Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / Add "unknown-clients deny" to dhcpd.conf
« on: September 27, 2013, 06:19:05 pm »
Hi,
I have clients connecting on two interfaces. One is for staff and the other for students. The staff have less restrictions and more bandwidth, while the students have strict rules and managed bandwidth.
To further secure the staff network, since now and again some one not on the "list" shows up, I have found that adding "unknown-clients deny" to the pool declaration in dhcpd.conf of great help.
The question is how to add this permanently to the configuration. I have added other parameters to the the dhcpd.conf.mas file, but these are global, and the declarations for the different networks is done the the zentyal scripts when you save the configs.
¿Where or how can I add this?
I gather that a "hook script" could be the solution... something along awk-sed way? Looking for the interface name and then the pool declaration?
Any ideas?
I have clients connecting on two interfaces. One is for staff and the other for students. The staff have less restrictions and more bandwidth, while the students have strict rules and managed bandwidth.
To further secure the staff network, since now and again some one not on the "list" shows up, I have found that adding "unknown-clients deny" to the pool declaration in dhcpd.conf of great help.
The question is how to add this permanently to the configuration. I have added other parameters to the the dhcpd.conf.mas file, but these are global, and the declarations for the different networks is done the the zentyal scripts when you save the configs.
¿Where or how can I add this?
I gather that a "hook script" could be the solution... something along awk-sed way? Looking for the interface name and then the pool declaration?
Any ideas?
2
Installation and Upgrades / dhcp range on different subnet OR virtual interface
« on: August 29, 2013, 05:23:14 pm »
Hi:
Im trying to configure a "open" wifi network in a school. As I have read in numerous places, the best practice is to isolate the network and just offer basic connectivity.
I have a AP that can broadcast separate SSIDS, one private and one public. I thought I would create a virtual interface in Zentyal and route all this traffic through there, into the proxy and then out into the internet.
My big hiccup is that there is no strait forward way to use dhcp on a virtual interface in Zentyal (and it seems that in version 2 there was.
)
I tried to directly edit the dhcp.config but didn't succeed in getting a functional connection.
HAs anyone attempted something like this or has setup something similar? Any feedback is most welcome.
Im trying to configure a "open" wifi network in a school. As I have read in numerous places, the best practice is to isolate the network and just offer basic connectivity.
I have a AP that can broadcast separate SSIDS, one private and one public. I thought I would create a virtual interface in Zentyal and route all this traffic through there, into the proxy and then out into the internet.
My big hiccup is that there is no strait forward way to use dhcp on a virtual interface in Zentyal (and it seems that in version 2 there was.
)I tried to directly edit the dhcp.config but didn't succeed in getting a functional connection.
HAs anyone attempted something like this or has setup something similar? Any feedback is most welcome.
3
Installation and Upgrades / !!! Saved configs with error, firewall module!!!!
« on: July 22, 2013, 07:21:52 pm »
Hi:
I run a Zentyal server v.3 and suddenly I'm getting:
I recall a couple of updates recently, I wonder if any of them could be the culprit. (I also had some fat-client trouble that I had to patch, mmm...)
Does anyone know how I can dig deeper into this and fix it?
I run a Zentyal server v.3 and suddenly I'm getting:
Code: [Select]
Error output: iptables v1.4.12: Couldn't load target `iaccept':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
Command output: .
Exit value: 2
2013/07/22 12:59:49 ERROR> Iptables.pm:660 EBox::Iptables::__ANON__ - Error executing firewall rules for module squid
2013/07/22 12:59:49 WARN> GlobalImpl.pm:685 EBox::GlobalImpl::saveAllModules - Changes saved with some warnings:
Firewall failed to add rules for the following modules: squid. Probably this is caused by a lack of connectivity, check your configuration or disable those modules
I recall a couple of updates recently, I wonder if any of them could be the culprit. (I also had some fat-client trouble that I had to patch, mmm...)
Does anyone know how I can dig deeper into this and fix it?
4
Installation and Upgrades / custom LTSP fat client image
« on: June 21, 2013, 05:02:34 am »
Hi:
I currently run a school lab that boot as diskless fat-clients using the ltsp-module. It has worked quite well (except a few hiccups) and I have modified the client image by chroot-ing into the /opt/ltsp/fat-i386 folder. I created a xubuntu-desktop client (since xfce4 it offers great lockdown options to keep students in check!!!).
