Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - denis.robel

Pages: [1] 2 3
1
Installation and Upgrades / Re: firewall drop all from internal to ppp0
« on: January 06, 2022, 10:39:27 am »
Hallo,

I fount the reason for that problem:
Zentyal Virtualization Manager takes some influence to the firewall....

When I deactivate it then everything works well. I made no changes on the firewall settings.

That's very ugly.  >:(

Can anybody of Zentyal Dev team check this behaviour?

By the way it's very quiet here for a few weeks.Is Zentyal still alive?

2
Installation and Upgrades / Re: firewall drop all from internal to ppp0
« on: January 04, 2022, 04:39:33 pm »
Hallo and a happy new year at first...

my problem is still existing:
Code: [Select]
Jan  4 16:31:35 zentyal2 kernel: [111189.117911] zentyal-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:80:e8:2c:75:fb:66:08:00 SRC=192.168.1.115 DST=255.255.255.255 LEN=36 TOS=0x00 PREC=0x00 TTL=128 ID=21928 PROTO=UDP SPT=63887 DPT=3956 LEN=16
Jan  4 16:31:36 zentyal2 kernel: [111189.769917] zentyal-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:80:e8:2c:75:fb:66:08:00 SRC=192.168.1.115 DST=255.255.255.255 LEN=36 TOS=0x00 PREC=0x00 TTL=128 ID=21929 PROTO=UDP SPT=63888 DPT=3956 LEN=16
Jan  4 16:31:37 zentyal2 kernel: [111191.143295] zentyal-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:80:e8:2c:75:fb:66:08:00 SRC=192.168.1.115 DST=255.255.255.255 LEN=36 TOS=0x00 PREC=0x00 TTL=128 ID=21930 PROTO=UDP SPT=63887 DPT=3956 LEN=16
Jan  4 16:31:39 zentyal2 kernel: [111193.173649] zentyal-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:80:e8:2c:75:fb:66:08:00 SRC=192.168.1.115 DST=255.255.255.255 LEN=36 TOS=0x00 PREC=0x00 TTL=128 ID=21932 PROTO=UDP SPT=63887 DPT=3956 LEN=16
Jan  4 16:31:40 zentyal2 kernel: [111193.830152] zentyal-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:80:e8:2c:75:fb:66:08:00 SRC=192.168.1.115 DST=255.255.255.255 LEN=36 TOS=0x00 PREC=0x00 TTL=128 ID=21933 PROTO=UDP SPT=63888 DPT=3956 LEN=16
Jan  4 16:31:41 zentyal2 kernel: [111195.203753] zentyal-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:80:e8:2c:75:fb:66:08:00 SRC=192.168.1.115 DST=255.255.255.255 LEN=36 TOS=0x00 PREC=0x00 TTL=128 ID=21934 PROTO=UDP SPT=63887 DPT=3956 LEN=16

How can I fix this issue?

my network configuration is

internal network <-> eth1 <-> zentyal <-> eth0 <-> eth0.7 <->ppp0 <-> internet

Network access from Zentyal is working fine but from internal network packages are dropped by firewall.

I have firewall rules for internal network to external but it seems that the rules are not working.

3
Installation and Upgrades / firewall drop all from internal to ppp0
« on: September 23, 2021, 12:51:22 pm »
Hallo,

the firewall is droping all connections from local network to ppp0.
I created a vlan network device eth0.7 manually.

This device I configured as pppoe and mkred it as WAN device.
I can look http/https over proxy from all clients but when I want to go outside from a client directly for the firewall is dropping the connection, like sending emails from local client...

I created a general rule for internal to external networḱs for al services yet but it seems that this rule has no effect.

Is it possible that the external mark of ppp0 device has no effect?

Edit: I'm on the latest Z7.0 community edition

4
Installation and Upgrades / Re: can't log in Webadmin
« on: June 07, 2021, 02:41:25 pm »
Hallo Daniel

* Was the Zentyal server 7.0 upgraded from 6.2?

yes


* Which 'domains' do you have enabled in the log module?

