Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / Zentyal 3 Postgres & other basic infrastructure
« on: March 24, 2013, 03:19:31 pm »
Hi People,
the documentation is kind of vague on the availablity of Postgres on Zentyal 3. It mentions that several Zentyal internal Databases are being switched to MySQL since 3.0 but i couldnt find infos if Postgres is installed by default or not.
Also i never really understood if Zentyal discourages installing additional (non Zentyal) Software on the same machine. I.E i prefer running NGinx as a reverse proxy, i want to have dokuwiki, etherpad, davical & agendav etc. It does not make sense for me to install another server for these little programs, neither does my server have the power to run several VM's... But when it comes to installing additional Software Zentyals Docs are rather vague. Would be nice to know by what i can run into conflicts etc. I.e. also i wanted to use VBoxManage - i thought VirtualBox is installed anyways, but VBoxManage was nowhere to be found. It is kind of trial and error then to install VirtualBox to have VBoxManage and find out if it might cause conflicts.
Similar for the Zentyal LDAP Schemata... If i run only one machine, if course it is nice to be able to authenticate against the Zentyal users i have set up anyways. The description is really kind of non existent when it comes to authentication against the Zentyal LDAP.
Anyway, so here my question for right now: Is Postgres part of Zentyal 3? If not, will i break anything by installing it? If yes, how is the MySQL configured, where is the configuration, whats the root user etc?
Or did i get anything wrong completely, what is the proposed procedure to run additinal software on a Zentyal Box, i.e. one that needs its own Database table?
cheers,
t.
the documentation is kind of vague on the availablity of Postgres on Zentyal 3. It mentions that several Zentyal internal Databases are being switched to MySQL since 3.0 but i couldnt find infos if Postgres is installed by default or not.
Also i never really understood if Zentyal discourages installing additional (non Zentyal) Software on the same machine. I.E i prefer running NGinx as a reverse proxy, i want to have dokuwiki, etherpad, davical & agendav etc. It does not make sense for me to install another server for these little programs, neither does my server have the power to run several VM's... But when it comes to installing additional Software Zentyals Docs are rather vague. Would be nice to know by what i can run into conflicts etc. I.e. also i wanted to use VBoxManage - i thought VirtualBox is installed anyways, but VBoxManage was nowhere to be found. It is kind of trial and error then to install VirtualBox to have VBoxManage and find out if it might cause conflicts.
Similar for the Zentyal LDAP Schemata... If i run only one machine, if course it is nice to be able to authenticate against the Zentyal users i have set up anyways. The description is really kind of non existent when it comes to authentication against the Zentyal LDAP.
Anyway, so here my question for right now: Is Postgres part of Zentyal 3? If not, will i break anything by installing it? If yes, how is the MySQL configured, where is the configuration, whats the root user etc?
Or did i get anything wrong completely, what is the proposed procedure to run additinal software on a Zentyal Box, i.e. one that needs its own Database table?
cheers,
t.
2
Installation and Upgrades / Just Another LDAP Question - DokuWiki
« on: February 28, 2013, 02:35:58 pm »
hi People,
in my quest to find a collaborative document editing solution with LDAP Auth, finally i seem to have found a great solution:
- Dokuwiki will act as the "Document Management"
- Dokuwiki has a working LDAP Authorization Backend
- There is a Etherpad-Lite Plugin for DokuWiki
- All that is served through a lightweight nginx with php5-fpm
The best thing is, it was quite easy to get LDAP running with Zentyal.
BUT, i cannot get one thing to work: I need some users to get the wiki's superuser rights, to install plugins etc.
I added the Users to a "wikiadmin" group in Zentyal. Dokuwiki's LDAP debug looks good, generally.