My question is: I have built custom xfce4 installs in the past, with minimal packages and esential programs, to make the slimest and fastest system possible. How do I convert/create one of these on the server so that I can use as a base for the ltsp clients. I already built most of the install by deboostraping and chrooting, but how do I integrate the ltsp stuff into this. I gather that there is a couple of packages like ltsp-client and ltspfs, but what about he configs.
Then I would run ltsp-update-image (no?) to create the image for booting or can I accomplish this another way also.
At the moment i'm going through the current ltsp folder image looking for the configs that might be necessary.
Anybody have any experience with this?
Cheers.
I currently run a school lab that boot as diskless fat-clients using the ltsp-module. It has worked quite well (except a few hiccups) and I have modified the client image by chroot-ing into the /opt/ltsp/fat-i386 folder. I created a xubuntu-desktop client (since xfce4 it offers great lockdown options to keep students in check!!!).
My question is: I have built custom xfce4 installs in the past, with minimal packages and esential programs, to make the slimest and fastest system possible. How do I convert/create one of these on the server so that I can use as a base for the ltsp clients. I already built most of the install by deboostraping and chrooting, but how do I integrate the ltsp stuff into this. I gather that there is a couple of packages like ltsp-client and ltspfs, but what about he configs.
Then I would run ltsp-update-image (no?) to create the image for booting or can I accomplish this another way also.
At the moment i'm going through the current ltsp folder image looking for the configs that might be necessary.
Anybody have any experience with this?
Cheers.
5
Installation and Upgrades / force windows client hostname?
« on: March 15, 2013, 05:33:22 pm »
hi:
I've setup a zentyal 3.0 server as a router/dhcp/dns/proxy/firewall for a lab in a school. All is quite good and mostly without trouble. Now I'm trying to iron out the kinks and maybe squeeze some extra performance out.
I have setup my own internal private domain (with predefined hostnames from a list of MACs) and in most cases the server gives out and ip and sets the corresponding hostname on the machine and updates the dns records accordingly... but I have one stubborn client, running windows, that does not cooperate.
My only clue is that the owner, when they setup the machine (ie: installed windows) set the name (and network name I guess) with a dot in it, like "my.computer".
Will this "confuse" the dhcp and dns server into believing that the machine actually belongs to the ".computer" domain?
Is there a way to "force" a windows (or any other machine) to take on the hostname that I have set for them?
Cheers
I've setup a zentyal 3.0 server as a router/dhcp/dns/proxy/firewall for a lab in a school. All is quite good and mostly without trouble. Now I'm trying to iron out the kinks and maybe squeeze some extra performance out.
I have setup my own internal private domain (with predefined hostnames from a list of MACs) and in most cases the server gives out and ip and sets the corresponding hostname on the machine and updates the dns records accordingly... but I have one stubborn client, running windows, that does not cooperate.
My only clue is that the owner, when they setup the machine (ie: installed windows) set the name (and network name I guess) with a dot in it, like "my.computer".
Will this "confuse" the dhcp and dns server into believing that the machine actually belongs to the ".computer" domain?
Is there a way to "force" a windows (or any other machine) to take on the hostname that I have set for them?
Cheers
6
Installation and Upgrades / Fat-Clients work, but don't mount "real" home dir and don't save files
« on: February 28, 2013, 02:46:51 am »
Hi:
Im running Zentyal 3.0 and have installed the Thin-Client module to run a lab of fat-clients (ha!).
After some problems getting the image built and clients booting properly, I now find that although users accounts seem to be working ok, their home directories seem to be "volatile". What I mean is that, as far as I understood, thin/fat clients get to use their home dirs that are on the server by means on ssh and sshfs (sftp). To test this I logged in with a regular user, saved a file, logged out and then back in... no file!
I have checked the logs an the server and their is a request for sftp subsystem, etc, but no apparent errors. I have searched far and wide, to no avail.
I was trying to avoid NFS mounts, since I don't need them, but If i can't figure this problem out I will have to try it.
Anyone have any pointers to track down the trouble?
