Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
Email and Groupware / where is mail stored in the file system and how to back it up?
« on: January 26, 2016, 05:07:52 am »
I've got an old install of Zentyal 4.0 that is taking up 800gb of space (I have no idea).
I want to trash the whole install, but I want to extract and backup the mail there just in case we need it some day. I don't need to actually sort it or restore it: I just want to tar it up and keep it somewhere. What I don't want to do is keep burning 800gb of storage on whatever the hell Zentyal decided to use 800gb for.
Anyway, I check the sticky at the top of the page and that didn't help at all. I think I was using OpenChange in 4.0, but I'm not really sure as it has been a while now.
Where can I find the email and how can I easily back it up?
I want to trash the whole install, but I want to extract and backup the mail there just in case we need it some day. I don't need to actually sort it or restore it: I just want to tar it up and keep it somewhere. What I don't want to do is keep burning 800gb of storage on whatever the hell Zentyal decided to use 800gb for.
Anyway, I check the sticky at the top of the page and that didn't help at all. I think I was using OpenChange in 4.0, but I'm not really sure as it has been a while now.
Where can I find the email and how can I easily back it up?
2
Installation and Upgrades / zentyal install f*cked. repair install possible?
« on: January 31, 2015, 02:41:46 am »
I had a Zentyal 3.5 install that was working relatively well until a power outtage that outlasted our UPS batteries. Since then, it has been haywire.
Symptoms:
1. When connecting via SSH, I sometimes get a warning that the RSA key has changed and there may be a man-in-the-middle attack. But after several connect attempts, it will eventually connect without any warning (as if the RSA key has reverted). I am connecting on the LAN using the LAN IP, so I don't see how there could be a man-in-the-middle attack.
2. Sometimes my users simply can't login to their workstations using their domain credentials. It says invalid password. After several attempts, it will finally allow them to login. Sometimes, restarting samba or restarting Zentyal will fix this problem temporarily.
3. I believe this is related to the same authentication problem: I have an openfire (jabber) server that authenticates using the Zentyal samba. Usually, their jabber clients are telling them that the login information is incorrect, but after several attempts, it will allow them to login. Sometimes, restart samba or restarting Zentyal will fix this problem.
4. E-mail simply stops working. I can still connect to the webmail page for instance, but no emails are received and no emails go out. (Using openchange)
5. Since updating to Zentyal 4.0, the admin page at port 8443 simply gives me "Internal Server Error"
I tried updating my 3.5 install to Zentyal 4.0, but the problems persist.
I also tried migrating the samba folder to a new Zentyal install, but that doesn't seem to be working very well for me either.
Is there a procedure for doing a repair installation over an existing installation in such a way that the domain/user/email data is retained?
Symptoms:
1. When connecting via SSH, I sometimes get a warning that the RSA key has changed and there may be a man-in-the-middle attack. But after several connect attempts, it will eventually connect without any warning (as if the RSA key has reverted). I am connecting on the LAN using the LAN IP, so I don't see how there could be a man-in-the-middle attack.
2. Sometimes my users simply can't login to their workstations using their domain credentials. It says invalid password. After several attempts, it will finally allow them to login. Sometimes, restarting samba or restarting Zentyal will fix this problem temporarily.
3. I believe this is related to the same authentication problem: I have an openfire (jabber) server that authenticates using the Zentyal samba. Usually, their jabber clients are telling them that the login information is incorrect, but after several attempts, it will allow them to login. Sometimes, restart samba or restarting Zentyal will fix this problem.
4. E-mail simply stops working. I can still connect to the webmail page for instance, but no emails are received and no emails go out. (Using openchange)
5. Since updating to Zentyal 4.0, the admin page at port 8443 simply gives me "Internal Server Error"
I tried updating my 3.5 install to Zentyal 4.0, but the problems persist.
I also tried migrating the samba folder to a new Zentyal install, but that doesn't seem to be working very well for me either.
Is there a procedure for doing a repair installation over an existing installation in such a way that the domain/user/email data is retained?
3
Installation and Upgrades / Urgently/desperately need to migrate a Zentyal 4.0 install
« on: January 28, 2015, 09:20:48 am »
My Zentyal 3.5 install went haywire for no reason. Email goes up and down. Also, I have an external chat server and storage server that authenticate with the domain, and they randomly don't work anywhere. Sometimes, restarting samba fixes this; sometimes not.
