Topics

1

Installation and Upgrades / Suggestions for wireless access point/router for public WiFi with Radius auth

« on: November 22, 2013, 11:18:31 pm »

Hello. I have one public AP at my work so people could get internet connectivity with their mobile devices or laptops. I have WPA2 Personal wireless security configured with a shared key. Although that is way not the best solution.
I could be using WPA2 Enterprise, but then there would be problems with connecting, so the best method in my opinion is web based authentication. I havent found about that much here in the forums, so I'm asking.
Are there any wireless routers/AP's which could be easily configured to work with Zentyal radius server and provide web-based authentication to users? I tried that with an old router with dd-wrt and chillispot, but I wasn't lucky.
I'm sure that there are people who have done that, because public wifi is just a very important thing to implement.

2

Installation and Upgrades / HTTP Proxy slow when higher load

« on: November 05, 2013, 05:23:12 pm »

I have traveled across this forum and commented on different discussions about problems with slowness with squid+dansguardian setup. I think my issue is a bit different.
PROBLEM:
Slow proxy. Mostly when 5+ clients are highly using the internet. Sometimes the inital requests are slow, takes 1-3sec to load (sometimes loads well), but when using proxy alone its pretty smooth, but still sometimes have tiny delays.
Without proxy its fine, DNS is working smooth. Even with proxy on it resolves DNS fine, the delays are usually on html/text documents.
In short what I have currently:
HARDWARE:
Intel Xeon CPU E3-1220 V2 3.10GHz
4GB DDR3 RAM
1TB 7200RPM HDD (hdparm -t shows ~140MB/s)
2 Gigabit ethernet ports
SOFTWARE:
Zentyal 3.0.25 with HTTP Proxy (Cache and Filter) 3.0.14
File sharing, domain controller, webserver, NTP, VPN, Antivirus for samba
At one time there are 10-40 clients which are using internet.
I use the proxy as transparent proxy with filtering (bigblacklist with few categories enabled) for 2 network segments and non-filtered traffic for all other connections. I have modified configuration, because the default config was pretty slow to me.
Config files:
http://pastebin.com/3Q1Yb78T
http://pastebin.com/YyU6Gwby
I have also modified dansguardian stub to fix forwarding loop issue described here http://forum.zentyal.org/index.php/topic,18388.0.html
I have assigned 40GB to squid cache, but its under the main system drive (I have only one drive in my server). Can that really be the bottleneck? The CPU load is low when proxy is used. And RAM usage is fine, no swapping occurs according to system stats and what squidclient says.
Also sometimes I get

Code: [Select]

WARNING - Queue congestion in my cache.log.
Also the filedescriptor count is fine and its always under the limit 65536.
I have Zentyal logging off for HTTP proxy.
The cache fs is reiserfs mounted with noatime and notail options. I recently switched from aufs to diskd caching method, but it didn't make any changes.
Maybe any ideas I can try? Meanwhile I will disable the transparent proxy and configure only for some devices.
Thanks!

3

Installation and Upgrades / Transparent proxy excemptions

« on: October 27, 2013, 09:51:53 am »

Hi. This should be easy to answer, but I couldn't stop thinking how this might work actually, so I did post here.
For unknown reason I am unable to install any Java updates trough transparent proxy, altrough offline installer does well. To fix this maybe I could bypass proxy for whole java.com or sun.com domain, but will this work if I add transparent proxy excemption? Will this work for all subdomains of java.com?
Thanks!

4

Installation and Upgrades / Access to Zentyal API via PHP

« on: September 24, 2013, 09:55:51 am »

Hi. I have custom made PHP application to add new users, currently I'm typing them by hand into the Zentyal administration panel. It would be awesome and time-saving to automatically add them into the Zentyal server. I'm not familiar to perl, but probably would manage to write a tiny script based on what can be found on the internet. The problem would be launching that perl script (which uses zentyal api) with passed parameters (userame, password, name, surname) from PHP. Maybe anyone has done something like that?
Thanks in advance!

