Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
Installation and Upgrades / Upgrade suggestions
« on: December 06, 2014, 01:17:26 am »
I have a somewhat hosed 3.5 server that I want to migrate to 4.0.
I started with 3.4 on ubuntu 12.04, but at some point it offered to update to 3.5 and ubuntu 14.04. I did so, and it threw errors at the end but after rebooting seemed mostly OK. The events module is broken (won't start) and I sometimes get additional errors when applying changes, but the important bits still work (DNS, DHCP, Samba, Firewall).
Now I want to get it upgraded to 4 (and fix the other issues) but testing the 3.5 -> 4 migration did not work. I'd like to just do a fresh reinstall, I don't mind reconfiguring most of the modules, but I'm worried about preserving my Samba entries. Especially since I have linux servers using this server for auth and they are generating linux uids and gids from bits of the AD entries that I don't have direct access to from the Web UI. Is there an easy way to copy over the AD entries from my 3.5 server to my new 4 server? I can make the 4 server an additional domain controller, which works, but what happens then when the 3.5 server is retired?
Thanks,
-Craig
I started with 3.4 on ubuntu 12.04, but at some point it offered to update to 3.5 and ubuntu 14.04. I did so, and it threw errors at the end but after rebooting seemed mostly OK. The events module is broken (won't start) and I sometimes get additional errors when applying changes, but the important bits still work (DNS, DHCP, Samba, Firewall).
Now I want to get it upgraded to 4 (and fix the other issues) but testing the 3.5 -> 4 migration did not work. I'd like to just do a fresh reinstall, I don't mind reconfiguring most of the modules, but I'm worried about preserving my Samba entries. Especially since I have linux servers using this server for auth and they are generating linux uids and gids from bits of the AD entries that I don't have direct access to from the Web UI. Is there an easy way to copy over the AD entries from my 3.5 server to my new 4 server? I can make the 4 server an additional domain controller, which works, but what happens then when the 3.5 server is retired?
Thanks,
-Craig
2
Installation and Upgrades / Re: HA Experiences
« on: May 26, 2014, 05:32:55 pm »Since upgrading to 3.4, I'm having the same issues you mention.
I have another dhcp pool on my additional domain controller. When workstations switch pools, I'm having all kinds of issues.
Sometimes the users can't login to their workstation, and sometime they can't access file shares that are on the windows servers.
I can't figure it out. All worked fine in 3.3.10
3.4 has been working well for me since I turned off the second instance being used for high availability. I did figure out that zentyal creates a /24 reverse zone entry for each DHCP pool in the dhcpd.conf file. Since I'm using 192.168.0.0/16 that means I need to add a fake dhcp pool entries to add reverse zones for my static dhcp addresses (ie 192.168.0255-192.168.0.255). Personally, doing it manually, I would have just created a single .168.192.in-addr.arpa entry in the dhcp config to cover the entire subnet. I also added "anchor" DNS entries to ensure that reverse zones are also created for DNS. Not sure if this is still needed, if it is a bug, or if has been fixed. My take is that development was centered around the sue of /24 subnets.
3
Installation and Upgrades / HA Experiences
« on: May 23, 2014, 08:15:33 pm »
I'd like to ask what other people's experiences have been with HA, and how they've done their setup.
Personally, I tried to use it but just had too many problems and it made my overall infrastructure less reliable. I had two zentyal instances doing HA with AD, DNS, DHCP, NTP, and routing. My biggest problems were related to DHCP and DNS. It seemed I sometimes got split-brain where both DHCP servers were running, or it would switch DHCP from one server to the other for no apparent reason. This might have been OK, but Zentyal seemed to have problem keeping DNS in sync between the two machines with DHCP and DynDNS. DHCP leases from one server would correctly sync forward and reverse-zone entries between both servers, but not the other way around.
Though overall, HA is very promising, I eventually shutoff the second server as my two servers bickered too much and caused a lot of network problems. Maybe adding a third server for better consensus might have helped? Curious what others have done.
Personally, I tried to use it but just had too many problems and it made my overall infrastructure less reliable. I had two zentyal instances doing HA with AD, DNS, DHCP, NTP, and routing. My biggest problems were related to DHCP and DNS. It seemed I sometimes got split-brain where both DHCP servers were running, or it would switch DHCP from one server to the other for no apparent reason. This might have been OK, but Zentyal seemed to have problem keeping DNS in sync between the two machines with DHCP and DynDNS. DHCP leases from one server would correctly sync forward and reverse-zone entries between both servers, but not the other way around.
