Recent Posts

Pages: 1 ... 6 7 [8] 9 10
71
Installation and Upgrades / Re: Upgrade 7.0.9 to 7.1 is blocked by pending update
« Last post by alfonsSF on October 18, 2023, 01:58:24 am »
I had the same problem and  I updated first with apt update & apt upgrade.
Then tried again to upgrade from 7.0 to 7.1

And it works
72
UPDATE

The issue seems to be linked to a conflict between netplan.io and nplan:

Code: [Select]
sudo apt depends netplan.io
netplan.io
  Depends: libc6 (>= 2.27)
  Depends: libglib2.0-0 (>= 2.33.14)
  Depends: libnetplan0 (= 0.104-0ubuntu2~20.04.2)
  Depends: libsystemd0 (>= 243)
  Depends: iproute2
  Depends: python3
  Depends: python3-yaml
  Depends: python3-netifaces
  Depends: systemd (>= 245.4-4ubuntu3.8)
  Conflicts: <netplan>
  Breaks: network-manager (<< 1.2.2-1)
  Breaks: <nplan> (<< 0.34~)
 |Suggests: network-manager
  Suggests: wpasupplicant
  Suggests: openvswitch-switch
  Replaces: <nplan> (<< 0.34~)

and it conflicts with zentyal-network component:

Code: [Select]
sudo apt rdepends netplan.io
netplan.io
Reverse Depends:
  Breaks: initramfs-tools (<< 0.37)
 |Depends: cloud-init
  Conflicts: zentyal-network
  Depends: cloud-init
  Depends: ubuntu-minimal
  Breaks: initramfs-tools (<< 0.37)
  Depends: cloud-init
  Depends: ubuntu-minimal
  Depends: cloud-init

Best Regards,

Lars
73
Installation and Upgrades / Zentyal 7.1 how to get TLS1.1 back?
« Last post by Zhmak on October 17, 2023, 07:44:24 am »
Old school Windows XP mail clients like Outlook Express can't connect to server due TLS1.2 as minimal required security level.

Tried to lower minimum TLS level in dovecot in
/etc/dovecot/conf.d/10-ssl.conf by
Code: [Select]
ssl_min_protocol = TLSv1.1
also set in /etc/ssl/
Code: [Select]
[ default_conf ]
ssl_conf = ssl_sect

[ ssl_sect ]
system_default = system_default_sect

[ system_default_sect ]
MinProtocol = TLSv1
# Be less secure when negotiating ciphers, verifying certificates, etc.
CipherString = DEFAULT@SECLEVEL=1

After restarting dovecot still got ssl error

Code: [Select]
openssl s_client -connect my.server.com:995 -tls1_1
CONNECTED(00000003)
4057F8C89C7F0000:error:0A0000BF:SSL routines:tls_setup_handshake:no protocols available:../ssl/statem/statem_lib.c:104:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 7 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

When I try to lower TLS at postfix config having same behavior on 465 port.

Is Zentyal has specific TLS settings?
74
Присоединяюсь к вопросу.
Zentyal 7.1 на ubuntu 20.04 openssl 1.1.1f
Отключены TLS ниже 1.2, древние клиенты под Windows XP не могут подключиться к серверу.

Вроде как в Ubuntu 20.04 отключена поддержка старых TLS, но как их включить? Добавление в /etc/ssh/openssl.cnf секций:

[ default_conf ]
ssl_conf = ssl_sect

[ ssl_sect ]
system_default = system_default_sect

[ system_default_sect ]
MinProtocol = TLSv1
# Be less secure when negotiating ciphers, verifying certificates, etc.
CipherString = DEFAULT@SECLEVEL=1

И последующий перезапуск dovecot не приводит к нужному эффекту - работает tls1.2 и новее.
75
Directory and Authentication / Kerberos: Failed to decrypt PA-DATA
« Last post by vikaskiranjain on October 11, 2023, 05:20:47 am »
I Have create Ubuntu 20.04 Server and Installed 7.1.0 Zentyal

