Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
Installation and Upgrades / No network after install
« on: July 08, 2015, 05:07:30 pm »
I just installed 4.1 on a machine with 3 nics (a built in realtek and a dual port intel i350 pcie) and while the network cards were visible during the debian installer they disappeared after the first boot.
ifconfig just showed the loopback adaptor and nothing else.
Anyway cutting out all the swearing and hair pulling I realised that the nics were working they were just still labelled with their kernel names (eth0,1,2) while /etc/network/interfaces was expecting their systemd/udev (not sure which is responsible any more
) assigned names (p1p1 p2p1 p2p2).
Running ifconfig eth0 worked as expected so I just changed /etc/network/interfaces to use the eth names and everything came back up.
So...
1) what went wrong?
2) is this a permanent fix?
3) should I fix this in a different way?
I'm assuming it's a buggy uefi issue (it's an asus b85m-g mobo) but should I file a bug report somewhere as it seems like whatever failed should fail to a working state rather than a broken one?
Thanks
ifconfig just showed the loopback adaptor and nothing else.
Anyway cutting out all the swearing and hair pulling I realised that the nics were working they were just still labelled with their kernel names (eth0,1,2) while /etc/network/interfaces was expecting their systemd/udev (not sure which is responsible any more
) assigned names (p1p1 p2p1 p2p2).Running ifconfig eth0 worked as expected so I just changed /etc/network/interfaces to use the eth names and everything came back up.
So...
1) what went wrong?
2) is this a permanent fix?
3) should I fix this in a different way?
I'm assuming it's a buggy uefi issue (it's an asus b85m-g mobo) but should I file a bug report somewhere as it seems like whatever failed should fail to a working state rather than a broken one?
Thanks
2
Installation and Upgrades / samba not working after reinstalling the module?
« on: April 10, 2014, 03:22:02 pm »
A while back I had some updates fail while installing which caused me to have to remove most of the modules I had installed and reinstall them. After that I had no end of trouble getting samba to work again. The shares could be viewed by clients but none could be opened, the password box kept getting displayed, even for guest shares.
To cut a long story short the zentyal users weren't being copied into the samba database because there are two system accounts (Administrator and dns-XXXX) that have home dirs in /home and since those dirs already existed they couldn't be created and the that caused the script to fail. All I had to do was remove them and the users got added and samba started working again.
Anyway I'm posting this because:
1) this might be handy for someone else to know
2) it might be a bug
The thing is that having the script blindly removing directories in /home probably isn't a very good idea (someone might well have created a user call Administrator themselves! ). However these users have mail folders which do get replaced automatically which seems slightly inconsistent.
Perhaps it would be a good idea to move those home folders to a different location so the script can always delete them rather than fail?
To cut a long story short the zentyal users weren't being copied into the samba database because there are two system accounts (Administrator and dns-XXXX) that have home dirs in /home and since those dirs already existed they couldn't be created and the that caused the script to fail. All I had to do was remove them and the users got added and samba started working again.
Anyway I'm posting this because:
1) this might be handy for someone else to know
2) it might be a bug
The thing is that having the script blindly removing directories in /home probably isn't a very good idea (someone might well have created a user call Administrator themselves! ). However these users have mail folders which do get replaced automatically which seems slightly inconsistent.
Perhaps it would be a good idea to move those home folders to a different location so the script can always delete them rather than fail?
3
Installation and Upgrades / Remote Server returned '550 4.4.7 QUEUE.Expired; message expired'
« on: February 06, 2014, 07:00:07 pm »
Remote Server returned '550 4.4.7 QUEUE.Expired; message expired'
I've got an odd problem with mail that I don't think has anything to do with zentyal at all but I thought I'd ask for a second opinion.
A DSN with this error is sent to someone with an Office365 email address (user@somedomain.com) when he tried to email one particular user on my Zentyal server. If he CCs the message in to other users on my server then it gets delivered to those other users but he still gets the DSN after a few days about the problem user's address.
If he sends a message to one of the other users and CCs the problem address in then it gets delivered to everyone and there is no DSN.
