Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
Email and Groupware / Re: Outloook Anywhere -The name on the security certificate is invalid
« on: January 21, 2016, 12:18:59 pm »
I've only really been testing android clients so far but with them you just enter the username rather than domain/username have you tried that?
2
Email and Groupware / Re: Outloook Anywhere -The name on the security certificate is invalid
« on: November 30, 2015, 07:41:47 pm »
Well I'm sure it's something silly rather than anything else. Here's a video I made going through an install that gets the right SANs in the certificates.
https://youtu.be/KYJLsAOUr9k
Hope it helps
https://youtu.be/KYJLsAOUr9k
Hope it helps
3
Email and Groupware / Re: Outloook Anywhere -The name on the security certificate is invalid
« on: November 26, 2015, 06:00:39 pm »
Just ran through the setup again in a VM and it worked as I expected. The SANs on the cert are mail.mydomain.com and autodiscover.mydomain.com which is correct.
Here is what I entered in the setup:
Hostname:
mail
Domain:
lan.mydomain.com
Mail Domain:
mydomain.com
(NB by default the installer wants this to be "lan.mydomain.com" and you have to change this)
First Organisation:
MyOrganisation
That's it.
Can you setup a VM so you can go through the install process quickly (maybe do a snapshot after the first reboot and before starting the package installation of domain services, mail, groupware etc)
If you hover your mouse over the "Access Webmail" link on the openchange page does the domain in the URL match properly like they do in that image?
Here is what I entered in the setup:
Hostname:
Domain:
lan.mydomain.com
Mail Domain:
mydomain.com
(NB by default the installer wants this to be "lan.mydomain.com" and you have to change this)
First Organisation:
MyOrganisation
That's it.
Can you setup a VM so you can go through the install process quickly (maybe do a snapshot after the first reboot and before starting the package installation of domain services, mail, groupware etc)
If you hover your mouse over the "Access Webmail" link on the openchange page does the domain in the URL match properly like they do in that image?
4
Email and Groupware / Re: Outloook Anywhere -The name on the security certificate is invalid
« on: November 26, 2015, 05:28:22 pm »
I'm not too sure then. I'll try setting up another server myself in a VM and see what happens.
5
Email and Groupware / Re: Outloook Anywhere -The name on the security certificate is invalid
« on: November 19, 2015, 02:24:06 am »
That doesn't look like the output of the command I gave you.
Basically if you setup your server's hostname and domain properly and rerun the setup of openchange I think you should get the correct certificates automatically generated. (I also seem to remember that if your change the hostname and domain of the server the openchange setup has to be rerun anyway.)
Code: [Select]
openssl s_client -connect your_mailserver's_hostname.yourdomain.com:443 | openssl x509 -noout -text | grep DNS:Basically if you setup your server's hostname and domain properly and rerun the setup of openchange I think you should get the correct certificates automatically generated. (I also seem to remember that if your change the hostname and domain of the server the openchange setup has to be rerun anyway.)
6
Email and Groupware / Re: Outloook Anywhere -The name on the security certificate is invalid
« on: November 16, 2015, 10:12:19 pm »
I don't think just changing the certificate is the right way to go. The correct certificate should get generated if you setup zentyal with the correct hostname and domain, sure you can just generate a new cert and install it but there are almost certainly other things wrong. NB changing stuff like the hostname and domain of the server will probably mean redoing the setup for openchange (email should be left in place but I'm not sure about calendar / contacts).
Basically your internal domain should be a subdomain of a real domain you own. Using something like zentyal.lan is bad because these days it's possible for tlds like .lan to suddenly become active on the internet. If you use a subdomain of something you own you don't have to worry about this. Anyhow, if you have mydomain.com you might use mylan.mydomain.com. I really wish the zentyal documentation didn't use zentyal-domain.lan as an example or at least mentioned what you're supposed to use.
Next you need to make sure your hostname matches what you want want your server to be seen as outside. So if you want to use mail.mydomain.com you should make "mail" your hostname.
Provided you've got the domain and hostname of the server properly configured zentyal should automatically create the correct certificates.
When you're dealing with microsoft stuff like domain controllers and exchange getting your DNS right from the start is absolutely critical.
