Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Daniel Joven

Pages: 1 2 [3] 4
Installation and Upgrades / Re: can't log in Webadmin
« on: May 21, 2021, 05:48:51 pm »
Hi Denis,

Can you please provide us more details?

* Which Zentyal version are you using?

* Is the service 'mysql' running correctly?
Code: [Select]
sudo systemctl status mysql

* Do you see any error in the following log files?
  • /var/log/mysql/error.log
  • /var/log/syslog

Best regards, Daniel Joven.


The error that you are getting is:

Code: [Select]
./ line 54: checkBrokenPackages: command not found

Basically, the function 'postUpgradeProcedure' doesn't recognize the other function 'checkBrokenPackages'. So, make sure that this last function is present in your script.

Best regards, Daniel Joven.

Hi guys,

There is an open issue in Github related to this DNS resolution issue, you can check it out here:


Solved but not quite solved.
After I made some updates that appeared after I modified the file as you said, after restarted the system, the file was re-written without the modification and I was forced to insert the parameter again.

If you set that configuration parameter in the stub located at '/usr/share/zentyal/stubs/dns' and you lost it after restarting the DNS module, it is because you have another stub located at '/etc/zentyal/stubs/dns', and this directory has more priority than the other.

Moreover, in Dashboard, at Core version, is written 7.0.3 (available).
If I check from Software Management, the messages said that no updates are available.
If I check from CLI, same messages.

Code: [Select]
:~$ sudo apt-get update
Hit:1 focal InRelease
Hit:2 focal-updates InRelease
Hit:3 focal-backports InRelease
Hit:4 7.0 InRelease
Hit:5 focal InRelease
Hit:6 focal-security InRelease
Reading package lists... Done
:~$ sudo apt-get install zentyal-core
Reading package lists... Done
Building dependency tree
Reading state information... Done
zentyal-core is already the newest version (7.0.3).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
:~$ sudo apt-get install zentyal-software
Reading package lists... Done
Building dependency tree
Reading state information... Done
zentyal-software is already the newest version (7.0.0).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

I will check it as soon as I can and I let you know.

Best regards, Daniel Joven.

Hi grolon (Buenas tardes :D),

Probably, you will need to load the profile before fixing the packages. Please, try the following:

1. Unlink the disabled profile:

Code: [Select]
sudo unlink /etc/apparmor.d/disable/usr.sbin.dhcpd

2. Load the DHCP profile

Code: [Select]
apparmor_parser -r /etc/apparmor.d/usr.sbin.dhcpd

3. Check that it was correctly loaded:

Code: [Select]

The output that should be displayed:

Code: [Select]
apparmor module is loaded.
4 profiles are loaded.
4 profiles are in enforce mode.

4. Try one more time to repair the broken packages.

Best regards, Daniel Joven.


The cause of the error is that the DHCP profile doesn't exist. Confirm that the profile '/etc/apparmor.d/usr.sbin.dhcpd' doesn't exists. If this is the case, do the following:

1. Create the profile '/etc/apparmor.d/usr.sbin.dhcpd' with the following content:

Code: [Select]
# vim:syntax=apparmor
# Last Modified: Mon Jan 25 11:06:45 2016
# Author: Jamie Strandboge <>

#include <tunables/global>

/usr/sbin/dhcpd {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/ssl_keys>

  capability chown,
  capability net_bind_service,
  capability net_raw,
  capability setgid,
  capability setuid,

  network inet raw,
  network packet packet,
  network packet raw,

  @{PROC}/[0-9]*/net/dev r,
  @{PROC}/[0-9]*/net/{dev,if_inet6} r,
  owner @{PROC}/@{pid}/comm rw,
  owner @{PROC}/@{pid}/task/[0-9]*/comm rw,

  /etc/hosts.allow r,
  /etc/hosts.deny r,

  /etc/dhcp/ r,
  /etc/dhcp/** r,
  /etc/dhcpd{,6}.conf r,
  /etc/dhcpd{,6}_ldap.conf r,

