Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Deslack

Pages: [1]
1
Installation and Upgrades / Zentyal 7.0 Install on a LXC Container
« on: July 16, 2021, 04:10:57 pm »

Hello guys,

Just installed Zentyal 7.0 on a Ubuntu 20.04 LTS using the install script as highlighted here:

https://doc.zentyal.org/en/installation.html#installation-on-top-of-ubuntu-20-04-lts-server-or-desktop

I tried it and got it running with a minor kink as follow

Code: [Select]
# ./zentyal_installer.sh
Do you want to install the Zentyal Graphical environment? (n|y) n

 - Checking Ubuntu version...
...OK

 - Checking for broken packages...
...OK

 - Checking for available disk space...
...OK

 - Checking if the system is up-to-date...
W: GPG error: http://ppa.launchpad.net/oisf/suricata-stable/ubuntu focal InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY D7F87B2966EB736F
E: The repository 'http://ppa.launchpad.net/oisf/suricata-stable/ubuntu focal InRelease' is not signed.

Which I remedied with:

Code: [Select]
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D7F87B2966EB736F
to add the suricata's pubkey to the repository. After that, ./zentyal-installer.sh ran fine.

Just a heads up for you guys.

2
Hello,

After upgrading from 6.2 to 7.0, I ran into problems not able to access the webadmin. Checking the status via
zs webadmin status with it returning stopped, then I attempt to start it via zs webadmin start. Though I got some entries in /var/log/syslog as follows:

Code: [Select]
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Scheduled restart job, restart counter is at 4.
Mar 29 21:37:52 kekwa systemd[1]: Stopped Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa systemd[1]: Started Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa nginx[21964]: nginx: [emerg] SSL_CTX_use_certificate("/var/lib/zentyal/conf/ssl/ssl.pem") failed (SSL: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small)
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Main process exited, code=exited, status=1/FAILURE
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Failed with result 'exit-code'.
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Scheduled restart job, restart counter is at 5.
Mar 29 21:37:52 kekwa systemd[1]: Stopped Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa systemd[1]: Started Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa nginx[21977]: nginx: [emerg] SSL_CTX_use_certificate("/var/lib/zentyal/conf/ssl/ssl.pem") failed (SSL: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small)
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Main process exited, code=exited, status=1/FAILURE
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Failed with result 'exit-code'.
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Scheduled restart job, restart counter is at 6.
Mar 29 21:37:52 kekwa systemd[1]: Stopped Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa systemd[1]: Started Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa nginx[21979]: nginx: [emerg] SSL_CTX_use_certificate("/var/lib/zentyal/conf/ssl/ssl.pem") failed (SSL: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small)
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Main process exited, code=exited, status=1/FAILURE
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Failed with result 'exit-code'.
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Scheduled restart job, restart counter is at 7.
Mar 29 21:37:52 kekwa systemd[1]: Stopped Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa systemd[1]: Started Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa nginx[21981]: nginx: [emerg] SSL_CTX_use_certificate("/var/lib/zentyal/conf/ssl/ssl.pem") failed (SSL: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small)
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Main process exited, code=exited, status=1/FAILURE
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Failed with result 'exit-code'.
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Scheduled restart job, restart counter is at 8.
Mar 29 21:37:52 kekwa systemd[1]: Stopped Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Start request repeated too quickly.
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Failed with result 'exit-code'.
Mar 29 21:37:52 kekwa systemd[1]: Failed to start Nginx http daemon for Zentyal web admin.

3
In the Network Configuration with Zentyal documentation, I noticed the naming convention suggested (https://wiki.zentyal.org/wiki/En/3.5/First_steps_with_Zentyal#Network_configuration_with_Zentyal)

Quote
Hostname:It is possible to change the hostname or the domain, for example zentyal.home.lan. The hostname will be used as a A register (hostname) of the local DNS domain.

You have to be careful if you intend to change the machine host name or local domain after the installation, the authentication subsystems (Kerberos) will be automatically reconfigured. It's recommended to reboot the machine after this operation, so all the daemons are aware of the change.

It was suggested that the domain be something like zentyal.home.lan, which is contrary to the suggested naming practices of a Active Directory forest. Here's a quote from an article I have read http://blog.varonis.com/active-directory-domain-naming-best-practices/

Quote
Before we discuss current best practices, here are two popular practices that are no longer recommended:

Generic top-level domains like .local, .lan, .corp, etc, are now being sold by ICANN, so the domain you’re using internally today – company.local could potentially become another company’s property tomorrow. If you’re still not convinced, here are some more reasons why you shouldn’t use .local in your AD domain name (http://www.mdmarra.com/2012/11/why-you-shouldnt-use-local-in-your.html)

If you use an external public domain name like company.com, you should avoid using the same domain as your internal AD name because you’ll end up with a split DNS. Split DNS is when you have two separate DNS servers managing the exact same DNS Forward Lookup Zone, increasing the administrative burden.

So I would suggest that Zentyal update its documentation to reflect this best practice.

4
Hello,

I find that the File Sharing adds a line to /etc/bind/named.conf.local whenever I configured Samba as a PDC:

include "/var/lib/samba/private/named.conf";

which contains the DNS entry of the PDC.

Let's assume the domain for the PDC is example.com. I have already set up DNS entry for example.com, and later I install the File Sharing module, configured it and activated it. This results the Bind server complaining of duplicate entry for example.com.

Since my peeking into the entries added by provision.pl is rather comprehensive, could there be some way that the existing DNS entry be merged to the one generated by provision.pl?

5
Greetings fellow beta-testers,

I am wondering whether Zentyal has ceased to offer Zarafa groupware solution in 2.3/3.0, or should I expect it to be in final release?

Thanks.

Pages: [1]