Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
Installation and Upgrades / Re: Domain Controller Setup but keep DNS & DHCP in my router
« on: February 04, 2015, 11:57:09 pm »
My understanding is that the DC MUST be the authorative DNS server for the Zentyal Domain.
I have implemented a Zentyal 4 DC WITHOUT the DHCP Server module, and left the DHCP server for the LAN on my router. The key points to remember are:-
- Set your router IP address as a DNS Forwarder in the Zentyal DNS Module
- In your routers DHCP configuration, set the DNS Server scope option with the Zentyal DC's IP address as the primary DNS Server address to be leased to clients. (Check your client has the DC's IP address as it's Primary DNS Server address before attempting to join domain). I have also set my routers IP as a Secondary DNS Server scope option & domain joins work fine.
- If your router allows "DNS Overides" (I use pfSense) it may be useful to set the internal FQDN of the DC & it's IP address in a Host Overide entry.
One other thing that tripped me up was that I had to create a separate new Domain Admin account to use for domain joins. Using the account created during Zentyal install would not work for me for whatever reason.
Hope that helps.
I have implemented a Zentyal 4 DC WITHOUT the DHCP Server module, and left the DHCP server for the LAN on my router. The key points to remember are:-
- Set your router IP address as a DNS Forwarder in the Zentyal DNS Module
- In your routers DHCP configuration, set the DNS Server scope option with the Zentyal DC's IP address as the primary DNS Server address to be leased to clients. (Check your client has the DC's IP address as it's Primary DNS Server address before attempting to join domain). I have also set my routers IP as a Secondary DNS Server scope option & domain joins work fine.
- If your router allows "DNS Overides" (I use pfSense) it may be useful to set the internal FQDN of the DC & it's IP address in a Host Overide entry.
One other thing that tripped me up was that I had to create a separate new Domain Admin account to use for domain joins. Using the account created during Zentyal install would not work for me for whatever reason.
Hope that helps.
2
Installation and Upgrades / Re: Zentyal as E-mail Server with AD
« on: October 18, 2014, 09:59:18 pm »
Razvannemes,
I'm not completely sure on the procedure for installing Zenytal as a domain controller in an existing AD. You may like to take a look at Yaffas:-
http://www.yaffas.org/index.php?id=5&L=1
I can confirm it will definitely do what you are asking for. It has a choice of Webmail clients (Webapp or Webaccess), uses ZPush for exchange activesync functionality. It can do Outlook clients with a plugin but any more than 3 Outlook clients require licensing. There is also a nice Zarafa migrator tool for mailbox migration.
I'm not completely sure on the procedure for installing Zenytal as a domain controller in an existing AD. You may like to take a look at Yaffas:-
http://www.yaffas.org/index.php?id=5&L=1
I can confirm it will definitely do what you are asking for. It has a choice of Webmail clients (Webapp or Webaccess), uses ZPush for exchange activesync functionality. It can do Outlook clients with a plugin but any more than 3 Outlook clients require licensing. There is also a nice Zarafa migrator tool for mailbox migration.
3
Installation and Upgrades / Re: Making Zentyal More
« on: September 03, 2014, 10:32:37 pm »
Glad you found it useful. It's equally easy to offload authentication from pfSense to an MS AD server which I do for several customers. Apparently a RADIUS server is also possible but I haven't tried that scenario.
4
Installation and Upgrades / Re: Making Zentyal More
« on: September 02, 2014, 11:25:44 pm »
I very much agree with Ian. Zentyal (for me) is good at file/print & directory services. Won't even say mail any more since Zarafa has been dropped. But I run pfSense as the gateway/router in all my networks. It's brilliant. So here goes:-
In pfSense 2.1.x (feature not available in earlier versions), go to System - User Manager, then the Servers tab. Add a new server for your Zentyal box. The following settings work for my Zentyal 3.2 box. YMMV :-
Server Type: LDAP
Hostname or IP Address: IP address of your Zentyal box
Port Value: 390 (if using Zentyal 3.5 this may well be 389 but you'd have to check)
Transport: TCP - Standard
Peer Certificate Authority: No certificate Authorities Defined
Protocol Version: 3
Search Scope Base DN: Your Zentyal Base DN (In my case this is "dc=cts,dc=local")
Authentication Containers: Your Zentyal Users OU (In my case "ou=Users,dc=cts,dc=local")
Extended Query: Leave Blank
Bind Credentials - User DN: Zentyal LDAP Read-only root DN (In my case "cn=zentyalro,dc=cts,dc=local")
Bind Credentials - Password: Read-only password
In Zenyal 3.2 copy bind credentials from "Users & Computers - LDAP Settings" page of Zentyal WebGUI.
