Messages

1

Installation and Upgrades / DNS, DHCP, Samba Dynamic Issues

« on: November 02, 2019, 05:02:50 pm »

I recently began having issues with our Zentyal 6 server, in regards to dynamic DNS, DHCP and Samba. DNS queries no longer work, dynamic DNS registration through DHCP and Samba DLZ no longer works. I installed a new perimeter firewall and changed the IP of the Zentyal box to something else; ever since then, things haven't worked quite right. It doesn't seem that Samba can update the changes in DNS, using DLZ.

I thought that maybe it was the dns.keytab, located in /var/lib/samba/private, so I deleted, recreated and reinitialized it...

Code: [Select]

sudo samba-tool domain exportkeytab --principal=dns-ZENTYAL@MY.DOMAIN.COM /var/lib/samba/private/dns.keytab
sudo ktutil -v -k /var/lib/samba/private/dns.keytab list
sudo kinit -k -t /var/lib/samba/private/dns.keytab dns-ZENTYALOf course, I have sterilized the actual principal and domain, using dns-ZENTYAL and MYDOMAIN.COM. You can find these entries by typing:

Code: [Select]

sudo klist
That doesn't seem to have helped, since it is not allowing some of the cleanup to take place. I ran the command:

Code: [Select]

sudo samba_dnsupdate --verbose
There are multiple instances where the update failed, for instance, here is some of the output, again, sterilized.

Code: [Select]

update (samba-tool): A DomainDnsZones.MYDOMAIN.com 192.168.15.2
Calling samba-tool dns for A DomainDnsZones.MYDOMAIN.com 192.168.15.2 (add)
Calling samba-tool dns add -k no -P ['192.168.15.2', 'MYDOMAIN.com', 'DomainDnsZones', 'A', '192.168.15.2']
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
ldb_wrap open of secrets.ldb
Using binding ncacn_ip_tcp:192.168.15.2[,sign]
Failed to connect host 192.168.15.2 on port 135 - NT_STATUS_CONNECTION_REFUSED
Failed to connect host 192.168.15.2 (192.168.15.2) on port 135 - NT_STATUS_CONNECTION_REFUSED.
ERROR: Connecting to DNS RPC server 192.168.15.2 failed with (-1073741258, 'The transport-connection attempt was refused by the remote system.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 44, in dns_connect
    dns_conn = dnsserver.dnsserver(binding_str, lp, creds)
Failed 'samba-tool dns' based update of A DomainDnsZones.MYDOMAIN.com 192.168.15.2
This failure also happens for ForestDnsZones, gc(._msdcs), SERVERNAME, @.

The Samba server IS listening, but on the wrong IP...

Code: [Select]

netstat -nap | grep :135
tcp        0      0 192.168.15.1:135        0.0.0.0:*               LISTEN      2426/samba         
tcp        0      0 127.0.1.1:135           0.0.0.0:*               LISTEN      2426/samba
tcp        0      0 127.0.0.1:135           0.0.0.0:*               LISTEN      2426/samba
If you notice, Samba is listening on the OLD IP address and Zentyal has not told all its services to switch to the new IP address of 192.168.15.2. When the command, samba_dnsupdate is run, it's looking on the correct address, but Zentyal is starting Samba on the wrong address, so the update fails to change the corresponding DNS properties in the Samba database. This also means that HTTPS, IMAP and almost everything else is listening on the wrong IP.


Does anyone know why or how to fix it?

2

Installation and Upgrades / Admin Interface: Restrict IP Addresses

« on: October 04, 2019, 07:41:10 pm »

I need to modify the web interface to restrict it to serve only certain external IP addresses, but it doesn't seem the version of nginx is compiled with the http_access_module. I can't use the firewall, because Zentyal's firewall sees all packets from the router as "internal". Any ideas?

Zentyal 6

3

Installation and Upgrades / Openchange Removal

« on: March 17, 2018, 10:12:23 pm »

I just read, in the changelog, that Zentyal removed OpenChange. How has that effected the way Zentyal integrates with Outlook's Exchange features? Does it still work?

