Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
Installation and Upgrades / Zentyal as Windows Active Directory domain member / client
« on: December 20, 2013, 10:27:45 pm »
Hello,
Is it possible to configure Zentyal as AD member? I need extra storage on my Windows server, so I wanted to build a NAS that connects to the existing AD 2003 server. If it's connected I want to create a new share with permissions for a group in Active Directory.
Is this possible?
If not it will be better to use QNAP/Synology because they can do this, but I want to try a custom build NAS.
Is it possible to configure Zentyal as AD member? I need extra storage on my Windows server, so I wanted to build a NAS that connects to the existing AD 2003 server. If it's connected I want to create a new share with permissions for a group in Active Directory.
Is this possible?
If not it will be better to use QNAP/Synology because they can do this, but I want to try a custom build NAS.
2
Installation and Upgrades / Re: Samba Unable to start
« on: November 26, 2012, 10:44:48 pm »
This is after a clean install, only trying to install a simple Samba fileserver.
Back to Zentyal 2 with Samba 3 for me, I've tried too many hours to get 3.0 working.
Back to Zentyal 2 with Samba 3 for me, I've tried too many hours to get 3.0 working.
3
Installation and Upgrades / Re: Samba Unable to start
« on: November 26, 2012, 10:43:08 pm »
Same here:
2012/11/26 22:28:16 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: dns
2012/11/26 22:28:16 ERROR> Sudo.pm:233 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/kN4AjX8b2V failed.
Error output: update failed: REFUSED
Command output: .
Exit value: 2
2012/11/26 22:28:17 INFO> DNS.pm:89 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2012/11/26 22:28:19 INFO> GlobalImpl.pm:688 EBox::GlobalImpl::saveAllModules - Changes saved successfully
2012/11/26 22:31:03 INFO> Service.pm:771 EBox::Module::Service::restartService - Restarting service for module: samba
2012/11/26 22:31:04 INFO> Samba.pm:831 EBox::Samba::provisionAsDC - Provisioning database '/usr/bin/samba-tool domain provision --domain='XXX' --workgroup='XXX' --realm='XXX.LOCAL' --dns-backend=BIND9_DLZ --use-xattrs=yes --use-rfc2307 --server-role='dc' --users='__USERS__' --host-name='XXX-server' --host-ip='192.168.3.50''
2012/11/26 22:32:12 INFO> Samba.pm:852 EBox::Samba::provisionAsDC - Setting password policy
2012/11/26 22:32:14 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: dns
2012/11/26 22:32:15 WARN> DNS.pm:1445 EBox::DNS::_launchNSupdate - Cannot contact with named, trying in posthook
2012/11/26 22:32:15 INFO> DNS.pm:89 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2012/11/26 22:32:17 ERROR> Sudo.pm:233 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/546vFOo2ZB failed.
Error output: update failed: REFUSED
Command output: .
Exit value: 2
2012/11/26 22:32:17 ERROR> Service.pm:776 EBox::Module::Service::__ANON__ - Error restarting service: root command nsupdate -l -t 10 /var/lib/zentyal/tmp/546vFOo2ZB failed.
Error output: update failed: REFUSED
Command output: .
Exit value: 2
2012/11/26 22:32:17 ERROR> RestartService.pm:67 EBox::CGI::SysInfo::RestartService::__ANON__ - Restart of File Sharing from dashboard failed: root command nsupdate -l -t 10 /var/lib/zentyal/tmp/546vFOo2ZB failed.
Error output: update failed: REFUSED
Command output: .
2012/11/26 22:28:16 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: dns
2012/11/26 22:28:16 ERROR> Sudo.pm:233 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/kN4AjX8b2V failed.
Error output: update failed: REFUSED
Command output: .
