Recent Posts

Pages: [1] 2 3 ... 10
1
Other modules / ZENTYAL 6.1 - Update Error DNS
« Last post by mkugler on Today at 12:20:57 pm »
Hello, if I want to assign a fixed IP to an object and then secure it, I get the following error:

Einige Module meldeten ein Fehler beim Sichern der Änderungen. Weitere Informationen finden Sie in den Logs in /var/log/zentyal/

The following modules failed while saving their changes, their state is unknown: dns The following modules failed while saving their changes, their state is unknown: dns at The following modules failed while saving their changes, their state is unknown: dns at /usr/share/perl5/EBox/GlobalImpl.pm line 727 EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x55e3a0550e00)', 'progress', 'EBox::ProgressIndicator=HASH(0x55e39c36c698)') called at /usr/share/perl5/EBox/Global.pm line 95 EBox::Global::AUTOLOAD('EBox::Global=HASH(0x55e3a04affd0)', 'progress', 'EBox::ProgressIndicator=HASH(0x55e39c36c698)') called at /usr/share/zentyal/global-action line 32 eval {...} at /usr/share/zentyal/global-action line 30

In the Log of Zentyal you see the following lines:

2024/07/13 11:04:58 DEBUG> Sudo.pm:189 EBox::Sudo::_root - /usr/share/zentyal/psgi/zentyal.psgi (pid: 27444) - nsupdate$
2024/07/13 11:04:58 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/sc6$
2024/07/13 11:04:58 ERROR> Service.pm:969 EBox::Module::Service::restartService - Error restarting service: root comman$
Error output: update failed: REFUSED

2024/07/13 11:14:57 DEBUG> Sudo.pm:189 EBox::Sudo::_root - /usr/share/zentyal/psgi/zentyal.psgi (pid: 27444) - LANG=C /$
2024/07/13 11:14:58 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command LANG=C /usr/sbin/ejabberdctl status failed$
2024/07/13 11:14:58 DEBUG> Sudo.pm:189 EBox::Sudo::_root - /usr/share/zentyal/psgi/zentyal.psgi (pid: 27444) - systemct$

Unfortunately I can't get the problem under control, does anyone know the problem and can help me.

Many thanks in advance.
Mathias
2
Installation and Upgrades / Re: Problem with DNS forwarding
« Last post by Stage4972 on July 10, 2024, 09:01:44 pm »
Just what I needed. Thanks
3
Installation and Upgrades / Re: Problem with DNS forwarding
« Last post by Siroco on July 10, 2024, 10:59:26 am »
Hi,
To make changes persistent in Zentyal, you must use stubs. Below you have the link to the official documentation about stubs.
 https://doc.zentyal.org/en/appendix-c.html#stubs
Best regards.
4
Installation and Upgrades / Problem with DNS forwarding
« Last post by Stage4972 on July 09, 2024, 11:06:20 am »
Hi, I'm having troubles with the DNS forwarder. My setup is PFSense (192.168.1.1) as gateway / dhcp / dns and Zentyal 8 (192.168.1.10) as DC forwading the DNS to the PFSense. While Zentyal forwards all internet DNS queries upstream it fails to forward .lan names and just gives ** server can't find pfsense.lan: SERVFAIL. I need the DNS forwarder to forward .lan dns queries because PFSense has to resolve them. The same setup with same settings worked on Zentyal 7. How can I debug that.

Code: [Select]
root@dc:/etc# nslookup pfsense.lan
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
Name: pfsense.lan
Address: 192.168.10.1

root@dc:/etc# nslookup google.com
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
Name: google.com
Address: 142.251.140.78
Name: google.com
Address: 2a00:1450:4017:815::200e

root@dc:/etc# cat /etc/bind/named.conf.options

options {
        sortlist {
                192.168.1.0/24;
        };
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys.  See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;

listen-on-v6 { none; };

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        forward first;
        forwarders {
                192.168.1.1;
        };

        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";

    auth-nxdomain no;    # conform to RFC1035

    allow-query { any; };
    allow-recursion { trusted; };
    allow-query-cache { trusted; };
    allow-transfer { internal-local-nets; };
};

logging { category lame-servers { null; }; };
root@dc:/etc# cat /etc/resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# and managed by Zentyal.
#
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
#
nameserver 127.0.0.1
search lan

Thanks

EDIT: I've compared the  /etc/bind/named.conf.options file between zentyal 7 and 8 and actually one this line was changed and and when I reverted it to Zentyal 7 version it fixed the issue for me:
Zentyal 8: dnssec-validation auto;
Zentyal 7: dnssec-validation yes;

I have no idea why but I'm leaving this here if anyone encounters the same problem.

