Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - turalyon

Pages: [1] 2 3 ... 10
1
Installation and Upgrades / Re: Update issue from 6.2.9 to 7.0
« on: January 23, 2023, 12:08:01 pm »
I can confirm that I get 'STOPPED' as the status although the Webadmin module is up and running. It looks like a non-reported bug.

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

2
If those Kerberos security updates are available in the official Ubuntu repository, they should be installed on your Zentyal server if it is up-to-date.

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

3
Hi,

The only thing that came to my mind at this moment is:

When someone gets the DNS/DC issue, make a DNS query to identify what DNS server and the domain controller are using. And in case it is using Zentyal, then, analyze the following log files:

* /var/log/zentyal/zentyal.log
* /var/log/syslog
* /var/log/samba/samba.log

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

4
Directory and Authentication / Re: zentyal no longer seeing KDC servers
« on: January 09, 2023, 01:06:22 pm »
Hi,

According to your output, there are a few things to analyze:

1. It is not recommended to set the IP address of any hostname rather than the '127.0.0.1' and '127.0.1.1' in the configuration file '/etc/hosts'. The three records you have must be set up in the DNS module.

Code: [Select]
192.168.100.2   hangarserver.js.local hangarserver
192.168.0.1     server.js.local server
192.168.0.247   server1.js.local        server1

2. Your Zentyal server has 250 packages to update. This shouldn't cause the issue, but I think it is interesting to mention.

Code: [Select]
250 updates can be applied immediately.
221 of these updates are standard security updates

3. The internal database of Samba has 51 errors, this could be the cause of the replication issue.

Code: [Select]
Checked 7581 objects (51 errors)

The fix for the third point is explained here: https://wiki.samba.org/index.php/Dbcheck

Related to the IP change a long time back, this can also be the issue, check the following:

1. Domain controller is listening to the new IP address.

Code: [Select]
sudo ss -tunpl | grep :389

2. The DNS entries were correctly updated, here you have another link: https://wiki.samba.org/index.php/DNS_Administration#Listing_zone_records

Code: [Select]
## An example
samba-tool dns query 127.0.0.1 js.local @ ALL -U administrator

Finally, did you check the log files: '/var/log/zentyal/zentyal.log' and '/var/log/syslog'? And also, did you check what errors you get related to the replication as this link explains: https://wiki.samba.org/index.php/Verifying_the_Directory_Replication_Statuses ?

NOTE: What operating system uses the other domain controller?
--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

5
Email and Groupware / Re: Disable Sharing/delegation on SOGO mail?
« on: January 03, 2023, 11:52:15 am »
Hi,

You can take a look at the Sogo configuration in the user's profile or at the Sogo documentation.

* https://www.sogo.nu/files/docs/SOGoInstallationGuide.html

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

6
Hi,

Quote
When you say "you just need to update your system packages" do you mean from the Zentyal Software Management\System Updates page within Zentyal, or are we talking about from the OS level?

Zentyal manages the OS updates through the tab you mentioned (Zentyal Software Management\System Updates) and that is what he means. You can check if Samba is updated with the fix by running the following command:

Code: [Select]
sudo dpkg -l | grep samba

NOTE: You should get the following version: 2:4.13.17~dfsg-0ubuntu1.20.04.2

Regarding the behaviors you got, a few things came to my mind that may be useful:

1. Did you monitor your Zentyal resources like CPU, RAM, SWAP, and especially, network in/out?
2. When any client report an error, did you check the server log files?

* /var/log/zentyal/zentyal.log
* /var/log/syslog
* /var/log/samba/samba.log

3. Did you check the status of the main services?

Code: [Select]
sudo systemctl status samba-ad-dc bind9

4. According to your answer, you have two domain controllers, did you check what DNS server is answered when the client has an issue?

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

7
Great, the mail module is running, so users should be able to use a mail client like Thunderbird.

Regarding Sogo, things that you can check:

1. Ensure that the mailbox of the user exists in '/var/vmail/mynaturesdelight.com' and that the permissions are right (ebox:ebox , 0700).
Code: [Select]
drwx------ 3 ebox ebox 4096 nov 14 11:15 /var/vmail/somedomain.com/maria/

2. The port '143/tcp' is listening in '127.0.0.1' or 0.0.0.0.
Code: [Select]
sudo ss -tunpl | grep ':143'

3. Disable the Webadmin module, saving changes. Enable and save changes again.

4. Analysis of the configuration located at '/etc/sogo/sogo.conf', especially the section 'LDAP authentication. Basically, you must ensure that the values of the parameters: 'bindDN' and 'bindPassword' are correct. The password can be found in '/var/lib/zentyal/conf/zentyal-mail-_your_hostname.passwd' and the user: 'samba-tool group listmembers 'Domain Admins' and 'ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName='zentyal-mail-_your_hostname'.

Hope it helps you.

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

8
That would be a valid point but I do have it setup :

https://prnt.sc/UFq9dJpSz-io

A few things come to my mind that may help:

1. Is the domain 'mynaturesdelight.com' configured in the Domain Controller and DNS modules?
2. Try to disable the mail module, save changes, and enable it again and save changes.
3. With the mail module enabled, check the status of the services.

