Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - sarraceno

Pages: [1]
1
Installation and Upgrades / SMTP service down after update
« on: February 17, 2018, 02:36:36 pm »
Hi!

I have two Zentyal servers, one is at my home, second is at home of a friend, and got installed from fresh Zentyal 5 install around June 2017.

Time to time both  Zentyal servers, with SMTP service working, after packages update SMTP service becomes down.
At the beginning a reboot was needed to recover, for the last times just hitting restart button do the recover thing.

Anyone is aware of any bug or post in this forum regarding such situation?

This is at least annoying.

Thanks!
My best regards!

2
Hi!

Currently I have LXD Container with Ubuntu 16.10
Under this container by apt, I did installed Zentyal 5, which runned fine.

But when I did try to activate/configure File sharing I get a failure.

Seems that is related to apparmor, and probably implied with LXD/LXC.
Anyone had such "experience" or can help on this?

In details for LXD container:
Code: [Select]
root@kvm02:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.10
Release:        16.10
Codename:       yakkety

root@kvm02:~# uname -a
Linux kvm02 4.8.0-40-generic #43-Ubuntu SMP Thu Feb 23 16:01:19 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

root@kvm02:~# lxc version
2.10

root@kvm02:~# lxc config show nas02
architecture: x86_64
config:
  image.architecture: amd64
  image.description: ubuntu 16.04 LTS amd64 (release) (20170224)
  image.label: release
  image.os: ubuntu
  image.release: xenial
  image.serial: "20170224"
  image.version: "16.04"
  raw.lxc: raw.lxc.aa_profile=unconfined
  volatile.base_image: 96e12fc44b24f052b5f959137fabff715b83856a8a5eb64fbc1338d3f173a82e
  volatile.eth0.hwaddr: 00:16:3e:76:2d:04
  volatile.idmap.base: "0"
  volatile.idmap.next: '[]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
devices:
  nas02home:
    path: /home
    source: /vols/datastore03/data/nas02/home
    type: disk
  nas02shares00:
    path: /shares00
    source: /vols/datastore03/data/nas02/shares
    type: disk
  root:
    path: /
    pool: kvm02
    type: disk
ephemeral: false
profiles:
- nasATlan

Code: [Select]
root@kvm02:~# lxc profile show appATlan
config:
  boot.autostart: "true"
  boot.autostart.delay: "60"
  boot.autostart.priority: "1"
  environment.http_proxy: http://[fe80::1%eth0]:13128
  user.network_mode: link-local
description: ""
devices:
  eth0:
    name: eth0
    nictype: macvlan
    parent: tapLANp00
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: appATlan
used_by: []

The error available on Zentyal Log:
Code: [Select]
EBox::Samba::Provision::setupDNS('EBox::Samba::Provision=HASH(0x70f5ed8)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 527
eval {...} at /usr/share/perl5/EBox/Samba/Provision.pm line 488
EBox::Samba::Provision::provisionDC('EBox::Samba::Provision=HASH(0x70f5ed8)', 192.168.30.12) called at /usr/share/perl5/EBox/Samba/Provision.pm line 369
EBox::Samba::Provision::provision('EBox::Samba::Provision=HASH(0x70f5ed8)') called at /usr/share/perl5/EBox/Samba.pm line 673
EBox::Samba::_setConf('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/Module/Base.pm line 995
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/Module/Service.pm line 933
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/Samba.pm line 646
EBox::Samba::_regenConfig('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 657
eval {...} at /usr/share/perl5/EBox/GlobalImpl.pm line 656
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x28f81c8)', 'progress', 'EBox::ProgressIndicator=HASH(0x4e57810)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x4e6ffb8)', 'progress', 'EBox::ProgressIndicator=HASH(0x4e57810)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
2017/03/07 14:01:07 INFO> Provision.pm:299 EBox::Samba::Provision::setupKerberos - Setting up kerberos
2017/03/07 14:01:07 INFO> Provision.pm:276 EBox::Samba::Provision::setupDNS - Setting up DNS
2017/03/07 14:01:07 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns
2017/03/07 14:01:07 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2017/03/07 14:01:07 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command /sbin/apparmor_parser --write-cache --replace /etc/apparmor.d/usr.sbin.named failed.
Error output: Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
 Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
 Use --subdomainfs to override.

