Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - nontrivial

Pages: 1 2 3 [4]
46
Installation and Upgrades / LDAP Problem
« on: November 29, 2012, 10:26:36 pm »
I am trying to migrate a server from Zentyal 2.2 to 3.0. One of the issues is backups. I wrote a custom perl script that connected to the LDAP server, got a list of users, and then conditionally backed up their email by user based on the information I got out. I did a search and found that Zentyal no longer uses the default port, and I am past that problem. However, now that I can search, the search itself is failing. I am using the actual domain instead of "blahblah" indicated below. Even though I think it's a nice solution, I'm not set on using LDAP, so if there is a better way to get a list of users out of Zentyal from the command line I would be happy to use it. Here is a snippet from by script, and any help is appreciated.

use Net::LDAP;
    my $LDAP = Net::LDAP->new( 'localhost:390' ) or
      warn("Unable to connect to LDAP server: $@");
   
    my $Result = $LDAP->bind();
    if ($Result->code) {
      warn("Unable to bind to LDAP server: $Result->error");
    }
   
    $Result =$LDAP->search(base => "ou=Users,dc=blahblah,dc=com",
            attrs => ['uid','mail','description'],
            filter => "(objectClass=passwordHolder)");
    if ($Result->code) {
      warn("Unable to search to LDAP server: $Result->error");
    }
   
    foreach my $entry ($Result->entries) {
      my $UID = $entry->get_value('uid');
    }

47
Installation and Upgrades / Unable to add new admin user
« on: November 29, 2012, 09:37:10 pm »
Hello, I am using Zentyal 3.0. I have added a new user with the Zentyal console, and now I am trying to give that user access to the Zentyal console. I have tried adding the user to the sudo group and the adm group. I have tried creating the admin group and adding the new user to that group. I have tried adding the new user to /etc/sudoers. I have tried enabling PAM for all Zentyal users. However, I always get an "Invalid Password" message when trying to login to the console as the new user. Any help would be greatly appreciated.

James

48
Installation and Upgrades / HOWTO: EGroupware on Zentyal 2.7
« on: July 20, 2012, 09:42:55 pm »
I'm not saying Zarafa is bad, but it simply doesn't suit my needs. There are, surprisingly, a LOT of open source groupware solutions out there, and after installing and trying out several of them (Citadel, SOGo, Horde, Zarafa, and EGroupware), I have decided that EGroupware was the best fit for my needs. My two biggest criteria are A) that it integrates well with Zentyal, and B) that it supports multiple instances (one per Zentyal virtual mail domain). I actually liked Citadel the best, but it stores it's information in Berkely databases, and therefore the Zentyal integration was nonexistent. Next up was SOGo, and while easy to install, I couldn't get the shared contacts and calendars to work. Horde was a PITA to install and it looked like it would also be a PITA to maintain. Zarafa obviously had excellent integration with Zentyal but it was limited to a single domain per server.

The advantages for using EGroupware are:
 * DEB packages for Zentyal 2.7 are available.
 * It is relatively easy to install, configure, and maintain.
 * It is well supported and it is under active development.
 * The Zentyal integration is second best after Zarafa.
 * On balance it has more features than Zarafa. In particular, it
   comes with shared files, project management, and more.

The disadvantages for using EGroupware are:
 * It is a bit flaky. In particular version 1.6 has some issues
   with syncing, and version 1.8 has some issues with Zentyal 2.7.
 * While deb packages are available, I couldn't get the repository
   to actually work, so I had to install them by "hand".
 * Like most open source groupware projects, you have to pay extra
   if you want "proper" (ActiveSync) syncing. Cal/Card/Group DAV
   and SyncML syncing are free, however, and work well in 1.8.

After doing a bit of research I decided to go with EGroupware 1.8. I'm not entirely sure, but I believe the major issue is that 1.8 expects but does not require a newer version PHP than Zentyal 2.7 has that (hopefully) Zentyal 3.0 will. Hopefully in a few months when I upgrade to Zentyal 3.0 it will become more stable. EGroupware relies on the host system to provide email support, so it works well with the standard Postfix vmail folders that Zentyal uses. Instead of messing with LDAP authentication, EGroupware offers authentication based on IMAP credentials that works very well. Therefore, folks can use the Zentyal User Corner to change their password for both email and EGroupware.

