Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
46
Installation and Upgrades / Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« on: October 04, 2016, 04:39:31 pm »Code: [Select]
ls -la /var/lib/zentyal/conf/
total 144
drwxr-xr-x 9 ebox adm 4096 Okt 3 20:51 .
drwxr-xr-x 10 ebox ebox 4096 Okt 4 01:16 ..
drwx------ 2 ebox adm 4096 Okt 2 22:14 backups
drwxr-xr-x 2 ebox ebox 4096 Feb 18 2016 dhcp
-rw-r--r-- 1 ebox adm 371 Okt 21 2015 eboxlog.conf
-rw-r--r-- 1 ebox adm 33 Feb 3 2016 ebox.passwd
-rw------- 1 ebox ebox 0 Feb 18 2016 ebox.sid
-rw------- 1 ebox ebox 32 Okt 2 20:53 fetchmail.passwd
-rw------- 1 ebox ebox 32 Okt 2 20:32 fetchmail.passwd~
-rw-r--r-- 1 ebox ebox 11 Okt 3 20:51 locale
drwxrwxrwx 2 ebox ebox 4096 Feb 18 2016 logs
-rw-r--r-- 1 ebox ebox 3857 Okt 3 20:51 nginx.conf
drwxr-xr-x 2 root root 4096 Mär 1 2016 openchange
-rw-r--r-- 1 root root 9527 Feb 3 2016 openssl.cnf
-rw------- 1 ebox root 25726 Okt 3 20:47 redis.conf
-rw------- 1 ebox ebox 8 Feb 18 2016 redis.passwd
drwxr-xr-x 2 ebox ebox 4096 Feb 18 2016 remoteservices
-rw-rw-rw- 1 ebox ebox 146 Okt 3 20:50 samba-antivirus.conf
-r-------- 1 ebox ebox 193 Okt 3 20:50 samba.keytab
-r-------- 1 root root 8 Mär 3 2016 sa-mysql.passwd
-rw------- 1 ebox ebox 8 Feb 19 2016 sogo_db.passwd
drwx------ 2 root root 4096 Okt 3 20:49 ssl
drwxr-xr-x 2 ebox adm 4096 Feb 3 2016 ssl-ca
-rw-r--r-- 1 root root 353 Apr 25 12:08 zavsd-log.conf
-rw------- 1 ebox ebox 20 Okt 2 20:53 zentyal-mailfilter-zentyal.passwd
-rw------- 1 ebox ebox 20 Okt 2 20:53 zentyal-mail-zentyal.passwd
-r-------- 1 root root 8 Feb 18 2016 zentyal-mysql.passwd
-rw------- 1 ebox ebox 20 Okt 2 20:53 zentyal-openchange-zentyal.passwd
-rw------- 1 ebox ebox 20 Okt 2 20:53 zentyal-radius-zentyal.passwd
47
Installation and Upgrades / Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« on: October 03, 2016, 09:31:32 pm »
So,here comes the output from an actual try via radtest:
User Info is also accessible:
Code: [Select]
Mon Oct 3 21:16:24 2016 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 39583, id=246, length=80
User-Name = "###username###"
User-Password = "###password###"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
Message-Authenticator = 0xae07c03a0fa5825814f6e4066277a23b
Mon Oct 3 21:29:05 2016 : Info: # Executing section authorize from file /etc/freeradius/sites-enabled/default
Mon Oct 3 21:29:05 2016 : Info: +- entering group authorize {...}
Mon Oct 3 21:29:05 2016 : Info: ++[preprocess] returns ok
Mon Oct 3 21:29:05 2016 : Info: ++[chap] returns noop
Mon Oct 3 21:29:05 2016 : Info: ++[mschap] returns noop
Mon Oct 3 21:29:05 2016 : Info: [eap] No EAP-Message, not doing EAP
Mon Oct 3 21:29:05 2016 : Info: ++[eap] returns noop
Mon Oct 3 21:29:05 2016 : Info: [files] users: Matched entry DEFAULT at line 1
Mon Oct 3 21:29:05 2016 : Info: ++[files] returns ok
Mon Oct 3 21:29:05 2016 : Info: [ldap] performing user authorization for ###username###
Mon Oct 3 21:29:05 2016 : Info: [ldap] expand: %{Stripped-User-Name} ->
Mon Oct 3 21:29:05 2016 : Info: [ldap] ... expanding second conditional
Mon Oct 3 21:29:05 2016 : Info: [ldap] expand: %{User-Name} -> ###username###
Mon Oct 3 21:29:05 2016 : Info: [ldap] expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=###username###)
Mon Oct 3 21:29:05 2016 : Info: [ldap] expand: DC=fritz,DC=box -> DC=fritz,DC=box
Mon Oct 3 21:29:05 2016 : Debug: [ldap] ldap_get_conn: Checking Id: 0
Mon Oct 3 21:29:05 2016 : Debug: [ldap] ldap_get_conn: Got Id: 0
Mon Oct 3 21:29:05 2016 : Debug: [ldap] attempting LDAP reconnection
Mon Oct 3 21:29:05 2016 : Debug: [ldap] (re)connect to ldap://127.0.0.1, authentication 0
Mon Oct 3 21:29:05 2016 : Debug: [ldap] bind as CN=zentyal-radius-zentyal,CN=Users,DC=fritz,DC=box/###password### to ldap://127.0.0.1
Mon Oct 3 21:29:05 2016 : Debug: [ldap] waiting for bind result ...
