Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - segelfreak

Pages: 1 2 3 [4] 5 6
46
Code: [Select]
ls -la /var/lib/zentyal/conf/
total 144
drwxr-xr-x  9 ebox adm   4096 Okt  3 20:51 .
drwxr-xr-x 10 ebox ebox  4096 Okt  4 01:16 ..
drwx------  2 ebox adm   4096 Okt  2 22:14 backups
drwxr-xr-x  2 ebox ebox  4096 Feb 18  2016 dhcp
-rw-r--r--  1 ebox adm    371 Okt 21  2015 eboxlog.conf
-rw-r--r--  1 ebox adm     33 Feb  3  2016 ebox.passwd
-rw-------  1 ebox ebox     0 Feb 18  2016 ebox.sid
-rw-------  1 ebox ebox    32 Okt  2 20:53 fetchmail.passwd
-rw-------  1 ebox ebox    32 Okt  2 20:32 fetchmail.passwd~
-rw-r--r--  1 ebox ebox    11 Okt  3 20:51 locale
drwxrwxrwx  2 ebox ebox  4096 Feb 18  2016 logs
-rw-r--r--  1 ebox ebox  3857 Okt  3 20:51 nginx.conf
drwxr-xr-x  2 root root  4096 Mär  1  2016 openchange
-rw-r--r--  1 root root  9527 Feb  3  2016 openssl.cnf
-rw-------  1 ebox root 25726 Okt  3 20:47 redis.conf
-rw-------  1 ebox ebox     8 Feb 18  2016 redis.passwd
drwxr-xr-x  2 ebox ebox  4096 Feb 18  2016 remoteservices
-rw-rw-rw-  1 ebox ebox   146 Okt  3 20:50 samba-antivirus.conf
-r--------  1 ebox ebox   193 Okt  3 20:50 samba.keytab
-r--------  1 root root     8 Mär  3  2016 sa-mysql.passwd
-rw-------  1 ebox ebox     8 Feb 19  2016 sogo_db.passwd
drwx------  2 root root  4096 Okt  3 20:49 ssl
drwxr-xr-x  2 ebox adm   4096 Feb  3  2016 ssl-ca
-rw-r--r--  1 root root   353 Apr 25 12:08 zavsd-log.conf
-rw-------  1 ebox ebox    20 Okt  2 20:53 zentyal-mailfilter-zentyal.passwd
-rw-------  1 ebox ebox    20 Okt  2 20:53 zentyal-mail-zentyal.passwd
-r--------  1 root root     8 Feb 18  2016 zentyal-mysql.passwd
-rw-------  1 ebox ebox    20 Okt  2 20:53 zentyal-openchange-zentyal.passwd
-rw-------  1 ebox ebox    20 Okt  2 20:53 zentyal-radius-zentyal.passwd


