Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
31
Installation and Upgrades / HTTP proxy - filter only
« on: October 17, 2011, 12:02:11 pm »
I am sure this has been covered before but I can't find where 
Anyway, how do I setup HTTP proxy so that it only filters traffic but does not cache anything?
Thanks
Anyway, how do I setup HTTP proxy so that it only filters traffic but does not cache anything?
Thanks
32
Installation and Upgrades / LDAP master/slave security
« on: September 29, 2011, 04:07:16 pm »
I want to set up a master ldap server to act for several slaver severs at different geographical sites and authenticate over the internet. I was thinking about using Amazon EC2 service to host it and have already set up a test instance of ubuntu with zentyal-users module with a second instance connected as a slave. I note that the zentyal ldap slave connects via port 433, so 2 questions:
1. Does it always use port 443 or just the same port that is set as the zentyal admin port?
2. Is the data transfer encrypted in anyway as ldap username & passwords are basically transmitted as plain text?
Thanks
1. Does it always use port 443 or just the same port that is set as the zentyal admin port?
2. Is the data transfer encrypted in anyway as ldap username & passwords are basically transmitted as plain text?
Thanks
33
Installation and Upgrades / ddclient not updating
« on: August 22, 2011, 12:26:15 pm »
the ddclient in zentyal is not updating the IP address, as far as I can tell it is setup correctly.
If I run ddclient -v I get:
If I run ddclient -daemon=0 –verbose I get:
I have also tried setting up a cron job every 5 mins to run ddclient -v
Any suggestions?
If I run ddclient -v I get:
Code: [Select]
CONNECT: checkip.dyndns.com
CONNECTED: using HTTP
SENDING: GET / HTTP/1.0
SENDING: Host: checkip.dyndns.com
SENDING: User-Agent: ddclient/3.8.0
SENDING: Connection: close
SENDING:
RECEIVE: HTTP/1.1 200 OK
RECEIVE: Content-Type: text/html
RECEIVE: Server: DynDNS-CheckIP/1.0
RECEIVE: Connection: close
RECEIVE: Cache-Control: no-cache
RECEIVE: Pragma: no-cache
RECEIVE: Content-Length: 105
RECEIVE:
RECEIVE: <html><head><title>Current IP Check</title></head><body>Current IP Address: 89.168.99.xxx</body></html>
INFO: setting IP address to 89.168.99.xxx for myhost.mydomain.com
UPDATE: updating myhost.mydomain.com
CONNECT: members.dyndns.org
CONNECTED: using SSL
SENDING: GET /nic/update?system=dyndns&hostname=myhost.mydomain.com&myip=89.168.99.xxx HTTP/1.0
SENDING: Host: members.dyndns.org
SENDING:
SENDING: User-Agent: ddclient/3.8.0
SENDING: Connection: close
SENDING:
RECEIVE: HTTP/1.1 502 Bad Gateway
RECEIVE: Date: Mon, 22 Aug 2011 10:13:45 GMT
RECEIVE: Server: Apache
RECEIVE: X-UpdateCode: R
RECEIVE: Content-Length: 6
RECEIVE: Connection: close
RECEIVE: Content-Type: text/plain
RECEIVE:
RECEIVE: dnserrIf I run ddclient -daemon=0 –verbose I get:
Code: [Select]
WARNING: file /var/cache/ddclient/ddclient.cache, line 3: Invalid Value for keyword 'ip' = ''
WARNING: skipping update of myhost.mydomain.com from <nothing> to 89.168.99.xxx.
WARNING: last updated <never> but last attempt on Mon Aug 22 11:13:44 2011 failed.
WARNING: Wait at least 5 minutes between update attempts.I have also tried setting up a cron job every 5 mins to run ddclient -v
Any suggestions?
34
Installation and Upgrades / basic apache and zarafa webaccess query
« on: August 05, 2011, 01:46:54 pm »
I have a default installation of zentyal and zarafa. Currently the webaccess is via:
http://serverIP/webaccess
I would like to make webaccess the root fo this site so that is accessed directly from
http://serverIP/
Currently this simply displays the contents of the default apache index.html (it works......etc)
What do I have to change to acheieve this (it's got to be simple!!)??
Thanks
http://serverIP/webaccess
I would like to make webaccess the root fo this site so that is accessed directly from
http://serverIP/
Currently this simply displays the contents of the default apache index.html (it works......etc)
What do I have to change to acheieve this (it's got to be simple!!)??
Thanks
35
Installation and Upgrades / How to add an e-mail disclaimer to outgoing mail
« on: April 16, 2011, 12:28:27 pm »
This is really for my own benefit so that I have documented what I did to get this to work.
The idea it to allow a disclaimer or footer to be added to all mail leaving the zentyal mail server. The problem is that (as per usual) zentyal will over write any change you make to the config files.
