Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
Installation and Upgrades / Re: Zentyal 3.0-1 broken right after installing
« on: February 20, 2013, 04:20:29 am »Do not update the system. All the updates are fetched at install time by the zentyal installer.
I'm not sure what you mean by this. I had some 30 or so updates available after installation. The installer didn't download all the updates while installing the system.
Sam, I tried as you suggested, and it seems to have worked. I installed updates via the web gui instead of the terminal. Out of curiosity, I ran an apt-get update after installing the updates from the web gui to see what the difference was. Looks like the only package it didn't update was zenbuntu-desktop. I don't know if that was the difference or if it was the web interface being somehow confused about the update status.
Following that, I was able to install the modules without incident. I did however get this error in the web gui right after installing updates... probably unrelated and fixed it with a page refresh:
Quote
Wrong HTTP referer detected, operation cancelled for security reasons
An internal error related to a template occurred. This is a bug, relevant information can be found in the logs.
2
Installation and Upgrades / Zentyal 3.0-1 broken right after installing
« on: February 18, 2013, 04:17:01 am »
I've had this problem recently with Zentyal 3.0-1 (and previously with Zentyal 3.0) where it breaks right out of the box, so to speak. It's fairly reproducible. I can follow a process like this:
... and end up with a broken system. Specifically a laundry list of dpkg errors and Zentyal telling me I have to go fix them by hand. Here is a case where I did this very process yesterday and ended up with a mess. It says this on the dashboard:
And this in software management:
And this after dpkg --configure -a:
Keep in mind now, this is not a customized system or anything... this is fresh off the disc I'm getting these errors. That shouldn't happen. Just installing a bunch of modules shouldn't cause a breakdown, but is that what it is? Do I need to install and enable them a certain way? How can I avoid problems like this?
- Install from CD
- Don't install any modules up front
- Install all applicable Ubuntu and Zentyal updates
- Reboot
- Install some modules
... and end up with a broken system. Specifically a laundry list of dpkg errors and Zentyal telling me I have to go fix them by hand. Here is a case where I did this very process yesterday and ended up with a mess. It says this on the dashboard:
Quote
The following packages are not properly installed: zentyal-virt zentyal-samba zentyal-ntp zentyal-squid zentyal-printers zentyal-firewall zentyal-openvpn zentyal-users zentyal-antivirus zentyal-dhcp zentyal-ftp zentyal-trafficshaping zentyal-webserver zentyal-dns zentyal-l7-protocols. Go to Software Management for more information.
And this in software management:
Quote
To solve this situation, please try to execute the following command in the console:
sudo dpkg --configure -a
After the above command is finished you can reload this page. If the problem persists, you can ask for help in the community forum or file a ticket in the Zentyal trac.
And this after dpkg --configure -a:
Code: [Select]
Setting up zentyal-firewall (3.0.1) ...
DBI connect('eboxlogs','ebox',...) failed: Access denied for user 'ebox'@'localhost' (using password: YES) at /usr/share/perl5/EBox/MyDBEngine.pm line 122
(in cleanup) There wasn't a database connection, check if database exists\n at /usr/share/perl/5.14/Carp.pm line 79.
dpkg: error processing zentyal-firewall (--configure):
subprocess installed post-installation script returned error exit status 255
dpkg: dependency problems prevent configuration of zentyal-dhcp:
zentyal-dhcp depends on zentyal-firewall; however:
Package zentyal-firewall is not configured yet.
dpkg: error processing zentyal-dhcp (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-openvpn:
zentyal-openvpn depends on zentyal-firewall; however:
Package zentyal-firewall is not configured yet.
dpkg: error processing zentyal-openvpn (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-ftp:
zentyal-ftp depends on zentyal-firewall; however:
Package zentyal-firewall is not configured yet.
dpkg: error processing zentyal-ftp (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-squid:
zentyal-squid depends on zentyal-firewall; however:
Package zentyal-firewall is not configured yet.
