Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Deslack

Pages: [1]
1
Hello Daniel,

I apologize for reverting back after so long.

I used a Ubuntu LTS 20.04 LXC Container Template in Proxmox installation. I realize that after running the zentyal_installer.sh script, I haven't got gnupg2 installed, so I installed it afterwards, then re-ran the zentyal-installer.sh script. Since the script already found the line inside /etc/apt/sources.list, it won't proceed with the apt-key.

Maybe either check for gnupg2 before apt-key, or use another way to determine whether the key is already installed?

2
Installation and Upgrades / Zentyal 7.0 Install on a LXC Container
« on: July 16, 2021, 04:10:57 pm »

Hello guys,

Just installed Zentyal 7.0 on a Ubuntu 20.04 LTS using the install script as highlighted here:

https://doc.zentyal.org/en/installation.html#installation-on-top-of-ubuntu-20-04-lts-server-or-desktop

I tried it and got it running with a minor kink as follow

Code: [Select]
# ./zentyal_installer.sh
Do you want to install the Zentyal Graphical environment? (n|y) n

 - Checking Ubuntu version...
...OK

 - Checking for broken packages...
...OK

 - Checking for available disk space...
...OK

 - Checking if the system is up-to-date...
W: GPG error: http://ppa.launchpad.net/oisf/suricata-stable/ubuntu focal InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY D7F87B2966EB736F
E: The repository 'http://ppa.launchpad.net/oisf/suricata-stable/ubuntu focal InRelease' is not signed.

Which I remedied with:

Code: [Select]
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D7F87B2966EB736F
to add the suricata's pubkey to the repository. After that, ./zentyal-installer.sh ran fine.

Just a heads up for you guys.

3
Hello,

I had the same problem as Gabriel, and got it fixed after applying the stub fix.

Think this should be included as an official patch.

4
Quote
root@kekwa:~# ./postUpgradeProcedure.sh
 - Regenerating Nginx cert...
SSL directory /conf/ssl does not exist, we will create it
New key file generated: '/conf/ssl/ssl.key'
New certificate file generated: '/conf/ssl/ssl.cert'
New PEM file generated: '/conf/ssl/ssl.pem'
All server's certificate files in place

ln: failed to create symbolic link '/sbin/iptables': File exists
ln: failed to create symbolic link '/usr/bin/bash': File exists
 - Creating the new DNS directory for Samba DLZ...
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Reading domain information
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
DNS accounts already exist
No zone file /var/lib/samba/bind-dns/dns/ZENTYAL-DOMAIN.LOCAL.zone
/usr/sbin/samba_upgradedns:338: DeprecationWarning: The 'warn' method is deprecated, use 'warning' instead
  logger.warn("DNS records will be automatically created")
DNS records will be automatically created
DNS partitions already exist
dns-kekwa account already exists
BIND version unknown, please modify /var/lib/samba/bind-dns/named.conf manually.
ATTENTION: The BIND configuration and keytab has been moved to: /var/lib/samba/bind-dns Please update your BIND configuration accordingly.
Finished upgrading DNS
zentyal-ca was already set to manually installed.
zentyal-core was already set to manually installed.
zentyal-dhcp was already set to manually installed.
zentyal-dns was already set to manually installed.
zentyal-firewall was already set to manually installed.
zentyal-network was already set to manually installed.
zentyal-ntp was already set to manually installed.
zentyal-samba was already set to manually installed.
zentyal-software was already set to manually installed.
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
./postUpgradeProcedure.sh: line 54: checkBrokenPackages: command not found

*** Zentyal upgrade finished! Please restart your server now.

After moving /conf/ssl/* properly to /var/lib/zentyal, everything works fine now. Maybe I upgraded to 7.0 a bit too soon. Thank you!

5
Hello,

After upgrading from 6.2 to 7.0, I ran into problems not able to access the webadmin. Checking the status via
zs webadmin status with it returning stopped, then I attempt to start it via zs webadmin start. Though I got some entries in /var/log/syslog as follows:

Code: [Select]
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Scheduled restart job, restart counter is at 4.
Mar 29 21:37:52 kekwa systemd[1]: Stopped Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa systemd[1]: Started Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa nginx[21964]: nginx: [emerg] SSL_CTX_use_certificate("/var/lib/zentyal/conf/ssl/ssl.pem") failed (SSL: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small)
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Main process exited, code=exited, status=1/FAILURE
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Failed with result 'exit-code'.
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Scheduled restart job, restart counter is at 5.
Mar 29 21:37:52 kekwa systemd[1]: Stopped Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa systemd[1]: Started Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa nginx[21977]: nginx: [emerg] SSL_CTX_use_certificate("/var/lib/zentyal/conf/ssl/ssl.pem") failed (SSL: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small)
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Main process exited, code=exited, status=1/FAILURE
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Failed with result 'exit-code'.
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Scheduled restart job, restart counter is at 6.
Mar 29 21:37:52 kekwa systemd[1]: Stopped Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa systemd[1]: Started Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa nginx[21979]: nginx: [emerg] SSL_CTX_use_certificate("/var/lib/zentyal/conf/ssl/ssl.pem") failed (SSL: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small)
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Main process exited, code=exited, status=1/FAILURE
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Failed with result 'exit-code'.
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Scheduled restart job, restart counter is at 7.
Mar 29 21:37:52 kekwa systemd[1]: Stopped Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa systemd[1]: Started Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa nginx[21981]: nginx: [emerg] SSL_CTX_use_certificate("/var/lib/zentyal/conf/ssl/ssl.pem") failed (SSL: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small)
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Main process exited, code=exited, status=1/FAILURE
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Failed with result 'exit-code'.
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Scheduled restart job, restart counter is at 8.
Mar 29 21:37:52 kekwa systemd[1]: Stopped Nginx http daemon for Zentyal web admin.
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Start request repeated too quickly.
Mar 29 21:37:52 kekwa systemd[1]: zentyal.webadmin-nginx.service: Failed with result 'exit-code'.
Mar 29 21:37:52 kekwa systemd[1]: Failed to start Nginx http daemon for Zentyal web admin.

6
In the Network Configuration with Zentyal documentation, I noticed the naming convention suggested (https://wiki.zentyal.org/wiki/En/3.5/First_steps_with_Zentyal#Network_configuration_with_Zentyal)

Quote
Hostname:It is possible to change the hostname or the domain, for example zentyal.home.lan. The hostname will be used as a A register (hostname) of the local DNS domain.

You have to be careful if you intend to change the machine host name or local domain after the installation, the authentication subsystems (Kerberos) will be automatically reconfigured. It's recommended to reboot the machine after this operation, so all the daemons are aware of the change.

It was suggested that the domain be something like zentyal.home.lan, which is contrary to the suggested naming practices of a Active Directory forest. Here's a quote from an article I have read http://blog.varonis.com/active-directory-domain-naming-best-practices/

Quote
Before we discuss current best practices, here are two popular practices that are no longer recommended:

Generic top-level domains like .local, .lan, .corp, etc, are now being sold by ICANN, so the domain you’re using internally today – company.local could potentially become another company’s property tomorrow. If you’re still not convinced, here are some more reasons why you shouldn’t use .local in your AD domain name (http://www.mdmarra.com/2012/11/why-you-shouldnt-use-local-in-your.html)

If you use an external public domain name like company.com, you should avoid using the same domain as your internal AD name because you’ll end up with a split DNS. Split DNS is when you have two separate DNS servers managing the exact same DNS Forward Lookup Zone, increasing the administrative burden.

So I would suggest that Zentyal update its documentation to reflect this best practice.

7
What I did to get by is to delete the example.com domain inside DNS. It would be wonderful if the Samba4 Zentyal module checks whether the PDC domain already exists inside the DNS.

If not yet exist, offer to create it and provision it, and then later add into the DNS Zentyal module.

If already exist, provision it using existing DNS Zentyal entries.

In both cases, we would be able to add Aliases, or do other things with the domain as if it's a normal DNS domain (add host, aliases, SRV, TXT, and whatnots)

8
Hello,

I find that the File Sharing adds a line to /etc/bind/named.conf.local whenever I configured Samba as a PDC:

include "/var/lib/samba/private/named.conf";

which contains the DNS entry of the PDC.

Let's assume the domain for the PDC is example.com. I have already set up DNS entry for example.com, and later I install the File Sharing module, configured it and activated it. This results the Bind server complaining of duplicate entry for example.com.

Since my peeking into the entries added by provision.pl is rather comprehensive, could there be some way that the existing DNS entry be merged to the one generated by provision.pl?

9
Greetings fellow beta-testers,

I am wondering whether Zentyal has ceased to offer Zarafa groupware solution in 2.3/3.0, or should I expect it to be in final release?

Thanks.

Pages: [1]