Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
31
Installation and Upgrades / Re: question about Zentyal replication and AD authentication
« on: September 13, 2014, 10:02:55 pm »
Update 2: NAS2 is now successfully connected to ZenServ2. I made several changes at once, so I'm not sure which one fixed the problem. I will go over them one by one in the hopes that it might help someone in the future:
1. My realm is something like local.domainname.com. I actually own domanname.com on the interwebs, and I had forgotten that for that host's DNS records I had defined local.domainname.com with another IP (an A Record). I'm not sure if that would make any difference as I was telling NAS2 to use ZenServ2 as its DNS server, and I would assume that ZenServ2's DNS would override any external DNS. Anyway, I deleted the A Record on my internet name server.
2. On both ZenServ1 and ZenServ2 I defined the OTHER Domain Controller under the webadmin -> DNS -> Domains. That includes adding the IP of the OTHER server, adding the Hostname of the OTHER server (and then the IP again), and finally adding the OTHER server again under Name Servers. I can't find the page on the Internet anymore, but I did this because I remember following a guide for setting up two Zentyal Servers as PDC and ADC back in the 3.0 days and it instructed me to do this. Once again, I'm not sure if this is necessary, pointless, or harmful in 3.5.
3. On my Gateway Servers, which we can call Gate1 and Gate2 for Network1 and Network2 respectively, and which were formerly my primary DNS servers as well, I made sure to define local.domainname.com as the IP for ZenServ1 (on Gate1) and ZenServ2 (on Gate2). Again, I'm not sure why this would make a difference since I was telling NAS2 to use ZenServ2 as its DNS server; however, Gate2 had been its DNS server before.
4. I also rebooted NAS2 after making all changes. Even after rebooting, it still wouldn't work (a new error now: told me "Windows Domain cannot be found"). I had to load the Directory Service tab, then change to another tab, and then go back to the Directory Service tab again before it worked. I actually just finished making a change to both ZenServ1 and ZenServ2 and it looks like NAS2 lost its connection to the domain. I actually had to reboot it and then change tabs SEVERAL TIMES before it finally connected (same error about "Windows domain cannot be found"). Honestly, at this point I'm not sure if the changing of tabs was doing anything, or if I just had to wait a certain amount of time for "something"...
1. My realm is something like local.domainname.com. I actually own domanname.com on the interwebs, and I had forgotten that for that host's DNS records I had defined local.domainname.com with another IP (an A Record). I'm not sure if that would make any difference as I was telling NAS2 to use ZenServ2 as its DNS server, and I would assume that ZenServ2's DNS would override any external DNS. Anyway, I deleted the A Record on my internet name server.
2. On both ZenServ1 and ZenServ2 I defined the OTHER Domain Controller under the webadmin -> DNS -> Domains. That includes adding the IP of the OTHER server, adding the Hostname of the OTHER server (and then the IP again), and finally adding the OTHER server again under Name Servers. I can't find the page on the Internet anymore, but I did this because I remember following a guide for setting up two Zentyal Servers as PDC and ADC back in the 3.0 days and it instructed me to do this. Once again, I'm not sure if this is necessary, pointless, or harmful in 3.5.
3. On my Gateway Servers, which we can call Gate1 and Gate2 for Network1 and Network2 respectively, and which were formerly my primary DNS servers as well, I made sure to define local.domainname.com as the IP for ZenServ1 (on Gate1) and ZenServ2 (on Gate2). Again, I'm not sure why this would make a difference since I was telling NAS2 to use ZenServ2 as its DNS server; however, Gate2 had been its DNS server before.
4. I also rebooted NAS2 after making all changes. Even after rebooting, it still wouldn't work (a new error now: told me "Windows Domain cannot be found"). I had to load the Directory Service tab, then change to another tab, and then go back to the Directory Service tab again before it worked. I actually just finished making a change to both ZenServ1 and ZenServ2 and it looks like NAS2 lost its connection to the domain. I actually had to reboot it and then change tabs SEVERAL TIMES before it finally connected (same error about "Windows domain cannot be found"). Honestly, at this point I'm not sure if the changing of tabs was doing anything, or if I just had to wait a certain amount of time for "something"...