Installing EGroupware falls roughly into five stages:
 * Installing the software.
 * Configuring apache and MySQL.
 * Configuring the global setting (Called Header in EGW).
 * Configuring the instance (Called domain, setup, and/or config in EGW).
 * Configuring the instance preferences.

INSTALLING THE SOFTWARE
 * apt-get update && apt-get upgrade
 * apt-get install aspell tnef mysql-server libmcrypt4 libsqlite0 php5-mysql php5-gd php5-cli php5-imap php5-ldap php5-mcrypt php5-xcache php5-sasl php-log php5-sasl php-auth-sasl php5-sqlite php5-imagick
 * pear install XML_Feed_Parser
 * mkdir tmpdir;cd tmpdir
 * wget -r -nc --level=1 http://download.opensuse.org/repositories/server:/eGroupWare/xUbuntu_10.04/all/
 * mv download.opensuse.org/repositories/server\:/eGroupWare/xUbuntu_10.04/all/*.deb .
 * rm -rf download.opensuse.org;rm *_1.6.*;rm php*;rm egroupware_1.8*
 * dpkg -i *.deb
 * chmod 600 /var/lib/egroupware/header.inc.php
 * chown -R www-data:www-data /var/lib/egroupware/

CONFIGURING MYSQL
 * As root, create mysql db, user, and password of egroupware:
   * mysql mysql
   * create database egroupware;
   * create user 'egroupware'@'localhost' identified by 'egroupware'
   * grant all privileges on egroupware.* to egroupware@localhost;
   * flush priveleges;

CONFIGURING APACHE
 * Update /etc/php5/apache2/php.ini and set the time zone.
 * The good and bad thing about Zentyal is that it clobbers the default apache website and does not offer a way to add further configuration like it does for the virtual hosts. What I did was edit the /usr/share/zentyal/stubs/webserver/default.mas file, and added "Include /etc/egroupware/apache.conf" near the end. A cleaner approach might be to create a new virtual host, copy the /etc/egroupware/apache.conf file to the user configuration directory that Zentyal provides, and then comment out the "Alias" line and soft link the /srv/www/whatever directory to /usr/share/egroupware directory. Basically this is the toughest part of the setup, and there is not a tidy way to configure apache here.
 * /etc/init.d/zentyal apache restart
 * service apache2 restart
 * At this point you should be able to load the EGroupware setup page if you point your browser at the right spot. The default location is "http://<servername>/egroupware/setup". If not, you need to try again until you can.
   * Run “Check Installation”. There should be no errors. There will probably be some warnings preventing the use of databases other than MySQL, which is fine.
   * Enter a header password. Keep that password safe somewhere.
   * Enter a domain/instance/configuration password. Keep that password safe somewhere.
   * Click to write the configuration file: /var/lib/egroupware/header.inc.php

CONFIGURING THE INSTANCE
 * Load the EGroupware setup page and log into the Config Admin Login. The default location is "http://<servername>/egroupware/setup".
   * Install all applications. This creates the database tables.
   * Add an administration account. The user name should be the same as a Zentyal user. Use just the user name, not the whole email address.
   * Update the backup and files directories if needed.
   * Enter the host name for the FTP server. (“localhost”)
   * Enter the full URL. (“http://host.domain.com/egroupware”)
   * Enter the host name for the IMAP server. (“localhost”)
   * Choose “Virtual Mail Manager” for the mail server login type. All users that log into this EGW instance will need to have a valid email address for the domain name indicated in the next field. It is critical to ensure user names are not shared across multiple EGW domains.
   * Enter the mail domain. (“domain.com”)
   * Enter the host name for the SMTP server. (“localhost”)
   * Enter 587 for the SMTP
   * Choose “SQL” for the type of authentication. We will change it later.
   * Save the configuration.
 * Go to the regular user login ("http://host.domain.com/egroupware") and make sure the admin login works, and then log out.
 * Log back into the Config Admin Login change the authentication types from SQL to Mail.
 * Go to the regular user login and make sure the admin login still works.