So here goes (you will need root access from the cli and a working mail setup):
1. install alterMIME:
4c. set the permissions:
5a. now for the trick to get zentyal to modify the /etc/postfix/master.cf automatically. Create a postsetconf script for the mail module:
Done
Troubleshooting:
1. the /etc/postfix/master.cf seems to be very fussy over the spaces between characters especially if the mail.postsetconf script was pasted from windows, it is worth opening a cli text editor and replacing the spaces
2. when the disclaimer is set up to be added to all messages on a domain (rather than individual addresses) if an e-mail is set to a recipient on the same domain they will get the disclaimer twice - this is due to the fact that postfix can't differentiate between incoming and outgoing mail, the script deals with this for everything other than the same domain.
References:
http://www.howtoforge.com/add-disclaimers-to-outgoing-emails-with-altermime-postfix-debian-etch
http://www.howtoforge.com/add-automatic-disclaimers-to-outgoing-emails-with-altermime-postfix-fedora8
Please point out any typos you might spot, any additional suggestions are warmly welcome
The idea it to allow a disclaimer or footer to be added to all mail leaving the zentyal mail server. The problem is that (as per usual) zentyal will over write any change you make to the config files.
So here goes (you will need root access from the cli and a working mail setup):
1. install alterMIME:
Code: [Select]
apt-get install altermime2. create the user filter with the home directory /var/spool/filter filter - alterMIME will be run as that user:Code: [Select]
useradd -r -c "Postfix Filters" -d /var/spool/filter filter
mkdir /var/spool/filter
chown filter:filter /var/spool/filter
chmod 750 /var/spool/filter3a. create the file /etc/postfix/disclaimer_addresses which holds all sender email addresses (one per line) for which alterMIME should add a disclaimer:Code: [Select]
nano /etc/postfix/disclaimer_addresses3b. add your addresses: Code: [Select]
#list individual address here
user1@yourdomain.com
user2@anotherdomin.com
# or for all addresses on a single domain (you will need to amend the /etc/postfix/disclaimer file appropriately:
yourdomain.com
sub.yourdomain.com4a. create the script /etc/postfix/disclaimer which executes alterMIME, with the appropriate modifications:Code: [Select]
nano /etc/postfix/disclaimer4b. paste the following:Code: [Select]
#!/bin/sh
# Localize these.
INSPECT_DIR=/var/spool/filter
SENDMAIL=/usr/sbin/sendmail
####### Changed From Original Script #######
DISCLAIMER_ADDRESSES=/etc/postfix/disclaimer_addresses
####### Changed From Original Script END #######
# Exit codes from <sysexits.h>
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
# Clean up when done or when aborting.
trap "rm -f in.$$" 0 1 2 3 15
# Start processing.
cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit
$EX_TEMPFAIL; }
cat >in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; }
####### Changed From Original Script #######
# obtain From address
# uncomment this line if you have individual e-mail addresses in the /etc/postfix/disclaimer_addresses file
#from_address=`grep -m 1 "From:" in.$$ | cut -d "<" -f 2 | cut -d ">" -f 1`
# uncomment this line if you have and entire domain listed in the /etc/postfix/disclaimer_addresses file
from_address=`grep -m 1 "From:" in.$$ | cut -d "<" -f 2 | cut -d ">" -f 1 | cut -d "@" -f 2`
if [ `grep -wi ^${from_address}$ ${DISCLAIMER_ADDRESSES}` ]; then
/usr/bin/altermime --input=in.$$ \
--disclaimer=/etc/postfix/disclaimer.txt \
--disclaimer-html=/etc/postfix/disclaimer.txt \
--xheader="X-Copyrighted-Material: Please visit http://www.c$
{ echo Message content rejected; exit $EX_UNAVAILABLE; }
fi
####### Changed From Original Script END #######
$SENDMAIL "$@" <in.$$
exit $?You will need to uncomment the correct line depending on whether you have individual e-mail addresses listed in the /etc/postfix/disclaimer_addresses file or an entire domain4c. set the permissions:
Code: [Select]
chgrp filter /etc/postfix/disclaimer
chmod 750 /etc/postfix/disclaimer5a. now for the trick to get zentyal to modify the /etc/postfix/master.cf automatically. Create a postsetconf script for the mail module:
Code: [Select]
nano /etc/ebox/hooks/mail.postsetconf5b. paste the following:Code: [Select]
#!/bin/sh
#adds filter for smtp messages
sed 's/smtp inet n - - - - smtpd.*/& \n -o content_filter=dfilt:/' /etc/postfix/master.cf > /etc/postfix/temp_file
mv /etc/postfix/temp_file /etc/postfix/master.cf
#adds filter for smtps messages
sed 's/smtps inet n - - - - smtpd.*/& \n -o content_filter=dfilt:/' /etc/postfix/master.cf > /etc/postfix/temp_file
mv /etc/postfix/temp_file /etc/postfix/master.cf
#no idea what these lines do but they are needed at the bottom of the master.cf file
echo dfilt unix - n n - - pipe >> /etc/postfix/master.cf
echo ' flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} -- ${recipient}' >> /etc/postfix/master.cf
exit 05c. Set the permissions:Code: [Select]
chmod +x /etc/ebox/hooks/mail.postsetconf 6. edit the /etc/postfix/disclaimer.txt and insert whatever you want added:Code: [Select]
nano /etc/postfix/disclaimer.txt7. reset the mail module on the zentyal dashboardDone
Troubleshooting:
1. the /etc/postfix/master.cf seems to be very fussy over the spaces between characters especially if the mail.postsetconf script was pasted from windows, it is worth opening a cli text editor and replacing the spaces
2. when the disclaimer is set up to be added to all messages on a domain (rather than individual addresses) if an e-mail is set to a recipient on the same domain they will get the disclaimer twice - this is due to the fact that postfix can't differentiate between incoming and outgoing mail, the script deals with this for everything other than the same domain.
