Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / Zentyal 3.3 Going Strong
« on: November 11, 2014, 01:02:19 am »
Deployed a 3.3 box for a small bussiness about 6 months ago. 3months now without even a system restart!
Gateway/DNS/Firewall/IDS/Proxy/Samba/AntiVirus. 24/7 <1 load.
Gateway/DNS/Firewall/IDS/Proxy/Samba/AntiVirus. 24/7 <1 load.
- ~50 DHCP Clients
- ~10 Samba Clients, 3 Domain Member Shares
- 4 NICs, 2 WANs, 2 LANs
2
Installation and Upgrades / Windows Time Service and Zentyal(Samba4)
« on: August 29, 2014, 11:00:23 pm »
How come windows clients cannot sync time with zentyal PDC out of the box using windows default nt5ds and domain heir peers list?
Only way i can configure time sync with the zentyal PDC is by using Group Policy to set a manual peers list and use sync type NTP instead of nt5ds.
How come this has not been addressed? Ive noticed other unanswered questions regarding this issue.
First thing Ive noticed is that the default zentyal smb.conf has 'time server = no'. Can anyone explain this? According to samba4 doc, this setting tells nmbd to advertise itself as a time sever to windows clients.
Lets get to the bottom of this. This seems like a fundamental piece of active directory implementation. I dont see why we need to create a logon script to sync time via the depreciated net time functions, instead of using the w32time. Nor should we need to set a manual peers list and not using the windows nt5ds signing.
Only way i can configure time sync with the zentyal PDC is by using Group Policy to set a manual peers list and use sync type NTP instead of nt5ds.
How come this has not been addressed? Ive noticed other unanswered questions regarding this issue.
First thing Ive noticed is that the default zentyal smb.conf has 'time server = no'. Can anyone explain this? According to samba4 doc, this setting tells nmbd to advertise itself as a time sever to windows clients.
Lets get to the bottom of this. This seems like a fundamental piece of active directory implementation. I dont see why we need to create a logon script to sync time via the depreciated net time functions, instead of using the w32time. Nor should we need to set a manual peers list and not using the windows nt5ds signing.
3
Installation and Upgrades / Virtual Zen Warrior, Reflections of a noob
« on: May 12, 2014, 06:03:11 pm »
This weekend was my first experiences with Xen 4.1 and my god man, what a fun use of 14hours... not to mention i destroyed a production zentyal box for its hardware! Scary stuff getting it back up before office hours monday!
Could not get zentyal to install from the iso, only base ubuntu. I credit this mostly to my complete non understanding of debootsrap.
Xen documentation is all over the dam place!!! Xen 4.1+ doesnt run the network scripts like most of the documentation talks about. All config is done via iptables and /etc/network/interfaces.
Bridging is not the end all solution for networking like the docs make u believe. Spent so long trying to track down connectivity issues, when I was bridging a dhcp address from the bridged cable modem..
Nat the external interfaces. Give the bridge a private IP. Port forward all packets on external nic. Masquerade the internal ip adresses on external nic via iptables. Add default route to domUs pointing to the bridge. - why couldnt someone point out the networking intricacies in the documentation and that bridging is basically only a good solution for internal virtualization, not on the perimeter - or for someone that has plenty of public IPs available to them.
Overall, I have learned quite alot from jumping into XenProject with no knowledge of virtualization and only very basic noob knowledge of linux/networking. I turned a xeon v3 box running zentyal only @1% sys utilization (complete waste of resources) into 3 virtual machines that still runs @1%, but get to enjoy all the benefits of a para virtualized environment!
In my opinion, virtualization of Zentyal is the way to go for any type of deployment outside of a home network perimeter box. One can separate the PDC from the rest of the services, and not to mention the benefits of all domUs being stored via LVM.
Could not get zentyal to install from the iso, only base ubuntu. I credit this mostly to my complete non understanding of debootsrap.
Xen documentation is all over the dam place!!! Xen 4.1+ doesnt run the network scripts like most of the documentation talks about. All config is done via iptables and /etc/network/interfaces.
Bridging is not the end all solution for networking like the docs make u believe. Spent so long trying to track down connectivity issues, when I was bridging a dhcp address from the bridged cable modem..
Nat the external interfaces. Give the bridge a private IP. Port forward all packets on external nic. Masquerade the internal ip adresses on external nic via iptables. Add default route to domUs pointing to the bridge. - why couldnt someone point out the networking intricacies in the documentation and that bridging is basically only a good solution for internal virtualization, not on the perimeter - or for someone that has plenty of public IPs available to them.
Overall, I have learned quite alot from jumping into XenProject with no knowledge of virtualization and only very basic noob knowledge of linux/networking. I turned a xeon v3 box running zentyal only @1% sys utilization (complete waste of resources) into 3 virtual machines that still runs @1%, but get to enjoy all the benefits of a para virtualized environment!
In my opinion, virtualization of Zentyal is the way to go for any type of deployment outside of a home network perimeter box. One can separate the PDC from the rest of the services, and not to mention the benefits of all domUs being stored via LVM.
