Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - gdavidvlk

Pages: [1]
1
I already saw some post dealing with this issue, but it was without any reply from the community :|
So I post it again, hoping somebody found the solution.
The issue is this: you can NOT delete or modify (you can create new) files created in roaming profiles directories (i.e.  Desktop or Documents) when accessing from XP machines others than the one you used to logon for the very first time after your user was created in ebox server.
Only that particular machine (the one that firstly created the user directories in ebox /samba/profiles at user logoff time) can modify or delete the user's files.

Does anybody issued the same?
Can please developers point me in the right direction to investigate?

Thanks!
g

P.S. Here my updates

# apt-cache policy ebox
ebox:
  Installed: 2.0.3
  Candidate: 2.0.3
  Version table:
 *** 2.0.3 0
        500 http://ppa.launchpad.net/zentyal/2.0/ubuntu/ lucid/main Packages
        100 /var/lib/dpkg/status
     1.5-0ubuntu1 0
        500 http://it.archive.ubuntu.com/ubuntu/ lucid/universe Packages

# apt-cache policy samba
samba:
  Installed: 2:3.4.9-0ubuntu1
  Candidate: 2:3.4.9-0ubuntu1
  Version table:
 *** 2:3.4.9-0ubuntu1 0
        500 http://ppa.launchpad.net/zentyal/2.0/ubuntu/ lucid/main Packages
        100 /var/lib/dpkg/status
     2:3.4.7~dfsg-1ubuntu3.2 0
        500 http://it.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
        500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
     2:3.4.7~dfsg-1ubuntu3 0
        500 http://it.archive.ubuntu.com/ubuntu/ lucid/main Packages


_____________________________

Update

Some little steps beyond.
Everything seems to work fine if I don't use a particular machine (the one i mentioned as the only good-one).
It seems that something go broken if that particular "sick" WinXP machine access and modifiy files and then logoff.  From that moment on, the modified files can be deleted or furthermore modified ONLY from that machine.

Using "non-sick" machines produces no problem and the profiles are correcty sync to the server.
I have no idea on what can be on "sick" machines. I'm performing windows updates trying to solve the problem.
Any help is aprecieted.
g

2
Thanks for quick reply. I'll try as soon as possible. The important thing is not to recreate now all the users (I can modify ldap entries one by one at this time) but the modification tou suggest will be able to put that value for new created users from now on.

Regards
Giuliano

3
OK, it seems is it a very problematic issu to solve, so I abandoned the idea to use samba PDC to have roaming profiles for linux clients.
Instead, I used ldap to authenticate them, and NFS to mount homes directory in clients filesystem.
It works.
You have to manually install NFS server on your eBox, and then share the dir /home/samba/users with your local network. On the client side, you have to add that share in your /etc/fstab after create a local /home/samba/users empty dir where to mount that share.
Also, you have to open the ldap and NFS required ports on the eBox firewall (Local Network to eBox rules section)
Only one thing is left to do. Modify the ldap schema so that when adding new users to the domain, the field relative to the user's shell is /bin/bash and NOT /bin/false, otherwise you can not login from clients  (the message "Administrator disabled this account" appears)
Any idea on how to do this?

4
Hi everybody. I'm experiencing eBox PDC for my mixed Win/Linux network.
My PDC was set up with the few steps required by the eBox web interface. The windows clients can be easily added to the the domain, domain users can login from Windows machines and they store their profiles in a directory on the server ( /home/samba/users/{username} ). Great!

Problems arise when dealing with linux clients. I'm using Ubuntu 8.10 desktop installations.

After MANY troubles, I succeded to authenticate users from linux clients to eBox PDC via ldap

Now I'm struggling to have roaming profiles also with these linux clients, but ldap server (eBox) returns "/home/samba/users/{username}" as home dir for the domain user, and obviously no such path exists on client filesystem ...

Maybe I'm completely in the wrong direction. There is someone who can help me to better understand how this stuff works?
Many thanks
g

5
Installation and Upgrades / Re: Firewall and passive ports
« on: April 22, 2009, 08:10:09 pm »
Ok. It works modifying nf_conntrack_ftp options. Was a mistake of mine in passing ports options.
Now the firewall is open only on port 4559 (no passive ports) and the realetd ports are opened at the occurence.

Resuming the steps for people who don't have time to spend:
- Access as root to your eBox machine:
- Unload the nf_conntrack_ftp module by typing: 'modprobe -r nf_conntrack_ftp'
- Modify your /etc/modprobe.d/options file adding the line: "options nf_conntrack_ftp ports=21,4559"
- Save the modified file
- Reload the module by typing 'modprobe nf_conntrack_ftp' (now it will be loaded forcing the port 21 and 4559)

Enjoy your eBox Platform and Hylafax!
(ThanX so much to Javi to point and mantain me in the right direction)


g

6
Installation and Upgrades / Re: Firewall and passive ports
« on: April 22, 2009, 05:29:57 pm »
Thanks for quick reply.
Yes, this is a good suggestion, and I already found a similar hint, but it was for ip_conntrack_ftp module. I looked the output of my lsmod, but only found nf_conntrack_ftp. Tried nf_conntrack_ftp ports=21,4559 but with no success.
Your suggestion is to force another module, so now I'll try.
I'll give you back the result ...

7
Installation and Upgrades / [SOLVED] - Firewall and passive ports
« on: April 22, 2009, 04:32:30 pm »
I'm really fanatic about e-box, but some times I have to fight with colleagues to put this tool in a real production environment.
One of this fight is about FTP and Hylafax server we have behind eBox Firewall.
The problem is, as obvious, in dealing passive ports. In many FTP servers you can specify passive ports range, so you can limit your "hole" and open that port in eBox firewall. Not pretty elegant but it works.
The real problem arises dealing with Hylafax server. Hylafax daemon applies actual rfc for FTP transactions, so upon a specified TCP port (you can set it) for communication, the server opens a second port for data connection. This new port is (as rfc says) a random one >1024.
Hylafax gives no way to limit the passive port range. The solution, as developers say, is to implement the state "Related" for the firewall rule of the hylafax communication port.
Now, the question to eBox team or anyone can help: how can I set passive port forwarding in eBox? In other words, if I allow tcp port 4559 trafic, how can i say to eBox firewall to let pass the trafic on any other port related to transactions made upon port 4559?

May can help any success story of FTP server with passive port management behind eBox.
Many thanX to anyone will put me in the right direction ...

g

Pages: [1]