Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / Printer Issues
« on: October 29, 2008, 03:13:51 am »
Well, I've finally got my printers all working in the domain environment, but I had to circumvent ebox to do it. I've got a laserjet 5N (which does not support postscript, but ebox only let me use postscript driver - no work), a HP M2727 (which basically worked ok) and a HP CP1518n (which ebox did not have in it's list of printers, but cups admin webpage did).
Basically ebox's method of supplying a list of printer makes/models is quite incomplete, I had a couple of printers I could not get working though this interface. The printers are however listed in the printer add menus for the cups web admin.
Would it be possible to basically replace the ebox printer add code with that from the cups web admin?
Aside from that, the biggest change I've made is via the cups admin (ie I won't t be able to do anything with the ebox printer admin without killing my changes), and I've set all the printers to raw driver. In cups admin, raw comes up in the list of manufacturers, so instead of selecting HP for example, I select RAW. This is great, because I can then use the point'n'print stuff to automatically install the printer drivers onto the server from any windows box, and then all the printers work with auto install of real drivers on any other windows box (which is what everyone but me uses on the domain).
Is there any easy way to add raw driver as an option in the ebox interface, then I can go back to using ebox to manage my printers, and not have to tip-toe around it?
Cheers,
Andrew
Basically ebox's method of supplying a list of printer makes/models is quite incomplete, I had a couple of printers I could not get working though this interface. The printers are however listed in the printer add menus for the cups web admin.
Would it be possible to basically replace the ebox printer add code with that from the cups web admin?
Aside from that, the biggest change I've made is via the cups admin (ie I won't t be able to do anything with the ebox printer admin without killing my changes), and I've set all the printers to raw driver. In cups admin, raw comes up in the list of manufacturers, so instead of selecting HP for example, I select RAW. This is great, because I can then use the point'n'print stuff to automatically install the printer drivers onto the server from any windows box, and then all the printers work with auto install of real drivers on any other windows box (which is what everyone but me uses on the domain).
Is there any easy way to add raw driver as an option in the ebox interface, then I can go back to using ebox to manage my printers, and not have to tip-toe around it?
Cheers,
Andrew
2
Installation and Upgrades / Cannot join samba domain
« on: October 20, 2008, 01:40:18 am »
Hello,
I'm running an ebox 0.12 system in PDC file sharing mode, and cannot add machines to the domain. It's an authrntication issue that I can't seem to troubleshoot. I can however connect to the server shares and the users authenticate fine that way.
Trying to conenct the computer names 'sleakwin' (win xp sp2) to the domain through system properties brings up the user name login box, I put in a user with file sharing authentication rights ticked in ebox, and get the "The user name could not be found".
Looking in /var/log/samba/sleakwin :
The log now has:
Any ideas?
Regards,
Andrew
I'm running an ebox 0.12 system in PDC file sharing mode, and cannot add machines to the domain. It's an authrntication issue that I can't seem to troubleshoot. I can however connect to the server shares and the users authenticate fine that way.
Trying to conenct the computer names 'sleakwin' (win xp sp2) to the domain through system properties brings up the user name login box, I put in a user with file sharing authentication rights ticked in ebox, and get the "The user name could not be found".
Looking in /var/log/samba/sleakwin :
Code: [Select]
[2008/10/20 10:03:08, 0] auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
[2008/10/20 10:03:08, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2008/10/20 10:03:09, 0] auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
[2008/10/20 10:03:09, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
Error: modifications require authentication at /usr/share/perl5/smbldap_tools.pm line 1083.
[2008/10/20 10:03:10, 0] passdb/pdb_interface.c:pdb_default_create_user(329)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w "sleakwin$"' gave 127
I run /usr/sbin/smbldap-useradd -w "sleakwin$" manually (logged in as root) and it works fine, running it a second time gives a user already exists error, so that's ok. But then back in windows when I try to join the domain again I get "Access is denied".The log now has:
Code: [Select]
[2008/10/20 10:21:27, 0] auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
[2008/10/20 10:21:27, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2008/10/20 10:30:49, 0] auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
[2008/10/20 10:30:49, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2008/10/20 10:30:50, 0] auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
[2008/10/20 10:30:50, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2008/10/20 10:30:50, 0] lib/smbldap.c:smbldap_open(1014)
smbldap_open: cannot access LDAP when not root..