dpkg: error processing zentyal-squid (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-antivirus:
zentyal-antivirus depends on zentyal-firewall; however:
Package zentyal-firewall is not configured yet.
dpkg: error processing zentyal-antivirus (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-virt:
zentyal-virt depends on zentyal-firewall; however:
Package zentyal-firewall is not configured yet.
dpkg: error processing zentyal-virt (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-ntp:
zentyal-ntp depends on zentyal-firewall; however:
Package zentyal-firewall is not configured yet.
dpkg: error processing zentyal-ntp (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-samba:
zentyal-samba depends on zentyal-firewall; however:
Package zentyal-firewall is not configured yet.
dpkg: error processing zentyal-samba (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-trafficshaping:
zentyal-trafficshaping depends on zentyal-firewall; however:
Package zentyal-firewall is not configured yet.
dpkg: error processing zentyal-trafficshaping (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-users:
zentyal-users depends on zentyal-firewall; however:
Package zentyal-firewall is not configured yet.
zentyal-users depends on zentyal-ntp; however:
Package zentyal-ntp is not configured yet.
dpkg: error processing zentyal-users (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-dns:
zentyal-dns depends on zentyal-firewall; however:
Package zentyal-firewall is not configured yet.
dpkg: error processing zentyal-dns (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-webserver:
zentyal-webserver depends on zentyal-firewall; however:
Package zentyal-firewall is not configured yet.
dpkg: error processing zentyal-webserver (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-l7-protocols:
zentyal-l7-protocols depends on zentyal-trafficshaping; however:
Package zentyal-trafficshaping is not configured yet.
dpkg: error processing zentyal-l7-protocols (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-printers:
zentyal-printers depends on zentyal-samba; however:
Package zentyal-samba is not configured yet.
dpkg: error processing zentyal-printers (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
zentyal-firewall
zentyal-dhcp
zentyal-openvpn
zentyal-ftp
zentyal-squid
zentyal-antivirus
zentyal-virt
zentyal-ntp
zentyal-samba
zentyal-trafficshaping
zentyal-users
zentyal-dns
zentyal-webserver
zentyal-l7-protocols
zentyal-printers
Keep in mind now, this is not a customized system or anything... this is fresh off the disc I'm getting these errors. That shouldn't happen. Just installing a bunch of modules shouldn't cause a breakdown, but is that what it is? Do I need to install and enable them a certain way? How can I avoid problems like this?
3
Installation and Upgrades / Zentyal 3.0 as external mail filter for Exchange
« on: December 18, 2012, 10:25:13 pm »
I would like to look at the possibility of using Zentyal as a mail filter for MS Exchange. I know this has been asked before, but what I found was all for the previous release. There are some settings under SMTP Mail Filter > External connections that lead me to believe this function may have been added in Zentyal 3.0, however that tab is undocumented for some reason.
Basically with Zentyal acting as the firewall, I want it to receive mail on port 25, filter it for nasties, and then pass it along to the internal Exchange server.
Could someone look it over and tell me whether that's what I'm looking for? Thanks.
Edit: Bonus points if it can also filter outgoing mail and alert an administrator of any problems.
Basically with Zentyal acting as the firewall, I want it to receive mail on port 25, filter it for nasties, and then pass it along to the internal Exchange server.
Could someone look it over and tell me whether that's what I'm looking for? Thanks.
Edit: Bonus points if it can also filter outgoing mail and alert an administrator of any problems.
4
Installation and Upgrades / Zentyal 3.0 and Xen Hypervisor 4.1
« on: November 21, 2012, 04:23:21 am »
How do Zentyal and Xen work together? I'm exploring some possibilities and would like to get some community input on this. I have not been pleased with Zentyal's hypervisor capability, but I am familiar with both ESXi and Hyper-V and would like to learn Xen. My initial reaction to this was to say dom0 should be kept as lean as possible, but I'm concerned about its security since it will have an exposed interface.