EDIT: this file get recreated on reboot. Any idea how to make my change persitant?
5
Manually deleting entries does not solve the problem. File /etc/netplan/netplan.yaml is created from information stored somewhere else and that is where it needs to be removed.

Hi,

To fix this issue, please, go to the following link:

* https://github.com/zentyal/zentyal/issues/2167#issuecomment-2208417078
6
Other modules / Re: OPenVPN Tap0
« Last post by Siroco on July 01, 2024, 11:37:32 am »
Hi,

If you only have one network interface, you should ensure that the NAT option is enabled in your VPN server settings.

https://doc.zentyal.org/en/vpn.html

Anyway, as you mentioned, it would be very useful if you upload to somewhere screenshots of the following:

- Network configuration.
- OpenVPN configuration including the advertised networks.

Also, you should analyze the log files /var/log/syslog and /var/log/openvpn/ in Zentyal and also, the OpenVPN client logs.

Finally, did you check if the advertised network is the same network as your client? For instance: 192.168.0.0/24

Best regards.
7
Hi ggallo,

First of all, thank you for the detailed explanation of your upgrade process from the very old Zentyal 5 version.

About the MySQL issue, we thought it was fixed with the below function in the script but apparently, it does not cover all the cases. Do you remember if this issue caused the upgrade to fail?

* https://github.com/zentyal/zentyal/blob/7.1/main/core/src/scripts/release-upgrade#L352

Regarding ClamAV and Sogo, as you found out, it looks like it is an issue caused by the version of Zentyal you upgraded from. However, we are going to do some tests in our internal lab and if it is necessary, we will update the script, the documentation, or both.

Again, thank you for sharing.

Best regards, Daniel Joven.
8
Other modules / Re: DHCP Leases file garbage?
« Last post by Daniel Joven on June 28, 2024, 10:07:28 am »
Zentyal version 8.0.3.  We have been using Zentyal for many years.

We have recently started having issues with our DHCP causing loss of client device connectivity.  Clients devices seem to be losing IP addresses for a period of time before re-establishing new ones.

We are a moderately small office and have just one range of DHCP IP's available (currently 10.0.0.59 - 10.0.0.254), the rest being reserved for servers, some Dev PC's and other network devices such as printers, switches etc.

Looking at the content of our leases file (/var/lib/dhcp/dhcpd.leases), we see a mix of some very old expired leases (from November 2023), current leases (3rd June 2024) and some leases (current) with some sort of scripting for "on expiry" and "on release".

I don't know if the two script blocks are legitimate entries, since not all entries have this format.

Our leases file is also getting very long, with over eight TEN thousand lines (increased during time of writing this post) of lease entries (lines bulked by the coded outputs as exampled below), almost all of them dated for today.

Example of the scripting:

Code: [Select]
on expiry {
    set ClientIP =
       binary-to-ascii (10, 8, ".", leased-address) ;
    log (debug,
        concat ("Expired: IP: ", ClientIP));
    execute ("/usr/share/zentyal-dhcp/dhcp-dyndns.sh", "delete", ClientIP, "", "0");
  }
  on release {
    set ClientIP =
       binary-to-ascii (10, 8, ".", leased-address) ;
    set ClientDHCID =
       concat (concat (concat (concat (concat (concat (concat (concat (concat (
                                                                               concat
                                                                              (
                                                                             suffix
                                                                              (
                                                                             concat
                                                                              (
                                                                             "0",
                                                                             
                                                                             
                                                                             binary-to-ascii
                                                                              (16
                                                                             ,
                                                                             8,
                                                                             ""
                                                                             ,
                                                                             
                                                                             substring
                                                                              (
                                                                             hardware,
                                                                             1,
                                                                             1)
                                                                             ))
                                                                             ,
                                                                             2)
                                                                             ,
                                                                               ":")
                                                                               ,
                                                                               
                                                                               suffix
                                                                              (
                                                                             concat
                                                                              (
                                                                             "0",
                                                                             
                                                                             
                                                                             binary-to-ascii
                                                                              (16
                                                                             ,
                                                                             8,
                                                                             ""
                                                                             ,
                                                                             
                                                                             substring
                                                                              (
                                                                             hardware,
                                                                             2,
                                                                             1)
                                                                             ))
                                                                             ,
                                                                             2)
                                                                       ), ":"),
                                                               
                                                               suffix (concat (
                                                                               "0",
                                                                               
                                                                               
                                                                               binary-to-ascii
                                                                              (16
                                                                             ,
                                                                             8,
                                                                             ""
                                                                             ,
                                                                             
