Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / SCM Manager authenticate against LDAP
« on: April 08, 2014, 07:31:43 pm »
Hello,
I installed a SCM Manager and I want authenticate the user against the zentyal ldap server.
The server is correct configured and it is possible to authenticate the users.
The following pictures show the configuration of the scm manager and zentyal server.
I think the configuration of the scm manager is wrong, therefore I cant authenticate the scm manager user against ldap.
The string of the "Group search filter" is : (&(objectClass=groupOfUniqueNames)(uniqueMember={0})).
The Group search filters {0} will be replaced by dn of the user.
The user filter {0} will be replaced by the username.
Anybody an idea of the correct configuration of the scm manager ldap plugin?
I installed a SCM Manager and I want authenticate the user against the zentyal ldap server.
The server is correct configured and it is possible to authenticate the users.
The following pictures show the configuration of the scm manager and zentyal server.
I think the configuration of the scm manager is wrong, therefore I cant authenticate the scm manager user against ldap.
The string of the "Group search filter" is : (&(objectClass=groupOfUniqueNames)(uniqueMember={0})).
The Group search filters {0} will be replaced by dn of the user.
The user filter {0} will be replaced by the username.
Anybody an idea of the correct configuration of the scm manager ldap plugin?
2
Installation and Upgrades / Zentyal 3.4 VPN Connection Error
« on: March 18, 2014, 06:44:37 pm »
I configured a VPN Server and downloaded the bundle.
When I connect via "openvpn VPN-client.conf" I get the following error:
Tue Mar 18 18:38:56 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 27 2013
Tue Mar 18 18:38:56 2014 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Tue Mar 18 18:38:56 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Mar 18 18:38:56 2014 Cannot load private key file laptop.sony.pem: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Tue Mar 18 18:38:56 2014 Error: private key password verification failed
Tue Mar 18 18:38:56 2014 Exiting
The conf file content:
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote XXX.XXX.XXX.XXX 1194
# Allow remote peer to change its IP address and/or port number
float
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Comment out user and group if you wish to increase security. Be advised you
# can experience some issues when reconnecting
# user nobody
# the group option may be wrong for some distributions
# normally distributions use wether 'nobody' (Fedora) or 'nogroup'
# for the no-priviligies group name
# group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# Write the PID file for compatibility with Ubuntu init.d script
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca "cacert.pem"
cert "50BB23659425A3D7.pem"
key "laptop.sony.pem"
# Verify server certificate by common name
tls-remote vpn-MeerkatVPN
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
;ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Explicitly notify disconnections
explicit-exit-notify 3
# Silence repeating messages
;mute 20
When I connect via "openvpn VPN-client.conf" I get the following error:
Tue Mar 18 18:38:56 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 27 2013
Tue Mar 18 18:38:56 2014 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Tue Mar 18 18:38:56 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Mar 18 18:38:56 2014 Cannot load private key file laptop.sony.pem: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Tue Mar 18 18:38:56 2014 Error: private key password verification failed
Tue Mar 18 18:38:56 2014 Exiting
The conf file content:
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote XXX.XXX.XXX.XXX 1194
# Allow remote peer to change its IP address and/or port number
float
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Comment out user and group if you wish to increase security. Be advised you
# can experience some issues when reconnecting
# user nobody
# the group option may be wrong for some distributions
# normally distributions use wether 'nobody' (Fedora) or 'nogroup'
# for the no-priviligies group name
# group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# Write the PID file for compatibility with Ubuntu init.d script
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca "cacert.pem"
cert "50BB23659425A3D7.pem"
key "laptop.sony.pem"
# Verify server certificate by common name
tls-remote vpn-MeerkatVPN
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
;ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Explicitly notify disconnections
explicit-exit-notify 3
# Silence repeating messages
;mute 20
3
Installation and Upgrades / Android can't connect IPSec
« on: March 12, 2014, 07:34:23 pm »
Hello,
I try to forward all ipsec request via iptables to my zentyal ipsec server which is running within a virtual machine.
My iptables rules doesn't work.
