Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - nontrivial

Pages: 1 2 3 [4] 5 6 ... 12
46
Installation and Upgrades / Re: 3.16.0-52-generic
« on: December 01, 2015, 07:26:24 pm »
I am running Zentyal 3.5 and I just upgraded to kernel 3.13.0-70 and this is happening to me on the third Zentyal server I have updated to the new kernel. It was the first 32bit system I updated, so that might have something to do with it.

47
Installation and Upgrades / Re: User's corner non existant
« on: August 18, 2014, 10:40:15 pm »
Count me as one of the sysadmins that do not use OpenChange and therefore now have to handle password change requests manually. I don't see how UserCorner could possibly conflict with whatever OpenChange operates such that it has to cease to exist.

James

48
Greetings,

Like a lot of people I was disappointed to hear that, in order to focus on openchange, Zentyal is abandoning many useful features. These changes really began to be felt with Zentyal 3.5 and will be felt even more with Zentyal 4.0. The lame "solution" is that you can edit the source code yourself to fix any resulting issues, and then compile and install these newly unsupported modules, but in my opinion that defeats the purpose of using Zentyal in the first place. It makes me wonder why, if they could support two alternate modes of Zarafa and not Zarafa, why can't they support openchange and not openchange?

But I digress. The purpose of this post is to tell anybody that is interested how to effectively disable haproxy. As a bonus, I also figured out how to have apache handle all the SSL certificates, although that does mean managing all SSL enables sites by editing apache config files. Haproxy was causing issues running egroupware, which at this point is much more user friendly and more full featured than openchange. Unless and until that changes, I'll stick with egroupware. Among other things, this means that I will probably be staying with Zentyal 3.5 for the foreseeable future.

The first file needed is "haproxy.postsetconf":

#!/usr/bin/perl -w
use strict;
use POSIX;

# Rewrites haproxy config file to ignore ports 80 and 443

my $Main = '/var/lib/zentyal/conf/haproxy.cfg';

my @Lines;
open(FILE, "<", $Main);
@Lines = <FILE>;
close(FILE);

my $Ignore;
open(FILE, ">", $Main);
for my $Line (@Lines) {
  if ($Line =~ /frontend ft/ || $Line =~ /backend ft/) { $Ignore = 0; }
  if ($Line =~ /ft_zentyal_80$/ || $Line =~ /ft_zentyal_443$/) { $Ignore = 1; }
  if (!$Ignore && $Line !~ /ssl_fc_sni/ && $Line !~ /host/) {print(FILE $Line);}
}
close(FILE);


The second file needed is "webserver.postsetconf":

#!/bin/bash

/bin/echo "Listen 80" > /etc/apache2/ports.conf
/bin/echo "Listen 443" >> /etc/apache2/ports.conf
/bin/sed -i 's/62080/80/g' /etc/apache2/sites-available/*.conf
/bin/sed -i 's/62443/443/g' /etc/apache2/sites-available/*.conf
/usr/sbin/a2dissite default-ssl



To neuter haproxy, do the following:

 1) Ensure the webadmin port is something other than 80 or 443.
 2) Make sure no web sites are configured to use SSL.
 3) Create the two hook scripts in '/etc/zentyal/hooks'.
 4) Make the two scripts are executable and owned by root.
 5) a2enmod ssl
 6) service zentyal haproxy restart
 7) service zentyal webserver restart

Again, you will need to manage your apache SSL enabled sites "manually" by editing config files, but in return you get complete control over the SSL certificates. The other downside, if you consider it a downside, is that I'm sure this royally screws up openchange. The Zentyal folks never explained why they started using haproxy, so I don't know what else it might screw up. So far everything I use is working great.

James

49
Installation and Upgrades / Re: Not using Zental after 2+ years.
« on: August 03, 2014, 07:43:22 pm »
With User Corner gone, Egroupware not an option, and serving web sites not being an option in the future, it's just time for me to start the process of migrating away from Zentyal. I have procedures, backups, etc I have to research and implement, so it may take me weeks. Egroupware under Ubuntu is also not a bad experience.

50
Installation and Upgrades / Re: OpenChange and Evolution?
« on: August 03, 2014, 05:00:58 pm »
Also, do you have any idea if getting davmail (http://davmail.sourceforge.net/) would work?

51
Installation and Upgrades / Re: OpenChange and Evolution?
« on: August 03, 2014, 04:54:06 pm »
Thanks again, but one of my questions was how do you import the certificate into the client. I read the documentation, and it says if you are trying to connect via HTTPS then you need to "import the certificate displayed in the image above", but it doesn't give you any hints how to do that. I did open the HTTPS port, but I figured the problem was not being able to import the certificate.