Mon Oct 3 21:29:05 2016 : Error: [ldap] LDAP login failed: check identity, password settings in ldap section of radiusd.conf
Mon Oct 3 21:29:05 2016 : Error: [ldap] (re)connection attempt failed
Mon Oct 3 21:29:05 2016 : Info: [ldap] search failed
Mon Oct 3 21:29:05 2016 : Debug: [ldap] ldap_release_conn: Release Id: 0
Mon Oct 3 21:29:05 2016 : Info: ++[ldap] returns fail
Mon Oct 3 21:29:05 2016 : Auth: Invalid user: [###username###] (from client 127.0.0.1/32 port 1812)
Mon Oct 3 21:29:05 2016 : Info: Using Post-Auth-Type Reject
Mon Oct 3 21:29:05 2016 : Info: # Executing group from file /etc/freeradius/sites-enabled/default
Mon Oct 3 21:29:05 2016 : Info: +- entering group REJECT {...}
Mon Oct 3 21:29:05 2016 : Info: [attr_filter.access_reject] expand: %{User-Name} -> ###username###
Mon Oct 3 21:29:05 2016 : Debug: attr_filter: Matched entry DEFAULT at line 11
Mon Oct 3 21:29:05 2016 : Info: ++[attr_filter.access_reject] returns updated
Mon Oct 3 21:29:05 2016 : Info: Delaying reject of request 0 for 1 seconds
Mon Oct 3 21:29:05 2016 : Debug: Going to the next request
Mon Oct 3 21:29:05 2016 : Debug: Waking up in 0.9 seconds.
Mon Oct 3 21:29:06 2016 : Info: Sending delayed reject for request 0
Sending Access-Reject of id 246 to 127.0.0.1 port 39583
Mon Oct 3 21:29:06 2016 : Debug: Waking up in 4.9 seconds.
Mon Oct 3 21:29:11 2016 : Info: Cleaning up request 0 ID 246 with timestamp +761
Mon Oct 3 21:29:11 2016 : Info: Ready to process requests.User Info is also accessible:
Code: [Select]
User info (Level-0):
====================
Name: zentyal-radius-zentyal
SID: S-1-5-21-1293354772-482189516-68840057-1231
Uid: 910689487
Gid: 910688769
Gecos: <null>
Shell: /bin/sh
Home dir: /home/local/FRITZ/zentyal-radius-zentyal
Logon restriction: NO
48
Installation and Upgrades / Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« on: October 03, 2016, 09:28:06 pm »
Here it goes, Julio.
Only masked the secrets "###secret###
It wouldn't let me post the whole text (20000 chars limit), so here's a link to the file:
https://dl.dropboxusercontent.com/u/1666516/freeradius%20debug.txt
update: this is only the debug output before the actual auth trial
Only masked the secrets "###secret###
It wouldn't let me post the whole text (20000 chars limit), so here's a link to the file:
https://dl.dropboxusercontent.com/u/1666516/freeradius%20debug.txt
update: this is only the debug output before the actual auth trial
49
Installation and Upgrades / Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« on: October 03, 2016, 08:42:23 pm »
Julio,
Hope to get one more hint from you ;-)
Worked all fine for the time being, but for some reason I had to re-install (not only, but also) the radius package and now I seem to be getting no access to the LDAP. (Radius only rejects)
In the freeradius log, I can only find two lines, i.e.
I checked the ldap module at freeradius and the credentials are filled in. I also checked the user in the tree, removed it, reconfigured so the user was back in. Still no good.
I tried a full purge on freeradius, zentyal-radius and the related packages, and reinstalled from the scratch. Nothing helped.
Anything else where I could look into?
Hope to get one more hint from you ;-)
Worked all fine for the time being, but for some reason I had to re-install (not only, but also) the radius package and now I seem to be getting no access to the LDAP. (Radius only rejects)
In the freeradius log, I can only find two lines, i.e.
Code: [Select]
Mon Oct 3 20:29:46 2016 : Error: [ldap] LDAP login failed: check identity, password settings in ldap section of radiusd.conf
Mon Oct 3 20:29:46 2016 : Error: [ldap] (re)connection attempt failedI checked the ldap module at freeradius and the credentials are filled in. I also checked the user in the tree, removed it, reconfigured so the user was back in. Still no good.
