Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
16
Installation and Upgrades / Re: 2.0 to 2.2 make me lost users
« on: February 21, 2012, 04:20:45 pm »
When I did upgrade to 2.2, eventually all users were lost.
The 2.0 configuration backup contains a file named master-data.ldif (you need to decompress the configuration backup and everything in it to find it).
The LDIF can be edited wit a simple text editor (I use Notepad++).
I created a copy from the previous file, named it users.ldif and removed some lines such as:
Some of the lines come from the time when I tried to host my own email and even used Zarafa. Since I no longer use it, I removed those lines.
Doing this for 150 users may be tedious, but you can do it in batches, and there is the additional benefit of the users retaining the original UID and passwords.
I started with one user, and imported it using the Apache Directory Studio (you may need to enable LDAP access (TCP 389) through the firewall in the Internal-to-Zentyal server part).
If the import fails, it will give you some clue of what is wrong, fix it and try again.
Once you know what works, repeat it for the rest of the users.
The 2.0 configuration backup contains a file named master-data.ldif (you need to decompress the configuration backup and everything in it to find it).
The LDIF can be edited wit a simple text editor (I use Notepad++).
I created a copy from the previous file, named it users.ldif and removed some lines such as:
Code: [Select]
dn: uid=<some username>,ou=Users,dc=<you organization>
...
objectClass: CourierMailAccount
objectClass: usereboxmail
objectClass: fetchmailUser
objectClass: zarafa-user
structuralObjectClass: inetOrgPerson
...
entryUUID: 0bd8cef8-a3c2-102f-85ce-bb6f3859a98c
creatorsName: cn=ebox,dc=<your organization>
createTimestamp: 20101224155559Z
...
mail: <some email>
mailbox: <mailbox path>
userMaildirSize: 0
quota: 2048
mailHomeDirectory: /var/vmail/
zarafaAccount: 1
zarafaAdmin: 0
zarafaQuotaOverride: 0
zarafaQuotaWarn: 0
zarafaQuotaSoft: 0
zarafaQuotaHard: 0
...
entryCSN: 20120214092430.060680Z#000000#000#000000
modifiersName: cn=ebox,dc=<your organization>
modifyTimestamp: 20120214092430Z
Some of the lines come from the time when I tried to host my own email and even used Zarafa. Since I no longer use it, I removed those lines.
Doing this for 150 users may be tedious, but you can do it in batches, and there is the additional benefit of the users retaining the original UID and passwords.
I started with one user, and imported it using the Apache Directory Studio (you may need to enable LDAP access (TCP 389) through the firewall in the Internal-to-Zentyal server part).
If the import fails, it will give you some clue of what is wrong, fix it and try again.
Once you know what works, repeat it for the rest of the users.
17
Installation and Upgrades / Re: Configuration. Importing config from 2.0 to 2.2
« on: February 21, 2012, 04:09:17 pm »
I have tried it and it doesn't work.
Zentyal 2.2 will not import a 2.0 configuration.
Zentyal 2.2 will not import a 2.0 configuration.
18
Installation and Upgrades / Re: Lost access to admin interface after upgrade 2.0 > 2.2.
« on: February 21, 2012, 04:05:12 pm »
If you are accessing the administration interface from another computer, you may be blocked by the firewall.
For these situations, I access the server via SSH and run a local text web browser Lynx.
This way, even if I manage to block myself with the firewall I have a handy way to run the interface and get me back in.
For these situations, I access the server via SSH and run a local text web browser Lynx.
This way, even if I manage to block myself with the firewall I have a handy way to run the interface and get me back in.
19
Installation and Upgrades / Problems after upgrading from 2.0 to 2.2
« on: February 20, 2012, 01:46:41 pm »
Today I decided to bite the bullet and upgrade my server from 2.0 to 2.2 and boy, what a disaster!
I had cleaned up everything prior to the upgrade and we run backups everyday (including configuration).
We don't run many services, so I thought it should be pretty straightforward.
I couldn't be any more wrong.
Downloaded the migration tool and run it.
At some point it claimed some dependency problems related to squid were preventing it from completing.
I promptly uninstalled the squid package on another session, but eventually I had to terminate the original script.
These are some of the last lines:
After that, I cleaned up and everything was properly installed.
However, the system was left unconfigured.
Backup configuration, FTP configuration, Users, etc. everything is lost.
Trying to recover from the 2.0 configuration backup does not work, because, you know, who would ever need it? right? Sorry about my rant but at this point I'm really pissed off at how poorly handled the migration process is.
I haven't found many migration-related posts, so either I'm in a situation of really bad luck, or I just don't know.
Does anyone have a quick solution for this? or will I have to actually go and recreate all my certificates and users from scratch?
2012-02-21 --Update--
In the end I had to remove all ebox and zentyal packages and start from scratch.