References:
http://www.howtoforge.com/add-disclaimers-to-outgoing-emails-with-altermime-postfix-debian-etch
http://www.howtoforge.com/add-automatic-disclaimers-to-outgoing-emails-with-altermime-postfix-fedora8
Please point out any typos you might spot, any additional suggestions are warmly welcome
36
Installation and Upgrades / [SOLVED]mail filter problem
« on: April 04, 2011, 10:58:38 am »
I am getting an error everytime I save changes made in the mailfilter
I have tried disabling the mailfilter module with:
Any help would be apprieciated!
Code: [Select]
Some modules reported error when saving changes . More information on the logs in /var/log/ebox/
The following modules failed while saving their changes, their state is unknown: mailfilter Also the antispam filter will not start. Here are the lines from the ebox.log:Code: [Select]
2011/04/04 09:55:44 DEBUG> ModelManager.pm:365 EBox::Model::ModelManager::modelActionTaken - Notifying /zarafa/VMailDomain/
2011/04/04 09:56:08 INFO> Global.pm:535 EBox::Global::saveAllModules - Saving config and restarting services: firewall mail zarafa mailfilter logs
2011/04/04 09:56:08 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: firewall
2011/04/04 09:56:17 INFO> Base.pm:773 EBox::Module::Base::_hook - Running hook: /etc/ebox/hooks/firewall.postservice 1
2011/04/04 09:56:17 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: mail
2011/04/04 09:56:25 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: zarafa
2011/04/04 09:56:30 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: mailfilter
2011/04/04 09:56:33 ERROR> Ldap.pm:701 EBox::Ldap::_errorOnLdap - $VAR1 = {
'changes' => [
'replace',
[
'amavisBypassVirusChecks',
'FALSE'
]
]
};
2011/04/04 09:56:33 ERROR> Ldap.pm:703 EBox::Ldap::_errorOnLdap - Unknown error at EBox::Ldap::modifyAttribute attribute 'amavisBypassVirusChecks' not allowed
2011/04/04 09:56:33 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: logs
2011/04/04 09:56:34 ERROR> Global.pm:632 EBox::Global::saveAllModules - The following modules failed while saving their changes, their state is unknown: mailfilter
I have tried disabling the mailfilter module with:
Quote
sudo /usr/share/ebox/ebox-unconfigure-module mailfilterand then reinstalling it via the desktop but still get the same problem, here's the ebox.log:
Code: [Select]
2011/04/04 10:47:34 DEBUG> UsersAndGroups.pm:922 EBox::UsersAndGroups::addUser - Missing argument: Password
2011/04/04 10:48:17 INFO> Global.pm:535 EBox::Global::saveAllModules - Saving config and restarting services: firewall mailfilter mail zarafa webserver logs
2011/04/04 10:48:17 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: firewall
2011/04/04 10:48:27 INFO> Base.pm:773 EBox::Module::Base::_hook - Running hook: /etc/ebox/hooks/firewall.postservice 1
2011/04/04 10:48:27 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: mailfilter
2011/04/04 10:48:31 ERROR> Ldap.pm:701 EBox::Ldap::_errorOnLdap - $VAR1 = {
'changes' => [
'replace',
[
'amavisBypassVirusChecks',
'FALSE'
]
]
};
2011/04/04 10:48:31 ERROR> Ldap.pm:703 EBox::Ldap::_errorOnLdap - Unknown error at EBox::Ldap::modifyAttribute attribute 'amavisBypassVirusChecks' not allowed
2011/04/04 10:48:31 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: mail
2011/04/04 10:48:38 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: zarafa
2011/04/04 10:48:43 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: webserver
2011/04/04 10:48:44 ERROR> Sudo.pm:212 EBox::Sudo::_rootError - root command ls /etc/apache2/sites-available/ebox-* failed.
Error output: ls: cannot access /etc/apache2/sites-available/ebox-*: No such file or directory
Command output: .
