Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
46
Installation and Upgrades / Re: Squid cache - how to obtain faster Squid response times?
« on: September 02, 2014, 05:10:55 am »
A whole year later, and I'm still on the guest of improving Squid performance.
So far, the biggest performance increase came not from adding or changing hardware, but simply updating Zentyal
and thus getting an updated Squid 3.3.x in the process.
I must say, the difference as compared to Zentyal 2.2.x is huge, and it still runs from a 10k raptor drive.
As far as the SSD concerns, I've had plenty of time to read.
The conclusion is that SSD "wear" will be less of an issue when using quality SSD drives, even if they are MLC based.
For example, I've just ordered an Intel 2500 series 120GB SSD. Should be more reliable then other consumer SSD drives.
It's still a bit of an experiment, but at this point the SSD wear seems exaggerated.
It was mentioned that ramdisk would be the best solution.
My cache footprint would require 16GB of ram, and honestly I find those modules (2x8GB) to expensive. Maybe when RAM comes down in price, I'll give it a shot.
So far this little update.
Cheers.
So far, the biggest performance increase came not from adding or changing hardware, but simply updating Zentyal
and thus getting an updated Squid 3.3.x in the process.
I must say, the difference as compared to Zentyal 2.2.x is huge, and it still runs from a 10k raptor drive.
As far as the SSD concerns, I've had plenty of time to read.
The conclusion is that SSD "wear" will be less of an issue when using quality SSD drives, even if they are MLC based.
For example, I've just ordered an Intel 2500 series 120GB SSD. Should be more reliable then other consumer SSD drives.
It's still a bit of an experiment, but at this point the SSD wear seems exaggerated.
It was mentioned that ramdisk would be the best solution.
My cache footprint would require 16GB of ram, and honestly I find those modules (2x8GB) to expensive. Maybe when RAM comes down in price, I'll give it a shot.
So far this little update.
Cheers.
47
Installation and Upgrades / Re: Need a hand with Samba ACL's in Zentyal 3.5.
« on: August 27, 2014, 10:11:17 pm »
Nobody has a clue?
Well then I'm off to submit a bugreport.
Cheers.
Well then I'm off to submit a bugreport.
Cheers.
48
Installation and Upgrades / Re: Problematic Squid proxy implementation in Zentyal 3.5
« on: August 27, 2014, 10:11:03 pm »
Nobody has a clue?
Well then I'm off to submit a bugreport.
Cheers.
Well then I'm off to submit a bugreport.
Cheers.
49
Installation and Upgrades / Re: Zentyal.me not resolving.
« on: August 26, 2014, 10:46:56 pm »Hello:
AFAIK zentyal.me is working OK. Have you checked that ddclient is not working for some reason? Have you tried running it foreground with debug enabled?
Sorry but that's not true. I have just checked and Zentyal.me is not resolving here.
I can access the client by IP address, so the server is working.
Zentyal.me has been problematic since it was implemented. Sometimes it resolves OK, sometimes it just doesn't.
Please see the attached pictures, one by IP that's working, the other one is zentyal.me not resolving.
Cheers.
50
News and Announcements / Re: Zentyal 4.0 Roadmap Published!
« on: August 26, 2014, 10:40:48 pm »
I absolutely agree with ichat. +1.
If you are going to drop modules, then drop the right ones.
I had hopes to be able to maintain Zentyal as a Office server, running web server, zoneminder and samba.
The network stuff could be migrated to, for example, pfsense.
Zentyal could be a perfect complement to this.
But with the webserver being dumped next, I don't see how it would work for me and the rest of my organization.
I really wish the Zentyal devs would reconsider leaving the webserver in, as it is otherwise an excellent product.
Cheers.
If you are going to drop modules, then drop the right ones.
I had hopes to be able to maintain Zentyal as a Office server, running web server, zoneminder and samba.
The network stuff could be migrated to, for example, pfsense.
Zentyal could be a perfect complement to this.
But with the webserver being dumped next, I don't see how it would work for me and the rest of my organization.
I really wish the Zentyal devs would reconsider leaving the webserver in, as it is otherwise an excellent product.
Cheers.
51
Installation and Upgrades / [Solved] Need a hand with Samba ACL's in Zentyal 3.5.
« on: August 25, 2014, 10:37:19 pm »
The switch from Zentyal 2.2 to 3.5 is a big step forward and there are a lot of changes.
Biggest change is perhaps Samba 4, and I can't get the ACL's right.