I also noticed when connecting with ftp that the RSA key randomly changes from the old one, to a new one. I am connecting locally via a LAN and local IP, so I'm sure no one is spoofing the server.
All of this means that our network has been pretty unusable. I tried updating to Zentyal 4.0 and that just seemed to make everything worse. It seems fairly obscure to troubleshoot, so for the moment I'm planning to migrate everything to a fresh install.
It seems that migrating the samba/ADC part should be as easy as setting up a new Zentyal, syncing as an ADC, and then promoting the ADC to PDC.
1. How do you promote a Zentyal 4.0 ADC to PDC?
Second, I need to recreate all the openchange emails (holy pain). 2. Is there a way to migrate all the email addresses?
3. Is there a way to migrate all the email mailboxes? (folders and content)
I also noticed when connecting with ftp that the RSA key randomly changes from the old one, to a new one. I am connecting locally via a LAN and local IP, so I'm sure no one is spoofing the server.
All of this means that our network has been pretty unusable. I tried updating to Zentyal 4.0 and that just seemed to make everything worse. It seems fairly obscure to troubleshoot, so for the moment I'm planning to migrate everything to a fresh install.
It seems that migrating the samba/ADC part should be as easy as setting up a new Zentyal, syncing as an ADC, and then promoting the ADC to PDC.
1. How do you promote a Zentyal 4.0 ADC to PDC?
Second, I need to recreate all the openchange emails (holy pain). 2. Is there a way to migrate all the email addresses?
3. Is there a way to migrate all the email mailboxes? (folders and content)
4
Installation and Upgrades / Someone explain the value in paying for Zentyal
« on: November 28, 2014, 05:02:15 am »
Let's start with these basic facts:
1. I love Zentyal.
2. It still has a lot of problems. Therefore, it is nowhere near as polished, reliable, or featured as a pure Microsoft solution.
I have been using Zentyal Community edition for a while now, and I liked it enough, but also had enough problems, that I thought about paying for the supported version of Zentyal to help me iron out the wrinkles.
When I contacted Sales and requested a quote, I was given a price of about 4500 Euro or $5,600 USD PER YEAR.
This price seems excessive to me, for what you get. What exactly is this a quote for?
Zentyal Premium (for 75+ Users) with 4 "satellite" nodes.
One of my problems here is that I don't actually have 75+ Users, at least not in the sense which I think of it, which is that a "User" is a real person. Due to limitations in the email system, I DO have almost 100 defined user names in Zentyal (and will probably have more soon). But I only have about 50 real human users. The rest are departments.
For example, I have a user John.Doe@domain.com and Sally.Smith@domain.com. But both of these people work in the accounting department and I want then to be able to send and receive email from a shared account called Accounting@domain.com. In Zentyal, I have to create a new, separate user for that. And that inflates my user count and means I have to pay for Zentyal Premium (75+ users) instead of the cheaper Zentyal Professional (less than 75 users).
Microsoft on the other hand, has the perfect solution for this, shared mailboxes: http://technet.microsoft.com/en-us/library/jj150498%28v=exchg.150%29.aspx And shared mailboxes DO NOT require a separate CAL.
I basically have the following in terms of locations and users:
Office1: 10 users
Office2: 15 users
Office3: 15 users
Office4: 5 users
Office5: 5 users
So from there come my totals: 5 offices (1 main and 4 branches), 50 real human users, and 100 "users" counting departmental or similar emails.
Now, looking at a Microsoft solution, I would be paying (approximately):
5 copies of Windows Server 2012 Standard = $700 x 5 = $3,500 USD
50 Windows Server 2012 User CALs = $1,500
1 copy of of Exchange Server 2013 Standard = $1000
50 Exchange Server User CALs = $2,000
Total Cost: $8,000
So, since Microsoft licenses per actual human, and Zentyal licenses per username in the server, we are talking $8,000 one time payment and I own the software for life, or $5,600 PER YEAR and I have to keep paying for life.
I mean, if I wanted to, Microsoft even offers hosted Exchange 2013 from their own servers for $4/user/month, which for 50 users would come out to $2,400/year, which would be cheaper and better than Zentyal's offering.
As much as I hate to give Microsoft more money, I'm really struggling to see the value of Zentyal's offering over a pure Microsoft offering.
1. I love Zentyal.
2. It still has a lot of problems. Therefore, it is nowhere near as polished, reliable, or featured as a pure Microsoft solution.
