Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - chiefrango

Pages: [1]
1
There is one caveat for the prior post about [ /sbin/iptables ].

A modprobe error appears during Zentyal network module start in zentyal.log. It appears Proxmox 6.4-13 [ kernel 5.4.128-1-pve ] is missing a module referenced in Ubuntu 20.04 networking stack.

Everything Zentyal wise is otherwise operating normally. Probably best to install from Zentyal 7.0 ISO instead of using the LXC container noted below.

Tim...
-----
Proxmox 6.4-13, LXC container template [ubuntu-20.04-standard_20.04-1_amd64.tar.gz]
Zentyal 7.0 installation using zentyal_installer.sh on top of existing Ubuntu 20.04

[ zentyal.log ]
2021/08/16 19:49:38 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command set -e
/sbin/modprobe 8021q
/sbin/vconfig set_name_type VLAN_PLUS_VID_NO_PAD failed.
Error output: modprobe: FATAL: Module 8021q not found in directory /lib/modules/5.4.128-1-pve

Command output: .
Exit value: 1 at root command set -e
/sbin/modprobe 8021q
/sbin/vconfig set_name_type VLAN_PLUS_VID_NO_PAD failed.
Error output: modprobe: FATAL: Module 8021q not found in directory /lib/modules/5.4.128-1-pve

Command output: .
Exit value: 1 at /usr/share/perl5/EBox/Sudo.pm line 240
EBox::Sudo::_rootError('/usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/8ndpxlXYf9.cmd 2> /var/lib/zentyal/tmp/stderr', 'set -e^J/sbin/modprobe 8021q^J/sbin/vconfig set_name_type VLAN_PLUS_VID_NO_PAD', 256, 'ARRAY(0x5627c3c33740)', 'ARRAY(0x5627c0aa2648)') called at /usr/share/perl5/EBox/Sudo.pm line 210
EBox::Sudo::_root(1, '/sbin/modprobe 8021q', '/sbin/vconfig set_name_type VLAN_PLUS_VID_NO_PAD') called at /usr/share/perl5/EBox/Sudo.pm line 153
EBox::Sudo::root('/sbin/modprobe 8021q', '/sbin/vconfig set_name_type VLAN_PLUS_VID_NO_PAD') called at /usr/share/perl5/EBox/Network.pm line 3591
eval {...} at /usr/share/perl5/EBox/Network.pm line 3590
EBox::Network::_preSetConf('EBox::Network=HASH(0x5627c2bc0bc8)') called at /usr/share/perl5/EBox/Module/Base.pm line 993
EBox::Module::Base::_regenConfig('EBox::Network=HASH(0x5627c2bc0bc8)') called at /usr/share/perl5/EBox/Module/Service.pm line 940
EBox::Module::Service::_regenConfig('EBox::Network=HASH(0x5627c2bc0bc8)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::Network=HASH(0x5627c2bc0bc8)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 649
eval {...} at /usr/share/perl5/EBox/GlobalImpl.pm line 648
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x5627bf5508e8)', 'progress', 'EBox::ProgressIndicator=HASH(0x5627c2ab91a0)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x5627be98a9b8)', 'progress', 'EBox::ProgressIndicator=HASH(0x5627c2ab91a0)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
2021/08/16 19:49:40 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: firewall
2021/08/16 19:49:40 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns

2
Hello again,

During https://server-ip:8443/ install an error was encountered during final Network module configuration.
Examining /var/log/zentyal/zentyal.log reveals error about missing [/sbin/iptables] path.

Solution:
# network module will save/start successfully after this workaround
sudo ln -s /etc/alternatives/iptables /sbin/iptables


The LXC container template does not create [ /sbin/iptables ] path.
Whereas install from Ubuntu 20.04 ISO does create [ /sbin/iptables ] path.

My ubuntu skills are insufficient to determine the necessary install package to soft link [ /sbin/iptables ] path.

Tim...
-----
Proxmox 6.4-13, LXC container template [ubuntu-20.04-standard_20.04-1_amd64.tar.gz]
Zentyal 7.0 installation using zentyal_installer.sh on top of existing Ubuntu 20.04

[ https://zen1:8443 ]
Some modules reported error when saving changes . More information on the logs in /var/log/zentyal/

The following modules failed while saving their changes, their state is unknown: network
Click here to go to the Dashboard
[end snip]

