This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
Installation and Upgrades / Unable to change or remove IP address because of non-existent Gateway
« on: March 18, 2011, 04:37:15 am »
My question is the same as http://trac.zentyal.org/ticket/1804.
I keep getting "The requested operation will cause one of the configured gateways to become unreachable. Please remove it first if you really want to make this change." and there is only an auto-configured Gateway setup in the Gateway list. The auto-configured one is from the ISP on a different interface and has no relation to this one. What's going on here, why is it saying this? It would be really nice to be able to change that static internal IP to DHCP.
I keep getting "The requested operation will cause one of the configured gateways to become unreachable. Please remove it first if you really want to make this change." and there is only an auto-configured Gateway setup in the Gateway list. The auto-configured one is from the ISP on a different interface and has no relation to this one. What's going on here, why is it saying this? It would be really nice to be able to change that static internal IP to DHCP.
2
Installation and Upgrades / Making sense of OpenVPN's problematic configuration
« on: March 13, 2011, 01:53:33 pm »
I finally figured out every single thing which caused me problems in OpenVPN in Zentyal the last 2 years. I installed pfSense 2.0 in another machine and through this horrid OpenVPN experience, I discovered everything associated with such connections.
Bridging is the way to go for OpenVPN. In this way, everything works as it normally would if all the machines were connected via hubs and switches. Should you setup an OpenVPN server in Zentyal or pfSense, you will have to use routed--rather than bridged--mode.
All operating systems, excluding Windows 7 and Zentyal Ubuntu 10.04, have very low firewall standards. This is why, when using routed mode, so long as you push a route to your internal network (Advertised Network in Zentyal's config), DNS, WINS, and NetBIOS, you should have no problems getting machines to talk to each other. The key to getting this to work in Windows Vista is to set the Gateway for the VPN adapter to the OpenVPN server's local address. This allows you to change it from a Public to Home network and will make things talk and play nicely together. Bring into play Windows 7 and Zentyal Ubuntu 10.04 and things get tricky.
From what I've found, Windows 7 specifically does not allow accessing of certain functions such as file sharing and ICMP from IPs which are not in the local subnet. This means that if you're VPN network is 2.2.2.0/24 and your local is 1.1.1.0/24, then Windows 7 will not allow the connection. Zentyal is a little bit different because of how the firewall changed over time. I have not done enough research to figure this out. I do know if your Zentyal machine is the OpenVPN server, you have full connection, but if it's another machine on the network, then this causes problems because of Zentyal's firewall.
My solution around this was to enable NAT. Zentyal has this feature as a simple checkbox, and it is not something done in the OpenVPN configuration file. While enabling NAT prevents two-way communication from happening, it does allow you to access both Windows 7 and Zentyal services from the outside, the VPN client machine. This works because the IP address is seen as the OpenVPN server's local IP address allowing you to only have to modify your OpenVPN server's settings instead of the firewall rules on all of your machines.
Now, if you want to access machines connected via OpenVPN, I recommend you change those settings on the individual machines and make sure to disable NAT in that case. Another method you might wanna try is a client-to-client connection. Enable VPN on one of your internal machines (don't forget to make a firewall rule for your internal network) and enable client-to-client VPN connections in Zentyal. In this way, you should be able to have both machines now able to speak to each other as they're both in the same subnet and both on the VPN together. Strange, but it works.
Bridging is the way to go for OpenVPN. In this way, everything works as it normally would if all the machines were connected via hubs and switches. Should you setup an OpenVPN server in Zentyal or pfSense, you will have to use routed--rather than bridged--mode.
All operating systems, excluding Windows 7 and Zentyal Ubuntu 10.04, have very low firewall standards. This is why, when using routed mode, so long as you push a route to your internal network (Advertised Network in Zentyal's config), DNS, WINS, and NetBIOS, you should have no problems getting machines to talk to each other. The key to getting this to work in Windows Vista is to set the Gateway for the VPN adapter to the OpenVPN server's local address. This allows you to change it from a Public to Home network and will make things talk and play nicely together. Bring into play Windows 7 and Zentyal Ubuntu 10.04 and things get tricky.
