Topics

1

Installation and Upgrades / sane way to use zentyal samba in production?

« on: February 21, 2014, 11:36:57 am »

Hi

Is there any way to use this software in production without buying a subscription?

What would you download? I am trying 3.0 now.

excuse the lack of sleep RANT:

Since October while testing zentyal with one customer, I have run around repeatedly in circles with showstopping bugs in Zentyal.

I don't remember this in the old days. Sure there were problems but it was possible to work out how to work around it.

just now I feel I will have to just install Samba 4 directly and bin Zentyal as it's not worth the problems. Subscription soon costs more than MS 2012 essentials which just seems wrong.

I would even be happy to pay for access to the stable update stream and but with only community support? Say 40 - 80 Eur per server per year?

The pain of using this software due to so many moving parts and massive fails is insane. 

 /RANT

2

Installation and Upgrades / sharing /home on 3.2

« on: December 11, 2013, 09:45:12 pm »

Has anyone tried sharing the /home directory so that a user/group can view the other users folders?

it just sounds like a bad idea sharing out the folders twice, with overlapping acls- particularly as all the file shares are shared out of /home/samba/shares by default

Has anyone applied an alternative method of setting up user's homes?

3

Installation and Upgrades / location of sysvol

« on: November 19, 2013, 02:01:59 pm »

My path to sysvol is a bit strange, it contains both "tmp" and "backup":

/var/lib/zentyal/tmp/samba.backup/sysvol/

Is this a Bad Thing?

* UPDATE - just realised it's here:
/opt/samba4/var/locks/sysvol/

Sorry if I bothered anyone..!

4

Installation and Upgrades / samba causing named to segfault

« on: November 14, 2013, 09:45:21 pm »

Hi I have Zentyal 3.2, fully updated.

Before the latest updates of Nov 6 (when I installed zentyal from the latest ISO) I think I also had this problem.

Basically DNS has stopped, preventing logins.

Here's what I found in the logs:

Nov 13 14:44:37 islington1 named[5707]: samba_dlz: starting transaction on zone islington.local
Nov 13 14:44:37 islington1 kernel: [436398.524903] named[5708]: segfault at 0 ip 00007f443fedbad4 sp 00007f443aed18e0 error 4 in libc-2.15.so[7f443fe9f000+1b
5000]

It doesn't crash straight away, but happens after a day or two.

5

Installation and Upgrades / fileshare/acls/groups

« on: July 29, 2013, 02:52:49 pm »

I just installed latest iso on a proxmox KVM Virtual machine.

I:

* created share admin
* created group staff
* created users added to staff group (only group they belong to)
* set Administrator permission to staff group on share admin
* rsynced files from old server
* chowned all rsynced files to user sync (was root, already group __USERS__)
* set quota to 0

user, e.g. name staf2 cannot access files - can see them but cannot open "permission denied"
same issue when su staf2 - permission denied from bash

I could get it to work by adding administrator permission to each user in turn (and waiting for the acls to be committed)

Anybody got any clues how to get groups working properly?

6

Installation and Upgrades / security update causes CRON: Module is unknown error

« on: June 01, 2011, 03:58:58 pm »

I've just discovered that a bug in an upgrade caused my cron jobs to stop running, with the error Module is unknown appearing in syslog. This might apply to anyone who has automatic security updates installed?

The problem can be solved by restarting cron:-

/etc/init.d/cron restart

https://bugs.launchpad.net/ubuntu/+source/pam/+bug/790538
"
Upgrading libpam-modules from 1.1.1-4ubuntu1 to 1.1.1-4ubuntu2.2, cron stopped working, just gives a log message "Module is unknown". This happened during unattended-upgrades this night, so there might be a lot of people who didn't realize that yet.
"

In case it's useful to anyone

7

Installation and Upgrades / quota and profiles/ note to others/bug?

« on: April 26, 2010, 09:42:03 pm »

I just converted one of my older samba installs to an ebox based install and had some problems with a user profile that I wanted to copy in using method III from these instructions: http://lists.samba.org/archive/samba/2005-December/115326.html

the process worked well in that it copied all the outlook settings that were rather cumbersome (however make sure you backup the files first!). But I had a problem whenever logging out, where it said "there is not enough space on disk".

Turns out that even though I'd disabled quota in the ebox file sharing page, during the roaming profile synchronisation stage, windows xp was told that there wasn't enough disk space to store the profile. To resolve this I had to also turn off (set to 0) the user quota in the user account.

Not sure if this is a bug, but it take me some time to resolve (mainly because I was looking for the problem elsewhere mind)

8

Installation and Upgrades / site to site vpn and samba

« on: February 25, 2010, 04:46:38 pm »

Up till now I've been setting up a site to site vpn and then having clients connect to the other server across the vpn.