4

Installation and Upgrades / Re: Zentyal 5.0 loose webadmin

« on: March 17, 2018, 09:56:19 pm »

Did you install a custom mas file in the stubs directory or modify the mas files in the /usr/share/zentyal directory?

5

Installation and Upgrades / zentyal Missing from init.d

« on: March 17, 2018, 09:53:39 pm »

Has something changed in Zentyal 5.0.10 in regards to init.d, because the zentyal script is missing in my fresh install. What is the procedure to restart the modules?

6

Other modules / Re: Contacts and Calendars

« on: July 27, 2017, 04:43:17 pm »

In the Sogo database, in MySQL, there are tables that correspond to each user's address book and calendar. The table, sogo_folder_info contains columns and rows that correspond to the correct user and table, in the database. In sogo_folder_info the column c_path2 contains the username of the person, c_path3 contains the type of entry, calendar or contact, c_foldername contains the name of the entry or what you named the address book / calendar and c_location is the table that has the records. c_location also has a corresponding c_quick_location and c_acl_location. You'll need all 3 of these "location" tables, as well as the row, corresponding to the user in question, from sogo_folder_info. Keep in mind, too, there is c_folder_id that might need to be changed, so it doesn't overlap with another user. c_path needs to be a unique name and c_path4 will be the final part from c_path. For instance, if c_path is /Users/joe/Calendar/100B-56440880-5-75095A00 then c_path4 will be 100B-56440880-5-75095A00

In order to move the address book and calendar from one installation to another, I simply used phpmyadmin to select the tables I wanted from the old database and exported them to an sql file. These will be the 3 tables listed in the c_location, c_quick_location and c_acl_location We'll call that export1.sql.

The next step was to create the row, with the keys, in the sogo_folder_info table. I selected that row, in phpmyadmin, and clicked Export. We'll call that export2.sql.

export1 does not need to be modified. It can be imported into the new database, without issue, unless tables already exist with the same names.

export2, however, probably needs to be modified:

First, you'll need to change c_folder_id to some unique number.

Second, you'll probably need to modify c_path to something unique. If you are importing /Users/joe/Contacts/personal, you'll need to change that trailing /variable to something else. If not, it will give you a duplicate warning in PRIMARY. Sogo makes paths in the form of 7C62-36475400-1-40F98080, so you should be able to make something by simply changing one number.

Third, you'll need to modify the c_location, c_quick_location and c_acl_location. Look at your other entries. They will have connection information, used to pull data out of the sql table. For instance, you are importing from a key that has mysql://sogo:EeO8Syso@127.0.0.1:3306/sogo/sogojoe0114ed50fd4, the database you are exporting from will not likely match the database you are exporting to. If the other rows of the database your are importing to have mysql://sogo:Fab554rvp@127.0.0.1:3306/sogo/sogojoe0114ed50fd4 You will need to modify the EeO8Syso to be Fab554rvp.

Finally, you will need to verify the c_location, c_quick_location and c_acl_location keys match the tables in the Sogo database, that hold the contact/calendar information. For instance, in the c_location column, if you have mysql://sogo:Fab554rvp@127.0.0.1:3306/sogo/sogojoe0114ed50fd4 there will be a table in the Sogo database called sogojoe0114ed50fd4, sogojoe0114ed50fd4_acl and sogojoe0114ed50fd4_quick If you imported them from export1, above, they should match and you won't have any issue.

Hope this helps. If anything is confusing, let me know and remember to BACK UP YOUR DATABASE before trying any of this.

7

Installation and Upgrades / Second Host on Zentyal Server

« on: July 27, 2017, 02:31:28 pm »

I am trying to install a second, ssl enabled vhost on my Zentyal server, but I'm running into difficulty with the proxy. I keep getting the error

Code: [Select]

The stylesheet https://www.[i]mysecondsite[/i].com/SOGo.woa/WebServerResources/dtree.css?lm=1459872312 was not loaded because its MIME type, “application/octet-stream”, is not “text/css”.
I have a ProxyPass directive, to send everything non-sogo related into another server. That doesn't seem to be having any effect on the above error. I have even tried copying and pasting the original sogo conf file, to the second site, but it doesn't work. I have tried with and without the SOGo.woa proxypass directive. Sogo does not seem to pick up the Alias /SOGo.woa/WebServerResources/ , as it won't load any of the .woa resources, without the ProxyPass /SOGo.woa ... Does anyone have any ideas?

