Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - nontrivial

Pages: [1] 2 3 4
Contributions / Tips&Tricks / Features Requests / i386 Support
« on: January 07, 2021, 08:33:44 pm »
I recently started traveling a lot for work and I wanted a portable router. I had an old i386 netbook I wanted to use that would be perfect because it was tiny and had built in wifi, ethernet, battery backup, screen, keyboard, and mouse. I actually tried webmin first but couldn't get the actual router bit working, which is fine because I wanted to use Zentyal in order take advantage of all it's familiar GUI goodness.

Long story short what I did was first install Ubuntu Mate 18.04 and made sure it worked well and was fully updated. Next I added "deb 5.1 main extra" to /etc/apt/sources.list and then ran "wget -O - | apt-key add -" to add the repository key. Then all I did was "apt-update" and "apt-get install zentyal-network zentyal-core". That got the webmin up and running, and I just apt installed other zentyal modules as I needed them. Sure it's not the latest version of Zentyal and the configuration isn't exactly supported, but it works well enough for me.

Now all I do is use the netbook itself (or ssh and use nmcli) to connect to whatever wifi is available where I'm at and have all Zentyal features available to me. Normally I'm content to just plug my laptop in directly, but I also have a portable wifi AP if I want to connect other devices as well. I also have a T-Mobile hotspot that I use when there isn't wifi available.

Installation and Upgrades / WebAdmin Issue
« on: January 07, 2021, 07:31:40 pm »
I am currently running 3 Zentyal 6.2 servers. I haven't made any changes to any of them recently but all of a sudden sogo and webadmin stopped working on one of them. Restarting the sogo services fixes it (have to do it after every reboot), but restarting the webadmin service does not error or appear to resolve anything. Force purging all the firewall rules and completely opening up the box doesn't help either. The zentyal log isn't helpful and there is are two uwsgi webadmin processes running. There doesn't seem to be a webadmin log. Can somebody please give me some ideas on how to try and troubleshoot this? It's kind of hard to admin the server without webadmin.

Installation and Upgrades / Another upgrade issue.
« on: March 02, 2017, 05:15:40 pm »
Folks may want to hold off doing upgrades to 5.0 for a while. I just did a kernal upgrade and now the system is almost unusable. I can get to it remotely, but no zentyal services seem to be running. Plymouth seems to be waiting on something. DNS (bind) fails to start with a string of errors starting with "ldb: unable to dlopen /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/". So it looks like something with samba is borked again, and most of Zentyal depends on samba.

Email and Groupware / [SOLVED] Importing users into Zentyal 5.0
« on: February 27, 2017, 11:31:15 pm »
Now that Zentyal is using samba to keep it's data, how you import users has changed. Here is a code snippet that illustrates the basics:

  use EBox;
  use EBox::Samba::User;
  my $Parent = EBox::Samba::User->defaultContainer();
  for my $Item (@Items) {
    print("Adding user '$Item->{uid}'...\n");
      parent => $Parent,
      samAccountName => $Item->{uid},
      givenName => $Item->{givenname},
      sn => $Item->{surname},
      mail => $Item->{mail},
      password => $Item->{password}

There are other parameters but I haven't tried them:
 initials  (Middle name?)

Installation and Upgrades / Latest samba upgrade to 5.0 is borked.
« on: February 26, 2017, 05:42:42 pm »
I have upgraded to zentyal-samba 5.0.4 and now my system is toast. I would suggest that people hold off on that upgrade until it gets sorted out. Getting a lot of "unable to connect to LDAP" errors in the log. Restarting services or rebooting the server does not help. I hope I won't have to reinstall the server from scratch. Again.


Email and Groupware / Mailfilter Configuration Issue
« on: February 14, 2017, 08:18:34 pm »
I was happy to see the mailfilter module return, but unfortunately I can't use it. The reason is I need the X-Spam flags included on all messages passed through and I can't seem to get that to work with the new mailfilter module. The X-Virus-Scanned header shows up but no amavis configuration changes seem to make the smap headers show up. I've spent enough hours on this so it's time to punt. I have been able to get it to work with Zentyal 5.0 if I install and configure everything by hand, so I guess that is what I am going to do.

In case you are wondering, I need the flag so I can divert any questionable emails to a separate mail folder so that users can review then. Emails in that folder are automatically deleted after a month. I also have spamassassin learn spam from that folder, so users place any spam not flagged as spam there and it is learned as spam.