So it appears that whatever it is trying to run the domain login stuff doesn't have authentication to the ldap, but I don't know which piece of software that is. I checked the /etc/smbldap-tools/smbldap_bind.conf file and it has the same dn/passwords as /etc/ldap/slapd.conf but I don't know what to look at next. Any ideas?
Regards,
Andrew
3
Installation and Upgrades / Minor problem with ebox web interface in Safari
« on: October 15, 2008, 02:22:21 am »
Hi, just a heads up on an interface issue I've run into with safari.
I don't think this is the authors fault as much as it's an annoying quirk in safari, but #anchors don't work, specifically the tabs in the DHCP module. Clicking on the Advanced tab does absolutely nothing.
Hovering the mouse over the link brings up "Go to #AdvancedOptions on this page" but clicking does not cause any action, nor does right-clicking and asking to open link in new window, no window is opened.
If I manually add #AdvancedOptions to the url the tab comes up fine, it's just the link itself that doesn't work.
It works fine in firefox.
By the looks of things it's this same problem: http://forums.macrumors.com/showthread.php?t=160409
Appears to be a much talked about issue with safari.
I don't know if it's enough of an issue to worry too much about fixing, but maybe make a note of the problem somewhere, and recommend people use firefox or something.
Thanks,
Andrew
I don't think this is the authors fault as much as it's an annoying quirk in safari, but #anchors don't work, specifically the tabs in the DHCP module. Clicking on the Advanced tab does absolutely nothing.
Hovering the mouse over the link brings up "Go to #AdvancedOptions on this page" but clicking does not cause any action, nor does right-clicking and asking to open link in new window, no window is opened.
If I manually add #AdvancedOptions to the url the tab comes up fine, it's just the link itself that doesn't work.
It works fine in firefox.
By the looks of things it's this same problem: http://forums.macrumors.com/showthread.php?t=160409
Appears to be a much talked about issue with safari.
I don't know if it's enough of an issue to worry too much about fixing, but maybe make a note of the problem somewhere, and recommend people use firefox or something.
Thanks,
Andrew
4
Installation and Upgrades / Removing Log File Spam: bdb_equality_candidates: (uid) not indexed not logged
« on: October 14, 2008, 01:08:59 am »
Hi,
My /var/log/ebox/ebox.log file is absolutely full of these lines, is there any way to suppress them, or update the slapd config to fix them?
I tried adding index clauses to slapd.conf and it restarted fine, but then ebox interface wouldn't work, gave errors I can't remember (I reversed the change immediately). Apparently these logged things are only a warning, it doesn't actually matter (other than slowing down ldap lookups somewhat) so I'm fine if the index has to left how it is, but can it get filtered out of the log file somehow? It makes finding relevant issues in the log rather difficult.
Thanks,
Andrew
My /var/log/ebox/ebox.log file is absolutely full of these lines, is there any way to suppress them, or update the slapd config to fix them?
Code: [Select]
2008/10/14 10:03:23 DEBUG> FirewallLogHelper.pm:71 EBox::FirewallLogHelper::processLine - Oct 14 10:03:23 raerga slapd[19786]: <= bdb_equality_candidates: (uid) not indexed not logged
2008/10/14 10:03:23 DEBUG> FirewallLogHelper.pm:71 EBox::FirewallLogHelper::processLine - Oct 14 10:03:23 raerga slapd[19786]: <= bdb_equality_candidates: (memberUid) not indexed not logged
I tried adding index clauses to slapd.conf and it restarted fine, but then ebox interface wouldn't work, gave errors I can't remember (I reversed the change immediately). Apparently these logged things are only a warning, it doesn't actually matter (other than slowing down ldap lookups somewhat) so I'm fine if the index has to left how it is, but can it get filtered out of the log file somehow? It makes finding relevant issues in the log rather difficult.
