem as this bug report.
13
Installation and Upgrades / Re: Authenticating an ubuntu desktop against ebox in ad slave mode
« on: May 03, 2010, 07:37:55 pm »
Current situation: this works:
ldapsearch -h localhost -D "cn=ebox,dc=mydc" -x -W -b "dc=mydc" '(objectClass=*)' dn
Replacing the -D for one user, fails with "ldap_bind: Invalid credentials (49)".
Any clues are welcome,
João Miguel Neves
ldapsearch -h localhost -D "cn=ebox,dc=mydc" -x -W -b "dc=mydc" '(objectClass=*)' dn
Replacing the -D for one user, fails with "ldap_bind: Invalid credentials (49)".
Any clues are welcome,
João Miguel Neves
14
Installation and Upgrades / Re: Authenticating an ubuntu desktop against ebox in ad slave mode
« on: May 03, 2010, 07:16:48 pm »Have a look at: http://trac.ebox-platform.com/wiki/Document/Documentation/EBoxDesktop#ChangesonServerSidetoMakeitWork
I had already reviewed those. Our current issues are:
1) When syncing from AD, the homeDirectory variable in LDAP is set to the default in the UsersAndGroups module (/nonexistent). I'm building a script to reset that.
2) pam_ldap is refusing to bind with any user. This is getting fun... I'll update the info as soon as I have more information. getent passwd works, showing up all users.
Thanks,
João Miguel Neves
15
Installation and Upgrades / Re: Authenticating an ubuntu desktop against ebox in ad slave mode
« on: May 03, 2010, 12:53:22 pm »
Thanks.
I haven't tried to debug the authentication after importing it (the 1st attempt I had the wrong dc in /etc/ldap.conf).
At the moment I'm fighting with the LDAP's homeDirectory attribute being defined as /nonexistent. Any clues on how to work around that?
loginShell was also undefined, but nss_default_attribute_value worked well for that case.
Thanks in advance,
João Miguel Neves
I haven't tried to debug the authentication after importing it (the 1st attempt I had the wrong dc in /etc/ldap.conf).
At the moment I'm fighting with the LDAP's homeDirectory attribute being defined as /nonexistent. Any clues on how to work around that?
loginShell was also undefined, but nss_default_attribute_value worked well for that case.
Thanks in advance,
João Miguel Neves
Pages: [1] 2