  /usr/sbin/dhcpd mr,

  /var/lib/dhcp/dhcpd{,6}.leases* lrw,
  /var/log/ r,
  /var/log/** rw,
  /{,var/}run/{,dhcp-server/}dhcpd{,6}.pid rw,

  # isc-dhcp-server-ldap
  /etc/ldap/ldap.conf r,

  # LTSP. See:
  /etc/ltsp/ r,
  /etc/ltsp/** r,
  /etc/dhcpd{,6}-k12ltsp.conf r,
  /etc/dhcpd{,6}.leases* lrw,
  /ltsp/ r,
  /ltsp/** r,

  # Eucalyptus
  /{,var/}run/eucalyptus/net/ r,
  /{,var/}run/eucalyptus/net/** r,
  /{,var/}run/eucalyptus/net/*.pid lrw,
  /{,var/}run/eucalyptus/net/*.leases* lrw,
  /{,var/}run/eucalyptus/net/*.trace lrw,

  # wicd
  /var/lib/wicd/* r,

  # access to bind9 keys for dynamic update
  # It's expected that users will generate one key per zone and have it
  # stored in both /etc/bind9 (for bind to access) and /etc/dhcp/ddns-keys
  # (for dhcpd to access).
  /etc/dhcp/ddns-keys/** r,

  # allow packages to re-use dhcpd and provide their own specific directories
  #include <dhcpd.d>

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.sbin.dhcpd>

2. Set the right permission to the file:

Code: [Select]
sudo chmod 0644 /etc/apparmor.d/usr.sbin.dhcpd
sudo root:root /etc/apparmor.d/usr.sbin.dhcpd

3. Unlink the disabled profile:

Code: [Select]
sudo unlink /etc/apparmor.d/disable/usr.sbin.dhcpd

3. Try to fix the broken packages again:

Code: [Select]
sudo dpkg --configure -a

Best regards, Daniel Joven.

Installation and Upgrades / Re: error mail upgrade 6 to 7 version
« on: March 29, 2021, 06:49:39 pm »
Hi havacuban,

It seems that you have issue with the special mail user of your Domain Controller. Did you do anything to this user?

Aparently, you have at least two errors:

One error is: 'The request is a bind request to a user account that has been locked'. You can do the following to try to solve this error:

1. Check the name of the user.

Code: [Select]
samba-tool user list | grep 'zentyal-mail-'

2. Check if the user is locked:

ldbedit -Lv -u name_of_the_user | grep 'Account Flags'

NOTE: If it has the flag 'D' it means that it disabled

2.1 To unlock the user:

Code: [Select]
samba-tool user enable name_of_the_user

3. Restart the mail module and check if the error have disappeared.

And the other error is: 'he password fails to meet the criteria the server is configured to check'. Do you remember if you change his password? Please, take a look at the file '/var/lib/zentyal/conf/zentyal-mail-your_user_name.passwd' and check if the file was changed recently. In case it doesn't, you could try to set the same password to the user and restart again the Mail module.

Code: [Select]
smbpasswd name_of_the_user

Hope it helps.

Best regards, Daniel Joven.

Hi Deslack,

It seems that you upgraded the Zentyal 6.2 server using an old version of zentyal-core package (6.2.9 is the latest version).

The error that you are getting is caused because the default certificate key size was 1024 in Ubuntu 18.04 and it is too small in the current version. Below you have the link of the script that upgrades the Zentyal 6.2 to 7.0, in the line '243' you have the commands that you need to run to fix your issue.


Also, I recommend you to check if you need to run the rest of the command within the function 'postUpgradeProcedure'.

Best regards, Daniel Joven.

Hi grolon,

The error is:

Code: [Select]
ln: failed to create symbolic link '/etc/apparmor.d/disable/usr.sbin.dhcpd': File exists

Try to unlink/move/remove that file.

Then, fix the broken packages with the following command:

Code: [Select]
sudo dpkg --configure -a

NOTE: Sometimes, the above command must be executed a few times.