Exit value: 2
2011/04/04 10:48:45 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: logs
2011/04/04 10:48:45 ERROR> Global.pm:632 EBox::Global::saveAllModules - The following modules failed while saving their changes, their state is unknown: mailfilter
Any help would be apprieciated!
37
Installation and Upgrades / HELP: network bonding broken with recent zentyal update
« on: April 01, 2011, 12:19:07 pm »
I was happily using a pair of bonded NIC until recently. I tried a fresh install of ubuntu and everything works fine until I install zentyal and enable the networking module. I have a network.postsetconfig script to prevent zentyal overwritting the /etc/network/interface file.
Here are the relavant lines from the syslog:
Resetting the network interfaces solves the problem
here is the contents of my /etc/network/interface file:
Here are the relavant lines from the syslog:
Code: [Select]
Apr 1 11:06:04 Server64 kernel: [ 11.161659] Ethernet Channel Bonding Driver: v3.5.0 (November 4, 2008)
Apr 1 11:06:04 Server64 kernel: [ 11.161664] bonding: Warning: either miimon or arp_interval and arp_ip_target module parameters must be specified, otherwise bonding will not detect link failures! see bonding.txt for details.
Apr 1 11:06:04 Server64 kernel: [ 11.165760] bonding: bond0: doing slave updates when interface is down.
Apr 1 11:06:04 Server64 kernel: [ 11.165767] bonding: bond0: Adding slave eth1.
Apr 1 11:06:04 Server64 kernel: [ 11.165770] bonding bond0: master_dev is not up in bond_enslave
Apr 1 11:06:04 Server64 kernel: [ 11.193159] bonding: bond0: enslaving eth1 as an active interface with an up link.
Apr 1 11:06:04 Server64 kernel: [ 11.195824] bonding: bond0: doing slave updates when interface is down.
Apr 1 11:06:04 Server64 kernel: [ 11.195828] bonding: bond0: Adding slave eth2.
Apr 1 11:06:04 Server64 kernel: [ 11.195830] bonding bond0: master_dev is not up in bond_enslave
Apr 1 11:06:04 Server64 kernel: [ 11.291776] bonding: bond0: Warning: failed to get speed and duplex from eth2, assumed to be 100Mb/sec and Full.
Apr 1 11:06:04 Server64 kernel: [ 11.291791] bonding: bond0: enslaving eth2 as an active interface with an up link.
Apr 1 11:06:04 Server64 kernel: [ 11.292723] bonding: bond0: setting mode to balance-rr (0).
Apr 1 11:06:04 Server64 kernel: [ 11.292758] bonding: bond0: Setting MII monitoring interval to 100.
Apr 1 11:06:04 Server64 kernel: [ 11.292787] bonding: bond0: Setting up delay to 100.
Apr 1 11:06:04 Server64 kernel: [ 11.292809] bonding: bond0: Setting down delay to 100.
Apr 1 11:06:04 Server64 kernel: [ 11.299371] bonding: bond0: link status down for interface eth2, disabling it in 100 ms.
Apr 1 11:06:05 Server64 kernel: [ 11.402539] bonding: bond0: link status definitely down for interface eth2, disabling it
Apr 1 11:06:06 Server64 kernel: [ 12.902508] bonding: bond0: link status up for interface eth2, enabling it in 100 ms.
Apr 1 11:06:06 Server64 kernel: [ 13.012519] bonding: bond0: link status definitely up for interface eth2.
Apr 1 11:06:35 Server64 kernel: [ 41.610984] bonding: bond0: doing slave updates when interface is down.
Apr 1 11:06:35 Server64 kernel: [ 41.610989] bonding: bond0: Removing slave eth1
Apr 1 11:06:35 Server64 kernel: [ 41.610993] bonding: bond0: Warning: the permanent HWaddr of eth1 - 00:e0:4c:68:1a:c9 - is still in use by bond0. Set the HWaddr of eth1 to a different address to avoid conflicts.
Apr 1 11:06:35 Server64 kernel: [ 41.610996] bonding: bond0: releasing active interface eth1
Apr 1 11:06:35 Server64 kernel: [ 41.702351] bonding: bond0: doing slave updates when interface is down.
Apr 1 11:06:35 Server64 kernel: [ 41.702354] bonding: bond0: Removing slave eth2
Apr 1 11:06:35 Server64 kernel: [ 41.702356] bonding: bond0: releasing active interface eth2
Apr 1 11:06:45 Server64 kernel: [ 52.004033] bonding: bond0: doing slave updates when interface is down.
Apr 1 11:06:45 Server64 kernel: [ 52.004039] bonding: bond0: Adding slave eth1.
Apr 1 11:06:45 Server64 kernel: [ 52.004042] bonding bond0: master_dev is not up in bond_enslave
Apr 1 11:06:45 Server64 kernel: [ 52.043026] bonding: bond0: enslaving eth1 as an active interface with an up link.
Apr 1 11:06:45 Server64 kernel: [ 52.045587] bonding: bond0: doing slave updates when interface is down.