Situation:
I need to share the root of a drive so that the user with administrator role can change, delete, create whatever file in whatever folder.
On that same drive, there's a folder "scanned" that contains documents from a scanner.
Two users have access that folder, one read and one read/write.
And of course, the admin user need to have full access.
So I created the admin user, set "apply ACL's recursively" on the whole drive and that worked OK.
But then I created the other two users and applied the ACL at the "scanned" folder.
Saving changes - no errors reported (commented out the full audit again) but the folder is visible from Windows with the two users listed in permissions.
But the owner of "scanned" is still the admin user, so even if the other two have correct credentials, they would not be able to see the contents.
And that's what happens, when I share that folder as a network drive, giving the correct credentials Samba denies access.
Only modification done to smb.conf is commenting out "full audit" hoping to speed up the process of setting ACL.
Edit: This topic in Spanish describes exactly my issue with denied access on subfolders:
Before I go that route, let's try to get it right with Samba first. If all else fails, above link would be my last effort.
Cheers.
Biggest change is perhaps Samba 4, and I can't get the ACL's right.
Situation:
I need to share the root of a drive so that the user with administrator role can change, delete, create whatever file in whatever folder.
On that same drive, there's a folder "scanned" that contains documents from a scanner.
Two users have access that folder, one read and one read/write.
And of course, the admin user need to have full access.
So I created the admin user, set "apply ACL's recursively" on the whole drive and that worked OK.
But then I created the other two users and applied the ACL at the "scanned" folder.
Saving changes - no errors reported (commented out the full audit again) but the folder is visible from Windows with the two users listed in permissions.
But the owner of "scanned" is still the admin user, so even if the other two have correct credentials, they would not be able to see the contents.
And that's what happens, when I share that folder as a network drive, giving the correct credentials Samba denies access.
Only modification done to smb.conf is commenting out "full audit" hoping to speed up the process of setting ACL.
Edit: This topic in Spanish describes exactly my issue with denied access on subfolders:
Code: [Select]
http://www.smythsys.es/5277/zentyal-3-2-y-samba-4-permisos-de-carpetas-solucion-gestionar-acls-por-linux/Before I go that route, let's try to get it right with Samba first. If all else fails, above link would be my last effort.
Cheers.
52
Installation and Upgrades / Problematic Squid proxy implementation in Zentyal 3.5
« on: August 25, 2014, 05:55:28 am »
This weekend my raptor gave up, so I had to do a server rebuild.
I was using 2.2 but it is way to old now, so decided to use Zentyal 3.5.
First impressions: Much better overall, but it has some quirks. Especially the way Squid has been implemented.
Zentyal 3.5 has no forward proxy port configured in squid.conf, and this error spams the cache.log eternally.
Adding the port is necessary, even if you don't use forward proxy.
Solves the constant error in cache.log. I don't know if this breaks something, because the port is referenced in the config file.
Another quirk is the not-completely disabled IPv6.
Squid tries to bind to IPv6 addresses (DNS) and this of course errors out.
This is a bit sloppy, I tried to put the ipv4 first directive in the config file, but it had no effect, the errors in cache.log remain.
Zentyal devs should really fix this.
For those that want to monitor the hit/miss rate, do not look at access.log but instead look at external-access.log.
Another weak point is the Samba 4 implementation.
I have 3 x 3 TB disks about 70% filled, there is a Zoneminder storage and a lot of other files.
When creating a share and defining ACL's, the saving process literally takes days.
This makes Samba as a file server completely useless.
At this point in time I've only been able to add one user because of this.
The good, but not Zentyal related:
Zoneminder latest build works fantastic. Now the wait is for storing events in mp4 format.
Cheers.
I was using 2.2 but it is way to old now, so decided to use Zentyal 3.5.
First impressions: Much better overall, but it has some quirks. Especially the way Squid has been implemented.
Zentyal 3.5 has no forward proxy port configured in squid.conf, and this error spams the cache.log eternally.
Adding the port is necessary, even if you don't use forward proxy.
Code: [Select]
http_port 0.0.0.0:3129Solves the constant error in cache.log. I don't know if this breaks something, because the port is referenced in the config file.
Another quirk is the not-completely disabled IPv6.
Squid tries to bind to IPv6 addresses (DNS) and this of course errors out.