[ /var/log/zentyal/zentyal.log ]
[...]
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x55acf917b050)', 'progress', 'EBox::ProgressIndicator=HASH(0x55acf9074910)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x55acf916ace8)', 'progress', 'EBox::ProgressIndicator=HASH(0x55acf9074910)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
2021/08/16 19:10:23 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command set -e
/usr/share/zentyal-network/flush-fwmarks
/sbin/ip route flush table 101 || true
/sbin/ip route add default via 192.168.254.254 dev eth0 src 192.168.254.206 table 101
/sbin/ip rule add from 192.168.254.254 table 101
/sbin/ip rule add fwmark 1/0xFF table 101
/sbin/ip rule add table main
/sbin/iptables -t mangle -A PREROUTING  -m mark --mark 0/0xff -j  MARK --set-mark 1
/sbin/iptables -t mangle -A OUTPUT -m mark --mark 0/0xff -j  MARK --set-mark 1 failed.
Error output: Error: ipv4: FIB table does not exist.
 Flush terminated
 /var/lib/zentyal/tmp/gf5eZqpN6C.cmd: 8: /sbin/iptables: not found

Command output: .
Exit value: 127 at root command set -e
/usr/share/zentyal-network/flush-fwmarks
[...]
[end snip]

root@zen1:~# ls -l /sbin/iptables /usr/sbin/iptables
ls: cannot access '/sbin/iptables': No such file or directory
lrwxrwxrwx 1 root root 26 Apr 25  2020 /usr/sbin/iptables -> /etc/alternatives/iptables
root@zen1:~# ln -s /etc/alternatives/iptables /sbin/iptables
root@zen1:~# ls -l /sbin/iptables /usr/sbin/iptables
lrwxrwxrwx 1 root root 26 Aug 16 18:46 /sbin/iptables -> /etc/alternatives/iptables
lrwxrwxrwx 1 root root 26 Apr 25  2020 /usr/sbin/iptables -> /etc/alternatives/iptables
root@zen1:~#

3
Hello,

I encountered an error which could be solved with small documentation snippet to use [ /bin/sh ] shell when self-creating unix userid + sudo group before using zentyal_installer.sh

Tim...
-----
LXC Container using container template [ubuntu-20.04-standard_20.04-1_amd64.tar.gz]
Created o/s user using [ useradd -G sudo --home /home/adminx --shell /bin/bash adminx ]
Zentyal 7.0 installation using zentyal_installer.sh on top of existing Ubuntu 20.04

[ https://zen1:8443, using username=adminx ]
Somewhere near the [ Network Module ] this error appeared
Some modules reported error when saving changes . More information on the logs in /var/log/zentyal/

Invalid value for Default login shell: /usr/bin/bash. Choose a value within the value set: /bin/sh, /bin/bash, /bin/rbash, /bin/dash, /usr/bin/screen
<Click here to go to the Dashboard>https://zen1.*.*:8443/Wizard/SoftwareSetupFinish?firstTime=1
[end snip]

Waited 1-2 minutes
clicked <Click here to go to the Dashboard> (opened in new firefox tab)
"Installation finished" ... Congratulations
Clicked on <goto dashboard> and <Save> was orange indicating changes needed save operation.

<Save> produced this error (repeats the install error):
[snip]
Some modules reported error when saving changes . More information on the logs in /var/log/zentyal/

Invalid value for Default login shell: /usr/bin/bash. Choose a value within the value set: /bin/bash, /bin/rbash, /bin/dash, /usr/bin/screen, /bin/sh
[end snip]

Solution:
root@zen1:/var/log/zentyal# grep '/usr/bin/bash' /etc/passwd
root@zen1:/var/log/zentyal# usermod --shell /bin/sh adminx