From what I've found, Windows 7 specifically does not allow accessing of certain functions such as file sharing and ICMP from IPs which are not in the local subnet. This means that if you're VPN network is 2.2.2.0/24 and your local is 1.1.1.0/24, then Windows 7 will not allow the connection. Zentyal is a little bit different because of how the firewall changed over time. I have not done enough research to figure this out. I do know if your Zentyal machine is the OpenVPN server, you have full connection, but if it's another machine on the network, then this causes problems because of Zentyal's firewall.
My solution around this was to enable NAT. Zentyal has this feature as a simple checkbox, and it is not something done in the OpenVPN configuration file. While enabling NAT prevents two-way communication from happening, it does allow you to access both Windows 7 and Zentyal services from the outside, the VPN client machine. This works because the IP address is seen as the OpenVPN server's local IP address allowing you to only have to modify your OpenVPN server's settings instead of the firewall rules on all of your machines.
Now, if you want to access machines connected via OpenVPN, I recommend you change those settings on the individual machines and make sure to disable NAT in that case. Another method you might wanna try is a client-to-client connection. Enable VPN on one of your internal machines (don't forget to make a firewall rule for your internal network) and enable client-to-client VPN connections in Zentyal. In this way, you should be able to have both machines now able to speak to each other as they're both in the same subnet and both on the VPN together. Strange, but it works.
3
Installation and Upgrades / [SOLVED] How do I fix circular dependencies because of a Zentyal 2.0 update?
« on: December 20, 2010, 11:43:00 pm »
I ran an apt-get update and dist-upgrade about a month ago and this hasn't been fixed even with version 2.0.10 so I dunno what I really should do here. I have circular dependencies and have no way to fix them. I'm assuming a dev would know of a script which can fix this.
Code: [Select]
root@hostname:~# apt-get install ebox
Reading package lists... Done
Building dependency tree
Reading state information... Done
ebox is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
9 not fully installed or removed.
After this operation, 0B of additional disk space will be used.
Setting up ebox (2.0.10) ...
Error parsing XML:/var/lib/ebox/gconf.backupdpkg: error processing ebox (--configure):
subprocess installed post-installation script returned error exit status 255
dpkg: dependency problems prevent configuration of ebox-software:
ebox-software depends on ebox (>= 2.0.9); however:
Package ebox is not configured yet.
ebox-software depends on ebox (<< 2.0.100); however:
Package ebox is not configured yet.
dpkg: error processing ebox-software (--configure):
dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
dpkg: dependency problems prevent configuration of ebox-ca:
ebox-ca depends on ebox (>= 2.0); however:
Package ebox is not configured yet.
ebox-ca depends on ebox (<< 2.0.100); however:
Package ebox is not configured yet.
dpkg: error processing ebox-ca (--configure):
dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
dpkg: dependency problems prevent configuration of ebox-network:
ebox-network depends on ebox (>= 2.0); however:
Package ebox is not configured yet.
ebox-network depends on ebox (<< 2.0.100); however:
Package ebox is not configured yet.
dpkg: error processing ebox-network (--configure):
dependency problems - leaving unconfigured
No apport report written because MaxReports is reached already
dpkg: dependency problems prevent configuration of ebox-openvpn:
ebox-openvpn depends on ebox (>= 2.0); however:
Package ebox is not configured yet.
ebox-openvpn depends on ebox (<< 2.0.100); however:
Package ebox is not configured yet.
ebox-openvpn depends on ebox-ca; however:
Package ebox-ca is not configured yet.
dpkg: error processing ebox-openvpn (--configure):
dependency problems - leaving unconfigured
No apport report written because MaxReports is reached already
dpkg: dependency problems prevent configuration of ebox-remoteservices:
ebox-remoteservices depends on ebox (>= 2.0); however:
Package ebox is not configured yet.
ebox-remoteservices depends on ebox (<< 2.0.100); however:
Package ebox is not configured yet.