- Konfigurationsänderungen, Andministarionssitzung   
- E-Mail   
- Samba-Zugriff   
- DHCP   
- Firewall   
- SMTP-Filter   
- VPN   
- HTTP-Proxy   


* Which version of the Zentyal modules are you using (dpkg -l | grep 'zentyal' )?
 dpkg -l | grep 'zentyal'
ii  language-pack-zentyal-de               7.0                                                                all          Zentyal translations for language German
ii  zentyal                                7.0.0ubuntu1                                                       all          Zentyal - Core metapackage
ii  zentyal-antivirus                      7.0.1                                                              all          Zentyal - Antivirus
ii  zentyal-ca                             7.0.1                                                              all          Zentyal - Certification Authority
ii  zentyal-core                           7.0.4                                                              all          Zentyal - Core
ii  zentyal-dhcp                           7.0.2                                                              all          Zentyal - DHCP Server
ii  zentyal-dns                            7.0.2                                                              all          Zentyal - DNS Server
ii  zentyal-firewall                       7.0.0                                                              all          Zentyal - Firewall
ii  zentyal-groupware                      7.0.0ubuntu1                                                       all          Zentyal - Mail and Groupware
ii  zentyal-jabber                         7.0.0                                                              all          Zentyal - Jabber
ii  zentyal-mail                           7.0.1                                                              all          Zentyal - Mail
ii  zentyal-mailfilter                     7.0.0                                                              all          Zentyal - Mail Filter
ii  zentyal-network                        7.0.0                                                              all          Zentyal - Network Configuration
ii  zentyal-ntp                            7.0.0                                                              all          Zentyal - NTP Service
ii  zentyal-openvpn                        7.0.0                                                              all          Zentyal - VPN
rc  zentyal-radius                         6.0.1                                                              all          Zentyal - RADIUS
ii  zentyal-samba                          7.0.1                                                              all          Zentyal - Domain Controller and File Sharing
ii  zentyal-software                       7.0.0                                                              all          Zentyal - Software Management
ii  zentyal-sogo                           7.0.0                                                              all          Zentyal - Web Mail
ii  zentyal-squid                          7.0.2                                                              all          Zentyal - HTTP Proxy



* Can you attach me the following log files? We would like to analyze those log files in order to see any trace that help us to identify the issue.
   * /var/log/zentyal/zentyal.log
   * /var/log/zentyal/error.log
   * /var/log/zentyal/uwsgi.log
   * /var/log/syslog
   * /var/log/mysql/error.log

5
Installation and Upgrades / can't log in Webadmin
« on: May 21, 2021, 05:08:28 pm »
Hallo,

ich following problem:I can't login into the web admin gui.

<code>
Error inserting data: INSERT INTO audit_sessions ( `username`, `event`, `ip`, `timestamp`) VALUES ( ?, ?, ?, ?)
 
Values: $VAR1 = [
          'administrator',
          'fail',
          1574024078,
          '2021-5-21 17:4:38'
        ];

 at /usr/share/perl5/EBox/MyDBEngine.pm line 289
</code>

What can I do to fix the problem?

6
Hallo,

here the solution for the problem and I modified the config in that way that conversations is usable as a client with file upload etc...

It would be great if somebody could upgrade the ejabberd for zentyal ....

Code: [Select]
#### This config file is generated by Zentyal.
#### Any modifcation will be resetted by restart of Zentyal Server !!!
#### To configure modify /usr/share/zentyal/stubs/jabber/ejabberd.yml.mas instead
####
#### This config was created by Denis Robel for Ejabberd 20.0.4
####
######################################################################################

hosts:
  - "dmt1.nsupdate.info"


loglevel: 4
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100

certfiles:
#  - "/opt/ejabberd/conf/server.pem"
  - "/etc/letsencrypt/live/dmt1.nsupdate.info/fullchain.pem"
  - "/etc/letsencrypt/live/dmt1.nsupdate.info/privkey.pem"

