This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
31
Installation and Upgrades / Re: eBox with FTP Server
« on: July 08, 2008, 05:08:50 pm »Cool that gives us a hint. Proftp is not even connecting to the slapd server.
eBox ldap configuration doesn't prevent connections from localhost.
It should be ou=Users,dc=ebox instead of dc=Users,dc=ebox
What's your LDAPServer conf?
Javi, I thought that proftp got connected to the ldap, at least that's what the log sayd (check bold text), but..... check the text after the quote...
/var/log/proftp/proftpd.conf
Quote
Jul 08 15:56:19 aepdc proftpd[23391] SERVER.MY.DOMAIN (david-vaio.MY.DOMAIN[10.1.1.20]): mod_ldap/2.8.17: generated filter dc=Users,dc=ebox from template dc=Users,dc=ebox and value dmeireles
Jul 08 15:56:19 aepdc proftpd[23391] SERVER.MY.DOMAIN (david-vaio.MY.DOMAIN[10.1.1.20]): mod_ldap/2.8.17: connected to SERVER.MY.DOMAIN:389
Jul 08 15:56:19 aepdc proftpd[23391] SERVER.MY.DOMAIN (david-vaio.MY.DOMAIN[10.1.1.20]): mod_ldap/2.8.17: set protocol version to 3
Jul 08 15:56:19 aepdc proftpd[23391] SERVER.MY.DOMAIN (david-vaio.MY.DOMAIN[10.1.1.20]): mod_ldap/2.8.17: successfully bound as cn=admin,dc=ebox with password MY_EBOX_SECRET
Jul 08 15:56:19 aepdc proftpd[23391] SERVER.MY.DOMAIN (david-vaio.MY.DOMAIN[10.1.1.20]): mod_ldap/2.8.17: set dereferencing to 0
Jul 08 15:56:19 aepdc proftpd[23391] SERVER.MY.DOMAIN (david-vaio.MY.DOMAIN[10.1.1.20]): mod_ldap/2.8.17: set query timeout to 0s
Jul 08 15:56:19 aepdc proftpd[23391] SERVER.MY.DOMAIN (david-vaio.MY.DOMAIN[10.1.1.20]): mod_ldap/2.8.17: generated filter (&(uid=dmeireles)(objectclass=posixAccount)) from template (&(uid=%v)(objectclass=posixAccount)) and value dmeireles
Jul 08 15:56:19 aepdc proftpd[23391] SERVER.MY.DOMAIN (david-vaio.MY.DOMAIN[10.1.1.20]): mod_ldap/2.8.17: pr_ldap_user_lookup(): LDAP search failed: No such object
Here's the good news... I've changed the LDAPDoAuth like you said, now it takes a while to give me the login failed error. Looking at the logs, I've seen an "USER dmeireles (Login failed): Invalid shell: '' error... So, looked at the /etc/proftpd/proftpd.conf file and uncomented the line "RequireValidShell off". After that, done a "/etc/init.d/proftpd restart".... AND IT WORKS!!! Gonna give my proftpd.conf file a cleanup, and then post it here, along with all the steps I took to set this thing up!!! Thanks for your help Javi! BTW, shloud I open a new thread with this how-to or continue here?
32
Installation and Upgrades / Re: eBox with FTP Server
« on: July 08, 2008, 01:31:29 pm »
Javi, syslog shows nothing, althrough I have setted the loglevel to 512. The only place where something is logged is on the proftp log (gonna check if there is a way to increase its verbosity). But tell me, are the dc and cn names correct in my configuration? Does the ebox ldap configuration restricts in any way access to the database from localhost?
33
Installation and Upgrades / Re: eBox with FTP Server
« on: July 08, 2008, 12:19:22 pm »
Ok, I've being trying this on my own, but with no success... I'm using the proftpd ldap package. This is my /etc/proftpd/ldap.conf file
# Proftpd sample configuration for LDAP authentication.
#
# (This is not to be used if you prefer a PAM-based SQL authentication)
#
<IfModule mod_ldap.c>
#
# This is used for ordinary LDAP connections, with or without TLS
#
LDAPServer SERVER'S FQDN
LDAPDNInfo cn=admin,dc=ebox MY_EBOX_SECRET
LDAPDoAuth on "dc=Users,dc=ebox" (&(uid=%v)(objectclass=posixAccount))
#LDAPDoUIDLookups on "dc=Users,dc=ebox" (&(uid=%v)(objectclass=posixAccount))
#LDAPDoGIDLookups on "dc=Users,dc=ebox" (&(uid=%v)(objectclass=posixAccount))
#LDAPDefaultAuthScheme clear
#
# To be set on only for LDAP/TLS on ordinary port, for LDAP+SSL see below
#LDAPUseTLS on
#
#
# This is used for encrypted LDAPS connections
#
#LDAPServer ldaps://ldap.example.com
#LDAPDNInfo "cn=admin,dc=example,dc=com" "admin_password"
#LDAPDoAuth on "dc=users,dc=example,dc=com"
#
#</IfModule>
I've also tryed with diferent objecclasses, but with no success. While trying to connect, the /var/log/proftpd/proftpd.log file says:
mod_ldap/2.8.17: pr_ldap_user_lookup(): LDAP search failed: No such object
I can use Apache Studio to browse the eBox's LDAP, so I think it's not a problem accessing the LDAP server. I've also tryed to use the LDAPDoAuth parameter without the filter, but still doesn't work. Is there a way to set this up to use the ebox ldap db? If not, is there a way to do this in VSFTP?
