Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - denis.robel

Pages: [1] 2 3
Installation and Upgrades / Re: firewall drop all from internal to ppp0
« on: January 06, 2022, 10:39:27 am »

I fount the reason for that problem:
Zentyal Virtualization Manager takes some influence to the firewall....

When I deactivate it then everything works well. I made no changes on the firewall settings.

That's very ugly.  >:(

Can anybody of Zentyal Dev team check this behaviour?

By the way it's very quiet here for a few weeks.Is Zentyal still alive?

Installation and Upgrades / Re: firewall drop all from internal to ppp0
« on: January 04, 2022, 04:39:33 pm »
Hallo and a happy new year at first...

my problem is still existing:
Code: [Select]
Jan  4 16:31:35 zentyal2 kernel: [111189.117911] zentyal-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:80:e8:2c:75:fb:66:08:00 SRC= DST= LEN=36 TOS=0x00 PREC=0x00 TTL=128 ID=21928 PROTO=UDP SPT=63887 DPT=3956 LEN=16
Jan  4 16:31:36 zentyal2 kernel: [111189.769917] zentyal-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:80:e8:2c:75:fb:66:08:00 SRC= DST= LEN=36 TOS=0x00 PREC=0x00 TTL=128 ID=21929 PROTO=UDP SPT=63888 DPT=3956 LEN=16
Jan  4 16:31:37 zentyal2 kernel: [111191.143295] zentyal-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:80:e8:2c:75:fb:66:08:00 SRC= DST= LEN=36 TOS=0x00 PREC=0x00 TTL=128 ID=21930 PROTO=UDP SPT=63887 DPT=3956 LEN=16
Jan  4 16:31:39 zentyal2 kernel: [111193.173649] zentyal-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:80:e8:2c:75:fb:66:08:00 SRC= DST= LEN=36 TOS=0x00 PREC=0x00 TTL=128 ID=21932 PROTO=UDP SPT=63887 DPT=3956 LEN=16
Jan  4 16:31:40 zentyal2 kernel: [111193.830152] zentyal-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:80:e8:2c:75:fb:66:08:00 SRC= DST= LEN=36 TOS=0x00 PREC=0x00 TTL=128 ID=21933 PROTO=UDP SPT=63888 DPT=3956 LEN=16
Jan  4 16:31:41 zentyal2 kernel: [111195.203753] zentyal-firewall drop IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:80:e8:2c:75:fb:66:08:00 SRC= DST= LEN=36 TOS=0x00 PREC=0x00 TTL=128 ID=21934 PROTO=UDP SPT=63887 DPT=3956 LEN=16

How can I fix this issue?

my network configuration is

internal network <-> eth1 <-> zentyal <-> eth0 <-> eth0.7 <->ppp0 <-> internet

Network access from Zentyal is working fine but from internal network packages are dropped by firewall.

I have firewall rules for internal network to external but it seems that the rules are not working.

Installation and Upgrades / firewall drop all from internal to ppp0
« on: September 23, 2021, 12:51:22 pm »

the firewall is droping all connections from local network to ppp0.
I created a vlan network device eth0.7 manually.

This device I configured as pppoe and mkred it as WAN device.
I can look http/https over proxy from all clients but when I want to go outside from a client directly for the firewall is dropping the connection, like sending emails from local client...

I created a general rule for internal to external networḱs for al services yet but it seems that this rule has no effect.

Is it possible that the external mark of ppp0 device has no effect?

Edit: I'm on the latest Z7.0 community edition

Installation and Upgrades / Re: can't log in Webadmin
« on: June 07, 2021, 02:41:25 pm »
Hallo Daniel

* Was the Zentyal server 7.0 upgraded from 6.2?


* Which 'domains' do you have enabled in the log module?