52
Installation and Upgrades / Not using Zental after 2+ years.
« on: August 03, 2014, 04:05:09 pm »
So after playing with Zentyal 3.5 for over a week, I've decided that I have to stop using Zentyal and go back to using straight Ubuntu. Basically I think the openchange and sogo stuff is not ready and likely will not be ready for years. I have been using EGroupware, and it is AMAZING. It even offers activesync support if you are willing to pay for it. I installed the latest version of Egroupware on the latest version of Ubuntu and it Just Worked. I have been trying for three days to get it to work on Zentyal 3.5 without success. I believe it has something to do with haproxy hijacking the ports and some part of Egroupware expecting to be on a standard port, but I can't be sure. And unfortunately haproxy is now a fundamental part of zentyal. You can't even uninstall the webserver module and manage apache yourself, haproxy prevents you from doing that, which is yet another deal breaker for when Zentyal 4.0 comes out.

So I am going to miss the convenience of Zentyal, especially when it comes to the firewall and network management, but if I have choose between Zentyal and using apache/Egroupware I'm going to have to choose apache/Egroupware.

James

53
Installation and Upgrades / Re: OpenChange and Evolution?
« on: August 03, 2014, 03:52:31 pm »
Thanks!

54
Installation and Upgrades / Re: OpenChange and Evolution?
« on: August 01, 2014, 10:03:08 pm »
Really? Nobody is using a Linux workstation and wants to use the spiffy new OpenChange server? I have been trying, and I have yet to be able to connect to the OpenChange server with anything, evolution, outlook, nothing. What a mess. Of course I am trying connect from an "external" network. Has anybody got Outlook working with that at least? If so, can you share how you imported the certificate? The documentation kind of glosses over how to do that.

James

55
Installation and Upgrades / Re: Roadmap Questions
« on: July 30, 2014, 08:33:35 pm »
Right, I offer a standard package to customers which includes email and web hosting, and it's so much easier to just have one server per customer, for backups, regulatory compliance, and a bunch of other reasons.

So I am still waiting to hear with Zentyal 4.0 if I need to worry about:
 A) Nothing
 B) Using the Outlook Anywhere feature if OpenChange
 C) Using OpenChange
 D) Using Zentyal at all.

I am pretty much set on needing to host websites on standard ports, and my best guess from what I've heard is that the answer is option C. Which sucks but is workable. As I said, I'm using EGroupware now, so I'll just keep them on it.

James

56
Hmm, thanks, that would have been helpful to know, but at the time I didn't think like I had anything to lose. The main issue was the "virtual_alias_maps map lookup problem" that I had absolutely no idea how to resolve. So now I am on hour number 4 of the reinstall, and hoping that mail just works when I get to that point.

James

57
OK, I'm going to bed now. I got user reinstalled by:

apt-get purge samba
rm -rf /etc/samba/*
rm -rf /var/lib/samba/*
rm -rf /var/log/samba/*

But now enabling the mail module fails with:

2014/07/29 22:07:53 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command set -e
samba-tool domain exportkeytab '/etc/dovecot/dovecot.keytab' --principal 'zentyal-mail-ns1'
samba-tool domain exportkeytab '/etc/dovecot/dovecot.keytab' --principal 'imap/ns1.nontrivial.net'
samba-tool domain exportkeytab '/etc/dovecot/dovecot.keytab' --principal 'imap/ns1.nontrivial.net@NONTRIVIAL.NET'
samba-tool domain exportkeytab '/etc/dovecot/dovecot.keytab' --principal 'smtp/ns1.nontrivial.net'
samba-tool domain exportkeytab '/etc/dovecot/dovecot.keytab' --principal 'smtp/ns1.nontrivial.net@NONTRIVIAL.NET'
samba-tool domain exportkeytab '/etc/dovecot/dovecot.keytab' --principal 'pop/ns1.nontrivial.net'
samba-tool domain exportkeytab '/etc/dovecot/dovecot.keytab' --principal 'pop/ns1.nontrivial.net@NONTRIVIAL.NET'
chown 'root':'dovecot' '/etc/dovecot/dovecot.keytab'
chmod '440' '/etc/dovecot/dovecot.keytab' failed.
Error output: params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
 GENSEC backend 'gssapi_spnego' registered
 GENSEC backend 'gssapi_krb5' registered
 GENSEC backend 'gssapi_krb5_sasl' registered
 GENSEC backend 'sasl-DIGEST-MD5' registered
 GENSEC backend 'schannel' registered
 GENSEC backend 'spnego' registered
 GENSEC backend 'ntlmssp' registered
 GENSEC backend 'krb5' registered
 GENSEC backend 'fake_gssapi_krb5' registered
 ERROR(runtime): uncaught exception - Key table entry not found
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 103, in run
     net.export_keytab(keytab=keytab, principal=principal)



So I am getting to bed so I can get up early to visit my sick server.