# Proftpd sample configuration for LDAP authentication.
#
# (This is not to be used if you prefer a PAM-based SQL authentication)
#
<IfModule mod_ldap.c>
#
# This is used for ordinary LDAP connections, with or without TLS
#
LDAPServer SERVER'S FQDN
LDAPDNInfo cn=admin,dc=ebox MY_EBOX_SECRET
LDAPDoAuth on "dc=Users,dc=ebox" (&(uid=%v)(objectclass=posixAccount))
#LDAPDoUIDLookups on "dc=Users,dc=ebox" (&(uid=%v)(objectclass=posixAccount))
#LDAPDoGIDLookups on "dc=Users,dc=ebox" (&(uid=%v)(objectclass=posixAccount))
#LDAPDefaultAuthScheme clear
#
# To be set on only for LDAP/TLS on ordinary port, for LDAP+SSL see below
#LDAPUseTLS on
#
#
# This is used for encrypted LDAPS connections
#
#LDAPServer ldaps://ldap.example.com
#LDAPDNInfo "cn=admin,dc=example,dc=com" "admin_password"
#LDAPDoAuth on "dc=users,dc=example,dc=com"
#
#</IfModule>
I've also tryed with diferent objecclasses, but with no success. While trying to connect, the /var/log/proftpd/proftpd.log file says:
mod_ldap/2.8.17: pr_ldap_user_lookup(): LDAP search failed: No such object
I can use Apache Studio to browse the eBox's LDAP, so I think it's not a problem accessing the LDAP server. I've also tryed to use the LDAPDoAuth parameter without the filter, but still doesn't work. Is there a way to set this up to use the ebox ldap db? If not, is there a way to do this in VSFTP?
34
Installation and Upgrades / Re: OpenVPN + Samba + only 1 NIC
« on: May 30, 2008, 06:31:32 pm »You are right.
I think you are problem might be caused by a missconfiguration on the firewall.
To test it quickly:
Add a rule to firewall->packet filter->filtering rules for traffic coming out from eBox
Add a rule to allow everything there, save changes and take a look at the openVPN logs under /var/log/openvpn
I did what you told me, althrough I don't have the Firewall module activated. After that, I've recreated the OpenVPN Client, clicked Create, then save changes, then save... It gives me an error (it always does when creating OpenVPN Clients, I supose due to the fact that there is only one NIC) saying that the changes to the modules below were not saved, but there is no module below, and I've checked the config of the client (both via eBox portal and viewing the files via ssh) and everything is there. The connection is also showed in the status screen, althrough with vpn interface status "No active". I will try to test this again with another NIC during next week, but I really just wanted to use one card....
PS: If I run the openvpn command with a costum .ovpn/.conf file via ssh, I can get connected, but still, I wanted to use the eBox interface for this...
PS2: About the tun/tap thing... Is there a way to use tun insted of tap, or to tune the configuration of the client (thing like tun, lzo, etc etc etc...)
Thanks for your attention
35
Installation and Upgrades / Re: OpenVPN + Samba + only 1 NIC
« on: May 30, 2008, 05:31:18 pm »Hi,
In the last release 0.11.100 you only have to tick the Masquerade option when you configure your openVPN server
My problem is with the client part... I have a client, which has an OpenVPN Server, and for me to give them remote assistence, they have created a crt for my company. So, I wanna put the cert on my eBox to make it the gateway to reach the client's network, but the eBox machine refuses to make the connection, and from what I understood, that's because there is only 1 NIC...
36
Installation and Upgrades / Re: OpenVPN + Samba + only 1 NIC
« on: May 30, 2008, 12:39:39 pm »
Ok, I've tried the following, but didn't work out...
Edited openvpn-client.mas, and on the device line, removed the originsal line and typed "dev tun"
Why does the eBox OpenVPN module uses tap instead of tun? Anyway, if there is a way to make this work with only I nic, could you please explain how?
Thanks
Edited openvpn-client.mas, and on the device line, removed the originsal line and typed "dev tun"
Why does the eBox OpenVPN module uses tap instead of tun? Anyway, if there is a way to make this work with only I nic, could you please explain how?
Thanks
37
Installation and Upgrades / Re: Joining and authenticating a linux machine to an ebox domain.
« on: May 30, 2008, 12:32:09 pm »I installed Hardy Desktop 8.04 and the instructions did not work.
WIndows XP authenticated immediately with no client configuration, and I was determined to get a linux box to authenticate. I finally succeeded after many hours of tampering and finding nothing online despite many searches and lots of reading.
The LDAP guide is nearly correct but there were a few things that also are important.