Click <Save> to retry operation ... success

[ /var/log/zentyal/zentyal.log ]
[...]
2021/08/16 15:09:03 INFO> Service.pm:965 EBox::Module::Service::restartService - Restarting service for module: webadmin
2021/08/16 15:09:04 INFO> Service.pm:965 EBox::Module::Service::restartService - Restarting service for module: logs
2021/08/16 15:16:31 WARN> Auth.pm:277 EBox::Middleware::Auth::_login - Failed login from: <...ip address...>
2021/08/16 15:16:31 DEBUG> PAM.pm:83 Authen::Simple::PAM::check - Successfully authenticated user 'adminx' using service 'zentyal'.
2021/08/16 15:17:31 INFO> install-packages:61 main:: - Starting package installation process
2021/08/16 15:18:03 INFO> Base.pm:256 EBox::Module::Base::saveConfig - Saving config for module: ca
2021/08/16 15:18:03 INFO> Service.pm:965 EBox::Module::Service::restartService - Restarting service for module: ca
2021/08/16 15:18:04 DEBUG> Select.pm:363 EBox::Types::Select::_paramIsValid - Invalid value for Default login shell: /usr/bin/bash.
Choose a value within the value set: /bin/rbash, /bin/bash, /bin/dash, /usr/bin/screen, /bin/sh at Invalid value for Default login shell: /usr/bin/bash.
Choose a value within the value set: /bin/rbash, /bin/bash, /bin/dash, /usr/bin/screen, /bin/sh at /usr/share/perl5/EBox/Types/Select.pm line 363
EBox::Types::Select::_paramIsValid('EBox::Types::Select=HASH(0x563e4910ebb8)', 'HASH(0x563e495f27a8)') called at /usr/share/perl5/EBox/Types/Abstract.pm line 457
EBox::Types::Abstract::setMemValue('EBox::Types::Select=HASH(0x563e4910ebb8)', 'HASH(0x563e495f27a8)') called at /usr/share/perl5/EBox/Types/Select.pm line 423
EBox::Types::Select::_setValue('EBox::Types::Select=HASH(0x563e4910ebb8)', '/usr/bin/bash') called at /usr/share/perl5/EBox/Types/Abstract.pm line 62
EBox::Types::Abstract::new('EBox::Types::Select', 'defaultValue', '/usr/bin/bash', 'help', 'This will apply only to new users from now on.', 'fieldName', 'login_shell', 'disableCache', 1, 'printableName', 'Default login shell', 'HTMLSetter', '/ajax/setter/selectSetter.mas', 'populate', 'CODE(0x563e493cce90)', 'editable', 1, 'type', 'select', 'HTMLViewer', '/ajax/viewer/selectViewer.mas') called at /usr/share/perl5/EBox/Types/Basic.pm line 32
EBox::Types::Basic::new('EBox::Types::Select', 'defaultValue', '/usr/bin/bash', 'help', 'This will apply only to new users from now on.', 'fieldName', 'login_shell', 'disableCache', 1, 'printableName', 'Default login shell', 'HTMLSetter', '/ajax/setter/selectSetter.mas', 'populate', 'CODE(0x563e493cce90)', 'editable', 1, 'type', 'select', 'HTMLViewer', '/ajax/viewer/selectViewer.mas') called at /usr/share/perl5/EBox/Types/Select.pm line 68
EBox::Types::Select::new('EBox::Types::Select', 'fieldName', 'login_shell', 'printableName', 'Default login shell', 'disableCache', 1, 'populate', 'CODE(0x563e493cce90)', 'editable', 1, 'defaultValue', '/usr/bin/bash', 'help', 'This will apply only to new users from now on.') called at /usr/share/perl5/EBox/Samba/Model/PAM.pm line 111
EBox::Samba::Model::PAM::_table('EBox::Samba::Model::PAM=HASH(0x563e4946bec8)') called at /usr/share/perl5/EBox/Model/DataTable.pm line 104
EBox::Model::DataTable::_setupTable('EBox::Samba::Model::PAM=HASH(0x563e4946bec8)') called at /usr/share/perl5/EBox/Model/DataTable.pm line 92
[...]
[end snip]

[ /etc/passwd additions from add of 'adminx' to installation finished ]
adminx:x:1000:1000:Zentyal Administrator:/home/adminx:/bin/bash <<<<<<< created by me
mysql:x:113:120:MySQL Server,,,:/nonexistent:/bin/false
redis:x:114:121::/var/lib/redis:/usr/sbin/nologin
ebox:x:115:122::/var/lib/zentyal/:/usr/sbin/nologin
quagga:x:116:124:Quagga routing suite,,,:/run/quagga/:/usr/sbin/nologin
sogo:x:998:998:SOGo daemon:/var/lib/sogo:/usr/sbin/nologin
fetchmail:x:117:65534::/var/lib/fetchmail:/bin/false
ntp:x:118:125::/nonexistent:/usr/sbin/nologin
bind:x:119:126::/var/cache/bind:/usr/sbin/nologin
tftp:x:120:127:tftp daemon,,,:/srv/tftp:/usr/sbin/nologin
clamav:x:121:128::/var/lib/clamav:/bin/false
dhcpd:x:122:129::/var/run:/usr/sbin/nologin
memcache:x:123:130:Memcached,,,:/nonexistent:/bin/false
postgrey:x:124:131::/var/lib/postgrey:/usr/sbin/nologin
dovecot:x:125:132:Dovecot mail server,,,:/usr/lib/dovecot:/usr/sbin/nologin
dovenull:x:126:133:Dovecot login user,,,:/nonexistent:/usr/sbin/nologin
e2guardian:x:127:134:e2guardian User,,,:/var/log/e2guardian:/bin/sh
[end snip]

4
Installation and Upgrades / [Solved] Re: Zentyal 7 install w/o gui
« on: August 16, 2021, 04:28:40 pm »
Yes! Thank you

https://wiki.zentyal.org/wiki/Installation_Guide
Side note: this wiki link has a doc bug

[snip]
And then point your browser to the Zentyal IP address and follow the instructions on screen:
https://<zentyal-ip-address>/
[end snip]

URL should be: https://<zentyal-ip-address>:8443/

Tim...