ebox-remoteservices depends on ebox-openvpn; however:
Package ebox-openvpn is not configured yet.
dpkg: error processing ebox-remoteservices (--configure):
dependency problems - leaving unconfigured
No apport report written because MaxReports is reached already
dpkg: dependency problems prevent configuration of ebox-usersandgroups:
ebox-usersandgroups depends on ebox (>= 2.0); however:
Package ebox is not configured yet.
ebox-usersandgroups depends on ebox (<< 2.0.100); however:
Package ebox is not configured yet.
dpkg: error processing ebox-usersandgroups (--configure):
dependency problems - leaving unconfigured
No apport report written because MaxReports is reached already
dpkg: dependency problems prevent configuration of ebox-samba:
ebox-samba depends on ebox (>= 2.0.3); however:
Package ebox is not configured yet.
ebox-samba depends on ebox (<< 2.0.100); however:
Package ebox is not configured yet.
ebox-samba depends on ebox-network; however:
Package ebox-network is not configured yet.
ebox-samba depends on ebox-usersandgroups; however:
Package ebox-usersandgroups is not configured yet.
dpkg: error processing ebox-samba (--configure):
dependency problems - leaving unconfigured
No apport report written because MaxReports is reached already
dpkg: dependency problems prevent configuration of ebox-webserver:
ebox-webserver depends on ebox (>= 2.0); however:
Package ebox is not configured yet.
ebox-webserver depends on ebox (<< 2.0.100); however:
Package ebox is not configured yet.
ebox-webserver depends on ebox-ca; however:
Package ebox-ca is not configured yet.
dpkg: error processing ebox-webserver (--configure):
dependency problems - leaving unconfigured
No apport report written because MaxReports is reached already
Errors were encountered while processing:
ebox
ebox-software
ebox-ca
ebox-network
ebox-openvpn
ebox-remoteservices
ebox-usersandgroups
ebox-samba
ebox-webserver
E: Sub-process /usr/bin/dpkg returned an error code (1)
4
Installation and Upgrades / How do I export only part of the configuration files?
« on: December 20, 2010, 06:26:16 am »
I want to manually move the configuration files from one server over to another, specifically for DHCP, but right now, I cannot figure out where Zentyal looks to load those from.
I have over 50 hosts setup on another machine's eth3 which I want to assign to this machine's eth1 adapter so I just need a way to pull the config file and put it over here.
Last time I used the Backup Configuration from the System menu in Zentyal, it made the server completely inaccessible even from localhost. I would definitely appreciate a way to be able to export only the config files I wanted and modify the interfaces those are associated with so I may put them into another machine as easily as that.
Since this is impossible, where does Zentyal pull these configuration files from when I restart the DHCP service so I can do this manually?
I have over 50 hosts setup on another machine's eth3 which I want to assign to this machine's eth1 adapter so I just need a way to pull the config file and put it over here.
Last time I used the Backup Configuration from the System menu in Zentyal, it made the server completely inaccessible even from localhost. I would definitely appreciate a way to be able to export only the config files I wanted and modify the interfaces those are associated with so I may put them into another machine as easily as that.
Since this is impossible, where does Zentyal pull these configuration files from when I restart the DHCP service so I can do this manually?
5
Installation and Upgrades / [SOLVED] Cannot connect to the Internet from any machine but the Zentyal box
« on: October 31, 2010, 04:25:24 am »
I am having an emergency situation here. This has been happening on and off and I thought I fixed it, but it was just a workaround. My network module always fails to start now and it causes my entire network to fail. Other modules which fail are users and samba. Everything else starts up okay. Oddly enough, I can access my PC from the outside, but not from the inside. The only way I can access it though is at the computer itself because I had previously setup rules so only when VPN'd in or on the LAN could I access it.
What do I do? I cannot get to the Internet because of this. I'd love to just re-image this server but doing that requires an entire day dedicated to this; plus, I'm a home user so that's not really going to be so easy. I have a feeling either eth3 is bad or something about Zentyal 2.0 still has some major bugs since this isn't the first time it's caused me issues.