Apr 1 11:06:45 Server64 kernel: [ 52.045592] bonding: bond0: Adding slave eth2.
Apr 1 11:06:45 Server64 kernel: [ 52.045594] bonding bond0: master_dev is not up in bond_enslave
Apr 1 11:06:45 Server64 kernel: [ 52.151701] bonding: bond0: enslaving eth2 as an active interface with a down link.
Apr 1 11:06:45 Server64 kernel: [ 52.152471] bonding: bond0: setting mode to balance-rr (0).
Apr 1 11:06:45 Server64 kernel: [ 52.152502] bonding: bond0: Setting MII monitoring interval to 100.
Apr 1 11:06:45 Server64 kernel: [ 52.152504] bonding: bond0: Note: Updating updelay (to 100) since it is a multiple of the miimon value.
Apr 1 11:06:45 Server64 kernel: [ 52.152506] bonding: bond0: Note: Updating downdelay (to 100) since it is a multiple of the miimon value.
Apr 1 11:06:45 Server64 kernel: [ 52.152539] bonding: bond0: Setting up delay to 100.
Apr 1 11:06:45 Server64 kernel: [ 52.152560] bonding: bond0: Setting down delay to 100.
Apr 1 11:06:45 Server64 kernel: [ 52.252524] bonding: bond0: link status definitely up for interface eth1.
Apr 1 11:06:47 Server64 kernel: [ 53.750020] bonding: bond0: link status up for interface eth2, enabling it in 100 ms.
Apr 1 11:06:47 Server64 kernel: [ 53.852520] bonding: bond0: link status definitely up for interface eth2.
Apr 1 11:09:06 Server64 kernel: [ 193.053774] bonding: bond0: link status down for interface eth1, disabling it in 100 ms.
Apr 1 11:09:07 Server64 kernel: [ 193.152580] bonding: unable to update mode of bond0 because interface is up.
Apr 1 11:09:07 Server64 kernel: [ 193.153802] bonding: bond0: link status down for interface eth2, disabling it in 100 ms.
Apr 1 11:09:07 Server64 kernel: [ 193.153806] bonding: bond0: link status definitely down for interface eth1, disabling it
Apr 1 11:09:07 Server64 kernel: [ 193.153810] bonding: bond0: now running without any active interface !
Apr 1 11:09:07 Server64 kernel: [ 193.166774] bonding: bond0: Setting MII monitoring interval to 100.
Apr 1 11:09:07 Server64 kernel: [ 193.166776] bonding: bond0: Note: Updating updelay (to 100) since it is a multiple of the miimon value.
Apr 1 11:09:07 Server64 kernel: [ 193.166779] bonding: bond0: Note: Updating downdelay (to 100) since it is a multiple of the miimon value.
Apr 1 11:09:07 Server64 kernel: [ 193.166807] bonding: bond0: Setting up delay to 100.
Apr 1 11:09:07 Server64 kernel: [ 193.166829] bonding: bond0: Setting down delay to 100.
Apr 1 11:09:07 Server64 kernel: [ 193.253772] bonding: bond0: link status definitely down for interface eth2, disabling it
Resetting the network interfaces solves the problem
here is the contents of my /etc/network/interface file:
Code: [Select]
# The loopback network interface
auto lo eth0 bond0
iface lo inet loopback
# The primary network interface
iface eth0 inet static
address 192.168.0.3
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.255
gateway 192.168.0.1
iface bond0 inet static
address 10.0.0.1
netmask 255.255.255.0
broadcast 10.0.0.255
network 10.0.0.0
bond_mode 0
bond_miimon 100
bond_updelay 100
bond_downdelay 100
slaves eth1 eth2
38
Installation and Upgrades / Help needed: setup of 2 zentyal servers
« on: March 23, 2011, 03:58:50 am »
Hopefully someone will be able to answer a few queries. I currently have a single zentyal server acting as pretty much everything plus running zoneminder which is very CPU intensive and is becoming slower with more cameras added. What I would like to do is set up 2 servers:
Server 1:
gateway/proxy/firewall, etc
webserver
zoneminder
dhcp/dns server
Server 2:
PDC with LDAP
WINS server
printer server
mail server
(possibly in the future VoIP)
How do I configure the following:
1. access to the webmail from server 1 - will in need to setup server 1 as a LDAP slave to server 2 to do this?
2. DNS on server 2 to allow the mail server to use the same domain as server 1
3. is there anything else I need to consider/configure?
Thanks
Server 1:
gateway/proxy/firewall, etc
webserver
zoneminder
dhcp/dns server
Server 2:
PDC with LDAP
WINS server
printer server
mail server
(possibly in the future VoIP)
How do I configure the following:
1. access to the webmail from server 1 - will in need to setup server 1 as a LDAP slave to server 2 to do this?
2. DNS on server 2 to allow the mail server to use the same domain as server 1
3. is there anything else I need to consider/configure?