I have been using Zentyal Community edition for a while now, and I liked it enough, but also had enough problems, that I thought about paying for the supported version of Zentyal to help me iron out the wrinkles.
When I contacted Sales and requested a quote, I was given a price of about 4500 Euro or $5,600 USD PER YEAR.
This price seems excessive to me, for what you get. What exactly is this a quote for?
Zentyal Premium (for 75+ Users) with 4 "satellite" nodes.
One of my problems here is that I don't actually have 75+ Users, at least not in the sense which I think of it, which is that a "User" is a real person. Due to limitations in the email system, I DO have almost 100 defined user names in Zentyal (and will probably have more soon). But I only have about 50 real human users. The rest are departments.
For example, I have a user John.Doe@domain.com and Sally.Smith@domain.com. But both of these people work in the accounting department and I want then to be able to send and receive email from a shared account called Accounting@domain.com. In Zentyal, I have to create a new, separate user for that. And that inflates my user count and means I have to pay for Zentyal Premium (75+ users) instead of the cheaper Zentyal Professional (less than 75 users).
Microsoft on the other hand, has the perfect solution for this, shared mailboxes: http://technet.microsoft.com/en-us/library/jj150498%28v=exchg.150%29.aspx And shared mailboxes DO NOT require a separate CAL.
I basically have the following in terms of locations and users:
Office1: 10 users
Office2: 15 users
Office3: 15 users
Office4: 5 users
Office5: 5 users
So from there come my totals: 5 offices (1 main and 4 branches), 50 real human users, and 100 "users" counting departmental or similar emails.
Now, looking at a Microsoft solution, I would be paying (approximately):
5 copies of Windows Server 2012 Standard = $700 x 5 = $3,500 USD
50 Windows Server 2012 User CALs = $1,500
1 copy of of Exchange Server 2013 Standard = $1000
50 Exchange Server User CALs = $2,000
Total Cost: $8,000
So, since Microsoft licenses per actual human, and Zentyal licenses per username in the server, we are talking $8,000 one time payment and I own the software for life, or $5,600 PER YEAR and I have to keep paying for life.
I mean, if I wanted to, Microsoft even offers hosted Exchange 2013 from their own servers for $4/user/month, which for 50 users would come out to $2,400/year, which would be cheaper and better than Zentyal's offering.
As much as I hate to give Microsoft more money, I'm really struggling to see the value of Zentyal's offering over a pure Microsoft offering.
5
Installation and Upgrades / what is "hstn4" under DNS -> Domain -> Nameservers?
« on: September 23, 2014, 03:33:47 am »
I have a PDC and an ADC
Under DNS -> Domain (my local domain) -> Nameservers, I have a new entry, only on my PDC, that is called
hstn4
This doesn't exist on my ADC. On the other hand, only my PDC is running Openchange so maybe it has something to do with that.
Under DNS -> Domain (my local domain) -> Nameservers, I have a new entry, only on my PDC, that is called
hstn4
This doesn't exist on my ADC. On the other hand, only my PDC is running Openchange so maybe it has something to do with that.
6
Installation and Upgrades / [Solved] openfire AD integration with Zentyal
« on: September 20, 2014, 04:39:12 am »
I have Openfire 3.9.3 running on Ubuntu 14 LTS on one server
And I have Zentyal 3.5 on another server.
I'm trying to do the config part and connect my Openfire to my Zentyal PDC. There don't seem to be many options here, but it seems to not be working.
So here are the settings I'm using:
Type: Active Directory
Hostname: IPof.My.Zentyal.Server (I'm using a local IP since they are on the same LAN)
Port: 389
Base DN: CN=Users,DC=local,DC=mydomain,DC=com
Administrator DN: CN=Adminname,CN=Users,DC=local,DC=mydomain,DC=com
Password=Adminname'sPW
It seems pretty straight forward. Am I missing something here?
I've successfully joined a NAS and several Windows Workstations to this same Zentyal box, but all using a username@local.mydomain.com + password authentication scheme. This is the first time I am using a DN authentication scheme, but again, it seems pretty straightforward...
Is there anywhere I can check for a little more info on what is happening behind the scenes? The only way I can progress past this point is if I get some error codes or something. I tried looking in /var/log/zentyal and /var/log/samba, but I don't see anything about AD connection attempts...
And I have Zentyal 3.5 on another server.
I'm trying to do the config part and connect my Openfire to my Zentyal PDC. There don't seem to be many options here, but it seems to not be working.