I'm converting my second Zentyal 4.2 server to 5.0 and I just noticed that the Jabber, Mail Filter, and Antivirus modules are available again. I'll be checking out the mail filter module here shortly, but does anybody know anything about this?

Installation and Upgrades / Zentyal 5.0 Issues
« on: February 01, 2017, 04:09:31 pm »
I prepped a new server in case the upgrade from 4.2 to 5.0 went wrong but for the most part it seems to have worked. But there are issues, namely my mechanism to use trusted certificates seems to have failed and neither anti-virus nor spam checking seem to be working. They seem to Just Work before, so now I'm going to have to research how to get them all working again. I'll try to keep you all posted.

Installation and Upgrades / [SOLVED] Install Issues with Zentyal 5.0
« on: January 30, 2017, 09:14:18 pm »
I finally have some time to kick the tires on Zentyal 5.0, so I am starting with a fresh install. Except for a couple issues so far so good. The first issue is the GUI wouldn't come up, and after perusing the X log for whatever reason no video drivers were loaded. "apt-get install xserver-xorg-video-fbdev" fixed that problem. The second issue is I accidentally entered the wrong host name when installing, and I was getting an error with the webmin trying change it. It was blowing up enforcing the timezone because /etc/localtime is now a link instead of an actual file. So "rm /etc/localtime;cp /usr/share/zoneinfo/America/Chicago /etc/localtime" fixed that issue. 

The plan is to upgrade my personal server, run it for a few days, and see how it goes. If that goes well then upgrade my business server and run that for a couple weeks. And if THAT goes well for a couple weeks I will start upgrading customer servers. It will be great to have all my servers based on Ubuntu 16.04, thanks Zentyal folks.

PS Feature Request: Integrate the certificate authority with LetsEncrypt. That would eliminate the bulk of the customization I do at this point.

Email and Groupware / Script to sync users/contacts?
« on: September 02, 2016, 12:02:02 am »
I am trying to write a perl script to synchronize contacts between Zentyal 4.2 and another system. I believe I can hook into the existing Zentyal perl modules to do what I want, which is to use the script to manage the "Shared Contacts". If anybody could help me with some questions I would greatly appreciate it:

 * What is the difference between users and contacts? From the code they seem to be pretty similar.
 * Does the Ebox::Samba::contacts() subroutine return users, shared contacts, or all contacts, or what?
 * I see how to create a contact, but how do I specify that I want to create a shared contact?
 * Can anybody point me to a list of valid parameters (fax, mobile, city, etc) when creating a contact?

Email and Groupware / [SOLVED] Shared Contacts?
« on: September 01, 2016, 11:46:39 pm »
When I log into the webmail (Zentyal 4.2) I can't figure out how to add a contact to the "Shared Contacts" address book. Is there not a way to do that using the web interface, or do I need to use Outlook?

Installation and Upgrades / Let's Encrypt SSL Certrificates
« on: August 31, 2016, 10:33:00 pm »
So there are many posts on these forums for getting trusted certificates to work on Zentyal, and I have written a couple of them. I have been able to get lets encrypt certificates to work on Zentyal 4.2 for postfix, dovecot, and the webadmin, but not the webmail (sogo). The sogo certificate (/etc/ocsmanager/ gets replaced, but then it gets clobbered again. If I replace the certificate and restart apache it seems to work just fine. I am still going to keep working on this, but any help of suggestions would be greatly appreciated.

First make sure all service certificates are enables in the webadmin, then create the executable file "/etc/zentyal/hooks/ca.postsetconf":


  cat /etc/letsencrypt/live/ /etc/letsencrypt/live/ /etc/letsencrypt/live/ > /tmp/temp.pem
  cp -f /tmp/temp.pem /etc/dovecot/private/dovecot.pem
  cp -f /tmp/temp.pem /etc/postfix/sasl/postfix.pem
  cp -f /tmp/temp.pem /etc/ocsmanager/
  cp -f /tmp/temp.pem /var/lib/zentyal/conf/ssl/ssl.pem

  rm -f /tmp/temp.pem

  chmod 600 /etc/dovecot/private/dovecot.pem
  chmod 400 /etc/postfix/sasl/postfix.pem
  chmod 644 /etc/ocsmanager/
  chmod 600 /var/lib/zentyal/conf/ssl/ssl.pem

  exit 0

Shockingly, Zentyal does serve up arbitrary web pages under /var/www/html, so in order to have a better looking URL to access webmail you can change /var/www/html/index.html to look like this:

<html xmlns="">
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <meta http-equiv="refresh" content="0; URL=''" />
    <title>Please Wait</title>
  <body>Please Wait...</body>

That way the URL will get you to your webmail.

