Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - sarraceno

Pages: [1] 2
1
Portuguese / Re: Erro Domain Controller - Samba - Zentyal 4
« on: January 08, 2023, 11:49:48 am »
Que tal utilizando RSAT tools a partir de um Windows 10 (no máximo) para apagar na AD estes objetos indesejáveis (aparentemente).

Como apareceram estes elementos? Alguma app externa ao Zentyal q escreveu na AD?

2
...tenho 4 servers: ad, mail, nas1, nas2
eram 3 antes de migrar, onde o main AD server era tb o de mail, ou seja a componente pura de AD foi penúltima a migrar para o novo servidor ad adicionado que levou com a passagem dos fsmo's e só depois depois migrei verdadeiramente o antigo server ad mas agora só com função de mail.

Os conteúdos foram passados fornecendo os volumes/discos das máquinas antigas aos novos.

Tudo VMs em KVM/Libvirt, e os discos virtuais de dados separados dos de OS, e tudo duplicado, tipo backup... sabe-se lá porque... ;)

3
Acabei de terminar essa parte na minha migração de 6.1 para 7.0.

Basicamente adicionei um novo AD Server Zentyal e fiz demote.

O manual Zentyal ajuda
https://doc.zentyal.org/en/directory.html parágrafo Total Migration.
e os links
https://wiki.samba.org/index.php/Upgrading_a_Samba_AD_DC 
https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC.

Atenção que o script ad-migration não move os fsmo's de DNS, os quais tens de fazer à mão com o samba-tool dando um user tipo o Administrator.
 
Sem esquecer ter um Windows 10 máximo registado na AD com as RSAT tols para gestão da AD em aspetos delicados.

De resto é adequirir experiência. ;)
 

4
Hi all!

First: Per my projects experience I do see to many apparmor conflits raised from bottom into LXD containers... To me this demands higher work time. Once did try to spent some time to build a new apparmor profile, but integrated within runtime lxd containers was making me more a LXD contributor/developer, which I can't, I do not know much as needed... :(

So, my question stands... Not know also if using U17.10 things are different...

Segundo: yosansi, tu es nuebo en este mundo libre de lo software... mas por que non tentas submeter lo post en un ponto mas correto?
Also, try to backup (you will find pages here to do such), install fresh, and put files needed in place... will work perfectly. The most annoying work will only be Wizard reconfiguration for users and other things, but do not forget to do applicationall backup under Zentyal 4 WebAdminGui. This also applyes to similar under other versions... more or less the same since 2.x

5
Installation and Upgrades / SMTP service down after update
« on: February 17, 2018, 02:36:36 pm »
Hi!

I have two Zentyal servers, one is at my home, second is at home of a friend, and got installed from fresh Zentyal 5 install around June 2017.

Time to time both  Zentyal servers, with SMTP service working, after packages update SMTP service becomes down.
At the beginning a reboot was needed to recover, for the last times just hitting restart button do the recover thing.

Anyone is aware of any bug or post in this forum regarding such situation?

This is at least annoying.

Thanks!
My best regards!

6
Hi!

Currently I have LXD Container with Ubuntu 16.10
Under this container by apt, I did installed Zentyal 5, which runned fine.

But when I did try to activate/configure File sharing I get a failure.

Seems that is related to apparmor, and probably implied with LXD/LXC.
Anyone had such "experience" or can help on this?

In details for LXD container:
Code: [Select]
root@kvm02:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.10
Release:        16.10
Codename:       yakkety

root@kvm02:~# uname -a
Linux kvm02 4.8.0-40-generic #43-Ubuntu SMP Thu Feb 23 16:01:19 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

root@kvm02:~# lxc version
2.10

root@kvm02:~# lxc config show nas02
architecture: x86_64
config:
  image.architecture: amd64
  image.description: ubuntu 16.04 LTS amd64 (release) (20170224)
  image.label: release
  image.os: ubuntu
  image.release: xenial
  image.serial: "20170224"
  image.version: "16.04"
  raw.lxc: raw.lxc.aa_profile=unconfined
  volatile.base_image: 96e12fc44b24f052b5f959137fabff715b83856a8a5eb64fbc1338d3f173a82e
  volatile.eth0.hwaddr: 00:16:3e:76:2d:04
  volatile.idmap.base: "0"
  volatile.idmap.next: '[]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
devices:
  nas02home:
    path: /home
    source: /vols/datastore03/data/nas02/home
    type: disk
  nas02shares00:
    path: /shares00
    source: /vols/datastore03/data/nas02/shares
    type: disk
  root:
    path: /
    pool: kvm02
    type: disk
ephemeral: false
profiles:
- nasATlan