5
Installation and Upgrades / Zentyal 7 install w/o gui
« on: August 16, 2021, 02:01:32 am »
https://doc.zentyal.org/en/installation.html

Following the above link using zentyal_installer.sh using 'n' for graphical install)
[ Do you want to install the Zentyal Graphical environment? (n|y) n ]

all goes well with install and I bring up the first time URL [ https://zen1:8443/ ] displays normally.

The webpage requires username/password.
However, zentyal_installer.sh never prompts for username/password as would the console graphical installer.

What is the first time username/password for the initial webpage using zentyal_installer.sh w/o graphical install?

Thanks, Tim...

7
Installation and Upgrades / Re: Useres Synchronization failed!
« on: May 15, 2013, 08:35:57 am »
I setup a ZCE30 BDC (Zentyal Community Ed 3.0.x) 5-6 months ago, here's what I can remember. Not sure if I was able to cleanup or reinstalled a clean ZCE30 on the 2nd server to be used as Samba BDC. My ZCE30 BDC is turned off right now and I am not finding the BDC setup admin webpage options on my ZCE30 PDC, so this is all from memory.

I believe the trick is to synchronize LDAP using master/slave or setup BDC, but not both. To setup a ZEC30 BDC, find instructions or follow the admin webpage to setup a BDC. This process will implicitly enable LDAP master/slave. The BDC setup will fail with duplicate usernames/groups when LDAP master/slave replication has already been established.

When I setup my BDC, ZCE30 was @ ~3.02 release and I had issues with groups replicating to the BDC sans usernames. I was getting some empty groups on the BDC. Not sure how I overcame this problem.

You'll know when BDC setup "sticks" as the zentyal log files in /var/log[/zentyal?] will start emitting messages about username/group replications every few mintues.

Good luck, Tim...

8
I have a computer which has been renamed from A -> B -> A. The person decided 'A' was okay after all. Now the current host 'A' cannot successfully dynamically update named.

Anyone know how to remove the original first 'A' named/bind entry to allow the update to succeed?

Tim...

[syslog snip, editted mac/domain info]
May 13 13:22:40 gateway dhcpd: DHCPREQUEST for 192.168.200.34 from xx:xx:xx:40:86:50 (host-4) via eth0
May 13 13:22:40 gateway dhcpd: DHCPACK on 192.168.200.34 to xx:xx:xx:40:86:50 (host-4) via eth0
May 13 13:22:40 gateway named[26009]: samba_dlz: starting transaction on zone example.net
May 13 13:22:40 gateway named[26009]: client 192.168.200.34#1484: updating zone 'example.net/NONE': update unsuccessful: host-4.example.net/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
May 13 13:22:40 gateway named[26009]: samba_dlz: cancelling transaction on zone example.net
May 13 13:22:40 gateway named[26009]: samba_dlz: starting transaction on zone example.net
May 13 13:22:40 gateway named[26009]: client 192.168.200.34#1487: update 'example.net/IN' denied
May 13 13:22:40 gateway named[26009]: samba_dlz: cancelling transaction on zone example.net
May 13 13:22:40 gateway named[26009]: samba_dlz: starting transaction on zone example.net
May 13 13:22:40 gateway named[26009]: samba_dlz: disallowing update of signer=host-4\$\@example.NET name=host-4.example.net type=A error=insufficient access rights
May 13 13:22:40 gateway named[26009]: client 192.168.200.34#1489: updating zone 'example.net/NONE': update failed: rejected by secure update (REFUSED)
May 13 13:22:40 gateway named[26009]: samba_dlz: cancelling transaction on zone example.net

9
Installation and Upgrades / Re: Need for split DNS?
« on: September 16, 2012, 06:41:12 am »
Hi, newbie Zentyal user here, loooong time roll your own Linux server type.

I looked around for a few hours for Zentayl ways to secure internal ip address from external queries. I looked at the /etc/bind implementation early on and wondered how everyone was securing internal data. Having used a split DNS for ~10y, I never considered using modern day internet DNS providers w/ or w/o the cost.

While I did not vote the poll, my vote is for a split DNS as this supports internal, external/dmz, or both. Looking at the Zentyal BIND implementation, the change to split DNS syntax isn't radically different at the risk of over simplifying coding, metadata, et al.

Right now my thinking is to run a single Zentyal VM guest on top of Zentyal host running bare minimum services + BIND resolving via port forward from external TCP/UDP:53 along the lines of a DMZ setup. Pretty much a self-hosted DNS service VM.

Great thread topic and suggestion.

C.R.

Pages: [1]