Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - zippydan

Pages: [1] 2 3 ... 6
1
I've got an old install of Zentyal 4.0 that is taking up 800gb of space (I have no idea).

I want to trash the whole install, but I want to extract and backup the mail there just in case we need it some day.  I don't need to actually sort it or restore it: I just want to tar it up and keep it somewhere.  What I don't want to do is keep burning 800gb of storage on whatever the hell Zentyal decided to use 800gb for.

Anyway, I check the sticky at the top of the page and that didn't help at all.  I think I was using OpenChange in 4.0, but I'm not really sure as it has been a while now.

Where can I find the email and how can I easily back it up?

2
I had a Zentyal 3.5 install that was working relatively well until a power outtage that outlasted our UPS batteries.  Since then, it has been haywire.

Symptoms:

1. When connecting via SSH, I sometimes get a warning that the RSA key has changed and there may be a man-in-the-middle attack.  But after several connect attempts, it will eventually connect without any warning (as if the RSA key has reverted).  I am connecting on the LAN using the LAN IP, so I don't see how there could be a man-in-the-middle attack.

2. Sometimes my users simply can't login to their workstations using their domain credentials.  It says invalid password.  After several attempts, it will finally allow them to login.  Sometimes, restarting samba or restarting Zentyal will fix this problem temporarily.

3. I believe this is related to the same authentication problem: I have an openfire (jabber) server that authenticates using the Zentyal samba.  Usually, their jabber clients are telling them that the login information is incorrect, but after several attempts, it will allow them to login.  Sometimes, restart samba or restarting Zentyal will fix this problem.

4. E-mail simply stops working.  I can still connect to the webmail page for instance, but no emails are received and no emails go out.  (Using openchange)

5. Since updating to Zentyal 4.0, the admin page at port 8443 simply gives me "Internal Server Error"

I tried updating my 3.5 install to Zentyal 4.0, but the problems persist.

I also tried migrating the samba folder to a new Zentyal install, but that doesn't seem to be working very well for me either.

Is there a procedure for doing a repair installation over an existing installation in such a way that the domain/user/email data is retained?

3
the source is z3.5 upgraded to z4.0

the destination will be a fresh z4.0

what path should i use for the upgrade?  on my z4.0(upgraded from z3.5) server, /opt/samba4/private/ does not exist, and neither does /var/lib/private/

edit: ok, it looks like it is /var/lib/samba/private/

4
I don't see a /var/lib/private

Do you mean /var/lib/zentyal

?

5
My Zentyal 3.5 install went haywire for no reason.  Email goes up and down.  Also, I have an external chat server and storage server that authenticate with the domain, and they randomly don't work anywhere.  Sometimes, restarting samba fixes this; sometimes not.

I also noticed when connecting with ftp that the RSA key randomly changes from the old one, to a new one.  I am connecting locally via a LAN and local IP, so I'm sure no one is spoofing the server.

All of this means that our network has been pretty unusable.  I tried updating to Zentyal 4.0 and that just seemed to make everything worse.  It seems fairly obscure to troubleshoot, so for the moment I'm planning to migrate everything to a fresh install.

It seems that migrating the samba/ADC part should be as easy as setting up a new Zentyal, syncing as an ADC, and then promoting the ADC to PDC.

1. How do you promote a Zentyal 4.0 ADC to PDC?

Second, I need to recreate all the openchange emails (holy pain).  2. Is there a way to migrate all the email addresses?

3. Is there a way to migrate all the email mailboxes? (folders and content)

6
Installation and Upgrades / Re: Mac and Outlook 2011
« on: January 07, 2015, 01:26:40 pm »
I am having problems getting Outlook 2011 on Mac Computer to Send through Openchange
It receives no problem. but when I try to send it gives the error 17897
Authentication failed because outlook doesn't support any of the available authentication methods.

Going through the forum and other web searches I think it is a certificate issue ...
But have not come across anything explaining how to export the certificate other than the web admin interface
and when I try to import the p12 cert it asks for a password.. so just pressing OK does not work.

Can someone please help me or point me in the direction in what to do.
I am using Community server 3.4.3 and everything is updated

Thanks

I have this same problem.  Mac OS X Yosemite with Office 2011.  Outlook receives fine but cannot send saying that no authentication methods are supported.  I copied my settings exactly from Office 2010 in Windows which works perfectly.