5

Installation and Upgrades / Can't delete empty GPO

« on: September 03, 2013, 05:57:01 pm »

Hi. So the problem is that I cant delete one empty GPO. This started after I added a new GPO and added a few computers in it, then removed the computers and tried to get rid of the gpo and now I cant.

Code: [Select]

admins@server:~$ sudo samba-tool gpo del {6AC1786C-016F-11D2-945F-00C04FB984F9}
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM -  <00002035: objectclass: Cannot delete CN=User,CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=gnvg,DC=lan, it isn't permitted!> <>
  File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/gpo.py", line 1083, in run
    self.samdb.delete(ldb.Dn(self.samdb, "CN=User,%s" % str(gpo_dn)))When trying to delete it via Windows RSAT utilities, it shows that server is unwilling to process the request.
Can I fix this manually? Thanks!

6

Installation and Upgrades / Logging stops after some time

« on: August 22, 2013, 10:16:54 am »

Hi. I had a problem like this in 2.2. It seems that after a day of usage, the logging stops, but Zentyal log service seems to be started. After restarting log service, it starts to work, but the period between that time is lost in the logs. It usually happens in somewhere between ~8 o'clock in the morning. Then no more logs are shown in the log section for any module.
Anyone getting this?
I'm using 3.0.25 as a gateway

7

Installation and Upgrades / Getting Zentyal 3.0 UPS module to work.

« on: August 07, 2013, 06:40:26 pm »

Hi. I got Orvaldi 620GE UPS and it should be compatible with upsmon and Linux in general (as nuts support all ups upsmart did , then it still should be supported), thats what the manufactuers homepage says about this specific model. It has 1 RS232 port and the Zentyal server also has 1 RS232 port. I have the RS232 wire hooked up and configured the UPS module like this:

And the error message is Error: Driver not connected and there are broadcasts in terminal that orvaldi@server is offline.
A snip of syslog

Aug  7 11:50:16 server upsd[7033]: listening on 127.0.0.1 port 3493
Aug  7 11:50:16 server upsd[7033]: Can't connect to UPS [orvaldi] (blazer_ser-orvaldi): No such file or directory
Aug  7 11:50:16 server upsd[7034]: Startup successful
Aug  7 11:50:16 server upsmon[7036]: Startup successful
Aug  7 11:50:16 server upsd[7034]: User upsmon@127.0.0.1 logged into UPS [orvaldi]
Aug  7 11:50:16 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:50:16 server upsmon[7037]: Communications with UPS orvaldi@localhost lost
Aug  7 11:50:21 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:50:21 server upsmon[7037]: UPS orvaldi@localhost is unavailable
Aug  7 11:50:26 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:50:54  upsmon[7037]: last message repeated 5 times
Aug  7 11:50:56 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:51:01 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:51:06 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:51:11 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:51:38  upsmon[7037]: last message repeated 5 times
Aug  7 11:51:41 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:51:46 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:51:51 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:51:56 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:52:35  upsmon[7037]: last message repeated 7 times
Aug  7 11:52:36 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:53:41  upsmon[7037]: last message repeated 13 times
Aug  7 11:54:24  upsmon[7037]: last message repeated 8 times

Broadcast messages:

Broadcast Message from nut@server
        (somewhere) at 14:22 ...

Communications with UPS orvaldi@localhost lost


Broadcast Message from nut@server
        (somewhere) at 14:22 ...

UPS orvaldi@localhost is unavailable

,
Sorry for posting in the wrong section before.  Also today I had very fancy behavior when changing UPS driver, I set it to genericups and as soon as nuts start - the server starts to shut down. The recovery console helped this time (removed /etc/init.d/nuts).
I don't know much about rs232 ports in Linux so maybe there is something i'm doing wrong or a fix or a way to look. In near future we are planning to buy a new UPS, maybe someone can share of what UPS works best with zentyal?
Thanks.