Code: [Select]
root@kvm02:~# lxc profile show appATlan
config:
  boot.autostart: "true"
  boot.autostart.delay: "60"
  boot.autostart.priority: "1"
  environment.http_proxy: http://[fe80::1%eth0]:13128
  user.network_mode: link-local
description: ""
devices:
  eth0:
    name: eth0
    nictype: macvlan
    parent: tapLANp00
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: appATlan
used_by: []

The error available on Zentyal Log:
Code: [Select]
EBox::Samba::Provision::setupDNS('EBox::Samba::Provision=HASH(0x70f5ed8)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 527
eval {...} at /usr/share/perl5/EBox/Samba/Provision.pm line 488
EBox::Samba::Provision::provisionDC('EBox::Samba::Provision=HASH(0x70f5ed8)', 192.168.30.12) called at /usr/share/perl5/EBox/Samba/Provision.pm line 369
EBox::Samba::Provision::provision('EBox::Samba::Provision=HASH(0x70f5ed8)') called at /usr/share/perl5/EBox/Samba.pm line 673
EBox::Samba::_setConf('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/Module/Base.pm line 995
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/Module/Service.pm line 933
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/Samba.pm line 646
EBox::Samba::_regenConfig('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 657
eval {...} at /usr/share/perl5/EBox/GlobalImpl.pm line 656
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x28f81c8)', 'progress', 'EBox::ProgressIndicator=HASH(0x4e57810)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x4e6ffb8)', 'progress', 'EBox::ProgressIndicator=HASH(0x4e57810)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
2017/03/07 14:01:07 INFO> Provision.pm:299 EBox::Samba::Provision::setupKerberos - Setting up kerberos
2017/03/07 14:01:07 INFO> Provision.pm:276 EBox::Samba::Provision::setupDNS - Setting up DNS
2017/03/07 14:01:07 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns
2017/03/07 14:01:07 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2017/03/07 14:01:07 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command /sbin/apparmor_parser --write-cache --replace /etc/apparmor.d/usr.sbin.named failed.
Error output: Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
 Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
 Use --subdomainfs to override.

Command output: .
Exit value: 1 at root command /sbin/apparmor_parser --write-cache --replace /etc/apparmor.d/usr.sbin.named failed.
Error output: Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
 Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
 Use --subdomainfs to override.

Command output: .
Exit value: 1 at /usr/share/perl5/EBox/Sudo.pm line 240
EBox::Sudo::_rootError('/usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/heIyelcquS.cmd 2> /var/lib/zentyal/tmp/stderr', '/sbin/apparmor_parser --write-cache --replace /etc/apparmor.d/usr.sbin.named', 256, 'ARRAY(0x722fc88)', 'ARRAY(0x7350520)') called at /usr/share/perl5/EBox/Sudo.pm line 210
EBox::Sudo::_root(1, '/sbin/apparmor_parser --write-cache --replace /etc/apparmor.d/usr.sbin.named') called at /usr/share/perl5/EBox/Sudo.pm line 153
EBox::Sudo::root('/sbin/apparmor_parser --write-cache --replace /etc/apparmor.d/usr.sbin.named') called at /usr/share/perl5/EBox/Module/Base.pm line 979
EBox::Module::Base::_setAppArmorProfiles('EBox::DNS=HASH(0x59bc4b8)') called at /usr/share/perl5/EBox/Module/Base.pm line 996
EBox::Module::Base::_regenConfig('EBox::DNS=HASH(0x59bc4b8)') called at /usr/share/perl5/EBox/Module/Service.pm line 933
EBox::Module::Service::_regenConfig('EBox::DNS=HASH(0x59bc4b8)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::DNS=HASH(0x59bc4b8)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 289
EBox::Samba::Provision::setupDNS('EBox::Samba::Provision=HASH(0x70f5ed8)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 539
EBox::Samba::Provision::provisionDC('EBox::Samba::Provision=HASH(0x70f5ed8)', 192.168.30.12) called at /usr/share/perl5/EBox/Samba/Provision.pm line 369
EBox::Samba::Provision::provision('EBox::Samba::Provision=HASH(0x70f5ed8)') called at /usr/share/perl5/EBox/Samba.pm line 673
EBox::Samba::_setConf('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/Module/Base.pm line 995
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/Module/Service.pm line 933
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/Samba.pm line 646
EBox::Samba::_regenConfig('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::Samba=HASH(0x5df2808)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 657
eval {...} at /usr/share/perl5/EBox/GlobalImpl.pm line 656
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x28f81c8)', 'progress', 'EBox::ProgressIndicator=HASH(0x4e57810)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x4e6ffb8)', 'progress', 'EBox::ProgressIndicator=HASH(0x4e57810)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
2017/03/07 14:01:07 ERROR> GlobalImpl.pm:661 EBox::GlobalImpl::saveAllModules - Failed to save changes in module samba: root command /sbin/apparmor_parser --write-cache --replace /etc/apparmor.d/usr.sbin.named failed.
Error output: Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
 Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
 Use --subdomainfs to override.

