Messages

1

Russian / Маленькое замечание по работе менеджера виртуальных машин

« on: February 20, 2013, 10:20:27 am »

Коллеги, может кому пригодится: нужно было поднять под Zentyal-ом виртуалку с Win7, обнаружил, что встроенный WEB-менеджер VM, простой как сатиновые трусы, не создаёт виртуальные жёсткие диски (ну, тут консоль и qemu-img в зубы), и с какого-то перепугу вешает подключаемый образ виртуального диска через SCSI, что, естественно, озадачивает устанавливаемую Win7. Менять через консоль, либо коннектиться VMM и править гуёво. Может, кому-то моя заметка поможет сэкономить время и силы на установке.

2

Russian / Re: Zentyal 3.0 VPN +Win7 клиент = низкая скорость

« on: February 18, 2013, 10:26:14 pm »

Нет, шейпинг даже не ставил.

И, нет - обойтись только Самбой не получится, нужно дать доступ к шаре именно через интернет, открывать туда самбу, мягко говоря, несерьёзно, учитывая важность данных. zmd, а какой именно клиент был в вашем случае?

3

Russian / Zentyal 3.0 VPN +Win7 клиент = низкая скорость

« on: February 13, 2013, 12:00:50 pm »

Доброго времени суток, коллеги. Наткнулся на неприятную проблемку: есть сервак на Z3.0, на нём поднят VPN, сделана файловая шара. Цепляюсь клиентом с Win7, через OpenVPN, монтирую шару, и получаю скорость доступа по SMB 50-150 Кб\с. Это на гигабитной сетке-то! Кстати, если лезть через интернет, из дома (20МБ канал) - результат примерно тот-же. У кого какие мысли, а? Вариант с просадкой производительности сервака или клиента отметается сразу: стоит новый i5, 8 гигов мозгов, на клиенте CoreDuo8400, тоже не самое слабое решение. Да и нагрузки на проц процесс никакой особо не генерит, максимум - пару процентов выжал.

Почитал вчера по форумам - проблема таки встречается нередко, и никто не может сказать, почему так. Как правило, люди деляться на две категории: у одних всё работает хреново и медленно, и они не могут понять, почему так, у других - всё работает быстро и без проблем, и они не могут помочь первым, потому что с проблемой не сталкивались. Переходов из первой категории во вторую я пока не зафиксировал... печально, что я попал как раз таки в первую...

Коллеги, кто-нибудь сталкивался с таким? И, для статистики: какая у вас скорость доступа к шаре, если есть аналогичная связка, Zentyal + Win?

4

Installation and Upgrades / Re: [Zentyal 3.0] Is PEAP|MSCHAPv2 supported?

« on: February 11, 2013, 11:56:41 am »

2 _evgen_b: yes, ntlm_auth is commented in /etc/freeradius/modules/mschap . But, there is same settings in /etc/freeradius/modules/mschap on Zentyal 2.0 server, and all works good. How mschap works on old Zentyal and dosnt work in new version, with same settings?

I try to uncomment ntlm_auth, with path /ust/bin/ntlm_auth, and now I have this message:

Code: [Select]

/usr/bin/ntlm_auth: /usr/lib/i386-linux-gnu/libwbclient.so.0: no version information available (required by /usr/lib/i386-linux-gnu/samba/liblibsmb.so)

5

Installation and Upgrades / Re: [Zentyal 3.0] Is PEAP|MSCHAPv2 supported?

« on: February 07, 2013, 01:58:20 pm »

Hellow all! I have same problem: I can't autentificate any of my devices via Zentyal 3.0. It's strange, because I use Zentyal 2.0.22 as Radius-server, and it working good.
I setup Zentyal 3.0, install modules: Network, Firewall, DNS, Events, Logs, NTP, Users and Groups, RADIUS, File Sharing and HTTP Proxy. Firewall, in try to resolve my problem, I setup as "allow-all" in every direction (not help, actually).

Check with radtest is OK, with no protocol defined. Radtest -t mschap - reject autentification, but my old zentyal, 2.0, allow it! I have not find any serious difference in config files in two Zentyal servers, old and new... It's some mistery for me...

 

Code: [Select]