LDAP user search: Success [ldap.class.php:182]
LDAP search at: ou=Users, dc=xx, dc=yy (&(uid=user.name)(objectClass=posixAccount)) [ldap.class.php:183]
LDAP group search: Success [ldap.class.php:229]
LDAP search at: ou=Groups, dc=xx, dc=yy (&(objectClass=posixGroup)(|(gidNumber=1901)(memberUID=user.name))) [ldap.class.php:230]
LDAP usergroup: __USERS__ [ldap.class.php:242]
I dont understand why i always only get returned the "__USERS__" group instead of ALL groups a user is part of, including the "wikiadmin" group.
the auth-config of dokuwiki looks like this:
Any LDAP Buffs got a suggestion here?
Thanks,
t.
in my quest to find a collaborative document editing solution with LDAP Auth, finally i seem to have found a great solution:
- Dokuwiki will act as the "Document Management"
- Dokuwiki has a working LDAP Authorization Backend
- There is a Etherpad-Lite Plugin for DokuWiki
- All that is served through a lightweight nginx with php5-fpm
The best thing is, it was quite easy to get LDAP running with Zentyal.
BUT, i cannot get one thing to work: I need some users to get the wiki's superuser rights, to install plugins etc.
I added the Users to a "wikiadmin" group in Zentyal. Dokuwiki's LDAP debug looks good, generally.
LDAP user search: Success [ldap.class.php:182]
LDAP search at: ou=Users, dc=xx, dc=yy (&(uid=user.name)(objectClass=posixAccount)) [ldap.class.php:183]
LDAP group search: Success [ldap.class.php:229]
LDAP search at: ou=Groups, dc=xx, dc=yy (&(objectClass=posixGroup)(|(gidNumber=1901)(memberUID=user.name))) [ldap.class.php:230]
LDAP usergroup: __USERS__ [ldap.class.php:242]
I dont understand why i always only get returned the "__USERS__" group instead of ALL groups a user is part of, including the "wikiadmin" group.
the auth-config of dokuwiki looks like this:
Code: [Select]
<?php
/**
* Protected settings
* Do override DokuWiki default settings and local settings from Config Manager
*/
$conf['useacl'] = 1;
$conf['openregister']= 0;
$conf['superuser'] = '@wikiadmin';
$conf['authtype'] = 'ldap';
$conf['auth']['ldap']['server'] = 'localhost';
$conf['auth']['ldap']['port'] = 390;
#$conf['auth']['ldap']['server'] = 'ldap://localhost:390'; #instead of the above two settings
$conf['auth']['ldap']['usertree'] = 'ou=Users, dc=xx, dc=yy';
$conf['auth']['ldap']['grouptree'] = 'ou=Groups, dc=xx, dc=yy';
$conf['auth']['ldap']['userfilter'] = '(&(uid=%{user})(objectClass=posixAccount))';
$conf['auth']['ldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))';
# This is optional but may be required for your server:
$conf['auth']['ldap']['version'] = 3;
# This enables the use of the STARTTLS command
#$conf['auth']['ldap']['starttls'] = 1;
# This is optional and is required to be off when using Active Directory:
#$conf['auth']['ldap']['referrals'] = 0;
# Optional bind user and password if anonymous bind is not allowed (develonly)
$conf['auth']['ldap']['binddn'] = 'cn=zentyalro, dc=xx, dc=yy';
$conf['auth']['ldap']['bindpw'] = '**********';
# Mapping can be used to specify where the internal data is coming from.
#$conf['auth']['ldap']['mapping']['name'] = 'displayname'; # Name of attribute Active Directory stores it's pretty print user name.
#$conf['auth']['ldap']['mapping']['grps'] = array('memberof' => '/CN=(.+?),/i'); # Where groups are defined in Active Directory
# Limit search scope for user and group searches (sub|one|base)
#$conf['auth']['ldap']['userscope'] = 'sub';
#$conf['auth']['ldap']['groupscope'] = 'sub';
# Optional debugging
$conf['auth']['ldap']['debug'] = 1;Any LDAP Buffs got a suggestion here?
Thanks,
t.