- Konfigurationsänderungen, Andministarionssitzung   
- E-Mail   
- Samba-Zugriff   
- DHCP   
- Firewall   
- SMTP-Filter   
- VPN   
- HTTP-Proxy   

* Which version of the Zentyal modules are you using (dpkg -l | grep 'zentyal' )?
 dpkg -l | grep 'zentyal'
ii  language-pack-zentyal-de               7.0                                                                all          Zentyal translations for language German
ii  zentyal                                7.0.0ubuntu1                                                       all          Zentyal - Core metapackage
ii  zentyal-antivirus                      7.0.1                                                              all          Zentyal - Antivirus
ii  zentyal-ca                             7.0.1                                                              all          Zentyal - Certification Authority
ii  zentyal-core                           7.0.4                                                              all          Zentyal - Core
ii  zentyal-dhcp                           7.0.2                                                              all          Zentyal - DHCP Server
ii  zentyal-dns                            7.0.2                                                              all          Zentyal - DNS Server
ii  zentyal-firewall                       7.0.0                                                              all          Zentyal - Firewall
ii  zentyal-groupware                      7.0.0ubuntu1                                                       all          Zentyal - Mail and Groupware
ii  zentyal-jabber                         7.0.0                                                              all          Zentyal - Jabber
ii  zentyal-mail                           7.0.1                                                              all          Zentyal - Mail
ii  zentyal-mailfilter                     7.0.0                                                              all          Zentyal - Mail Filter
ii  zentyal-network                        7.0.0                                                              all          Zentyal - Network Configuration
ii  zentyal-ntp                            7.0.0                                                              all          Zentyal - NTP Service
ii  zentyal-openvpn                        7.0.0                                                              all          Zentyal - VPN
rc  zentyal-radius                         6.0.1                                                              all          Zentyal - RADIUS
ii  zentyal-samba                          7.0.1                                                              all          Zentyal - Domain Controller and File Sharing
ii  zentyal-software                       7.0.0                                                              all          Zentyal - Software Management
ii  zentyal-sogo                           7.0.0                                                              all          Zentyal - Web Mail
ii  zentyal-squid                          7.0.2                                                              all          Zentyal - HTTP Proxy

* Can you attach me the following log files? We would like to analyze those log files in order to see any trace that help us to identify the issue.
   * /var/log/zentyal/zentyal.log
   * /var/log/zentyal/error.log
   * /var/log/zentyal/uwsgi.log
   * /var/log/syslog
   * /var/log/mysql/error.log

Installation and Upgrades / can't log in Webadmin
« on: May 21, 2021, 05:08:28 pm »

ich following problem:I can't login into the web admin gui.

Error inserting data: INSERT INTO audit_sessions ( `username`, `event`, `ip`, `timestamp`) VALUES ( ?, ?, ?, ?)
Values: $VAR1 = [
          '2021-5-21 17:4:38'

 at /usr/share/perl5/EBox/ line 289

What can I do to fix the problem?


here the solution for the problem and I modified the config in that way that conversations is usable as a client with file upload etc...

It would be great if somebody could upgrade the ejabberd for zentyal ....

Code: [Select]
#### This config file is generated by Zentyal.
#### Any modifcation will be resetted by restart of Zentyal Server !!!
#### To configure modify /usr/share/zentyal/stubs/jabber/ejabberd.yml.mas instead
#### This config was created by Denis Robel for Ejabberd 20.0.4

  - ""

loglevel: 4
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100

#  - "/opt/ejabberd/conf/server.pem"
  - "/etc/letsencrypt/live/"
  - "/etc/letsencrypt/live/"

#ca_file: "/opt/ejabberd/conf/cacert.pem"
ca_file: "/opt/ejabberd/conf/ejabberd.pem"

auth_method: ldap
  - ""
ldap_port: 389
#ldap_encrypt: tls
ldap_rootdn: "CN=zentyal-jabber-zentyal2,CN=Users,DC=dantschke,DC=org"
ldap_password: "++++++++++++++++++++++++++"
ldap_base: "DC=dantschke,DC=org"
ldap_uids: [jabberUid]
#  "jabberUid": "%u"
ldap_filter: "(&(objectclass=User)(jabberUid=*))"

    port: 5222
    ip: ""
    module: ejabberd_c2s
    starttls: true
    certfile: "/opt/ejabberd/conf/ejabberd.pem"
    tls_compression: false
    dhfile: "/opt/ejabberd/conf/dh4096.pem"

    starttls_required: true
    max_stanza_size: 262144
    shaper: c2s_shaper
    access: c2s