I tried a full purge on freeradius, zentyal-radius and the related packages, and reinstalled from the scratch. Nothing helped.
Anything else where I could look into?
50
Directory and Authentication / Re: zentyal 4,2.2 user acounts won't create on main dc
« on: September 28, 2016, 07:13:07 pm »
Same problem for me, still unsolved even after hours of trying.
Let's compare the error messages you produce when initiating a manual replication using the samba-tool!
Downstream works fine here, but upstream fails.
Would love to get this solved, as I really need a 2nd DC with full sync.
Let's compare the error messages you produce when initiating a manual replication using the samba-tool!
Downstream works fine here, but upstream fails.
Would love to get this solved, as I really need a 2nd DC with full sync.
51
Installation and Upgrades / Re: [SOLVED] Solution Here for Slow Webmail and sogod prework
« on: August 30, 2016, 05:57:48 pm »
1) Edit /usr/share/zentyal/stubs/openchange/sogo.conf.mas
I think you mean logo.mas, not logo.conf.mas? The latter does not contain the PREFORK string...
52
Directory and Authentication / Re: Zentyal 4.2.2 and OS X 10.11.5 home directory not found
« on: August 30, 2016, 05:47:07 pm »
I tried this some time ago and as far as I remember, it is a missing entry in the LDAP table! also check that you're using a mobile (roaming) account setting with OS X!
look here: http://www.shabangs.net/zentyal/centralizing-usergroup-management-for-mac-osx-with-zentyal/
look here: http://www.shabangs.net/zentyal/centralizing-usergroup-management-for-mac-osx-with-zentyal/
53
Directory and Authentication / Re: mount /home/$(DOMAIN_USER) on ubuntu client (copy home folder to client)
« on: August 30, 2016, 05:42:22 pm »
It shouldn't get copied, but simply is mounted into the local file system. the issue you may have is that you do not unmount after logoff.
So check this out:
(replace {server}, {domain} and {full domain} with your individual real entries)
Works for me, however, from time to time, the very first login may fail to mount the home directory. Leaves you with a fresh desktop. Logo and login will then mount correctly. Not sure where this comes from, though.
Maybe also another tip:
If you want to keep the audio working, you also need to set a local variable for each client.
It must be done for each user, so it makes sense to put this as a template to the zentyal/samba server into /etc/skel/.profile
Found this tip somewhere, but sadly do not remember the exact source, so credits go to the unknown hero
When a new user is created, the files in skel are copied to the new profile and when it's mounted by the client, you have full functional pulse audio.
So check this out:
Code: [Select]
<pam_mount>
<debug enable="0" />
<volume
fstype="cifs"
server="{server}"
path="%(USER)"
mountpoint="/home/local/{domain}/%(USER)"
user="*"
options="sec=krb5,cruid=%(USERUID),domain={full domain},uid=%(USERUID),gid=%(USERGID),rw"
/>
<umount>umount -l %(MNTPT)</umount>
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<mntoptions require="nosuid,nodev" />
<logout wait="0" hup="0" term="0" kill="0" />
<mkmountpoint enable="1" remove="true" />
</pam_mount>
(replace {server}, {domain} and {full domain} with your individual real entries)
Works for me, however, from time to time, the very first login may fail to mount the home directory. Leaves you with a fresh desktop. Logo and login will then mount correctly. Not sure where this comes from, though.
Maybe also another tip:
If you want to keep the audio working, you also need to set a local variable for each client.
It must be done for each user, so it makes sense to put this as a template to the zentyal/samba server into /etc/skel/.profile
Code: [Select]
# move pulse directory out of home
PULSE_DIR="/tmp/$( whoami )-pulse
mkdir -p $PULSE_DIR && chmod 700 $PULSE_DIR
export PULSE_CONFIG_PATH=$PULSE_DIR
export PULSE_STATE_PATH=$PULSE_DIR
export PULSE_RUNTIME_PATH=$PULSE_DIR
Found this tip somewhere, but sadly do not remember the exact source, so credits go to the unknown hero
When a new user is created, the files in skel are copied to the new profile and when it's mounted by the client, you have full functional pulse audio.
54
German / Re: Kann keinen Email-Client mit Zentyal (OpenChange) verbinden
« on: August 30, 2016, 05:24:23 pm »
Nope, leider nicht. Ich kämpfe auch mit allen anderen "Features". Versuche CALDAV und CARDDAV unter OS X einzubinden, gem. link in den jeweiligen Eigenschaften. Nix geht, ziemlich frustrierend...
https://server-ip:443/SOGo/dav/{username}/Contacts/personal/
Lässt sich zwar einbinden und produziert auch keinen Fehler, jedoch kommen keine Daten rein. Analog dazu der Kalender, nur eben mit "Calendar" statt "Contacts".
https://server-ip:443/SOGo/dav/{username}/Contacts/personal/
Lässt sich zwar einbinden und produziert auch keinen Fehler, jedoch kommen keine Daten rein. Analog dazu der Kalender, nur eben mit "Calendar" statt "Contacts".
