Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
61
Installation and Upgrades / Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« on: June 12, 2016, 04:28:57 pm »
locale is installed. restarted modules but still it will generate "So" instead of "Sun" 
Anyway, I'm confident it will work well now
Thanks again!!!
update: just notice
so, probably I need to modify the locale setting accordingly?
Anyway, I'm confident it will work well now
Thanks again!!!update: just notice
Code: [Select]
locale -a
C
C.UTF-8
de_DE.utf8
en_US.utf8
POSIX
so, probably I need to modify the locale setting accordingly?
62
Installation and Upgrades / Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« on: June 12, 2016, 02:48:13 pm »
thank you your suggestion about "wget wget" mistake!
i've changed the mac format to uppercase format,
please install one more time and you can test it force with following command:Code: [Select]LC_TIME_ORIG=$LC_TIME && LC_TIME=en_US.UTF-8 && echo "$(date '+%a %b %e %H:%M:%S %Y') : Auth: Login OK: [testuser] (from client 127.0.0.1/32 port 5 cli 2002af9a30af)" | sudo tee -a /var/log/freeradius/radius.log && LC_TIME=$LC_TIME_ORIG
tried the echo but it seems my locale for date is set to De, so Week day is prompted as "So" and not "Sun". At the end, the echoed log entry is not shown in zentyal log module... :-)
p.s. modified the echo command and set the date/time manually.
63
Installation and Upgrades / Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« on: June 12, 2016, 11:01:48 am »
modified, please check...
https://forum.zentyal.org/index.php/topic,25541.msg96226.html#msg96226
Thanks' Julio,
Installed it and now have to test. Since it is a remote site, it will take a few days before I'll see the effect. I assume the change will only take effect on new log entries, right?
In any case, I'm very thankful for your prompt help! Really great!!!
p.s. maybe a little remark: I think there's a little mistake in the instruction.
Code: [Select]
wget wget http://archive.zentyal.org/zentyal/pool/main/z/zentyal-radius/zentyal-radius_3.5.1.tar.gz -O zentyal-radius_3.5.1.tar.gzdouble wget...
64
German / Re: HILFE! Wie kann ich ein offizelles StartSSL- Zertifikat einbinden
« on: June 11, 2016, 04:59:00 pm »
Moin zusammen,
also mir ist es gelungen, Fremdzertifikate über die Stubs einzubinden.
Dazu ändert man die Konfigurationsvorlagen (.mas) im Verzeichnis /usr/share/zentyal/stubs/...
Beispiel Mail:
Da gibt es z.B. im Unterverzeichnis mail die main.cf.mas
Diese Datei überschreibt mit jedem Neustart/Reload dies Moduls die /etc/postfix/main.cf
Dort werden die Variablen my $certFile und my $keyFile definiert.
Da ich mit let's encrypt arbeite, sieht die dann ungefähr so aus:
my $certFile = '/etc/letsencrypt/live/##domain###/fullchain.pem';
my $keyFile = '/etc/letsencrypt/live/##domain###/privkey.pem';
##domain### müsst ihr natürlich mit dem korrekten Pfad austauschen.
in der dovecot.conf.mas gibt es entsprechend diese Einträge
ssl_cert=</etc/letsencrypt/live/##domain###/fullchain.pem
ssl_key=</etc/letsencrypt/live/##domain###/privkey.pem
Achtet auf die spitze Klammer!
Openchange hat die apache-ics-manager.conf.mas
Hier gibt es drei Zeilen
SSLCertificateFile /etc/letsencrypt/live/##domain###/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/##domain###/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/##domain###/fullchain.pem
Damit sollte das wichtigste abgedeckt sein.
also mir ist es gelungen, Fremdzertifikate über die Stubs einzubinden.
Dazu ändert man die Konfigurationsvorlagen (.mas) im Verzeichnis /usr/share/zentyal/stubs/...
Beispiel Mail:
Da gibt es z.B. im Unterverzeichnis mail die main.cf.mas
Diese Datei überschreibt mit jedem Neustart/Reload dies Moduls die /etc/postfix/main.cf
Dort werden die Variablen my $certFile und my $keyFile definiert.
Da ich mit let's encrypt arbeite, sieht die dann ungefähr so aus:
my $certFile = '/etc/letsencrypt/live/##domain###/fullchain.pem';
my $keyFile = '/etc/letsencrypt/live/##domain###/privkey.pem';
##domain### müsst ihr natürlich mit dem korrekten Pfad austauschen.
in der dovecot.conf.mas gibt es entsprechend diese Einträge
ssl_cert=</etc/letsencrypt/live/##domain###/fullchain.pem
ssl_key=</etc/letsencrypt/live/##domain###/privkey.pem
Achtet auf die spitze Klammer!
Openchange hat die apache-ics-manager.conf.mas
Hier gibt es drei Zeilen
SSLCertificateFile /etc/letsencrypt/live/##domain###/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/##domain###/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/##domain###/fullchain.pem
Damit sollte das wichtigste abgedeckt sein.