    port: 5269
    ip: ""
    module: ejabberd_s2s_in
    max_stanza_size: 524288

    port: 3478
    ip: ""
    transport: udp
    module: ejabberd_stun
    use_turn: true
    turn_ip: ""
    ## The server's public IPv4 address:
    # turn_ipv4_address: ""
    ## The server's public IPv6 address:
    # turn_ipv6_address: "2001:db8::3"

    port: 5443
    ip: "::"
    module: ejabberd_http
    tls: true
      "/admin": ejabberd_web_admin
      "/api": mod_http_api
      "/bosh": mod_bosh
      "/captcha": ejabberd_captcha
      "/upload": mod_http_upload
      "/ws": ejabberd_http_ws
      "/oauth": ejabberd_oauth

    port: 5280
    ip: "::"
    module: ejabberd_http
      "/admin": ejabberd_web_admin
    port: 1883
    ip: "::"
    module: mod_mqtt
    backlog: 1000

s2s_use_starttls: optional

    user_regexp: ""
      - ::1/128
      - ::FFFF:
      - "robel": ""
      - "domainadmin": ""

    allow: local
    deny: blocked
    allow: all
    allow: admin
    allow: admin
    allow: local
    allow: local
    allow: loopback

  "console commands":
      - ejabberd_ctl
    who: all
    what: "*"
  "admin access":
          acl: loopback
          acl: admin
        scope: "ejabberd:admin"
            acl: loopback
            acl: admin
      - "*"
      - "!stop"
      - "!start"
  "public commands":
      - status
      - connected_users_number

  normal: 1000
  fast: 50000

  max_user_sessions: 10
    5000: admin
    100: all
    none: admin
    normal: all
  s2s_shaper: fast

max_fsm_queue: 10000

   contact: ""
   ca_url: ""

language: "de"

  mod_adhoc: {}
  mod_admin_extra: {}
    access: announce
  mod_avatar: {}
  mod_caps: {}
  mod_carboncopy: {}
  mod_configure: {}
  mod_client_state: {}
  mod_blocking: {}
      modules: all
      name: "abuse-addresses"
        - ""
      modules: all
      name: "support-addresses"
        - ""
      modules: all
      name: "admin-addresses"
        - ""
  mod_http_upload: {}
  mod_last: {}
  mod_mam: {}
  mod_mqtt: {}
    host: "conference.@HOST@"
      - allow
      - allow: admin
    access_create: muc_create
    access_persistent: muc_create
      - allow
      allow_subscription: true  # enable MucSub
      mam: true
      persistent: true
      public: false
      public_list: false
  mod_muc_admin: {}
    access_max_user_messages: max_user_offline_messages
  mod_ping: {}
  mod_privacy: {}
    count: 5
    interval: 60
  mod_private: {}
    access: local
    max_connections: 5
    access_createnode: pubsub_createnode
    ignore_pep_from_offline: true
    last_item_cache: false
      - flat
      - hometree
      - pep
      ## Avoid buggy clients to make their bookmarks public
        access_model: whitelist
  mod_push: {}
  mod_push_keepalive: {}
    ## Only accept registration requests from the "trusted"
    ## network (see access_rules section above).
    ## Think twice before enabling registration from any
    ## address. See the Jabber SPAM Manifesto for details:
    ip_access: trusted_network
    versioning: true
  mod_s2s_dialback: {}
    ldap_rfilter: "(&(objectClass=user)(!(isCriticalSystemObject=*)))"
    ldap_ufilter: "(&(objectClass=userJabberAccount)(distinguishedName=%u))"
    ldap_groupattr: "cn"
    ldap_groupdesc: "cn"
    ldap_memberattr: "sAMAccountName"
    ldap_useruid: "jabberUid"
    ldap_userdesc: "sAMAccountName"
  mod_sic: {}
  mod_stats: {}
    resend_on_timeout: if_offline
  mod_stun_disco: {}
  mod_time: {}
    db_type: ldap
    search: true
    allow_return_all: true
      "NICKNAME": {"%u": []}
      "FIRST": {"%s": ["givenName"]}
      "LAST": {"%s": ["sn"]}
      "FN": {"%s, %s": ["sn", "givenName"]}
      "EMAIL": {"%s": ["mail"]}
      "ORGNAME": {"%s": ["company"]}
      "ORGUNIT": {"%s": ["department"]}
      "CTRY": {"%s": ["c"]}
      "LOCALITY": {"%s": ["l"]}
      "STREET": {"%s": ["streetAddress"]}
      "REGION": {"%s": ["st"]}
      "PCODE": {"%s": ["postalCode"]}
      "TITLE": {"%s": ["title"]}
      "URL": {"%s": ["wWWHomePage"]}
      "DESC": {"%s": ["description"]}
      "TEL/CELL": {"%s": ["mobile"]}
      "TEL/NUMBER": {"%s": ["telephoneNumber"]}
    ## Search form
      "User": "%u"
      "Name": "givenName"
      "Family Name": "sn"
      "Email": "mail"
      "Company": "company"
      "Department": "department"
      "Role": "title"
      "Description": "description"
      "Phone": "telephoneNumber"
    ## vCard fields to be reported
    ## Note that JID is always returned with search results
      "Full Name": "FN"
      "Nickname": "NICKNAME"
      "Email": "EMAIL"
  mod_vcard_xupdate: {} 