(In Zentyal 3.5 you can retrieve LDAP credentials from /etc/dovecot/dovecot-ldap.conf)
User Naming Attribute: cn
Group Naming Attribute: cn
Group Member Attribute: member
UTF8 Encode: De-selected
Username Alterations: De-selected
Save the settings then go to the Settings tab. Select your newly created server in the "Authentication Server" field. Click "Save & Test".
Basically you need all 3 Tests to show a green OK in the popup window that appears for a functioning config.
Hope that helps.
In pfSense 2.1.x (feature not available in earlier versions), go to System - User Manager, then the Servers tab. Add a new server for your Zentyal box. The following settings work for my Zentyal 3.2 box. YMMV :-
Server Type: LDAP
Hostname or IP Address: IP address of your Zentyal box
Port Value: 390 (if using Zentyal 3.5 this may well be 389 but you'd have to check)
Transport: TCP - Standard
Peer Certificate Authority: No certificate Authorities Defined
Protocol Version: 3
Search Scope Base DN: Your Zentyal Base DN (In my case this is "dc=cts,dc=local")
Authentication Containers: Your Zentyal Users OU (In my case "ou=Users,dc=cts,dc=local")
Extended Query: Leave Blank
Bind Credentials - User DN: Zentyal LDAP Read-only root DN (In my case "cn=zentyalro,dc=cts,dc=local")
Bind Credentials - Password: Read-only password
In Zenyal 3.2 copy bind credentials from "Users & Computers - LDAP Settings" page of Zentyal WebGUI.
(In Zentyal 3.5 you can retrieve LDAP credentials from /etc/dovecot/dovecot-ldap.conf)
User Naming Attribute: cn
Group Naming Attribute: cn
Group Member Attribute: member
UTF8 Encode: De-selected
Username Alterations: De-selected
Save the settings then go to the Settings tab. Select your newly created server in the "Authentication Server" field. Click "Save & Test".
Basically you need all 3 Tests to show a green OK in the popup window that appears for a functioning config.
Hope that helps.
5
Installation and Upgrades / Re: Making Zentyal More
« on: September 01, 2014, 02:08:46 pm »
I have pfSense 2.1.x authenticating it's incoming IPSec VPN against Zentyal 3.2 if that's of any interest. Haven't tried Zentyal 3.5 but guessing it should work similarly.
6
Installation and Upgrades / Re: Zarafa & Zentyal 3.5
« on: August 05, 2014, 08:09:54 pm »
I don't really care about POP or IMAP. I don't even care about Outlook clients. Webapp is my main thing, so no disaster from my point of view.
At the end of the day I've already learned a lot & it's a win already for me from that perspective too.
I have to go away for a week in a day or 2. So won't be around to do any testing but will follow the thread & keep feedback going. Hoping we can hang in there and get something sorted for all your work so far.
At the end of the day I've already learned a lot & it's a win already for me from that perspective too.
I have to go away for a week in a day or 2. So won't be around to do any testing but will follow the thread & keep feedback going. Hoping we can hang in there and get something sorted for all your work so far.
7
Installation and Upgrades / Re: Zarafa & Zentyal 3.5
« on: August 04, 2014, 11:03:38 am »
And to answer your question regarding SMTP, the answer is no. What I get is:-
5.1.0 - Unknown address error 550-'5.1.1 <test@tosi.id.au>: Recipient address rejected: User unknown in virtual mailbox table'
Stuart, I may not have too much time over the next day or 2. I'll do what I can. Just so you know.
5.1.0 - Unknown address error 550-'5.1.1 <test@tosi.id.au>: Recipient address rejected: User unknown in virtual mailbox table'
Stuart, I may not have too much time over the next day or 2. I'll do what I can. Just so you know.