Thanks,
Andrew
5
Installation and Upgrades / Any way to fix permissions on the /home/samba folder?
« on: October 13, 2008, 06:10:05 am »
I made a console blunder in the /home directory and wiped over the owner:group of everything in there. The only difficult thing to fix is the samba folder, with all the user folders, netlogin, profile etc.
Is there anything I could do in/through ebox that would reset the owner and group to what they should be?
Thanks,
Andrew
Is there anything I could do in/through ebox that would reset the owner and group to what they should be?
Thanks,
Andrew
6
Installation and Upgrades / Can the dns server for domain be changed?
« on: October 07, 2008, 03:26:58 am »
Ebox seems to automatically sets the dns server for any domain to ns.<domain>.com. , and it's assigned to 127.0.0.1 which isn't suitable (afaik) if the server is being used as the master server for the domain on the internet (took me ages to dubug the randomness of some people accessing our site/email and others not).
Also, if you have a secondary nameserver (as everyone should) there doesn't seem to be any way to add this to the zone file other than by hand (watch out for it getting wiped by updates to ebox interface).
I haven't found any way to change this from the interface, is there something hidden away? I've manually updated the ip in the /etc/bind/db.<domain> to my external internet ip and all seems to be fine. ( made the change in the template as well ).
Any chance of adding this as a modifiable name/address to a feature wish list? Basically just have domain nameservers set to the original settings by default, but have boxes to use custom name server address/ip's.
Or give me a pointer on how to add it as a feature myself? (I'm more than happy to submit a patch if I get it done).
Cheers,
Andrew
Also, if you have a secondary nameserver (as everyone should) there doesn't seem to be any way to add this to the zone file other than by hand (watch out for it getting wiped by updates to ebox interface).
I haven't found any way to change this from the interface, is there something hidden away? I've manually updated the ip in the /etc/bind/db.<domain> to my external internet ip and all seems to be fine. ( made the change in the template as well ).
Any chance of adding this as a modifiable name/address to a feature wish list? Basically just have domain nameservers set to the original settings by default, but have boxes to use custom name server address/ip's.
Or give me a pointer on how to add it as a feature myself? (I'm more than happy to submit a patch if I get it done).
Cheers,
Andrew
7
Installation and Upgrades / [howto] replace courier with dovecot
« on: October 07, 2008, 02:33:21 am »
So courier was giving neverending ssl problem, and I replaced it with dovecot. It was quite easy.
First you need to install dovecot.
These are set up for imap(+ssl) and pop(+ssl) where the certificates are stored in /etc/dovecot/ssl.
You will need to sort these yourself, either self-signed or real. If real you need your crt file + all the chain/trusted root files concatenated into /etc/dovecot/ssl/dovecot.pem and the key file stored as /etc/dovecot/ssl/dovecot_key.pem
Make sure they're...
The mail login takes the info straight from the ldap where login user is the full email address and the password is as set by ebox. Cleartext passwords have been enabled (disabled by default) you can disable these again in dovecot.conf if these are undesired.
Dovecot accesses the mailboxes as the ebox user, with the ebox user uid and gid have been set in dovecot.conf. You will need to look these up in /etc/passwd and /etc/groups and update the id numbers in dovecot.conf at 'first_valid_uid' (line 338) and userdb static -> args (line 940). AFAIK the numbers can just be replaced by the word ebox, but this may slow the daemon down slightly, I went the safe route.
If your users use pop for their mailboxes, and leave messages on the server, they will probably get them downloaded again as duplicates. I was too lazy to figure out the pop3_uidl_format that the courier in ebox uses, I set it to the standard courier one, and still got duplicated emails, but the dupes aren't that big a problem, and most default settings in mail clients do not leave messages on the server anyway, so it's only relatively power users who will see the problem, and it's a once off problem.