Having said all this... I've only configured a single test server so far so don't shout at me too much if this is all dud advice
BTW to check the SANs (Server Alternate Name) on your certificate you can use this command from the terminal:
openssl s_client -connect your_mailserver's_hostname.yourdomain.com:443 | openssl x509 -noout -text | grep DNS:
Which will list something like:
DNS:your_mailserver's_hostname.yourmaildomain.com
DNS:autodiscover.yourdomain.com
Basically your internal domain should be a subdomain of a real domain you own. Using something like zentyal.lan is bad because these days it's possible for tlds like .lan to suddenly become active on the internet. If you use a subdomain of something you own you don't have to worry about this. Anyhow, if you have mydomain.com you might use mylan.mydomain.com. I really wish the zentyal documentation didn't use zentyal-domain.lan as an example or at least mentioned what you're supposed to use.
Next you need to make sure your hostname matches what you want want your server to be seen as outside. So if you want to use mail.mydomain.com you should make "mail" your hostname.
Provided you've got the domain and hostname of the server properly configured zentyal should automatically create the correct certificates.
When you're dealing with microsoft stuff like domain controllers and exchange getting your DNS right from the start is absolutely critical.
Having said all this... I've only configured a single test server so far so don't shout at me too much if this is all dud advice
BTW to check the SANs (Server Alternate Name) on your certificate you can use this command from the terminal:
openssl s_client -connect your_mailserver's_hostname.yourdomain.com:443 | openssl x509 -noout -text | grep DNS:
Which will list something like:
DNS:your_mailserver's_hostname.yourmaildomain.com
DNS:autodiscover.yourdomain.com
7
Installation and Upgrades / Re: Email Archive - Zentyal Server 4.2
« on: November 04, 2015, 02:39:44 pm »
Step 1 would be looking at the autoBCC option which is a per domain setting that allows you to specify an email address that receives a copy of every email sent and received by the server.
This is built in and is just a couple of clicks to configure.
First create an account to hold the archive emails.
Then add this address in:
Mail => Virtual Mail Domains => Your_Domain => Settings
What you don't have is a nice front end to access the archive with. At a pinch you can just add the archive account to a mail client. I believe that are some standalone archive systems that can be installed but I've never tried any. The most I've done is write a couple of simple scripts to organise the archive mailbox into years and months to avoid have a single folder with millions of files in it.
This is built in and is just a couple of clicks to configure.
First create an account to hold the archive emails.
Then add this address in:
Mail => Virtual Mail Domains => Your_Domain => Settings
What you don't have is a nice front end to access the archive with. At a pinch you can just add the archive account to a mail client. I believe that are some standalone archive systems that can be installed but I've never tried any. The most I've done is write a couple of simple scripts to organise the archive mailbox into years and months to avoid have a single folder with millions of files in it.
8
Installation and Upgrades / Re: sogod consumes all the RAM available
« on: October 23, 2015, 04:43:12 pm »Glad to hear it is working (at least with new users).
We have noticed some random "user profile corruption" that makes sogo daemon goes crazy. As they are very difficult to reproduce (random is not usually a good word there), we are addressing them at our best. Keep on tuned to our daily builds for Zentyal 4.0 if you want to test it against the latest version.
Mails of corrupted user should be backuped using a imap/pop client as Thunderbird without a problem.
Thank you for the info.
This still an issue? I think I just ran into it on 4.1, deleted the user and recreated and so far sogod seems to be behaving itself.
Hmmm, looks like syncing that user's addressbook is what triggers sogod to go crazy.
9
Installation and Upgrades / Re: Fresh 4.1 install - neither mail/groupware nor openchange server install possibl
« on: October 13, 2015, 06:15:16 pm »
Thought I was the only one for a minute. I'm hitting this too.
10
Installation and Upgrades / Re: No network after install
« on: July 10, 2015, 06:02:38 pm »
Thanks but I don't think this is the same bug.
It doesn't seem to be driver related, the nics are working properly it's just the names aren't being properly assigned to them. It's also affecting both realtek and intel nics.
I've also just installed the standard 14.04 server downloaded from ubuntu.com and after the install all the nics work fine with their correct names (p1p1 etc) so this looks like a zentyal bug. I checked 14.04 14.04.1 and 14.04.2 just to be sure it wasn't something with the driver updates in the later releases. The only differences in behaviour I noticed as the in the original 14.04 the second port got a weird name (something like "renamed port").
Unless someone has any other ideas I'll open a bug on the tracker.