What do I do? I cannot get to the Internet because of this. I'd love to just re-image this server but doing that requires an entire day dedicated to this; plus, I'm a home user so that's not really going to be so easy. I have a feeling either eth3 is bad or something about Zentyal 2.0 still has some major bugs since this isn't the first time it's caused me issues.
6
Installation and Upgrades / Rsyncd error "unexpected response rsync version 3.0.7 protocol version
« on: October 29, 2010, 05:13:56 am »
Both servers I administer which have both BackupPC 3.1.0 or 3.2.0 and Zentyal receive this error when connecting to the rsyncd share: "unexpected response rsync version 3.0.7 protocol version 30". In more detail, ry doing rsync username@localhost:: I get:
I haven't touched these servers or changed a thing; the only difference is Zentyal upgraded from 2.0.1 to 2.0.x higher than that. I don't know exactly what version the error occurred, but I can tell you when the last daily backup occurred if that would help.
Code: [Select]
rsync: server sent "rsync version 3.0.7 protocol version 30" rather than greeting
rsync error: error starting client-server protocol (code 5) at main.c(1524) [Receiver=3.0.7]
I haven't touched these servers or changed a thing; the only difference is Zentyal upgraded from 2.0.1 to 2.0.x higher than that. I don't know exactly what version the error occurred, but I can tell you when the last daily backup occurred if that would help.
7
Installation and Upgrades / Cannot dist-upgrade four Zentyal packages
« on: October 29, 2010, 05:08:08 am »
What's going on with Aptitude, and how can I resolve these dependencies all dependent on each other? I went into Aptitude to try to fix it, but don't know how to select the "resolve" one. I'm assuming it's a simple matter of updating the entry in sources.list which shows "deb http://ppa.launchpad.net/zentyal/2.0/ubuntu lucid main"
Code: [Select]
root@ZENTYAL:~# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
4 not fully installed or removed.
After this operation, 0B of additional disk space will be used.
Do you want to continue [Y/n]? y
Setting up ebox (2.0.6) ...
Error parsing XML:/var/lib/ebox/gconf.backupdpkg: error processing ebox (--configure):
subprocess installed post-installation script returned error exit status 255
dpkg: dependency problems prevent configuration of ebox-network:
ebox-network depends on ebox (>= 2.0); however:
Package ebox is not configured yet.
ebox-network depends on ebox (<< 2.0.100); however:
Package ebox is not configured yet.
dpkg: error processing ebox-network (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of ebox-usersandgroups:
ebox-usersandgroups depends on ebox (>= 2.0); however:
Package ebox is not configured yet.
ebox-usersandgroups depends on ebox (<< 2.0.100); however:
Package ebox is not configured yet.
dpkg: error processing ebox-usersandgroups (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of ebox-samba:
ebox-samba depends on ebox (>= 2.0.3); however:
Package ebox is not configured yet.
ebox-samba depends on ebox (<No apport report written because the error message indicates its a followup error from a previous failure.
No apport report written because the error message indicates its a followup error from a previous failure.
No apport report written because MaxReports is reached already
< 2.0.100); however:
Package ebox is not configured yet.
ebox-samba depends on ebox-network; however:
Package ebox-network is not configured yet.
ebox-samba depends on ebox-usersandgroups; however:
Package ebox-usersandgroups is not configured yet.
dpkg: error processing ebox-samba (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
ebox
ebox-network
ebox-usersandgroups
ebox-samba
E: Sub-process /usr/bin/dpkg returned an error code (1)
8
Installation and Upgrades / Unable to ping VPN clients from inside of LAN
« on: October 07, 2010, 02:11:38 am »Code: [Select]
root@main:~# ping vpn-client
PING vpn-client (2.2.1.6) 56(84) bytes of data.