8

Installation and Upgrades / [SOLVED?]VPN doesn't work when the port is set to 1194/UDP

« on: August 01, 2013, 06:17:01 pm »

Hi. I mentioned this in a other thread, but I have a problem with VPN. Recently we bought a new server to our office and I started preconfiguring it. Some days ago I brought it to our office and plugged in, did basic ip config and it works very well and I have a lot of services running with no problems. Altrough there is now a little problem with VPN.
When I set a port which is not 1194/udp (default openvpn port) the VPN seems to work (clients are able to connect from the internet), but with 1194 set the traffic of my internal interface (eth1) stops (clients of eth1 cant access anything) and there is no access to VPN. After messing up with it now the internal network works (!) with port set to 1194/udp, but there seems still to be a problem with firewall as far as I can tell.
When I set the port to 1194 and do

Code: [Select]

sudo iptables -L | grep 1194then it outputs nothing, when I set the port to 1195 for example then

Code: [Select]

sudo iptables -L | grep 1195outputs the firewall rule. When I was preconfiguring the server at home, the VPN worked trough 1195 with no problems.

The problem is that our ISP has a firewall and allows to the internet only HTTP traffic over port 80/443 and VPN traffic over 1194. I have to deal with ISP in order to properly forward the new port (lets say 1195), which is a mess so I would prefer to get the old 1194 working.  Anyway it should have worked by default, but somehow it doesnt.
Anyways I'm having a pretty great expirience with Zentyal 3.0 and I am pretty impressed of all the new features it has. Also tried the transparent proxy thing which was unplanned and it is very responsive and hope it will be stable, because I had issues with squid in Zentyal 2.2, had to increase some url stuff (cant remember now) to make it not to hang when the usage was high.

9

Installation and Upgrades / [SOLVED]Using Zentyal server as Gateway (and allow internet traffic)

« on: July 14, 2013, 09:10:50 pm »

Hello everyone! We have purchased a new more powerful server to our office and would like to get rid of router which routes all internet traffic. We want server to act as router.
I will try to describe the main current network structure here, hope you will understand:

[INTERNET MODEM] -- [ROUTER] -- [SWITCH] -- [ZENTYAL SERVER]
                                                                      |
                                                  [ALL OTHER WORKSTATIONS]

We would like to get rid of the router and directy put the cable coming from internet modem into eth0. So that would be the external network interface. eth1 would create internal network 10.0.1.0/24 and it would look like this (sorry for the interesting diagrams ):

[INTERNET MODEM] -- eth0 [ZENTYAL SERVER] eth1 -- [SWITCH]
                                                                                                    |
                                                                               [ALL OTHER WORKSTATIONS]

I tried installing zentyal by selecting all gateway components and configuring eth0 as external with static ip's (provided by ISP) and configuring eth1 as static internal and assigning 10.0.1.3 and 255.255.255.0 netmask to it. After doing that I was able to access all  allowed Zentyal services from internal network (by connecting my laptop and manually assigning 10.0.1.4/24 and zentyal DNS to it - just to test the internal network), BUT had no internet connection! I was able to ping www.hostname.com and ping 10.0.1.3, the Windows network status also said that there is internet connectivity, but no pages could be opened except Zentyal administration page (https://10.0.1.3).
I also tried enabling transparent proxy, then very very slow traffic started to come trough (and then I broke something, so I'll try to reinstall it and try again), but I would like just to reroute the internet traffic to eth0 to eth1 with no proxy (I use non-transparent proxy for other reasons). What am I doing wrong? Also didn't get why the traffic was so slow with transparent proxy enabled (opening web page in 5-10 seconds)

The main point is get internet connection to work in internal networks by just rerouting it. The server has 2 network adapters, eth0 and eth1. If I cant do this then I'll have to stick with a router which tends to hang 1-2 times a month. I would also like the monitoring options I can get if I use Zentyal as router.

Thanks!