32
Installation and Upgrades / Re: How to delete old computers from users and computers
« on: September 13, 2014, 09:43:04 pm »
I'm going to resurrect this thread with a particular case where neither the Zentyal webadmin, neither MS Admin Pak seem to help:
Network1 with PDC1, Network2 with ADC2
I added Computer1 to ADC2
Due to an unrelated issue, I then added Computer1 to PDC1
After replication, PDC1 shows only Computer1, whereas ADC2 shows:
Computer1
Computer1 CNF:498jksd893r90wo302909239 (a really long line of numbers and letters)
So basically I have a duplicate "Computer 1".
I installed MS Admin Tools (RSAT), logged in to my computer, connected to the ADC2 network, as a local admin, and then launched the Users and Computers Administration tool. Under computers, only "Computer 1" appears, and only once. So I see no way to delete the duplicate Computer 1 in either the Zentyal webadmin nor through the MS tools.
Network1 with PDC1, Network2 with ADC2
I added Computer1 to ADC2
Due to an unrelated issue, I then added Computer1 to PDC1
After replication, PDC1 shows only Computer1, whereas ADC2 shows:
Computer1
Computer1 CNF:498jksd893r90wo302909239 (a really long line of numbers and letters)
So basically I have a duplicate "Computer 1".
I installed MS Admin Tools (RSAT), logged in to my computer, connected to the ADC2 network, as a local admin, and then launched the Users and Computers Administration tool. Under computers, only "Computer 1" appears, and only once. So I see no way to delete the duplicate Computer 1 in either the Zentyal webadmin nor through the MS tools.
33
Installation and Upgrades / Re: question about Zentyal replication and AD authentication
« on: September 13, 2014, 04:21:20 pm »
Update:
The next day and it looks like the information from ZenServ1 has replicated to ZenServ2. Meaning, after defining NAS2 on ZenServ1 yesterday, it now appears as a user on ZenServ2.
HOWEVER, when I try to authenticate NAS2 with ZenServ2, it is STILL failing. Clearly this must be related to the original issue I had where creating the NAS2 user first on ZenServ2 did not allow me to authenticate with ZenServ2 either. What is going on with ZenServ2's failure to authenticate?
The next day and it looks like the information from ZenServ1 has replicated to ZenServ2. Meaning, after defining NAS2 on ZenServ1 yesterday, it now appears as a user on ZenServ2.
HOWEVER, when I try to authenticate NAS2 with ZenServ2, it is STILL failing. Clearly this must be related to the original issue I had where creating the NAS2 user first on ZenServ2 did not allow me to authenticate with ZenServ2 either. What is going on with ZenServ2's failure to authenticate?
34
Installation and Upgrades / question about Zentyal replication and AD authentication
« on: September 13, 2014, 02:50:11 am »
Here is my setup
Network1 is connected to Network2 by a VPN
Network1 has ZenServ1 and Network2 has ZenServ2
Important Edit: Both ZenServ1 and ZenServ2 are running Zentyal 3.5
ZenServ1 is the Primary Domain Controller, and I setup ZenServ2 to connect over the VPN as an Additional Domain Controller
On initial connection, I saw all the same users and groups and everything was great.
I also have two Synology boxes, we can call them NAS1 and NAS2, also located at Network1 and Network2 respectively.
NAS1 has already authenticated with ZenServ1 and can also see all the Domain users and groups: great.
NAS2 is new at Network2, so, after reading that Zentyal should do two-way replication, I created a new Domain Admin user for NAS2 on ZenServ2. I then tried connecting NAS2 to the domain using ZenServ2's info as the Domain controller. I was unsuccessful.
I then noticed that when browsing ZenServ1's Users and Groups, NAS2 did not appear in the list even though it was in the list on ZenServ2.
Question 1: How long does it take for a newly created user on an Additional Domain Controller to replicate to the Primary Domain Controller?
Question 1b: How long does it take for a newly created user on the Primary Domain Controller to replicate to Additional Domain Controllers?
Question 2: Is there a way to force replication of all servers?
Question 3: Does the lack of replication to the Primary Domain Controller explain why my NAS2 could not authenticate with ZenServ2? It actually doesn't make sense that that would cause a problem since NAS2 DID in fact exist in the local list of Users and Groups.