#ca_file: "/opt/ejabberd/conf/cacert.pem"
ca_file: "/opt/ejabberd/conf/ejabberd.pem"

auth_method: ldap
ldap_servers:
  - "127.0.0.1"
ldap_port: 389
#ldap_encrypt: tls
ldap_rootdn: "CN=zentyal-jabber-zentyal2,CN=Users,DC=dantschke,DC=org"
ldap_password: "++++++++++++++++++++++++++"
ldap_base: "DC=dantschke,DC=org"
ldap_uids: [jabberUid]
#  "jabberUid": "%u"
ldap_filter: "(&(objectclass=User)(jabberUid=*))"


listen:
  -
    port: 5222
    ip: "0.0.0.0"
    module: ejabberd_c2s
    starttls: true
    certfile: "/opt/ejabberd/conf/ejabberd.pem"
    tls_compression: false
    dhfile: "/opt/ejabberd/conf/dh4096.pem"

    starttls_required: true
    max_stanza_size: 262144
    shaper: c2s_shaper
    access: c2s

  -
    port: 5269
    ip: "0.0.0.0"
    module: ejabberd_s2s_in
    max_stanza_size: 524288

  -
    port: 3478
    ip: "192.168.1.1"
    transport: udp
    module: ejabberd_stun
    use_turn: true
    turn_ip: "192.168.1.1"
    ## The server's public IPv4 address:
    # turn_ipv4_address: "203.0.113.3"
    ## The server's public IPv6 address:
    # turn_ipv6_address: "2001:db8::3"

  -
    port: 5443
    ip: "::"
    module: ejabberd_http
    tls: true
    request_handlers:
      "/admin": ejabberd_web_admin
      "/api": mod_http_api
      "/bosh": mod_bosh
      "/captcha": ejabberd_captcha
      "/upload": mod_http_upload
      "/ws": ejabberd_http_ws
      "/oauth": ejabberd_oauth


  -
    port: 5280
    ip: "::"
    module: ejabberd_http
    request_handlers:
      "/admin": ejabberd_web_admin
  -
    port: 1883
    ip: "::"
    module: mod_mqtt
    backlog: 1000


s2s_use_starttls: optional

acl:
  local:
    user_regexp: ""
  loopback:
    ip:
      - 127.0.0.0/8
      - ::1/128
      - ::FFFF:127.0.0.1/128
  admin:
    user:
      - "robel": "dmt1.nsupdate.info"
      - "domainadmin": "dmt1.nsupdate.info"

access_rules:
  local:
    allow: local
  c2s:
    deny: blocked
    allow: all
  announce:
    allow: admin
  configure:
    allow: admin
  muc_create:
    allow: local
  pubsub_createnode:
    allow: local
  trusted_network:
    allow: loopback

api_permissions:
  "console commands":
    from:
      - ejabberd_ctl
    who: all
    what: "*"
  "admin access":
    who:
      access:
        allow:
          acl: loopback
          acl: admin
      oauth:
        scope: "ejabberd:admin"
        access:
          allow:
            acl: loopback
            acl: admin
    what:
      - "*"
      - "!stop"
      - "!start"
  "public commands":
    who:
      ip: 127.0.0.1/8
    what:
      - status
      - connected_users_number

shaper:
  normal: 1000
  fast: 50000

shaper_rules:
  max_user_sessions: 10
  max_user_offline_messages:
    5000: admin
    100: all
  c2s_shaper:
    none: admin
    normal: all
  s2s_shaper: fast

max_fsm_queue: 10000

acme:
   contact: "mailto:d.robel@dantschke-med.de"
   ca_url: "https://acme-v01.api.letsencrypt.org"


language: "de"