65
Installation and Upgrades / Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« on: June 11, 2016, 04:27:36 pm »
Dear Julio,
Hope you can also help with this little issue. Now that I've got the radius module working, I noticed that - depending on the AP - MAC address information will be shown or not in the log file presentation (via zentyal log viewer).
I have an older Siemens AP here, which result in the following log entry:
Means, the MAC address is 20:02:AF:9A:30:AF, but it's not shown, the mac column remains empty.
My guess is that the parser is not able to convert and/or identify the mac entry in the log file.
Is there any hack possible to fix this?
Hope you can also help with this little issue. Now that I've got the radius module working, I noticed that - depending on the AP - MAC address information will be shown or not in the log file presentation (via zentyal log viewer).
I have an older Siemens AP here, which result in the following log entry:
Code: [Select]
Sat Jun 11 15:37:44 2016 : Auth: Login OK: [username] (from client xxx.xxx.x.xxx/32 port 5 cli 2002af9a30af)Means, the MAC address is 20:02:AF:9A:30:AF, but it's not shown, the mac column remains empty.
My guess is that the parser is not able to convert and/or identify the mac entry in the log file.
Is there any hack possible to fix this?
66
Installation and Upgrades / Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« on: June 04, 2016, 03:13:50 pm »
Hey,
Thanks' for the prompt response and help.
Actually, the minute you posted, I found the solution as per one of your earlier advices.
https://forum.zentyal.org/index.php/topic,26466.msg97883.html#msg97883
First I tried
Seems this did the trick.
Thanks' for the prompt response and help.
Actually, the minute you posted, I found the solution as per one of your earlier advices.
https://forum.zentyal.org/index.php/topic,26466.msg97883.html#msg97883
First I tried
Code: [Select]
sudo chown root:root /etc/samba/openchange.conf
sudo chmod 644 /etc/samba/openchange.confwhich worked. so finally I didCode: [Select]
echo -e "#"'!'"/bin/bash\nchown root:root /etc/samba/openchange.conf\nchmod 644 /etc/samba/openchange.conf\nexit 0" | sudo tee /etc/zentyal/hooks/openchange.postsetconf
sudo chmod +x /etc/zentyal/hooks/openchange.postsetconfSeems this did the trick.
67
Installation and Upgrades / Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« on: June 04, 2016, 11:59:17 am »
Hello Julio and all,
Thanks' for bringing Radius into Zentyal 4.2!
I was able to install successfully and it seems to work in general, but not in my specific setup.
I want to use Radius to grant WiFi access to registered users and tried with two different AP's so far. One is an older Siemens DSL router and the other is a buffalo router with DD-WRT on board.
Both seem to be using MSCHAP authentication, but they always fail with "Login incorrect". Looking into the radius.log file, all I can see is:
and that's basically it. No more hints.
I also tried using radtest tool and it works successfully, unless I choose MSCHAP as type. So my understanding is that the auth against the AD works in general and there must be an issue with the MSCHAP module.
The module does exist in the modules folder and besides the domain hack being active, the ntlm_auth looks like this:
I'm not a big pro on Radius setup, so I hope someone can help me to get this going. We're using the installation for a refugee project.
update:
radtest output for mschap auth: MS-CHAP-Error = "\000E=691 R=1"
update2: checked ntlm_auth and it does work, but only when using sudo. Is this correct? I read some comments about freerad user to be member of the winbindd_priv group, but this is already the case. (winbindd_priv:x:118:freerad)
Thanks' for bringing Radius into Zentyal 4.2!
I was able to install successfully and it seems to work in general, but not in my specific setup.
I want to use Radius to grant WiFi access to registered users and tried with two different AP's so far. One is an older Siemens DSL router and the other is a buffalo router with DD-WRT on board.
Both seem to be using MSCHAP authentication, but they always fail with "Login incorrect". Looking into the radius.log file, all I can see is:
Code: [Select]
Fri Jun 3 19:01:02 2016 : Auth: Login incorrect (mschap: External script says ): [#username#] (from client ##.##.###.#/32 port 0 via TLS tunnel)
Fri Jun 3 19:01:03 2016 : Auth: Login incorrect: [#username#] (from client ##.##.###.#/32 port 1 cli ##-##-##-##-##-##)
and that's basically it. No more hints.
I also tried using radtest tool and it works successfully, unless I choose MSCHAP as type. So my understanding is that the auth against the AD works in general and there must be an issue with the MSCHAP module.
The module does exist in the modules folder and besides the domain hack being active, the ntlm_auth looks like this:
Code: [Select]
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"
I'm not a big pro on Radius setup, so I hope someone can help me to get this going. We're using the installation for a refugee project.
update:
radtest output for mschap auth: MS-CHAP-Error = "\000E=691 R=1"
update2: checked ntlm_auth and it does work, but only when using sudo. Is this correct? I read some comments about freerad user to be member of the winbindd_priv group, but this is already the case. (winbindd_priv:x:118:freerad)
68
Installation and Upgrades / 4.2: Distribution / Security Groups with OpenChange Accounts?
« on: April 10, 2016, 04:18:45 pm »
Dear All,
I was wondering if someone could help me to understand the feature of activating openchange account for distribution/security groups?
What is the difference between a distribution group with or without having an open change account and how can I us the open change account when activated?
