Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - compumatter

Pages: [1]
1
Other modules / Ghost Bridge Network Interfaces
« on: October 19, 2019, 04:12:15 am »
I have an odd one over here.

When logging into Zentyal at https://xx.xx.xx.xxx:8443 and selecting Networks > Interfaces on the left side it is showing me 2 bridges that I do not believe actually exist.

See https://compumatter.com/test/bridge-to-nowhere.jpg

I have not been able to figure out where they are getting implemented. 

I would want to get rid of these before I start using this hard drive to clone for other servers.... so it is of value for me to find out.

I have found these bridges named inside /etc/samba/smb.conf
  • interfaces = lo,br-0d0b2a704ac3,br-2497cdb58006,br1,eno1,br1,eno2

However that file seems to be populated by Zentyal dynamically...

There is no evidence of them within Netplan or Network/Interfaces

I don't know where they are coming from but Zentyal is loading them up and I want to get rid of them.

Has anyone run into this before?

Thanks.

Jay / CompuMatter

2
Hello and thank you for the use of this great product.

I have created a video on Youtube https://www.youtube.com/watch?v=esFxzF7NLKc to make it easier to understand the problem but also explain it in detail below.

I have placed my zentyal installation https://xx.xx.xxx.xxx:8443 under its own domain name for ease of use ie; https://control.mydomain.com

I am using Nginx standard virtual host setup coupled with putting a secure server cert in place.

The Zentyal UI comes up just fine.

However, when you login and click on Network > Interfaces and select any of the Interfaces ie; eno1, eno2 you will get an error

Wrong HTTP referer detected, operation cancelled for security reasons

I have found this error appears at many places in Zentyal only when used under the domain name.

It continues to behave normally if you login under the IP address.

This error can be seen also appearing in a zentyal log: sudo tail -f /var/log/zentyal/zentyal.log

Do you know a reason or solution for this issue?

Here is my Nginx server block with IP and Domain masked out
Code: [Select]
server {
    listen      80;
    server_name control.mydomain.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name control.mydomain.com;
    location / {
        proxy_pass https://xx.xx.xxx.xxx:8443;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade; # allow websockets
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP
    }
    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
}

What sayeth the group ?

Jay

3
Other modules / Network Object Greyed Out - Cannot Delete It
« on: November 06, 2017, 12:52:58 am »
First - thank you for creating an Community version of your product.  I am grateful for its existence.

Despite very aggressive attempts I cannot manage to delete a previously created Network > Objects item.

I have found a forum post here with the same problem: https://forum.zentyal.org/index.php/topic,24537.msg96917.html

However, that also would not work.  I am trying at this point to not require a full network lobotomy to resolve this issue.  See attached image and this youtube video I have created for you:


Thanks in advance for your thoughts.

Sincerely,

Jay Lepore
CompuMatter

4
Email and Groupware / Use Shared Calendar, Contacts (but not email)
« on: September 23, 2017, 01:32:01 am »
I have some clients that utilize the excellent Shared Calendar and Contacts of SOGo but not the email.

Every time they login, they must view email inbox etc that they are not using.

Is there any functionality that would disable one and perhaps take them straight to calendar upon login ?

Thanks.

Jay
CompuMatter

5
Other modules / Backup / Restore of Only Firewall Module
« on: August 14, 2017, 03:17:08 am »
I have run into situations where we wish to install Zentyal new on a server and because of our typical configuration we are always manually adding and editing the firewall services section and what is covered and what is not and on what ports...

We do not wish to 'save a backup' of an entire server, but we would really love to get a backup of those services  /  firewall settings.

Is that possible ?

Jay

6
    Hello,

    Here is the crux of the cracker.  When I save my Jabber settings or reboot the server the configuration file for Jabber (/etc/ejabberd/ejabberd.yml) is generated by Zentyal and it is wrong.

    It ends up looking something like this:

    • ldap_rootdn: "CN=zentyal-jabber-mydomainname,CN=Users,DC=domainmatter,DC=lan"
    • ldap_password: ""rDDmdsjsQrzKM/EYdvvYPN9"

    There is no user by that name in my Users list. I don't know where that user comes from and why it has ldap credentials to being with. 

    So I manually edited that file and changed the rootdn="first last" name to a user that I know exists and has Domain Admin privileges and set their password to the same one as saved in Zentyal Users for that user.

    I then restarted Jabber with sudo service ejabberd restart

I was immediately able to validate with no problems from client Pidgin IM software !!!

However any time I save Jabber, or reboot the computer, this ejabberd.yml file is changed to the WRONG credentials.

I have searched the web over and have not found this to be resolved or even discussed.

Can someone tell me where o where is this being set and how can I modify the LDAP creds coming from the Jabber module so they are correct

Here is an important foot note:

I added a new user by the name that was falsely shown in the ejabberd.yml file ie; zentyal-jabber-mydomain figuring I could set a password and maybe it would use this user. 
  • I was surprised when it gave me error and said "Accoun name zentylal-jabber-... already exists !!

So I have a phantom user but no way to control it.

What sayeth the group ?

Jay[/list]

7
Hello,

I have changed my servers hostname and then again... and now it is back to what it started with. 

I have found since then, Jabber will not bind to LDAP services see video?:

I took a screen shot of the servers /var/log/ejabberd/ejabberd.log flie at very moment that I tried to login with pidgin (see attached)

The video which just goes on and on shows reattempts are rejected:  https://www.youtube.com/watch?v=Q04hiVcKY2g

Credentials are correct.  They have been triple verified.

Finally, after exhausting all other avenues I unchecked Domain / File Sharing from the Zentyal Modules and completed purged and reintsalled all Jabber modules with:

    apt-get remove --purge zentyal-jabber
    apt-get remove --purge ejabberd
    apt-get autoremove --purge
    Turned off Module Domain Controller and File Sharing
    Saved everything
    Rebooted the server

When I logged in with  Pidgin and did ask me to approve the Secure Certificate which I said yes to.  However the moment I select 'Accept' it Pidgin returns error : "Lost connection with the server: Input/output error" with option to reconnect (but it will not connect)

Jabber was working with LDAP prior to the hostname changes.  Now it will not work at all. 

I do not know for sure if the LDAP errors are related to my Jabber problem of not connecting but I am suspecting it is. 

Also, I have found the file: https://github.com/processone/ejabberd/blob/master/src/eldap.erl which contains the code that spawns the error ie; report_bind_failure(S#eldap.host, S#eldap.port, Reason),

If anyone out there has run into this, I would be grateful for the solution.  Otherwise I will have to try radical maneuvers all the way up to a format reinstall. 

FOLLOW UP: Am experiencing the very same problem showing up in the nextcloud.log file of bind failure and 49.

So it's not a jabber thing, it's an ldap thing.

What sayeth the group.

Sincerely,

Jay
CompuMatter
www.compumatter.com


8
I just took over as server admin for a small business.  They ended their previous admin on a bad note.  They are afraid of him being able to remote in from the outside. 

I changed his password, ssh, sudoers etc so believe all is well.  The question I have is something in the sudoers file that I do not recognize. Since it is a Zentyal install I was wondering if someone in the group could tell me specifically if this command delivers remote access capability as I have not used remote-register myself.

See attached screen shot of the sudoers file.

john ALL = NOPASSWD:/usr/share/zenbuntu-desktop/remote-register

What sayeth the group ?

Jay
CompuMatter

Pages: [1]