Other people on the Office365 domain can send messages to my problem user without an issue and this guy can email other users on my domain without a problem it's just this one guy specifically sending to this one address
So, just to sum up...
user@somedomain.com sends and email to problem_user@mydomain.com and CCs to other_user@mydomain.com then other_user gets the message but problem_user doesn't and user@somedomain gets a DSN.
user@somedomain sends and email to other_user@mydomain and CCs to problem_user then everyone gets the message and there is no DSN
user@somedomain sends an email to problem_user then he gets the DSN.
I've had a good look at the postfix logs and as far as I can tell no attempt is made by Microsoft to deliver to problem_user. When other users are CCed in then I can see that connection but problem_user isn't mentioned at all. There are no errors related to this in my server's logs despite the DSN saying MS's server tried to deliver the message 90+ times!
I've turned off greylisting (did that a couple of weeks ago)
Last week I even tried creating a new user account for my problem user with a new email address, this worked for a few days and then started doing exactly the same thing!
Of course MS are precisely zero help as the refuse give any support to the people with the 365 account.
So is there any way this could be something to do with my server or does it look more like a Microsoft problem? My feeling is that something has gotten confused somewhere in Microsoft's no doubt horrifically complex office365 system and their server isn't trying to deliver. I don't really see that there is anything more I can do without someone at Microsoft's end looking at it.
I thought about trying to capture the smtp connection from MS but I can't see how to do that without turning off TLS on smtp connections and I don't think most people will even send mail if I do that, plus it's not something I'd want to do even for a short period.
I've just had a thought that I'm going to try now which is to create a new MX record for my domain, maybe it's something DNS related and that might clear it.
I've got an odd problem with mail that I don't think has anything to do with zentyal at all but I thought I'd ask for a second opinion.
A DSN with this error is sent to someone with an Office365 email address (user@somedomain.com) when he tried to email one particular user on my Zentyal server. If he CCs the message in to other users on my server then it gets delivered to those other users but he still gets the DSN after a few days about the problem user's address.
If he sends a message to one of the other users and CCs the problem address in then it gets delivered to everyone and there is no DSN.
Other people on the Office365 domain can send messages to my problem user without an issue and this guy can email other users on my domain without a problem it's just this one guy specifically sending to this one address
So, just to sum up...
user@somedomain.com sends and email to problem_user@mydomain.com and CCs to other_user@mydomain.com then other_user gets the message but problem_user doesn't and user@somedomain gets a DSN.
user@somedomain sends and email to other_user@mydomain and CCs to problem_user then everyone gets the message and there is no DSN
user@somedomain sends an email to problem_user then he gets the DSN.
I've had a good look at the postfix logs and as far as I can tell no attempt is made by Microsoft to deliver to problem_user. When other users are CCed in then I can see that connection but problem_user isn't mentioned at all. There are no errors related to this in my server's logs despite the DSN saying MS's server tried to deliver the message 90+ times!
I've turned off greylisting (did that a couple of weeks ago)
Last week I even tried creating a new user account for my problem user with a new email address, this worked for a few days and then started doing exactly the same thing!
Of course MS are precisely zero help as the refuse give any support to the people with the 365 account.
So is there any way this could be something to do with my server or does it look more like a Microsoft problem? My feeling is that something has gotten confused somewhere in Microsoft's no doubt horrifically complex office365 system and their server isn't trying to deliver. I don't really see that there is anything more I can do without someone at Microsoft's end looking at it.
I thought about trying to capture the smtp connection from MS but I can't see how to do that without turning off TLS on smtp connections and I don't think most people will even send mail if I do that, plus it's not something I'd want to do even for a short period.
I've just had a thought that I'm going to try now which is to create a new MX record for my domain, maybe it's something DNS related and that might clear it.
4
Installation and Upgrades / Load balance + QoS will this setup work?
« on: May 30, 2012, 04:19:55 pm »
I've got 3 internal networks and 3 internet connections. What I want to achieve is to get the best use of the 3 internet connections while ensuring that users on local1 get as much bandwidth as they need, users on local2 get whatever is left over from local1 and users on local3 get whatever is left after local1 and local2 have had whatever they need.