While i Join Domain with PDC after Joining all User Getting Error


[2023/10/11 08:46:54.321752,  3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Failed to decrypt PA-DATA -- 55301mntcupppc$@AD.MICROTEK.INTERNAL (enctype arcfour-hmac-md5) error Decrypt integrity check failed
[2023/10/11 08:46:54.321981,  1] ../../source4/dsdb/common/util.c:5617(dsdb_update_bad_pwd_count)
  Locked out user CN=55301MNTCUPPPC,CN=Computers,DC=ad,DC=microtek,DC=internal after 47 wrong passwords


[2023/10/11 08:46:54.272376,  2] ../../auth/auth_log.c:647(log_authentication_event_human_readable)
  Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)]\[55301mntcupppc$@AD.MICROTEK.INTERNAL] at [Wed, 11 Oct 2023 08:46:54.272318 IST] with [arcfour-hmac-md5] status [NT_STATUS_WRONG_PASSWORD] workstation [(null)] remote host [ipv4:192.168.16.89:49756] mapped to [AD]\[55301MNTCUPPPC$]. local host [NULL]
  {"timestamp": "2023-10-11T08:46:54.272543+0530", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "32c716a90cb1fb1d", "logonType": 3, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": null, "remoteAddress": "ipv4:192.168.16.89:49756", "serviceDescription": "Kerberos KDC", "authDescription": "ENC-TS Pre-authentication", "clientDomain": null, "clientAccount": "55301mntcupppc$@AD.MICROTEK.INTERNAL", "workstation": null, "becameAccount": "55301MNTCUPPPC$", "becameDomain": "AD", "becameSid": "S-1-5-21-3489530925-429339997-2783579675-2262", "mappedAccount": "55301MNTCUPPPC$", "mappedDomain": "AD", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "arcfour-hmac-md5", "duration": 105149}}
[2023/10/11 08:46:54.272730,  3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Failed to decrypt PA-DATA -- 55301mntcupppc$@AD.MICROTEK.INTERNAL
[2023/10/11 08:46:54.274237,  3] ../../source4/samba/service_stream.c:67(stream_terminate_connection)

76
Hi Daniel,

Please find here the requested information.

Zentyal modules installed:
Antivirus   7.0.3   
Certification Authority   7.0.1   
Core   7.0.9   
DHCP Server   7.0.2   
DNS Server   7.0.2   
Domain Controller and File Sharing   7.0.3   
Firewall   7.0.0   
HTTP Proxy   7.0.2   
Intrusion Prevention System   7.0.1   
Mail   7.0.3   
NTP Service   7.0.0   
Network Configuration   7.0.0   
Software Management   7.0.0   
VPN   7.0.0   
Virtualization Manager   7.0.1

Antivirus and IDS/IPS are installed but not activated.

My repositories are as follows:

Code: [Select]
sudo apt-cache policy
Package files:
 100 /var/lib/dpkg/status
     release a=now
 500 http://packages.zentyal.org/zentyal 7.0/extra amd64 Packages
     release o=Zentyal,n=7.0,l=Zentyal,c=extra,b=amd64
     origin packages.zentyal.org
 500 http://packages.zentyal.org/zentyal 7.0/main amd64 Packages
     release o=Zentyal,n=7.0,l=Zentyal,c=main,b=amd64
     origin packages.zentyal.org
 500 http://ppa.launchpad.net/stephenczetty/gerbera-updates/ubuntu focal/main amd64 Packages
     release v=20.04,o=LP-PPA-stephenczetty-gerbera-updates,a=focal,n=focal,l=Gerbera,c=main,b=amd64
     origin ppa.launchpad.net
 500 https://repo.jellyfin.org/ubuntu bionic/main amd64 Packages
     release o=Jellyfin,n=bionic,l=Jellyfin,c=main,b=amd64
     origin repo.jellyfin.org
 500 http://ppa.launchpad.net/oisf/suricata-stable/ubuntu focal/main amd64 Packages
     release v=20.04,o=LP-PPA-oisf-suricata-stable,a=focal,n=focal,l=suricata-stable,c=main,b=amd64
     origin ppa.launchpad.net
 500 http://archive.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages
     release v=20.04,o=Ubuntu,a=focal-security,n=focal,l=Ubuntu,c=multiverse,b=amd64
     origin archive.ubuntu.com
 500 http://archive.ubuntu.com/ubuntu focal-security/universe amd64 Packages
     release v=20.04,o=Ubuntu,a=focal-security,n=focal,l=Ubuntu,c=universe,b=amd64
     origin archive.ubuntu.com
 500 http://archive.ubuntu.com/ubuntu focal-security/restricted amd64 Packages
     release v=20.04,o=Ubuntu,a=focal-security,n=focal,l=Ubuntu,c=restricted,b=amd64
     origin archive.ubuntu.com
 500 http://archive.ubuntu.com/ubuntu focal-security/main amd64 Packages
     release v=20.04,o=Ubuntu,a=focal-security,n=focal,l=Ubuntu,c=main,b=amd64
     origin archive.ubuntu.com
 100 http://archive.ubuntu.com/ubuntu focal-backports/universe amd64 Packages
     release v=20.04,o=Ubuntu,a=focal-backports,n=focal,l=Ubuntu,c=universe,b=amd64
     origin archive.ubuntu.com
 100 http://archive.ubuntu.com/ubuntu focal-backports/main amd64 Packages
     release v=20.04,o=Ubuntu,a=focal-backports,n=focal,l=Ubuntu,c=main,b=amd64
     origin archive.ubuntu.com
 500 http://archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 Packages
     release v=20.04,o=Ubuntu,a=focal-updates,n=focal,l=Ubuntu,c=multiverse,b=amd64
     origin archive.ubuntu.com
 500 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages
     release v=20.04,o=Ubuntu,a=focal-updates,n=focal,l=Ubuntu,c=universe,b=amd64
     origin archive.ubuntu.com
 500 http://archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages
     release v=20.04,o=Ubuntu,a=focal-updates,n=focal,l=Ubuntu,c=restricted,b=amd64
     origin archive.ubuntu.com
 500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
     release v=20.04,o=Ubuntu,a=focal-updates,n=focal,l=Ubuntu,c=main,b=amd64
     origin archive.ubuntu.com
 500 http://archive.ubuntu.com/ubuntu focal/multiverse amd64 Packages
     release v=20.04,o=Ubuntu,a=focal,n=focal,l=Ubuntu,c=multiverse,b=amd64
     origin archive.ubuntu.com
 500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
     release v=20.04,o=Ubuntu,a=focal,n=focal,l=Ubuntu,c=universe,b=amd64
     origin archive.ubuntu.com
 500 http://archive.ubuntu.com/ubuntu focal/restricted amd64 Packages
     release v=20.04,o=Ubuntu,a=focal,n=focal,l=Ubuntu,c=restricted,b=amd64
     origin archive.ubuntu.com
 500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
     release v=20.04,o=Ubuntu,a=focal,n=focal,l=Ubuntu,c=main,b=amd64
     origin archive.ubuntu.com
Pinned packages:

I do not have a clue which software installed cloud-init. It could potentially be linked to separate installation of Gerbera media server (Jellyfin was installed later), nginx, netdata or Nextcloud.

Best Regards,

Lars
77
Hi Lars,

Can you tell me what Zentyal modules and repositories are you using? Also, did you install any third-party software that might require the installation of cloud-init?

Best regards, Daniel Joven.
78
Hi,

running apt dist-upgrade ends up in the same situation, cloud-init will not be updated.