3
Installation and Upgrades / nginx with ldap module - authentication against zentyal ldap?
« on: February 23, 2013, 07:56:22 pm »
Hey People,
i am trying to use nginx as a reverse proxy for etherpad-lite and other applications i am going to set up. As suggested somehwere in the forum here, it sounded like a good idea to keep unchanged apache for zentyal internal stuff and go for nginx as the "outside" server. i find nginx to be faster and generally easier to configure.
i successfully compiled the nginx with the nginx-auth-ldap module.
now i am trying to authenticate against the zentyal ldap, without success so far. i know this is not really zentyal related but as it will use the zentyal ldap scheme, maybe someone here can help.
this is the part of the nginx config. i cant get the authentication to work and i dont really know where to look for errors, in the nginx error.log, the authentication process is not logged, so i was wondering if zentyal has a more detailed log as a clue to start looking for errors...
location /texte/ {
auth_ldap_url ldap://localhost:389/ou=Users,dc=xx,dc=yy?uid;
#auth_ldap_url ldap://localhost:389/ou=Users,dc=xx,dc=yy?uid?sub?(objectClass=person);
auth_ldap_binddn cn=zentyalro,dc=xx,dc=yy;
auth_ldap_binddn_passwd ****pwd****;
auth_ldap_satisfy any;
proxy_pass http://localhost:9001/;
proxy_set_header Host $host;
proxy_buffering off;
}
i am trying to use nginx as a reverse proxy for etherpad-lite and other applications i am going to set up. As suggested somehwere in the forum here, it sounded like a good idea to keep unchanged apache for zentyal internal stuff and go for nginx as the "outside" server. i find nginx to be faster and generally easier to configure.
i successfully compiled the nginx with the nginx-auth-ldap module.
now i am trying to authenticate against the zentyal ldap, without success so far. i know this is not really zentyal related but as it will use the zentyal ldap scheme, maybe someone here can help.
this is the part of the nginx config. i cant get the authentication to work and i dont really know where to look for errors, in the nginx error.log, the authentication process is not logged, so i was wondering if zentyal has a more detailed log as a clue to start looking for errors...
location /texte/ {
auth_ldap_url ldap://localhost:389/ou=Users,dc=xx,dc=yy?uid;
#auth_ldap_url ldap://localhost:389/ou=Users,dc=xx,dc=yy?uid?sub?(objectClass=person);
auth_ldap_binddn cn=zentyalro,dc=xx,dc=yy;
auth_ldap_binddn_passwd ****pwd****;
auth_ldap_satisfy any;
proxy_pass http://localhost:9001/;
proxy_set_header Host $host;
proxy_buffering off;
}
4
Installation and Upgrades / sshd password probing - what to do?
« on: February 23, 2013, 07:46:13 pm »
hi, somebody was trying a not very successfull attack on our server. this looks like this (auth.log)
2 questions:
1. are these kind of attempts covered by IDS measures?
2. how do i blacklist the ip, if i discover this manually?