64 bytes from 2.2.1.6: icmp_seq=1 ttl=128 time=63.5 ms
64 bytes from 2.2.1.6: icmp_seq=2 ttl=128 time=62.6 ms
64 bytes from 2.2.1.6: icmp_seq=3 ttl=128 time=61.0 ms
64 bytes from 2.2.1.6: icmp_seq=4 ttl=128 time=58.7 ms
64 bytes from 2.2.1.6: icmp_seq=5 ttl=128 time=69.9 ms
64 bytes from 2.2.1.6: icmp_seq=6 ttl=128 time=64.6 ms
^C
--- vpn-client ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5007ms
rtt min/avg/max/mdev = 58.731/63.432/69.941/3.483 ms
As you can see, pinging the VPN clients from Zentyal works.
Code: [Select]
C:\Users\Kevin>ping vpn-client
Pinging vpn-client [2.2.1.6] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 2.2.1.6:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
From a LAN-connected machine, I am unable to even though I'm receiving the right IP. I even tried creating a static route; it didn't work.
9
Installation and Upgrades / [SOLVED] Cannot save network module because of ebox-flush-fwmarks setting error
« on: September 19, 2010, 04:58:14 pm »
I've been having this issue every since the upgrade from 1.5 to 2.0 on this machine and my subscription has been consistently pointing it out to me. I have no clue what this means or why it's happening, but is there a way to correct this issue?
Code: [Select]
2010/09/19 09:55:55 ERROR> Sudo.pm:212 EBox::Sudo::_rootError - root command /usr/share/ebox-network/ebox-flush-fwmarks
/sbin/ip route flush table 101
/sbin/ip rule add fwmark 1 table 101
/sbin/ip rule add from 1.1.1.1 table 101
/sbin/ip route add default via 1.1.1.1 table 101
/sbin/ip rule add table main
/sbin/iptables -t mangle -A PREROUTING -m mark --mark 0/0xff -i eth0 -j MARK --set-mark 1
/sbin/iptables -t mangle -N EMARK
/sbin/iptables -t mangle -A PREROUTING -j EMARK
/sbin/iptables -t mangle -A OUTPUT -j EMARK
/sbin/iptables -t mangle -A EMARK -m mark --mark 0/0xff -j MARK --set-mark 1 failed.
Error output: iptables: Protocol wrong type for socket
iptables: Protocol wrong type for socket
Command output: .
Exit value: 1
10
Installation and Upgrades / [SOLVED] Possible to make file sharing and users work like version 1.2?
« on: September 19, 2010, 03:31:02 pm »
Isn't it possible to make an LDAP Master with no slaves and have that work with Zentyal? In 1.2 this was possible, but I've since forgotten how to do it in 1.3 and on. I just want to have users and enable file sharing and get rid of this whole user syncing.
11
Installation and Upgrades / How to contact clients connected to the VPN from inside of the LAN
« on: September 13, 2010, 03:26:08 pm »
I've tried making a static route and doing many other things, but I can't seem to ping any machines from inside the network that are connected via VPN. I have it so they can ping me and access everything, I've got it so my router, the Zentyal box, can reach those machines, but no matter what, I can't access those machines from anything inside of the network. Why is this? It used to work, but after upgrading, it no longer works. Does anyone have a solution?
12
Installation and Upgrades / [SOLVED] Checking Users and Groups box freezes Zentyal
« on: September 09, 2010, 08:31:23 am »
Zentyal 2.0.1 upgraded from eBox 1.4.9
When I check the Users and Groups box in Modules, it freezes Zentyal. I had this problem before in the betas and someone said some kinda scriptuous or scriptus thing needed to be installed.
When I check the Users and Groups box in Modules, it freezes Zentyal. I had this problem before in the betas and someone said some kinda scriptuous or scriptus thing needed to be installed.
13
Installation and Upgrades / File Sharing - Slave not starting service, PDC trust relationship down
« on: August 01, 2010, 10:06:04 pm »
Error (login): The trust relationship between this workstation and the primary domain failed. (1789)
All of my clients are getting this error trying to login to the domain now. I don't know what to do. I tried setting up another machine as the PDC while this service isn't working, but that's not fixing anything. I don't know why it's not starting the service on the slave.
