Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - martinique

Pages: [1]
A SSD running Zentyal suddenly died (this was the second one – never going to buy another OCZ), so I had to do a quick reinstall of Ubuntu, Zentyal and some additional software. Most services are already running, but once again I'm having trouble with DNS and/or File Sharing. I haven't slept for two days, as I need a working server today, so my brains are running a bit too slow to solve complex problems.

The initial module selection died screaming because Zarafa wasn't available for some reason (really dumb, BTW), but Zarafa can wait. Is it possible that this caused some malfunction or incomplete configuration?

I managed to install the necessary components through Software Management, but activating File Sharing fails, with zentyal.log saying:
Quote EBox::LDB::safeConnect - Could not connect to samba LDAP server: connect: No such file or directory, retrying. (300 attempts) EBox::LDB::safeConnect - FATAL: Could not connect to samba LDAP server: connect: No such file or directory

What file or directory is this? Should I reinstall something? Is some configuration missing?

When I reboot, DNS initially fails to start, but afterwards starts fine from Dashboard, although after that Samba error I can't even access DNS configuration until I disable File Sharing. DNS is configured with zentyal-domain.lan pointing to the server IP. Is this sufficient?

I read some forum posts indicating problems with DHCP so I switched to static IP, but it didn't seem to help.

Any help would be much appreciated.

I have the Jabber service up and running seemingly without problems, but users cannot find each other.

Users can connect fine, but when user1@domain tries to add user2@domain to his contact list, no authorization request is displayed, and ejabberd logs this ("domain" is a FQDN):

New s2s connection started
Trying to open s2s connection: domain -> user2 with TLS=true
s2s connection: domain -> user2 (remote server not found)
Reconnect delay expired: Will now retry to connect to user2 when needed.

It's as if ejabberd thinks the users are not on the same server, which makes no sense. Does the domain have to be somewhere else in Zentyal configuration for this to work? The one used is only meant for Jabber, so that we can point it to another server, if necessary.

S2S is disabled, and so is shared roster. We're using Pidgin as client. Zentyal runs behind NAT with the appropriate ports forwarded to it.

Edit: Each user's contact list is populated if shared roster is enabled, but we don't wish to use it, as our rather complicated grouping setup and multiple system accounts would confuse users.

Edit 2: After some digging the reason seems to be either a DNS issue or users who didn't RTFM. Marking as solved, since others got this working.

Not yet knowing about the new release, I did an apt-get upgrade remotely, eagerly waiting for bugfixes to certain packages. I was surprised to see some Kerberos stuff being installed and configured, but entered some dummy data and proceeded, thinking I could easily change it afterwards. Zentyal got really broken, just as promised in the announcement. ;D

I purged Zentyal packages and reinstalled. The setup got stuck at ("Current operation: Setting up zentyal-webserver (2.3.3) ..."), but that was solved with /etc/init.d/zentyal apache restart

User data remained in LDAP from the previous version, but now I can't delete users ("FATAL: Couldn't connect to synchronizer: /var/run/ldb") and trying to start the File Server module fails ("domain MYDOMAIN does not exist").

Here are the essential log bits for the above events:
2012/06/20 08:53:25 ERROR> EBox::LDB::safeConnect - Couldn't connect to LDB server ldapi://%2fvar%2flib%2fsamba%2fprivate%2fldapi, retrying
2012/06/20 08:53:30 DEBUG> EBox::LDB::safeConnect - FATAL: Couldn't connect to LDB server: ldapi://%2fvar%2flib%2fsamba%2fprivate%2fldapi
2012/06/20 08:53:30 ERROR> EBox::SambaLdapUser::__ANON__ - FATAL: Couldn't connect to LDB server: ldapi://%2fvar%2flib%2fsamba%2fprivate%2fldapi
2012/06/20 08:53:30 DEBUG> EBox::LDB::enableZentyalModule - Enabling Zentyal LDB module
2012/06/20 08:53:45 DEBUG> EBox::Sudo::_root - sudo commands: status 'zentyal.s4sync'
2012/06/20 08:53:45 ERROR> EBox::LDB::safeConnectSync - Couldn't connect to synchronizer /var/run/ldb, retrying
2012/06/20 08:53:50 DEBUG> EBox::LDB::safeConnectSync - FATAL: Couldn't connect to synchronizer: /var/run/ldb
2012/06/20 08:47:04 DEBUG> EBox::Samba::__ANON__ - domain MYDOMAIN does not exist.
2012/06/20 08:47:04 DEBUG> EBox::DNS::Model::DomainTable::_getDomainRow - domain MYDOMAIN does not exist.