Now to my question:
Client user authentication works using the LDAP guide linked above along with some tampering, however, the rest of this page shows you how to join the domain. What benefits are there of joining the domain? I can authenticate whether I join the domain or not through LDAP so what is the point?
I am not an expert and this is my first time using ebox and openLDAP authentication so any information or ideas are appreciated.
I think that the advantage of joining the domain would be the fact that, when doing and smb://yourserver you wouldn't need to put your username and password, since you have been already authenticated with that server when logging in your machine. But still, there must be another way to do this without samba, something more linux native... no!?
38
Installation and Upgrades / Re: eBox with FTP Server
« on: May 24, 2008, 01:04:29 am »
Chill out, it's a good product. I've been using it in production environments with no problem at all, but if you want ftp auth in ldap, you've got to make it on your own (I've tried with no success)
39
Installation and Upgrades / Re: OpenVPN + Samba + only 1 NIC
« on: May 23, 2008, 03:45:06 pm »
Hi.
Would like to make this too, since I'm only using one NIC and need the eBox server to act as a openvpn client
Would like to make this too, since I'm only using one NIC and need the eBox server to act as a openvpn client
40
Installation and Upgrades / Re: eBox with FTP Server
« on: April 22, 2008, 07:30:27 pm »It's a planned feature to include a FTP module. Lots of people are demanding this module but we are very lack of resources. Anyway, I also think proftpd is the best FTP server option to include within eBox.
The next release, which is Ubuntu-based one, does include ftp command by default .
Glad to hear that and thanks for the answer!
Best regards,
David
41
Spanish / Re: Password de inicio
« on: April 22, 2008, 01:40:02 pm »
Te consegues conectar por SSH!?
42
Spanish / Re: Windows update
« on: April 22, 2008, 01:38:38 pm »
Adiciona *.microsoft.com ou update.microsoft.com e windowsupdate.microsoft.com à lista de dominios para proxy bypass
43
Installation and Upgrades / eBox with FTP Server
« on: April 22, 2008, 01:21:26 pm »
Hi there. Simple question: are there plans to include ftp server software with LDAP auth in eBox? In my case it would be very handy, because it would allow the users to access their files when on a remote public location, and the linux users would prefer this method to upload and download files to their homes on the server. Sure, I could use the new public_html feature, but prefer FTP (also because of the upload thing). I've already tried to do this with the proftpd-ldap package in the repository for 0.11.99, but couldn't managed to get it done (don't know if it is because it's an old version of ProFTP...).
PS: could you include the ftp command in the next releases? until now, this packages doesn't come installed and it can't be installed (dependency problems), and it's quite a handy tool...
Thanks
PS: could you include the ftp command in the next releases? until now, this packages doesn't come installed and it can't be installed (dependency problems), and it's quite a handy tool...
Thanks
44
Installation and Upgrades / Re: Samba - how to disable roaming profiles
« on: April 22, 2008, 12:53:22 pm »
Greetings everyone.
Javi, thumbs up for the quick fix for the Ubuntu package, but I've got one doubt: Using eBox 0.11.99 (tailored debian installer) on a production system, how do I manualy disable the roaming profiles? I sure can edit /etc/samba/smb.conf and the ldap entry that tells where the profile is at for each user, but as soon as I reboot the eBox Server, the smb.conf goes back again with the roaming profile option enabled. And one more thing: disableing this won't mess around with the login script? I ask this because I use the login script to do some mappings and I wouldn't like to disable this feature...
Best Regards!
Javi, thumbs up for the quick fix for the Ubuntu package, but I've got one doubt: Using eBox 0.11.99 (tailored debian installer) on a production system, how do I manualy disable the roaming profiles? I sure can edit /etc/samba/smb.conf and the ldap entry that tells where the profile is at for each user, but as soon as I reboot the eBox Server, the smb.conf goes back again with the roaming profile option enabled. And one more thing: disableing this won't mess around with the login script? I ask this because I use the login script to do some mappings and I wouldn't like to disable this feature...
Best Regards!
45
Installation and Upgrades / Re: Downloading Ebox
« on: April 15, 2008, 11:58:50 am »
Same trouble here.... Too bad there is no mirrors of eBox or a way to download it through torrent.
Message to the develop team:
Here in Portugal we have a main server to mirror all those main distros and Open Source stuff... the server is darkstar.ist.utl.pt (it's an oficial mirror of kernel, debian, SuSE, Ubuntu, and a hole lot more). Can you (the developers!) get in contact with the admins of that server to make it a mirror of eBox? I'm sure that they wouldn't mind at all (the more and good, the better!) and also it would release some of the traffic on your main server, so that everybody wins!
thanks and (please) keep up the good work!
Message to the develop team:
Here in Portugal we have a main server to mirror all those main distros and Open Source stuff... the server is darkstar.ist.utl.pt (it's an oficial mirror of kernel, debian, SuSE, Ubuntu, and a hole lot more). Can you (the developers!) get in contact with the admins of that server to make it a mirror of eBox? I'm sure that they wouldn't mind at all (the more and good, the better!) and also it would release some of the traffic on your main server, so that everybody wins!
thanks and (please) keep up the good work!