Messages

1

Installation and Upgrades / Re: Installing Zentyal 3.3 from iso put on local ntfs partition via Grub4Dos !

« on: January 16, 2014, 01:20:47 pm »

By chance, I just found it. It refers to Ubuntu 10.10 but I'm pretty sure doing something similar will work for 12.04.

http://askubuntu.com/questions/56174/install-ubuntu-10-10-server-from-usb-with-grub4dos

mkdir /mnt/tmp
mount /dev/sdb1 /mnt/tmp
mount -o loop -t iso9660 /mnt/tmp/ubuntu-12.04-server-i386.iso /cdrom

2

Installation and Upgrades / Re: Installing Zentyal 3.3 from iso put on local ntfs partition via Grub4Dos !

« on: January 16, 2014, 01:16:56 pm »

I did find something when googling the issue. Users that attempted to install Ubuntu 12.04 server encountered the same issue. Their solution was to back out of the install when they encountered the error then mount the iso in the /cdrom directory in terminal 2; then go back to terminal 1 and restart the install. When I find the actual link I'll post it here.

3

Installation and Upgrades / Re: ldap error

« on: January 16, 2014, 11:20:47 am »

I encounter a similar if not the same issue on Z2.2. I found in some instances when I restart the server, the slapd service starts before the zentyal service which puts it into this situation. Try stopping slapd by running sudo service slapd stop then run sudo service zentyal restart.

4

Installation and Upgrades / Re: Installing Zentyal 3.3 from iso put on local ntfs partition via Grub4Dos !

« on: January 15, 2014, 10:09:51 pm »

I got around to testing it and it gets stuck at looking for the CD in CDROM.

5

Installation and Upgrades / Re: Installing Zentyal 3.3 from iso put on local ntfs partition via Grub4Dos !

« on: January 15, 2014, 02:54:39 pm »

The menu lists below works for me using an ubuntu 12.04. Just replace the iso name with the zentyal image. When I have time I'll try to test this myself.

# Ubuntu Server
  title Ubuntu Server\nUbuntu Server\nInstall Ubuntu Server 12.04.1 LTS
  pxe keep
  root (pd)/iso/ubuntu-12.04.1-server-i386.iso
  map --mem (pd)/iso/ubuntu-12.04.1-server-i386.iso (0xff)
  map --hook
  root (0xff)
  chainloader (0xff)

# Ubuntu Server (64-bit)
  title Ubuntu Server (64-bit)
  pxe keep
  root (pd)/iso/ubuntu-12.04.1-server-amd64.iso
  map --mem (pd)/iso/ubuntu-12.04.1-server-amd64.iso (0xff)
  map --hook
  root (0xff)
  chainloader (0xff)

6

Installation and Upgrades / Re: Adding services to /etc/services still not working for DNS SRV records

« on: December 31, 2013, 07:22:07 pm »

Try this. Remove the changes you've made to /etc/services. On the Zentyal UI go to Network > Services and add your services there. Then go to DNS > Services. In order to add any SRV records they must be present as a service under services in network. This is what I've found.

7

Installation and Upgrades / Re: existing users not shown

« on: December 10, 2013, 04:43:15 pm »

If you have a need to have system accounts appear as users in Zentyal you can follow this 'How To:' http://forum.zentyal.org/index.php/topic,19002.0.html

8

Installation and Upgrades / Re: Need help adding current user to Samba Group

« on: December 09, 2013, 07:12:38 pm »

http://forum.zentyal.org/index.php/topic,19002.0.html

9

Installation and Upgrades / Zentyal Samba 3.2

« on: December 06, 2013, 08:25:43 pm »

After purging z3.2 samba, dns and users and setting everything back up again. I continue to get these errors in the samba log.