8
Installation and Upgrades / Re: Zarafa & Zentyal 3.5
« on: August 04, 2014, 01:15:41 am »
Before I try the zarafa-sslkey script, did you intend for the line that copies zarafa.key to zarafa.key.web to be commented out?
9
Installation and Upgrades / Re: Zarafa & Zentyal 3.5
« on: August 03, 2014, 04:22:32 pm »
Ok, just reran your newly revised zarafa-install script on a fresh install & all good.
Just a thought (because it tripped me up untill I recalled I'd missed something). How hard would it be to disable POP3, POP3S, IMAP, IMAPS in the Zentyal Mail module as part of your install script? I know I've seen where that's set in the past but it's after midnight here & I'm not finding it.
Sleep time for me
Just a thought (because it tripped me up untill I recalled I'd missed something). How hard would it be to disable POP3, POP3S, IMAP, IMAPS in the Zentyal Mail module as part of your install script? I know I've seen where that's set in the past but it's after midnight here & I'm not finding it.
Sleep time for me
10
Installation and Upgrades / Re: Zarafa & Zentyal 3.5
« on: August 03, 2014, 10:29:42 am »
Stuart,
Ok, as regards your revised zarafa-install script, there is a problem with the setting of the "ldap_bind_user" into /etc/zarafa/ldap.cfg. I thing it's probably:-
ldapuser=$(grep 'dn =' /etc/dovecot/dovecot-ldap.conf | sed -e 's/dn = "CN=\(.*\),CN=Users,DC=office,DC=zentyal,DC=lan"/\1/')
The "DC=office" certainly isn't relevant to my install. Either that or:-
sed -i "/ldap_bind_user =/c\ldap_bind_user = CN="${ldapuser}",CN=Users,"${mybasedn} /etc/zarafa/ldap.cfg
Either way the script returns (in my case):-
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
sed: can't read =: No such file or directory
sed: can't read "CN=zentyal-mail-zentyal,CN=Users,DC=ctstest,DC=lan",CN=Users,DC=ctstest,DC=lan: No such file or directory
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
If I had even a smidgen of scripting skill I'd look into that. As it is, I just manually edited /etc/zarafa/ldap.cfg with the correct ldap_bind_user value. Reboot, & all up & running.
Your "zarafa-user" script worked as intended, adding the nine zarafa attributes to the user I ran it against.
Ok, as regards your revised zarafa-install script, there is a problem with the setting of the "ldap_bind_user" into /etc/zarafa/ldap.cfg. I thing it's probably:-
ldapuser=$(grep 'dn =' /etc/dovecot/dovecot-ldap.conf | sed -e 's/dn = "CN=\(.*\),CN=Users,DC=office,DC=zentyal,DC=lan"/\1/')
The "DC=office" certainly isn't relevant to my install. Either that or:-
sed -i "/ldap_bind_user =/c\ldap_bind_user = CN="${ldapuser}",CN=Users,"${mybasedn} /etc/zarafa/ldap.cfg
Either way the script returns (in my case):-
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
sed: can't read =: No such file or directory
sed: can't read "CN=zentyal-mail-zentyal,CN=Users,DC=ctstest,DC=lan",CN=Users,DC=ctstest,DC=lan: No such file or directory
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
If I had even a smidgen of scripting skill I'd look into that. As it is, I just manually edited /etc/zarafa/ldap.cfg with the correct ldap_bind_user value. Reboot, & all up & running.
Your "zarafa-user" script worked as intended, adding the nine zarafa attributes to the user I ran it against.