Exit value: 2
2012/11/26 22:28:17 INFO> DNS.pm:89 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2012/11/26 22:28:19 INFO> GlobalImpl.pm:688 EBox::GlobalImpl::saveAllModules - Changes saved successfully
2012/11/26 22:31:03 INFO> Service.pm:771 EBox::Module::Service::restartService - Restarting service for module: samba
2012/11/26 22:31:04 INFO> Samba.pm:831 EBox::Samba::provisionAsDC - Provisioning database '/usr/bin/samba-tool domain provision --domain='XXX' --workgroup='XXX' --realm='XXX.LOCAL' --dns-backend=BIND9_DLZ --use-xattrs=yes --use-rfc2307 --server-role='dc' --users='__USERS__' --host-name='XXX-server' --host-ip='192.168.3.50''
2012/11/26 22:32:12 INFO> Samba.pm:852 EBox::Samba::provisionAsDC - Setting password policy
2012/11/26 22:32:14 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: dns
2012/11/26 22:32:15 WARN> DNS.pm:1445 EBox::DNS::_launchNSupdate - Cannot contact with named, trying in posthook
2012/11/26 22:32:15 INFO> DNS.pm:89 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2012/11/26 22:32:17 ERROR> Sudo.pm:233 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/546vFOo2ZB failed.
Error output: update failed: REFUSED
Command output: .
Exit value: 2
2012/11/26 22:32:17 ERROR> Service.pm:776 EBox::Module::Service::__ANON__ - Error restarting service: root command nsupdate -l -t 10 /var/lib/zentyal/tmp/546vFOo2ZB failed.
Error output: update failed: REFUSED
Command output: .
Exit value: 2
2012/11/26 22:32:17 ERROR> RestartService.pm:67 EBox::CGI::SysInfo::RestartService::__ANON__ - Restart of File Sharing from dashboard failed: root command nsupdate -l -t 10 /var/lib/zentyal/tmp/546vFOo2ZB failed.
Error output: update failed: REFUSED
Command output: .
4
Installation and Upgrades / OpenVPN routing without zentyal to zentyal tunnel
« on: September 08, 2012, 02:44:24 pm »
I have a small Linux server as client without Zentyal connecting to a Zentyal VPN server.
Normally, when creating a Zentyal-to-Zentyal tunnel, both networks can talk with each other.
How can I create a Zentyal-to-Custom tunnel?
My situation:
Computer1 -> VPN client -> Internet -> Zentyal Server -> Computer2
192.168.3.0 <-> 10.10.1.0
Route print on my VPN client 192.168.3.0:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.161.0 * 255.255.255.0 U 0 0 0 tap0
192.168.3.0 * 255.255.255.0 U 0 0 0 eth0
10.10.1.0 192.168.161.1 255.255.255.0 UG 0 0 0 tap0
default 192.168.3.1 0.0.0.0 UG 100 0 0 eth0
Route print on my Zentyal server:
Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.224 U 0 0 0 eth0
192.168.161.0 * 255.255.255.0 U 0 0 0 tap1
192.168.166.0 * 255.255.255.0 U 0 0 0 tap7
192.168.168.0 * 255.255.255.0 U 0 0 0 tap9
192.168.2.0 192.168.166.2 255.255.255.0 UG 2 0 0 tap7
192.168.1.0 192.168.168.2 255.255.255.0 UG 2 0 0 tap9
10.10.1.0 * 255.255.255.0 U 0 0 0 eth1
Here you see that 192.168.2.0 and 192.168.1.0 work, because Zentyal added a route for this network to the VPN IP.
However, the 192.168.161.0 * is not working, this should be my 192.168.3.0 network.
When I try to create a route in the Zentyal interface I get: Gateway 192.168.161.2 not reachable
When I manually create a route in console everything works:
root@router:~# route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.161.2 dev tap1
root@router:~# route -v
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.224 U 0 0 0 eth0
192.168.161.0 * 255.255.255.0 U 0 0 0 tap1
192.168.3.0 192.168.161.2 255.255.255.0 UG 0 0 0 tap1
192.168.166.0 * 255.255.255.0 U 0 0 0 tap7
192.168.2.0 192.168.166.2 255.255.255.0 UG 2 0 0 tap7
192.168.1.0 192.168.168.2 255.255.255.0 UG 2 0 0 tap9
10.10.1.0 * 255.255.255.0 U 0 0 0 eth1
192.168.168.0 * 255.255.255.0 U 0 0 0 tap9
10.1.1.0 * 255.255.255.0 U 0 0 0 eth1
So only when I manually create the route, outside Zentyal interface, it starts working.
Is there a way to make this easier? Am I doing something wrong?
Normally, when creating a Zentyal-to-Zentyal tunnel, both networks can talk with each other.