7
If anyone is interested I have a solution

Who the hell does this?  Post the solution, sigh

I have the same problem

8
The biggest difference in your situation is that MS charges _license fees_ and Zentyal charges a _support fee_ Those are very different things and can't really be compared with eachother. After you have payed MS the license fee, and you consider the same support from MS as Zentyal is giving through the commercial support programm, you will be set back a lot more than $5600,- a year for the same environment.

Yes, I agree with what you are saying and I had already realized that before I posted, but I forgot to address it in my post.  Here is what I meant to say on that topic:

With Zentyal, I feel like I need support to get it working acceptably in a production environment.  This comes from the fact that, as I said above, Zentyal still has a lot of problems.

On the other hand I have a lot of experience with Windows NT 3.51, 4.0, Server 2003 and Server 2008.  The truth is that Windows Server is such a refined product at this point, that it simply works.  Except for some very rare extreme use cases that generally only affect giant corporations, you don't really need support.  Microsoft is pretty good about releasing regular patches and updates (that don't break your installations, unlike Zentyal), and for those rare times where something doesn't work right, the web is simply overflowing with forums and message boards where you can either find answers or find people willing to help.

In contrast, I've posted many times here in the Zentyal forums, and I have seen many other people post, without ever getting a satisfactory response to the cause of their problem.

On the flip side if you want to get away from the MS platform Zentyal would be a strong leader here and your money would help go to mature this product. I'd put two rough cost/benefit cases together and see which one easily tips the scale for you and your company.

I do want to get away from MS, but in order for Zentyal to be a viable alternative it either needs to:

1. Provide equal or better features (not happening any time soon)
2. Provide a lower total cost of ownership

It seems to me that #2 is the only place they could compete at this point in the development process, but I don't see the numbers working out that way.

9
Let's start with these basic facts:

1. I love Zentyal.

2. It still has a lot of problems. Therefore, it is nowhere near as polished, reliable, or featured as a pure Microsoft solution.

I have been using Zentyal Community edition for a while now, and I liked it enough, but also had enough problems, that I thought about paying for the supported version of Zentyal to help me iron out the wrinkles.

When I contacted Sales and requested a quote, I was given a price of about 4500 Euro or $5,600 USD PER YEAR.

This price seems excessive to me, for what you get.  What exactly is this a quote for?

Zentyal Premium (for 75+ Users) with 4 "satellite" nodes.

One of my problems here is that I don't actually have 75+ Users, at least not in the sense which I think of it, which is that a "User" is a real person.  Due to limitations in the email system, I DO have almost 100 defined user names in Zentyal (and will probably have more soon).  But I only have about 50 real human users.  The rest are departments.

For example, I have a user John.Doe@domain.com and Sally.Smith@domain.com.  But both of these people work in the accounting department and I want then to be able to send and receive email from a shared account called Accounting@domain.com.  In Zentyal, I have to create a new, separate user for that.  And that inflates my user count and means I have to pay for Zentyal Premium (75+ users) instead of the cheaper Zentyal Professional (less than 75 users).

Microsoft on the other hand, has the perfect solution for this, shared mailboxes: http://technet.microsoft.com/en-us/library/jj150498%28v=exchg.150%29.aspx  And shared mailboxes DO NOT require a separate CAL.

I basically have the following in terms of locations and users:

Office1: 10 users 
Office2: 15 users
Office3: 15 users
Office4: 5 users
Office5: 5 users

So from there come my totals: 5 offices (1 main and 4 branches), 50 real human users, and 100 "users" counting departmental or similar emails.

Now, looking at a Microsoft solution, I would be paying (approximately):

5 copies of Windows Server 2012 Standard = $700 x 5 = $3,500 USD
50 Windows Server 2012 User CALs = $1,500

1 copy of of Exchange Server 2013 Standard = $1000
50 Exchange Server User CALs = $2,000

Total Cost: $8,000

So, since Microsoft licenses per actual human, and Zentyal licenses per username in the server, we are talking $8,000 one time payment and I own the software for life, or $5,600 PER YEAR and I have to keep paying for life. 

I mean, if I wanted to, Microsoft even offers hosted Exchange 2013 from their own servers for $4/user/month, which for 50 users would come out to $2,400/year, which would be cheaper and better than Zentyal's offering.

As much as I hate to give Microsoft more money, I'm really struggling to see the value of Zentyal's offering over a pure Microsoft offering.

10
OK, replication is DEFINITELY only working from PDC -> ADC and is NOT working from ADC -> PDC

I added a user on the ADC and left it there all night long.  This morning, the PDC still had not received the new user.  Then, again this morning, I added a user on the PDC and it showed up on the ADC in less than an hour.