I have managed to salvage data from the configuration backup and I have been able to restore users and groups information directly into the LDAP database.
I also have been able to rebuild all my shares and their permissions by carefully reading the Redis files.
No luck with certificates, I didn't have any more time for this. I will re-issue new certificates to everyone.
Too bad that something that could be accomplished in under 1 hour ended up taking 12 in a small organization.
I had cleaned up everything prior to the upgrade and we run backups everyday (including configuration).
We don't run many services, so I thought it should be pretty straightforward.
I couldn't be any more wrong.
Downloaded the migration tool and run it.
At some point it claimed some dependency problems related to squid were preventing it from completing.
I promptly uninstalled the squid package on another session, but eventually I had to terminate the original script.
These are some of the last lines:
Code: [Select]
No apport report written because MaxReports is reached already
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
Errors were encountered while processing:
zentyal-core
zentyal-objects
zentyal-services
zentyal-network
zentyal-firewall
zentyal-antivirus
zentyal-ca
zentyal-dhcp
zentyal-dns
zentyal-ebackup
zentyal-users
zentyal-ftp
zentyal-monitor
zentyal-openvpn
zentyal-samba
zentyal-software
zentyal-squid
E: Sub-process /usr/bin/dpkg returned an error code (1)
Command FAILED! Please check your internet connectivity
Press return to continue or Control+C to abort...
After that, I cleaned up and everything was properly installed.
However, the system was left unconfigured.
Backup configuration, FTP configuration, Users, etc. everything is lost.
Trying to recover from the 2.0 configuration backup does not work, because, you know, who would ever need it? right? Sorry about my rant but at this point I'm really pissed off at how poorly handled the migration process is.
I haven't found many migration-related posts, so either I'm in a situation of really bad luck, or I just don't know.
Does anyone have a quick solution for this? or will I have to actually go and recreate all my certificates and users from scratch?
2012-02-21 --Update--
In the end I had to remove all ebox and zentyal packages and start from scratch.
I have managed to salvage data from the configuration backup and I have been able to restore users and groups information directly into the LDAP database.
I also have been able to rebuild all my shares and their permissions by carefully reading the Redis files.
No luck with certificates, I didn't have any more time for this. I will re-issue new certificates to everyone.
Too bad that something that could be accomplished in under 1 hour ended up taking 12 in a small organization.
20
Installation and Upgrades / Re: ddclient not updating
« on: August 23, 2011, 11:04:17 pm »
Still, I would log into your account and double check that the update are indeed not locked.
DynDNS does not like failed attempts and do lock the account if it happens. In that case, you need to "manually" log in and unlock it.
In the response you receive a "dnserr" status.
According to http://dyn.com/support/developers/api/return-codes/:
DynDNS does not like failed attempts and do lock the account if it happens. In that case, you need to "manually" log in and unlock it.
In the response you receive a "dnserr" status.
According to http://dyn.com/support/developers/api/return-codes/:
Quote
Server Error Conditions
The codes below indicate server errors that will have to be investigated. The client must stop updating and ask the user to contact DynDNS support. The client must not resume updating until 30 minutes have passed or user confirms that the problem has been resolved.
dnserr
DNS error encountered
21
Installation and Upgrades / Re: VPN Issues
« on: August 23, 2011, 04:15:00 pm »
First read the docs and do a search for that message in the forums. This would save you a lot of time.
The error you are getting has to do with the fact that you are trying to use the server's certificate instead of the user's certificate.
Once that user has VPN access, he will be regarded as an internal location and hence be able to access the administration page.
The error you are getting has to do with the fact that you are trying to use the server's certificate instead of the user's certificate.
Once that user has VPN access, he will be regarded as an internal location and hence be able to access the administration page.
22
Installation and Upgrades / Re: What is the best way to do a master slave setup from a branch office?
« on: August 23, 2011, 04:07:39 pm »
VPN definitely.
Having a secure network will give you the needed confidence to setup additional services.
Having a secure network will give you the needed confidence to setup additional services.
23
Installation and Upgrades / Re: ddclient not updating
« on: August 23, 2011, 03:45:28 pm »
Have you tried to update it manually through the Web interface?
Maybe the account is locked?
On the other hand, please don't post the line with "Authorization: Basic ...", as it can be easily decoded. Please, change ASAP.
Maybe the account is locked?
On the other hand, please don't post the line with "Authorization: Basic ...", as it can be easily decoded. Please, change ASAP.
24
Installation and Upgrades / Re: Install on Ubuntu server
« on: August 16, 2011, 11:27:44 am »
Fastest solution: install Zentyal on Ubuntu 10.04.
Other versions might work or not, but you will not get a reliable base.
Other versions might work or not, but you will not get a reliable base.