  mod_version: {}

best regards



I upgraded ejebberd manually to 20.04 now the ldap authentication does not work anymore.

old code
Code: [Select]
auth_method: ldap
  - ""
ldap_port: 389
ldap_rootdn: "CN=zentyal-jabber-zentyal2,CN=Users,DC=dantschke,DC=org"
ldap_password: "-----------------------------"
ldap_base: "DC=dantschke,DC=org"
  - "jabberUid": "%u"

Startup ends with error:
2020-06-19 15:19:18.343 [critical] <0.107.0>@ejabberd_app:start:71 Failed to start ejabberd application: Invalid value of option ldap_uids: Expected map, got list instead

I'm not so familar with ldap but I thing ther should be an ldap filter in config, something like that:

Code: [Select]
auth_method: [ldap]
ldap_servers: []  # List of LDAP servers
ldap_base: "DC=office,DC=org" # Search base of LDAP directory
ldap_rootdn: "CN=Administrator,CN=Users,DC=office,DC=org" # LDAP manager
ldap_password: "*******" # Password to LDAP manager
ldap_uids: [sAMAccountName]
ldap_filter: "(memberOf=*)"

The ejabberd.yml.mas should be modified that it will working again with ejabberd 20.04.


Some help would be appreciated...

best regards Denis

Installation and Upgrades / Re: PPPOE via VLAN German Telekom
« on: June 17, 2020, 02:53:18 pm »
Hallo DonCamillo,

thank you for your response.


Did you check how the Zentyal Network module  configures the '/etc/network/interfaces' file after configuring through webadmin? Did you check the firewall?  eth0 is an external interface?

in /etc/interfaces eth0 is not configured:
Code: [Select]
auto zentyal-ppp-eth0.7
iface zentyal-ppp-eth0.7 inet ppp
      pre-up /sbin/ifconfig eth0.7 up
      post-down /sbin/ifconfig eth0.7 down
      provider zentyal-ppp-eth0.7
      offload-gro off
      offload-gso off
      offload-tso off

iface eth1 inet static
      offload-gro off
      offload-gso off
      offload-tso off

auto zentyal-ppp-vlan7
iface zentyal-ppp-vlan7 inet ppp
vlan-raw-device eth0
      pre-up /sbin/ifconfig vlan7 up
      post-down /sbin/ifconfig vlan7 down
      provider zentyal-ppp-vlan7
      offload-gro off
      offload-gso off
      offload-tso off

An yes eth0 is physically my external interface.

The interface vlan7 was created by zentyal but with vlan7 I'm not able to connect via pppd. The device eth0.7 I created manually as described.
My problem is that I don't know where I have to start with scripting to change all from vlan7 to eth0.7 . I don't want to hardcode all in interface.mas.

The big difference is the naming of the virtual netowrk devices vlanxx vs. eth0.xx and the way how they will be created:

zentyal: config

manually I used iplink ...

I expect that the magic is done here: /etc/network/if-pre-up.d/vlan


Installation and Upgrades / PPPOE via VLAN German Telekom
« on: June 10, 2020, 09:40:08 am »

I have some trouble to use ppp via VLAN. For German Telekom I need valn id 7

I configured following scenario:

1. For Network Interfaces eth0 I use method virtual lan and I add VLAN ID 7 --> I've got a new network interface VLAN7
2. For interface VLAN7 I use method PPPOE and I put username and password in the fields

The result is I cant get any connection...