I'd like to use a Zentyal box to load balance the 3 internet connections and have QoS prioritise access to them based on which local network the traffic originated from.
It seems straight forward enough...
Just setup the three gateways, then configure the load balancer.
Create a network object containing all internet1, internet2 and internet3 (called balancedInternet).
Then create 3 QoS rules like these:
port based service "any"
source "local1"
destination "balancedInternet"
priority 7
port based service "any"
source "local2"
destination "balancedInternet"
priority 6
port based service "any"
source "local3"
destination "balancedInternet"
priority 5
I'm also considering replacing the 3 internet connections with a "single" bonded 3-way internet connection which would mean I could forget about load balancing.
Anyone got any thoughts on this?
EDIT:
sorry, originally posted in support so I moved it here.
Code: [Select]
local1--------------- ----------------- Internet1
| |
local2-------------- LB & QoS ------------- Internet2
| |
local3--------------- ----------------- Internet3
(just in case my ascii diagram doesn't come out let me clarify that the LB&QoS box has 6 network cards connected to each of the networks each using their own subnet)I'd like to use a Zentyal box to load balance the 3 internet connections and have QoS prioritise access to them based on which local network the traffic originated from.
It seems straight forward enough...
Just setup the three gateways, then configure the load balancer.
Create a network object containing all internet1, internet2 and internet3 (called balancedInternet).
Then create 3 QoS rules like these:
port based service "any"
source "local1"
destination "balancedInternet"
priority 7
port based service "any"
source "local2"
destination "balancedInternet"
priority 6
port based service "any"
source "local3"
destination "balancedInternet"
priority 5
I'm also considering replacing the 3 internet connections with a "single" bonded 3-way internet connection which would mean I could forget about load balancing.
Anyone got any thoughts on this?
EDIT:
sorry, originally posted in support so I moved it here.
5
Installation and Upgrades / using trusted certificates
« on: February 07, 2011, 07:49:20 pm »
I recently had a user complain that his iphone suddently started asking him to accept the self signed cert that his ebox (1.4) mailserver uses every time he sent or received an email. After a bit of digging I found some references to the latest iphone software update being broken so it can't remember which certificates you want to accept.
After I was told that I could prise his shiny toy from his cold dead hand I decided that the easiest thing to do was use trusted certs for mail but I'm not too sure how to go about this on ebox/zentyal so I'm after a bit of help.
As I understand it the certificates used by the services like web and mail in ebox are independent of the ebox-ca module (unless I go into the "service certificate" section and enable it).
I don't want to have to change the certificates I've generated in ebox-ca as I've got several vpn users who'd have to be re-issued with certs.
So do I just go through the process of creating a csr with openssl at the command line and submit them to someone like godady to get a cheap trusted cert or will that break the certs I've created with ebox-ca.
My knowledge of ssl is basically zero I'm afraid so any guidance is appreciated!
After I was told that I could prise his shiny toy from his cold dead hand I decided that the easiest thing to do was use trusted certs for mail but I'm not too sure how to go about this on ebox/zentyal so I'm after a bit of help.
As I understand it the certificates used by the services like web and mail in ebox are independent of the ebox-ca module (unless I go into the "service certificate" section and enable it).
I don't want to have to change the certificates I've generated in ebox-ca as I've got several vpn users who'd have to be re-issued with certs.
So do I just go through the process of creating a csr with openssl at the command line and submit them to someone like godady to get a cheap trusted cert or will that break the certs I've created with ebox-ca.
My knowledge of ssl is basically zero I'm afraid so any guidance is appreciated!
6
Installation and Upgrades / backup can't find file
« on: November 09, 2010, 05:26:51 pm »
running 1.4.3-0ubuntu1~ppa1~hardy1 on core 1.4.6
searching for a directory I need to restore shows it in the gui and when I try to restore it I'm told it has been restored successfully. However it never reappears!
I thought I'd try it from the command line with:
Doing this gives me:
and then:
any thoughts?
I've tried various values for -t including the last day I had a full backup.
searching for a directory I need to restore shows it in the gui and when I try to restore it I'm told it has been restored successfully. However it never reappears!