25
Installation and Upgrades / Re: Remote SSH as root user
« on: August 09, 2011, 03:26:01 pm »
You are right Robb.
For my part I had it enabled for a while but then the service was being hammered from the Internet.
I then disabled the root login as to have 2 layers of protection:
1. The user with ssh login is unknown externally (they need to guess it)
2. The user is "reasonably" unprivileged, and an intruder would need to find a way to become root.
I am sure that, with a determined hacker would eventually find his way around (bigger companies have fallen), but I try to make it as difficult as possible.
For my part I had it enabled for a while but then the service was being hammered from the Internet.
I then disabled the root login as to have 2 layers of protection:
1. The user with ssh login is unknown externally (they need to guess it)
2. The user is "reasonably" unprivileged, and an intruder would need to find a way to become root.
I am sure that, with a determined hacker would eventually find his way around (bigger companies have fallen), but I try to make it as difficult as possible.
26
Installation and Upgrades / Re: Remote SSH as root user
« on: August 09, 2011, 12:49:08 pm »
Edit file /etc/ssh/sshd_config.
Uncomment the line #PermitRootLogin yes.
Save the file and restart sshd.
You're welcome.
Uncomment the line #PermitRootLogin yes.
Save the file and restart sshd.
You're welcome.
27
Installation and Upgrades / Re: Unable to download client bundle for a VPN server.
« on: August 06, 2011, 01:12:37 pm »
Done, see http://trac.zentyal.org/ticket/3107.
I just thought it was odd and it had to be some sort of fault on my part, since 2.0.x should be considered reasonably mature at this point, and I didn't see anyone else complaining.
I just thought it was odd and it had to be some sort of fault on my part, since 2.0.x should be considered reasonably mature at this point, and I didn't see anyone else complaining.
28
Installation and Upgrades / Unable to download client bundle for a VPN server.
« on: August 05, 2011, 03:48:59 pm »
Hi all.
I have a VPN server with everything up to date (vpn service 2.0.10).
Som months ago I did download client bundles for some of the users.
Today I had to download another client bundle.
I went to VPN>Servers>(my server)>Download Client Bundle.
I chose the client type as "Windows", chose the client certificate for that particular user, filled in the public server address, and clicked on the Download button.
Then I was greeted withe the error message "Invalid client type: the server is intended for Zentyal-to-Zentyal tunnels".
The log /var/log/ebox/ebox.log contains the line
The download works if I choose "Zentyal to Zentyal tunnel", but that's not what I want.
Someone else has experienced this issue?
I was looking into the source code but it did not seem a trivial matter and I don't have the time to dig anymore. I'll see what I can do with whatever I have.
I have a VPN server with everything up to date (vpn service 2.0.10).
Som months ago I did download client bundles for some of the users.
Today I had to download another client bundle.
I went to VPN>Servers>(my server)>Download Client Bundle.
I chose the client type as "Windows", chose the client certificate for that particular user, filled in the public server address, and clicked on the Download button.
Then I was greeted withe the error message "Invalid client type: the server is intended for Zentyal-to-Zentyal tunnels".
The log /var/log/ebox/ebox.log contains the line
Code: [Select]
DEBUG> DownloadClientBundle.pm:224 EBox::OpenVPN::Model::DownloadClientBundle::_validateClientType - Invalid client type: the server is intended for Zentyal-to-Zentyal tunnelsWTF?The download works if I choose "Zentyal to Zentyal tunnel", but that's not what I want.
Someone else has experienced this issue?
I was looking into the source code but it did not seem a trivial matter and I don't have the time to dig anymore. I'll see what I can do with whatever I have.
29
Installation and Upgrades / Re: Active Directory Windows Server 2008R2 and Zentyal Settings
« on: July 26, 2011, 01:15:34 pm »
Mmmm ... have you opened the LDAP traffic in the firewall?
AFAIK, by default that traffic is denied and it would break this functionality.
AFAIK, by default that traffic is denied and it would break this functionality.
30
Installation and Upgrades / Re: Active Directory Windows Server 2008R2 and Zentyal Settings
« on: July 25, 2011, 01:33:26 pm »
I did set up a trial some time ago and I don't remember all the details, but the synchronization occurs every 5 minutes automatically.
You may need to give it some time after changing a password for it to synchronize.
Logs are created in /var/log/syslog.
You should be able to see Windows users created under /home.
To test authentication, I had the FTP server and I tried logging in. For that, only the username and password are required, no domains are involved.
If you are using Samba, you may use the domain as in "YOURDOMAIN\YourUserName".
You may need to give it some time after changing a password for it to synchronize.
Logs are created in /var/log/syslog.
You should be able to see Windows users created under /home.
To test authentication, I had the FTP server and I tried logging in. For that, only the username and password are required, no domains are involved.
If you are using Samba, you may use the domain as in "YOURDOMAIN\YourUserName".