Here is my .conf file That I am currently working with. Keep in mind that I have heavily changed the second, ssl, virtualhost.

Code: [Select]

user  www-data
group www-data

WSGILazyInitialization On
WSGIPythonPath /usr/lib/openchange/web/rpcproxy
WSGIScriptAlias /rpc/rpcproxy.dll /usr/lib/openchange/web/rpcproxy/rpcproxy.wsgi
WSGIScriptAlias /rpcwithcert/rpcproxy.dll /usr/lib/openchange/web/rpcproxy/rpcproxy.wsgi

<VirtualHost *:443>
    ServerName zentyal.[i]myfirstsite[/i].com
    ServerAlias autodiscover.[i]myfirstsite[/i].com
    DocumentRoot /var/www/html

    SSLEngine on
    SSLCertificateFile /etc/ocsmanager/[i]myfirstsite[/i].com.pem
    ProxyAddHeaders On

    ############################
    #### Autodiscover begin ####
    ############################
    ProxyPassMatch /[Aa]utodiscover(.*)$ http://127.0.0.1:5000/autodiscover$1

    #############
    #### EWS ####
    #############
    ProxyPass /ews http://127.0.0.1:5000/ews

    #########################
    #### RPC Proxy begin ####
    #########################
    # Extremely high timeout required by clients)
    Timeout 300
    KeepAlive On
    KeepAliveTimeout 120
    MaxKeepAliveRequests 500
    AddDefaultCharset utf-8

    Include /etc/apache2/mods-available/wsgi.load
    Include /etc/apache2/mods-available/env.load

    <Directory /usr/lib/openchange/web/rpcproxy/>
        SetEnv RPCPROXY_LOGLEVEL INFO
        SetEnv NTLMAUTHHANDLER_WORKDIR /var/cache/ntlmauthhandler
        SetEnv SAMBA_HOST 127.0.0.1
        WSGIPassAuthorization On
        WSGIProcessGroup %{GLOBAL}
        Require all granted
    </Directory>

    ############################
    #### SOGo webmail begin ####
    ############################
    Alias /SOGo.woa/WebServerResources/         /usr/lib/GNUstep/SOGo/WebServerResources/
    Alias /SOGo/WebServerResources/         /usr/lib/GNUstep/SOGo/WebServerResources/
    AliasMatch /SOGo/so/ControlPanel/Products/(.*)/Resources/(.*)         /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2

    <Directory /usr/lib/GNUstep/SOGo/>
        AllowOverride None
        Require all granted

        # Explicitly allow caching of static content to avoid browser specific
        # behavior. A resource URL MUST change in order to have the client
        # load the new version.
        <IfModule expires_module>
            ExpiresActive On
            ExpiresDefault "access plus 1 year"
        </IfModule>
    </Directory>

    <LocationMatch "^/SOGo/so/ControlPanel/Products/.*UI/Resources/.*\.(jpg|png|gif|css|js)">
        SetHandler default-handler
    </LocationMatch>

    ## Uncomment the following to enable proxy-side authentication, you will then
    ## need to set the "SOGoTrustProxyAuthentication" SOGo user default to YES and
    ## adjust the "x-webobjects-remote-user" proxy header in the "Proxy" section
    ## below.
    #<Location /SOGo>
    #  AuthType XXX
    #  Require valid-user
    #  SetEnv proxy-nokeepalive 1
    #  Allow from all
    #</Location>
    ProxyRequests Off
    SetEnv proxy-nokeepalive 1
    ProxyPreserveHost On

    # When using CAS, you should uncomment this and install cas-proxy-validate.py
    # in /usr/lib/cgi-bin to reduce server overloading
    #
    # ProxyPass /SOGo/casProxy http://localhost/cgi-bin/cas-proxy-validate.py
    # <Proxy http://localhost/app/cas-proxy-validate.py>
    #   Order deny,allow
    #   Allow from your-cas-host-addr
    # </Proxy>

    ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0
    ProxyPass /sogo/ http://127.0.0.1:20000/SOGo
    ProxyPass /sogo http://127.0.0.1:20000/SOGo
    ProxyPass /webmail/ http://127.0.0.1:20000/SOGo
    ProxyPass /webmail http://127.0.0.1:20000/SOGo
    ProxyPass /_debug http://127.0.0.1:5000/_debug retry=0

    <Proxy http://127.0.0.1:20000/SOGo>
        ## When using proxy-side autentication, you need to uncomment and
        ## adjust the following line:
        #  RequestHeader set "x-webobjects-remote-user" "%{REMOTE_USER}e"
        RequestHeader set "x-webobjects-server-url" "https://%{REQUEST_HOST}e:443"
        SetEnvIf Host "(.*):?" REQUEST_HOST=$1
        AddDefaultCharset UTF-8
        Require all granted
    </Proxy>

    # For apple autoconfiguration
    <IfModule rewrite_module>
        RewriteEngine On
        RewriteRule ^/.well-known/caldav/?$ /SOGo/dav [R=301]
    </IfModule>

    CustomLog ${APACHE_LOG_DIR}/ocsmanager-access.log combined
    ErrorLog ${APACHE_LOG_DIR}/ocsmanager-error.log
</VirtualHost>




##################################################################
##################################################################
##################################################################






<VirtualHost *:80>
ServerName www.[i]mysecondsite[/i].com
    ServerAlias [i]mysecondsite[/i].com
    DocumentRoot /var/www/[i]mysecondsite[/i].com
        <Directory /var/www/[i]mysecondsite[/i].com>
                Require all granted
        </Directory>
Redirect / https://www.[i]mysecondsite[/i].com
</VirtualHost>

<Virtualhost *:443>
ServerName www.[i]mysecondsite[/i].com
ServerAlias [i]mysecondsite[/i].com
ServerAlias autodiscover.[i]mysecondsite[/i].com

SSLCertificateFile /etc/apache2/ssl/www_[i]mysecondsite[/i]_com.crt
SSLCertificateKeyFile /etc/apache2/ssl/www_[i]mysecondsite[/i]_com.key
SSLCACertificateFile /etc/apache2/ssl/comodo-rsa-domain-validation-sha-2-w-root.ca-bundle
SSLEngine on
SSLProxyEngine on

ProxyPassInherit off
ProxyPreserveHost on
SetEnv proxy-nokeepalive 1


### I have tried every permutation of the proxy directives, that I can think of. Nothing works to load the .css.

ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0
ProxyPassReverse /SOGo http://127.0.0.1:20000/SOGo #with or without, this directive makes no difference
ProxyPass /sogo/ http://127.0.0.1:20000/SOGo
ProxyPass /sogo http://127.0.0.1:20000/SOGo
ProxyPass /webmail/ http://127.0.0.1:20000/SOGo
ProxyPass /webmail http://127.0.0.1:20000/SOGo
ProxyPass /_debug http://127.0.0.1:5000/_debug retry=0
ProxyPass /SOGo.woa http://127.0.0.1:20000/SOGo.woa
ProxyPassReverse /SOGo.woa http://127.0.0.1:20000/SOGo.woa #with or without, this directive makes no difference

#This proxy directive has been modified from the original, but it makes no difference.

<Proxy http://127.0.0.1:20000/SOGo>
<IfModule headers_module>
  RequestHeader set "x-webobjects-server-port" "443"
  RequestHeader set "x-webobjects-server-name" "%{HTTP_HOST}e" env=HTTP_HOST
  RequestHeader set "x-webobjects-server-url" "https://%{HTTP_HOST}e" env=HTTP_HOST
  RequestHeader unset "x-webobjects-remote-user"
  RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
</IfModule>
</Proxy>

    CustomLog ${APACHE_LOG_DIR}/acr-ocsmanager-access.log combined
    ErrorLog ${APACHE_LOG_DIR}/acr-ocsmanager-error.log

ProxyPass / http://10.28.45.100/[i]mysecondsite[/i]/
ProxyPassReverse / http://10.28.45.100/[i]mysecondsite[/i]/
</VirtualHost>

8

Other modules / [SOLVED] Contacts and Calendars in Database

« on: July 25, 2017, 09:23:02 pm »

Does anyone know exactly where Zentyal 4.2x/SOGo stores the calendars and contacts for users and/or (depending on the answer) how to export them without using the user's web interface?