I provide email support for small medical practices, usually with fewer than 10 users each. Legally (HIPAA) it is much easier to use my own bare metal servers so I have been using Zentyal. As of Zentyal 4.2 32bit architecture is no longer supported. I would like to not have to spend over $2000 US to replace perfectly usable servers. Therefore, after a bit of research, it appears that the only reason Zentyal isn't supported on 32bit machines is because there is no 32bit debian package available for libsamba-perl. So I have been trying to compile it myself from the github source, but I can't get around a compile error. I have gotten around other errors by installing debian packages (libtalloc-dev, samba-dev, etc). But I can't find the right package to eliminate the error below. Any help would be greatly appreciated.

Package samba-security was not found in the pkg-config search path.
Perhaps you should add the directory containing `samba-security.pc'

Installation and Upgrades / Zentyal 5.0 Roadmap?
« on: August 08, 2016, 06:13:50 pm »
Is there any word on a roadmap for the next version of Zentyal? Looking at the release policy it looks like the next version of Zentyal should be 5.0, based on Ubuntu 16.04, and maybe released in the next couple of months. The reason I ask is I have only just recently had enough time to start upgrading my Zentyal servers. Since Zentyal has focused on being an exchange replacement I have upgraded all non-mail servers to Ubuntu 16.04 and am in the process of migrating services that Zentyal no longer supports to these servers. I would really like to have all my servers based on Ubuntu 16.04 (because of, and if Zentyal 5.0 is going to be available in the next couple months then I will just wait for it.


Like a lot of people I was disappointed to hear that, in order to focus on openchange, Zentyal is abandoning many useful features. These changes really began to be felt with Zentyal 3.5 and will be felt even more with Zentyal 4.0. The lame "solution" is that you can edit the source code yourself to fix any resulting issues, and then compile and install these newly unsupported modules, but in my opinion that defeats the purpose of using Zentyal in the first place. It makes me wonder why, if they could support two alternate modes of Zarafa and not Zarafa, why can't they support openchange and not openchange?

But I digress. The purpose of this post is to tell anybody that is interested how to effectively disable haproxy. As a bonus, I also figured out how to have apache handle all the SSL certificates, although that does mean managing all SSL enables sites by editing apache config files. Haproxy was causing issues running egroupware, which at this point is much more user friendly and more full featured than openchange. Unless and until that changes, I'll stick with egroupware. Among other things, this means that I will probably be staying with Zentyal 3.5 for the foreseeable future.

The first file needed is "haproxy.postsetconf":

#!/usr/bin/perl -w
use strict;
use POSIX;

# Rewrites haproxy config file to ignore ports 80 and 443

my $Main = '/var/lib/zentyal/conf/haproxy.cfg';

my @Lines;
open(FILE, "<", $Main);
@Lines = <FILE>;

my $Ignore;
open(FILE, ">", $Main);
for my $Line (@Lines) {
  if ($Line =~ /frontend ft/ || $Line =~ /backend ft/) { $Ignore = 0; }
  if ($Line =~ /ft_zentyal_80$/ || $Line =~ /ft_zentyal_443$/) { $Ignore = 1; }
  if (!$Ignore && $Line !~ /ssl_fc_sni/ && $Line !~ /host/) {print(FILE $Line);}

The second file needed is "webserver.postsetconf":


/bin/echo "Listen 80" > /etc/apache2/ports.conf
/bin/echo "Listen 443" >> /etc/apache2/ports.conf
/bin/sed -i 's/62080/80/g' /etc/apache2/sites-available/*.conf
/bin/sed -i 's/62443/443/g' /etc/apache2/sites-available/*.conf
/usr/sbin/a2dissite default-ssl

To neuter haproxy, do the following:

 1) Ensure the webadmin port is something other than 80 or 443.
 2) Make sure no web sites are configured to use SSL.
 3) Create the two hook scripts in '/etc/zentyal/hooks'.
 4) Make the two scripts are executable and owned by root.
 5) a2enmod ssl
 6) service zentyal haproxy restart
 7) service zentyal webserver restart

Again, you will need to manage your apache SSL enabled sites "manually" by editing config files, but in return you get complete control over the SSL certificates. The other downside, if you consider it a downside, is that I'm sure this royally screws up openchange. The Zentyal folks never explained why they started using haproxy, so I don't know what else it might screw up. So far everything I use is working great.


Pages: [1] 2 3 4