Continuing: I decided to try a different approach. I deleted NAS2 from ZenServ2 and created it again directly on ZenServ1 (the Primary Domain Controller). I then directed NAS2 to connect to the domain, over the VPN, by using ZenServ1. This time, everything worked great. However, on an additional note, NAS2 has yet to show up as a user on ZenServ2.
Question 4: Why does NAS2 authenticate successfully with ZenServ1 but not ZenServ2?
Question 5: How can I get my NAS2 to authenticate to ZenServ2 which is on the same LAN, rather than to ZenServ1 which is on the sometimes-less-reliable VPN? It seems silly to have an Additional Domain Controller if I can't use it to authenticate locally.
Network1 is connected to Network2 by a VPN
Network1 has ZenServ1 and Network2 has ZenServ2
Important Edit: Both ZenServ1 and ZenServ2 are running Zentyal 3.5
ZenServ1 is the Primary Domain Controller, and I setup ZenServ2 to connect over the VPN as an Additional Domain Controller
On initial connection, I saw all the same users and groups and everything was great.
I also have two Synology boxes, we can call them NAS1 and NAS2, also located at Network1 and Network2 respectively.
NAS1 has already authenticated with ZenServ1 and can also see all the Domain users and groups: great.
NAS2 is new at Network2, so, after reading that Zentyal should do two-way replication, I created a new Domain Admin user for NAS2 on ZenServ2. I then tried connecting NAS2 to the domain using ZenServ2's info as the Domain controller. I was unsuccessful.
I then noticed that when browsing ZenServ1's Users and Groups, NAS2 did not appear in the list even though it was in the list on ZenServ2.
Question 1: How long does it take for a newly created user on an Additional Domain Controller to replicate to the Primary Domain Controller?
Question 1b: How long does it take for a newly created user on the Primary Domain Controller to replicate to Additional Domain Controllers?
Question 2: Is there a way to force replication of all servers?
Question 3: Does the lack of replication to the Primary Domain Controller explain why my NAS2 could not authenticate with ZenServ2? It actually doesn't make sense that that would cause a problem since NAS2 DID in fact exist in the local list of Users and Groups.
Continuing: I decided to try a different approach. I deleted NAS2 from ZenServ2 and created it again directly on ZenServ1 (the Primary Domain Controller). I then directed NAS2 to connect to the domain, over the VPN, by using ZenServ1. This time, everything worked great. However, on an additional note, NAS2 has yet to show up as a user on ZenServ2.
Question 4: Why does NAS2 authenticate successfully with ZenServ1 but not ZenServ2?
Question 5: How can I get my NAS2 to authenticate to ZenServ2 which is on the same LAN, rather than to ZenServ1 which is on the sometimes-less-reliable VPN? It seems silly to have an Additional Domain Controller if I can't use it to authenticate locally.
35
Installation and Upgrades / Re: Zentyal Trusted CA Certificates Help Installlation and configuration Needed!
« on: August 20, 2014, 05:23:05 am »
Next question, where are certificate files for the Openchange (Sogo) website located?
36
Installation and Upgrades / Re: Zentyal Trusted CA Certificates Help Installlation and configuration Needed!
« on: August 20, 2014, 05:22:18 am »
OK, using the same guide that you posted, I have successfully got SSL Certificates working for incoming and outgoing IMAP email in Zentyal 3.5 (with all updates installed as of this post date).
Here are the steps I used (which are the same as those you posted above just adapted to my SSL certificate, Comodo PositiveSSL, and directory structure):
starting in directory /home/myusername/SSLCerts/
Here are the steps I used (which are the same as those you posted above just adapted to my SSL certificate, Comodo PositiveSSL, and directory structure):
starting in directory /home/myusername/SSLCerts/
Code: [Select]
$ cat STAR_mydomain_com.crt > postfix.pem
$ cat COMODORSADomainValidationSecureServerCA.crt >> postfix.pem
$ cat COMODORSAAddTrustCA.crt >> postfix.pem
$ cat AddTrustExternalCARoot.crt >> postfix.pem
$ cat host.key >> postfix.pem
$ cd /etc/postfix/sasl/
$ sudo cp postfix.pem postfix.pem.old
$ sudo cp /home/myusername/SSLCerts/postfix.pem postfix.pem
$ sudo chmod 400 postfix.pem
$ sudo chown root:root postfix.pem
$ cd /etc/dovecot/
$ sudo cp ./private/dovecot.pem ./private/dovecot.pem.old
$ sudo cp /home/myusername/SSLCerts/postfix.pem ./private/dovecot.pem
$ sudo chmod 400 ./private/dovecot.pem
$ sudo chown root:root ./private/dovecot.pem
$ sudo /etc/init.d/zentyal restart
37
Installation and Upgrades / Re: Zentyal Trusted CA Certificates Help Installlation and configuration Needed!