11
Installation and Upgrades / Re: Zarafa & Zentyal 3.5
« on: August 03, 2014, 07:48:37 am »
I'm sure zarafaAccount=1 is very important for all sorts of reasons. And what I've discovered is probably not much more than an anomaly that will be of little use going forward. However, here are the ldap attributes of one of my users:-
--------------------------------------------------------------------------------------------------------------------
dn: CN=Craig Tosi,CN=Users,DC=ctstest,DC=lan
cn: Craig Tosi
sn: Tosi
givenName: Craig
instanceType: 4
whenCreated: 20140803050020.0Z
whenChanged: 20140803050020.0Z
displayName: Craig Tosi
uSNCreated: 4914
name: Craig Tosi
objectGUID: ae7490b6-9563-46bb-b419-b856ccd67b8d
badPwdCount: 0
codePage: 0
countryCode: 0
homeDirectory: /home/tose
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-3932363027-2996284228-1642769443-1108
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: tose
sAMAccountType: 805306368
userPrincipalName: tose@CTSTEST.LAN
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ctstest,DC=lan
uidNumber: 2504
gidNumber: 2513
quota: 500
pwdLastSet: 130515156200000000
userAccountControl: 512
objectClass: top
objectClass: fetchmailUser
objectClass: posixAccount
objectClass: userZentyalMail
objectClass: person
objectClass: systemQuotas
objectClass: organizationalPerson
objectClass: user
mail: tose@tosi.id.au
mailbox: tosi.id.au/tose/
userMaildirSize: 0
mailquota: 0
mailHomeDirectory: /var/vmail/
uSNChanged: 4919
distinguishedName: CN=Craig Tosi,CN=Users,DC=ctstest,DC=lan
------------------------------------------------------------------------------------------------------------------------------------------------------
Not a Zarafa specific attribute there, but that user can login to Zarafa Webapp & send/receive mail. What I think is happening, is that Zarafa is happy to store mail based on:-
----------------------------------------------
mail: tose@tosi.id.au
mailbox: tosi.id.au/tose/
userMaildirSize: 0
mailquota: 0
mailHomeDirectory: /var/vmail/
----------------------------------------------
Infact, if I look at /var/vmail it contains a folder for each of my created Zentyal users. "objectClass: userZentyalMail" may play a part also
Anyway. Didn't want to get side-tracked into this as going forward we obviously want to make Zarafa work the way it was designed & intended too, rather than some happy coincidence of it falling back to local mail storage (if infact that's what's happening).
Anyhow, off to start afresh with both your revised scripts now. Will get back with results.
--------------------------------------------------------------------------------------------------------------------
dn: CN=Craig Tosi,CN=Users,DC=ctstest,DC=lan
cn: Craig Tosi
sn: Tosi
givenName: Craig
instanceType: 4
whenCreated: 20140803050020.0Z
whenChanged: 20140803050020.0Z
displayName: Craig Tosi
uSNCreated: 4914
name: Craig Tosi
objectGUID: ae7490b6-9563-46bb-b419-b856ccd67b8d
badPwdCount: 0
codePage: 0
countryCode: 0
homeDirectory: /home/tose
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-3932363027-2996284228-1642769443-1108
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: tose
sAMAccountType: 805306368
userPrincipalName: tose@CTSTEST.LAN
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ctstest,DC=lan
uidNumber: 2504
gidNumber: 2513
quota: 500
pwdLastSet: 130515156200000000
userAccountControl: 512
objectClass: top
objectClass: fetchmailUser
objectClass: posixAccount
objectClass: userZentyalMail
objectClass: person
objectClass: systemQuotas
objectClass: organizationalPerson
objectClass: user
mail: tose@tosi.id.au
mailbox: tosi.id.au/tose/
userMaildirSize: 0
mailquota: 0
mailHomeDirectory: /var/vmail/
uSNChanged: 4919
distinguishedName: CN=Craig Tosi,CN=Users,DC=ctstest,DC=lan
------------------------------------------------------------------------------------------------------------------------------------------------------
Not a Zarafa specific attribute there, but that user can login to Zarafa Webapp & send/receive mail. What I think is happening, is that Zarafa is happy to store mail based on:-
----------------------------------------------
mail: tose@tosi.id.au
mailbox: tosi.id.au/tose/
userMaildirSize: 0
mailquota: 0
mailHomeDirectory: /var/vmail/
----------------------------------------------
Infact, if I look at /var/vmail it contains a folder for each of my created Zentyal users. "objectClass: userZentyalMail" may play a part also
Anyway. Didn't want to get side-tracked into this as going forward we obviously want to make Zarafa work the way it was designed & intended too, rather than some happy coincidence of it falling back to local mail storage (if infact that's what's happening).
Anyhow, off to start afresh with both your revised scripts now. Will get back with results.
12
Installation and Upgrades / Re: Zarafa & Zentyal 3.5
« on: August 03, 2014, 01:27:14 am »
Stuart,
I completely agree about not catering for zarafa and non-zarafa mail transport.