When I configure all manually
Code: [Select]
ip link add link eth0 name eth0.7 type vlan id 7

pppoeconf eth0.7

pon dsl-provider

route add default ppp0

all is working well. So there the problem must be on Zentyal side.

The result is that on every restart I have to edit the config manually.

I'm running Zentyal 6.1.4.

Help is much appreciated.

German / Re: VPN Zentyal 6 kein Zugriff
« on: May 15, 2020, 12:06:30 pm »
Falls es jemanden interessiert,

das Problem liegt daran, das in der Datei /etc/ssl/openssl.cnf
Für die Zertifikate eine Laufzeit angegeben ist, die nicht mit der Laufzeit der Zertifikate der Zertifizierungsstelle korrespondieren.
Sprich, das Server Zertifikat für den VPN Server muss erneuert werden, obwohl es in der Zertifizierungsstelle noch gültig ist.

German / PPPOE über VLAN Deutsche Telekom
« on: May 15, 2020, 10:59:20 am »

ich habe ein Problem mit der Einwahl über PPPOE. Der Provider ist die deutsche Telekom.
Es ist bekannt, dass zwischen der Netzwerkkarte und dem DSL Modem ein Vlan mit der ID 7 bestehen muss.

Wenn ich das Device händisch einrichte klappt das:
Code: [Select]
vconfig add eth0 7

Dann sehe ich unter Schnittstellen das Device eth0.7 kann dann PPPOE auswählen und die Zugangsdaten einstellen.
Ich muss die Verbindung dann starten mit:
Code: [Select]
pon /etc/ppp/peers/zentyal-ppp-eth0.7

und anschließend muss ich die default route auf ppp0 setzen

Gibt es hier jemanden , der das alles mit zentyaleigenen Mitteln erledigt hat?

Unter Zentyal wird ein device VLAN7 angelegt wenn ich bei eth0 ein virtuelles Netzwerk mit der ID 7 einrichte.
Dann kann ich auch die Zugangsdaten eingebne, aber dann gehts nicht weiter, da die Schnittstelle VLAN7 nicht angelegt wird. ipconfig zeigt die nicht an.

Über Tipps zur Lösung wäre ich dankbar.

VG Denis

German / VPN Zentyal 6 kein Zugriff
« on: September 13, 2019, 02:50:34 pm »

ich habe auf einem frischen Z6.0 das VPN aufgesetzt.
Ich bekomme von keinem Client aus eine Verbindung.

Log vom Client endet mit:
Fri Sep 13 14:46:58 2019 UDP link local: (not bound)
Fri Sep 13 14:46:58 2019 UDP link remote: [AF_INET]MEINE_IP:1194
Fri Sep 13 14:46:58 2019 MANAGEMENT: >STATE:1568378818,WAIT,,,,,,

Es sieht aus, als ob die Firewall des Servers alles blockt. Ich habe den Port auf dem der VPN server lauscht aber frei gegeben...
Hat sich gegenüber Z5 hier etwas verändert, denn mit einem Z5 Server läuft das Setup...
Gibt's hier jemanden, der mir ein paar Hinweise geben kann?

Viele Grüße aus Leipzig


Installation and Upgrades / direct migration from z 3.5.9 to 5.0.10 ?
« on: February 14, 2018, 08:40:54 am »

I have to migrate a Zentyal server 3.5.9 to the actual 5.0.10
It's working as stand alone DC with full infrastructure (DHCP, DNS, SAMBA, VPN, mail, mailfilter, sogo, firewall).

Is there any procedure to migrate directly or partly the users groups etc? Any hints would be appreciate.

with best regards


Installation and Upgrades / Re: Proxy HTTP on Zentyal 4.1
« on: July 08, 2015, 09:47:37 am »
Dear Julio,

thx a lot for this information, it's working well

 :D :D :D

Installation and Upgrades / Re: Proxy HTTP on Zentyal 4.1
« on: June 26, 2015, 09:58:41 am »

are there any news about that?

I tried to build this module as described in the tutorial. It built without any error but I was not able to install it.

So please claudemir can you tell us how you create this module for Zentyal 4.1.1 ?

with warm regards


Pages: [1] 2 3