rad_recv: Access-Request packet from host 192.168.1.108 port 1024, id=99, length=298
User-Name = "Shajtan"
NAS-Port = 0
Called-Station-Id = "0A-27-22-F3-0C-AA:TestWiFi"
Calling-Station-Id = "1C-E2-CC-DB-86-BB"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x024100901900170301002097a8b59a5cad91ca90fcb1dc0efeb76ac3bab0d4b57f19c484cae3e392fde9ca17030100602581f1ea8f6f6354706e7a968e0747a747731366f1f83406703223926905072f2ac13662c1edbd790d33190878a9965895b56c688c4524c070b9a5ddbc0b6457e6fbd5bce4cb94c89c18e029be74601f97759fe42be6c24beb9ab7c334b3a183
State = 0xe3b3b3fbe5f2aa05025a29847a4bd19a
Message-Authenticator = 0xcad40f022b43632069706f73f6762fbc
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Shajtan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 65 length 144
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x024100421a0241003d31dd9e103707f60fabca148f60b698b79e00000000000000003c422966dbcfcc8a7de3ae0a8c97cd0909604722904258de005368616a74616e
server  {
  PEAP: Setting User-Name to Shajtan
Sending tunneled request
EAP-Message = 0x024100421a0241003d31dd9e103707f60fabca148f60b698b79e00000000000000003c422966dbcfcc8a7de3ae0a8c97cd0909604722904258de005368616a74616e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "Shajtan"
State = 0x8e86fc7c8ec7e668b0ce18c188fabf98
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Shajtan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 65 length 66
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 3
++[files] returns ok
[ldap] performing user authorization for Shajtan
[ldap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> Shajtan
[ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=Shajtan)
[ldap] expand: dc=loniir-internet,dc=net -> dc=loniir-internet,dc=net
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in dc=loniir-internet,dc=net, with filter (uid=Shajtan)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
  [ldap] userPassword -> Password-With-Header == "{K5KEY}"
[ldap] looking for reply items in directory...
[ldap] user Shajtan authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found unknown header {{K5KEY}}: Not doing anything
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Creating challenge hash with username: Shajtan
[mschap] Told to do MS-CHAPv2 for Shajtan with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
Login incorrect: [Shajtan] (from client 192.168.1.0/24 port 0 via TLS tunnel)
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = "AE=691 R=1"
EAP-Message = 0x04410004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "AE=691 R=1"
EAP-Message = 0x04410004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 99 to 192.168.1.108 port 1024
EAP-Message = 0x0142002b190017030100206a2abce931280de058b058af5f98a2011a98c3a1caadaefee11123f12ea1d58f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe3b3b3fbe4f1aa05025a29847a4bd19a
Finished request 16.
Going to the next request
rad_recv: Access-Request packet from host 192.168.1.108 port 1024, id=100, length=234
User-Name = "Shajtan"
NAS-Port = 0
Called-Station-Id = "0A-27-22-F3-0C-AA:TestWiFi"
Calling-Station-Id = "1C-E2-CC-DB-86-BB"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0242005019001703010020fddddbe20028f0219a501e20d8a035364ecc394167910ba756e0861fcae3830e1703010020ea1479ec0058d99c08665f74673bdcb1a94e2e7cb15b8627a0e6da15dc99a5ce
State = 0xe3b3b3fbe4f1aa05025a29847a4bd19a
Message-Authenticator = 0xf591a3731e17336d106f79faece2cc20
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Shajtan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 66 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap]  The users session was previously rejected: returning reject (again.)
[peap]  *** This means you need to read the PREVIOUS messages in the debug output
[peap]  *** to find out the reason why the user was rejected.
[peap]  *** Look for "reject" or "fail".  Those earlier messages will tell you.
[peap]  *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [Shajtan] (from client 192.168.1.0/24 port 0 cli 1C-E2-CC-DB-86-BB)
Using Post-Auth-Type Reject



6

Installation and Upgrades / Re: Proxy exeptiont by IP-address?

« on: January 17, 2013, 02:12:46 pm »

I try to do it, but withous success. Also, I try to add IP of this server, 83.229.149.241, to /etc/hosts - but also withous success...
-------------------------------------

oops! Somehow it works! I dont use Zentyal inner DNS, olny /etc/hosts. Thanks everyone!

7

Installation and Upgrades / Proxy exeptiont by IP-address?

« on: January 17, 2013, 10:06:59 am »

Hellow everyone! I use Zentyal 3.0 as gateway and proxy server, and I found some problem for me: I want to use transparent proxy for all users, but I need to exclude one external server from caching, because it not working through proxy. But this server did not have DNS-name, only white ip-adress (it's server for users thin client), and Zentyal's proxy settings allow me to exclude something from caching by it's name only, not by IP.

So, can I somehow exclude one server from caching and trasparent proxy, if it have not domain name?

8

Installation and Upgrades / Manage-logs eat all my memory!

« on: June 05, 2012, 01:14:43 pm »

Hello, zentyal users. I have Zentyal 2.3.9, running in virtual under KVM (in CentOS 6.2). It was work perfect about two weeks, but now it became very slow. With "top" utulity I found, that process named "manage-logs" eat 90% of my memory (2Gb) and from 30% to 80% of CPU. It runs hourly from /etc/cron.hourly, main script is in /usr/share/zentyal/manage-logs

What can I do this this problem? For this moment, I simple remove file *90zentyal-manage-logs from /etc/cron.hourly, but I think this is not good solution. And - what does this script do?

9

Installation and Upgrades / Calculate traffik via interfaces, and quote it?

« on: May 30, 2011, 04:58:58 pm »

Hello all! I have fresh installation of Zentyal (2.0.20), and two external interfaces - eth0 and eth1, both are from different providers. eth0 is my main provider, with unlimited traffic and good speed, and eth1 is second provider, with limited traffic (10 Gb per mounth). I wanna build failover gateway - when eth0 will be in down, eth1 will work. But, also I wanna be shure, what I will not use all of 10Gb limiter traffic (overpay is very big).
How can I:
1. Easy verify traffic from the beginning of the mounth to current moment, for each external interface?
2. Recive some warnings about traffic overuse (for example, resive e-mail, when mounth traffic quota on eth1 is use by 80%)?