modules:
  mod_adhoc: {}
  mod_admin_extra: {}
  mod_announce:
    access: announce
  mod_avatar: {}
  mod_caps: {}
  mod_carboncopy: {}
  mod_configure: {}
  mod_client_state: {}
  mod_blocking: {}
  mod_disco:
   server_info:
    -
      modules: all
      name: "abuse-addresses"
      urls:
        - "mailto:info@dantschke-med.de"
    -
      modules: all
      name: "support-addresses"
      urls:
        - "mailto:info@dantschke-med.de"
    -
      modules: all
      name: "admin-addresses"
      urls:
        - "mailto:info@dantschke-med.de"
  mod_http_upload: {}
  mod_last: {}
  mod_mam: {}
  mod_mqtt: {}
  mod_muc:
    host: "conference.@HOST@"
    access:
      - allow
    access_admin:
      - allow: admin
    access_create: muc_create
    access_persistent: muc_create
    access_mam:
      - allow
    default_room_options:
      allow_subscription: true  # enable MucSub
      mam: true
      persistent: true
      public: false
      public_list: false
  mod_muc_admin: {}
  mod_offline:
    access_max_user_messages: max_user_offline_messages
  mod_ping: {}
  mod_privacy: {}
  mod_pres_counter:
    count: 5
    interval: 60
  mod_private: {}
  mod_proxy65:
    access: local
    max_connections: 5
  mod_pubsub:
    access_createnode: pubsub_createnode
    ignore_pep_from_offline: true
    last_item_cache: false
    plugins:
      - flat
      - hometree
      - pep
    force_node_config:
      ## Avoid buggy clients to make their bookmarks public
      storage:bookmarks:
        access_model: whitelist
  mod_push: {}
  mod_push_keepalive: {}
  mod_register:
    ## Only accept registration requests from the "trusted"
    ## network (see access_rules section above).
    ## Think twice before enabling registration from any
    ## address. See the Jabber SPAM Manifesto for details:
    ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
    ip_access: trusted_network
  mod_roster:
    versioning: true
  mod_s2s_dialback: {}
  mod_shared_roster_ldap:
    ldap_rfilter: "(&(objectClass=user)(!(isCriticalSystemObject=*)))"
    ldap_ufilter: "(&(objectClass=userJabberAccount)(distinguishedName=%u))"
    ldap_groupattr: "cn"
    ldap_groupdesc: "cn"
    ldap_memberattr: "sAMAccountName"
    ldap_useruid: "jabberUid"
    ldap_userdesc: "sAMAccountName"
  mod_sic: {}
  mod_stats: {}
  mod_stream_mgmt:
    resend_on_timeout: if_offline
  mod_stun_disco: {}
  mod_time: {}
  mod_vcard:
    db_type: ldap
    search: true
    allow_return_all: true
    ldap_vcard_map:
      "NICKNAME": {"%u": []}
      "FIRST": {"%s": ["givenName"]}
      "LAST": {"%s": ["sn"]}
      "FN": {"%s, %s": ["sn", "givenName"]}
      "EMAIL": {"%s": ["mail"]}
      "ORGNAME": {"%s": ["company"]}
      "ORGUNIT": {"%s": ["department"]}
      "CTRY": {"%s": ["c"]}
      "LOCALITY": {"%s": ["l"]}
      "STREET": {"%s": ["streetAddress"]}
      "REGION": {"%s": ["st"]}
      "PCODE": {"%s": ["postalCode"]}
      "TITLE": {"%s": ["title"]}
      "URL": {"%s": ["wWWHomePage"]}
      "DESC": {"%s": ["description"]}
      "TEL/CELL": {"%s": ["mobile"]}
      "TEL/NUMBER": {"%s": ["telephoneNumber"]}
    ## Search form
    ldap_search_fields:
      "User": "%u"
      "Name": "givenName"
      "Family Name": "sn"
      "Email": "mail"
      "Company": "company"
      "Department": "department"
      "Role": "title"
      "Description": "description"
      "Phone": "telephoneNumber"
    ## vCard fields to be reported
    ## Note that JID is always returned with search results
    ldap_search_reported:
      "Full Name": "FN"
      "Nickname": "NICKNAME"
      "Email": "EMAIL"
  mod_vcard_xupdate: {} 

  mod_version: {}


best regards

Denis

7
Hallo,

I upgraded ejebberd manually to 20.04 now the ldap authentication does not work anymore.