Thanks for the zarafa-user script. That made me think, what about my current 3.5 install? It doesn't have those attributes set yet. Not even "zafafaUser". But if I create a new user in Zentyal, that user can login to Zarafa webapp straight up & send/receive mail. Just makes me wonder what the "zarafaUser" attribute actually does?
Great work yet again Stuart. Will run through it again as a fresh install, hopefully later today, and report results back here.
I completely agree about not catering for zarafa and non-zarafa mail transport.
Thanks for the zarafa-user script. That made me think, what about my current 3.5 install? It doesn't have those attributes set yet. Not even "zafafaUser". But if I create a new user in Zentyal, that user can login to Zarafa webapp straight up & send/receive mail. Just makes me wonder what the "zarafaUser" attribute actually does?
Great work yet again Stuart. Will run through it again as a fresh install, hopefully later today, and report results back here.
13
Installation and Upgrades / Re: Zarafa & Zentyal 3.5
« on: August 02, 2014, 06:49:01 am »
Ok, mystery solved as regards the way Zentyal 3.2 routes mail from postfix. There is a file "/etc/postfix/transport" which appears to define unique transport methods on a domain or recipient address basis. Mine looks like this:-
--------------------------------------------------
ham@lloydcorporate.com dovecot
spam@lloydcorporate.com dovecot
lloydcorporate.com lmtp:127.0.0.1:2003
ham@tosi.id.au dovecot
spam@tosi.id.au dovecot
tosi.id.au lmtp:127.0.0.1:2003
--------------------------------------------------
So only the mail addressed to the Zarafa Virtual Domains is forwarded by lmtp. My Zentyal 3.5 box has no such file.
--------------------------------------------------
ham@lloydcorporate.com dovecot
spam@lloydcorporate.com dovecot
lloydcorporate.com lmtp:127.0.0.1:2003
ham@tosi.id.au dovecot
spam@tosi.id.au dovecot
tosi.id.au lmtp:127.0.0.1:2003
--------------------------------------------------
So only the mail addressed to the Zarafa Virtual Domains is forwarded by lmtp. My Zentyal 3.5 box has no such file.
14
Installation and Upgrades / Re: Zarafa & Zentyal 3.5
« on: August 01, 2014, 02:16:21 am »
Correct again Stuart. I editing /usr/share/zentyal/stubs/mail/main.cf.mas as follows:-
--------------------------------------------------------
# virtual_transport = dovecot
virtual_transport = lmtp:localhost:2003
--------------------------------------------------------
So now that setting sticks after reboot, & yes, mail is now being delivered to the zarafa mailboxes. However:-
This just confirms for me that my Zentyal 3.2 box (Zarafa 7.1.7) routes mail differently (or at least the settings would make you think so). In both /usr/share/zentyal/stubs/mail/main.cf.mas & /etc/postfix/main.cf on the Zentyal 3.2 box, the setting is:
virtual_transport = dovecot
Gotta go now. Will look into all that further & get back.
--------------------------------------------------------
# virtual_transport = dovecot
virtual_transport = lmtp:localhost:2003
--------------------------------------------------------
So now that setting sticks after reboot, & yes, mail is now being delivered to the zarafa mailboxes. However:-
This just confirms for me that my Zentyal 3.2 box (Zarafa 7.1.7) routes mail differently (or at least the settings would make you think so). In both /usr/share/zentyal/stubs/mail/main.cf.mas & /etc/postfix/main.cf on the Zentyal 3.2 box, the setting is:
virtual_transport = dovecot
Gotta go now. Will look into all that further & get back.
15
Installation and Upgrades / Re: Zarafa & Zentyal 3.5
« on: July 31, 2014, 05:00:21 pm »
Yes, I did install Zentyal Mail services & disable pop3, pop3s, imap, imaps. I think that's what you're asking? And no, I've done nothing more than what I've already described to get this far.
I have a Zentyal 3.2 with Zarafa running. In that /etc/postfix/main.cf file I have a line "virtual_transport = dovecot". That's exactly the same as what the 3.5 box has.
I have a Zentyal 3.2 with Zarafa running. In that /etc/postfix/main.cf file I have a line "virtual_transport = dovecot". That's exactly the same as what the 3.5 box has.
Pages: [1] 2