If Zentyal is installed in dom0:
And if Zentyal is installed in a domU:
If Zentyal is installed in dom0:
- Is this advisable?
- Does this negatively impact the hypervisor?
- Is there any conflict between Zentyal's NIC configuration and Xen's bridging?
And if Zentyal is installed in a domU:
- Can Zentyal still be used as a gateway by appropriately bridging the various interfaces?
- What are the potential security implications for the system as a whole? Would special steps have to be taken to protect the dom0?
- Would the dom0's external interface be secure enough if simply left with both ipv4 and ipv6 disabled in sysctl and the interface left unconfigured?
5
Installation and Upgrades / Re: Adding Linux user to Zentyal LDAP
« on: September 24, 2012, 03:10:04 am »
Yes, I got that part, thanks... doesn't address my current dilemma. Just to recap, I want to:
- Migrate one pre-existing Linux user into Zentyal's management.
- Get this "Enable PAM" bug fixed.
6
Installation and Upgrades / Re: Adding Linux user to Zentyal LDAP
« on: September 22, 2012, 07:37:34 pm »
Maybe the Users & Groups module is broken. On a fresh PPA install, I added a completely different user and enabled "Enable PAM". Even after saving changes and rebooting the system, that user can't log in at the console or via SSH.
I gather from the documentation that the user should be able to log in. I have to assume at this point that this is a bug and my previous solution may have been correct.
UPDATE: Apparently this works if the system was originally installed from the CD instead of the PPA. I've submitted this as a bug. I would still like someone to take a look at the method for merging an existing user into Zentyal for when the bug is fixed.
Thanks
I gather from the documentation that the user should be able to log in. I have to assume at this point that this is a bug and my previous solution may have been correct.
UPDATE: Apparently this works if the system was originally installed from the CD instead of the PPA. I've submitted this as a bug. I would still like someone to take a look at the method for merging an existing user into Zentyal for when the bug is fixed.
Thanks
7
Installation and Upgrades / Adding Linux user to Zentyal LDAP
« on: September 22, 2012, 05:34:53 pm »
Hello, I have an unforeseen issue with a duplicate user name. When I installed Zentyal on my home server earlier this year, I installed Ubuntu Lucid initially, and then installed Zentyal from the PPA because I didn't want the GUI. I run some non-Zentyal software on it using my Linux user (most notably a Minecraft server). Currently I don't have any LDAP users.
I'm looking at having some LAN parties for things like Minecraft or Artemis at my house, and I'm rolling around the idea of restructuring my home network. Specifically I'd like to try installing RADIUS on the main network and having a second, isolated guest VLAN using WPA2 with a regular passphrase and maybe also use content filtering and captive portal. I live in a wirelessly congested area, so this will also help to increase my network security. I work in IT and already have the knowledge and equipment to set all this up, so nevermind that part.
----------
The problem I've run into is that I can't add my existing Linux user to Zentyal 2.2. It says the user already exists on the system. I think it would be a lot of trouble to change my username since I've customized and scripted a number of things in the underlying Ubuntu system. So I was wondering:
I did notice in my Zentyal 3 test box that LDAP users can be added to PAM, which I think would be fine, but I'm not sure how to get there from here.
Thanks
----------
UPDATE: I spun up a Zentyal 3 VM installed via PPA, and I have observed it has the same problem. It will not let a pre-existing user be added regardless of whether "Enable PAM" is checked.
UPDATE2: So, I thought I would try this on the test machine. I deleted my user and moved my home folder. Then I checked "Enable PAM" in Zentyal 3 and recreated my user. And then I fixed ownership and put my stuff back. I'm not sure whether that's an appropriate solution or not (would really like it if someone could chime in on that), however now I am unable to log into the system at the terminal. It just says login incorrect. I did notice that even though I've recreated my user, I do not appear in /etc/passwd or /etc/group. Seems it has also locked me out of the Zentyal web interface.