Command output: .
Exit value: 1
2017/03/07 14:01:07 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: logs
2017/03/07 14:01:07 ERROR> GlobalImpl.pm:736 EBox::GlobalImpl::saveAllModules - The following modules failed while saving their changes, their state is unknown: dns samba  at The following modules failed while saving their changes, their state is unknown: dns samba  at /usr/share/perl5/EBox/GlobalImpl.pm line 736
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x28f81c8)', 'progress', 'EBox::ProgressIndicator=HASH(0x4e57810)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x4e6ffb8)', 'progress', 'EBox::ProgressIndicator=HASH(0x4e57810)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30


Best regards!

7
Hi!

Let me share my time on this... 

My POC {Zentyal 4.1; Owncloud 8.1}

To share at Zentyal 4 Samba > Owncloud 8 Service I had to:
* Adding a new last line to owncloud:config.php to assure that new files have no permission to others
** umask(0007);
* setgid on owncloud data folder
** chmod g+s <owncloud data folder>
* Seting ACLs in a way that not to much permissions but Zentyal is able to create shares and we are able to access them. The default acl set is for new folders and files similar to setgid.
** setfacl -R -m g:adm:rwx <owncloud data>
** setfacl -R -d -m g:adm:rwx <owncloud data>
** setfacl -R -m u:administrator:rwx <owncloud data>
** setfacl -R -d -m u:administrator:rwx <owncloud data>
* For assurance since it's owncloud folder
** setfacl -R -m g:www-data:rwx <owncloud data>
** setfacl -R -d -m g:www-data:rwx <owncloud data>
** setfacl -R -m u:www-data:rwx <owncloud data>
** setfacl -R -d -m u:www-data:rwx <owncloud data>

With "w" to adm you are able to manage ACLs from Zentyal, but be aware of recursion ACL changing on Zentyal, I had to disable it and then after add new acls as needed.
Be in mind that each time you change share zentyal will reset ACLs only for base folder if recursive disabled, any of the options you get owncloud rights broken.

But... always a but... creation files and folders does not goes as we desired since we do  not have suid working on linux, this is regarding security... so users must be on needed groups... so...

Boths cases, also:
* If sharefolder owner is in domain users
**usermod -G www-data <sharefolder owner>
* Zentyal's administrator
**usermod -G www-data administrator
* User www-data on domain users
**usermod -G domain\ users www-data


To share at Owncloud 8 Service > Zentyal 4 Samba I had to:
* Did not understand why, no time spent here, probably PHP code querys directly for group owner, so... if no www-data, no cake... the I did
** chgrp www-data <sharefolder>
* Setgid for sharefolder
** chmod g+s homefolder
* ACLs for user not dependent of what is the owner
** setfacl -d -m u::rwx <sharefolder>
* Default ACLs for www-data so it can reads, and so on
** setfacl -R -d -m u:www-data:rwx <sharefolder>
** setfacl -R d -m g:www-data:rwx <sharefolder>
** setfacl -R -m u:www-data:rwx <sharefolder>
** setfacl -R -m g:www-data:rwx <sharefolder>
* ACL so regarding what mess owncloud has done by default Zentyal can work over it.
** setfacl -d -m g:adm:rwx <sharefolder>
** setfacl -d -m u:administrator:rwx <sharefolder>


References:
* setacl's adn setgid: come from my zentyal + linux knowledge.
* umask on config: from owncloud forum
* my original post at  https://forum.owncloud.org/viewtopic.php?f=31&t=28185&p=94190#p94190

Hope this helps you!
I did toke a while recreating a wheel... blarg...
Besides... I do not feel that this wheel is round as desired... but works...