I thought I'd try it from the command line with:
Code: [Select]
sudo duplicity restore -t 4D --file-to-restore "/home/samba/shares/share/1984\ COMPLETE\ SYSTEM/Jobs" file:///backup --no-encryption ./jobsDoing this gives me:
Quote
Warning, found incomplete backup sets, probably left from aborted session
and then:
Quote
not found in archive, no files restored.
any thoughts?
I've tried various values for -t including the last day I had a full backup.
7
Installation and Upgrades / Can't find remote-backup in the store
« on: July 20, 2010, 12:09:09 pm »
Am I blind/mad?
I wanted to quote someone a price for doing his backup remotely and I can't find backup in the store, just subscriptions, support, voip and the book.
Do I have to buy a subscription before I can buy backup?
I wanted to quote someone a price for doing his backup remotely and I can't find backup in the store, just subscriptions, support, voip and the book.
Do I have to buy a subscription before I can buy backup?
8
Installation and Upgrades / Port redirection firewall rules from the VPN interface?
« on: June 14, 2010, 03:38:45 pm »
Here's my problem:
I've got a bunch of PCs and a voip server (not ebox) behind an ebox firewall. I've got home workers connecting through an ebox VPN and accessing the voip server. That all works fine
The problem is that the bright spark who setup the voip server chose to put it on 192.168.1.0/24 so if the remote clients' on networks aren't also on 192.168.1.0/24 then they can connect, but of course 192.168.1.0/24 is a pretty popular subnet for home routers and that means it won't work.
I did think that I might have been able to get the home users to connect to the ebox VPN IP (10.8.0.1 in my case) and enter a port redirection rule so the relevant ports go to the voip server. However the tap interface isn't listed in the drop down box.
Are there any ways round this?
Could I add a virtual interface to my lan nic (say 192.168.23.1) and then get the remote clients to connect to that IP?
Any suggestions... thanks
I've got a bunch of PCs and a voip server (not ebox) behind an ebox firewall. I've got home workers connecting through an ebox VPN and accessing the voip server. That all works fine
The problem is that the bright spark who setup the voip server chose to put it on 192.168.1.0/24 so if the remote clients' on networks aren't also on 192.168.1.0/24 then they can connect, but of course 192.168.1.0/24 is a pretty popular subnet for home routers and that means it won't work.
I did think that I might have been able to get the home users to connect to the ebox VPN IP (10.8.0.1 in my case) and enter a port redirection rule so the relevant ports go to the voip server. However the tap interface isn't listed in the drop down box.
Are there any ways round this?
Could I add a virtual interface to my lan nic (say 192.168.23.1) and then get the remote clients to connect to that IP?
Any suggestions... thanks
9
Installation and Upgrades / shared mailboxes
« on: June 09, 2010, 02:47:29 am »
I've done this with courier before but never with dovecot or ebox, I'm going to set some up tomorrow and was wondering if anyone else had done this on ebox and had any advice?
I've been reading up on namespaces:
http://wiki.dovecot.org/Namespaces
which seem to be how you do it with dovecot.
It looks fairly straightforward, just enable a private namespace for normal mailboxes then add a shared namespace.
I'll post back with what happens.
TBH I'm a bit surprised that this doesn't even seem to be on the wishlist and a search of the forums brought up nothing. I guess it's pretty hard to get people out of the habit of forwarding and CCing messages around the office but the only chance of doing that is shared mailboxes.
I've been reading up on namespaces:
http://wiki.dovecot.org/Namespaces
which seem to be how you do it with dovecot.
It looks fairly straightforward, just enable a private namespace for normal mailboxes then add a shared namespace.
I'll post back with what happens.
TBH I'm a bit surprised that this doesn't even seem to be on the wishlist and a search of the forums brought up nothing. I guess it's pretty hard to get people out of the habit of forwarding and CCing messages around the office but the only chance of doing that is shared mailboxes.
10
Installation and Upgrades / All my backups have disappeared
« on: June 07, 2010, 02:28:04 pm »
OK so it's my fault and there were only a couple of days worth there but it would be nice to get them back if it's something simple...