4
Installation and Upgrades / Static Gateway Incorrectly Assuming Default Gateway Role
« on: March 19, 2014, 09:34:32 pm »
Im trying to implement failover and load balancing, in Zentyal 3.3.5, with 2 gateways. Eth0 is PPP, eth2 is static. After manually adding the static-ip gateway it defaults to "default gateway" in the Network>Gateways. Regardless which device i check-mark as default after saving changes it reverts back to the static-gw as default.
This is something i could live with if the load balancing weight setting was correctly being saved aswell. Unfortunately, neither default checkbox or weight changes are saved via "save changes", rather reverted.
The problem is my static gateway has very limited bandwidth compared to my ppp gateway (.6megabit vs 100megabit). If i cant set balancing weight nor default traffic through my ppp gateway, my external bandwidth is going to be severely bottlenecked. I only intend to implement the secondary, static gateway for failover reasons (plus why not utilize a free 75 kbps if needed, right?!)
Basically, Im looking for a nudge where to look for modifying network gateway settings via stubs or for someone who has experienced this behavior to chime in. Much appreciated as always! Thx!
This is something i could live with if the load balancing weight setting was correctly being saved aswell. Unfortunately, neither default checkbox or weight changes are saved via "save changes", rather reverted.
The problem is my static gateway has very limited bandwidth compared to my ppp gateway (.6megabit vs 100megabit). If i cant set balancing weight nor default traffic through my ppp gateway, my external bandwidth is going to be severely bottlenecked. I only intend to implement the secondary, static gateway for failover reasons (plus why not utilize a free 75 kbps if needed, right?!)
Basically, Im looking for a nudge where to look for modifying network gateway settings via stubs or for someone who has experienced this behavior to chime in. Much appreciated as always! Thx!
5
Installation and Upgrades / [SOLVED] 3.3 How to manually Configure IPS/IDS rules
« on: March 12, 2014, 07:47:52 pm »
I would like to comment out a few snort rules since they are blowing up my logs with false positives. I have commented out the rules i want in "/etc/snort/rules". After reboot both copies of the "icmp.rules" in the snort and suricata directory reflect my changes, but the false positives for the rules Ive commented out are still appearing in my IPS log.
A nudge in the right direction would be greatly appreciated. Thx!
A nudge in the right direction would be greatly appreciated. Thx!
6
Installation and Upgrades / Email Client Authentication Fail 3.3
« on: February 28, 2014, 11:54:16 pm »
Hello once again Zentyal community. Ive invested into a new haswell xeon box and have successfully got my first Zentyal install up and running.Im utilizing everything besides openchange, zarafa, cloud client, and jabber. Ive got all modules behaving (so far) how i like them besides email.
I can access the LDAP user's email inboxes via Roundcube (after getting through database connection problem - thx to bug tracker on this one!). I am unable to setup the accounts via Thunderbird. I can probe the server and get what appears to be the proper server configurations - but thunderbird is unable to authenticate the user/pass.
Once again, any input will be greatly appreciated!
I can access the LDAP user's email inboxes via Roundcube (after getting through database connection problem - thx to bug tracker on this one!). I am unable to setup the accounts via Thunderbird. I can probe the server and get what appears to be the proper server configurations - but thunderbird is unable to authenticate the user/pass.
Once again, any input will be greatly appreciated!
7
Installation and Upgrades / Input Request - Xeon v3 SOHO build
« on: February 13, 2014, 10:47:30 pm »
Im looking to build a haswell xeon box for a Zentyal "all-in-one" for our small office. This box is going to be on the perimeter as our gateway to the WAN. Im intending to use most of the modules/features besides groupware. Gateway/UTM being the focus, Samba, LDAP, email, web, ftp etc all bonus.
Im am aware of the security flaws with not segregating services, but it is not an option for our budget. If possible i would like to use something like ESXi to virtualize Zentyal and another Ubuntu server to run some extra features i would like segregated.
Support would be for 10 workstations and users. Email, FTP, and web would be facing outwards but not seeing much traffic. FTP/Web traffic is almost non existent - so mostly email.
Heres the build:
Ram and HDD can be upgraded/added at future date as needed. Trying to get the system running on a $1200 budget. Looking for input and recommendation on build considering deployment intentions. Thanks!
Im am aware of the security flaws with not segregating services, but it is not an option for our budget. If possible i would like to use something like ESXi to virtualize Zentyal and another Ubuntu server to run some extra features i would like segregated.
Support would be for 10 workstations and users. Email, FTP, and web would be facing outwards but not seeing much traffic. FTP/Web traffic is almost non existent - so mostly email.
Heres the build:
- CPU: Intel Xeon 1240v3
- MOBO: SUPERMICRO MBD-X10SLH-F-O uATX
- RAM: Kingston 16GB (2 x 8GB) 240-Pin DDR3 SDRAM DDR3 1333 ECC Unbuffered Server
- RAID 5: 3x Seagate Barracuda ST1000DM003 1TB 7200 RPM 64MB Cache SATA 6.0Gb/s
Ram and HDD can be upgraded/added at future date as needed. Trying to get the system running on a $1200 budget. Looking for input and recommendation on build considering deployment intentions. Thanks!
Pages: [1]