Pls, post your comments.
Regards!

8
Hi!

I have on my own some hosts with his samba, hosts that are mainly Ubuntu 14.04 server for several purposes (like game servers, school projects) and so have a solution with sssd/realmd to have authentication integrated with Zentyal AD is a charm.

Nevertheless I'm not able to do it all along with samba.

Did try several posts which all worked fine for host ad integrated authentication, not with samba.
The maximum I saw with samba was replication after join, but authentication accessing to shares I didn't, I believe that was related to sssd constant restarting, with ubuntu 15.04 sssd also restarted but an extra lib install solved, but I do need 14.04 LTS.

Anyone can share a solution?

I did try to do reverse engineering by installing second zentyal as an additional server, but replicate that config to an alone samba was not working well...

Pls, a share on this would be grate.

Regards!

9
Not so... figured out but the problem is the big sellers do not tell a thing for this IPs...

Is cloudmark reliable?
Is cloudmark to little?

Also the anti-spam common software providers do not refer, also by gougle I just found cloudmark itself, no reference from others that seemed to me relevant...

:(

Thanks!

10
Installation and Upgrades / Re: 3.5/4.0 Sogo webaddress
« on: March 03, 2015, 06:43:01 pm »
By the way for document a same context issue with same solution...

you are proxying and you have a different FQDN, ok, no prob just add the line:

RequestHeader set "x-webobjects-server-url" "https://<your desired FQDN>"               

as needed as follows:
file:/usr/share/zentyal/stubs/openchange/apache-ocsmanager.conf.mas
...
<Proxy http://127.0.0.1:20000/SOGo>
## When using proxy-side autentication, you need to uncomment and
## adjust the following line:
        #RequestHeader set "x-webobjects-remote-user" "%{REMOTE_USER}e"
% if ($ssl) {
RequestHeader set "x-webobjects-server-url" "https://<your desired FQDN>"               
#RequestHeader set "x-webobjects-server-url" "https://%{REQUEST_HOST}e:<% $port %>"
        SetEnvIf Host "(.*):?" REQUEST_HOST=$1
% } else {
   RequestHeader set "x-webobjects-server-url" "http://<your desired FQDN>"               
   RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
% }
AddDefaultCharset UTF-8
    Require all granted
</Proxy>
...


Then restart zentyal's openchange module.

;)

