Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - compumatter

Pages: [1]
1
Other modules / Ghost Bridge Network Interfaces
« on: October 19, 2019, 04:12:15 am »
I have an odd one over here.

When logging into Zentyal at https://xx.xx.xx.xxx:8443 and selecting Networks > Interfaces on the left side it is showing me 2 bridges that I do not believe actually exist.

See https://compumatter.com/test/bridge-to-nowhere.jpg

I have not been able to figure out where they are getting implemented. 

I would want to get rid of these before I start using this hard drive to clone for other servers.... so it is of value for me to find out.

I have found these bridges named inside /etc/samba/smb.conf
  • interfaces = lo,br-0d0b2a704ac3,br-2497cdb58006,br1,eno1,br1,eno2

However that file seems to be populated by Zentyal dynamically...

There is no evidence of them within Netplan or Network/Interfaces

I don't know where they are coming from but Zentyal is loading them up and I want to get rid of them.

Has anyone run into this before?

Thanks.

Jay / CompuMatter

2
Thanks Don,

It would seem if the IP:8443 can be reached publicly it's no more / less dangerous to access via subdomain.   It's certainly easier to remember if I have multiple clients and I know they are all at the same subdomain ie; control.theirdomain.ext. In addition, clients will at times want to administer their own user accounts and it provides an easier way for them to access their own UI.

No substitutes for having good backups of everything for the worst case scenario - either way.

Look forward to hearing if you've got a solution in mind to this.

Jay

3
Hello and thank you for the use of this great product.

I have created a video on Youtube https://www.youtube.com/watch?v=esFxzF7NLKc to make it easier to understand the problem but also explain it in detail below.

I have placed my zentyal installation https://xx.xx.xxx.xxx:8443 under its own domain name for ease of use ie; https://control.mydomain.com

I am using Nginx standard virtual host setup coupled with putting a secure server cert in place.

The Zentyal UI comes up just fine.

However, when you login and click on Network > Interfaces and select any of the Interfaces ie; eno1, eno2 you will get an error

Wrong HTTP referer detected, operation cancelled for security reasons

I have found this error appears at many places in Zentyal only when used under the domain name.

It continues to behave normally if you login under the IP address.

This error can be seen also appearing in a zentyal log: sudo tail -f /var/log/zentyal/zentyal.log

Do you know a reason or solution for this issue?

Here is my Nginx server block with IP and Domain masked out
Code: [Select]
server {
    listen      80;
    server_name control.mydomain.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name control.mydomain.com;
    location / {
        proxy_pass https://xx.xx.xxx.xxx:8443;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade; # allow websockets
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP
    }
    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
}

What sayeth the group ?

Jay

4
Other modules / Network Object Greyed Out - Cannot Delete It
« on: November 06, 2017, 12:52:58 am »
First - thank you for creating an Community version of your product.  I am grateful for its existence.

Despite very aggressive attempts I cannot manage to delete a previously created Network > Objects item.

I have found a forum post here with the same problem: https://forum.zentyal.org/index.php/topic,24537.msg96917.html

However, that also would not work.  I am trying at this point to not require a full network lobotomy to resolve this issue.  See attached image and this youtube video I have created for you:


Thanks in advance for your thoughts.

Sincerely,

Jay Lepore
CompuMatter

5
Email and Groupware / Use Shared Calendar, Contacts (but not email)
« on: September 23, 2017, 01:32:01 am »
I have some clients that utilize the excellent Shared Calendar and Contacts of SOGo but not the email.

Every time they login, they must view email inbox etc that they are not using.

Is there any functionality that would disable one and perhaps take them straight to calendar upon login ?

Thanks.

Jay
CompuMatter

6
I see this post was read over 1500 times !  I know why.

For version 5.0, this code mentioned above worked instantly.  Thank you. I point this out because I originally copied other code not recognizing the 5.0 separation. 

cd /tmp
wget 'https://docs.google.com/uc?export=download&id=0B4_d-7xL0AS_Ql9uUkpReENSSXM' -O DHCP_5.0.pm.diff
sudo cp /usr/share/perl5/EBox/DHCP.pm /usr/share/perl5/EBox/DHCP.pm.orig
sudo patch /usr/share/perl5/EBox/DHCP.pm DHCP_5.0.pm.diff
sudo systemctl restart zentyal.webadmin-nginx.service zentyal.webadmin-uwsgi.service

7
Purge is king and key.  Zentyal does not offer a purge offer in its UI.

sudo apt-get purge zentyal-ca (which also gets rid of data you created in it) including ALL data in VPN

Suggest disabling ipv6 first before reinstalling with
sudo su
sudo echo "1" > /proc/sys/net/ipv6/conf/all/disable_ipv6

The reinstall with fix-missing:
sudo apt-get install zentyal-ca --fix-missing

8
Other modules / Backup / Restore of Only Firewall Module
« on: August 14, 2017, 03:17:08 am »
I have run into situations where we wish to install Zentyal new on a server and because of our typical configuration we are always manually adding and editing the firewall services section and what is covered and what is not and on what ports...

We do not wish to 'save a backup' of an entire server, but we would really love to get a backup of those services  /  firewall settings.

Is that possible ?