9

Spanish / Re: "You have broken packages installed, fix them before upgrading" message

« on: April 27, 2017, 07:05:27 pm »

For anyone trying to find an answer to this, here is what you can do You are going to be replacing the kernel values and versions with your own system. Don't attempt to use mine, exactly...

First, determine your current kernel version.

Code: [Select]

uname -rThat will be the kernel you want to make sure you don't delete.

List the kernel packages installed.

Code: [Select]

sudo dpkg --get-selections | grep linux-image
linux-image-3.13.0-106-generic install
linux-image-3.13.0-117-generic install
linux-image-3.13.0-45-generic deinstall
linux-image-3.13.0-61-generic install
linux-image-3.13.0-91-generic install
linux-image-3.13.0-98-generic install
linux-image-3.19.0-64-generic install
linux-image-3.19.0-71-generic install
linux-image-3.19.0-78-generic install
linux-image-extra-3.13.0-106-generic install
linux-image-extra-3.13.0-117-generic install
linux-image-extra-3.13.0-45-generic deinstall
linux-image-extra-3.13.0-61-generic install
linux-image-extra-3.13.0-91-generic install
linux-image-extra-3.13.0-98-generic install
linux-image-extra-3.19.0-64-generic install
linux-image-extra-3.19.0-71-generic install
linux-image-extra-3.19.0-78-generic install
linux-image-extra-3.19.0-80-generic install
linux-image-generic install
linux-image-generic-lts-vivid install
In my case, apt was trying to install 3.19.0-80, but could not, because /boot was full.

Get a list of all the kernel image files in the /boot directory.

Code: [Select]

christopher@sbs-server:/boot$ ls
abi-3.13.0-106-generic         initrd.img-3.19.0-64-generic
abi-3.13.0-117-generic         initrd.img-3.19.0-71-generic
abi-3.13.0-61-generic          initrd.img-3.19.0-78-generic
abi-3.13.0-91-generic          lost+found
abi-3.13.0-98-generic          System.map-3.13.0-106-generic
abi-3.19.0-64-generic          System.map-3.13.0-117-generic
abi-3.19.0-71-generic          System.map-3.13.0-61-generic
abi-3.19.0-78-generic          System.map-3.13.0-91-generic
config-3.13.0-106-generic      System.map-3.13.0-98-generic
config-3.13.0-117-generic      System.map-3.19.0-64-generic
config-3.13.0-61-generic       System.map-3.19.0-71-generic
config-3.13.0-91-generic       System.map-3.19.0-78-generic
config-3.13.0-98-generic       vmlinuz-3.13.0-106-generic
config-3.19.0-64-generic       vmlinuz-3.13.0-117-generic
config-3.19.0-71-generic       vmlinuz-3.13.0-61-generic
config-3.19.0-78-generic       vmlinuz-3.13.0-91-generic
grub                           vmlinuz-3.13.0-98-generic
initrd.img-3.13.0-106-generic  vmlinuz-3.19.0-64-generic
initrd.img-3.13.0-61-generic   vmlinuz-3.19.0-71-generic
initrd.img-3.13.0-91-generic   vmlinuz-3.19.0-78-generic
initrd.img-3.13.0-98-generic
Create a folder

Code: [Select]

christopher@sbs-server:/boot$ mkdir ~/old-kernel-imagesMove all the old kernels to the above folder.

Code: [Select]

christopher@sbs-server:/boot$ sudo mv ./*-3.13.0-* ~/old-kernel-images
Now, you should have space in /boot, but apt will complain about missing files, when you install the latest kernel version. We'll handle this, later.