So here are the settings I'm using:
Type: Active Directory
Hostname: IPof.My.Zentyal.Server (I'm using a local IP since they are on the same LAN)
Port: 389
Base DN: CN=Users,DC=local,DC=mydomain,DC=com
Administrator DN: CN=Adminname,CN=Users,DC=local,DC=mydomain,DC=com
Password=Adminname'sPW
It seems pretty straight forward. Am I missing something here?
I've successfully joined a NAS and several Windows Workstations to this same Zentyal box, but all using a username@local.mydomain.com + password authentication scheme. This is the first time I am using a DN authentication scheme, but again, it seems pretty straightforward...
Is there anywhere I can check for a little more info on what is happening behind the scenes? The only way I can progress past this point is if I get some error codes or something. I tried looking in /var/log/zentyal and /var/log/samba, but I don't see anything about AD connection attempts...
7
Installation and Upgrades / how often/when do Zentyal servers replicate?
« on: September 17, 2014, 10:47:49 pm »
I have a PDC and an ADC connected over a VPN.
How often and when do they replicate?
Is there any way to force a replication right now?
Is there a reason why it seems like my PDC replicates to my ADC but not the other way around?
How often and when do they replicate?
Is there any way to force a replication right now?
Is there a reason why it seems like my PDC replicates to my ADC but not the other way around?
8
Installation and Upgrades / [Solved] how to setup a virtual interface on eth0 (standalone server)
« on: September 16, 2014, 07:50:26 pm »
I see under Network -> Interfaces, I have the option to create a Virtual Interface on my LAN port. This should be simple but what keeps throwing me is the "Name" field and there is no guidance either in the webadmin or in the online documentation, except for the errors I get.
I tried putting a descriptive name like: "Secondary.Connection" and Zentyal said NO: Invalid value for Virtual interface name
I tried putting a linux name like "eth0:1" and Zentyal said NO: Invalid value for Virtual interface name
I tried putting a useless name like "abcd" and finally Zentyal said YES.
"1" also worked.
Is this correct?
I tried putting a descriptive name like: "Secondary.Connection" and Zentyal said NO: Invalid value for Virtual interface name
I tried putting a linux name like "eth0:1" and Zentyal said NO: Invalid value for Virtual interface name
I tried putting a useless name like "abcd" and finally Zentyal said YES.
"1" also worked.
Is this correct?
9
Installation and Upgrades / question about Zentyal replication and AD authentication
« on: September 13, 2014, 02:50:11 am »
Here is my setup
Network1 is connected to Network2 by a VPN
Network1 has ZenServ1 and Network2 has ZenServ2
Important Edit: Both ZenServ1 and ZenServ2 are running Zentyal 3.5
ZenServ1 is the Primary Domain Controller, and I setup ZenServ2 to connect over the VPN as an Additional Domain Controller
On initial connection, I saw all the same users and groups and everything was great.
I also have two Synology boxes, we can call them NAS1 and NAS2, also located at Network1 and Network2 respectively.
NAS1 has already authenticated with ZenServ1 and can also see all the Domain users and groups: great.
NAS2 is new at Network2, so, after reading that Zentyal should do two-way replication, I created a new Domain Admin user for NAS2 on ZenServ2. I then tried connecting NAS2 to the domain using ZenServ2's info as the Domain controller. I was unsuccessful.
I then noticed that when browsing ZenServ1's Users and Groups, NAS2 did not appear in the list even though it was in the list on ZenServ2.
Question 1: How long does it take for a newly created user on an Additional Domain Controller to replicate to the Primary Domain Controller?
Question 1b: How long does it take for a newly created user on the Primary Domain Controller to replicate to Additional Domain Controllers?
Question 2: Is there a way to force replication of all servers?
Question 3: Does the lack of replication to the Primary Domain Controller explain why my NAS2 could not authenticate with ZenServ2? It actually doesn't make sense that that would cause a problem since NAS2 DID in fact exist in the local list of Users and Groups.
Continuing: I decided to try a different approach. I deleted NAS2 from ZenServ2 and created it again directly on ZenServ1 (the Primary Domain Controller). I then directed NAS2 to connect to the domain, over the VPN, by using ZenServ1. This time, everything worked great. However, on an additional note, NAS2 has yet to show up as a user on ZenServ2.
Question 4: Why does NAS2 authenticate successfully with ZenServ1 but not ZenServ2?