Enjoy,
Andrew
First you need to install dovecot.
Code: [Select]
sudo apt-get install dovecot-common dovecot-imapd dovecot-pop3d This will remove courier (whoo-hoo) and ebox-mail (still trying to fix that bit) and install dovecot. Then just copy the attached dovecot conf files to /etc/dovecot (backup the existing files if you like). These are set up for imap(+ssl) and pop(+ssl) where the certificates are stored in /etc/dovecot/ssl.
You will need to sort these yourself, either self-signed or real. If real you need your crt file + all the chain/trusted root files concatenated into /etc/dovecot/ssl/dovecot.pem and the key file stored as /etc/dovecot/ssl/dovecot_key.pem
Make sure they're...
Code: [Select]
chown root:root /etc/dovecot/ssl/*
chmod 0400 /etc/dovecot/ssl/* The mail login takes the info straight from the ldap where login user is the full email address and the password is as set by ebox. Cleartext passwords have been enabled (disabled by default) you can disable these again in dovecot.conf if these are undesired.
Dovecot accesses the mailboxes as the ebox user, with the ebox user uid and gid have been set in dovecot.conf. You will need to look these up in /etc/passwd and /etc/groups and update the id numbers in dovecot.conf at 'first_valid_uid' (line 338) and userdb static -> args (line 940). AFAIK the numbers can just be replaced by the word ebox, but this may slow the daemon down slightly, I went the safe route.
If your users use pop for their mailboxes, and leave messages on the server, they will probably get them downloaded again as duplicates. I was too lazy to figure out the pop3_uidl_format that the courier in ebox uses, I set it to the standard courier one, and still got duplicated emails, but the dupes aren't that big a problem, and most default settings in mail clients do not leave messages on the server anyway, so it's only relatively power users who will see the problem, and it's a once off problem.
Enjoy,
Andrew
8
Installation and Upgrades / Installing ebox-mail without courier
« on: October 07, 2008, 02:05:28 am »
So I've fixed never-ending SSL problem with courier imap and pop by replacing them with dovecot. It was surprisingly easy to setup, install dovecot-imap and dovecot-pop3 with apt-get, and then set up dovecot's ldap and maildir settings and it was up and running. (I'll post a seperate howto).
Problem is removing courier also removed ebox-mail, which means I can't add/change mail accounts from ebox anymore. Is there any way to reinstall ebox-mail plugin without it automatically reinstalling courier?
Cheers,
Andrew
Problem is removing courier also removed ebox-mail, which means I can't add/change mail accounts from ebox anymore. Is there any way to reinstall ebox-mail plugin without it automatically reinstalling courier?
Cheers,
Andrew
9
Installation and Upgrades / Heads up on courier "SSL3_GET_RECORD:wrong version number" problem
« on: October 03, 2008, 07:42:35 am »
Hi,
In the process of setting this server up, I've had numerous problems with SSL, some my fault, some software's fault.
A big one that seems to be going round is a while series of errors in /var/log/mail.log
couriertcpd: couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Most mail clients seem to ignore the problem so it doesn't affect everyone, just some users. The problem seems to be fixed by changing to config files /etc/courier/imapd-ssl and /etc/courier/pop3d-ssl to make
TLS_PROTOCOL=SSL23
TLS_STARTTLS_PROTOCOL=SSL23
I've done this on my server by modifying the files and the eBox templates at
/usr/share/ebox/stubs/mail/imapd-ssl.mas
/usr/share/ebox/stubs/mail/pop3d-ssl.mas
and the problem seems to be fixed. Hopefully this can help others, and possibly be a change in future version of eBox, if this is a right fix for the problem.
Some references:
http://groups.google.com/group/mailing.unix.courier-imap/browse_thread/thread/ea56f60bbca15d05?pli=1
http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg391801.html
http://www.flamingspork.com/blog/2007/10/18/everything-thats-wrong-and-right-with-ubuntu-gutsy/
Regards,
Andrew
In the process of setting this server up, I've had numerous problems with SSL, some my fault, some software's fault.