CONFIGURING THE INSTANCE PREFERENCES
 * Go to the regular user login and login as the administrator.
 * Click on the Admin application, and select Site Configuration.
   * Change net email construction to “Username@domain.com”.
   * Enter title for the site.
   * If desired, put logo in “/usr/share/egroupware/phpgwapi/templates/default/images” and enter file name for logo. (“logo.png”)
   * Enter a URL for the logo.
   * Enter the name of the logo.
   * If desired, put favicon in “/usr/share/egroupware/phpgwapi/templates/default/images” and enter file name for logo. (“favicon.ico”)
   * Save your changes.
 * Click "Preferences" in the top left corner, then click on Common Preferences, then click on Default Preferences.
   * If desired, change the Date Format, Country, Language, Default Application, and Currency, and then click save.

TIPS
 * It is a bad idea to change a user's user name in EGW.
 * For each user, uncheck the box that says "Can change password".
 * Edit each user group and update the default applications that thier users are assigned to.
 * If you assign the Admin application to a user, they are by definition an adminstrator.
 * Most of the applications are awesome, but some of them are useless, broken, and/or require extra magic to get working. I have available but do not assign emailadmin, etemplate, gallery, registration, sambaadmin, sitemgr, syncml, systeminformation, tranlationtools, and website.
 * If you get a bunch of errors, you might need to disable the apache deflate module.

49
Installation and Upgrades / HOWTO: Trusted Certificate
« on: July 18, 2012, 09:40:11 pm »
Generating a CSR:
 * This assumes the name of your mail server is same as the name of
   your web server. If that isn't the case, then you will need two
   different certificates: One for postfix and dovecot, and one for
   apache. This also assumes you only want one apache vhost to be
   SSL enabled, otherwise you will need a certificate for each vhost.
 * You probably need to use sudo a lot below. I don't have time for that.
 * In the following command, replace "host" with the desired server name.
 * openssl req -new -nodes -keyout host.key -out host.csr -newkey rsa:2048
 * Creates host.key and host.csr files. Keep host.key in a safe place.
 * Submit host.csr to the certificate authority.

Get back host.crt and intermediate.crt, then:
 * Turn on SSL for mail and imap in Zentyal console and save.
 * cat host.crt > postfix.pem
 * cat host.key >> postfix.pem
 * cp /etc/postfix/sasl/postfix.pem /etc/postfix/sasl/postfix.pem.bak
 * cp postfix.pem /etc/postfix/sasl/postfix.pem
 * chmod 400 /etc/postfix/sasl/postfix.pem
 * chown root:root /etc/postfix/sasl/postfix.pem
 * cp /etc/dovecot/ssl/dovecot.pem /etc/dovecot/ssl/dovecot.pem.bak
 * cp postfix.pem /etc/dovecot/ssl/dovecot.pem
 * chmod 400 /etc/dovecot/ssl/dovecot.pem
 * chown root:root /etc/dovecot/ssl/dovecot.pem
 * cp host.key /etc/apache2/ssl/
 * cp host.crt /etc/apache2/ssl/
 * cp intermediate.crt /etc/apache2/ssl/
 * chmod 400 /etc/apache2/ssl/*
 * chown root:root /etc/apache2/ssl/*
 * Comment out SSLCertificateFile line in the file
   /usr/share/zentyal/stubs/webserver/vhost.mas
 * Turn on SSL for vhost in Zentyal console and save.
 * rm postfix.pem host.crt intermediate.crt
 * Add custom config for vhost with SSL config:
  SSLCertificateFile /etc/apache2/ssl/host.crt
  SSLCertificateKeyFile /etc/apache2/ssl/host.key
  SSLCertificateChainFile /etc/apache2/ssl/intermediate.key
  #SSLCACertificateFile /etc/apache2/ssl/intermediate.key
 * /etc/init.d/zentyal apache restart
 * /etc/init.d/zentyal mail restart

This seems to work except that I went REALLY cheap on the certificate, and while the browser recognizes it, my mail client does not and I still get the warning. Oh well, live and learn. If you want to have a good result for postfix and dovecot (email and imap) then I suggest you get that certificate from one of the big certificate authorities like thawte, geotrust, or verisign.