Im running Zentyal 3.0 and have installed the Thin-Client module to run a lab of fat-clients (ha!).
After some problems getting the image built and clients booting properly, I now find that although users accounts seem to be working ok, their home directories seem to be "volatile". What I mean is that, as far as I understood, thin/fat clients get to use their home dirs that are on the server by means on ssh and sshfs (sftp). To test this I logged in with a regular user, saved a file, logged out and then back in... no file!
I have checked the logs an the server and their is a request for sftp subsystem, etc, but no apparent errors. I have searched far and wide, to no avail.
I was trying to avoid NFS mounts, since I don't need them, but If i can't figure this problem out I will have to try it.
Anyone have any pointers to track down the trouble?
7
Installation and Upgrades / new squid setup (squid.conf and squid-external.conf)?
« on: October 30, 2012, 04:38:34 pm »
Hi:
On a related post, i'm trying to do an particular squid-proxy setup.
Having edited the .conf files before, I have stumbled upon an, apparently, new squid setup. There is an squid.conf file AND a squid-external.conf file. Not only are they not the same, they are not even similar. There seems to be an "internal proxy" on port 3128 and an "external proxy" on port 3129. The internal one refers to the external one as a peer...
anyone know anything about this? why is it like this know? where can I find out more about this particular config?
Cheers
On a related post, i'm trying to do an particular squid-proxy setup.
Having edited the .conf files before, I have stumbled upon an, apparently, new squid setup. There is an squid.conf file AND a squid-external.conf file. Not only are they not the same, they are not even similar. There seems to be an "internal proxy" on port 3128 and an "external proxy" on port 3129. The internal one refers to the external one as a peer...
anyone know anything about this? why is it like this know? where can I find out more about this particular config?
Cheers
8
Installation and Upgrades / allow squid on external interface
« on: October 29, 2012, 05:54:22 pm »
Hi:
In my network setup I have a few computers on the external interface of my zentyal box. My server is the router/proxy/services gateway of a small lab, but I would like to use the proxy from "the other side".
I thought that instead of making squid listen on the wan side, I would make a "hole" in the firewall on the wan side and allow the traffic from a set of specific machines (ip and mac) to redirect to the proxy on the lan side.
I did all this, configured the clients to specifically connect to the proxy (as in proxy settings), but squid does no allow them to connect.
I set up the firewall rule, setup a service in zentyal for the port and created a access rule in squid for the machines. Still, it allows them to connect "to" squid, but not "through" squid.
Anyone with any experience with this kind of setup? or the same idea but with another technique?
In my network setup I have a few computers on the external interface of my zentyal box. My server is the router/proxy/services gateway of a small lab, but I would like to use the proxy from "the other side".
I thought that instead of making squid listen on the wan side, I would make a "hole" in the firewall on the wan side and allow the traffic from a set of specific machines (ip and mac) to redirect to the proxy on the lan side.
I did all this, configured the clients to specifically connect to the proxy (as in proxy settings), but squid does no allow them to connect.
I set up the firewall rule, setup a service in zentyal for the port and created a access rule in squid for the machines. Still, it allows them to connect "to" squid, but not "through" squid.
Anyone with any experience with this kind of setup? or the same idea but with another technique?
9
Installation and Upgrades / ldap, nfs4 shares and permissions
« on: March 20, 2012, 04:07:22 pm »
hi...
I have set up my Zentyal box to share home folders (for "fat clients"). I have also setup some users/groups in the LDAP module. I've got the clients authenticating with the server thru LDAP and their home folders mounting as expected (I'm not mounting per user, I just mount /home).
All ok up to here.
Since this setup is for use in a school, I need some permissions on the home folders so as to permit-deny "looking" into others home folders.
I know you can set this through chown and chmod, but... When I check the folders permissions they ALL belong to the "__USERS__" group!!! I understand that this is because they are LDAP users, but this is no good for me. I need to be able to control who sees what.
Apparently Zentyal manages LDPA users and regular users (system users) separately, so im kind of stuck at the moment. I tried looking for a tool that will let me modify the LDAP directory (ldapmodify?) but I'm not aware of how to use it yet.