55
Installation and Upgrades / Re: Zentyal: Get CardDAV and CalDAV Address
« on: August 30, 2016, 04:41:45 pm »
Hi,
I don't seem to be able to use on OS X. Has anyone managed to get it working? it doesn't produce any error, but just will show no data entries.
any hint welcome :-)
I don't seem to be able to use on OS X. Has anyone managed to get it working? it doesn't produce any error, but just will show no data entries.
any hint welcome :-)
56
German / Re: HILFE! Wie kann ich ein offizelles StartSSL- Zertifikat einbinden
« on: August 21, 2016, 11:34:44 am »
und, hat's geklappt?
57
German / Re: Kann keinen Email-Client mit Zentyal (OpenChange) verbinden
« on: August 21, 2016, 11:33:38 am »
Outlook unter Mac habe ich bisher ebenfalls nicht hinbekommen. Hänge mich also dankbar an die Frage an. 
58
Directory and Authentication / Re: mount /home/user (server) on a ubuntu client
« on: August 21, 2016, 11:29:24 am »
Found the client config on a USD stick.
So, here's my pam_mount.conf.xml
"FRITZ" should be replaced with your workgroup, i.e. the domain name! Usually, it's kind of a prefix used in the home directory path.
"FRITZ.BOX" should be replaced with your realm, i.e. the complete AD domain
Hope this helps.
So, here's my pam_mount.conf.xml
"FRITZ" should be replaced with your workgroup, i.e. the domain name! Usually, it's kind of a prefix used in the home directory path.
"FRITZ.BOX" should be replaced with your realm, i.e. the complete AD domain
Code: [Select]
<pam_mount>
<debug enable="0" />
<volume
fstype="cifs"
server="zentyal"
path="%(USER)"
mountpoint="/home/local/FRITZ/%(USER)"
user="*"
options="sec=krb5,cruid=%(USERUID),domain=FRITZ.BOX,uid=%(USERUID),gid=%(USERGID),rw"
/>
<umount>umount -l %(MNTPT)</umount>
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<mntoptions require="nosuid,nodev" />
<logout wait="0" hup="0" term="0" kill="0" />
<mkmountpoint enable="1" remove="true" />
Hope this helps.
59
Directory and Authentication / Re: mount /home/user (server) on a ubuntu client
« on: August 20, 2016, 12:50:42 pm »
Hej,
This is just to give a quick feedback on your post. I need a few days to check on the server, but as soon as I get back, I will send you my solution.
Without having the detailed config files in front, I don't see any obvious problem with your configuration.
I have made the same approach and it works... somehow. (using pbis for the AD connection)
What happens here is that the first login does result in the same situation. Auth works, so you can login with your credentials, but the client does not mounting the net home folder. When I logoff and then log back in, it usually works 100%.
So, you may want to try to check this "workaround" and see it you succeed as well?
I haven't understood yet what's causing this, but it's good to know I'm not the only one ;-)
update:Have you checked if you can generally/manually mount the home folder? Pls keep in mind that the zentyal server will not show up in the network automatically. You need to use the "connect to server" command from the menus to make it appear!
update2: This phenomenon appears for me only for the first client login. once this has successfully started (incl. home folders), following clients seem to work fine with the first attempt.
This is just to give a quick feedback on your post. I need a few days to check on the server, but as soon as I get back, I will send you my solution.
Without having the detailed config files in front, I don't see any obvious problem with your configuration.
I have made the same approach and it works... somehow. (using pbis for the AD connection)
What happens here is that the first login does result in the same situation. Auth works, so you can login with your credentials, but the client does not mounting the net home folder. When I logoff and then log back in, it usually works 100%.
So, you may want to try to check this "workaround" and see it you succeed as well?
I haven't understood yet what's causing this, but it's good to know I'm not the only one ;-)
update:Have you checked if you can generally/manually mount the home folder? Pls keep in mind that the zentyal server will not show up in the network automatically. You need to use the "connect to server" command from the menus to make it appear!
update2: This phenomenon appears for me only for the first client login. once this has successfully started (incl. home folders), following clients seem to work fine with the first attempt.
60
Installation and Upgrades / Re: Zentyal 4.2 - BUG: soft lockup - CPU #1, after latest update
« on: June 23, 2016, 07:49:12 pm »
3.19.0.61.44 released now. Has anyone had a chance to try, yet?