How can I create a Zentyal-to-Custom tunnel?
My situation:
Computer1 -> VPN client -> Internet -> Zentyal Server -> Computer2
192.168.3.0 <-> 10.10.1.0
Route print on my VPN client 192.168.3.0:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.161.0 * 255.255.255.0 U 0 0 0 tap0
192.168.3.0 * 255.255.255.0 U 0 0 0 eth0
10.10.1.0 192.168.161.1 255.255.255.0 UG 0 0 0 tap0
default 192.168.3.1 0.0.0.0 UG 100 0 0 eth0
Route print on my Zentyal server:
Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.224 U 0 0 0 eth0
192.168.161.0 * 255.255.255.0 U 0 0 0 tap1
192.168.166.0 * 255.255.255.0 U 0 0 0 tap7
192.168.168.0 * 255.255.255.0 U 0 0 0 tap9
192.168.2.0 192.168.166.2 255.255.255.0 UG 2 0 0 tap7
192.168.1.0 192.168.168.2 255.255.255.0 UG 2 0 0 tap9
10.10.1.0 * 255.255.255.0 U 0 0 0 eth1
Here you see that 192.168.2.0 and 192.168.1.0 work, because Zentyal added a route for this network to the VPN IP.
However, the 192.168.161.0 * is not working, this should be my 192.168.3.0 network.
When I try to create a route in the Zentyal interface I get: Gateway 192.168.161.2 not reachable
When I manually create a route in console everything works:
root@router:~# route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.161.2 dev tap1
root@router:~# route -v
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.224 U 0 0 0 eth0
192.168.161.0 * 255.255.255.0 U 0 0 0 tap1
192.168.3.0 192.168.161.2 255.255.255.0 UG 0 0 0 tap1
192.168.166.0 * 255.255.255.0 U 0 0 0 tap7
192.168.2.0 192.168.166.2 255.255.255.0 UG 2 0 0 tap7
192.168.1.0 192.168.168.2 255.255.255.0 UG 2 0 0 tap9
10.10.1.0 * 255.255.255.0 U 0 0 0 eth1
192.168.168.0 * 255.255.255.0 U 0 0 0 tap9
10.1.1.0 * 255.255.255.0 U 0 0 0 eth1
So only when I manually create the route, outside Zentyal interface, it starts working.
Is there a way to make this easier? Am I doing something wrong?
5
Installation and Upgrades / LAN over WAN communication OpenVPN
« on: January 28, 2012, 05:29:05 pm »
Hello,
I have a small server cluster in a datacenter that needs to be connected to the same LAN in another datacenter. So both locations have a 10.10.1.X /24 network, without knowing that some servers might be over WAN.
How can I set this? I tried several things with Zentyal, but I think it's imposible with the default settings. I tried to create my own Ehternet tunnel with plain OpenVPN tunneling, but I was unable to ping IP addresses on the other side.
The reason I want this, is because I need to migrate about 50 hosted desktops connected to a fileserver with minimal downtime. So I would like to stop, copy, start each hosted desktop for minimal downtime. After that, I will migrate the massive fileserver in the weekend.
Please let me know if LAN over WAN is possible with Zentyal! And if it doesn't, what are my options?
I have a small server cluster in a datacenter that needs to be connected to the same LAN in another datacenter. So both locations have a 10.10.1.X /24 network, without knowing that some servers might be over WAN.
How can I set this? I tried several things with Zentyal, but I think it's imposible with the default settings. I tried to create my own Ehternet tunnel with plain OpenVPN tunneling, but I was unable to ping IP addresses on the other side.
The reason I want this, is because I need to migrate about 50 hosted desktops connected to a fileserver with minimal downtime. So I would like to stop, copy, start each hosted desktop for minimal downtime. After that, I will migrate the massive fileserver in the weekend.
Please let me know if LAN over WAN is possible with Zentyal! And if it doesn't, what are my options?
6
Installation and Upgrades / Replace source address not working
« on: October 27, 2011, 09:23:49 am »
Hello,
I have a MTA server behind my Zentyal router/firewall. The MTA server is located in the LAN, and mail is received by a NAT rule that forwards port 25 to the MTA server.