I't could also be that I'm using nfs4 without kerberos. I have been reading that nfs4 does not play well with ldap. Should I revert to nfs3? Should I dump LDAP and go with NIS instead? It does not seem very difficult to set up and would guarantee right permission on the clients as well as fitting in nicely with standard permission tools.
Does anyone know of a fix/workaround/alternative? Is anyone on this same setup?
EDIT: I forgot to mention, the folders permissions belong to the "__USERS__" group on the server, not just when they show up on the clients.
I have set up my Zentyal box to share home folders (for "fat clients"). I have also setup some users/groups in the LDAP module. I've got the clients authenticating with the server thru LDAP and their home folders mounting as expected (I'm not mounting per user, I just mount /home).
All ok up to here.
Since this setup is for use in a school, I need some permissions on the home folders so as to permit-deny "looking" into others home folders.
I know you can set this through chown and chmod, but... When I check the folders permissions they ALL belong to the "__USERS__" group!!! I understand that this is because they are LDAP users, but this is no good for me. I need to be able to control who sees what.
Apparently Zentyal manages LDPA users and regular users (system users) separately, so im kind of stuck at the moment. I tried looking for a tool that will let me modify the LDAP directory (ldapmodify?) but I'm not aware of how to use it yet.
I't could also be that I'm using nfs4 without kerberos. I have been reading that nfs4 does not play well with ldap. Should I revert to nfs3? Should I dump LDAP and go with NIS instead? It does not seem very difficult to set up and would guarantee right permission on the clients as well as fitting in nicely with standard permission tools.
Does anyone know of a fix/workaround/alternative? Is anyone on this same setup?
EDIT: I forgot to mention, the folders permissions belong to the "__USERS__" group on the server, not just when they show up on the clients.
10
Installation and Upgrades / network objects, static dhcp and reverse dns
« on: March 20, 2012, 01:54:46 pm »
Hi...
My Zentyal is set up with a network objects list for a computer lab. I have assigned static dhcp leases for those machines using the network object list.
At one point I also set their dns records for the local domain in the dns module.
Is this necessary though? I will try to erase the dns records and see what happens, since I gather that dhcp updates the dns record automatically.
Did I double up on my dns records? If this is so, then I gather that the dns reverse records for a domain will apply exclusively to fixed addresses only?
My Zentyal is set up with a network objects list for a computer lab. I have assigned static dhcp leases for those machines using the network object list.
At one point I also set their dns records for the local domain in the dns module.
Is this necessary though? I will try to erase the dns records and see what happens, since I gather that dhcp updates the dns record automatically.
Did I double up on my dns records? If this is so, then I gather that the dns reverse records for a domain will apply exclusively to fixed addresses only?
11
Installation and Upgrades / Enable extra monitoring plugins in collectd?
« on: March 06, 2012, 05:52:31 pm »
I'm trying to enable extra monitoring graphs in Maintenance/Monitoring (Zentyal 2.2 - ComunityEd.).
I have read that other people have a CPU Temperature graph and also a disk space graph (i've seen it in the documentation also)
So I have tried to get the above to work without success. I also have tried to enable the monitoring of hard disk temperatures since I have a raid setup (with hddtemp running as daemon on localhost).
I have edited /etc/collectd/collectd.conf and the master file in the /usr/share/zentyal/stubs/monitor/collectd.conf.mas file.
As with many other procesess on Linux y restarted the Monitoring module so that changes would take effect, I even restarted the server, all to no avail. The daemon ans syslogs don't seem to show any clues.
Has anyone been able to get this to work? Does anyone know why it wont work?
BTW: Can we make the graphs bigger?
Thanks
I have read that other people have a CPU Temperature graph and also a disk space graph (i've seen it in the documentation also)
So I have tried to get the above to work without success. I also have tried to enable the monitoring of hard disk temperatures since I have a raid setup (with hddtemp running as daemon on localhost).
I have edited /etc/collectd/collectd.conf and the master file in the /usr/share/zentyal/stubs/monitor/collectd.conf.mas file.
As with many other procesess on Linux y restarted the Monitoring module so that changes would take effect, I even restarted the server, all to no avail. The daemon ans syslogs don't seem to show any clues.
Has anyone been able to get this to work? Does anyone know why it wont work?
BTW: Can we make the graphs bigger?
Thanks
Pages: [1]