Messages

1

Installation and Upgrades / Re: [howto] replace courier with dovecot

« on: February 18, 2009, 10:54:59 pm »

Hello again. 4 months on and the server has been rock solid with dovecot, certainly very happy with it. The only niggling problem I have with it is that I can't install the ebox-mail-filter package. I would really like to add the spam filter back onto the server, as I used to be very happy with its performace pre-ebox.

The package has dependancies with ebox-mail and wont be satisfied with ebox-mail-dovecot so wont install.

I'll have a go at installing it manually on the backup server as a test, but by memory it's got quite a few steps to getting it going (spamassassin/amavis/clamav) and I can't afford any downtime on the main server.

Cheers,
Andrew

2

Installation and Upgrades / Re: logon script II

« on: November 17, 2008, 11:11:13 pm »

I use group policy on my server, ser up as per: http://wiki.samba.org/index.php/Implementing_System_Policies_with_Samba It handles my-documents redirection and a host of other stuff.

I never worked out how to make a default profile for new users however, that would be handy as well.

You basically have to get a copy of poledit.exe, and use it to make a NTConfig.POL file and just copy it next to your login script (/home/samba/netlogon). Windows xp clients at least seem to pull the settings down just fine without any extra intervention.

Andrew

3

Installation and Upgrades / Re: [howto] replace courier with dovecot

« on: November 17, 2008, 10:54:04 pm »

It looks to me that the problem is in the mail-filter module, "EBox::Events::Model::Watcher::LogFiltering" and more specifically the logging if it. I never got around to reinstalling the mail-filter module on our system here after the dovecot change, so you should try uninstalling it for a start. 'apt-get remove ebox-mail-filter' should work I think. Then give it a go, see if that fixes the problem.

If that does work, you could try reinstalling it if you want to use it, and if it still doesn't work then there's obviously some incompatibilty between them, and you'll have to wait until a maintainer comes along to help (or open a ticket in the bug tracker).

I'm not directly involved in the programming of ebox myself, and don't have much time around work to learn enough to get into the depth of it.

Good Luck!
Andrew

4

Installation and Upgrades / Re: [howto] replace courier with dovecot

« on: November 17, 2008, 09:21:02 pm »

The log file to check first is /var/log/ebox/ebox.log and /var/log/ebox/error.log
They should hopefully point to which part of the module is throwing the error. You may have to wade through a log of firewall and ldap messages to find the right one, I suggest trying to save changes again and then immediately checking the logs.

Andrew

5

Installation and Upgrades / Re: Can the dns server for domain be changed?

« on: October 30, 2008, 09:53:38 pm »

Yeah, I like the sound of that. My dns server has been happy with manual changes to date, I haven't had to add any records to it so it's sitting as is. I don't really care about the reverse lookups, although I guess other servers on the internet might. As far as I know though, if a reverse is done on our external ip the reverse lookup is supplied by our isp, it doesn't get to our server.

The only other thing I think the dns module needs is a box to add in secondary nameservers, I get our secondary nameserver provided for free by twisted4life.com, and have to manually add it into the dns record (   NS ns1.twisted4life.com.   ;nameserver ) under the ebox added one.
Should that be added to a separate ticket, I guess it probably should?

Regards,
Andrew

6

Installation and Upgrades / Re: [howto] replace courier with dovecot

« on: October 30, 2008, 09:47:09 pm »

Just another update, best part of a month gone since doing this, and our email server has been rock solid ever since, never a single problem logging into the dovecot pop/imap server on SSL ports (which I try to ensure all our users use).

Definitely recommend migrating the dovecot package into the standard ebox package.

Andrew

7

Installation and Upgrades / Re: Minor problem with ebox web interface in Safari

« on: October 30, 2008, 09:43:33 pm »

Submitted Ticket #1144
Hope I gave enough details for a legit bug report.

Andrew

8

Installation and Upgrades / Re: Minor problem with ebox web interface in Safari

« on: October 30, 2008, 09:38:03 pm »

When I first looked at that (ages ago) I saw the login link but no sign up link, and assumed it wasn't open to the public. I now loo closer and see that you don't need to log in, so yeah, I'll try to use it in future :-P

9

Installation and Upgrades / Re: Printer Issues

« on: October 29, 2008, 01:56:58 pm »

Awesome, that's good to hear. I tried to look into adding my printers to the foomatic database to get them working, although raw turned out to work better for me anyway, so it's nice to hear it's coming. I wanted to figure out how to add a check box into the web interface myself to change it to raw, but couldn't really find my way around the code, and I couldn't spend too long at work playing with it.

Cheers,
Andrew

10

Installation and Upgrades / Printer Issues

« on: October 29, 2008, 03:13:51 am »

Well, I've finally got my printers all working in the domain environment, but I had to circumvent ebox to do it. I've got a laserjet 5N (which does not support postscript, but ebox only let me use postscript driver - no work), a HP M2727 (which basically worked ok) and a HP CP1518n (which ebox did not have in it's list of printers, but cups admin webpage did).

Basically ebox's method of supplying a list of printer makes/models is quite incomplete, I had a couple of printers I could not get working though this interface. The printers are however listed in the printer add menus for the cups web admin.

Would it be possible to basically replace the ebox printer add code with that from the cups web admin?

Aside from that, the biggest change I've made is via the cups admin (ie I won't t be able to do anything with the ebox printer admin without killing my changes), and I've set all the printers to raw driver. In cups admin, raw comes up in the list of manufacturers, so instead of selecting HP for example, I select RAW. This is great, because I can then use the point'n'print stuff to automatically install the printer drivers onto the server from any windows box, and then all the printers work with auto install of real drivers on any other windows box (which is what everyone but me uses on the domain).