Best regards, Daniel Joven.

Hi Gabriel and thank you for your feedback,

I could reproduce the error and it seems to be related to DNSSEC. Please, add the following parameter below the option 'auth-nxdomain' in the stub '/usr/share/zentyal/stubs/dns/named.conf.options.mas':

Code: [Select]
dnssec-validation yes;

Then, restart the DNS module:

sudo zs dns restart

Finally, check the DNS resolution.

Best regards, Daniel Joven.

Installation and Upgrades / Re: error proxy upgrade 6.2 to 7
« on: March 29, 2021, 12:42:33 pm »

The command which thrown the error (is more a warning that an error) is almost at the end of the script. So, the critical functions of the upgrade were executed. Did you check the stability of the Zentyal server after the upgrade?

Also, could you please run the following commands and send me the output? I would like to see why you got the error.

Code: [Select]
sudo echo ${HOSTNAME}
sudo samba-tool group listmembers DnsAdmins 2> /dev/null | grep -i "dns-${HOSTNAME}"

Best regards, Daniel Joven.


Thanks for the information.  Just to be clear, I run the specified commands from the upgrade script on my main system, do a backup, then also run the scripts on the disaster recovery machine, then do the restore?  I'll give this a try over the weekend.

Yes, you have to run those commands in the Zentyal server 7.0 which was upgraded from 6.2 in order to be able to restore a configuration backup.


This issue is answered in the following post (reply 1 and 4):


Best regards, Daniel Joven.


I have two machines with zentyal 6.2 and I have the offer on the web gui to upgrade to zentyal 7.0, however the process gets stuck on preparing. On both machines I have zentyal core 6.2.3, on web gui there is 6.2.8 suggestion (it redirects to doc page), but I cannot update it even via command line.
Any idea?
Thank you

You have to upgrade to 6.2.8 before attempting to upgrade to 7.0. Make sure you have a backup or snapshot before attempting an upgrade.

The latest version is 6.2.9.

After the upgrade dovecot IMAP service stopped working
In the mail.log file there are these warnings:
Code: [Select]
  dovecot: config: Warning: please set ssl_dh=</etc/dovecot/dh.pem
  config: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem
I tried to regenerate the "dh.pem" file with these methods:
Code: [Select]
  dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > dh.pem
  openssl dhparam -out dh.pem 4096
  openssl dhparam -out dh.pem 8192
  openssl genpkey -genparam -algorithm DH -out dh.pem -pkeyopt dh_paramgen_prime_len:4096
and modified ssl_dh option in  files /etc/dovecot/conf.d/10-ssl.conf and /usr/share/dovecot/conf.d/10-ssl.conf from /usr/share/dovecot/dh.pem to /etc/dovecot/dh.pem and his group from root to dovecot without success

I always got the error when mail client connect:
Code: [Select]
  dovecot: imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=...

Please, try to generate the key using the following command:

Code: [Select]
sudo openssl dhparam -out /etc/dovecot/dh.pem 4096

Then, set the correct permissions:

Code: [Select]
sudo chown root:root /etc/dovecot/dh.pem
sudo chmod 0644 /etc/dovecot/dh.pem

After that, add the following parameter to the stub '/usr/share/zentyal/stubs/mail/dovecot.conf.mas':

Code: [Select]
ssl_dh = </etc/dovecot/dh.pem

Finally, restart the Mail module:

Code: [Select]
sudo zs mail restart

Best regards, Daniel Joven.

Hi Daniel,

Yes, this was an upgrade from 6.2.


The issue that you are getting is caused by the new change of the DNS directory in Samba. Below you have a link to the upgrade script from Zentyal 6.2 where the issue and the workaround are reported and the commands to run (lines 279-286).



Did you upgrade your Zentyal 7.0 server from Zentyal 6.2?

As soon as I can, I will try to reproduce this behaviour.

Pages: 1 2 [3] 4