Code: [Select]
commBind: Cannot bind socket FD 21 to [::1]: (99) Cannot assign requested address
commBind: Cannot bind socket FD 22 to [::1]: (99) Cannot assign requested address
ERROR: Failed to create helper child read FD: UDP[::1]
Accepting NAT intercepted HTTP Socket connections at local=0.0.0.0:3128 remote=[::] FD 20 flags=41 This is a bit sloppy, I tried to put the ipv4 first directive in the config file, but it had no effect, the errors in cache.log remain.
Zentyal devs should really fix this.
For those that want to monitor the hit/miss rate, do not look at access.log but instead look at external-access.log.
Another weak point is the Samba 4 implementation.
I have 3 x 3 TB disks about 70% filled, there is a Zoneminder storage and a lot of other files.
When creating a share and defining ACL's, the saving process literally takes days.
This makes Samba as a file server completely useless.
At this point in time I've only been able to add one user because of this.
The good, but not Zentyal related:
Zoneminder latest build works fantastic. Now the wait is for storing events in mp4 format.
Cheers.
53
Installation and Upgrades / Re: Update Avast
« on: August 22, 2014, 10:15:01 pm »
You have to decide for yourself which Antivirus program suits you best.
Here I'm using Avira free antivirus. It's free, lightweight and most important in the configuration options you can set the proxy.
That should solve your issue with the updates.
Another good AV is Bitdefender. There is a free version.
Panda scores the best, also has a free version.
As for Avast, you can see how it performs by downloading the latest "real world protection test" (PDF) from
You can see that Avira is in third place, has a 99.7% detection rate with only 12 compromised cases,
while Avast has a 97% detection rate with 120 compromised cases.
If both are free, it's obvious Avira is the better choice.
Cheers.
Here I'm using Avira free antivirus. It's free, lightweight and most important in the configuration options you can set the proxy.
That should solve your issue with the updates.
Another good AV is Bitdefender. There is a free version.
Panda scores the best, also has a free version.
As for Avast, you can see how it performs by downloading the latest "real world protection test" (PDF) from
Code: [Select]
www.av-comparitives.orgYou can see that Avira is in third place, has a 99.7% detection rate with only 12 compromised cases,
while Avast has a 97% detection rate with 120 compromised cases.
If both are free, it's obvious Avira is the better choice.
Cheers.
54
Installation and Upgrades / Re: Update Avast
« on: August 22, 2014, 03:48:46 am »
Well, in this case Avast is not automatically using your Internet proxy settings.
That's a drawback of explicit proxy, you have to setup your applications to use the proxy.
That said, inside Avast control panel there has to be an option to configure proxy.
As for antivirus in general, there are other more effective AV's out there. Avast isn't my first choice.
Cheers.
That's a drawback of explicit proxy, you have to setup your applications to use the proxy.
That said, inside Avast control panel there has to be an option to configure proxy.
As for antivirus in general, there are other more effective AV's out there. Avast isn't my first choice.
Cheers.
55
News and Announcements / Re: Time to resign
« on: August 17, 2014, 05:28:20 am »Probably good that you can't ban users and its a testament to Robbs patience that I am still here.
Well, actually it was the other way around. We voted, and I voted for you to get another change
.I'm not jumping ship, but it is a simple fact that I don't see myself using Zentyal 4.0 or above.
Without any practical experience to share, it will be hard to be of any use for the community.
The only coding I do is in AutoIt, still rather basic and nothing compared to maintaining Zentyal modules.
Prove me wrong and I'll reconsider.
Reporting spam can be done already. Every post contains a link "report to moderator"
A lot has been done already to make it more difficult for spammers to abuse the forum.
Further automating should be done at software level, in this case Simple Machines.
Wearing the hat and doing the dance - fun for a day or two perhaps.
I've been a moderator here for more than two years, but on other Internet fora for more than fifteen years.
It's not always easy to keep up and being there for the community, day in day out.
Cheers.
56
News and Announcements / Re: Time to resign
« on: August 16, 2014, 08:47:17 pm »
Spam plucking is no problem, I've done that until now and will keep plucking for the time being.
I can't ban users though (lucky you, Stuart!
) so I'll just report the account to Zentyal staff.
Robb has a better way of saying things, I share his views 100%, nothing to add or comment.
In the near future I will change my old Zentyal 2.2 for a different (non Zentyal) solution, at that point in time I will also retire as a moderator.
Cheers.
I can't ban users though (lucky you, Stuart!
) so I'll just report the account to Zentyal staff.Robb has a better way of saying things, I share his views 100%, nothing to add or comment.
In the near future I will change my old Zentyal 2.2 for a different (non Zentyal) solution, at that point in time I will also retire as a moderator.
Cheers.