James

58
Installation and Upgrades / Upgrade Zentyal 3.4 to 3.5: Total Fail
« on: July 30, 2014, 04:48:27 am »
I upgraded my company server from Zentyal 3.3 to 3.4 without any issues. Then I upgraded it from 3.4 to 3.5 and the result is a total failure:
 
I was pleasantly surprised that everything seemed to go OK at first, and even the users made it over. All the users lost their email account and content, so I had to go to each user and add their email account back, and /var/vmail had been wiped clean. I considered that getting off light, so after fixing that I tried sending myself a test email. Which failed. After checking the mail log there was a constant stream of "virtual_alias_maps map lookup problem" errors. I mean constant, it was filling up my log partition. Unfortunately with 3.5 there is no magic script to reinstall everything user related, so I tried reinstalling user module, which of course meant that everything that depends on it like jabber and webserver.

There were no error messages on the console during the reinstall, but the zentyal log was another matter, and it wasn't pretty. So now my entire company email is down and I am going to have to get up at the butt crack of dawn early, drive to my hosting company, and install Zentyal from scratch and restore all the data from backups. Awesome! Thanks Zentyal!

I think I'm going to be keeping my customers on 3.3 for a while longer, at least until I can schedule some SERIOUS downtime with each of them.

James

Typical mail log errors:

Jul 29 20:47:29 ns1 postfix/cleanup[15542]: 08A732A0427: message-id=<20140730014729.08A732A0427@ns1.nontrivial.net>
Jul 29 20:47:29 ns1 postfix/cleanup[15542]: warning: dict_ldap_lookup: Search error 1: Operations error
Jul 29 20:47:29 ns1 postfix/cleanup[15542]: warning: ldap:valiases lookup error for "root@ns1.nontrivial.net"
Jul 29 20:47:29 ns1 postfix/cleanup[15542]: warning: 08A732A0427: virtual_alias_maps map lookup problem for root@ns1.nontrivial.net -- message not accepted, try again later

Typical zentyal log errors:

2014/07/29 21:32:51 WARN> Ldap.pm:215 EBox::Ldap::safeConnect - Could not connect to Samba LDB: connect: No such file or directory, retrying. (1 attempts)
2014/07/29 21:33:01 WARN> Ldap.pm:215 EBox::Ldap::safeConnect - Could not connect to Samba LDB: connect: No such file or directory, retrying. (100 attempts)
2014/07/29 21:33:11 WARN> Ldap.pm:215 EBox::Ldap::safeConnect - Could not connect to Samba LDB: connect: No such file or directory, retrying. (200 attempts)
2014/07/29 21:33:21 WARN> Ldap.pm:215 EBox::Ldap::safeConnect - Could not connect to Samba LDB: connect: No such file or directory, retrying. (300 attempts)
2014/07/29 21:33:22 DEBUG> Ldap.pm:219 EBox::Ldap::safeConnect - FATAL: Could not connect to samba LDAP server: connect: No such file or directory at FATAL: Could not connect to samba LDAP server: connect: No such file or directory at /usr/share/perl5/EBox/Ldap.pm line 219
EBox::Ldap::safeConnect('EBox::Samba::FSMO=HASH(0xb705214)') called at /usr/share/perl5/EBox/Ldap.pm line 173
EBox::Ldap::connection('EBox::Samba::FSMO=HASH(0xb705214)') called at /usr/share/perl5/EBox/Ldap.pm line 505
EBox::Ldap::rootDse('EBox::Samba::FSMO=HASH(0xb705214)') called at /usr/share/perl5/EBox/Samba/FSMO.pm line 125
EBox::Samba::FSMO::getSchemaMaster('EBox::Samba::FSMO=HASH(0xb705214)') called at /usr/share/perl5/EBox/Module/LDAP.pm line 84
EBox::Module::LDAP::_connectToSchemaMaster('EBox::Samba=HASH(0xa3d7524)') called at /usr/share/perl5/EBox/Module/LDAP.pm line 215
EBox::Module::LDAP::_loadSchemasFiles('EBox::Samba=HASH(0xa3d7524)', 'ARRAY(0xa40f44c)') called at /usr/share/perl5/EBox/Module/LDAP.pm line 207
EBox::Module::LDAP::_loadSchemas('EBox::Samba=HASH(0xa3d7524)') called at /usr/share/perl5/EBox/Module/LDAP.pm line 269
EBox::Module::LDAP::_performSetup('EBox::Samba=HASH(0xa3d7524)') called at /usr/share/perl5/EBox/Samba.pm line 836
EBox::Samba::_regenConfig('EBox::Samba=HASH(0xa3d7524)', 'restart', 1, 'restartModules', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 999
eval {...} at /usr/share/perl5/EBox/Module/Service.pm line 998
EBox::Module::Service::restartService('EBox::Samba=HASH(0xa3d7524)', 'restartModules', 1) called at /usr/share/perl5/EBox/Util/Init.pm line 129
eval {...} at /usr/share/perl5/EBox/Util/Init.pm line 127
EBox::Util::Init::moduleAction('samba', 'restartService', 'restart') called at /usr/share/perl5/EBox/Util/Init.pm line 255
EBox::Util::Init::moduleRestart('samba') called at /etc/init.d/zentyal line 59
main::main at /etc/init.d/zentyal line 80
2014/07/29 21:33:22 ERROR> Service.pm:1001 EBox::Module::Service::restartService - Error restarting service: FATAL: Could not connect to samba LDAP server: connect: No such file or directory
2014/07/29 21:33:22 ERROR> Service.pm:1003 EBox::Module::Service::restartService - FATAL: Could not connect to samba LDAP server: connect: No such file or directory at FATAL: Could not connect to samba LDAP server: connect: No such file or directory at /usr/share/perl5/EBox/Module/Service.pm line 1003
EBox::Module::Service::restartService('EBox::Samba=HASH(0xa3d7524)', 'restartModules', 1) called at /usr/share/perl5/EBox/Util/Init.pm line 129
eval {...} at /usr/share/perl5/EBox/Util/Init.pm line 127
EBox::Util::Init::moduleAction('samba', 'restartService', 'restart') called at /usr/share/perl5/EBox/Util/Init.pm line 255
EBox::Util::Init::moduleRestart('samba') called at /etc/init.d/zentyal line 59
main::main at /etc/init.d/zentyal line 80

59
Installation and Upgrades / Re: Roadmap Questions
« on: July 28, 2014, 05:31:10 pm »
Do I understand you correctly that starting with Zentyal 4.0 I will not be able to host websites on the same server using standard ports if I install the OpenChange module? I'm currently using Egroupware for my customers and I had been planing on switching them over to OpenChange, but if I can't host their website on the same server then I would likely just stick with using Egroupware. So is there a possibility of keeping the user corner and webserver modules for folks that choose not to use OpenChange? I cater to health care folks, and it is much easier to comply with HIPAA if I keep all of the customer's data on their own server.

As for webmin, if I had to choose between webmin and editing config files, I would choose editing config files. What I have always liked about Zentyal was the convenience of not HAVING to edit config files for common configurations, and I am really sad to see that being sacrificed for a feature that few Zentyal users are currently using. I guess the bet is that all the existing users that are going to be lost are going to be more than replaced with users whose only focus is replacing Exchange. I really hope that works out.

James

60
Installation and Upgrades / Roadmap Questions
« on: July 27, 2014, 12:16:15 am »
I just looked over the 4.0 roadmap and I am confused. Can anybody please help me understand?

Stabilization and improvement of all the current features:
 - Support for shared calendars & contacts
 - User management
 - Virtual Domain hosting

  Umm, aren't these already available in 3.5?

Other:
 - Improved Q&A processes, tools and incident follow up method

  Huh? Is this some sort of internal Zentyal process?

 - Configuration backup on the Zentyal Server UI (no Free Zentyal Account registration required)

  Huh? I already do not use a Zentyal account. Does this mean my configuration will be backed up automatically whether I want it to be or not, or else backed up locally, or what? I prefer to back up my own servers in a manner I understand and trust, so I hope this "feature" will be optional.

 - Removal of the Webserver and Webmail module (Roundcube)

 I understand removing the Webmail module, but also the web server module? Does that mean that Zentyal will no longer be managing apache anymore? If so that's pretty crappy.

James
PS Something like user corner is extremely useful.

Pages: 1 2 3 [4] 5 6 ... 12