47
So,here comes the output from an actual try via radtest:

Code: [Select]
Mon Oct  3 21:16:24 2016 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 39583, id=246, length=80
User-Name = "###username###"
User-Password = "###password###"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
Message-Authenticator = 0xae07c03a0fa5825814f6e4066277a23b
Mon Oct  3 21:29:05 2016 : Info: # Executing section authorize from file /etc/freeradius/sites-enabled/default
Mon Oct  3 21:29:05 2016 : Info: +- entering group authorize {...}
Mon Oct  3 21:29:05 2016 : Info: ++[preprocess] returns ok
Mon Oct  3 21:29:05 2016 : Info: ++[chap] returns noop
Mon Oct  3 21:29:05 2016 : Info: ++[mschap] returns noop
Mon Oct  3 21:29:05 2016 : Info: [eap] No EAP-Message, not doing EAP
Mon Oct  3 21:29:05 2016 : Info: ++[eap] returns noop
Mon Oct  3 21:29:05 2016 : Info: [files] users: Matched entry DEFAULT at line 1
Mon Oct  3 21:29:05 2016 : Info: ++[files] returns ok
Mon Oct  3 21:29:05 2016 : Info: [ldap] performing user authorization for ###username###
Mon Oct  3 21:29:05 2016 : Info: [ldap] expand: %{Stripped-User-Name} ->
Mon Oct  3 21:29:05 2016 : Info: [ldap] ... expanding second conditional
Mon Oct  3 21:29:05 2016 : Info: [ldap] expand: %{User-Name} -> ###username###
Mon Oct  3 21:29:05 2016 : Info: [ldap] expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=###username###)
Mon Oct  3 21:29:05 2016 : Info: [ldap] expand: DC=fritz,DC=box -> DC=fritz,DC=box
Mon Oct  3 21:29:05 2016 : Debug:   [ldap] ldap_get_conn: Checking Id: 0
Mon Oct  3 21:29:05 2016 : Debug:   [ldap] ldap_get_conn: Got Id: 0
Mon Oct  3 21:29:05 2016 : Debug:   [ldap] attempting LDAP reconnection
Mon Oct  3 21:29:05 2016 : Debug:   [ldap] (re)connect to ldap://127.0.0.1, authentication 0
Mon Oct  3 21:29:05 2016 : Debug:   [ldap] bind as CN=zentyal-radius-zentyal,CN=Users,DC=fritz,DC=box/###password### to ldap://127.0.0.1
Mon Oct  3 21:29:05 2016 : Debug:   [ldap] waiting for bind result ...
Mon Oct  3 21:29:05 2016 : Error:   [ldap] LDAP login failed: check identity, password settings in ldap section of radiusd.conf
Mon Oct  3 21:29:05 2016 : Error:   [ldap] (re)connection attempt failed
Mon Oct  3 21:29:05 2016 : Info: [ldap] search failed
Mon Oct  3 21:29:05 2016 : Debug:   [ldap] ldap_release_conn: Release Id: 0
Mon Oct  3 21:29:05 2016 : Info: ++[ldap] returns fail
Mon Oct  3 21:29:05 2016 : Auth: Invalid user: [###username###] (from client 127.0.0.1/32 port 1812)
Mon Oct  3 21:29:05 2016 : Info: Using Post-Auth-Type Reject
Mon Oct  3 21:29:05 2016 : Info: # Executing group from file /etc/freeradius/sites-enabled/default
Mon Oct  3 21:29:05 2016 : Info: +- entering group REJECT {...}
Mon Oct  3 21:29:05 2016 : Info: [attr_filter.access_reject] expand: %{User-Name} -> ###username###
Mon Oct  3 21:29:05 2016 : Debug: attr_filter: Matched entry DEFAULT at line 11
Mon Oct  3 21:29:05 2016 : Info: ++[attr_filter.access_reject] returns updated
Mon Oct  3 21:29:05 2016 : Info: Delaying reject of request 0 for 1 seconds
Mon Oct  3 21:29:05 2016 : Debug: Going to the next request
Mon Oct  3 21:29:05 2016 : Debug: Waking up in 0.9 seconds.
Mon Oct  3 21:29:06 2016 : Info: Sending delayed reject for request 0
Sending Access-Reject of id 246 to 127.0.0.1 port 39583
Mon Oct  3 21:29:06 2016 : Debug: Waking up in 4.9 seconds.
Mon Oct  3 21:29:11 2016 : Info: Cleaning up request 0 ID 246 with timestamp +761
Mon Oct  3 21:29:11 2016 : Info: Ready to process requests.

User Info is also accessible:

Code: [Select]
User info (Level-0):
====================
Name:              zentyal-radius-zentyal
SID:               S-1-5-21-1293354772-482189516-68840057-1231
Uid:               910689487
Gid:               910688769
Gecos:             <null>
Shell:             /bin/sh
Home dir:          /home/local/FRITZ/zentyal-radius-zentyal
Logon restriction: NO

48
Here it goes, Julio.
Only masked the secrets "###secret###
It wouldn't let me post the whole text (20000 chars limit), so here's a link to the file:

https://dl.dropboxusercontent.com/u/1666516/freeradius%20debug.txt

update: this is only the debug output before the actual auth trial

49
Julio,

Hope to get one more hint from you ;-)

Worked all fine for the time being, but for some reason I had to re-install (not only, but also) the radius package and now I seem to be getting no access to the LDAP. (Radius only rejects)

In the freeradius log, I can only find two lines, i.e.

Code: [Select]
Mon Oct  3 20:29:46 2016 : Error:   [ldap] LDAP login failed: check identity, password settings in ldap section of radiusd.conf
Mon Oct  3 20:29:46 2016 : Error:   [ldap] (re)connection attempt failed

I checked the ldap module at freeradius and the credentials are filled in. I also checked the user in the tree, removed it, reconfigured so the user was back in.  Still no good.
I tried a full purge on freeradius, zentyal-radius and the related packages, and reinstalled from the scratch. Nothing helped.

Anything else where I could look into?



50
Same problem for me, still unsolved even after hours of trying.
Let's compare the error messages you produce when initiating a manual replication using the samba-tool!
Downstream works fine here, but upstream fails.
Would love to get this solved, as I really need a 2nd DC with full sync.

51

     1) Edit /usr/share/zentyal/stubs/openchange/sogo.conf.mas
   

I think you mean logo.mas, not logo.conf.mas? The latter does not contain the PREFORK string...

52
I tried this some time ago and as far as I remember, it is a missing entry in the LDAP table! also check that you're using a mobile (roaming) account setting with OS X!

look here: http://www.shabangs.net/zentyal/centralizing-usergroup-management-for-mac-osx-with-zentyal/

53
It shouldn't get copied, but simply is mounted into the local file system. the issue you may have is that you do not unmount after logoff.