(backup is 1.4.3-0ubuntu1~ppa1~hardy1, filesystem backup)
I was backing up to a usb drive mounted on /backup. The drive got disconnected and an incremental daily backup ran (almost filling /). When I saw what had happened I copied the files out of /backup, remounted the drive and moved the new files back into /backup.
However ebox now says "There are not any backup files yet".
Have I overwritten some kind of index file and wrecked my previous backs (IE just start again) or is there a simple fix to get ebox to see my old backups?
(backup is 1.4.3-0ubuntu1~ppa1~hardy1, filesystem backup)
I was backing up to a usb drive mounted on /backup. The drive got disconnected and an incremental daily backup ran (almost filling /). When I saw what had happened I copied the files out of /backup, remounted the drive and moved the new files back into /backup.
However ebox now says "There are not any backup files yet".
Have I overwritten some kind of index file and wrecked my previous backs (IE just start again) or is there a simple fix to get ebox to see my old backups?
11
Installation and Upgrades / sync Maildir (permissions problem)
« on: June 03, 2010, 12:54:40 pm »
Hi,
Over the weekend I moved a server that was running a home brewed Debian postfix/courier mailserver over to ebox 1.4. All the users had shell accounts so naturally they had read/write access to their Maildirs.
This was useful because I had one user (the Boss of course!) who did a lot of work in the office (where the server is) and home (both the office and home don't have very good internet connections).
Connecting to the work server from home through IMAP was horribly slow so I set him up with another server at home which synced his Maildir in the office using the maildirsync script:
http://freshmeat.net/projects/maildirsync/
This script connects using ssh and merges the changes in the 2 dirs only transferring new mails (it's smart enough to move files if they're put in a different folder or rename them if their flags change)
This worked pretty well with the script only occasionally getting confused, his mail appeared to him to be very fast (even though it was still limited by the net connection) but what you don't know can't hurt you...
Anyway the problem is that now he's on ebox the shell account I created for him doesn't have read/write access to his /var/vmail/domain.com/username directory. I've set the sgid on it with:
chmod -R s+g /PATH
changed the ownership with:
chgrp -R shell_user /PATH
and permissions with:
chmod -R 770 /PATH
but of course all the new mails that get delivered to the Maildir are set to 0600 so even though the group permissions stick the shell user can't read the files.
So what can I do?
Either try to change the umask for the ebox user to be 007 (which I'm guessing would be a very bad idea!)
Install ACLs so I can set the umask for that dir (never installed ACLs before so I'm a little nervous of doing this on a live ebox server)
Run the sync script as root (not an ideal solution!)
Sync using IMAP (I've tried using imapsync but it takes a VERY long time to run where as maildirsync completed in a few seconds when there weren't any changes)
Something I haven't thought of!
Over the weekend I moved a server that was running a home brewed Debian postfix/courier mailserver over to ebox 1.4. All the users had shell accounts so naturally they had read/write access to their Maildirs.
This was useful because I had one user (the Boss of course!) who did a lot of work in the office (where the server is) and home (both the office and home don't have very good internet connections).
Connecting to the work server from home through IMAP was horribly slow so I set him up with another server at home which synced his Maildir in the office using the maildirsync script:
http://freshmeat.net/projects/maildirsync/
This script connects using ssh and merges the changes in the 2 dirs only transferring new mails (it's smart enough to move files if they're put in a different folder or rename them if their flags change)
This worked pretty well with the script only occasionally getting confused, his mail appeared to him to be very fast (even though it was still limited by the net connection) but what you don't know can't hurt you...
Anyway the problem is that now he's on ebox the shell account I created for him doesn't have read/write access to his /var/vmail/domain.com/username directory. I've set the sgid on it with:
chmod -R s+g /PATH
changed the ownership with:
chgrp -R shell_user /PATH
and permissions with:
chmod -R 770 /PATH
but of course all the new mails that get delivered to the Maildir are set to 0600 so even though the group permissions stick the shell user can't read the files.
So what can I do?
Either try to change the umask for the ebox user to be 007 (which I'm guessing would be a very bad idea!)
Install ACLs so I can set the umask for that dir (never installed ACLs before so I'm a little nervous of doing this on a live ebox server)
Run the sync script as root (not an ideal solution!)