Code: [Select]

  single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_
STATUS_CONNECTION_DISCONNECTED]
[2013/12/06 13:57:34.469778,  3] ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connec
t)
  ldb_wrap open of secrets.ldb
[2013/12/06 13:57:34.472403,  3] ../source4/auth/ntlm/auth.c:270(auth_check_pass
word_send)
  auth_check_password_send: Checking password for unmapped user []\[]@[(null)]
  auth_check_password_send: mapped user is: []\[]@[(null)]
[2013/12/06 13:57:34.475485,  3] ../source4/smbd/service_stream.c:66(stream_term
inate_connection)
  Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT
_STATUS_CONNECTION_DISCONNECTED'
[2013/12/06 13:57:34.475697,  3] ../source4/smbd/process_single.c:114(single_ter
minate)
  single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_
STATUS_CONNECTION_DISCONNECTED]
[2013/12/06 13:57:35.292607,  4] ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/12/06 13:57:36.189369,  4] ../source4/dsdb/repl/drepl_notify.c:463(dreplsr
v_notify_schedule)
  dreplsrv_notify_schedule(5) scheduled for: Fri Dec  6 13:57:41 2013 EST
[2013/12/06 13:57:41.198498,  4] ../source4/dsdb/repl/drepl_notify.c:463(dreplsr
v_notify_schedule)
  dreplsrv_notify_schedule(5) scheduled for: Fri Dec  6 13:57:46 2013 EST
[2013/12/06 13:57:45.790030,  3] ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connec
t)
  ldb_wrap open of secrets.ldb
[2013/12/06 13:57:46.207765,  4] ../source4/dsdb/repl/drepl_notify.c:463(dreplsr
v_notify_schedule)
  dreplsrv_notify_schedule(5) scheduled for: Fri Dec  6 13:57:51 2013 EST
[2013/12/06 13:57:47.356556,  3] ../source4/smbd/service_stream.c:66(stream_term
inate_connection)
  Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT
_STATUS_CONNECTION_DISCONNECTED'
[2013/12/06 13:57:47.356907,  3] ../source4/smbd/process_single.c:114(single_ter
minate)
  single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_
STATUS_CONNECTION_DISCONNECTED]
[2013/12/06 13:57:48.064712,  4] ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
I thought this should have been fixed by now?

10

Installation and Upgrades / Re: SAMBA Error

« on: December 06, 2013, 03:03:56 am »

I believe I've made some progress on this issue. I no longer receive this error

Code: [Select]

AuthKrbHelper.pm:172 EBox::Samba::AuthKrbHelper::_getTicketUsingKeytab - Could not get ticket: could not acquire credentials using an initial credentials context: unable to reach any KDC in realm BCGVT.LAN
 at /usr/share/perl5/EBox/Samba/AuthKrbHelper.pm line 172 in the zentyal.log anymore.

After do a LOT of googling and looking through the perl scripts the trace references I found this linke: http://kerberos.996246.n3.nabble.com/kinit-krb5-get-init-creds-unable-to-reach-any-KDC-in-realm-REALM-td9947.html and it refers to the /etc/hosts file where the machine name is set to 127.0.1.1 when it should be 127.0.0.1.

And I actually read up on some of the kerberos info from an M$ website: http://technet.microsoft.com/en-us/library/bb463167.aspx and this:

To access Kerberized services, the client computer must be capable of resolving the DNS domain of the target computer to the correct Kerberos REALM. This becomes an issue when the DNS domain name does not match the Kerberos REALM name. Because mapping does not become an issue until the client computer tries to access a service, domain to REALM mapping problems do not affect initial ticket requests (TGTs). When mapping problems exist, service ticket requests may fail or access to Kerberized services may fail. With Active Directory, the REALM name is always the uppercase equivalent of the DNS domain name.

paragraph stood out to me.

After reading that I remembered that I continue to experience DNS issues. So I set the domain IP address, added the server as a host name and my DNS server as a host name. I assigned the two IP addresses I use on my server to the host name and added both as name servers.

I also read on http://kerberos.996246.n3.nabble.com/kinit-krb5-get-init-creds-unable-to-reach-any-KDC-in-realm-REALM-td9947.html that kerberos uses ports 88 and 750 so I added them to the 'Network' > 'Services' > 'Kerberos' using TCP & UDP protocol and saved the configuration. I then added those same ports to the services record in DNS.

After making these changes I am now left with this error in the zentyal.log file, which I thought was already fixed.