old code
Code: [Select]
auth_method: ldap
ldap_servers:
  - "127.0.0.1"
ldap_port: 389
ldap_rootdn: "CN=zentyal-jabber-zentyal2,CN=Users,DC=dantschke,DC=org"
ldap_password: "-----------------------------"
ldap_base: "DC=dantschke,DC=org"
ldap_uids:
  - "jabberUid": "%u"

Startup ends with error:
2020-06-19 15:19:18.343 [critical] <0.107.0>@ejabberd_app:start:71 Failed to start ejabberd application: Invalid value of option ldap_uids: Expected map, got list instead

I'm not so familar with ldap but I thing ther should be an ldap filter in config, something like that:

Code: [Select]
auth_method: [ldap]
ldap_servers: [office.org]  # List of LDAP servers
ldap_base: "DC=office,DC=org" # Search base of LDAP directory
ldap_rootdn: "CN=Administrator,CN=Users,DC=office,DC=org" # LDAP manager
ldap_password: "*******" # Password to LDAP manager
ldap_uids: [sAMAccountName]
ldap_filter: "(memberOf=*)"

The ejabberd.yml.mas should be modified that it will working again with ejabberd 20.04.

see https://docs.ejabberd.im/admin/configuration/database-ldap/#ldap-authentication

Some help would be appreciated...

best regards Denis

8
Installation and Upgrades / Re: PPPOE via VLAN German Telekom
« on: June 17, 2020, 02:53:18 pm »
Hallo DonCamillo,

thank you for your response.

:)

Did you check how the Zentyal Network module  configures the '/etc/network/interfaces' file after configuring through webadmin? Did you check the firewall?  eth0 is an external interface?


in /etc/interfaces eth0 is not configured:
Code: [Select]
auto zentyal-ppp-eth0.7
iface zentyal-ppp-eth0.7 inet ppp
      pre-up /sbin/ifconfig eth0.7 up
      post-down /sbin/ifconfig eth0.7 down
      provider zentyal-ppp-eth0.7
      offload-gro off
      offload-gso off
      offload-tso off


iface eth1 inet static
      address 192.168.1.1
      netmask 255.255.255.0
      broadcast 192.168.1.255
      offload-gro off
      offload-gso off
      offload-tso off


auto zentyal-ppp-vlan7
iface zentyal-ppp-vlan7 inet ppp
vlan-raw-device eth0
      pre-up /sbin/ifconfig vlan7 up
      post-down /sbin/ifconfig vlan7 down
      provider zentyal-ppp-vlan7
      offload-gro off
      offload-gso off
      offload-tso off

An yes eth0 is physically my external interface.

The interface vlan7 was created by zentyal but with vlan7 I'm not able to connect via pppd. The device eth0.7 I created manually as described.
My problem is that I don't know where I have to start with scripting to change all from vlan7 to eth0.7 . I don't want to hardcode all in interface.mas.

The big difference is the naming of the virtual netowrk devices vlanxx vs. eth0.xx and the way how they will be created:

zentyal: config

manually I used iplink ...

I expect that the magic is done here: /etc/network/if-pre-up.d/vlan



   

9
Installation and Upgrades / PPPOE via VLAN German Telekom
« on: June 10, 2020, 09:40:08 am »
Hallo,

I have some trouble to use ppp via VLAN. For German Telekom I need valn id 7

I configured following scenario:

1. For Network Interfaces eth0 I use method virtual lan and I add VLAN ID 7 --> I've got a new network interface VLAN7
2. For interface VLAN7 I use method PPPOE and I put username and password in the fields

The result is I cant get any connection...

When I configure all manually
Code: [Select]
ip link add link eth0 name eth0.7 type vlan id 7

pppoeconf eth0.7

pon dsl-provider

route add default ppp0

all is working well. So there the problem must be on Zentyal side.

The result is that on every restart I have to edit the config manually.

I'm running Zentyal 6.1.4.