50
Hello,

I have purchased a signed certificate for use with my Zentyal 2.2.7 server. Zentyal has a great system for generating and managing self signed certificates, but how do I use my actually signed certificate for a website (https://www.mydoman.whatever) and for secure IMAP?

James

51
I just noticed that john (a password cracking tool) is installed and run when you install the cloud client. Umm, why?

James

52
Installation and Upgrades / Two backup issues.
« on: July 13, 2012, 08:26:50 pm »
Hello, I am using 2.2.7, and I have two backup related issues.

First, I prefer to back up my own server because I want to back up more than just the Zentyal configuration, and part of that process is running "/usr/share/zentyal/make-backup --description 'A nice description'" every night. That worked fine until I subscribed to a basic Zentyal subscription, and then I started getting the error "Use of uninitialized value $value in concatenation (.) or string at /usr/share/perl5/EBox/RemoteServices.pm line 1863.". Now I'm a perl programmer, so I just edited line 1861 of that file from "my $value = $self->st_get_string($entry);" to "my $value = $self->st_get_string($entry) || 0". It seems that there was no $value being set when the $entry was "/ebox/state/remoteservices/Subscription". That seems to have fixed the error, but my question is, is zero the right value to default to? I think that value indicates whether or not to back up that directory, and since I don't care about restoring my subscription information I think the answer is yes.

My second issue is that, since I subscribed to the basic subscription, I keep getting nightly email alerts about "Cannot make the automatic backup. FTP connection cannot be done". Can somebody please tell me how to get around that error, or else tell me how to disable the nightly automatic backups? I would actually prefer not to perform automatic backups rather than resolve the issue. I would also be more than happy to just go back to not having a subscription.

James

53
Installation and Upgrades / HTTPS Question
« on: July 04, 2012, 10:25:02 pm »
Hello, I am running Zentyal 2.2 with the Zentyal console running on the HTTPS (port 443). I am running a web application listening on port 20000, and apache is using mod_rewrite to proxy that port to a particular virtual directory on HTTP (port 80). It is currently working fine but I want to make the web application available via HTTPS instead of HTTP. My basic question is, what is the best way to make the Zentyal console coexist with "unmanaged" HTTPS websites? In other words, which of the following approaches would be best:
 * Edit /var/lib/zentyal/conf/apache2.conf. But will my changes be overwritten at some point?
 * Set up a dedicated virtual host name. Will /etc/apache2/sites-available/default-ssl work normally then?
 * Any other better ideas? If so, what?

54
Installation and Upgrades / Multiple Domains Question
« on: July 04, 2012, 12:23:03 am »
I am running Zentyal 2.2, and it obviously supports multiple virtual domains for email. I am considering hosting another domain, and it looks like the email address for a user is "hard coded" for the default domain selected when setting up the server. I don't plan on running Zarafa, so how does one choose which virtual domain a user belongs to?

55
Installation and Upgrades / IMAP Spam Folder
« on: June 23, 2012, 06:20:07 pm »
Hello, I am running Zentyal 2.2 without Zarafa installed. I noticed that in addition to the other default IMAP folder, there is one called Spam. I have spam filtering enabled, and I am wondering if that folder is where detected spam goes, or is that where you put spam to train the filter? If it's where detected spam goes, is there a HOWTO somewhere about how to set up training the spam filter based on email in an IMAP folder?

56
Installation and Upgrades / IMAP Issue [SOLVED]
« on: June 20, 2012, 08:43:21 pm »
I just installed and set up Zentyal 2.2 for the first time, and almost everything so far has gone swimmingly. I think the last major issue I have left is getting an Evolution client to talk to the IMAP and SMTP server. Basically it isn't workign and I don't know why. On evolution all I get is "Error while scanning folders". The only thing I could find on the server is in the mail.err log it says "dovecot: Fatal: listen(0.0.0.0, 143) failed: Address already in use". I don't know if that is the major malfunction, and if it is what to do about it. Any help would be greatly appreciated.

