91
Installation and Upgrades / [SOLVED] Login webadmin zentyal 7.x
« Last post by cingo_5 on July 19, 2024, 02:18:02 pm »Hi
I manage about 70 zentyal systems and from today, i can't login in every zentyal 7.x dashboard.
it return 504 Gateway Time-out from nginx
zentyal.webadmin-nginx and zentyal.webadmin-uwsgi are up and running
no problem with zentyal 8.x
the problem started for all of them this morning, and the only thing in common is version 7.x
I tried to investigate and I see that during the login phase, requests are made to a public IP 3.121.107.3 so I tried to disable any traffic other than the LAN from the IP of the Zentyal machine but I still received the nginx timeout.
I finally disconnected the network cable from the machine and the console now opens...
is it possible there is something related to the crowdsrike problem?
anyone encountering the same problem?
Thank you
I manage about 70 zentyal systems and from today, i can't login in every zentyal 7.x dashboard.
it return 504 Gateway Time-out from nginx
zentyal.webadmin-nginx and zentyal.webadmin-uwsgi are up and running
no problem with zentyal 8.x
the problem started for all of them this morning, and the only thing in common is version 7.x
I tried to investigate and I see that during the login phase, requests are made to a public IP 3.121.107.3 so I tried to disable any traffic other than the LAN from the IP of the Zentyal machine but I still received the nginx timeout.
I finally disconnected the network cable from the machine and the console now opens...
is it possible there is something related to the crowdsrike problem?
anyone encountering the same problem?
Thank you
92
Spanish / Re: Resolucion DNS inversa no responde desde redes externas
« Last post by Siroco on July 18, 2024, 11:56:48 am »Buenas,
Si puedes resolver consultas directas desde redes externas, y puedes resolver consultas directas e inversas desde tu red interna, en un principio se podría descartar problemas de configuración en bind o en el cortafuegos.
Una cosa que podías revisar es si tu proveedor de IP pública ha delegado correctamente sobre tu servidor la gestión de las zonas inversas. Parece común que no hagan éste paso. Aquí te dejo un enlace de un hilo donde hacen unas comprobaciones con dnsstuff.com y tiene como resultado que la zona está duplicada y por lo tanto los servidores DNS como BIND9 causarán una respuesta fallida.
Por otro lado, también te recomendaría estudiar los logs /var/log/syslog y /var/log/zentyal/zentyal.log para buscar posibles problemas de tipo error, refused, etc...
Saludos.
Si puedes resolver consultas directas desde redes externas, y puedes resolver consultas directas e inversas desde tu red interna, en un principio se podría descartar problemas de configuración en bind o en el cortafuegos.
Una cosa que podías revisar es si tu proveedor de IP pública ha delegado correctamente sobre tu servidor la gestión de las zonas inversas. Parece común que no hagan éste paso. Aquí te dejo un enlace de un hilo donde hacen unas comprobaciones con dnsstuff.com y tiene como resultado que la zona está duplicada y por lo tanto los servidores DNS como BIND9 causarán una respuesta fallida.
Por otro lado, también te recomendaría estudiar los logs /var/log/syslog y /var/log/zentyal/zentyal.log para buscar posibles problemas de tipo error, refused, etc...
Saludos.
93
Other modules / Re: ZENTYAL 6.1 - Update Error DNS
« Last post by Sycoriorz on July 16, 2024, 08:57:09 am »Dear,
how you want to reach fix ip adress.
You have settled an DHCP range which isnt the full 255.255.255.0?
Then you have generate an object?
And the you pick the mac of the device where should get the fix adress and add it to the object like follow.
After you go the DHCP and add under static the object.
It works for me without any problem.
regards
how you want to reach fix ip adress.
You have settled an DHCP range which isnt the full 255.255.255.0?
Then you have generate an object?
And the you pick the mac of the device where should get the fix adress and add it to the object like follow.
After you go the DHCP and add under static the object.
It works for me without any problem.
regards
94
Other modules / After 7.1->8.0 VPN S-to-S routing doesnt work anymore
« Last post by Sycoriorz on July 15, 2024, 09:33:26 pm »After Upgrade from Zentyal the routing goes partly lost. It is an Site-to-Site Zentyal to Zentyal Vpn Network which is affected. Rest of VPN servers which is for normal road warriors runs like expected.
Following route gets lost. On my Zentyal 7 Server the route is exactly like that.
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.20.1.0 10.10.5.9 255.255.255.0 UG 20 0 0 tap1
After adding this route over ''ip route add'' it works like expected.
But it isnt persistent
Expected behavior
persistent route which look like above.