Question 5: How can I get my NAS2 to authenticate to ZenServ2 which is on the same LAN, rather than to ZenServ1 which is on the sometimes-less-reliable VPN? It seems silly to have an Additional Domain Controller if I can't use it to authenticate locally.
Network1 is connected to Network2 by a VPN
Network1 has ZenServ1 and Network2 has ZenServ2
Important Edit: Both ZenServ1 and ZenServ2 are running Zentyal 3.5
ZenServ1 is the Primary Domain Controller, and I setup ZenServ2 to connect over the VPN as an Additional Domain Controller
On initial connection, I saw all the same users and groups and everything was great.
I also have two Synology boxes, we can call them NAS1 and NAS2, also located at Network1 and Network2 respectively.
NAS1 has already authenticated with ZenServ1 and can also see all the Domain users and groups: great.
NAS2 is new at Network2, so, after reading that Zentyal should do two-way replication, I created a new Domain Admin user for NAS2 on ZenServ2. I then tried connecting NAS2 to the domain using ZenServ2's info as the Domain controller. I was unsuccessful.
I then noticed that when browsing ZenServ1's Users and Groups, NAS2 did not appear in the list even though it was in the list on ZenServ2.
Question 1: How long does it take for a newly created user on an Additional Domain Controller to replicate to the Primary Domain Controller?
Question 1b: How long does it take for a newly created user on the Primary Domain Controller to replicate to Additional Domain Controllers?
Question 2: Is there a way to force replication of all servers?
Question 3: Does the lack of replication to the Primary Domain Controller explain why my NAS2 could not authenticate with ZenServ2? It actually doesn't make sense that that would cause a problem since NAS2 DID in fact exist in the local list of Users and Groups.
Continuing: I decided to try a different approach. I deleted NAS2 from ZenServ2 and created it again directly on ZenServ1 (the Primary Domain Controller). I then directed NAS2 to connect to the domain, over the VPN, by using ZenServ1. This time, everything worked great. However, on an additional note, NAS2 has yet to show up as a user on ZenServ2.
Question 4: Why does NAS2 authenticate successfully with ZenServ1 but not ZenServ2?
Question 5: How can I get my NAS2 to authenticate to ZenServ2 which is on the same LAN, rather than to ZenServ1 which is on the sometimes-less-reliable VPN? It seems silly to have an Additional Domain Controller if I can't use it to authenticate locally.
10
Installation and Upgrades / How to configure Zentyal 3.5 firewall for email?
« on: August 19, 2014, 02:55:42 am »
I am running Zentyal 3.2 on a different machine (I've been running it since 3.0) and I seem to remember that the Firewall had services for mail predefined. No longer it seems?
I set up a new test box running 3.5. It is set as standalone (only one internal NIC). My gateway is doing 1-to-1 NAT which makes the Zentyal accessible to the outside world.
When the Firewall is up, I can't receive any email. When I turn the Firewall off, I get email.
I already tried creating a Network service called "Mail" which consists of ACCEPT ANY for TCP on ports 25, 465, and 587. I then added that service to both "Filtering rules for External Networks to Zentyal" and "Filtering rules for Internal Networks to Zentyal". Saved changes. Still doesn't seem to work. What am I missing?
I set up a new test box running 3.5. It is set as standalone (only one internal NIC). My gateway is doing 1-to-1 NAT which makes the Zentyal accessible to the outside world.
When the Firewall is up, I can't receive any email. When I turn the Firewall off, I get email.
I already tried creating a Network service called "Mail" which consists of ACCEPT ANY for TCP on ports 25, 465, and 587. I then added that service to both "Filtering rules for External Networks to Zentyal" and "Filtering rules for Internal Networks to Zentyal". Saved changes. Still doesn't seem to work. What am I missing?
11
Installation and Upgrades / where do you manage your registered community edition servers?
« on: August 18, 2014, 05:13:26 pm »
I am trying to register a newly setup Zentyal server but it says I have already reached the max of 5.
The thing is, I only have one other operational Zentyal server, so those other 4 must be old implementations or tests. I have no idea how or where to login and manage my list of registered Zentyal servers. This website is not very well designed as far as navigation...
The thing is, I only have one other operational Zentyal server, so those other 4 must be old implementations or tests. I have no idea how or where to login and manage my list of registered Zentyal servers. This website is not very well designed as far as navigation...