57
Installation and Upgrades / LDAP Settings Issue
« on: June 19, 2012, 10:24:40 pm »
So I have a new install of Zentyal 2.3, and I am working through some issues. One of the issues I have is that my ISP allows static and dynamic IP addresses, so the installer used a dynamic address and then I switched it over to a static address during the initial Zentyal configuration. The problem is that under LDAP Settings, it lists my ISP's information that it got whilst using the dynamic IP address during the initial setup. I would very much like the LDAP settings to reflect my domain name instead of my ISP's. Is there any way to change that information? I am not afraid of CLI administration.

58
Installation and Upgrades / Missing software update?
« on: June 19, 2012, 05:47:14 pm »
Hello,

The dashboard (Zentyal 2.3) indicates that I have one security update to install, but when I go to the software update page there isn't anything listed. And I take it that it would be REALLY bad to use apt-get to update the 75 packages that apt indicates that need to up updated?

59
Installation and Upgrades / Mystery root perl processes
« on: June 19, 2012, 01:59:02 am »
I have noticed running top that there is a constant stream of perl processes run by root. They last about a second, usually use from 20% to 50% of a CPU, and then go away, only to be replaced with a new one (with a new pid). Is that normal? If so what is going on? If not, how can I get rid of them?

60
Installation and Upgrades / Network is unreachable
« on: June 18, 2012, 02:40:53 am »
I have a new install of Zentyal 2.3. I have three network interfaces:
 * eth0 -> Internal wired network, static, 192.168.1.1
 * eth1 -> Internal wireless network, static, 192.168.2.1
 * eth2 -> External connected to cable modem, static, IP 98.174.187.147,SM 255.255.255.240, GW 98.174.187.145

I am attempting to replace a stock Ubuntu 10.04 install that has worked flawlessly for two years that I am very comfortable configuring by hand. I was hoping Zentyal would make my life easier, but so far not so much. The install went fine, and standing on a ladder holding the keyboard in my hand, I can log into my Zentyal box, do the initial configuration, ifconfig looks good, resolve internet addresses, and ping various places. It all looks good, so I go to one of the wired Ubuntu workstations to tweak the box via the web administration, and that's when unhappiness ensues.

The first problem is DHCP isn't working, and therefore I have no internet to view the online docs. I jacked with the settings for an hour or so (standing on a ladder) with no luck before giving up and defining a static IP on the workstation. I can probably figure out the DHCP problem, eventually, but there is a bigger problem that has me REALLY stumped. I was able to slogin to the box and was then able to resolve IP addresses, but I couldn't ping anything except the Zentyal box. I get "connect: Network is unreachable". So I spent another couple hours jacking with settings before giving up and bypassing the router and using my emergency Lynkys box until I have another few hours trying to get basic networking on a linux box working.

It's almost as if the box isn't forwarding packets from the internal network to the external network, ie iptables doesn't have IP_FORWARD set or something, but I am REALLY reaching the limits of my linux administration knowledge here, and I have no idea what most of the settings in Zentyal do, or how they interact. I even tried turning off the firewall (that gave me a warm fuzzy) and that didn't help. When I run route -n, the table looks REALLY odd to me:
0.0.0.0         98.174.187.145  0.0.0.0         UG    100    0        0 eth2
98.174.187.144  0.0.0.0         255.255.255.240 U     0      0        0 eth2
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

Now, ignoring whatever the hell "virbr0" is, I have no idea what the "98.174.187.144" line is doing there, the default gateway line looks porked, and I have never see the default gateway listed FIRST before. Seeing as how DHCP did not come turned on by default, I can only guess what else I have to set up as well. I will try again tomorrow, but my best guess for the DHCP issue is that, despite the fact that the configuration page seems to indicate all is well, after reading the docs I probably still need to define a range of IP addresses to serve (after figuring out what a network object is and setting one up, of course). As for the routing issue I am REALLY guessing. My best guess is, even though the route command seems to indicate that there are routes for the internal networks, that I still need to add static routes in the Zentyal config. I still think I am going to be boned with the default gateway, so I am probably going to spend some quality time with the route command adjusting the routing table. Again, I am reaching the limit of my linux administration knowledge, and any help would be appreciated.

Pages: 1 2 3 [4]