This seems to contradict the line in the documentation: (https://wiki.zentyal.org/wiki/En/3.5/Users,_Computers_and_File_Sharing#Joining_Zentyal_server_to_an_existing_domain)

"From now on, DNS, LDAP and Kerberos information will be synchronized both ways." (Italics/bold mine)

So let's assume that this is a "bug" in version 3.5 of Zentyal.  What is the command that I have to issue from the PDC to synchronize with the ADC?  Would it be the same just issued from the PDC?

Code: [Select]
sudo net rpc share migrate files sysvol -k --destination=ADCserverName.companyname.local -S PDCserverName.companyname.local --acls -U "companyname\\AdminAccountName"
Or do I need to reverse the --destination and -S?

Code: [Select]
sudo net rpc share migrate files sysvol -k --destination=PDCserverName.companyname.local -S ADCserverName.companyname.local --acls -U "companyname\\AdminAccountName"
Or is it a different set of options considering it is coming from the PDC?  From my understanding of modern AD, the concepts of PDC and ADC are not really valid as both DCs are considered equal.  So would it be the same command with --destination and -S reversed?

What about the AdminAccountName?  I guess it doesn't matter so much if the Domain Admin account exists on both DCs...

11
I have a PDC and an ADC

Under DNS -> Domain (my local domain) -> Nameservers, I have a new entry, only on my PDC, that is called

hstn4

This doesn't exist on my ADC.  On the other hand, only my PDC is running Openchange so maybe it has something to do with that.

12
hi

ok you useless bums... you win... I fixed my own problem.  I had a few issues:

1. In my ADC webconfig, somewhere along the line the FQDN of my PDC got changed from "servername.companyname.local" to just "servername" - fixed
2. I had tested one change and then undid it and forgot about that: on both the ADC and PDC, both DC must have both DC defined in DNS under the information for companyname.local.  You should have the IP's for both ADC and PDC under "domain IPs", you should have the hostnames (and their IPs AGAIN) for both ADC and PDC under "domain hostnames", and you should have the hostnames for both ADC and PDC under "domain nameservers".  Again to be repetitively clear, these definitions must exist on both PDC and ADC. - fixed
3. Once both of those are corrected, you can then manually test a replication from the command line.  FROM THE ADC, run the following line:

Code: [Select]
sudo net rpc share migrate files sysvol -k --destination=ADCserverName.companyname.local -S PDCserverName.companyname.local --acls -U "companyname\\AdminAccountName"
where

ADCserverName.companyname.local = the FQDN of your ADC server
PDCserverName.companyname.local = the FQDN of your PDC server
companyname\\DomainAdminAccountName = the NETBIOS name of your domain \\ the name of an account with Domain Admin privileges on the PDC server

If everything is working right, it should prompt you to enter the password for your DomainAdminAccountName.  Hit enter and then after a few minutes it should successfully sync and you should see any changes on your ADC.

Source of learnings:
https://forum.zentyal.org/index.php?topic=21538.0
https://forum.zentyal.org/index.php/topic,18787.msg89858.html#msg89858
https://github.com/Zentyal/zentyal/blob/3.5/main/samba/src/EBox/Samba/SysvolSync.pm
https://tracker.zentyal.org/issues/871
https://wiki.zentyal.org/wiki/En/3.5/Users,_Computers_and_File_Sharing#Joining_Zentyal_server_to_an_existing_domain

I STILL don't know when and how often the servers replicate.
I also don't know if ADC -> PDC replication is working...

13
It seems my ADC successfully replicated on the first join, and maybe once after that, but it seems my PDC and ADC are not replicating with each at all anymore.

How can I check the status of replication?
How can I check to see if the DCs are communicating correctly?
How can I force a replication NOW?

14
Installation and Upgrades / Re: openfire AD integration with Zentyal
« on: September 20, 2014, 08:32:16 pm »
Absolutely perfect!  I love you!

nmap showed everything was fine with the ports.  This was the key I needed:

You can check this with ldbsearch  -H /var/lib/samba/private/sam.ldb and looking for your user name

Turns out the administrator I created for openfire was actually listed like this:

DC=Chat Server,OU=Servers,DC=local,DC=mydomainname,DC=com

Everything is working great now!  Wish I could buy you a beer!

15
Installation and Upgrades / Re: openfire AD integration with Zentyal
« on: September 20, 2014, 05:12:12 pm »
Someone please tell me which logs I need to check for AD authentication attempts!

Pages: [1] 2 3 ... 6