I'm looking at having some LAN parties for things like Minecraft or Artemis at my house, and I'm rolling around the idea of restructuring my home network. Specifically I'd like to try installing RADIUS on the main network and having a second, isolated guest VLAN using WPA2 with a regular passphrase and maybe also use content filtering and captive portal. I live in a wirelessly congested area, so this will also help to increase my network security. I work in IT and already have the knowledge and equipment to set all this up, so nevermind that part.
----------
The problem I've run into is that I can't add my existing Linux user to Zentyal 2.2. It says the user already exists on the system. I think it would be a lot of trouble to change my username since I've customized and scripted a number of things in the underlying Ubuntu system. So I was wondering:
- If there's an easy fix for this that doesn't involve using a different username, and
- Whether Zentyal 3.0 also has this issue, since I'm planning to upgrade as soon as the tool is released.
I did notice in my Zentyal 3 test box that LDAP users can be added to PAM, which I think would be fine, but I'm not sure how to get there from here.
Thanks
----------
UPDATE: I spun up a Zentyal 3 VM installed via PPA, and I have observed it has the same problem. It will not let a pre-existing user be added regardless of whether "Enable PAM" is checked.
UPDATE2: So, I thought I would try this on the test machine. I deleted my user and moved my home folder. Then I checked "Enable PAM" in Zentyal 3 and recreated my user. And then I fixed ownership and put my stuff back. I'm not sure whether that's an appropriate solution or not (would really like it if someone could chime in on that), however now I am unable to log into the system at the terminal. It just says login incorrect. I did notice that even though I've recreated my user, I do not appear in /etc/passwd or /etc/group. Seems it has also locked me out of the Zentyal web interface.
8
Installation and Upgrades / Re: Domain cannot end in .local
« on: September 18, 2012, 06:17:40 am »
Again, you would only do this in an environment where zeroconf wasn't in use... which is most networks. It doesn't hurt anything to have the option available and just issue a warning instead. You solve both problems this way. It can be integrated into a Windows network that doesn't use zeroconf, or into a Mac or other network where zeroconf is used. I can't think of any good reason to not have compatibility with both.
Why is it only the File Sharing module? You can set a .local TLD under System > General, under Network > DNS, as actual managed zones in the DNS module, as the assigned domain in the DHCP module... the list goes on. The .local TLD is allowed in all of these places, but not File Sharing. Surely it doesn't only conflict with zeroconf when used in Samba? Maybe I'm overlooking something, but this doesn't make sense to me.
Why is it only the File Sharing module? You can set a .local TLD under System > General, under Network > DNS, as actual managed zones in the DNS module, as the assigned domain in the DHCP module... the list goes on. The .local TLD is allowed in all of these places, but not File Sharing. Surely it doesn't only conflict with zeroconf when used in Samba? Maybe I'm overlooking something, but this doesn't make sense to me.
9
Installation and Upgrades / Re: Domain cannot end in .local
« on: September 18, 2012, 03:42:38 am »
I think you've misunderstood the point I was trying to make. I'm not defending Microsoft's decision to promote the .local TLD -- just saying it's been done and is widely used in Windows networks.
Microsoft and Apple have rather opposite views in this respect. Microsoft decides how they want to do things, and do so with only partial concern for other platforms' decisions regarding non-standardized things such as the .local TLD. But in the end, Microsoft is pretty flexible and will let you do whatever you want, even if it breaks something.
Apple is the opposite. In Apple land, Apple decides what you can or cannot do, and there's really very little choice you have in the matter. It's Apple's way or the highway.
Linux has always been the middle ground -- adhering to standards as much as possible, but also being flexible and allowing the sysadmin to have control over things and make design decisions (such as, whether it's appropriate to use the .local TLD). The decision for Zentyal to say "No, you may not use .local TLD regardless of whether you have a Windows, Mac OS, or Linux based network" is a very INFLEXIBLE thing, and uncharacteristic of Linux. It shouldn't be this way. That's why I said, instead of refusing the .local TLD, just throw up a warning that says "BTW, this might break Apple stuff, if you have any."