Thanks
39
Installation and Upgrades / error creating user account for mail
« on: March 17, 2011, 10:57:46 pm »
Got the following error when trying to create a new mail account for existing user:
Here is the technical details as reported by ebox:
Any help would be great, thanks
Code: [Select]
Unknown error at EBox::MailUserLdap::setUserAccount objectClass: value #0 invalid per syntax Here is the technical details as reported by ebox:
Code: [Select]
Trace
Unknown error at EBox::MailUserLdap::setUserAccount objectClass: value #0 invalid per syntax at /usr/share/perl5/EBox/Ldap.pm line 703
EBox::Ldap::_errorOnLdap('Net::LDAP::Modify=HASH(0x7f3559614228)', 'HASH(0x7f3559557f20)') called at /usr/share/perl5/EBox/Ldap.pm line 364
EBox::Ldap::modify('EBox::Ldap=HASH(0x7f35566a2f30)', 'uid=adrian,ou=Users,dc=server64,dc=cable,dc=virginmedia,dc=net', 'HASH(0x7f3559557f20)') called at /usr/share/perl5/EBox/MailUserLdap.pm line 111
EBox::MailUserLdap::setUserAccount('EBox::MailUserLdap=HASH(0x7f3559632028)', 'adrian', 'adrian.jones', 'daviesandjones.com', 0) called at /usr/share/perl5/EBox/CGI/Mail/CreateAccount.pm line 57
EBox::CGI::Mail::CreateAccount::_process('EBox::CGI::Mail::CreateAccount=HASH(0x7f35595ecb50)') called at /usr/share/perl5/EBox/CGI/Base.pm line 262
EBox::CGI::Base::run('EBox::CGI::Mail::CreateAccount=HASH(0x7f35595ecb50)') called at /usr/share/perl5/EBox/CGI/Run.pm line 120
EBox::CGI::Run::run('EBox::CGI::Run', 'Mail/CreateAccount', 'EBox') called at /usr/share/ebox/cgi/ebox.cgi line 35
ModPerl::ROOT::ModPerl::Registry::usr_share_ebox_cgi_ebox_2ecgi::handler('Apache2::RequestRec=SCALAR(0x7f3559555910)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
eval {...} called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
ModPerl::RegistryCooker::run('ModPerl::Registry=HASH(0x7f35595c7328)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 170
ModPerl::RegistryCooker::default_handler('ModPerl::Registry=HASH(0x7f35595c7328)') called at /usr/lib/perl5/ModPerl/Registry.pm line 31
ModPerl::Registry::handler('ModPerl::Registry', 'Apache2::RequestRec=SCALAR(0x7f3559555910)') called at -e line 0
eval {...} called at -e line 0Any help would be great, thanks
40
Installation and Upgrades / HOW TO: Map samba shares as network drives for XP clients and redirect My Docs
« on: February 12, 2011, 01:56:46 pm »
Following on from this excellent post on mapping samba shares as networked drives for XP clients:
http://forum.zentyal.org/index.php?topic=2019.0
I have tried to collate some information to make this more useful and also redirect "My Documents" to the users /home folder.
Ok to make this work properly you need to have the appropriate logon.bat, logon.vbs file, a separate vbs file to map my documents called map_mydocs.vbs and a file to make the changes to samba configuration.
1. create a logon.bat file:
2. create the logon.vbs as per the original post:
3. Then create the script map_mydocs.vbs:
You will also need to remove the line from smb.conf that maps the /home folder to H:
The samba.postsetconf script is called just as before samba is started and will make the appropriate alterations to the smb.conf which would otherwise be overwritten by zentyal
Please post any glaring errors or typos or any useful amendments
Thanks to the guys who post on the original thread
http://forum.zentyal.org/index.php?topic=2019.0
I have tried to collate some information to make this more useful and also redirect "My Documents" to the users /home folder.
Ok to make this work properly you need to have the appropriate logon.bat, logon.vbs file, a separate vbs file to map my documents called map_mydocs.vbs and a file to make the changes to samba configuration.
1. create a logon.bat file:
Code: [Select]
nano /home/samba/netlogon/logon.batpaste the following:Quote
@echo off
REM removes any network drives in use by user
@if exist h: net use h: /delete /yes
@if exist g: net use g: /delete /yes
#@if exist p: net use p: /delete /yes #repeat this for any other mapped drives
REM Maps shares as network drives
cscript \\yourservername\netlogon\logon.vbs
REM Syncronize the time on the workstation to that of the server.
net time \\yourservername /set /yes
REM Map "My Documents" to the user's G: Drive
if EXIST "G:\" (
cscript "\\yourservername\netlogon\map_mydocs.vbs"
)
2. create the logon.vbs as per the original post:
Code: [Select]
nano /home/samba/netlogon/logon.vbspaste the following: Code: [Select]
'First make sure all variables are dimensioned.
'This isn't necessary for functionality; it's for coding discipline only.