Code: [Select]
Feb 23 19:42:59 qcine sshd[31137]: Received disconnect from 27.17.34.92: 11: Bye Bye [preauth]
Feb 23 19:42:59 qcine sudo: ebox : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/var/lib/zentyal/tmp/yQpjDhWz_A.cmd
Feb 23 19:42:59 qcine sudo: pam_unix(sudo:session): session opened for user root by (uid=107)
Feb 23 19:42:59 qcine sudo: pam_unix(sudo:session): session closed for user root
Feb 23 19:43:00 qcine sshd[31156]: Failed password for invalid user postgres from 27.17.34.92 port 26579 ssh2
Feb 23 19:43:00 qcine sshd[31157]: Failed password for invalid user naruse from 27.17.34.92 port 26602 ssh2
Feb 23 19:43:00 qcine sshd[31162]: Invalid user stijn from 27.17.34.92
Feb 23 19:43:00 qcine sshd[31162]: input_userauth_request: invalid user stijn [preauth]
Feb 23 19:43:00 qcine sshd[31162]: pam_unix(sshd:auth): check pass; user unknown
Feb 23 19:43:00 qcine sshd[31162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.17.34.92
Feb 23 19:43:00 qcine sshd[31156]: Received disconnect from 27.17.34.92: 11: Bye Bye [preauth]
Feb 23 19:43:00 qcine sshd[31157]: Received disconnect from 27.17.34.92: 11: Bye Bye [preauth]
Feb 23 19:43:01 qcine sshd[31170]: Invalid user hote from 27.17.34.92
Feb 23 19:43:01 qcine sshd[31170]: input_userauth_request: invalid user hote [preauth]
Feb 23 19:43:01 qcine sshd[31170]: pam_unix(sshd:auth): check pass; user unknown
Feb 23 19:43:01 qcine sshd[31170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.17.34.92
Feb 23 19:43:01 qcine sshd[31177]: Invalid user sai from 27.17.34.92
Feb 23 19:43:01 qcine sshd[31177]: input_userauth_request: invalid user sai [preauth]
Feb 23 19:43:01 qcine sshd[31177]: pam_unix(sshd:auth): check pass; user unknown
Feb 23 19:43:01 qcine sshd[31177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.17.34.92
Feb 23 19:43:02 qcine sshd[31179]: Invalid user buster from 27.17.34.92
Feb 23 19:43:02 qcine sshd[31179]: input_userauth_request: invalid user buster [preauth]
Feb 23 19:43:02 qcine sshd[31179]: pam_unix(sshd:auth): check pass; user unknown
Feb 23 19:43:02 qcine sshd[31179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.17.34.92
Feb 23 19:43:02 qcine sshd[31184]: Invalid user hwong from 27.17.34.92
Feb 23 19:43:02 qcine sshd[31184]: input_userauth_request: invalid user hwong [preauth]
Feb 23 19:43:02 qcine sshd[31184]: pam_unix(sshd:auth): check pass; user unknown
Feb 23 19:43:02 qcine sshd[31184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.17.34.92
Feb 23 19:43:02 qcine sshd[31171]: Invalid user dinesh from 27.17.34.92
Feb 23 19:43:02 qcine sshd[31171]: input_userauth_request: invalid user dinesh [preauth]
Feb 23 19:43:02 qcine sshd[31171]: pam_unix(sshd:auth): check pass; user unknown
Feb 23 19:43:02 qcine sshd[31171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.17.34.92
Feb 23 19:43:02 qcine sshd[31162]: Failed password for invalid user stijn from 27.17.34.92 port 28217 ssh2
Feb 23 19:43:02 qcine sshd[31188]: Invalid user dawid from 27.17.34.92
Feb 23 19:43:02 qcine sshd[31188]: input_userauth_request: invalid user dawid [preauth]
Feb 23 19:43:02 qcine sshd[31188]: pam_unix(sshd:auth): check pass; user unknown
Feb 23 19:43:02 qcine sshd[31188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.17.34.922 questions:
1. are these kind of attempts covered by IDS measures?
2. how do i blacklist the ip, if i discover this manually?
5
Installation and Upgrades / Zentyal Dynamic DNS & MX?
« on: November 16, 2012, 08:29:02 am »
Hello People,
is it somewhere possible to edit the Zentyal Dynamic DNS Settings? It seemed to be convenient to select it during setup but i dont see the option to specify an MX entry, so receiving Mail on a DynDNS Host seems not possible using thr Zentyal DDNS Service. Or did i miss something?
Cheers,
t.
is it somewhere possible to edit the Zentyal Dynamic DNS Settings? It seemed to be convenient to select it during setup but i dont see the option to specify an MX entry, so receiving Mail on a DynDNS Host seems not possible using thr Zentyal DDNS Service. Or did i miss something?
Cheers,
t.
Pages: [1]