I tried this:
sudo iptables -A FORWARD ! -s 192.168.0.0/16 -d 192.168.122.2/32 -p udp -m state --state NEW,RELATED,ESTABLISHED -m udp --dport 500 -j ACCEPT
sudo iptables -t nat -A PREROUTING ! -s 192.168.0.0/16 -p udp -m udp --dport 500 -j DNAT --to-destination 192.168.122.2:500
sudo iptables -A FORWARD ! -s 192.168.0.0/16 -d 192.168.122.2/32 -p udp -m state --state NEW,RELATED,ESTABLISHED -m udp --dport 4500 -j ACCEPT
sudo iptables -t nat -A PREROUTING ! -s 192.168.0.0/16 -p udp -m udp --dport 4500 -j DNAT --to-destination 192.168.122.2:4500
Anyone an idea?
I try to forward all ipsec request via iptables to my zentyal ipsec server which is running within a virtual machine.
My iptables rules doesn't work.
I tried this:
sudo iptables -A FORWARD ! -s 192.168.0.0/16 -d 192.168.122.2/32 -p udp -m state --state NEW,RELATED,ESTABLISHED -m udp --dport 500 -j ACCEPT
sudo iptables -t nat -A PREROUTING ! -s 192.168.0.0/16 -p udp -m udp --dport 500 -j DNAT --to-destination 192.168.122.2:500
sudo iptables -A FORWARD ! -s 192.168.0.0/16 -d 192.168.122.2/32 -p udp -m state --state NEW,RELATED,ESTABLISHED -m udp --dport 4500 -j ACCEPT
sudo iptables -t nat -A PREROUTING ! -s 192.168.0.0/16 -p udp -m udp --dport 4500 -j DNAT --to-destination 192.168.122.2:4500
Anyone an idea?
4
Installation and Upgrades / Redirect Url Web Server
« on: February 02, 2014, 12:07:31 pm »
I want redirect an http request from my zentyal server to an internal apache server.
Therefore I created an Virtual Host in the Web Server section.
Virtual Host name: undesired.example.com
I tried something like this:
<VirtualHost *:80>
ServerName undesired.example.com
Redirect / http://internalnet.lan/
</VirtualHost>
And many other things but i got only errors.
Whats the correct configuration for the file '/etc/apache2/sites-available/user-ebox-<domain>/'
Therefore I created an Virtual Host in the Web Server section.
Virtual Host name: undesired.example.com
I tried something like this:
<VirtualHost *:80>
ServerName undesired.example.com
Redirect / http://internalnet.lan/
</VirtualHost>
And many other things but i got only errors.
Whats the correct configuration for the file '/etc/apache2/sites-available/user-ebox-<domain>/'
5
Installation and Upgrades / Zentyal refused DNS queries from vpn network
« on: March 19, 2013, 01:11:34 pm »
Hello.
I have a zentyal server wich is running within an virtual machine. I want use it for pptp and dns. My pptp clients is assigned a fix ip address and an dns entry.
For example:
PPTP Client:
IP 10.99.99.100
Name: pptp-client1
DNS Entry:
url: pptp-client1.example.com
ip: 10.99.99.100
Everything works fine. Clients can connect and resolve pptp-client1.example.com to 10.99.99.100.
But the client can not resolve external domains like google.com and have no internet connection.
I disabled the firewall and added a dns forwarder with dns server of my provider but with no success.
The primary name server for the pptp server ist 10.99.99.1 and the network 10.99.99.0/24.
When i am connected to pptp server and run following commands:
this will fail:
user@virtual-machine:~$ host google.de
Host google.de not found: 5(REFUSED)
but this will work:
user@virtual-machine:~$ host pptp-client1.example.com
pptp-client1.example.com has address 10.99.99.100
Anybody some ideas?
Thanks in advanced.
I have a zentyal server wich is running within an virtual machine. I want use it for pptp and dns. My pptp clients is assigned a fix ip address and an dns entry.
For example:
PPTP Client:
IP 10.99.99.100
Name: pptp-client1
DNS Entry:
url: pptp-client1.example.com
ip: 10.99.99.100
Everything works fine. Clients can connect and resolve pptp-client1.example.com to 10.99.99.100.
But the client can not resolve external domains like google.com and have no internet connection.
I disabled the firewall and added a dns forwarder with dns server of my provider but with no success.
The primary name server for the pptp server ist 10.99.99.1 and the network 10.99.99.0/24.
When i am connected to pptp server and run following commands:
this will fail:
user@virtual-machine:~$ host google.de
Host google.de not found: 5(REFUSED)
but this will work:
user@virtual-machine:~$ host pptp-client1.example.com
pptp-client1.example.com has address 10.99.99.100
Anybody some ideas?
Thanks in advanced.
Pages: [1]