In the case of my argument, maybe I don't have any Apple desktops or laptops on my network, but I do have a pre-existing .local Active Directory domain. Should I not be able to use Zentyal as a file server in this network, just because it might break something I don't use? It should be my choice as the sysadmin. You might disagree with my choice to continue using a pre-existing .local domain, but the real question is, should you be trying to force me not to?
By the way, documented use of .local in Microsoft Active Directory predates Apple's Bonjour protocol, so you could just as easily say Apple shouldn't have used an unregulated TLD knowing full well that it would cause incompatibilities with Windows environments. You can look at that either way.
Microsoft and Apple have rather opposite views in this respect. Microsoft decides how they want to do things, and do so with only partial concern for other platforms' decisions regarding non-standardized things such as the .local TLD. But in the end, Microsoft is pretty flexible and will let you do whatever you want, even if it breaks something.
Apple is the opposite. In Apple land, Apple decides what you can or cannot do, and there's really very little choice you have in the matter. It's Apple's way or the highway.
Linux has always been the middle ground -- adhering to standards as much as possible, but also being flexible and allowing the sysadmin to have control over things and make design decisions (such as, whether it's appropriate to use the .local TLD). The decision for Zentyal to say "No, you may not use .local TLD regardless of whether you have a Windows, Mac OS, or Linux based network" is a very INFLEXIBLE thing, and uncharacteristic of Linux. It shouldn't be this way. That's why I said, instead of refusing the .local TLD, just throw up a warning that says "BTW, this might break Apple stuff, if you have any."
In the case of my argument, maybe I don't have any Apple desktops or laptops on my network, but I do have a pre-existing .local Active Directory domain. Should I not be able to use Zentyal as a file server in this network, just because it might break something I don't use? It should be my choice as the sysadmin. You might disagree with my choice to continue using a pre-existing .local domain, but the real question is, should you be trying to force me not to?
By the way, documented use of .local in Microsoft Active Directory predates Apple's Bonjour protocol, so you could just as easily say Apple shouldn't have used an unregulated TLD knowing full well that it would cause incompatibilities with Windows environments. You can look at that either way.
10
Installation and Upgrades / Re: Domain cannot end in .local
« on: September 16, 2012, 07:47:01 pm »@Zentyal Devs, could you let me know if it would be possible to go into the code and remove this restricting? I will deal with fires as they come up.
I am in full agreement with this statement. It should be our choice to continue the use of the .local TLD, and the File Sharing module should issue a warning, not a refusal. The truth is, Zentyal is touted as a small business server, and one of its major targets is SOHO with 10-50 users. It needs to be flexible and easily-integrated into an existing Windows environment. Our use of the .local TLD is not going to cause any problems in this kind of network, and so it's a marginal risk I'm perfectly willing to take. Some of the businesses I work with don't even HAVE a registered domain from which to allocate an internal namespace.
I will say this too, a small company will not think too hard about paying $800 for another Windows Server license when the alternative is spending $800+ to have someone turn their network inside out to make it compatible with Zentyal. That's not going to win anyone over.
11
Installation and Upgrades / Re: Local TLD should be allowed
« on: September 16, 2012, 05:45:22 pm »
I'm not saying it's good because Microsoft says to do it. I'm saying 90% of the computing world does it because Microsoft says to do it. Best practice or not, this creates a massive problem. In my opinion, that's reason enough for it to be allowed.
I also shouldn't have to mod Zentyal in order to make it work in a perfectly typical Windows environment. I think that kind of defeats the purpose, doesn't it?