12
Installation and Upgrades / has the issue with upgrading from Zentyal 3.2 to 3.3 and Zarafa been resolved?
« on: January 07, 2014, 12:13:05 pm »
I want to try to update from 3.2 to 3.3, but I am very worried about this oft-reported problem (which seems to have no posted solution?)
http://forum.zentyal.org/index.php?topic=19520.0
http://forum.zentyal.org/index.php?topic=19402.0
http://forum.zentyal.org/index.php?topic=19381.0
http://forum.zentyal.org/index.php?topic=19391.0
http://forum.zentyal.org/index.php?topic=19520.0
http://forum.zentyal.org/index.php?topic=19402.0
http://forum.zentyal.org/index.php?topic=19381.0
http://forum.zentyal.org/index.php?topic=19391.0
13
Installation and Upgrades / error when adding/starting mailfilter module
« on: December 26, 2013, 09:04:10 pm »
added antivirus and mailfilter package to existing 3.0.32 installation
started antivirus package successfully (*)
trying to start mailfilter from admin interface, and get a message about a failure and to check logs. zentyal.log shows following:
(*)actually on initial attempt to start antivirus module, the web admin stopped responding. additionally, sudo /etc/init.d/zentyal restart was completely unresponsive through ssh. additionally, sudo shutdown -r now was also unsuccessful. had to hard reboot the server to get everything working again. but antivirus module did start without errors after reboot. unfortunately in the admin interface, it said that the antivirus database had never been updated. i decided to uninstall the antivirus module and then reinstall it again, and had no problems with the antivirus module - no freezes, no problems starting, and the web admin said it was up to date. this did not fix the mail filter problem however
started antivirus package successfully (*)
trying to start mailfilter from admin interface, and get a message about a failure and to check logs. zentyal.log shows following:
Code: [Select]
2013/12/26 14:51:50 ERROR> Sudo.pm:233 EBox::Sudo::_rootError - root command /bin/cat /var/lib/zentyal/conf/sa-mysql.passwd failed.
Error output: /bin/cat: /var/lib/zentyal/conf/sa-mysql.passwd: No such file or directory
Command output: .
Exit value: 1
2013/12/26 14:51:50 ERROR> GlobalImpl.pm:654 EBox::GlobalImpl::__ANON__ - Failed to save changes in module mailfilter: root command /bin/cat /var/lib/zentyal/conf/sa-mysql.passwd failed.
Error output: /bin/cat: /var/lib/zentyal/conf/sa-mysql.passwd: No such file or directory
Command output: .
Exit value: 1
2013/12/26 14:51:50 INFO> Base.pm:230 EBox::Module::Base::save - Restarting service for module: logs
2013/12/26 14:51:50 ERROR> GlobalImpl.pm:711 EBox::GlobalImpl::saveAllModules - The following modules failed while saving their changes, their state is unknown: mailfilter
(*)actually on initial attempt to start antivirus module, the web admin stopped responding. additionally, sudo /etc/init.d/zentyal restart was completely unresponsive through ssh. additionally, sudo shutdown -r now was also unsuccessful. had to hard reboot the server to get everything working again. but antivirus module did start without errors after reboot. unfortunately in the admin interface, it said that the antivirus database had never been updated. i decided to uninstall the antivirus module and then reinstall it again, and had no problems with the antivirus module - no freezes, no problems starting, and the web admin said it was up to date. this did not fix the mail filter problem however
14
Installation and Upgrades / [SOLVED] where are the SSL certificates for the user corner located?
« on: December 12, 2013, 08:26:09 pm »
Edit2: Simple solution. Under the Certificate Authority section of the admin interface, and under Service Certificates, you must disable the certificate for the user corner. This will allow you to use your own certificate and not have Zentyal overwrite it with its own self-signed certificate. This seems pretty obvious but it slipped past me. This also applies to the mail certificates as well (you should disable them in the Zentyal CA if you are using your own certificate files).
Edit1: UPDATE - After more investigation, the file ssl.pem located in /var/lib/zentyal-usercorner/ssl/ is definitely the key to this mystery. I have replaced this file with my own purchased certificate; HOWEVER, after performing a sudo /etc/init.d/zentyal restart, THIS FILE GETS AUTOMAGICALLY OVERWRITTEN WITH ZENTYAL'S SELF-SIGNED CERTIFICATE. How can I prevent this from happening?
Original post below
==================
I am using Zentyal Server core 3.0.31 with all packages updated to latest.
