Zentyal Forum, Linux Small Business Server

Zentyal Server => Installation and Upgrades => Topic started by: Gilberto Ferreira on May 08, 2013, 01:50:43 pm

Title: Zentyal 3.1
Post by: Gilberto Ferreira on May 08, 2013, 01:50:43 pm
Hi friends...

Anybody has testing last version of Zentyal 3.1??

http://sourceforge.net/projects/zentyal/files/Beta/

Title: Re: Zentyal 3.1
Post by: Zei on May 08, 2013, 07:38:36 pm
Hello Gilberto,

you should check the new installer, we have made several improvements, including a faster dashboard and menu navigation speed ;)


Title: Re: Zentyal 3.1
Post by: Gilberto Ferreira on May 08, 2013, 07:42:50 pm
Hi there....

Nice to know that...
Indeed, I install this new brand and solve a lot of problem that I encouter with others versions, like SSO kerberos with Proxy HTTP and many others stuffs....

And the Dashboard and menu navigation is nice too... I felt this version is faster....

Thanks a lot
Title: Re: Zentyal 3.1
Post by: Zei on May 09, 2013, 11:33:02 am
You are welcome Gilberto.

Glad to hear your comments ;)
Title: Re: Zentyal 3.1
Post by: Gilberto Ferreira on May 09, 2013, 02:18:13 pm
Hi...

Well... Everything is ok, till I decide put Zentyal server as an Additional Domain Controller of Windows 2003 Server SP2.

Now, I get this message on /var/log/squid/cache.log:

authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH received type
1 NTLM token'

And, users on lan need to put there's username and password to continue access the web... :(

I felt s frustrated!
Title: Re: Zentyal 3.1
Post by: christian on May 09, 2013, 02:37:38 pm
what is also somewhat frustrating s that you cross post, adding same comment in 2 different thread about similar topic BTW and ths makes it difficult to follow  :-\
Title: Re: Zentyal 3.1
Post by: Sam Graf on May 09, 2013, 03:51:33 pm
Test machine running. Immediate thoughts:
Have to install more stuff to do real exploration, but so far, so good. 8)
Title: Re: Zentyal 3.1
Post by: Sam Graf on May 09, 2013, 06:37:48 pm
Question about the IPS module: If a person is unfamiliar with the attack classifications, is there a place where their descriptions can be read? I'm thinking especially of the option to block and knowing which attack classifications it might make sense to set to block during deployment.
Title: Re: Zentyal 3.1
Post by: Sam Graf on May 09, 2013, 08:14:25 pm
Just to note (at this early stage) that Monitoring returns page not found.
Title: Re: Zentyal 3.1
Post by: papajulio on May 11, 2013, 12:54:35 pm
Thanks Sam, already reproduced and reported so we can fix it. http://trac.zentyal.org/ticket/6652
Title: Re: Zentyal 3.1
Post by: Sam Graf on May 11, 2013, 04:53:23 pm
Thank you. Now a question about logs and events. I have the Log observer, State, and Service events enabled. If I understand correctly, the Log observer event should insert into the Events log other qualifying log entires, such as antivirus update and IPS log entries.

There are no IPS entries in the IPS log (I want to investigate that separately) but there are antivirus updates. But so far only State events are in the Events log. Am I missing something on the configuration side or misunderstand how the Events log works?
Title: Re: Zentyal 3.1
Post by: fedotov_andrey on May 13, 2013, 08:31:38 pm
how to upgrade 3.0 to 3.1?
Title: Re: Zentyal 3.1
Post by: Gilberto Ferreira on May 13, 2013, 08:50:35 pm
hum... I think that is not possible, because 3.1 is a beta version... So you need download de iso and install entire system....

cheers..
Title: Re: Zentyal 3.1
Post by: christian on May 13, 2013, 09:01:29 pm
I upgraded from 3.0 to 3.1 as easily as changing settings in /etc/atp/sources.list
So far the only visible problem is web server (apache) not starting because conflicting with Nginx. So not a big issue.

again and again, 3.1 is beta so do not complain because this is not yet stable  ;)
Title: Re: Zentyal 3.1
Post by: Gilberto Ferreira on May 13, 2013, 09:04:11 pm
I upgraded from 3.0 to 3.1 as easily as changing settings in /etc/atp/sources.list
So far the only visible problem is web server (apache) not starting because conflicting with Nginx. So not a big issue.

again and again, 3.1 is beta so do not complain because this is not yet stable  ;)

That's right Christian...

I don't thought about changing source.list....