« on: August 20, 2014, 12:52:35 am »
I am about to attempt this same feat in Zentyal 3.5
Have you seen my post here?
https://forum.zentyal.org/index.php/topic,19319.msg74870.html#msg74870
I'm going to try following my old notes and see where it takes me...
Have you seen my post here?
https://forum.zentyal.org/index.php/topic,19319.msg74870.html#msg74870
I'm going to try following my old notes and see where it takes me...
38
Installation and Upgrades / Re: [SOLVED] NAS fails to join domain
« on: August 19, 2014, 03:43:24 am »After upgrading the domain controller to Zentyal 3.2, I tried adding the Synology RS411 NAS to the domain, and this time I was successful. Nothing changed on the NAS or in the process I used to add it. Please don't ask me which of the many changes implemented in 3.2 made this possible.
Is there any chance you could go into an overview of what settings you used to connect the Synology to the Zentyal domain? Right now, I am trying to setup a DS1513+ to connect to a Zentyal 3.5 domain, and I am getting the same domain join error:
Failed to join the Windows domain. Please check your domain and firewall settings and try again.
Edit: Sorry to resurrect this thread. Following the example in Russian shown here: https://forum.zentyal.org/index.php?topic=19052.0 I was FINALLY able to get my Synology (running DSM 5.0-4493 Update 3) to join to the Zentyal 3.5 domain. The only small puzzle piece missing from the explanation in my link: I had to create a user specifically for the Synology box on the Zentyal domain. I also added that user to the Domain Admins group.
39
Installation and Upgrades / Re: How to configure Zentyal 3.5 firewall for email?
« on: August 19, 2014, 03:18:17 am »
OK well I added ACCEPT ANY TCP for 143, 993, and 995, and it seems to be working now. I'm not sure if I need all those ports but eh...
40
Installation and Upgrades / How to configure Zentyal 3.5 firewall for email?
« on: August 19, 2014, 02:55:42 am »
I am running Zentyal 3.2 on a different machine (I've been running it since 3.0) and I seem to remember that the Firewall had services for mail predefined. No longer it seems?
I set up a new test box running 3.5. It is set as standalone (only one internal NIC). My gateway is doing 1-to-1 NAT which makes the Zentyal accessible to the outside world.
When the Firewall is up, I can't receive any email. When I turn the Firewall off, I get email.
I already tried creating a Network service called "Mail" which consists of ACCEPT ANY for TCP on ports 25, 465, and 587. I then added that service to both "Filtering rules for External Networks to Zentyal" and "Filtering rules for Internal Networks to Zentyal". Saved changes. Still doesn't seem to work. What am I missing?
I set up a new test box running 3.5. It is set as standalone (only one internal NIC). My gateway is doing 1-to-1 NAT which makes the Zentyal accessible to the outside world.
When the Firewall is up, I can't receive any email. When I turn the Firewall off, I get email.
I already tried creating a Network service called "Mail" which consists of ACCEPT ANY for TCP on ports 25, 465, and 587. I then added that service to both "Filtering rules for External Networks to Zentyal" and "Filtering rules for Internal Networks to Zentyal". Saved changes. Still doesn't seem to work. What am I missing?
41
Installation and Upgrades / Re: Enable users to send from virtual/alias addresses
« on: August 18, 2014, 08:14:12 pm »
so is there any resolution to this?
this seems like such a big and obvious feature that any email system should have ...
I should add that it seems like common sense to enable users to send both as a variety of personal aliases and also as a group email alias.