Code: [Select]

2013/12/05 20:49:06 ERROR> GlobalImpl.pm:660 EBox::GlobalImpl::__ANON__ - Failed to save changes in module samba: Failed to open: NT_STATUS_ACCESS_DENIED at /usr/share/perl5/EBox/Samba.pm line 412.
The Zentyal Web GUI still stops at 67% and throws an error and I'm unable to start the zentyal samba service but samba4 is running; I am able to access my shares without any issues.

I can easily back out my changes if I'm headed in the wrong direction...

11

Installation and Upgrades / Re: Mac filtering

« on: December 05, 2013, 02:28:04 am »

CLI stands for command line interface. terminal... Google will be your friend.

12

Installation and Upgrades / DNS Forwarding on Zentyal 3.2

« on: December 05, 2013, 01:53:15 am »

Has anyone successfully been able to setup DNS forwarding?

I recently upgraded from Ubuntu 10.04 to 12.04 and Z2.2 to Z3.2; I have yet to get DNS forwarding to work. The server I'm working with is a simple file server that is used to store backups on. It has two NIC's; I've tried setting both of them as DHCP and setting one to DHCP and one static. With IP addresses 192.168.1.205 and 192.168.1.206. The DNS server is setup on a different server running Ubuntu 10.04 Z2.2 with IP address 192.168.1.201. I've tried adding this IP <192.168.1.201> as a forwarder with no success. I've set transparent cache to enabled and disabled. I've added the DNS server as a hostname with it's appropriate IP address and listed it as a name server and still no luck. If I manually stop the zentyal DNS service and allow the bind service to run, it works without any problems. This is leading me to believe that the latest Z3.2 DNS module along with the Z3.2 Samba module is currently flawed.

13

Installation and Upgrades / Re: Migrate Zentyal 2.2 > 3.2

« on: December 04, 2013, 06:08:00 pm »

Ok, so I gave this a bit of thought. I believe I'm pretty much finished updating this server (just a few tweaks remain) but I may stop here. With all the current Samba and Bind (DNS) issues being reported by various users on the forum; make me very hesitant in updating the remaining three servers. especially sinice these two functions are critical for their operation. Why have a file server if it can't server files and with the inability to come up with a successful work around in trying to perform a nslookup against my own DNS server why bother. I know I will be monitoring the forum for some time in hopes of work arounds and fixes. Until then, I can continue planning my upgrades in detail.

14

Installation and Upgrades / Re: Migrate Zentyal 2.2 > 3.2

« on: December 04, 2013, 01:27:36 pm »

The How To: on how to add a Zentyal user as a system user was added to the Tips and Tricks forum http://forum.zentyal.org/index.php/topic,19002.0.html

15

Installation and Upgrades / How To: Making a Zentyal User a System User

« on: December 04, 2013, 01:24:58 pm »

How To: Making a Zentyal User a System User

This came about from an unfortunate incident when upgrading my Z2.2 to Z3.2. I didn’t follow the documentation where I was supposed to export my users in 2.2 and prepare the output for import into 3.0 (in this case 3.2). My primary user on my linux server is the same user I use on my Windows PC. We all know if a system user already exists on the server you cannot add a user to Zentyal with the same name. I, like most people would like to have user id’s and password match so we don’t have to continue to enter our credentials to access our shares. This of course comes from working with the machines at home so security isn’t a huge deal. So basically I had to troubleshoot a better part of a day to figure out how to add my system user as a Zentyal user. I couldn’t just import the user into LDAP as I’ve done in the past with Z2.2 because the structure is entirely different. So here it is. This issue would typically be encountered when upgrading to the next major release of Zentyal or if your installing Zentyal on a vanilla Ubuntu install instead of using the actual Zentyal install discs. I hope this how to do helps you!

What to expect:

• Back everything you want up!!! I can’t stress this enough.
• Prepare to remove your system user from the server, yes it sounds strange but this is what needs to be done.
• All commands will require root privileges, you are adding users and modifying system files; so…
• Be familiar with linux CLI. This can be accomplished by the average novice but it may require some reading up on some things to get a full understanding as to what is happening.
• Prepare to be busy for quite some time. I did all of this by logging into the server from my Windows PC and SSH. It can be done locally at the server of course.