It doesn't seem to be driver related, the nics are working properly it's just the names aren't being properly assigned to them. It's also affecting both realtek and intel nics.
I've also just installed the standard 14.04 server downloaded from ubuntu.com and after the install all the nics work fine with their correct names (p1p1 etc) so this looks like a zentyal bug. I checked 14.04 14.04.1 and 14.04.2 just to be sure it wasn't something with the driver updates in the later releases. The only differences in behaviour I noticed as the in the original 14.04 the second port got a weird name (something like "renamed port").
Unless someone has any other ideas I'll open a bug on the tracker.
11
Installation and Upgrades / Re: No network after install
« on: July 10, 2015, 12:50:49 pm »
Have you seen a bug report for it anywhere? I can't seem to find one.
12
Installation and Upgrades / No network after install
« on: July 08, 2015, 05:07:30 pm »
I just installed 4.1 on a machine with 3 nics (a built in realtek and a dual port intel i350 pcie) and while the network cards were visible during the debian installer they disappeared after the first boot.
ifconfig just showed the loopback adaptor and nothing else.
Anyway cutting out all the swearing and hair pulling I realised that the nics were working they were just still labelled with their kernel names (eth0,1,2) while /etc/network/interfaces was expecting their systemd/udev (not sure which is responsible any more
) assigned names (p1p1 p2p1 p2p2).
Running ifconfig eth0 worked as expected so I just changed /etc/network/interfaces to use the eth names and everything came back up.
So...
1) what went wrong?
2) is this a permanent fix?
3) should I fix this in a different way?
I'm assuming it's a buggy uefi issue (it's an asus b85m-g mobo) but should I file a bug report somewhere as it seems like whatever failed should fail to a working state rather than a broken one?
Thanks
ifconfig just showed the loopback adaptor and nothing else.
Anyway cutting out all the swearing and hair pulling I realised that the nics were working they were just still labelled with their kernel names (eth0,1,2) while /etc/network/interfaces was expecting their systemd/udev (not sure which is responsible any more
) assigned names (p1p1 p2p1 p2p2).Running ifconfig eth0 worked as expected so I just changed /etc/network/interfaces to use the eth names and everything came back up.
So...
1) what went wrong?
2) is this a permanent fix?
3) should I fix this in a different way?
I'm assuming it's a buggy uefi issue (it's an asus b85m-g mobo) but should I file a bug report somewhere as it seems like whatever failed should fail to a working state rather than a broken one?
Thanks
13
Installation and Upgrades / samba not working after reinstalling the module?
« on: April 10, 2014, 03:22:02 pm »
A while back I had some updates fail while installing which caused me to have to remove most of the modules I had installed and reinstall them. After that I had no end of trouble getting samba to work again. The shares could be viewed by clients but none could be opened, the password box kept getting displayed, even for guest shares.
To cut a long story short the zentyal users weren't being copied into the samba database because there are two system accounts (Administrator and dns-XXXX) that have home dirs in /home and since those dirs already existed they couldn't be created and the that caused the script to fail. All I had to do was remove them and the users got added and samba started working again.
Anyway I'm posting this because:
1) this might be handy for someone else to know
2) it might be a bug
The thing is that having the script blindly removing directories in /home probably isn't a very good idea (someone might well have created a user call Administrator themselves! ). However these users have mail folders which do get replaced automatically which seems slightly inconsistent.
Perhaps it would be a good idea to move those home folders to a different location so the script can always delete them rather than fail?
To cut a long story short the zentyal users weren't being copied into the samba database because there are two system accounts (Administrator and dns-XXXX) that have home dirs in /home and since those dirs already existed they couldn't be created and the that caused the script to fail. All I had to do was remove them and the users got added and samba started working again.
Anyway I'm posting this because:
1) this might be handy for someone else to know
2) it might be a bug
The thing is that having the script blindly removing directories in /home probably isn't a very good idea (someone might well have created a user call Administrator themselves! ). However these users have mail folders which do get replaced automatically which seems slightly inconsistent.
Perhaps it would be a good idea to move those home folders to a different location so the script can always delete them rather than fail?
14
Installation and Upgrades / Remote Server returned '550 4.4.7 QUEUE.Expired; message expired'
« on: February 06, 2014, 07:00:07 pm »
Remote Server returned '550 4.4.7 QUEUE.Expired; message expired'
I've got an odd problem with mail that I don't think has anything to do with zentyal at all but I thought I'd ask for a second opinion.