Simple example:
Kathy works in purchasing and billing for LocalCompany which is a subsidiary of InternationalCompany. As a purchasing representative, sometimes she purchases for both the local company and for the international umbrella company. She has personal email address kathy@localcompany.com and kathy@internationalcompany.com. When making purchases, she wants to use the domain that matches the entity making the purchase, so as not to confuse the supplier.
She is also a member of the purchasing and billing groups, and therefore receives email sent to the group email billing@localcompany.com and purchasing@localcompany.com. Other people work in the department, so sometimes she wants to send email from the group as a whole, and not from her personal email, because she wants replies to go to the group and not just directly to her email address where only she would be able to read it.
Is this such an uncommon situation that Zentyal does not think it needs to be supported?
this seems like such a big and obvious feature that any email system should have ...
I should add that it seems like common sense to enable users to send both as a variety of personal aliases and also as a group email alias.
Simple example:
Kathy works in purchasing and billing for LocalCompany which is a subsidiary of InternationalCompany. As a purchasing representative, sometimes she purchases for both the local company and for the international umbrella company. She has personal email address kathy@localcompany.com and kathy@internationalcompany.com. When making purchases, she wants to use the domain that matches the entity making the purchase, so as not to confuse the supplier.
She is also a member of the purchasing and billing groups, and therefore receives email sent to the group email billing@localcompany.com and purchasing@localcompany.com. Other people work in the department, so sometimes she wants to send email from the group as a whole, and not from her personal email, because she wants replies to go to the group and not just directly to her email address where only she would be able to read it.
Is this such an uncommon situation that Zentyal does not think it needs to be supported?
42
Installation and Upgrades / Re: where do you manage your registered community edition servers?
« on: August 18, 2014, 05:45:01 pm »
Thanks!
43
Installation and Upgrades / where do you manage your registered community edition servers?
« on: August 18, 2014, 05:13:26 pm »
I am trying to register a newly setup Zentyal server but it says I have already reached the max of 5.
The thing is, I only have one other operational Zentyal server, so those other 4 must be old implementations or tests. I have no idea how or where to login and manage my list of registered Zentyal servers. This website is not very well designed as far as navigation...
The thing is, I only have one other operational Zentyal server, so those other 4 must be old implementations or tests. I have no idea how or where to login and manage my list of registered Zentyal servers. This website is not very well designed as far as navigation...
44
Installation and Upgrades / has the issue with upgrading from Zentyal 3.2 to 3.3 and Zarafa been resolved?
« on: January 07, 2014, 12:13:05 pm »
I want to try to update from 3.2 to 3.3, but I am very worried about this oft-reported problem (which seems to have no posted solution?)
http://forum.zentyal.org/index.php?topic=19520.0
http://forum.zentyal.org/index.php?topic=19402.0
http://forum.zentyal.org/index.php?topic=19381.0
http://forum.zentyal.org/index.php?topic=19391.0
http://forum.zentyal.org/index.php?topic=19520.0
http://forum.zentyal.org/index.php?topic=19402.0
http://forum.zentyal.org/index.php?topic=19381.0
http://forum.zentyal.org/index.php?topic=19391.0
45
Russian / Re: synology в домен samba
« on: December 28, 2013, 06:08:35 am »ввел я все таки его в домен. 1,5 суток работы и nas в домене ))))
на скришоте видно настройки, вдруг кому пригодятся.
А проблема была похоже в фаерволе, хотя компы с windows входили без вопросов. Поднял тестовую машину с zentyal и отредактировал свои правила фаервола так же как у тестовой.
Hello, I am having the same problem trying to connect my Synology NAS to my Zentyal Server. Unfortunately, I don't speak Russian.
I am trying to copy your settings, but I still get the same error "kinit: Client not found in Kerberos database while getting initial credential".
Perhaps my problem is with the login info. Which username did you use? DId you create a user for the Synology server? Did you use the zentyalro user from the LDAP settings?
Did you use the format "user" or "user@office.lan"?
Also, you said you had a problem with the firewall. What was it?
Thanks for your help.
Edit years later: At least with Zentyal 3.5 and Synology DSM 5, I was able to get this working. In answer to my own question, I just used "username" (no @anything required). It is also important to note that, as shown in the screenshots above, the entries for DOMAIN and DOMAIN FQDN are identical.