I'm not concerned with zeroconf. Frankly, I have no need of a replacement for DHCP and on-site DNS, nor can you configure such a thing in Zentyal as far as I know. If that's the only reason the local TLD is disallowed, it would be MUCH better to just issue a warning when the local TLD is used, rather than make the entire File Sharing module untenable.
I also shouldn't have to mod Zentyal in order to make it work in a perfectly typical Windows environment. I think that kind of defeats the purpose, doesn't it?
I'm not concerned with zeroconf. Frankly, I have no need of a replacement for DHCP and on-site DNS, nor can you configure such a thing in Zentyal as far as I know. If that's the only reason the local TLD is disallowed, it would be MUCH better to just issue a warning when the local TLD is used, rather than make the entire File Sharing module untenable.
12
Installation and Upgrades / Local TLD should be allowed
« on: September 15, 2012, 09:14:46 pm »
I've been exploring Zentyal's ability to create or join an Active Directory domain. I noticed the .local TLD is allowed everywhere except the File Sharing module. This is a problem because Microsoft recommends the use of the .local TLD as a best practice and good choice for an internal namespace because it creates a non-routable FQDN that's guaranteed to be free of conflicts. As a result, it's commonly used in Windows networks, especially among small businesses that might be open to using Zentyal as an alternative.
I'm the senior systems engineer at a local IT services company, and we use .local basically everywhere. Dozens of sites. So the effect of this is basically that I would be unable to properly integrate Zentyal in any of these networks if the file sharing module is to be used. This is a serious problem if I am to push Zentyal as an alternative product.
I strongly recommend allowing the use of the .local TLD in Zentyal.
A couple references:
http://support.microsoft.com/kb/300684
http://support.microsoft.com/kb/296250
I'm the senior systems engineer at a local IT services company, and we use .local basically everywhere. Dozens of sites. So the effect of this is basically that I would be unable to properly integrate Zentyal in any of these networks if the file sharing module is to be used. This is a serious problem if I am to push Zentyal as an alternative product.
I strongly recommend allowing the use of the .local TLD in Zentyal.
A couple references:
http://support.microsoft.com/kb/300684
http://support.microsoft.com/kb/296250
13
Installation and Upgrades / Re: Upgrading to Precise
« on: April 28, 2012, 01:20:41 am »
That's a shame. I think I'll still install 2.3 on my home server since I really want to upgrade it to Precise, but I suppose on our production systems we have no choice but to keep them on Lucid for a while longer.
Thanks for your help. One other question: Is there an upgrade path from Lucid with 2.2 to Precise with 2.3 (using the PPA), or maybe any kind of config backup/restore I can do? Or do I need to purge Zentyal, upgrade Ubuntu, and then set Zentyal up from scratch?
Thanks for your help. One other question: Is there an upgrade path from Lucid with 2.2 to Precise with 2.3 (using the PPA), or maybe any kind of config backup/restore I can do? Or do I need to purge Zentyal, upgrade Ubuntu, and then set Zentyal up from scratch?
14
Installation and Upgrades / Re: Upgrading to Precise
« on: April 27, 2012, 10:46:31 pm »
Maybe it should be removed from the repository or at least properly labeled. There's no indication that the software in the repository is unstable and unfit for production use.
The Zentyal PPA for Precise is also v2.3.x. So does this mean there is no viable version at all for Precise? I have servers running Lucid that need to be upgraded to Precise.
EDIT: Is it possible to run Zentyal v2.2.x on Precise?
The Zentyal PPA for Precise is also v2.3.x. So does this mean there is no viable version at all for Precise? I have servers running Lucid that need to be upgraded to Precise.
EDIT: Is it possible to run Zentyal v2.2.x on Precise?
15
Installation and Upgrades / Re: Upgrading to Precise
« on: April 27, 2012, 05:18:36 am »
http://packages.ubuntu.com/search?suite=precise&keywords=zentyal
A test release was included with Ubuntu 12.04 LTS?
A test release was included with Ubuntu 12.04 LTS?