Code: [Select]

update-initramfs: Generating /boot/initrd.img-3.13.0-106-generic
grep: /boot/config-3.13.0-106-generic: No such file or directory
update-initramfs: Generating /boot/initrd.img-3.13.0-98-generic
grep: /boot/config-3.13.0-98-generic: No such file or directory
update-initramfs: Generating /boot/initrd.img-3.13.0-91-generic
grep: /boot/config-3.13.0-91-generic: No such file or directory
update-initramfs: Generating /boot/initrd.img-3.13.0-61-generic
grep: /boot/config-3.13.0-61-generic: No such file or directory
Once it is finished, purge all the missing kernel packages. This, also, will give errors, but it is necessary to tell apt they are no longer installed.

Code: [Select]

christopher@sbs-server:/boot$ sudo apt-get purge linux-image-3.13.0-91-generic linux-image-3.13.0-61-generic linux-image-3.13.0-45-generic linux-image-3.13.0-117-generic linux-image-3.13.0-106-generic
Once everything is purged out, you should no longer have any issues.

Code: [Select]

christopher@sbs-server:/boot$ dpkg --get-selections | grep "linux-image"linux-image-3.19.0-64-generic install
linux-image-3.19.0-71-generic install
linux-image-3.19.0-78-generic install
linux-image-3.19.0-80-generic install
linux-image-extra-3.13.0-45-generic deinstall
linux-image-extra-3.19.0-64-generic install
linux-image-extra-3.19.0-71-generic install
linux-image-extra-3.19.0-78-generic install
linux-image-extra-3.19.0-80-generic install
linux-image-generic-lts-vivid install
Now install your latest kernel. There should be no errors.

Code: [Select]

christopher@sbs-server:/boot$ sudo apt-get install --reinstall linux-image-3.19.0-80-generic
Clean up any straggling packages, using autoremove. There should be no errors.

Code: [Select]

christopher@sbs-server:/boot$ sudo apt-get autoremove

10

Contributions / Tips&Tricks / Features Requests / Forum Issue

« on: April 27, 2017, 06:50:56 pm »

I am not sure exactly how to find an admin on here, but I was just in the middle of creating a long post, explaining how I found a solution to another user's problem, only to be greeted with the login prompt, when I clicked submit, losing all my work. Admins, please fix this issue, removing the auto-logout, creating a drafts option or, at minimum, increase the auto-logout time.

11

Installation and Upgrades / Just installed 4.2 Samba Broken

« on: July 01, 2016, 02:50:43 pm »

I just finished installing 4.2 and, low and behold, something is wrong with Samba, no one can log in, now. In the logs, I get:

Code: [Select]

Jul  1 07:40:37 sbs-server smbd[32374]: [2016/07/01 07:40:37.326656,  0] ../source3/auth/auth.c:380(load_auth_module)
Jul  1 07:40:37 sbs-server smbd[32374]:   load_auth_module: can't find auth method samba4!
When trying to do an smbclient search, I get:

Code: [Select]

session setup failed: NT_STATUS_NO_LOGON_SERVERS
Has anyone come across this, yet?

12

Installation and Upgrades / Changing the Webmail Logo

« on: April 24, 2016, 05:50:08 pm »

I want to change the webmail logo and I found the .wox template responsible, in /usr/share/GNUstep/SOGo/Templates/MainUI/SOGoRootPage.wox, but my question is, if I change it, here, can't/won't it be reverted, during an upgrade of SOGO?

What is the correct way to change the logo, as a permanent solution, for all users?

13

Installation and Upgrades / Re: Default Gateway not Adding

« on: April 21, 2016, 01:59:12 am »

... and it didn't add the route, so I guess that's normal behavior.

14

Installation and Upgrades / Re: Default Gateway not Adding

« on: April 21, 2016, 01:58:17 am »

I deleted and re-added the gateway and it started working. False alarm, I guess.

15

Installation and Upgrades / Default Gateway not Adding

« on: April 21, 2016, 01:51:17 am »

For some reason, I can't get my Zentyal server on the internet, because it isn't putting a default gateway into its routing table. All it is adding is the local network. I have added the network in the default gateway tab and it is set to default.

It should say,
0.0.0.0     192.168.15.1     0.0.0.0   ...  eth0

All it has is:
192.168.1.0     0.0.0.0     255.255.255.0    ...   eth0

If I add the route, manually,  it works, fine. Any idea why it's not getting populated into the routing table?