Though overall, HA is very promising, I eventually shutoff the second server as my two servers bickered too much and caused a lot of network problems. Maybe adding a third server for better consensus might have helped? Curious what others have done.
4
Installation and Upgrades / Re: Port Forwarding doesn't work for internal LAN
« on: May 23, 2014, 08:06:04 pm »
You probably need to setup the port forwarding for both your interfaces. Also, the 'replace source address' has an effect on how some services work depending on where you are accessing them from.
Most of my port forwarding entries have duplicates with eth1 set instead of eth0, for example.
Most of my port forwarding entries have duplicates with eth1 set instead of eth0, for example.
5
Installation and Upgrades / static dhcp hosts and reverse mappings
« on: April 22, 2014, 11:48:36 pm »
I have some servers in a network object added as static dhcp hosts (under 192.168.0.0).
The zentyal dhcp configuration does not have a reverse mapping entry for them though (no 0.168.192.in-addr.arpa).
I've run into enough related reverse zone problems that I'm wondering if it would just be better to just have them be specified manually in the interface.
Right now as far as I can tell, zentyal only adds reverse zone entries for dhcp ranges but maybe it should add ones for the interface networks (I'm using 192.168.0.0/16)
The zentyal dhcp configuration does not have a reverse mapping entry for them though (no 0.168.192.in-addr.arpa).
I've run into enough related reverse zone problems that I'm wondering if it would just be better to just have them be specified manually in the interface.
Right now as far as I can tell, zentyal only adds reverse zone entries for dhcp ranges but maybe it should add ones for the interface networks (I'm using 192.168.0.0/16)
6
Installation and Upgrades / Re: reverse dns ddns entries not being replicated in HA
« on: April 16, 2014, 06:04:35 am »Hi craigyk,
There is not support to replicate Dynamic DNS entries as they are not backed by Zentyal configuration backend. As of today only replicates the configuration information stored by Zentyal and /etc/zentyal and /var/lib/zentyal/conf/CA directories.
Sorry for any misunderstanding and thanks for using Zentyal!
Huh, it did seem to me that it was replicating DynDNS entries because I kept seeing bind zone transfer notifications for the reverse zones in the logs, while the forward entries were being replicated by the samba end of things. It just seemed unreliable. Is full DNS replication on a roadmap? DNS is a pretty crucial piece of infrastructure so I'd imagine it should be.
7
Installation and Upgrades / Re: forgetting dhcp clients
« on: April 07, 2014, 11:48:25 pm »Please expand Your question - more data needed
I meant in general, but more specifically in my case trying HA, it seems to happen quite a lot. I've seen my two HA server spontaneously decide to switch DHCP from one host to the other, upon which, all the DHCP DNS entries on the old host seem to disappear causing me a cascading set of headaches when my computers stop being able to find one another. Also it seems that when the DHCP server is running on one of the hosts reverse DNS mappings get correctly updated on both hosts, but when running DHCP on the other server, one of the DNS servers stops getting reverse DNS entries, even though I can see it getting zone update notifications.
8
Installation and Upgrades / forgetting dhcp clients
« on: April 05, 2014, 02:02:23 am »
does anyone else find that zentyal forgets DHCP DNS entries?
9
Installation and Upgrades / Re: reverse dns ddns entries not being replicated in HA
« on: April 05, 2014, 01:55:49 am »
ugh,
my dhcp DNS entries also seem to disappear after a while... this.is.so.frustrating.
almost ready to ditch this and go back to dnsmasq
my dhcp DNS entries also seem to disappear after a while... this.is.so.frustrating.
almost ready to ditch this and go back to dnsmasq
10
Installation and Upgrades / Re: reverse dns ddns entries not being replicated in HA
« on: April 05, 2014, 12:48:32 am »
after looking at the config files it looks like DNS for forward entries are being synced by the AD plugin?
the problem then is that the DHCP server only updates the reverse entries for 127.0.0.1 rather than both name servers.
why aren't the reverse zones just handled by the AD plugin as well then?
how would I modify templates to see if adding an additional entry for the other name server in dhcpd.conf will work?
the problem then is that the DHCP server only updates the reverse entries for 127.0.0.1 rather than both name servers.
why aren't the reverse zones just handled by the AD plugin as well then?
how would I modify templates to see if adding an additional entry for the other name server in dhcpd.conf will work?