                                                                             substring
                                                                              (
                                                                             hardware,
                                                                             3,
                                                                             1)
                                                                               ))
                                                                       , 2)),
                                                       ":"),
                                               suffix (concat ("0",
                                                               binary-to-ascii
                                                               (16, 8, "",
                                                                substring (
                                                                           hardware,
                                                                4, 1))), 2)),
                                       ":"),
                               suffix (concat ("0",
                                               binary-to-ascii (16, 8, "",
                                                                substring (
                                                                           hardware,
                                                                5, 1))), 2)),
                       ":"),
               suffix (concat ("0",
                               binary-to-ascii (16, 8, "",
                                                substring (hardware, 6, 1))), 2
               )) ;
    log (debug,
        concat ("Release: IP: ", ClientIP));
    execute ("/usr/share/zentyal-dhcp/dhcp-dyndns.sh", "delete", ClientIP, ClientDHCID);
  }


Can anyone enlighten me as to whether we have a buggy DHCP service (if so, what should I do to remedy), and whether I should try deleting the old or oddly-formed lease entries from the file in an effort to resolve it?

(I have made a backup copy of the file already.)

Thanks in advance,
Alec

=============== UPDATE (4th June 24) ================
Applying some basic troubleshooting/elimination processes on our network devices, I turned off our new WiFi AP (an Ubiquiti U7 Pro) and the address loss/reclaiming seems to have stabilised.  Perhaps a bit early to tell after only a couple of hours, as we had seen things stabilise after the morning anyway - so tomorrow morning should provide the real test of whether that device had been doing something rogue on the LAN.  It had applied an update back on 9th May (to v. 7.0.47), and we think that date is around when we started seeing the connectivity issues, but not sure why it had become increasingly worse during the last couple of weeks.

Have ordered a pair of NetGear AP's to test/replace the Ubiqiti stuff...
==============================================


Hi AlecM,

We have checked the DHCP behavior you reported in our internal lab and we have confirmed that this is a bug, concretely, with the managing of the reverse zone. We have added it to our roadmap.

In order to let people know about this, we strongly recommend you create a new issue in GitHub and hopefully, someone can contribute.

* https://github.com/zentyal/zentyal/issues/

Thank you for sharing the issue.

Best regards, Daniel Joven.
9
Spanish / Resolucion DNS inversa no responde desde redes externas
« Last post by aalvaro23 on June 21, 2024, 02:05:42 am »
Hola

Instale recientemente Zentyal 8 con 2 interfaces de red (Int. y Ext.) y tengo el modulo DNS + Correo entre otros, el DNS ya esta configurado minimamente con el NS, MX, y algunos TXT para SPF y DMARC. Tengo entendido que Zentyal configura automaticamente los registros PTR por cada host. En el Firewall abri el trafico para consultas DNS a mi server, y cuando le hacen consultas PTR a la ip del servidor DNS falla, no da respuesta, las consultas directas si funcionan. Internamente tanto con nslookup o dig si da respuesta a consultas PTR. Que pudiera causar este problema? Me esta impidiendo que se entregue correo correctamente.
10
Other modules / OPenVPN Tap0
« Last post by Zlaxer on June 20, 2024, 03:14:01 pm »
Sorry if this is covered elsewhere - I've tried just about everything I did find regarding this issue in this forum (and elsewhere).

Client connections (internal and external to the LAN) establish just fine but Tap0 on the Zentyal 8 / OPenVPN server running as a guest on Xenzerver 7.4 does not seem to pass traffic from the VPN's network 192.168.168.0 to the internal LAN network 192.168.0.0.  The VPN clients can ping each other and can ping the Zentyal server's eth0 (LAN) address and Tap0 (VPN) address.  TCP dump shows pings from my VPN clients hitting the server's Tap0, but nothing from Tap0 to the eth0 (internal LAN).  I've set all 4 firewall modules to accept all ports from any IP.  I will try to post my Zentyal OPenVPN config file later today with some screen shots of the OpenVPN, network, and Firewall admin screens. 

Note that the VPN clients are running on windows 10 and 11 but that they worked just fine with Zentyal 4.1.  Also, the fact that their pings hit the Zentyal Tap0 leads me to believe the issue is with the Zentyal setup and not a Win 10/11 Tap0 issue (but I could be wrong).  Note I am advertising the LAN network through the VPN.  Also, the Zentyal server only has 1 interface (eth0) and is not the default gateway.  I know the documentation says there needs to be 2 interfaces - so does this mean it's not possible to use Zentyal 8 as a VPN with only 1 NIC?  Just find it puzzling since Zentyal 4.1 worked so well in this setup.

Also, is it possible the clients' traffic is going through the server's Tap0 to Eth0 to the default gateway (which doesn't have a routing entry for the VPN) without showing up in TCP dump?
Pages: [1] 2 3 ... 10