Thank you...
Title: Re: Zentyal 3.1
Post by: ArchW on May 14, 2013, 08:42:20 pm
After installing 3.1x beta, I tried to upgrade the packages after the initial installation howver this error pops up:

Internal Error, No file name for libssl1.0.0


Title: Re: Zentyal 3.1
Post by: Gilberto Ferreira on May 14, 2013, 08:58:28 pm
Hi

Try this:

apt-get install libssl1.0.0

May be this can fix
Title: Re: Zentyal 3.1
Post by: Neksi on May 17, 2013, 09:18:14 am
I upgraded from 3.0 to 3.1 as easily as changing settings in /etc/atp/sources.list
So far the only visible problem is web server (apache) not starting because conflicting with Nginx. So not a big issue.

again and again, 3.1 is beta so do not complain because this is not yet stable  ;)

Tell me in detail how to fix conflict Apache with Nginx
Title: Re: Zentyal 3.1
Post by: christian on May 17, 2013, 09:26:11 am
here (http://trac.zentyal.org/ticket/6657)
Title: Re: Zentyal 3.1
Post by: Gilberto Ferreira on May 24, 2013, 07:15:56 pm
Hello guys

I know that Beta systems is very unstable...
But, zentyal 3.1 was the only one that works SSO with HTTP Proxy and Windows 2003 SP2.

So, I will use this beta version in a future customer.

Can anyone tell me what is the risk??

Thanks.
Title: Re: Zentyal 3.1
Post by: christian on May 25, 2013, 12:20:14 am
Can anyone tell me what is the risk??

 ::) risk is that some new development, as this is still beta, just prevents everything to work?
3.2 will not be issued next month but rather in September, meaning in the meantime, potentially some changes will be introduced.
To me, going today live with this version is risky if use for your own company but risk is even higher when used for customer. Argument about SSO with HTTP proxy a really a poor one and if your client push you in this direction, be prepared for more problems to come, not because of Zentyal but because of such non-sense request.

BTW, I hardly understand how one could offer services to clients without any SLA, meaning with community edition. So thinking about use of beta in prod for customer just because it provides SSO for one service (here HTTP proxy) is far beyond what I can imagine  :o
Title: Re: Zentyal 3.1
Post by: Gilberto Ferreira on May 25, 2013, 12:23:14 am
well, btw, I remake all installation. doing a fresh install, and do not work again...

and regards SSO, many  customers require this feature here, at least in my country, because is nor confortable than type user and password everytime when open a web browser...

tanks

Title: Re: Zentyal 3.1
Post by: Sam Graf on May 25, 2013, 03:28:32 am
regards SSO, many  customers require this feature here, at least in my country, because is nor confortable than type user and password everytime when open a web browser...

I agree that this is a valuable feature (at least it sounds like it would be, if I could only get it to work ;D ). Nevertheless, under no circumstances would I put 3.1 into production except, maybe, as a home server. The risks are not worth it, to me, whatever benefits there might be.
Title: Re: Zentyal 3.1
Post by: christian on May 25, 2013, 06:42:21 am
and regards SSO, many  customers require this feature here, at least in my country

I can understand this is not your own clever choice but pressure from customers, this is the reason why I wrote:
"be prepared to face many other problems later with such customers"  :-X

Once all this stuff will work, you can be famous among your customers when you will suggest to extend Kerberos ticket lifetime. This will help them to not even type their password once a day but perhaps once a week ;D  but, here again, be clever and do not accept the security officer responsibility  ::)

 
Title: Re: Zentyal 3.1
Post by: Gilberto Ferreira on May 25, 2013, 04:10:40 pm
I see your point Christian

But, you have to consider that I search in many sites on web, and this solution with squid + kerberos + windows server 2003 in fact works pretty well in a no Zentyal environment...

So, I think that there's no reason this can work on Zentyal too... At least I think...

That is the point...

And here an example:

http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
Title: Re: Zentyal 3.1
Post by: christian on May 25, 2013, 04:40:50 pm
So why do stick with Zentyal if this feature is mandatory for you  ::)

Yes Squid+Kerberos works and yes Zentyal is maybe not yet ready, and may have some bugs or design not fitting 100% of your needs.
So, it doesn't matter whenever I consider or not that you search for something working on internet and not yet working on Zentyal as to me, it brings nothing to the current debate.

Let me give you some (perhaps stupid) examples:
Ubuntu does support NFS server but Zentyal doesn't !! Why ?
OpenLDAP does support RFC2307bis but Zentyal doesn't implement it !! why ?

If I do need NFS, then I'll implement some "non Zentyal" solution. That's it (and BTW this is why I'm currently doing).
I will not waste time pushing for Zentyal to do it.
And if it appears to be hopefully in Zentyal roadmap, I'll wait for stable release before deploying it in prod.

For all these reason, sorry but I don't see your point.