Command output: .
Exit value: 1 at root command /sbin/apparmor_parser --write-cache --replace /etc/apparmor.d/usr.sbin.named failed.
Error output: Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
 Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
 Use --subdomainfs to override.

Command output: .
Exit value: 1 at /usr/share/perl5/EBox/Sudo.pm line 240
EBox::Sudo::_rootError('/usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/heIyelcquS.cmd 2> /var/lib/zentyal/tmp/stderr', '/sbin/apparmor_parser --write-cache --replace /etc/apparmor.d/usr.sbin.named', 256, 'ARRAY(0x722fc88)', 'ARRAY(0x7350520)') called at /usr/share/perl5/EBox/Sudo.pm line 210
EBox::Sudo::_root(1, '/sbin/apparmor_parser --write-cache --replace /etc/apparmor.d/usr.sbin.named') called at /usr/share/perl5/EBox/Sudo.pm line 153
EBox::Sudo::root('/sbin/apparmor_parser --write-cache --replace /etc/apparmor.d/usr.sbin.named') called at /usr/share/perl5/EBox/Module/Base.pm line 979
EBox::Module::Base::_setAppArmorProfiles('EBox::DNS=HASH(0x59bc4b8)') called at /usr/share/perl5/EBox/Module/Base.pm line 996
EBox::Module::Base::_regenConfig('EBox::DNS=HASH(0x59bc4b8)') called at /usr/share/perl5/EBox/Module/Service.pm line 933
EBox::Module::Service::_regenConfig('EBox::DNS=HASH(0x59bc4b8)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::DNS=HASH(0x59bc4b8)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 289
EBox::Samba::Provision::setupDNS('EBox::Samba::Provision=HASH(0x70f5ed8)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 539
EBox::Samba::Provision::provisionDC('EBox::Samba::Provision=HASH(0x70f5ed8)', 192.168.30.12) called at /usr/share/perl5/EBox/Samba/Provision.pm line 369
EBox::Samba::Provision::provision('EBox::Samba::Provision=HASH(0x70f5ed8)') called at /usr/share/perl5/EBox/Samba.pm line 673
EBox::Samba::_setConf('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/Module/Base.pm line 995
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/Module/Service.pm line 933
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/Samba.pm line 646
EBox::Samba::_regenConfig('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 657
eval {...} at /usr/share/perl5/EBox/GlobalImpl.pm line 656
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x28f81c8)', 'progress', 'EBox::ProgressIndicator=HASH(0x4e57810)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x4e6ffb8)', 'progress', 'EBox::ProgressIndicator=HASH(0x4e57810)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
2017/03/07 14:01:07 ERROR> GlobalImpl.pm:661 EBox::GlobalImpl::saveAllModules - Failed to save changes in module samba: root command /sbin/apparmor_parser --write-cache --replace /etc/apparmor.d/usr.sbin.named failed.
Error output: Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
 Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
 Use --subdomainfs to override.

Command output: .
Exit value: 1
2017/03/07 14:01:07 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: logs
2017/03/07 14:01:07 ERROR> GlobalImpl.pm:736 EBox::GlobalImpl::saveAllModules - The following modules failed while saving their changes, their state is unknown: dns samba  at The following modules failed while saving their changes, their state is unknown: dns samba  at /usr/share/perl5/EBox/GlobalImpl.pm line 736
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x28f81c8)', 'progress', 'EBox::ProgressIndicator=HASH(0x4e57810)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x4e6ffb8)', 'progress', 'EBox::ProgressIndicator=HASH(0x4e57810)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30


Best regards!

3
Hi!

Let me share my time on this... 

My POC {Zentyal 4.1; Owncloud 8.1}

To share at Zentyal 4 Samba > Owncloud 8 Service I had to:
* Adding a new last line to owncloud:config.php to assure that new files have no permission to others
** umask(0007);
* setgid on owncloud data folder
** chmod g+s <owncloud data folder>
* Seting ACLs in a way that not to much permissions but Zentyal is able to create shares and we are able to access them. The default acl set is for new folders and files similar to setgid.
** setfacl -R -m g:adm:rwx <owncloud data>
** setfacl -R -d -m g:adm:rwx <owncloud data>
** setfacl -R -m u:administrator:rwx <owncloud data>
** setfacl -R -d -m u:administrator:rwx <owncloud data>
* For assurance since it's owncloud folder
** setfacl -R -m g:www-data:rwx <owncloud data>
** setfacl -R -d -m g:www-data:rwx <owncloud data>
** setfacl -R -m u:www-data:rwx <owncloud data>
** setfacl -R -d -m u:www-data:rwx <owncloud data>