A big one that seems to be going round is a while series of errors in /var/log/mail.log
couriertcpd: couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Most mail clients seem to ignore the problem so it doesn't affect everyone, just some users. The problem seems to be fixed by changing to config files /etc/courier/imapd-ssl and /etc/courier/pop3d-ssl to make
TLS_PROTOCOL=SSL23
TLS_STARTTLS_PROTOCOL=SSL23
I've done this on my server by modifying the files and the eBox templates at
/usr/share/ebox/stubs/mail/imapd-ssl.mas
/usr/share/ebox/stubs/mail/pop3d-ssl.mas
and the problem seems to be fixed. Hopefully this can help others, and possibly be a change in future version of eBox, if this is a right fix for the problem.
Some references:
http://groups.google.com/group/mailing.unix.courier-imap/browse_thread/thread/ea56f60bbca15d05?pli=1
http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg391801.html
http://www.flamingspork.com/blog/2007/10/18/everything-thats-wrong-and-right-with-ubuntu-gutsy/
Regards,
Andrew
10
Installation and Upgrades / How to change mail quota?
« on: October 03, 2008, 06:28:31 am »
Hello,
I can't for the life of me find where to increase the mail quota for users. It's set to the default of 100MB which is painfully low, and I can't find any setting for it anywhere. I found the file sharing quota, but it doesn't appear to be linked at all. I'm running 0.12.
Thanks,
Andrew
I can't for the life of me find where to increase the mail quota for users. It's set to the default of 100MB which is painfully low, and I can't find any setting for it anywhere. I found the file sharing quota, but it doesn't appear to be linked at all. I'm running 0.12.
Thanks,
Andrew
11
Installation and Upgrades / Samba not letting users log in
« on: October 02, 2008, 08:23:18 am »
I've come up against the next problem I can't seem to find an answer to, I can't log into any samba shares with ebox users, although it lets unix users log in.
Working mode: File Server
Working group: AERGA
Netbios name: RAERGA
Description: AERGA File Server
Quota limit (Mb): 1000
Roaming profiles: Disabled
I've got an ebox user andrew with file sharing enabled and admin rights ticked, but doing a:
# smbclient -L raerga -U andrew
and putting in my password gives:
# session setup failed: NT_STATUS_LOGON_FAILURE
whereas my unix user corona logs in fine. The password on the ebox user andrew is right as it logs in fine to the mail system. I've tried it in PDC mode and basic fire sharing mode, same problem.
Any time I try a login with the above line I get a few lines in /var/log/ebox/ebox.log
2008/10/02 16:19:58 DEBUG> FirewallLogHelper.pm:71 EBox::FirewallLogHelper::processLine - Oct 2 16:19:58 raerga slapd[11315]: <= bdb_equality_candidates: (uid) not indexed not logged
2008/10/02 16:19:58 DEBUG> FirewallLogHelper.pm:71 EBox::FirewallLogHelper::processLine - Oct 2 16:19:58 raerga slapd[11315]: <= bdb_equality_candidates: (gidNumber) not indexed not logged
usually 2 or 3 of each. Looking that error up shows it shouldn't stop anything from working, just slow things down a little bit.
Can anyone suggest anything to test to figure out what the problem is?
Thanks,
Andrew
Working mode: File Server
Working group: AERGA
Netbios name: RAERGA
Description: AERGA File Server
Quota limit (Mb): 1000
Roaming profiles: Disabled
I've got an ebox user andrew with file sharing enabled and admin rights ticked, but doing a:
# smbclient -L raerga -U andrew
and putting in my password gives:
# session setup failed: NT_STATUS_LOGON_FAILURE
whereas my unix user corona logs in fine. The password on the ebox user andrew is right as it logs in fine to the mail system. I've tried it in PDC mode and basic fire sharing mode, same problem.