Jay

9
Ah. I see.  Thank you for that follow up.  Now I know. !

10
    Hello,

    Here is the crux of the cracker.  When I save my Jabber settings or reboot the server the configuration file for Jabber (/etc/ejabberd/ejabberd.yml) is generated by Zentyal and it is wrong.

    It ends up looking something like this:

    • ldap_rootdn: "CN=zentyal-jabber-mydomainname,CN=Users,DC=domainmatter,DC=lan"
    • ldap_password: ""rDDmdsjsQrzKM/EYdvvYPN9"

    There is no user by that name in my Users list. I don't know where that user comes from and why it has ldap credentials to being with. 

    So I manually edited that file and changed the rootdn="first last" name to a user that I know exists and has Domain Admin privileges and set their password to the same one as saved in Zentyal Users for that user.

    I then restarted Jabber with sudo service ejabberd restart

I was immediately able to validate with no problems from client Pidgin IM software !!!

However any time I save Jabber, or reboot the computer, this ejabberd.yml file is changed to the WRONG credentials.

I have searched the web over and have not found this to be resolved or even discussed.

Can someone tell me where o where is this being set and how can I modify the LDAP creds coming from the Jabber module so they are correct

Here is an important foot note:

I added a new user by the name that was falsely shown in the ejabberd.yml file ie; zentyal-jabber-mydomain figuring I could set a password and maybe it would use this user. 
  • I was surprised when it gave me error and said "Accoun name zentylal-jabber-... already exists !!

So I have a phantom user but no way to control it.

What sayeth the group ?

Jay[/list]

11
I have found what is wrong here - I have not found how to solve it.

When I check the /etc/ejabberd/ejabberd.yml configuration file which is generated by Zentyal I am finding a misconfiguration

  • ldap_rootdn: "CN=zentyal-jabber-mydomainname,CN=Users,DC=domainmatter,DC=lan"
  • ldap_password: ""rDDmdsjsQrzKM/EYdvvYPN9"
They are both WRONG !

There is no user by that name in my Users list. I don't know where that user comes from and why it has ldap credentials to being with. 

So I manually edited that file and changed the rootdn="first last" name that has Domain Admin privileges and set their password to the same one as saved in Zentyal Users for that user.

I then restarted Jabber with sudo service ejabberd restart

I was immediately able to validate with no problems from client Pidgin IM software !!!

However any time I save Jabber, or reboot the computer, this ejabberd.yml file is changed to the WRONG credentials.

I have searched the web over and have not found this to be resolved or even discussed.

Can someone tell me where o where is this being set and how can I modify the LDAP creds coming from the Jabber module so they are correct

Here is an important foot note:

I added a new user by the name that was falsely shown in the ejabberd.yml file ie; zentyal-jabber-mydomain figuring I could set a password and maybe it would use this user. 
  • I was surprised when it gave me error and said "Accoun name zentylal-jabber-... already exists !!

So I have a phantom user but no way to control it.

What sayeth the group ?

Jay[/list]

12
Hello,

I have changed my servers hostname and then again... and now it is back to what it started with. 

I have found since then, Jabber will not bind to LDAP services see video?:

I took a screen shot of the servers /var/log/ejabberd/ejabberd.log flie at very moment that I tried to login with pidgin (see attached)

The video which just goes on and on shows reattempts are rejected:  https://www.youtube.com/watch?v=Q04hiVcKY2g

Credentials are correct.  They have been triple verified.

Finally, after exhausting all other avenues I unchecked Domain / File Sharing from the Zentyal Modules and completed purged and reintsalled all Jabber modules with:

    apt-get remove --purge zentyal-jabber
    apt-get remove --purge ejabberd
    apt-get autoremove --purge
    Turned off Module Domain Controller and File Sharing
    Saved everything
    Rebooted the server

When I logged in with  Pidgin and did ask me to approve the Secure Certificate which I said yes to.  However the moment I select 'Accept' it Pidgin returns error : "Lost connection with the server: Input/output error" with option to reconnect (but it will not connect)

Jabber was working with LDAP prior to the hostname changes.  Now it will not work at all. 

I do not know for sure if the LDAP errors are related to my Jabber problem of not connecting but I am suspecting it is. 

Also, I have found the file: https://github.com/processone/ejabberd/blob/master/src/eldap.erl which contains the code that spawns the error ie; report_bind_failure(S#eldap.host, S#eldap.port, Reason),

If anyone out there has run into this, I would be grateful for the solution.  Otherwise I will have to try radical maneuvers all the way up to a format reinstall. 

FOLLOW UP: Am experiencing the very same problem showing up in the nextcloud.log file of bind failure and 49.

So it's not a jabber thing, it's an ldap thing.

What sayeth the group.

Sincerely,

Jay
CompuMatter
www.compumatter.com


13
I just took over as server admin for a small business.  They ended their previous admin on a bad note.  They are afraid of him being able to remote in from the outside. 

I changed his password, ssh, sudoers etc so believe all is well.  The question I have is something in the sudoers file that I do not recognize. Since it is a Zentyal install I was wondering if someone in the group could tell me specifically if this command delivers remote access capability as I have not used remote-register myself.

See attached screen shot of the sudoers file.

john ALL = NOPASSWD:/usr/share/zenbuntu-desktop/remote-register

What sayeth the group ?

Jay
CompuMatter

Pages: [1]