11
Hi!

Nothing found,


root@xxxx:~# apt-get install lsof | grep :2703
root@xxxx:~# netstat -plant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:88              0.0.0.0:*               LISTEN      29298/samba     
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      16122/master   
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      9637/named     
tcp        0      0 0.0.0.0:33529           0.0.0.0:*               LISTEN      1149/beam.smp   
tcp        0      0 0.0.0.0:538             0.0.0.0:*               LISTEN      1000/gdomap     
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      17013/apache2   
tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      3210/nginx.conf
tcp        0      0 0.0.0.0:636             0.0.0.0:*               LISTEN      29296/samba     
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      29300/smbd     
tcp        0      0 0.0.0.0:4190            0.0.0.0:*               LISTEN      16143/dovecot   
tcp        0      0 0.0.0.0:20000           0.0.0.0:*               LISTEN      25048/sogod     
tcp        0      0 0.0.0.0:1024            0.0.0.0:*               LISTEN      29293/samba     
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      16143/dovecot   
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      16143/dovecot   
tcp        0      0 0.0.0.0:3268            0.0.0.0:*               LISTEN      29296/samba     
tcp        0      0 0.0.0.0:3269            0.0.0.0:*               LISTEN      29296/samba     
tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN      29296/samba     
tcp        0      0 0.0.0.0:135             0.0.0.0:*               LISTEN      29293/samba     
tcp        0      0 127.0.0.1:5000          0.0.0.0:*               LISTEN      16707/python   
tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      3324/amavisd-new (m
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      16122/master   
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      934/mysqld     
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      16122/master   
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      29300/smbd     
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      1384/redis-server 1
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      1006/memcached 
tcp        0      0 127.0.0.1:6380          0.0.0.0:*               LISTEN      1415/redis-server 1
tcp        0      0 127.0.0.1:143           0.0.0.0:*               LISTEN      16143/dovecot   
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      17013/apache2   
tcp        0      0 0.0.0.0:464             0.0.0.0:*               LISTEN      29298/samba     
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      16122/master   
tcp        0      0 10.10.1.1:53            0.0.0.0:*               LISTEN      9637/named     
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN      9637/named     
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      9637/named     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      877/sshd       
tcp        1      0 127.0.0.1:55315         127.0.0.1:20000         CLOSE_WAIT  25450/apache2   
tcp        0      0 10.10.1.1:22            10.10.1.4:55508         ESTABLISHED 19672/sshd: user [p
tcp        0      0 127.0.0.1:11211         127.0.0.1:44658         ESTABLISHED 1006/memcached 
tcp        0      0 127.0.0.1:34634         127.0.1.1:3268          ESTABLISHED 29346/sssd_be   
tcp        0      0 127.0.1.1:389           127.0.0.1:57843         ESTABLISHED 29296/samba     
tcp        0      0 127.0.0.1:11211         127.0.0.1:39937         ESTABLISHED 1006/memcached 
tcp        1      0 127.0.0.1:50240         127.0.0.1:389           CLOSE_WAIT  23256/amavisd-new (
tcp        1      0 127.0.0.1:55296         127.0.0.1:20000         CLOSE_WAIT  25451/apache2   
tcp        0      0 127.0.0.1:44658         127.0.0.1:11211         ESTABLISHED 25061/sogod     
tcp        0      0 127.0.0.1:39932         127.0.0.1:11211         ESTABLISHED 16731/ocnotificatio
tcp        0      0 127.0.0.1:39937         127.0.0.1:11211         ESTABLISHED 16707/python   
tcp        0      0 127.0.1.1:3268          127.0.0.1:34634         ESTABLISHED 29296/samba     
tcp        0      0 127.0.0.1:11211         127.0.0.1:39932         ESTABLISHED 1006/memcached 
tcp        0      0 127.0.0.1:43481         127.0.0.1:11211         ESTABLISHED 25063/sogod     
tcp        0      0 127.0.0.1:47260         127.0.0.1:5672          ESTABLISHED 16731/ocnotificatio
tcp        0      0 127.0.0.1:43104         127.0.0.1:4369          ESTABLISHED 1149/beam.smp   
tcp        0      0 127.0.0.1:57843         127.0.1.1:389           ESTABLISHED 29346/sssd_be   
tcp        0      0 127.0.0.1:50246         127.0.0.1:389           ESTABLISHED 23894/amavisd-new (
tcp        0      0 127.0.0.1:389           127.0.0.1:50246         ESTABLISHED 29296/samba     
tcp        0      0 127.0.0.1:11211         127.0.0.1:43481         ESTABLISHED 1006/memcached 
tcp        1      0 127.0.0.1:55292         127.0.0.1:20000         CLOSE_WAIT  25451/apache2   
tcp6       0      0 :::88                   :::*                    LISTEN      29298/samba     
tcp6       0      0 :::25                   :::*                    LISTEN      16122/master   
tcp6       0      0 :::636                  :::*                    LISTEN      29296/samba     
tcp6       0      0 :::445                  :::*                    LISTEN      29300/smbd     
tcp6       0      0 :::4190                 :::*                    LISTEN      16143/dovecot   
tcp6       0      0 :::1024                 :::*                    LISTEN      29293/samba     
tcp6       0      0 :::995                  :::*                    LISTEN      16143/dovecot   
tcp6       0      0 :::3268                 :::*                    LISTEN      29296/samba     
tcp6       0      0 :::3269                 :::*                    LISTEN      29296/samba     
tcp6       0      0 :::389                  :::*                    LISTEN      29296/samba     
tcp6       0      0 :::135                  :::*                    LISTEN      29293/samba     
tcp6       0      0 :::5672                 :::*                    LISTEN      1149/beam.smp   
tcp6       0      0 :::587                  :::*                    LISTEN      16122/master   
tcp6       0      0 :::139                  :::*                    LISTEN      29300/smbd     
tcp6       0      0 :::464                  :::*                    LISTEN      29298/samba     
tcp6       0      0 :::465                  :::*                    LISTEN      16122/master   
tcp6       0      0 :::4369                 :::*                    LISTEN      1044/epmd       
tcp6       0      0 :::22                   :::*                    LISTEN      877/sshd       
tcp6       0      0 127.0.0.1:5672          127.0.0.1:47260         ESTABLISHED 1149/beam.smp   
tcp6       0      0 127.0.0.1:4369          127.0.0.1:43104         ESTABLISHED 1044/epmd       
root@xxxx:~# netstat -plant | grep 2703
root@xxxx:~#


Detailing, usually I get lines like this on Sophos Network Protection log:
...    Default DROP    TCP         10.10.1.1    :    50263   →    208.83.137.118    :    2703     [SYN]    len=60    ttl=63    tos=0x00    srcmac=52:5...
...    Default DROP    TCP         10.10.1.1    :    39206   →    208.83.139.205    :    2703        [SYN]    len=60    ttl=63    tos=0x00    srcmac=52:5...