Option Explicit
'dimension all our variables
dim objNetwork
dim strDriveLetter, strRemotePath, strUser, strGrp
dim strGroupADSPath, strUserADSPath, grp
'This script will use the MapNetworkDrive method
'for each network drive mapped.
'We'll be using the Wscript.Network Object to enumerate the user as well as to map drives.
'We only need to instantiate it once at the beginning.
Set objNetwork = Wscript.CreateObject("Wscript.Network")
'First let's get the user name since we'll use it for mapping the home directory
'as well as checking group memberships.
strUser = objNetwork.UserName
'In just about every network at least two drives are mapped:
'One for the user's home directory, and one for an organizational public share.
'We'll map those first since they don't depend on group memberships.
'User Drive to G:
strDriveLetter = "G:"
strRemotePath = "\\yourservername"
objNetwork.MapNetworkDrive strDriveLetter, strRemotePath & "\" & strUser
'PublicShare Drive to P:
strDriveLetter = "P:"
strRemotePath = "\\yourservername\public"
objNetwork.MapNetworkDrive strDriveLetter, strRemotePath
'next we'll enumerate groups and map drives for specific departmental memberships
'The code to check for memberships and map the drives is in a subroutine called IsMember.
'All we have to do is copy the same block over again for each group membership we want to check.
'The block only needs to set the string values for the group name, the desired drive letter, and the share path.
'Then it calls the IsMember subroutine down below.
'Q: for members of groupq
strGrp="groupq"
strDriveLetter = "q:"
strRemotePath = "\\yourservername\groupqpvt"
IsMember
'R: for members of groupr
strGrp="groupr"
strDriveLetter = "R:"
strRemotePath = "\\yourservername\grouprpvt"
IsMember
'Repeat for as many private groups and their respective enumerated shares as you wish.
'We're done with the login script.
'Let's tidy up variables first to make sure we're not leaving anything behind.
objNetwork = ""
strDriveLetter = ""
strRemotePath = ""
strUser = ""
strGrp = ""
strGroupADSPath = ""
strUserADSPath = ""
grp = ""
'That's all. Close the script processor.
wscript.quit
sub IsMember
'set the directory service path to enumerate the group
strGroupADSPath = "WinNT://yourdomain/" & strGrp & ",group"
'poll the PDC for the group
set grp = GetObject(strGroupADSPath)
'set the user directory service path to enumerate the user
strUserADSPath = "WinNT://yourdomain/" & strUser
'Check membership in the group.
If (grp.IsMember(strUserADSPath)) Then
'map the drive
objNetwork.MapNetworkDrive strDriveLetter, strRemotePath
End If
'clean up variables for next group check.
strGrp = ""
strDriveLetter = ""
strRemotePath = ""
'Rinse, lather and repeat this code as many times as needed.
End sub
3. Then create the script map_mydocs.vbs:
Code: [Select]
nano /home/samba/netlogon/map_mydocs.vbspaste the following:Code: [Select]
Dim WSHShell
Set WSHShell = CreateObject("WScript.Shell")
WSHShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal", "G:\"
You will also need to remove the line from smb.conf that maps the /home folder to H:
Code: [Select]
nano /etc/ebox/hooks/samba.postsetconfpaste the following:Code: [Select]
#!/bin/sh
sed -i '/logon drive =/ d' /etc/samba/smb.conf
exit 0
Make the file executable:Code: [Select]
chmod +x /etc/ebox/hooks/samba.postsetconfThe samba.postsetconf script is called just as before samba is started and will make the appropriate alterations to the smb.conf which would otherwise be overwritten by zentyal
Please post any glaring errors or typos or any useful amendments
Thanks to the guys who post on the original thread
41
Installation and Upgrades / URGENT: CUPS add printer username and password not allowing access!!
« on: February 04, 2011, 11:00:29 am »
I've got a major problem adding printers. I can access the CUPS web interface and can get as far as selecting the printer model but I repeatedly get asked for the username and password to add the printer even when the administrator password/username is used. How do I get around this as I can't add any printers? Thanks
Here is my cupsd.conf file:
Here is my cupsd.conf file:
Code: [Select]
LogLevel debug
SystemGroup lpadmin
# Allow remote access
Port 631
Listen /var/run/cups/cups.sock
SSLListen 10.0.0.1:631
SSLListen 192.168.0.2:631
# Disable printer sharing and shared printers.
Browsing Off
DefaultAuthType Basic
<Location />
# Allow remote administration...
Allow localhost
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin>
Encryption Required
Require group lpadmin
# Allow remote administration...
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin/conf>
AuthType Basic
Require group lpadmin
# Allow remote access to the configuration files...
Order allow,deny
Allow @LOCAL
</Location>
<Location /printers>
Order allow,deny
Allow from all
</Location>
<Location /jobs>
Order allow,deny
Allow from all
</Location>
<Policy default>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER
Require group lpadmin
Order deny,allow
Satisfy any
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Basic
Require group lpadmin
Order deny,allow
Satisfy any
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Basic
Require group lpadmin
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER
Require group lpadmin
Order deny,allow
Satisfy any
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
42
Installation and Upgrades / Antivirus Update failed
« on: January 20, 2011, 02:57:00 pm »
The Zentyal web interface states that the antivirus database is out of date and that the last update was on the install day.