Help is much appreciated.


10
German / Re: VPN Zentyal 6 kein Zugriff
« on: May 15, 2020, 12:06:30 pm »
Falls es jemanden interessiert,

das Problem liegt daran, das in der Datei /etc/ssl/openssl.cnf
Für die Zertifikate eine Laufzeit angegeben ist, die nicht mit der Laufzeit der Zertifikate der Zertifizierungsstelle korrespondieren.
Sprich, das Server Zertifikat für den VPN Server muss erneuert werden, obwohl es in der Zertifizierungsstelle noch gültig ist.

11
German / PPPOE über VLAN Deutsche Telekom
« on: May 15, 2020, 10:59:20 am »
Hallo,

ich habe ein Problem mit der Einwahl über PPPOE. Der Provider ist die deutsche Telekom.
Es ist bekannt, dass zwischen der Netzwerkkarte und dem DSL Modem ein Vlan mit der ID 7 bestehen muss.

Wenn ich das Device händisch einrichte klappt das:
Code: [Select]
vconfig add eth0 7


Dann sehe ich unter Schnittstellen das Device eth0.7 kann dann PPPOE auswählen und die Zugangsdaten einstellen.
Ich muss die Verbindung dann starten mit:
Code: [Select]
pon /etc/ppp/peers/zentyal-ppp-eth0.7

und anschließend muss ich die default route auf ppp0 setzen

Gibt es hier jemanden , der das alles mit zentyaleigenen Mitteln erledigt hat?

Unter Zentyal wird ein device VLAN7 angelegt wenn ich bei eth0 ein virtuelles Netzwerk mit der ID 7 einrichte.
Dann kann ich auch die Zugangsdaten eingebne, aber dann gehts nicht weiter, da die Schnittstelle VLAN7 nicht angelegt wird. ipconfig zeigt die nicht an.

Über Tipps zur Lösung wäre ich dankbar.

VG Denis

12
German / VPN Zentyal 6 kein Zugriff
« on: September 13, 2019, 02:50:34 pm »
Hallo,

ich habe auf einem frischen Z6.0 das VPN aufgesetzt.
Ich bekomme von keinem Client aus eine Verbindung.

Log vom Client endet mit:
Fri Sep 13 14:46:58 2019 UDP link local: (not bound)
Fri Sep 13 14:46:58 2019 UDP link remote: [AF_INET]MEINE_IP:1194
Fri Sep 13 14:46:58 2019 MANAGEMENT: >STATE:1568378818,WAIT,,,,,,

Es sieht aus, als ob die Firewall des Servers alles blockt. Ich habe den Port auf dem der VPN server lauscht aber frei gegeben...
Hat sich gegenüber Z5 hier etwas verändert, denn mit einem Z5 Server läuft das Setup...
Gibt's hier jemanden, der mir ein paar Hinweise geben kann?

Viele Grüße aus Leipzig

 Denis

13
Installation and Upgrades / direct migration from z 3.5.9 to 5.0.10 ?
« on: February 14, 2018, 08:40:54 am »
Hallo,

I have to migrate a Zentyal server 3.5.9 to the actual 5.0.10
It's working as stand alone DC with full infrastructure (DHCP, DNS, SAMBA, VPN, mail, mailfilter, sogo, firewall).

Is there any procedure to migrate directly or partly the users groups etc? Any hints would be appreciate.

with best regards

Denis

14
Installation and Upgrades / Re: Proxy HTTP on Zentyal 4.1
« on: July 08, 2015, 09:47:37 am »
Dear Julio,

thx a lot for this information, it's working well


 :D :D :D

15
Installation and Upgrades / Re: Proxy HTTP on Zentyal 4.1
« on: June 26, 2015, 09:58:41 am »
Hallo,

are there any news about that?

I tried to build this module as described in the tutorial. It built without any error but I was not able to install it.

So please claudemir can you tell us how you create this module for Zentyal 4.1.1 ?

with warm regards

Denis

Pages: [1] 2 3