So, mainly this two IPs 208.83.137.118, 208.83.139.205 as destinations, not remember others.
Doing a regular WHOIS IP, seems like this IPs are for some security company, but I'm not confident with that, since no general availability for general reference for it and neither for any protocol or system related to.

Also it appears when a mail is being delivered on any direction...
I did noticed this relation to mail service since my dyndns domain was down couple of days per migration and thousands of mails from a couple of open source dev mail lists, after that the rate dropped, but if I send or receive a mail per test or coincidence...

I may being losing some functionality here... but what functionality for which any one should relay on?

Thanks!
Tomás

12
Installation and Upgrades / Net Security - What is TCP 2703 port for?
« on: February 26, 2015, 07:34:06 pm »
Hi!

Currently migrated my "home play ground IT" from Zentyal 2.2 into 4.0, also a new firewall, Sophos UTM Home Edition.

Grate things until I do discover lots of communications Droped to IPs 208.83.137.118 and 208.83.139.205 for TCP 2703 port.

What's this IP and port for?

Any one knows?

Thanks for your attention!
My best regards!
Sarraceno

13
Disable Roaming Profiles or also redirect folders... probably will come back working

14
I'm joining to this...

Mu history is that for the last 2 months, my installation is no more able to provide offline files.
Also Office apps are telling "Access Denied! Contact your Administrator."

So drilling, googling, ubunting I did arrived here...

so, 50MB may not be the solution... if my issue is equal to this...


But I did try, and defined to 200MB and now is working, less messages.

Let see what I got in next days.

Meanwhile for fast look samba seems to have less messages but stands this:
Code: [Select]
  NT error packet at ../source3/smbd/error.c(165) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND
[2013/05/14 23:37:37.633707,  3] ../source3/smbd/process.c:1794(process_smb)
  Transaction 2048 of length 210 (0 toread)
[2013/05/14 23:37:37.633835,  3] ../source3/smbd/process.c:1397(switch_message)
  switch message SMBntcreateX (pid 5117) conn 0x1ebb0c0
[2013/05/14 23:37:37.633972,  3] ../source3/smbd/vfs.c:1118(check_reduced_name)
  check_reduced_name [My Documents/Marina2] [/home/usermadera]
[2013/05/14 23:37:37.634096,  3] ../source3/smbd/vfs.c:1248(check_reduced_name)
  check_reduced_name: My Documents/Marina2 reduced to /home/usermadera/My Documents/Marina2
[2013/05/14 23:37:37.634220,  3] ../source3/smbd/error.c:82(error_packet_set)
  NT error packet at ../source3/smbd/error.c(165) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND
[2013/05/14 23:37:37.634782,  3] ../source3/smbd/process.c:1794(process_smb)
  Transaction 2049 of length 200 (0 toread)
[2013/05/14 23:37:37.634916,  3] ../source3/smbd/process.c:1397(switch_message)
  switch message SMBntcreateX (pid 5117) conn 0x1ebb0c0
[2013/05/14 23:37:37.635053,  3] ../source3/smbd/vfs.c:1118(check_reduced_name)
  check_reduced_name [My Documents/Marina2] [/home/usermadera]
[2013/05/14 23:37:37.635180,  3] ../source3/smbd/vfs.c:1248(check_reduced_name)
  check_reduced_name: My Documents/Marina2 reduced to /home/usermadera/My Documents/Marina2
[2013/05/14 23:37:37.635303,  3] ../source3/smbd/error.c:82(error_packet_set)
  NT error packet at ../source3/smbd/error.c(165) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND

Any idea for por specific explanation?

Regards!

15
Bump!

Alterando o stub main.cf nada se perde... mas o alias não funca, ie, o mail chega ao servidor Zentyal e é recusado sem que este reconheça q faz parte de um sub-se de alias fora do LDAP...

Alguem tem alguma ideia de como conseguir o postfix não ignore alias paralelos ao LDAP?

Obrigado!

Pages: [1] 2