57
Installation and Upgrades / Re: http proxy configuration
« on: August 13, 2014, 09:49:03 pm »
Did you setup authentication on the proxy for your users?
If so, can you try without authentication?
Please keep in mind that you have to create network OBJECTS not groups.
The rest seems OK to me.
Cheers.
If so, can you try without authentication?
Please keep in mind that you have to create network OBJECTS not groups.
The rest seems OK to me.
Cheers.
58
News and Announcements / Re: Zentyal 4.0 Roadmap Published!
« on: August 13, 2014, 03:15:00 am »
Some people suggest virtualization as a possible solution to the missing modules.
Been there, done that.
I found it's definitely not workable, having Ubuntu as a base OS for virtualization.
At the point of making changes (updates for example) that require reboots you also take down the gateway.
What worked for me was to physically separate the gateway stuff from the server stuff.
Firewall, proxy, Radius, Snort and Squid on one dedicated box. Gained (at last) a functional ipv6 implementation.
Web server, mail server, Samba, CUPS and Zoneminder on another box.
Hardware has become fairly efficient and small these days.
Obviously I'm not happy with the changes in the upcoming Zentyal. Probably it's not even going to work.
Untapped potential? Market niche?
In my opinion, if you offer exactly the same type of product (Exchange drop-in replacement) businesses will stick with MS paid solutions anyway.
If you wan't to win over those people, you'll have to offer a better or more feature rich product.
The argument Zentyal being "free" is moot, businesses gladly pay for a superior product.
I don't see that happening anytime soon, but please prove me wrong.
Zentyal was a great way to learn, but for me it's a dead end.
Many times on the forum I've launched ideas, reported bugs and problems, waiting for some input from the dev team..
But participation from Zentyal staff is nearly none, and for me that's a real deal breaker.
As far as ClearOS concerned, I agree v6 was a bit weird, and it still seems it's not a finished product.
That said, I'm not going to fiddle with COS again, neither with Astaro (Sophos) or the like.
For the remaining services I'll just roll my own. If anything it will be a lot more flexible.
Again, these are my personal views.
Cheers.
Been there, done that.
I found it's definitely not workable, having Ubuntu as a base OS for virtualization.
At the point of making changes (updates for example) that require reboots you also take down the gateway.
What worked for me was to physically separate the gateway stuff from the server stuff.
Firewall, proxy, Radius, Snort and Squid on one dedicated box. Gained (at last) a functional ipv6 implementation.
Web server, mail server, Samba, CUPS and Zoneminder on another box.
Hardware has become fairly efficient and small these days.
Obviously I'm not happy with the changes in the upcoming Zentyal. Probably it's not even going to work.
Untapped potential? Market niche?
In my opinion, if you offer exactly the same type of product (Exchange drop-in replacement) businesses will stick with MS paid solutions anyway.
If you wan't to win over those people, you'll have to offer a better or more feature rich product.
The argument Zentyal being "free" is moot, businesses gladly pay for a superior product.
I don't see that happening anytime soon, but please prove me wrong.
Zentyal was a great way to learn, but for me it's a dead end.
Many times on the forum I've launched ideas, reported bugs and problems, waiting for some input from the dev team..
But participation from Zentyal staff is nearly none, and for me that's a real deal breaker.
As far as ClearOS concerned, I agree v6 was a bit weird, and it still seems it's not a finished product.
That said, I'm not going to fiddle with COS again, neither with Astaro (Sophos) or the like.
For the remaining services I'll just roll my own. If anything it will be a lot more flexible.
Again, these are my personal views.
Cheers.
59
Installation and Upgrades / Re: http proxy configuration
« on: August 13, 2014, 01:30:12 am »
You mean the rules are not applied at all?
Did you set the default policy to "filter" on the general tab?
Are you sure traffic is going through the proxy?
To check, deny all traffic and test.
Cheers.
Did you set the default policy to "filter" on the general tab?
Are you sure traffic is going through the proxy?
To check, deny all traffic and test.
Cheers.
60
Spanish / Re: como bloquear ultrasurf
« on: August 12, 2014, 04:23:17 am »
Por lo menos intenta buscar en el foro, con la palabra "ultrasurf" encontraras varios asuntos.
Se ha hablado mucho de esto y la conclusion es no, al menos que manejas una lista blanca, no es posible bloquear Ultrasurf.
Saludos.
Se ha hablado mucho de esto y la conclusion es no, al menos que manejas una lista blanca, no es posible bloquear Ultrasurf.
Saludos.