Sync using IMAP (I've tried using imapsync but it takes a VERY long time to run where as maildirsync completed in a few seconds when there weren't any changes)
Something I haven't thought of!
12
Installation and Upgrades / proxy domain rules question
« on: February 08, 2010, 01:52:37 pm »
A quick one this:
when setting filter policies for domains or setting cache exemptions for domain in the HTTP Proxy do you have to use wild cards to also allow sub domains or is the base domain enough?
EG would allowing google.com also allow docs.google.com or would I need to allow *.google.com?
thanks
when setting filter policies for domains or setting cache exemptions for domain in the HTTP Proxy do you have to use wild cards to also allow sub domains or is the base domain enough?
EG would allowing google.com also allow docs.google.com or would I need to allow *.google.com?
thanks
13
Installation and Upgrades / LDAP sync with google
« on: January 21, 2010, 11:15:20 pm »
Anyone ever looked into setting this up with ebox?
http://www.google.com/support/a/bin/answer.py?&answer=106368
This page only talks about AD and Lotus but presumably it should be possible with ebox too, not that I know much about LDAP!
Any thoughts?
http://www.google.com/support/a/bin/answer.py?&answer=106368
This page only talks about AD and Lotus but presumably it should be possible with ebox too, not that I know much about LDAP!
Any thoughts?
14
Installation and Upgrades / Admin pages broken
« on: November 26, 2009, 04:18:55 pm »
I was using ebox the other day and all off a sudden the admin pages broke...
It looks like the style sheets aren't being applied (though I am not a web designer!) so while the menus appear and still work all the layout and fancy colours, effects, graphics are missing.
I've rebooted the server, tried different client machines, all to no avail.
Anyone got any ideas?
I'm currently on IRC if anyone can think of anything!
It looks like the style sheets aren't being applied (though I am not a web designer!) so while the menus appear and still work all the layout and fancy colours, effects, graphics are missing.
I've rebooted the server, tried different client machines, all to no avail.
Anyone got any ideas?
I'm currently on IRC if anyone can think of anything!
15
Installation and Upgrades / Filtering rules between internal networks
« on: November 17, 2009, 04:00:18 pm »
Here's what I'm trying to achieve:
one server 4 networks (internet, students, academics, admin)
I want ebox to prevent any communication between students/academics/admin except for a few pinholes that I specify.
the academics:
will use printers on the admin network (not via ebox samba shares though)
will use ebox as a dhcp server and gateway.
will have samba shares on ebox
the students:
will use ebox just as a gateway
the admins:
will have access to the ebox samba shares that the academics use.
The thing is that I don't seem to be able to get this working.
I created my 3 internal networks and then created objects for them using network addresses like:
student = 192.168.55.0/24
academic = 192.168.54.0/24
admin = 192.168.53.0/24
Under packet filter => from internal to ebox I created a rule:
decision = deny
source = source object student
service = samba
then under packet filter => rules for internal I created rules like:
decision = deny
source = source object student
destination = destination object academic
service = any
But any machine on the student network can still access machines on the academic network. Students can also access the samba server on ebox.
Obviously I'm missing something fairly obvious here but any help would be appreciated!
one server 4 networks (internet, students, academics, admin)
I want ebox to prevent any communication between students/academics/admin except for a few pinholes that I specify.
the academics:
will use printers on the admin network (not via ebox samba shares though)
will use ebox as a dhcp server and gateway.
will have samba shares on ebox
the students:
will use ebox just as a gateway
the admins:
will have access to the ebox samba shares that the academics use.
The thing is that I don't seem to be able to get this working.
I created my 3 internal networks and then created objects for them using network addresses like:
student = 192.168.55.0/24
academic = 192.168.54.0/24
admin = 192.168.53.0/24
Under packet filter => from internal to ebox I created a rule:
decision = deny
source = source object student
service = samba
then under packet filter => rules for internal I created rules like:
decision = deny
source = source object student
destination = destination object academic
service = any
But any machine on the student network can still access machines on the academic network. Students can also access the samba server on ebox.
Obviously I'm missing something fairly obvious here but any help would be appreciated!
Pages: [1] 2