Where i need to add this route that zentyal doesnt overwrite it and it is include in backup with full support.
many thanks
Following route gets lost. On my Zentyal 7 Server the route is exactly like that.
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.20.1.0 10.10.5.9 255.255.255.0 UG 20 0 0 tap1
After adding this route over ''ip route add'' it works like expected.
But it isnt persistent
Expected behavior
persistent route which look like above.
Where i need to add this route that zentyal doesnt overwrite it and it is include in backup with full support.
many thanks
95
Other modules / ZENTYAL 6.1 - Update Error DNS
« Last post by mkugler on July 13, 2024, 12:20:57 pm »Hello, if I want to assign a fixed IP to an object and then secure it, I get the following error:
Einige Module meldeten ein Fehler beim Sichern der Änderungen. Weitere Informationen finden Sie in den Logs in /var/log/zentyal/
The following modules failed while saving their changes, their state is unknown: dns The following modules failed while saving their changes, their state is unknown: dns at The following modules failed while saving their changes, their state is unknown: dns at /usr/share/perl5/EBox/GlobalImpl.pm line 727 EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x55e3a0550e00)', 'progress', 'EBox::ProgressIndicator=HASH(0x55e39c36c698)') called at /usr/share/perl5/EBox/Global.pm line 95 EBox::Global::AUTOLOAD('EBox::Global=HASH(0x55e3a04affd0)', 'progress', 'EBox::ProgressIndicator=HASH(0x55e39c36c698)') called at /usr/share/zentyal/global-action line 32 eval {...} at /usr/share/zentyal/global-action line 30
In the Log of Zentyal you see the following lines:
2024/07/13 11:04:58 DEBUG> Sudo.pm:189 EBox::Sudo::_root - /usr/share/zentyal/psgi/zentyal.psgi (pid: 27444) - nsupdate$
2024/07/13 11:04:58 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/sc6$
2024/07/13 11:04:58 ERROR> Service.pm:969 EBox::Module::Service::restartService - Error restarting service: root comman$
Error output: update failed: REFUSED
2024/07/13 11:14:57 DEBUG> Sudo.pm:189 EBox::Sudo::_root - /usr/share/zentyal/psgi/zentyal.psgi (pid: 27444) - LANG=C /$
2024/07/13 11:14:58 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command LANG=C /usr/sbin/ejabberdctl status failed$
2024/07/13 11:14:58 DEBUG> Sudo.pm:189 EBox::Sudo::_root - /usr/share/zentyal/psgi/zentyal.psgi (pid: 27444) - systemct$
Unfortunately I can't get the problem under control, does anyone know the problem and can help me.
Many thanks in advance.
Mathias
Einige Module meldeten ein Fehler beim Sichern der Änderungen. Weitere Informationen finden Sie in den Logs in /var/log/zentyal/
The following modules failed while saving their changes, their state is unknown: dns The following modules failed while saving their changes, their state is unknown: dns at The following modules failed while saving their changes, their state is unknown: dns at /usr/share/perl5/EBox/GlobalImpl.pm line 727 EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x55e3a0550e00)', 'progress', 'EBox::ProgressIndicator=HASH(0x55e39c36c698)') called at /usr/share/perl5/EBox/Global.pm line 95 EBox::Global::AUTOLOAD('EBox::Global=HASH(0x55e3a04affd0)', 'progress', 'EBox::ProgressIndicator=HASH(0x55e39c36c698)') called at /usr/share/zentyal/global-action line 32 eval {...} at /usr/share/zentyal/global-action line 30
In the Log of Zentyal you see the following lines:
2024/07/13 11:04:58 DEBUG> Sudo.pm:189 EBox::Sudo::_root - /usr/share/zentyal/psgi/zentyal.psgi (pid: 27444) - nsupdate$
2024/07/13 11:04:58 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/sc6$
2024/07/13 11:04:58 ERROR> Service.pm:969 EBox::Module::Service::restartService - Error restarting service: root comman$
Error output: update failed: REFUSED
2024/07/13 11:14:57 DEBUG> Sudo.pm:189 EBox::Sudo::_root - /usr/share/zentyal/psgi/zentyal.psgi (pid: 27444) - LANG=C /$
2024/07/13 11:14:58 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command LANG=C /usr/sbin/ejabberdctl status failed$
2024/07/13 11:14:58 DEBUG> Sudo.pm:189 EBox::Sudo::_root - /usr/share/zentyal/psgi/zentyal.psgi (pid: 27444) - systemct$
Unfortunately I can't get the problem under control, does anyone know the problem and can help me.
Many thanks in advance.