11
Installation and Upgrades / reverse dns ddns entries not being replicated in HA
« on: April 05, 2014, 12:37:15 am »
I'm not sure how DNS replication is being done in zentyal (wether through zone transfers or some other method), but I've noticed that DHCP DNS updates for forward mappings get synced between HA members but reverse mappings do not.
so new DHCP host 'node-1' registers
nslookup node-1 dns1 -> 192.168.10.100
nslookup node-1 dns2 -> 192.168.10.100
nslookup 192.168.10.100 dns1 -> node-1
nslookup 192.168.10.100 dns2 -> not found
so new DHCP host 'node-1' registers
nslookup node-1 dns1 -> 192.168.10.100
nslookup node-1 dns2 -> 192.168.10.100
nslookup 192.168.10.100 dns1 -> node-1
nslookup 192.168.10.100 dns2 -> not found
12
Installation and Upgrades / Re: Reverse DNS ddns dhcp updates not working
« on: April 03, 2014, 09:32:31 pm »
I don't really know how the config files get auto generated, but working off a guess, I manually added fake hosts in the DNS at the base of each of the ip ranges and that seems to have done the trick. It added the new reverse zones to the DNS config and dhcp can now update those reverse addresses.
This workaround is definitely hacky, but works for now.
To recap:
My network is 192.168.0.0/16. All my static hosts with actual DNS entries were under 192.168.0.0/24 and forward and reverse updates were working. I had DHCP ranges under 192.168.10.50-200 and 192.168.11.50-200 and reverse DNS updates for those were not working. I got around this by adding fake A records at 192.168.10.1 and 192.168.11.1 which got zentyal to add the proper zones to the DNS config so that DHCP updates would work.
This workaround is definitely hacky, but works for now.
To recap:
My network is 192.168.0.0/16. All my static hosts with actual DNS entries were under 192.168.0.0/24 and forward and reverse updates were working. I had DHCP ranges under 192.168.10.50-200 and 192.168.11.50-200 and reverse DNS updates for those were not working. I got around this by adding fake A records at 192.168.10.1 and 192.168.11.1 which got zentyal to add the proper zones to the DNS config so that DHCP updates would work.
13
Installation and Upgrades / Reverse DNS ddns dhcp updates not working
« on: April 03, 2014, 10:38:05 am »
I have my network configured as 192.168.0.0/16 with two dhcp ranges 192.168.10.10-200 and 192.168.11.10-200
DHCP leases are updating host names in DNS but not the reverse addresses. The dhcp config looks right with two entries for 10/11.168.192.in-addr.arpa but the DNS config looks off as there is only a single reverse zone for 0.168.192.in-addr.arpa set
DHCP leases are updating host names in DNS but not the reverse addresses. The dhcp config looks right with two entries for 10/11.168.192.in-addr.arpa but the DNS config looks off as there is only a single reverse zone for 0.168.192.in-addr.arpa set
14
Installation and Upgrades / Re: floating ips on external interfaces
« on: March 31, 2014, 10:19:52 pm »Hello craigyk,
If you want to set up your gateways in HA for your internal network, you must only set up an internal floating IP address per internal network. Then you should configure your clients to use that floating IP address.
In that way, each Zentyal server has an static internal IP address and the floating IP address is floating from one server to another if it is required.
Best regards,
Ok, but I would also like to have an external floating IP for NAT and port forwarding for incoming connections. I tried this and it seems to work, but it seems a bit silly to assign external IPs to each zentyal server and then a third for the floating IP. I was hoping there was some way to configure the external interfaces to not have assigned IPs but still have network and netmask parameters so that zentyal knows the network parameters etc for the external interfaces.
15
Installation and Upgrades / floating ips on external interfaces
« on: March 30, 2014, 12:38:09 am »I'm guessing if I want to use 2+ zentyal servers as HA gateways, I should assign a floating IP on the internal AND external networks.
But does each machine also need to have an external IP set for the network interface itself? I could see that wasting a lot of precious external IPs.
Is there a way in the Network GUI to have it be active with a defined mask and range, but not actually claim an IP?
Pages: [1] 2