So check this out:


Code: [Select]
<pam_mount>

<debug enable="0" />

<volume
fstype="cifs"
server="{server}"
path="%(USER)"
mountpoint="/home/local/{domain}/%(USER)"
user="*"
options="sec=krb5,cruid=%(USERUID),domain={full domain},uid=%(USERUID),gid=%(USERGID),rw"
/>

<umount>umount -l %(MNTPT)</umount>

<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />

<mntoptions require="nosuid,nodev" />

<logout wait="0" hup="0" term="0" kill="0" />

<mkmountpoint enable="1" remove="true" />


</pam_mount>

(replace {server}, {domain} and {full domain} with your individual real entries)

Works for me, however, from time to time, the very first login may fail to mount the home directory. Leaves you with a fresh desktop. Logo and login will then mount correctly. Not sure where this comes from, though.

Maybe also another tip:
If you want to keep the audio working, you also need to set a local variable for each client.
It must be done for each user, so it makes sense to put this as a template to the zentyal/samba server into /etc/skel/.profile
Code: [Select]
# move pulse directory out of home
PULSE_DIR="/tmp/$( whoami )-pulse
mkdir -p $PULSE_DIR && chmod 700 $PULSE_DIR
export PULSE_CONFIG_PATH=$PULSE_DIR
export PULSE_STATE_PATH=$PULSE_DIR
export PULSE_RUNTIME_PATH=$PULSE_DIR

Found this tip somewhere, but sadly do not remember the exact source, so credits go to the unknown hero  8)

When a new user is created, the files in skel are copied to the new profile and when it's mounted by the client, you have full functional pulse audio.


54
German / Re: Kann keinen Email-Client mit Zentyal (OpenChange) verbinden
« on: August 30, 2016, 05:24:23 pm »
Nope, leider nicht. Ich kämpfe auch mit allen anderen "Features". Versuche CALDAV und CARDDAV unter OS X einzubinden, gem. link in den jeweiligen Eigenschaften. Nix geht, ziemlich frustrierend...

https://server-ip:443/SOGo/dav/{username}/Contacts/personal/

Lässt sich zwar einbinden und produziert auch keinen Fehler, jedoch kommen keine Daten rein. Analog dazu der Kalender, nur eben mit "Calendar" statt "Contacts".

55
Hi,

I don't seem to be able to use on OS X. Has anyone managed to get it working? it doesn't produce any error, but just will show no data entries.

any hint welcome :-)

56
und, hat's geklappt?

57
German / Re: Kann keinen Email-Client mit Zentyal (OpenChange) verbinden
« on: August 21, 2016, 11:33:38 am »
Outlook unter Mac habe ich bisher ebenfalls nicht hinbekommen. Hänge mich also dankbar an die Frage an. ::)

58
Found the client config on a USD stick.
So, here's my pam_mount.conf.xml

"FRITZ" should be replaced with your workgroup, i.e. the domain name! Usually, it's kind of a prefix used in the home directory path.
"FRITZ.BOX" should be replaced with your realm, i.e. the complete AD domain

Code: [Select]
<pam_mount>
<debug enable="0" />
<volume
fstype="cifs"
server="zentyal"
path="%(USER)"
mountpoint="/home/local/FRITZ/%(USER)"
user="*"
options="sec=krb5,cruid=%(USERUID),domain=FRITZ.BOX,uid=%(USERUID),gid=%(USERGID),rw"
/>

<umount>umount -l %(MNTPT)</umount>

<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<mntoptions require="nosuid,nodev" />
<logout wait="0" hup="0" term="0" kill="0" />
<mkmountpoint enable="1" remove="true" />


Hope this helps.

59
Hej,

This is just to give a quick feedback on your post. I need a few days to check on the server, but as soon as I get back, I will send you my solution.

Without having the detailed config files in front, I don't see any obvious problem with your configuration.

I have made the same approach and it works... somehow. (using pbis for the AD connection)

What happens here is that the first login does result in the same situation. Auth works, so you can login with your credentials, but the client does not mounting the net home folder. When I logoff and then log back in, it usually works 100%.

So, you may want to try to check this "workaround" and see it you succeed as well?

I haven't understood yet what's causing this, but it's good to know I'm not the only one ;-)

update:Have you checked if you can generally/manually mount the home folder? Pls keep in mind that the zentyal server will not show up in the network automatically. You need to use the "connect to server" command from the menus to make it appear!

update2: This phenomenon appears for me only for the first client login. once this has successfully started (incl. home folders), following clients seem to work fine with the first attempt.

60
3.19.0.61.44 released now. Has anyone had a chance to try, yet?

Pages: 1 2 3 [4] 5 6