Mathias
96
Installation and Upgrades / Re: Problem with DNS forwarding
« Last post by Stage4972 on July 10, 2024, 09:01:44 pm »Just what I needed. Thanks
97
Installation and Upgrades / Re: Problem with DNS forwarding
« Last post by Siroco on July 10, 2024, 10:59:26 am »Hi,
To make changes persistent in Zentyal, you must use stubs. Below you have the link to the official documentation about stubs.
https://doc.zentyal.org/en/appendix-c.html#stubs
Best regards.
To make changes persistent in Zentyal, you must use stubs. Below you have the link to the official documentation about stubs.
https://doc.zentyal.org/en/appendix-c.html#stubs
Best regards.
98
Installation and Upgrades / Problem with DNS forwarding
« Last post by Stage4972 on July 09, 2024, 11:06:20 am »Hi, I'm having troubles with the DNS forwarder. My setup is PFSense (192.168.1.1) as gateway / dhcp / dns and Zentyal 8 (192.168.1.10) as DC forwading the DNS to the PFSense. While Zentyal forwards all internet DNS queries upstream it fails to forward .lan names and just gives ** server can't find pfsense.lan: SERVFAIL. I need the DNS forwarder to forward .lan dns queries because PFSense has to resolve them. The same setup with same settings worked on Zentyal 7. How can I debug that.
Thanks
EDIT: I've compared the /etc/bind/named.conf.options file between zentyal 7 and 8 and actually one this line was changed and and when I reverted it to Zentyal 7 version it fixed the issue for me:
Zentyal 8: dnssec-validation auto;
Zentyal 7: dnssec-validation yes;
I have no idea why but I'm leaving this here if anyone encounters the same problem.
EDIT: this file get recreated on reboot. Any idea how to make my change persitant?
Code: [Select]
root@dc:/etc# nslookup pfsense.lan
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: pfsense.lan
Address: 192.168.10.1
root@dc:/etc# nslookup google.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: google.com
Address: 142.251.140.78
Name: google.com
Address: 2a00:1450:4017:815::200e
root@dc:/etc# cat /etc/bind/named.conf.options
options {
sortlist {
192.168.1.0/24;
};
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
listen-on-v6 { none; };
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
forward first;
forwarders {
192.168.1.1;
};
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
auth-nxdomain no; # conform to RFC1035
allow-query { any; };
allow-recursion { trusted; };
allow-query-cache { trusted; };
allow-transfer { internal-local-nets; };
};
logging { category lame-servers { null; }; };
root@dc:/etc# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# and managed by Zentyal.
#
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
#
nameserver 127.0.0.1
search lan
Thanks
EDIT: I've compared the /etc/bind/named.conf.options file between zentyal 7 and 8 and actually one this line was changed and and when I reverted it to Zentyal 7 version it fixed the issue for me:
Zentyal 8: dnssec-validation auto;
Zentyal 7: dnssec-validation yes;
I have no idea why but I'm leaving this here if anyone encounters the same problem.
EDIT: this file get recreated on reboot. Any idea how to make my change persitant?
99
Installation and Upgrades / Re: Zentyal 8 missing Virtual Interfaces after upgrade from 7.0
« Last post by Daniel Joven on July 04, 2024, 10:43:50 am »Manually deleting entries does not solve the problem. File /etc/netplan/netplan.yaml is created from information stored somewhere else and that is where it needs to be removed.
Hi,
To fix this issue, please, go to the following link:
* https://github.com/zentyal/zentyal/issues/2167#issuecomment-2208417078
100
Other modules / Re: OPenVPN Tap0
« Last post by Siroco on July 01, 2024, 11:37:32 am »Hi,
If you only have one network interface, you should ensure that the NAT option is enabled in your VPN server settings.
https://doc.zentyal.org/en/vpn.html
Anyway, as you mentioned, it would be very useful if you upload to somewhere screenshots of the following:
- Network configuration.
- OpenVPN configuration including the advertised networks.
Also, you should analyze the log files /var/log/syslog and /var/log/openvpn/ in Zentyal and also, the OpenVPN client logs.
Finally, did you check if the advertised network is the same network as your client? For instance: 192.168.0.0/24
Best regards.
If you only have one network interface, you should ensure that the NAT option is enabled in your VPN server settings.
https://doc.zentyal.org/en/vpn.html
Anyway, as you mentioned, it would be very useful if you upload to somewhere screenshots of the following:
- Network configuration.
- OpenVPN configuration including the advertised networks.
Also, you should analyze the log files /var/log/syslog and /var/log/openvpn/ in Zentyal and also, the OpenVPN client logs.
Finally, did you check if the advertised network is the same network as your client? For instance: 192.168.0.0/24
Best regards.