Thanks in advance!
I was wondering if someone could help me to understand the feature of activating openchange account for distribution/security groups?
What is the difference between a distribution group with or without having an open change account and how can I us the open change account when activated?
Thanks in advance!
69
Email and Groupware / Re: fetchmail in a multidrop environment
« on: March 12, 2016, 05:51:28 pm »
bounce
70
Email and Groupware / Re: write access to shared address book
« on: March 12, 2016, 05:51:04 pm »
bounce
71
Email and Groupware / Re: write access to shared address book
« on: March 04, 2016, 03:38:59 pm »
ok, from the missing response I either guess it's stupid question or no-one ever had a similar task?
Now, what I've found out so far is that probably I need to add the ObjectClasses to the SOGoUserSources as well?
Do I understand it correctly that within this, I need to define each and every field (mapping) or what needs to be put in there? I haven't been able to find a single example on the web so far...
Who's got some experience with this?
Now, what I've found out so far is that probably I need to add the ObjectClasses to the SOGoUserSources as well?
Do I understand it correctly that within this, I need to define each and every field (mapping) or what needs to be put in there? I haven't been able to find a single example on the web so far...
Who's got some experience with this?
72
Email and Groupware / fetchmail in a multidrop environment
« on: March 02, 2016, 11:23:31 pm »
Hello,
due to some restrictive domain setting, all mail for a domain ist sent to only one single mailbox (catch all).
I would now like to retrieve the email and forward them to each dedicated user on the server.
The problem is that the emails do not have any x-envelope header, so this make things even worse as it would drop all email sent to more than one recipient in the domain.
Now I saw this example in the manual from fetch mail:
poll pop.provider.net:
user maildrop with pass secret1 to golux ’hurkle’=’happy’ snark here
This means, within one poll, I could catch all email and still send them to dedicated recipients.
Looking at the fetch mail.rc.mas file, I see that it's basically using a foreach instruction. so I thought of using this to make one poll with the "to" instruction and then it should add all local accounts, so it can parse each email in the mailbox.
Would this be possible and if yes, how would the .mas file would look like?
Or am I missing something?
due to some restrictive domain setting, all mail for a domain ist sent to only one single mailbox (catch all).
I would now like to retrieve the email and forward them to each dedicated user on the server.
The problem is that the emails do not have any x-envelope header, so this make things even worse as it would drop all email sent to more than one recipient in the domain.
Now I saw this example in the manual from fetch mail:
poll pop.provider.net:
user maildrop with pass secret1 to golux ’hurkle’=’happy’ snark here
This means, within one poll, I could catch all email and still send them to dedicated recipients.
Looking at the fetch mail.rc.mas file, I see that it's basically using a foreach instruction. so I thought of using this to make one poll with the "to" instruction and then it should add all local accounts, so it can parse each email in the mailbox.
Would this be possible and if yes, how would the .mas file would look like?
Or am I missing something?
73
Email and Groupware / write access to shared address book
« on: March 02, 2016, 10:46:07 pm »
Hi All,
I'm struggling to get the write access done right for the shared address book.
I simply want to complete the address info of the registered users, such as phone numbers, etc.
I added modifiers = (username); to the sogo.conf.mas and restarted openchange form the dashboard.
After this, the "save" button appears in the webmail fronted, when I try to change an existing entry for the shared address book. However, when I press save, it will close the windows but not update the info.
I also tried the superuser option and also got the save button, but still no success. Changes are simply not written back.
who can help?
I'm struggling to get the write access done right for the shared address book.
I simply want to complete the address info of the registered users, such as phone numbers, etc.
I added modifiers = (username); to the sogo.conf.mas and restarted openchange form the dashboard.
After this, the "save" button appears in the webmail fronted, when I try to change an existing entry for the shared address book. However, when I press save, it will close the windows but not update the info.
I also tried the superuser option and also got the save button, but still no success. Changes are simply not written back.
who can help?
74
Installation and Upgrades / Re: Zentyal 4.2 - BUG: soft lockup - CPU #1, after latest update
« on: February 21, 2016, 11:53:32 am »Anyway, i'm curious about what would happen if we try to remove the last kernel...
Wanna try?
75
Installation and Upgrades / Re: Zentyal 4.2 - BUG: soft lockup - CPU #1, after latest update
« on: February 19, 2016, 03:30:11 pm »Hi everyone.
Experienced the same problem on two different servers. I had 2 lockups on the first one. After some research, I decided to downgrade the kernel from 3.19.0-49-generic to 3.19.0-47-generic. So far, no more lockups.
Today I experienced same behaviour on another server. Checked kernel version, and it was 3.19.0-49-generic. Just downgraded too this one to 3.19.0-47-generic.
I'll keep you informed about results. First server has not lockup since downgrade.
Both Zentyal 4.2.2 up to date.
How to downgrade:Code: [Select]sudo apt-get purge linux-image-3.19.0-49-generic
sudo update-grub
then reboot.
I may just add that one should ensure that the previous kernel is still "available". Auto-remove function of apt might have deleted it, no?
And finally, you need to put upgrade offers for the new kernel on hold...