With "w" to adm you are able to manage ACLs from Zentyal, but be aware of recursion ACL changing on Zentyal, I had to disable it and then after add new acls as needed.
Be in mind that each time you change share zentyal will reset ACLs only for base folder if recursive disabled, any of the options you get owncloud rights broken.

But... always a but... creation files and folders does not goes as we desired since we do  not have suid working on linux, this is regarding security... so users must be on needed groups... so...

Boths cases, also:
* If sharefolder owner is in domain users
**usermod -G www-data <sharefolder owner>
* Zentyal's administrator
**usermod -G www-data administrator
* User www-data on domain users
**usermod -G domain\ users www-data


To share at Owncloud 8 Service > Zentyal 4 Samba I had to:
* Did not understand why, no time spent here, probably PHP code querys directly for group owner, so... if no www-data, no cake... the I did
** chgrp www-data <sharefolder>
* Setgid for sharefolder
** chmod g+s homefolder
* ACLs for user not dependent of what is the owner
** setfacl -d -m u::rwx <sharefolder>
* Default ACLs for www-data so it can reads, and so on
** setfacl -R -d -m u:www-data:rwx <sharefolder>
** setfacl -R d -m g:www-data:rwx <sharefolder>
** setfacl -R -m u:www-data:rwx <sharefolder>
** setfacl -R -m g:www-data:rwx <sharefolder>
* ACL so regarding what mess owncloud has done by default Zentyal can work over it.
** setfacl -d -m g:adm:rwx <sharefolder>
** setfacl -d -m u:administrator:rwx <sharefolder>


References:
* setacl's adn setgid: come from my zentyal + linux knowledge.
* umask on config: from owncloud forum
* my original post at  https://forum.owncloud.org/viewtopic.php?f=31&t=28185&p=94190#p94190

Hope this helps you!
I did toke a while recreating a wheel... blarg...
Besides... I do not feel that this wheel is round as desired... but works...

Pls, post your comments.
Regards!

4
Hi!

I have on my own some hosts with his samba, hosts that are mainly Ubuntu 14.04 server for several purposes (like game servers, school projects) and so have a solution with sssd/realmd to have authentication integrated with Zentyal AD is a charm.

Nevertheless I'm not able to do it all along with samba.

Did try several posts which all worked fine for host ad integrated authentication, not with samba.
The maximum I saw with samba was replication after join, but authentication accessing to shares I didn't, I believe that was related to sssd constant restarting, with ubuntu 15.04 sssd also restarted but an extra lib install solved, but I do need 14.04 LTS.

Anyone can share a solution?

I did try to do reverse engineering by installing second zentyal as an additional server, but replicate that config to an alone samba was not working well...

Pls, a share on this would be grate.

Regards!

5
Installation and Upgrades / Net Security - What is TCP 2703 port for?
« on: February 26, 2015, 07:34:06 pm »
Hi!

Currently migrated my "home play ground IT" from Zentyal 2.2 into 4.0, also a new firewall, Sophos UTM Home Edition.

Grate things until I do discover lots of communications Droped to IPs 208.83.137.118 and 208.83.139.205 for TCP 2703 port.

What's this IP and port for?

Any one knows?

Thanks for your attention!
My best regards!
Sarraceno

6
Tenho um postfix já com 9 anos.
Nele está configurado um majordomo 2 com umas mailling lists.

Para quem não conhece, o majordomo recebe em seus scripts os mails por alias configurados para o postfix.
No final os scripts do majordomo usa o posfix para fazer sair os seus mails já processados como simples relay.

A minha questão prende-se com a necessidade de usar o Zentyal normalmente  e na mesma máquina ter o majordomo 2. Há alguem com experiência nesta arquitectura?

Como evito o possível esmagamento das minhas configurações para o majordomo 2 a quando de configurações via GUI do Zentyal?

Alguém tem outra sugestão?
Obrigado!

Pages: [1]