I have installed a wildcard SSL certificate and I have it successfully working for:
Additional resources: http://forum.zentyal.org/index.php?topic=9208.0 (note that almost all these links are communicating nearly the same ideas, the only differences really are where the SSL certificates are stored).
Creating combined certificate files (*.pem): http://www.digicert.com/ssl-support/pem-ssl-creation.htm
I CANNOT get it to work for the User Corner page.
I have tried
Every time I try to access the user corner, it still shows that it is the old SSL certificate issued by the local CA with a 10 year expiration date (my purchased SSL certificate only has a 1 year expiration).
I have of course restarted Apache and even tried restarting all of Zentyal. No luck. The old certificate persists so it must be hiding in a different location.
What am I missing?
Edit1: UPDATE - After more investigation, the file ssl.pem located in /var/lib/zentyal-usercorner/ssl/ is definitely the key to this mystery. I have replaced this file with my own purchased certificate; HOWEVER, after performing a sudo /etc/init.d/zentyal restart, THIS FILE GETS AUTOMAGICALLY OVERWRITTEN WITH ZENTYAL'S SELF-SIGNED CERTIFICATE. How can I prevent this from happening?
Original post below
==================
I am using Zentyal Server core 3.0.31 with all packages updated to latest.
I have installed a wildcard SSL certificate and I have it successfully working for:
- the admin interface (followed this guide mostly http://forum.zentyal.org/index.php?topic=616.0)
- the external web server (followed this guide mostly http://forum.zentyal.org/index.php/topic,17046.new.html)
- the zarafa web access page (followed this guide mostly http://www.zarafa.com/wiki/index.php/Securing_Zarafa_WebAccess_with_SSL)
- incoming and outgoing email servers (using the file locations provided here http://forum.zentyal.org/index.php?topic=11444.0)
Additional resources: http://forum.zentyal.org/index.php?topic=9208.0 (note that almost all these links are communicating nearly the same ideas, the only differences really are where the SSL certificates are stored).
Creating combined certificate files (*.pem): http://www.digicert.com/ssl-support/pem-ssl-creation.htm
I CANNOT get it to work for the User Corner page.
I have tried
- editing /etc/apache2/sites-available/users.domainname.com (adding <Virtualhost> SSLEngine On, SSLCertificateFile, SSLCertificateKeyFile, SSLCertificateChainFile </Virtualhost> )
- replacing ssl.cert, ssl.key, and ssl.pem in /var/lib/zentyal-usercorner/ssl/
Every time I try to access the user corner, it still shows that it is the old SSL certificate issued by the local CA with a 10 year expiration date (my purchased SSL certificate only has a 1 year expiration).
I have of course restarted Apache and even tried restarting all of Zentyal. No luck. The old certificate persists so it must be hiding in a different location.
What am I missing?
15
Installation and Upgrades / trying to get Zentyal Additional Domain Controller to join Zentyal DC
« on: September 20, 2013, 02:24:41 am »
I am following this guide http://trac.zentyal.org/wiki/Documentation/Community/Document/MultipleZentyal to try and get my Zentyal box to join with another Zentyal box running as the Domain Controller. Everything seems to be working fine, except that I am getting a frustratingly simple error when I try to start the File Sharing service from the Dashboard:
Could not bind to AD LDAP server (Simple Bind Failed: NT_STATUS_LOGON_FAILURE).Please check the supplied credentials.
This seems like a simple case of wrong username or password. But I am 100% sure that I am using the right username and password (spelling, capitalization, everything), the user exists on the primary Domain Controller, and the user is a member of the "Domain Admins" group on the primary Domain Controller. I'm thinking there may be an issue with the formatting of the File Sharing login information (for example, I have tried "Username", "Username@domain.com" and "domain.com\Username" as the login info), but I still get the same error. Can anyone give me a clue?
Could not bind to AD LDAP server (Simple Bind Failed: NT_STATUS_LOGON_FAILURE).Please check the supplied credentials.
This seems like a simple case of wrong username or password. But I am 100% sure that I am using the right username and password (spelling, capitalization, everything), the user exists on the primary Domain Controller, and the user is a member of the "Domain Admins" group on the primary Domain Controller. I'm thinking there may be an issue with the formatting of the File Sharing login information (for example, I have tried "Username", "Username@domain.com" and "domain.com\Username" as the login info), but I still get the same error. Can anyone give me a clue?
Pages: [1] 2