Code: [Select]
sudo zs mail status
sudo systemctl status postfix dovecot

4. Try to restart the Webmail module (Sogo):

Code: [Select]
sudo zs sogo restart

5. Ensure the virtual mail domain exists in the filesystem:

Code: [Select]
sudo ls -laR /var/vmail/

6. Use a private window in the browser.

7. Finally, analyze the log files:

* /var/log/zentyal/zentyal.log
* /var/log/syslog
* /var/log/mail.err
* /var/log/sogo/sogo.log

Hope it helps you to find out where is the issue.

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

9
Spanish / Re: Actualizacion a Ubuntu 20
« on: November 30, 2022, 10:16:36 am »
Holap,

Las actualizaciones de versiones han de ser realizaras desde Zentyal, de lo contrario el servidor quedará inestable y será necesario realizar un rollback.

Si estás usando Zentyal 6.2 (Ubuntu 18.04), puedes actualizar a Zentyal 7.0 (Ubuntu 20.04) sin problemas siguiendo la siguiente guía. En caso de que te refieres actualizar a Ubuntu 22.04, todavía no es posible.

* https://doc.zentyal.org/es/upgrade.html

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

10
Hi,

Apparently, you did not configure a virtual mail domain in 'Mail -> Virtual Domains' as the following link explains.

  * https://doc.zentyal.org/en/mail.html#creation-of-email-accounts-through-virtual-domains

As soon as you create the virtual mail domain (the mail module must be enabled) you will be able to create the email address in the domain user as the above link explains.

When the mail module is enabled, the virtual mail domain is created as well as the email in the domain user, you will be able to login in Sogo and see the user's mailbox.

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

11
Hi,

If you are not using the DNS module, then you need to set your network configuration from the following tabs:

* Network -> Interfaces
* Network -> Gateways
* Network -> DNS

As soon as you enable the network module and save changes, Zentyal should configure your server's network. In case of an issue, as always, you will need to analyze the log files:

* /var/log/zentyal/zentyal.log
* /var/log/syslog

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

12
Installation and Upgrades / Re: Fresh Install - Certificate Problem
« on: November 29, 2022, 11:32:19 am »
It looks like Zentyal interpreted the hostname and domain that your server had incorrectly.

I don't think you will have more issues with this again in that machine at least.

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

13
Installation and Upgrades / Re: Fresh Install - Certificate Problem
« on: November 28, 2022, 03:34:35 pm »
Hi,

It seems that your domain name is too long:

Code: [Select]
asn1 encoding routines:ASN1_mbstring_ncopy:string too long

How many characters it has? Can you tell me an example? Apparently, this behavior is not considered by Zentyal.

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

14
Installation and Upgrades / Re: Fresh Install - Certificate Problem
« on: November 28, 2022, 11:01:22 am »
It is a strange behavior, the other day I tested the script for an internal test and everything worked correctly. Did you check if you have some broken package or any error in the log file '/var/log/zentyal/zentyal.log'?

As you said, you can create a self-certificate file and set the right permissions so you can use the Zentyal GUI.

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

15
Hi everyone,

so I had (needed) to install another Zentyal 7 from scratch. Started with installing Ubuntu 20.04 Server and then followed the .sh script from zentyal.com.

All was well to where the script attempts to install suricata repo. This has already been reported number of times, where the repo can't be added by the script due to incorrect/lack of signature.

My question here is, could we change the script to include suricata PPA installation as per:
https://suricata.readthedocs.io/en/latest/install.html#ubuntu

After the cli installation finished I wen't to the admin page and continued with the configuration.

Installer hang on 53% with "saving network module" but because I've seen it previously I just let it run (long enough to finish a cup of tea). Then pointed the browser to the new IP and I was "again" welcomed with Configuration Wizard. I skipped it completely and when the website reloaded all was working fine.

This is a VM hosted on proxmox so the IP change during installation isn't much of a problem, plus I already knew this will happen.
I've managed to connect this server as an additional domain controller. All went smooth, with AD syncing without any problems.

Second question in this place relates to DNS... I see no DNS sync between dc01 and the new machine. Does this mean I have to manually copy DNS entries if I want some resilience or is there a way to make it automatic?

Cheerio!

Hi,

You should create an issue or Pull Request in Github with the Suricata issue or improvement (the PPA you mentioned).

Regarding the DNS sync between domain controllers, Zentyal updates the zone using the 'samba_dnsupdate' command, so, if the replication between domain controllers is working correctly, any DNS record added by one of the two DCs, should be synced to the other.

* https://wiki.samba.org/index.php/Verifying_the_Directory_Replication_Statuses

Also, keep in mind that Zentyal only displays in the GUI the DNS records created by hand in the GUI itself, the rest of the records must be queried using the CLI.

* https://wiki.samba.org/index.php/DNS_Administration#Listing_zone_records

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

Pages: [1] 2 3 ... 10