All of my clients are getting this error trying to login to the domain now. I don't know what to do. I tried setting up another machine as the PDC while this service isn't working, but that's not fixing anything. I don't know why it's not starting the service on the slave.
14
Installation and Upgrades / DNS Server - Dynamiclly allocated local DNS does not resolve self
« on: July 28, 2010, 03:53:16 am »
:: BACKGROUND ::
I have had this issue for quote some time and haven't thought much about it, but today it finally became an annoyance when trying to SSH.
:: BUG ::
The DNS server, when in dynamic mode, does not resolve itself. I cannot type in ebox.local instead of 192.168.1.1 and have it resolve yet it resolves everything else.
I have had this issue for quote some time and haven't thought much about it, but today it finally became an annoyance when trying to SSH.
:: BUG ::
The DNS server, when in dynamic mode, does not resolve itself. I cannot type in ebox.local instead of 192.168.1.1 and have it resolve yet it resolves everything else.
15
Installation and Upgrades / [SOLVED] How to get Samba working on an LDAP Master
« on: July 26, 2010, 02:13:04 pm »
eBox 1.4.8 & 1.5.8
2.6.24-28-server & 2.6.32-24-generic-pae
:: BACKGROUND ::
Many of you on the forums probably know I'm the only one who got File Sharing working on an LDAP Master. I'm here to give you that information now on how I actually did it. Right now, I have it working again, even on a different machine, and I am hopeful this will work for everyone else. I have confirmed this works in eBox 1.3, 1.4, and 1.5.
:: SOLUTION ::
The solution is extremely strange. It requires the right timing of when you do which commands, and I've sort of forgotten already how I did it, but here's what you can do to fix it all. Some of these steps are unneeded, but I don't know which so here's everything I can remember doing step-by-step. The very first thing to know, do not add users or configure Samba before you've typed in and synchronized the LDAP Slave with the Master.
NOTE: THIS WILL DELETE ALL YOUR CONFIGURED USERS, GROUPS, AND SHARES
1. /usr/share/ebox-usersandgroups/ebox-usersandgroups-reinstall
2. Go into the WUI and enable Users & Groups module in the Master
3. Connect the Slave(s) immediately
4. Enable the File Sharing module (it won't work properly)
5. Save WUI
6. /usr/share/ebox/ebox-unconfigure-module samba
7. Enable File Sharing module
... ~ !! Yay! It works !! ~ ...
:: NOTES ::
Don't forget to re-enable ldap for Internal Networks to eBox in the Firewall Rules.
2.6.24-28-server & 2.6.32-24-generic-pae
:: BACKGROUND ::
Many of you on the forums probably know I'm the only one who got File Sharing working on an LDAP Master. I'm here to give you that information now on how I actually did it. Right now, I have it working again, even on a different machine, and I am hopeful this will work for everyone else. I have confirmed this works in eBox 1.3, 1.4, and 1.5.
:: SOLUTION ::
The solution is extremely strange. It requires the right timing of when you do which commands, and I've sort of forgotten already how I did it, but here's what you can do to fix it all. Some of these steps are unneeded, but I don't know which so here's everything I can remember doing step-by-step. The very first thing to know, do not add users or configure Samba before you've typed in and synchronized the LDAP Slave with the Master.
NOTE: THIS WILL DELETE ALL YOUR CONFIGURED USERS, GROUPS, AND SHARES
1. /usr/share/ebox-usersandgroups/ebox-usersandgroups-reinstall
2. Go into the WUI and enable Users & Groups module in the Master
3. Connect the Slave(s) immediately
4. Enable the File Sharing module (it won't work properly)
5. Save WUI
6. /usr/share/ebox/ebox-unconfigure-module samba
7. Enable File Sharing module
... ~ !! Yay! It works !! ~ ...
:: NOTES ::
Don't forget to re-enable ldap for Internal Networks to eBox in the Firewall Rules.