I want to open this MTA as relay server for a specific host (WAN IP). The MTA only shows the IP of the firewall/zentyal server in the logs, therefore I can't open the relay to the remote IP, because it won't receive this IP.
I tried to disable the function Replace source address for port 25 in the firewall, but I still see the local IP as source address in the MTA logs.
Anyone has a solution?
I have a MTA server behind my Zentyal router/firewall. The MTA server is located in the LAN, and mail is received by a NAT rule that forwards port 25 to the MTA server.
I want to open this MTA as relay server for a specific host (WAN IP). The MTA only shows the IP of the firewall/zentyal server in the logs, therefore I can't open the relay to the remote IP, because it won't receive this IP.
I tried to disable the function Replace source address for port 25 in the firewall, but I still see the local IP as source address in the MTA logs.
Anyone has a solution?
7
Installation and Upgrades / Re: ARP corruption and network errors
« on: October 03, 2011, 04:03:13 pm »
My LAN DNS knows about host.domain.com, so it doesn't ask external DNS servers for this. It will redirect me to the LAN IP of the webserver.
so internal host.domain.com is redirected to 10.10.1.22.
Externel it's the WAN IP adres from the external name servers.
so internal host.domain.com is redirected to 10.10.1.22.
Externel it's the WAN IP adres from the external name servers.
8
Installation and Upgrades / Re: ARP corruption and network errors
« on: October 03, 2011, 04:00:15 pm »
Could it be related to my physical network adapter?
I have all adapters on the same hardware NIC. So the Zentyal external (WAN) network card and the internal (LAN) network card are connected to the samen NIC on the hardware. It should be OK since it's a virtual switch, right?
I have all adapters on the same hardware NIC. So the Zentyal external (WAN) network card and the internal (LAN) network card are connected to the samen NIC on the hardware. It should be OK since it's a virtual switch, right?
9
Installation and Upgrades / Re: ARP problems, LAN interface timeouts
« on: September 30, 2011, 09:11:00 am »
Can anyone help me with this?
10
Installation and Upgrades / Re: Nginx Reverse Proxy
« on: September 30, 2011, 09:09:26 am »
Hehe, I have a big server with virtualisation. So it's no problem to create a little nginx server.
My only problem with nginx is that it can't forward SSL without having the keys etc. This is anoying when I want to forward https requests to Zentyal for example. I work around this by using a different port in the firewall, and redirect it to Zentyal.
Yours,
Nomad - Check ICT
My only problem with nginx is that it can't forward SSL without having the keys etc. This is anoying when I want to forward https requests to Zentyal for example. I work around this by using a different port in the firewall, and redirect it to Zentyal.
Yours,
Nomad - Check ICT
11
Installation and Upgrades / ARP corruption and network errors
« on: September 29, 2011, 11:49:09 pm »
Hello,
I have a big server with alot of VM's. The gateway server is Zentyal 2.2 (also tried 2.0) and has 2 virtual network cards.
Both eth0 and eth1 are on the same physical network card of the virtual host server. eth0 is external (WAN) IP and eth1 is internal (LAN) IP.
Everything works great, but sometimes servers can't reach the network anymore (ping the zentyal gateway).
I resolve this every time by SSHing to the zentyal gateway, removing the ARP entries with arp -d and ping the server from the gateway. When the ping starts from zentyal to the server with network problems, a new ARP entry gets created. After the first ping reply, the server has network connection again.
So in short, how can I avoid ARP corruption? Why are my servers getting disconnected?
Here is my ARP situation when a server can't reach the network:
hostname.domain.nl ether 5e:19:32:fe:bd:fb C eth1
hostname.domain.nl ether 5e:19:32:fe:bd:fb C eth0
After delete + ping I get the same, but this time with ns. in front.
I added the hostname.domain.nl in my dns (created a zone and entered IP) so I can resolve domain names within the LAN network.
Can anyone help?
I have a big server with alot of VM's. The gateway server is Zentyal 2.2 (also tried 2.0) and has 2 virtual network cards.
Both eth0 and eth1 are on the same physical network card of the virtual host server. eth0 is external (WAN) IP and eth1 is internal (LAN) IP.
Everything works great, but sometimes servers can't reach the network anymore (ping the zentyal gateway).