Any idea what might have gone wrong?

I started testing Jabber on Zentyal 2.3, but Pidgin fails to log in, saying "Not authorized". This earlier (unsolved?) topic is identical:

I increased ejabberd logging level and found these lines in /var/log/ejabberd/ejabberd.log:
=INFO REPORT==== 2012-05-30 15:54:44 ===
D(<0.269.0>:eldap:696) : {searchRequest,

=INFO REPORT==== 2012-05-30 15:54:44 ===
D(<0.269.0>:eldap:767) : {searchResDone,

ejabberd connects (port 390) and binds with LDAP successfully, but it looks as if "userJabberAccount" object doesn't exist. On the other hand, looking at LDAP data using ldapsearch shows it's there, and Jabber is enabled for the user account.

Is the Jabber module still unfinished, or is this just a configuration issue?

I'm currently migrating some web applications running in an old eBox system to work with the latest Zentyal. PHP authenticates Zentyal users without any problems (just had to connect to port 390 instead of 389), but I'm having trouble with Apache.

This configuration in .htaccess works in the old box, but not in Zentyal 2.3:
Order deny,allow
Deny from All
AuthName "Protected area"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative  on
AuthLDAPUrl ldap://,dc=zentyal?uid
Require valid-user
Satisfy any

Apache error log reveals the following (critical part in bold):
[Tue May 08 14:09:21 2012] [debug] mod_authnz_ldap.c(1016): [2730] auth_ldap url parse: `ldap://,dc=zentyal?uid', Host:, Port: 390, DN: ou=Users,dc=zentyal, attrib: uid, scope: base, filter: (null), connection mode: not using SSL
[Tue May 08 14:09:21 2012] [debug] mod_authnz_ldap.c(403): [client] [2730] auth_ldap authenticate: using URL ldap://,dc=zentyal?uid
[Tue May 08 14:09:21 2012] [info] [client] [2730] auth_ldap authenticate: user username authentication failed; URI /path/ [ldap_search_ext_s() for user failed][No such object]
[Tue May 08 14:09:21 2012] [error] [client] user username not found: /path/

Any idea what I might be missing?

I thought someone would've noticed this by now, but searching the forums produced no results, so I feel obliged to ask:

Whenever a Jabber-enabled user is added or edited, eBox administration prompts to save changes. Saving restarts the Jabber module (and Firewall, IIRC), which consequently breaks all ongoing conference chats (we're mostly using Pidgin as client, if that matters). Otherwise Jabber clients don't seem much disturbed by the restart, but due to new users joining the network almost daily, it's quite a hassle reopening/unlocking dozens of chat rooms, re-inviting contacts etc. every time.

"Changes related to printing, file sharing and Jabber service do need to be saved in order to be effective." suggests that this is normal behaviour, but is there any way at all to avoid restarting Jabber (or whatever causes this)? I wouldn't mind tinkering with configuration files to get rid of this need for constant restarts which make me feel like I'm back on Win32 :P

By the way, as a small UI improvement I'd suggest a "Change all" button or handling changes with Ajax, since editing a user detail by detail, clicking Change, scrolling back down etc. feels quite 90's.

I came across another eGroupware headache in eBox 1.2. Looks like it's somewhat similar to the missing type casts I reported (and at least partially fixed) in this other thread:

When attempting a simple search in ProjectManager, it reports an error:

Code: [Select]
Database error

Invalid SQL: SELECT *,CASE WHEN link_app1='projectmanager' AND link_id1=CAST(pm_id AS VARCHAR) THEN link_app2 ELSE link_app1 END AS pe_app,CASE WHEN link_app1='projectmanager' AND link_id1=CAST(pm_id AS VARCHAR) THEN link_id2 ELSE link_id1 END AS pe_app_id,link_remark AS pe_remark FROM egw_pm_elements ,egw_links WHERE pe_id=link_id AND (pe_status IN ('new','regular') AND pm_id='22' AND (pm_id ILIKE '%P-2009%' OR pe_id ILIKE '%P-2009%' OR pe_title ILIKE '%P-2009%' OR pe_completion ILIKE '%P-2009%' OR pe_planned_time ILIKE '%P-2009%' OR pe_replanned_time ILIKE '%P-2009%' OR pe_used_time ILIKE '%P-2009%' OR pe_planned_budget ILIKE '%P-2009%' OR pe_used_budget ILIKE '%P-2009%' OR pe_overwrite ILIKE '%P-2009%' OR pl_id ILIKE '%P-2009%' OR pe_modifier ILIKE '%P-2009%' OR pe_status ILIKE '%P-2009%' OR pe_unitprice ILIKE '%P-2009%' OR cat_id ILIKE '%P-2009%' OR pe_share ILIKE '%P-2009%' OR pe_health ILIKE '%P-2009%' OR pe_resources ILIKE '%P-2009%' OR pe_details ILIKE '%P-2009%' OR pe_planned_quantity ILIKE '%P-2009%' OR pe_used_quantity ILIKE '%P-2009%')) ORDER BY (link_app1='projectmanager' AND link_app2='projectmanager') DESC,pe_modified DESC:
ERROR:  operator does not exist: integer ~~* unknown
LINE 1: IN ('new','regular') AND pm_id='22' AND (pm_id ILIKE '%P-...
HINT:  No operator matches the given name and argument type(s). You might need to add explicit type casts.

It should be easy to add the missing CAST required by PostgreSQL, but despite a bunch af greps I can't find a matching query anywhere in the code under /usr/share/egroupware. Does anyone know which file I'm supposed to edit to fix this?

I could live without the search function, but what's even worse is that someone suddenly noticed that a huge project with dozens of subprojects and lots of information has completely disappeared from the project list, while some others are still there. I haven't changed any configurations except for moving some people to other groups in eBox, but the missing project was marked as public so it shouldn't be a permission issue.

I installed phpPgAdmin to take a look at the egroupware database, and apparently all data is still there, but just not visible to anyone. Does someone have an idea what might have gone wrong and how to fix it? After all, it was my idea to start using eBox eGroupware for project management at work, and all these weird problems I fail to fix or even explain make me look like the village idiot. :-\

I decided to try out ebox-desktop on karmic (with eBox server 1.2), and it went quite well, although client-side setup wasn't quite as simple as documented ( I thought it'd only ask for my eBox server address, but additionally it wanted to know these details:

  • LDAP server Uniform Resource Identifier
  • Distinguished name of the search base
  • LDAP version to use
  • Make local root Database admin
  • Does the LDAP database require login

... and 1 or 2 more, IIRC. I was in a bit of a hurry so I'm not 100% sure if I entered the correct values for some of them, but afterwards logging in using eBox user accounts worked fine anyway, as did the automatic configuration for Pidgin and Firefox. However, a dpkg-reconfigure ebox-desktop only asks for the server address as documented. How do I reconfigure the rest, or do I even need to?

Then I tried to SSH the client computer using one of its local user accounts; Logging in works, but right after asking for a password it produces this error message: /bin/sh failed: exit code 1

I confirmed the behaviour on another client machine as well. It doesn't seem serious, though, because everything seems to work despite the error, but I'd sure like to know what causes it. SSH works without that error message when logging in with an eBox user account.

Also, is it safe to remove and/or reinstall the package without fears of messing up something?

Installation and Upgrades / eGroupware ProjectManager bug
« on: November 11, 2009, 02:59:25 pm »
When I try to add a subproject in ProjectManager (eBox 1.2), the subproject is incorrectly displayed as a mainproject. Sounds a lot like the bug described here:

I did a quick grep and found a line that looks like the one described, so apparently ebox-egroupware needs that fix. I could replace the "CHAR" with "VARCHAR" as described in the proposed fix, but then I'd be afraid to update eBox until it's permanently fixed.

The topic subject pretty much explains my problem. I decided to try out eGroupware in my eBox 1.2, which is otherwise working fine, but even after all the steps it requires (activating modules, setting virtual mail domain etc.) I cannot log in due to the error message about my session.

It definitely recognizes the user names I've tried, because a non-existent user produces "Bad login or password" instead.

I managed to log in into the setup portion, though, so obviously it's not completely broken. I changed nothing besides adding a new interface language, having read that changes might conflict with the default settings created by eBox. The official eGroupware documentation says:

Check IP address of all sessions: This security feature prevents sessions from being hijacked by verifying whether the session is emanating from the same IP. Does not work necessarily if the attacker is using the same network.
Switch this off if users are regularly thrown out randomly: "Your session could not be verified".