I have manually updated clamav with freshclam, and the logs say it is being successfully updated via the cron job.
Any idea why the interface module is incorrect?
Thanks
I have manually updated clamav with freshclam, and the logs say it is being successfully updated via the cron job.
Any idea why the interface module is incorrect?
Thanks
43
Installation and Upgrades / Samba shares over VPN
« on: January 09, 2011, 09:39:32 pm »
Having difficulty accessing samba shares via a VPN. The Windows client connects OK to VPN and obtains the appropriate IP but I cannot browse the samba shares. I can access the zentyal dashboard via the browser on the VPN IP address.
I have opened the inward VPN port on the fire wall and the outward port is enabled as "any service" to "any port". I have tried disabling the windows firewall which made no difference.
I have PAM enabled to give real local user accounts.
The documentation here http://doc.zentyal.org/en/vpn.html?highlight=vpn says:
Also do I need to open any other ports either on the firewall or the router other than for the VPN?
Does the zentyal server need to be a PDC?
Does the remote windows PC need to be in the same workgroup or domain as the zentyal VPN server?
The remote PC is connecting through a HTTP proxy, will this make a difference?
Grateful for any help, I think I'm very close to making it work!
Thanks
I have opened the inward VPN port on the fire wall and the outward port is enabled as "any service" to "any port". I have tried disabling the windows firewall which made no difference.
I have PAM enabled to give real local user accounts.
The documentation here http://doc.zentyal.org/en/vpn.html?highlight=vpn says:
Quote
Also, to browse shared files from the VPN [3] you must explicitly allow the broadcast traffic of the Samba server.but I am not sure how to do this?
Also do I need to open any other ports either on the firewall or the router other than for the VPN?
Does the zentyal server need to be a PDC?
Does the remote windows PC need to be in the same workgroup or domain as the zentyal VPN server?
The remote PC is connecting through a HTTP proxy, will this make a difference?
Grateful for any help, I think I'm very close to making it work!
Thanks
44
Installation and Upgrades / Samba & permission problems
« on: January 03, 2011, 06:34:33 pm »
I am having serious problems allowing any users to access samba shares that are not created in /home/samba/share
I have a directory on a separate partition that I would like to access via samba. I have set this up in zentyal and it appears as a share within the workgroup by I cannot get any users to access it. I am fairly convinced it is a permission problem on the directory itself.
I have tried:
1. setting the user permissions to 'root', 'ebox' and 'sysadmin' (my privileged user);
2. setting the group permissions to '__USERS__' and 'users' (which is group I created in zentyal);
3. enabling 'guest use';
4. setting the directory permissions to 777 (read, write, executable by all everyone);
I don't really understand the relationship between LDAP groups/users and system groups/users. I have enabled PAM settings in order to give the LDAP users a system account - but the users created do not seem to be listed as system users
Please can some one help???
I have a directory on a separate partition that I would like to access via samba. I have set this up in zentyal and it appears as a share within the workgroup by I cannot get any users to access it. I am fairly convinced it is a permission problem on the directory itself.
I have tried:
1. setting the user permissions to 'root', 'ebox' and 'sysadmin' (my privileged user);
2. setting the group permissions to '__USERS__' and 'users' (which is group I created in zentyal);
3. enabling 'guest use';
4. setting the directory permissions to 777 (read, write, executable by all everyone);
I don't really understand the relationship between LDAP groups/users and system groups/users. I have enabled PAM settings in order to give the LDAP users a system account - but the users created do not seem to be listed as system users
Please can some one help???
45
Installation and Upgrades / [SOLVED] custom samba config
« on: December 29, 2010, 11:33:31 am »
In order to allow multiple user access to a MS ACCESS database, I need to add the line
I know that zentyal will over write any changes I make directly to the file and will have to use a script in the /etc/ebox/hooks/ directory. My problem is adding the line to the correct part of the file. Here's my script:
The problem is that I need it inserted after the share expression [share], this script currently places it at the end of the file.
Any suggestions?
Code: [Select]
veto oplocks = *.mdbto the smb.confI know that zentyal will over write any changes I make directly to the file and will have to use a script in the /etc/ebox/hooks/ directory. My problem is adding the line to the correct part of the file. Here's my script:
Code: [Select]
#!/bin/sh
if grep "veto oplocks" /etc/network/interfaces >/dev/null; then
exit 0
fi
echo veto oplocks = *mdb >> /etc/samba/smb.conf
exit 0The problem is that I need it inserted after the share expression [share], this script currently places it at the end of the file.
Any suggestions?