Code: [Select]
sudo apt dist-upgrade -s
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
Get more security updates through Ubuntu Pro with 'esm-apps' enabled:
  libavformat58 libpostproc-dev libavfilter7 ffmpeg imagemagick libswresample3
  libzmq5 python2.7-minimal libmagickwand-6.q16-6 python2.7 libavformat-dev
  libswresample-dev libpostproc55 libavutil-dev ntp libavcodec-dev ntpdate
  imagemagick-6.q16 redis-tools libavcodec58 libavutil56 libavdevice58
  libavfilter-dev libswscale5 libsdl2-2.0-0 libmysofa1 libmagickcore-6.q16-6
  libpython2.7-minimal libswscale-dev libpython2.7-stdlib redis-server
  libavresample4 imagemagick-6-common
Learn more about Ubuntu Pro at https://ubuntu.com/pro
The following packages have been kept back:
  cloud-init
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
79
Installation and Upgrades / Re: Upgrade 7.0.9 to 7.1 is blocked by pending update
« Last post by turalyon on October 09, 2023, 01:51:52 pm »
Hi,

Instead of trying to install a package apt install, just upgrade the system using this command apt dist-upgrade.



“This world is ours, and by the Holy Light we will keep it safe, now and forever".
80
Hi,

I am trying to upgrade from Zentyal 7.0.9 to 7.1 but the upgrade cannot be started due to a pending update (which seems to be blocked by Zentral relevant dependencies). Running the upgrade script gives following error:

+ checkPendingPackages
+ echo -e '\033[0;32m - Checking for pending updates...\033[0m'
 - Checking for pending updates...
+ IFS=';'
+ read updates security_updates
++ /usr/lib/update-notifier/apt-check
+ ((  1 == 0  ))
+ echo -e '\033[0;31m There are 1 updates available and 0 security updates available, please, install them before to upgrade your system\033[0m'
 There are 1 updates available and 0 security updates available, please, install them before to upgrade your system
+ exit 130


Checking for the package that is pending gives:

Code: [Select]
sudo apt list --upgradable
Auflistung... Fertig
cloud-init/focal-updates 23.3.1-0ubuntu1~20.04.1 all [aktualisierbar von: 22.2-0ubuntu1~18.04.1]

Trying to update cloud-init shows an unsolved dependency to netplan.io:

Code: [Select]
sudo apt install cloud-init
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.       
Statusinformationen werden eingelesen.... Fertig
Einige Pakete konnten nicht installiert werden. Das kann bedeuten, dass
Sie eine unmögliche Situation angefordert haben oder, wenn Sie die
Unstable-Distribution verwenden, dass einige erforderliche Pakete noch
nicht erstellt wurden oder Incoming noch nicht verlassen haben.
Die folgenden Informationen helfen Ihnen vielleicht, die Situation zu lösen:

Die folgenden Pakete haben unerfüllte Abhängigkeiten:
 cloud-init : Hängt ab von: netplan.io soll aber nicht installiert werden
E: Probleme können nicht korrigiert werden, Sie haben zurückgehaltene defekte Pakete.

If I try to update netplan.io apt wants to deinstall all Zentyal components:

Code: [Select]
sudo apt install netplan.io -s
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.       
Statusinformationen werden eingelesen.... Fertig
Die folgenden Pakete wurden automatisch installiert und werden nicht mehr benötigt:
  adwaita-icon-theme apache2-utils at-spi2-core auth-client-config bind9 bind9-utils bind9utils bridge-utils docutils-common e2guardian fetchmail gtk-update-icon-cache humanity-icon-theme ifenslave ipxe-qemu ipxe-qemu-256k-compat-efi-roms isc-dhcp-server
  ldb-tools libatk-bridge2.0-0 libatk1.0-0 libatk1.0-data libatspi2.0-0 libauthen-krb5-easy-perl libberkeleydb-perl libboost-iostreams1.71.0 libboost-thread1.71.0 libbrlapi0.7 libcacard0 libcolord2 libcrypt-rijndael-perl libdata-hexdumper-perl libepoxy0 libfdt1
  libfile-libmagic-perl libfile-readbackwards-perl libgbm1 libgfortran5 libgtk-3-0 libgtk-3-bin libgtk-3-common libhtp2 libhyperscan5 libibverbs1 libio-multiplex-perl libirs-export161 libisccfg-export163 libiscsi7 liblapack3 libluajit-5.1-2 libluajit-5.1-common
  liblzma-dev libmodule-pluggable-perl libnet-arp-perl libnet-cidr-perl libnet-dns-perl libnet-ntp-perl libnet-server-perl libnetfilter-queue1 libnl-route-3-200 libpam-cracklib libpam-pwquality libpkcs11-helper1 libpmem1 libpwquality-common libpwquality1
  libpython2-stdlib libpython2.7-minimal libpython2.7-stdlib libquota-perl librados2 librbd1 librdmacm1 librest-0.7-0 libslirp0 libsoup-gnome2.4-1 libspice-server1 libsys-filesystem-perl libtcmalloc-minimal4 libtext-dhcpleases-perl libusbredirparser1
  libuuid-perl libvirglrenderer1 libvirt-clients libvirt-daemon libvirt-daemon-driver-qemu libvirt-daemon-system libvirt-daemon-system-systemd libvirt0 libvte-2.91-0 libvte-2.91-common libwayland-server0 libxcomposite1 libxdamage1 libxtst6 libyajl2 novnc
  ntpdate openvpn ovmf postgrey python-babel-localedata python-numpy python-pkg-resources python2 python2-minimal python2.7 python2.7-minimal python3-babel python3-dateutil python3-debtcollector python3-docutils python3-iso8601 python3-monotonic python3-msgpack
  python3-netaddr python3-novnc python3-numpy python3-oslo.config python3-oslo.context python3-oslo.i18n python3-oslo.log python3-oslo.serialization python3-oslo.utils python3-pbr python3-pyinotify python3-pyparsing python3-rfc3986 python3-roman
  python3-stevedore python3-tz python3-websockify python3-wrapt qemu-block-extra qemu-kvm qemu-system-common qemu-system-data qemu-system-gui qemu-system-x86 qemu-utils quagga quagga-bgpd quagga-core quagga-isisd quagga-ospf6d quagga-ospfd quagga-pimd
  quagga-ripd quagga-ripngd samba samba-vfs-modules seabios sgml-base snort-rules-default suricata tdb-tools tftpd-hpa ubuntu-mono vlan wakeonlan websockify xml-core
Verwenden Sie »sudo apt autoremove«, um sie zu entfernen.
Die folgenden zusätzlichen Pakete werden installiert:
  libnetplan0
Vorgeschlagene Pakete:
  network-manager | wpasupplicant openvswitch-switch
Die folgenden Pakete werden ENTFERNT:
  zentyal-antivirus zentyal-dhcp zentyal-dns zentyal-firewall zentyal-ips zentyal-mail zentyal-network zentyal-ntp zentyal-openvpn zentyal-samba zentyal-squid zentyal-virt
Die folgenden NEUEN Pakete werden installiert:
  libnetplan0 netplan.io
0 aktualisiert, 2 neu installiert, 12 zu entfernen und 1 nicht aktualisiert.
Remv zentyal-squid [7.0.2]
Remv zentyal-antivirus [7.0.3]
Remv zentyal-dhcp [7.0.2]
Remv zentyal-mail [7.0.3]
Remv zentyal-samba [7.0.3]
Remv zentyal-dns [7.0.2]
Remv zentyal-virt [7.0.1]
Remv zentyal-openvpn [7.0.0]
Remv zentyal-firewall [7.0.0] [zentyal-ips:amd64 zentyal-ntp:amd64 ]
Remv zentyal-ips [7.0.1] [zentyal-ntp:amd64 ]
Remv zentyal-network [7.0.0] [zentyal-ntp:amd64 ]
Remv zentyal-ntp [7.0.0]
Inst libnetplan0 (0.104-0ubuntu2~20.04.2 Ubuntu:20.04/focal-updates [amd64])
Inst netplan.io (0.104-0ubuntu2~20.04.2 Ubuntu:20.04/focal-updates [amd64])
Conf libnetplan0 (0.104-0ubuntu2~20.04.2 Ubuntu:20.04/focal-updates [amd64])
Conf netplan.io (0.104-0ubuntu2~20.04.2 Ubuntu:20.04/focal-updates [amd64])

Any idea what is going wrong here? Why will the installation of netplan.io de-install Zentyal?

Best Regards,

Lars
Pages: 1 ... 6 7 [8] 9 10