Digging in:

• Change directory to /home and identify your home directory. Back it up, I renamed by using the command mv /home/james /home/james1
• Create a new user using useradd, this will be a temporary account so you can actually work with things. I created the one with username as “test”, it didn’t matter because I’m going to blow away the user once I’m done.
• Setup the new users password to be the same as your system password: `passwd test` and follow the prompts. I’ll explain why in a short while
• Add the new user to the admin and sudoers groups. If you don’t do this you won’t be able to continue; `sudo adduser <username> sudo` and `sudo adduser <username> admin`
• Logoff the system and ensure that your user id, the one you want to keep is NOT logged in whatsoever.
• Login to the server using the new user you’ve just added and become root `sudo –i`, it will prompt you for your password; it should be the same as the one of your system account.
• Now, delete your system account. What?? Yup, delete your system account. It’s the only way to get this to work. You can do so by issuing the command `deluser <username>`
• Now navigate to the Zentyal Web GUI and login using the temporary system user you just added. Why do you ask, Zentyal will only allow a system user the ability to login to its interface. It’s how they’ve setup their security, it can be changed but it does defeat the purpose.
• Now add your system account to Zentyal as a Zentyal user, we must do this first. You should be able to add it without any problems but it’s not guaranteed. Be prepared to google a LOT if you do run into problems.
• Now that you’ve added your account to Zentyal we will now add the account to the system, but we cannot do so by issuing the `useradd` command. It will complain that the user is already on the system; as I would expect that it would since you just added it to Zentyal. We will have to do this manually by touching each of the files listed below.
  /etc/group
  /etc/passwd
  /etc/shadow
• Open /etc/group in your favorite CLI editor, I like to use nano. Here we will identify all users that have been manually added to your system. Basically the last user should be the temporary user you added in the steps above and should be located at the bottom of the list. It’s UID (I believe it’s called the UID, not entirely sure at the moment) should be a numeric value four characters in length; i.e. ‘1000’. Add the your users, the one you just added to Zentyal to the bottom of this file copying the same structure as your temporary user but instead of copying the UID increment it by one so it would look like ‘1001’ instead of ‘1000’. Get it? This UID must be unique. Keep in mind, the UID you choose for your system account must match your username and be the same in all three files.
• Now open /etc/passwd and do the same thing as you did above. Following the structure and format of the file. Your temporary user should be located at the bottom of the list, copy the format and add your Zentyal user to it.
• Now open /etc/shadow and locate your temporary user. The user should be at the bottom of this list to. Remember when I said to set the same password as you are using for your system account? This is why, the temporary user has it’s password hashed; you’ll see a bunch of character after the temporary username. I suggest copying the entire line and appending it to the bottom of the file and then changing the name to match your system user.
• Navigate to /home, remember when I said to back up your system home directory? We will now restore it, that’s if you change the directory name; if all you did is backup your files instead then you won’t have to create a new /home directory or rename it. Attempt to change the ownership to your new system account. It should work.
• Open a terminal account and attempt to SSH into your server using your new system account using the same password as your temporary user. Did it work? I hope so, otherwise you have to do a bit of troubleshooting; reviewing the steps to see if you missed something.
• Now try to login locally to the server. If you’re logged in using the temporary account logout and attempt login using your system account. Did it work? I hope so.
• Log back off and login using your temporary account. We will now add your new system account to the admin and sudoers groups. Zentyal Web GUI requires that the system account be members of those groups. Do this by following step number 4.
• So we should be all set, just two more things and then some cleanup. Restart Zentyal users and webadmin services by issuing these commands: `/etc/init.d/zentyal users restart` and /etc/init.d/zentyal webadmin restart`.
• Navigate to Zentyal Web GUI and you should now be able to login using your system account. Now setup your share folder and access it from another PC. If all went well, you can safely delete the temporary account created.

These steps were compiled over several different attempts at add my system account and Zentyal account over the course of hours of troubleshooting. I didn’t quite follow the steps 100% because they didn’t exist. This should help others overcome the burden of having to setup separate shares.