I resolve this every time by SSHing to the zentyal gateway, removing the ARP entries with arp -d and ping the server from the gateway. When the ping starts from zentyal to the server with network problems, a new ARP entry gets created. After the first ping reply, the server has network connection again.
So in short, how can I avoid ARP corruption? Why are my servers getting disconnected?
Here is my ARP situation when a server can't reach the network:
hostname.domain.nl ether 5e:19:32:fe:bd:fb C eth1
hostname.domain.nl ether 5e:19:32:fe:bd:fb C eth0
After delete + ping I get the same, but this time with ns. in front.
I added the hostname.domain.nl in my dns (created a zone and entered IP) so I can resolve domain names within the LAN network.
Can anyone help?
12
Installation and Upgrades / Re: Nginx Reverse Proxy
« on: September 29, 2011, 11:38:24 pm »
Hi,
I just setup a extra virtual Ubuntu server and redirect all port 80 and 443 to the nginx reverse proxy.
From there I redirect it to my servers.
It's very easy to install. Just install a basic Ubuntu server, apt-get install nginx and create virtual hosts in the sites-enabled directory.
Here is a example config wich I created right after the apt-get install nginx:
/etc/nginx/sites-enabled/zarafa
server {
listen 80;
server_name webmail.check-ict.nl mail.check-ict.nl;
access_log /var/log/nginx/access_zarafa.log;
location / {
proxy_pass http://10.10.1.20/;
}
}
Yours,
Nomad - Check ICT
I just setup a extra virtual Ubuntu server and redirect all port 80 and 443 to the nginx reverse proxy.
From there I redirect it to my servers.
It's very easy to install. Just install a basic Ubuntu server, apt-get install nginx and create virtual hosts in the sites-enabled directory.
Here is a example config wich I created right after the apt-get install nginx:
/etc/nginx/sites-enabled/zarafa
server {
listen 80;
server_name webmail.check-ict.nl mail.check-ict.nl;
access_log /var/log/nginx/access_zarafa.log;
location / {
proxy_pass http://10.10.1.20/;
}
}
Yours,
Nomad - Check ICT
13
Installation and Upgrades / ARP problems, LAN interface timeouts
« on: August 25, 2011, 08:06:33 pm »
I have a simple Zentyal installation with 2 network cards (virtual).
Eth0 is for WAN
Eth1 is for LAN
Sometimes the LAN interface has a short timeout period. I tracked the problem down to a ARP command:
for arptable in `arp | grep "eth1" | cut -d " " -f1`; do arp -d $arptable; done
This command deletes the arp entries on eth1. If I run this, all LAN access is normal again.
How can I stop these sudden timeout moments?
Eth0 is for WAN
Eth1 is for LAN
Sometimes the LAN interface has a short timeout period. I tracked the problem down to a ARP command:
for arptable in `arp | grep "eth1" | cut -d " " -f1`; do arp -d $arptable; done
This command deletes the arp entries on eth1. If I run this, all LAN access is normal again.
How can I stop these sudden timeout moments?
14
Installation and Upgrades / Re: Remote web administration lost with WAN adapter
« on: July 15, 2011, 04:47:04 pm »
My mistake, I had a port forward for 443 defined to a different server.
Removing the port forward enabled the remote administration again.
Removing the port forward enabled the remote administration again.
15
Installation and Upgrades / Remote web administration lost with WAN adapter
« on: July 13, 2011, 10:08:54 pm »
I have a Zentyal server connected directly to the internet (datacenter). It is configured with 2 network adapters.
eth0: WAN - remote IP
eth1: LAN - Internal IP
I've set rules in the firewall packet filter for remote administration. The remote admin page should be visible to "any". Also I created a rule wich allows all services (any) to the Zentyal.
Even with these rules, the web page is not showing. I can SSH into the Zentyal and shutdown the firewall, then the admin page comes up again.
How can I enable the firewall and still be able to go to the remote administration web page?
eth0: WAN - remote IP
eth1: LAN - Internal IP
I've set rules in the firewall packet filter for remote administration. The remote admin page should be visible to "any". Also I created a rule wich allows all services (any) to the Zentyal.
Even with these rules, the web page is not showing. I can SSH into the Zentyal and shutdown the firewall, then the admin page comes up again.
How can I enable the firewall and still be able to go to the remote administration web page?
Pages: [1] 2