Any time I try a login with the above line I get a few lines in /var/log/ebox/ebox.log
2008/10/02 16:19:58 DEBUG> FirewallLogHelper.pm:71 EBox::FirewallLogHelper::processLine - Oct 2 16:19:58 raerga slapd[11315]: <= bdb_equality_candidates: (uid) not indexed not logged
2008/10/02 16:19:58 DEBUG> FirewallLogHelper.pm:71 EBox::FirewallLogHelper::processLine - Oct 2 16:19:58 raerga slapd[11315]: <= bdb_equality_candidates: (gidNumber) not indexed not logged
usually 2 or 3 of each. Looking that error up shows it shouldn't stop anything from working, just slow things down a little bit.
Can anyone suggest anything to test to figure out what the problem is?
Thanks,
Andrew
12
Installation and Upgrades / Sane method of users changing passwords?
« on: October 01, 2008, 01:20:31 am »
Hello,
This is probably a simple question, but one I can't find an answer to so far.
Is there any built in, or otherwise recommended method for users to change their own passwords? I'm using ebox and egroupware for a small business server, with egroupware authenticating against the mail server. I had it authenticating against the ldap directly originally but then the logins were the user name rather than the email address, and the users are used to logging in with email addresses. I couldn't get it to work with egroupware using the ldap for all it's accounting because the extra info it put into users ldap profiles seemed to make ebox really unhappy, but that's another story.
So basically all user authentication is being done via the imap/pop courier-authdaemon, can that handle password changes in any way? or is there a separate page in ebox that people can log into to change their passwords directly?
Thanks,
Andrew
This is probably a simple question, but one I can't find an answer to so far.
Is there any built in, or otherwise recommended method for users to change their own passwords? I'm using ebox and egroupware for a small business server, with egroupware authenticating against the mail server. I had it authenticating against the ldap directly originally but then the logins were the user name rather than the email address, and the users are used to logging in with email addresses. I couldn't get it to work with egroupware using the ldap for all it's accounting because the extra info it put into users ldap profiles seemed to make ebox really unhappy, but that's another story.
So basically all user authentication is being done via the imap/pop courier-authdaemon, can that handle password changes in any way? or is there a separate page in ebox that people can log into to change their passwords directly?
Thanks,
Andrew
13
Installation and Upgrades / Importing an official ssl certificate
« on: September 29, 2008, 04:57:39 am »
Hello,
I'm in the process of migrating my company's server to ebox, and so far it's going great. It's being set up in conjunction with eGroupware to be a fully integrated groupware suite, and is looking like it'll be a very easy to manage system.
My main question is we've already got a certificate for our main website, sunseekerenergy.com The certificate is a wildcard one, so it gets used for www.sunseekerenergy.com and mail.sunseekerenergy.com and anything else we need, as all services are hosted on the one physical machine ( We don't need redundancy yet ).
So can I import the certificate into ebox and use it for all the services? (ie https webserver, postfix for smtp, vpn?) I would love to be able to import it into the ca to sign vpn certificates, don't know if it that's possible or not.
And as far as the https server goes, can I import the certificate into the server that ebox uses for administration, and then use that same https server to host all the https requirements (ie add more web pages to the server that already has /ebox on it)
Thanks all,
Andrew
I'm in the process of migrating my company's server to ebox, and so far it's going great. It's being set up in conjunction with eGroupware to be a fully integrated groupware suite, and is looking like it'll be a very easy to manage system.
My main question is we've already got a certificate for our main website, sunseekerenergy.com The certificate is a wildcard one, so it gets used for www.sunseekerenergy.com and mail.sunseekerenergy.com and anything else we need, as all services are hosted on the one physical machine ( We don't need redundancy yet ).
So can I import the certificate into ebox and use it for all the services? (ie https webserver, postfix for smtp, vpn?) I would love to be able to import it into the ca to sign vpn certificates, don't know if it that's possible or not.
And as far as the https server goes, can I import the certificate into the server that ebox uses for administration, and then use that same https server to host all the https requirements (ie add more web pages to the server that already has /ebox on it)
Thanks all,
Andrew
Pages: [1]