...but I've seen no setting like that anywhere, and the behaviour definitely isn't random. Any idea what might be wrong?

Edit: By the way, I disabled some of the default eGroupware applications (felamimail, emailadmin), because I don't need email support.

Now that I have eBox working fine, my next aim is to use the LDAP data in some PHP applications, and I believe I need some help from eBox developers or experienced users. Reading user data was easy:

Code: [Select]
header("Content-Type: text/plain");
if ($ldap=ldap_connect("localhost")) {
 print("LDAP connected\r\n");
 if (ldap_set_option($ldap,LDAP_OPT_PROTOCOL_VERSION,3)) {
  print("Using LDAP v3\r\n");
  if (ldap_bind($ldap,"uid=$user,ou=Users,dc=ebox",$pass)) {
   print("Bind successful\r\n");
   if ($result=ldap_search($ldap,"uid=$user,ou=Users,dc=ebox","uid=$user")) {
    print("Search result:\r\n");

I still need to figure out how to check if the user belongs to a particular group, because I believe the easiest way to control user permissions for external applications is to assign them to various groups in eBox. Unfortunately I couldn't see anything useful in the data found by the above script.

Do I need to connect to LDAP with admin privileges to access group information? And how is that data organized? Is there some related code in eBox itself that I should take a look at?

I've been a (mostly) happy eBox user for a couple of weeks now. Because I don't use it to run anything too critical yet (just a PDC with a couple of shares and Jabber), I decided to go for the alpha CD (1.1.10) to get to test the latest features while eagerly waiting for 1.2. It has worked fine for the most part, but I've run into some hiccups with User Corner and password management. In addition to hours of googling I browsed through the documentation, release notes and existing forum topics, but without finding anything helpful.

Originally I set User Corner port to 8000, because I'm planning to run another service in 8888, but after finding out about ebox-desktop, which I want to try on our Ubuntu workstations, I decided to go back to 8888, since that's the default port for auto-created Firefox bookmarks in ebox-desktop. Surprisingly I'm unable to change it back, because eBox slaps me in the face with this weird error message:

A really nasty bug has occurred

Can't locate object method "valueByName" via package "serv1025" (perhaps you forgot to load "serv1025"?)

Can't locate object method "valueByName" via package "serv1025" (perhaps you forgot to load "serv1025"?) at /usr/share/perl5/EBox/Services/Model/ line 220.

Surely I'd load "serv1025" if I knew what us humans call it. I was even more surprised when I realized I was able to change it into any other but the original 8888. I don't know if this is related, but updating or restarting eBox from shell vomits dozens of this error message:

** (gconftool-2:xxxxx): WARNING **: Owner of /tmp/orbit-ebox-usercorner is not the current user

...and a couple of these:

WARNING **: Failed to send buffer at /usr/share/perl5/EBox/ line 493.

Another issue is with Samba passwords; Windows users can successfully change their passwords using Ctrl+Alt+Del, but for some reason changing one's password through User Corner doesn't seem to affect Samba passwords, and our Ubuntu users only have that choice, so it effectively prevents them from getting rid of their default passwords for the shares. None of the Windows users are on Jabber yet, so I don't know if their password problem is the opposite. The point of installing eBox was to have a single, easily changeable password for each user (and have it on LDAP so our other servers can access user info if needed), so I hope this lack of password synchronization is a bug and not a feature.

Lastly, yesterday we hit a situation where some Windows users couldn't log on to the domain run by eBox, and looks like it was only those who hadn't changed their default passwords. I reset their passwords through the admin interface, after which the problem was gone. Despite my deathmatch against eBox to solve or at least analyze the aforementioned issues, I don't believe I did anything radical enough to kill certain passwords like that, so I'm assuming the culprit was the 1.1.30 update, which I installed around the same time. No way to tell for sure, though, since I couldn't find anything relevant in log files.

If anyone else has come across similar issues, I'd like to hear about it. I know my way around shell environment, so if some quick and dirty fixes exist, please let me know.

Here's some basic info about my eBox setup:
eBox version 1.1.30~svn14056 (running as PDC safely behind NAT)
Active modules: Network, Antivirus, events, Monitor, ntp, users and groups, jabber, file sharing, User Corner (tried Firewall too, but didn't really need it, so it's disabled)

Pages: [1]