Is there any easy way to add raw driver as an option in the ebox interface, then I can go back to using ebox to manage my printers, and not have to tip-toe around it?

Cheers,
Andrew

11

Installation and Upgrades / Re: firewall rules , help me is important

« on: October 21, 2008, 11:59:00 pm »

In current versions of ebox you need to add the destination as a service (make a new service, then press the other icon to configure the newly created services, and make an entry from anywhere -> to the first ip below, and a second entry from anywhere -> to the second ip below. Then in firewall packet filter you add an new entry and your new service will be in the drop-down list. You'lll need to add the service to the filter that's access from external to internal I think, and the one from internal to external. I might have the tables wrong though, I'm a biy fuzzy minded at the moment.

Andrew

12

Installation and Upgrades / Re: Cannot join samba domain

« on: October 21, 2008, 11:52:05 pm »

I have managed to make it work, by manually giving my user extra samba priviledges.
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html
I went through and did:

Code: [Select]

net rpc rights grant <user> SeMachineAccountPrivilege
net rpc rights grant <user> SePrintOperatorPrivilege
net rpc rights grant <user> SeAddUsersPrivilege
net rpc rights grant <user> SeRemoteShutdownPrivilege
net rpc rights grant <user> SeDiskOperatorPrivilege
net rpc rights grant <user> SeTakeOwnershipPrivilegeAnd that fixed the access denied. I'm sure I've unticked and reticked the file sharing admin in ebox on the user before, and when I did a group list earlier my user was in Domain Admins, so maybe somehow the Domain Admins group had missed getting the priviledges attached to it. I should probably go though an grant the group all the privivedges too. I haven't tried logging on as a different user yet, I'm trying to get the default user profiles set up before I use another user to test it.

In the ebox webinterface, it reports ebox as version 0.12, how can I check versions of individual modules? As far as I can tell everything else is up to date, I had already tried updating samba and smbldap-tools and the'yre all fine. I'm really not sure how this could have eneded up broken in the first place.

Cheers,
Andrew

13

Installation and Upgrades / Cannot join samba domain

« on: October 20, 2008, 01:40:18 am »

Hello,
I'm running an ebox 0.12 system in PDC file sharing mode, and cannot add machines to the domain. It's an authrntication issue that I can't seem to troubleshoot. I can however connect to the server shares and the users authenticate fine that way.

Trying to conenct the computer names 'sleakwin' (win xp sp2) to the domain through system properties brings up the user name login box, I put in a user with file sharing authentication rights ticked in ebox, and get the "The user name could not be found".

Looking in /var/log/samba/sleakwin :

Code: [Select]

[2008/10/20 10:03:08, 0] auth/auth_util.c:create_builtin_administrators(792)
  create_builtin_administrators: Failed to create Administrators
[2008/10/20 10:03:08, 0] auth/auth_util.c:create_builtin_users(758)
  create_builtin_users: Failed to create Users
[2008/10/20 10:03:09, 0] auth/auth_util.c:create_builtin_administrators(792)
  create_builtin_administrators: Failed to create Administrators
[2008/10/20 10:03:09, 0] auth/auth_util.c:create_builtin_users(758)
  create_builtin_users: Failed to create Users
Error: modifications require authentication at /usr/share/perl5/smbldap_tools.pm line 1083.
[2008/10/20 10:03:10, 0] passdb/pdb_interface.c:pdb_default_create_user(329)
  _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w "sleakwin$"' gave 127
I run /usr/sbin/smbldap-useradd -w "sleakwin$" manually (logged in as root) and it works fine, running it a second time gives a user already exists error, so that's ok. But then back in windows when I try to join the domain again I get "Access is denied".
The log now has:

Code: [Select]

[2008/10/20 10:21:27, 0] auth/auth_util.c:create_builtin_administrators(792)
  create_builtin_administrators: Failed to create Administrators
[2008/10/20 10:21:27, 0] auth/auth_util.c:create_builtin_users(758)
  create_builtin_users: Failed to create Users
[2008/10/20 10:30:49, 0] auth/auth_util.c:create_builtin_administrators(792)
  create_builtin_administrators: Failed to create Administrators
[2008/10/20 10:30:49, 0] auth/auth_util.c:create_builtin_users(758)
  create_builtin_users: Failed to create Users
[2008/10/20 10:30:50, 0] auth/auth_util.c:create_builtin_administrators(792)
  create_builtin_administrators: Failed to create Administrators
[2008/10/20 10:30:50, 0] auth/auth_util.c:create_builtin_users(758)
  create_builtin_users: Failed to create Users
[2008/10/20 10:30:50, 0] lib/smbldap.c:smbldap_open(1014)
  smbldap_open: cannot access LDAP when not root..
So it appears that whatever it is trying to run the domain login stuff doesn't have authentication to the ldap, but I don't know which piece of software that is. I checked the /etc/smbldap-tools/smbldap_bind.conf file and it has the same dn/passwords as /etc/ldap/slapd.conf but I don't know what to look at next.

Any ideas?

Regards,
Andrew

14

Installation and Upgrades / Re: Minor problem with ebox web interface in Safari

« on: October 16, 2008, 11:48:50 pm »

Hehe,
No stress, I know what it's like getting complex websites working cross platform, it can be a nightmare at times. It's usually ie with the issues though, generally safari and firefox are both up to spec enough to have similar compatibility.

Either way, it's nice to have it on the bug tracker.

Cheers,
Andrew

15

Installation and Upgrades / Re: Minor problem with ebox web interface in Safari

« on: October 15, 2008, 02:25:08 am »

Actually I tell a lie, putting the anchor into the url manually does not bring up the advanced tab, it just stays on the basic tab. The only way I can get the advanced options is use firefox, which I can deal with.

Andrew