One more point: if you think this should or could work with current Zentyal implementation assuming some code changes, then you're very welcome with fixes or implementation that will fix what is currently broken. The whole community will for sure thank you  ;)
Title: Re: Zentyal 3.1
Post by: Gilberto Ferreira on May 25, 2013, 04:49:43 pm
Well

I think debate is always good... Seems to me you get nervous...
Sorry if if provoke some kind of bad feeling...
I just saying that Zentyal is a nice tool but need some bug fix and if some feature doesn't work properly, do not release it to the public, because a lot of users will be grateful for such function released, but when gona use it, get desappointed...

Just because the feature is there all of us suppose the feature was tested and homologated in a many kind of situation...

At least my point is: if the feature doesn't work, do not release it, until work properly...

Again, sorry to push...
Title: Re: Zentyal 3.1
Post by: christian on May 25, 2013, 05:07:41 pm
D'ont worry, I don't feel nervous  ;D
I just don't understand why you don't understand that this product is not perfect, still evolving and hopefully better with the next version but in any case this may justify to go live with beta. That's it

This said, you can push as much as you want, this is real life.
The is not bug-free software as there is no perfect implementation.
Zentyal is perhaps less perfect than some other products  ;) however, it basically works and is currently used by quite a lot of customers.

I'm not Zentyal staff, neither involved in Zentyal deployment but I react - perhaps strongly, I'm sorry - to your behaviour that is to say:
"this works elsewhere, why can't Zentyal do it too ?"

Again, if your priority is to implement feature currently missing or buggy with Zentyal but working elsewhere, well, this is your business, you can still decide to implement something else.

I will also react to you last comment:
"At least my point is: if the feature doesn't work, do not release it, until work properly..."

I feel this one funny as you are even prone to go for beta, thus not waiting for proper implementation  ;D

For what I understand (I don't use it), Zentyal + Kerberos + Squid works but doesn't work when Zentyal is linked to Windows 2003 server.
What do you suggest (aside obviously solving all current bugs plus all the other that will pop up later  ;) ):
- to remove Kerberos ?
- to remove link to existing Windows domain ?
- to not authorise Kerberos when Windows domain membership is enabled ?
- something else ?

Not so easy isn't it?

Title: Re: Zentyal 3.1
Post by: Gilberto Ferreira on May 25, 2013, 05:12:12 pm
What I can't understand is the fact this feature works well on first Zentyal 3 versions...
But, with no reason do not work more on next releases... That what upset me you see???

Title: Re: Zentyal 3.1
Post by: christian on May 25, 2013, 05:38:48 pm
But, with no reason do not work more on next releases... That what upset me you see???

Which one ?
Title: Re: Zentyal 3.1
Post by: Gilberto Ferreira on May 25, 2013, 05:39:19 pm
see above post =)

When I install first or second version of Zentyal 3, I make SSO works properly... Some month after, the feature do not work anymore...
Title: Re: Zentyal 3.1
Post by: christian on May 25, 2013, 05:42:34 pm
see above post =)

When I install first or second version of Zentyal 3, I make SSO works properly... Some month after, the feature do not work anymore...

Which one ? 3.1 ?
Title: Re: Zentyal 3.1
Post by: Gilberto Ferreira on May 25, 2013, 05:45:55 pm
No... 3.0.X

Some time ago, between 3.0.12 and 3.0.20, that feature do not work anymore...

But whatever... Well... Enough!!! We turn this as a Chat!!! rsrsrs...

Leave Zentyal Team just do the work... I will waiting for some solution and continue work in a workaround...


Thanks a lot...
Title: Re: Zentyal 3.1
Post by: astana on May 30, 2013, 07:38:16 am
No... 3.0.X

Some time ago, between 3.0.12 and 3.0.20, that feature do not work anymore...

But whatever... Well... Enough!!! We turn this as a Chat!!! rsrsrs...

Leave Zentyal Team just do the work... I will waiting for some solution and continue work in a workaround...


Thanks a lot...

I'm kinda with Gilberto on this one. The SSO did work at one time (although I did have some strange issues with it), and then during one update it stopped all authentication.
Now I'm not complaining as such, as I think Zentyal is really well done and offers amazing services at basically zero cost, but the SSO feature with squid is a killer feature.

I'm actually using 3.1 now as I had to rebuild a hardware failed server and found that 3.1 actually performed better and all the features I'm actually using (a small subset of all Zentyal features) work perfectly.

I'm not going to do any upgrades to this server until the stable release is made, but wanted to point out how good the beta already is, at least for the features I'm using.

Mad to run a beta in production? Probably. However it runs flawlessly, has zero apparent problems and allows me to configure my groups as I wanted to from day 1.

Would I advice others to run Beta in their production servers? Nope.