A DSN with this error is sent to someone with an Office365 email address (user@somedomain.com) when he tried to email one particular user on my Zentyal server. If he CCs the message in to other users on my server then it gets delivered to those other users but he still gets the DSN after a few days about the problem user's address.
If he sends a message to one of the other users and CCs the problem address in then it gets delivered to everyone and there is no DSN.
Other people on the Office365 domain can send messages to my problem user without an issue and this guy can email other users on my domain without a problem it's just this one guy specifically sending to this one address
So, just to sum up...
user@somedomain.com sends and email to problem_user@mydomain.com and CCs to other_user@mydomain.com then other_user gets the message but problem_user doesn't and user@somedomain gets a DSN.
user@somedomain sends and email to other_user@mydomain and CCs to problem_user then everyone gets the message and there is no DSN
user@somedomain sends an email to problem_user then he gets the DSN.
I've had a good look at the postfix logs and as far as I can tell no attempt is made by Microsoft to deliver to problem_user. When other users are CCed in then I can see that connection but problem_user isn't mentioned at all. There are no errors related to this in my server's logs despite the DSN saying MS's server tried to deliver the message 90+ times!
I've turned off greylisting (did that a couple of weeks ago)
Last week I even tried creating a new user account for my problem user with a new email address, this worked for a few days and then started doing exactly the same thing!
Of course MS are precisely zero help as the refuse give any support to the people with the 365 account.
So is there any way this could be something to do with my server or does it look more like a Microsoft problem? My feeling is that something has gotten confused somewhere in Microsoft's no doubt horrifically complex office365 system and their server isn't trying to deliver. I don't really see that there is anything more I can do without someone at Microsoft's end looking at it.
I thought about trying to capture the smtp connection from MS but I can't see how to do that without turning off TLS on smtp connections and I don't think most people will even send mail if I do that, plus it's not something I'd want to do even for a short period.
I've just had a thought that I'm going to try now which is to create a new MX record for my domain, maybe it's something DNS related and that might clear it.
I've got an odd problem with mail that I don't think has anything to do with zentyal at all but I thought I'd ask for a second opinion.
A DSN with this error is sent to someone with an Office365 email address (user@somedomain.com) when he tried to email one particular user on my Zentyal server. If he CCs the message in to other users on my server then it gets delivered to those other users but he still gets the DSN after a few days about the problem user's address.
If he sends a message to one of the other users and CCs the problem address in then it gets delivered to everyone and there is no DSN.
Other people on the Office365 domain can send messages to my problem user without an issue and this guy can email other users on my domain without a problem it's just this one guy specifically sending to this one address
So, just to sum up...
user@somedomain.com sends and email to problem_user@mydomain.com and CCs to other_user@mydomain.com then other_user gets the message but problem_user doesn't and user@somedomain gets a DSN.
user@somedomain sends and email to other_user@mydomain and CCs to problem_user then everyone gets the message and there is no DSN
user@somedomain sends an email to problem_user then he gets the DSN.
I've had a good look at the postfix logs and as far as I can tell no attempt is made by Microsoft to deliver to problem_user. When other users are CCed in then I can see that connection but problem_user isn't mentioned at all. There are no errors related to this in my server's logs despite the DSN saying MS's server tried to deliver the message 90+ times!
I've turned off greylisting (did that a couple of weeks ago)
Last week I even tried creating a new user account for my problem user with a new email address, this worked for a few days and then started doing exactly the same thing!
Of course MS are precisely zero help as the refuse give any support to the people with the 365 account.
So is there any way this could be something to do with my server or does it look more like a Microsoft problem? My feeling is that something has gotten confused somewhere in Microsoft's no doubt horrifically complex office365 system and their server isn't trying to deliver. I don't really see that there is anything more I can do without someone at Microsoft's end looking at it.
I thought about trying to capture the smtp connection from MS but I can't see how to do that without turning off TLS on smtp connections and I don't think most people will even send mail if I do that, plus it's not something I'd want to do even for a short period.
I've just had a thought that I'm going to try now which is to create a new MX record for my domain, maybe it's something DNS related and that might clear it.
15
Installation and Upgrades / Re: Vlans
« on: July 04, 2013, 11:51:33 am »
Thanks for the feedback! You've made my life a lot easier 