However I'm only doing it to allow some staff the ability to access some files on the samba server across the vpn

Would it make more sense in terms of security and bandwidth use to just mount the samba share within another share's directory hierarchy, just mount it as a user on the ebox server at the other end of the vpn?

Has anybody got any experience of that on ebox?

9

Installation and Upgrades / file sharing stopped; need to recover slapd?

« on: February 11, 2010, 04:33:30 pm »

I seem to have solved my own problem, but would like to catalogue my experiences here in case it's useful to anyone else or anyone has a comment.

file sharing status was stopped (power failure?), and when i tried to start it i got the following error:

Code: [Select]

A really nasty bug has occurred
Exception
Can't create ldapi connection
Trace
Can't create ldapi connection at /usr/share/perl5/EBox/Ldap.pm line 127
EBox::Ldap::ldapCon('EBox::Ldap=HASH(0xa013de4)') called at /usr/share/perl5/EBox/Ldap.pm line 274
EBox::Ldap::search('EBox::Ldap=HASH(0xa013de4)', 'HASH(0xa99314c)') called at /usr/share/perl5/EBox/SambaLdapUser.pm line 1005
EBox::SambaLdapUser::_fetchDomainAttrs('EBox::SambaLdapUser=HASH(0x900000c)', 'stirling') called at /usr/share/perl5/EBox/SambaLdapUser.pm line 976
EBox::SambaLdapUser::setSambaDomainName('EBox::SambaLdapUser=HASH(0x900000c)', 'stirling') called at /usr/share/perl5/EBox/Samba.pm line 420
EBox::Samba::_setConf('EBox::Samba=HASH(0xa8df8b0)', 'restart', 1) called at /usr/share/perl5/EBox/Module/Base.pm line 797
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0xa8df8b0)', 'restart', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 593
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0xa8df8b0)', 'restart', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 621
EBox::Module::Service::restartService('EBox::Samba=HASH(0xa8df8b0)') called at /usr/share/perl5/EBox/CGI/EBox/RestartService.pm line 51
EBox::CGI::EBox::RestartService::_process('EBox::CGI::EBox::RestartService=HASH(0xa9793b8)') called at /usr/share/perl5/EBox/CGI/Base.pm line 261
EBox::CGI::Base::run('EBox::CGI::EBox::RestartService=HASH(0xa9793b8)') called at /usr/share/perl5/EBox/CGI/Run.pm line 120
EBox::CGI::Run::run('EBox::CGI::Run', 'EBox/RestartService', 'EBox') called at /usr/share/ebox/cgi/ebox.cgi line 19
ModPerl::ROOT::ModPerl::Registry::usr_share_ebox_cgi_ebox_2ecgi::handler('Apache2::RequestRec=SCALAR(0xa948214)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
eval {...} called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
ModPerl::RegistryCooker::run('ModPerl::Registry=HASH(0xa87233c)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 170
ModPerl::RegistryCooker::default_handler('ModPerl::Registry=HASH(0xa87233c)') called at /usr/lib/perl5/ModPerl/Registry.pm line 31
ModPerl::Registry::handler('ModPerl::Registry', 'Apache2::RequestRec=SCALAR(0xa948214)') called at -e line 0
eval {...} called at -e line 0
I have had a little experience with setting up smbldap in the past and checked what happened with slapd by running slapcat:

Code: [Select]

slapcat -l ldap.ldif
this confirmed that something went wrong:

Code: [Select]

/etc/ldap/slapd.conf: line 118: rootdn is always granted unlimited privileges.
hdb_db_open: database "dc=ebox": unclean shutdown detected; attempting recovery.
hdb_db_open: database "dc=ebox": recovery skipped in read-only mode. Run manual recovery if errors are encountered.

previously I'd been able to run

Code: [Select]

db_recover -v -h /var/lib/ldap
to resolve this problem but i can't find the command.

However, manually starting slapd got it started and I was able to run slapcat.

Rebooting got the file sharing service started but from windows stations i got the error "local device name is already in use."

I thought maybe that by making a change to the Description in General settings might reinitialise the settings but that gave an error too.

The next thing identified was that i was starting slapd incorrectly by running it at the shell, and instead I needed to run

Code: [Select]

/etc/init.d/slapd start
this advised me to look at the logs, specifically /var/log/syslog

Code: [Select]

Feb 11 16:17:45 worthing1 slapd[7596]: could not open config file "/etc/ldap/slapd.conf": Permission denied (13)

by taking a look at another system i saw the ownership was incorrect, and i corrected that by:

chown root.openldap /etc/ldap/slapd.conf

and we're back up.