So thanks to the Zentyal Team!
Title: Re: Zentyal 3.1
Post by: christian on May 30, 2013, 08:17:06 am
My own beta shows some problems and I'm surprised your doesn't  ;D well, what has to be clear is that I didn't install 3.1 but migrated 3.0 to 3.1 (both being used as testbed, well rather sandbox to reproduce forum members issues).

e.g. if, as highly expected, you run Zentyal admin on port different from 443, when using some admin features, you're redirected to standard HTTPS. customized port is missing in URL.
Title: Re: Zentyal 3.1
Post by: astana on May 30, 2013, 08:21:49 am
My own beta shows some problems and I'm surprised your doesn't  ;D well, what has to be clear is that I didn't install 3.1 but migrated 3.0 to 3.1 (both being used as testbed, well rather sandbox to reproduce forum members issues).

e.g. if, as highly expected, you run Zentyal admin on port different from 443, when using some admin features, you're redirected to standard HTTPS. customized port is missing in URL.

I did an upgrade 1st, which is when I spotted that SSO proxy was correctly working, but the upgrade did end up with some strangeness. This is when I went for the full install as I was happy to start from scratch.
I'd suggest you do the same as the upgrade path with apt-get didn't seem perfect to me.
I really am running with a stock install using "users and groups","File Sharing","Proxy" and "Web Server" (obviously DNS and Network Configuration as well). No other modules installed and it really does work flawlessly.
Title: Re: Zentyal 3.1
Post by: christian on May 30, 2013, 08:30:32 am
Quote
it really does work flawlessly

including non standard admin port ?
Title: Re: Zentyal 3.1
Post by: astana on May 30, 2013, 08:33:43 am
Quote
it really does work flawlessly

including non standard admin port ?

Only in my case  ;) which was a stock install with no config changes. As I said I wouldn't recommend to all as so many people have so many requirements, but in an install and run configuration it has been very good.
Mileage may vary as they say.
Title: Re: Zentyal 3.1
Post by: Sam Graf on May 30, 2013, 01:47:13 pm
Another problem (historically) is people getting "stuck" in the development version.
Title: Re: Zentyal 3.1
Post by: Gilberto Ferreira on May 30, 2013, 04:12:42 pm
Hi Astana....

SSO works for you on 3.1??

What is your scenario? WIndows 2003? 2008?? What flavor?? R2? Standard? Enterprise??
I try to do work with Windows 2003 Standard R2 32 bits with SP2 but don't work...
Well, in one of my attempt works indeed, but just to be sure, I make a fresh installation and try again but not works anymore...

Now I will try with Windows 2003 Standard (not R2).... Perhaps that is the problem here...

Thanks a lot



No... 3.0.X

Some time ago, between 3.0.12 and 3.0.20, that feature do not work anymore...

But whatever... Well... Enough!!! We turn this as a Chat!!! rsrsrs...

Leave Zentyal Team just do the work... I will waiting for some solution and continue work in a workaround...


Thanks a lot...

I'm kinda with Gilberto on this one. The SSO did work at one time (although I did have some strange issues with it), and then during one update it stopped all authentication.
Now I'm not complaining as such, as I think Zentyal is really well done and offers amazing services at basically zero cost, but the SSO feature with squid is a killer feature.

I'm actually using 3.1 now as I had to rebuild a hardware failed server and found that 3.1 actually performed better and all the features I'm actually using (a small subset of all Zentyal features) work perfectly.

I'm not going to do any upgrades to this server until the stable release is made, but wanted to point out how good the beta already is, at least for the features I'm using.

Mad to run a beta in production? Probably. However it runs flawlessly, has zero apparent problems and allows me to configure my groups as I wanted to from day 1.

Would I advice others to run Beta in their production servers? Nope.

So thanks to the Zentyal Team!
Title: Re: Zentyal 3.1
Post by: astana on May 30, 2013, 04:52:58 pm
The setup is very simple.

It's a zentyal server running the domain and the proxy on a single machine. I downloaded the iso for 3.1.0 (no upgrades applied). Installed the bare minimum for my needs, as detailed in an earlier post. Enabled SSO in the proxy and it works.

I also installed sarg to get reports from the proxy. I can see all users reports as expected.

All our desktops are windows 7. There are around 70 computers and 170 users in the organisation.

No Windows servers involved in the domain or proxy.
Title: Re: Zentyal 3.1
Post by: Gilberto Ferreira on May 30, 2013, 04:56:10 pm
Oh!... This scenario is really perfect....And I make progress with this set too...

But, here, I try to integrate Zentyal server with Windows 2003 server as Additional Controller and works fine... But SSO donĀ“t works...

As I said before, I will try now with Windows Standard no R2...

I will keep update...

Thanks