Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
Installation and Upgrades / Re: [SOLVED]Multiple connections VPN
« on: March 08, 2014, 11:21:47 pm »
Glad you got it working...
2
Installation and Upgrades / Re: Multiple connections VPN
« on: March 07, 2014, 07:58:35 am »
I have seen this problem when two client are using the same certs to connect to the openvpn server. Make sure you have two separate clients in Zentyal, and that each computer is using a different one.
3
News and Announcements / Re: Zentyal Server 3.4 and Zarafa
« on: January 28, 2014, 06:12:56 am »
What is gained by upgrading to Ubuntu server 13.10? Is it just for the sake of being current?
4
Installation and Upgrades / Re: Zentyal 3.2: Samba, the Dawn of Something Else
« on: December 11, 2013, 05:07:31 am »
I am not sure, but I think the issue may be because somewhat explained below:
In most *nix filesystems administrators can assign read (r), write (w), and execute (x) permissions to files, and set permissions differently for a file's owner, users in the same group, and others. This scheme is simple and effective, but for more complicated scenarios, administrators often have to implement elaborate and cumbersome directory structures and multiple user groups to model an appropriate permission system. A better approach is the use of filesystem access control lists (ACLs) to provide a finer-grained level of control over permissions. With ACLs you can specify which users and groups can access a file, regardless of the owner of the file or directory.
So when you set a file share through Zentyal web interface, on a drive with existing files (a lot of them) Zentyal is setting all the ACLs on every file. If there are a lot of them, I guess it is taking awhile.
Either, eventually it will finish, or maybe if the drive containing the share directory is not mounted with the ACL option, it is just hanging there...
hope this helps, maybe...
I am sorting through this issue as well. I used Eiciel, a gui ACL editor, to help see what the permission issue is.
In most *nix filesystems administrators can assign read (r), write (w), and execute (x) permissions to files, and set permissions differently for a file's owner, users in the same group, and others. This scheme is simple and effective, but for more complicated scenarios, administrators often have to implement elaborate and cumbersome directory structures and multiple user groups to model an appropriate permission system. A better approach is the use of filesystem access control lists (ACLs) to provide a finer-grained level of control over permissions. With ACLs you can specify which users and groups can access a file, regardless of the owner of the file or directory.
So when you set a file share through Zentyal web interface, on a drive with existing files (a lot of them) Zentyal is setting all the ACLs on every file. If there are a lot of them, I guess it is taking awhile.
Either, eventually it will finish, or maybe if the drive containing the share directory is not mounted with the ACL option, it is just hanging there...
hope this helps, maybe...
I am sorting through this issue as well. I used Eiciel, a gui ACL editor, to help see what the permission issue is.
5
Installation and Upgrades / Re: suricata Eats CPU
« on: October 22, 2013, 04:21:16 pm »
I have not yet, just documenting the effect of running suricata without it.
Will be interesting to see how utilizing some GPU processing power will help.
Will be interesting to see how utilizing some GPU processing power will help.
6
Installation and Upgrades / Re: suricata Eats CPU
« on: October 22, 2013, 05:40:48 am »
Also, I thought I would add, I am running my test directly against the Zentyal box running iperf itself, as configured with one NIC in "Office" mode, as opposed to, through Zentyal in "Gateway" mode (2 NICs) connecting to a server behind it with iperf listening.
7
Installation and Upgrades / Re: suricata Eats CPU
« on: October 22, 2013, 05:34:20 am »
I have noticed this CPU consumption as well, and found it was limiting my throughput.
The Zentyal server has only 1 gig of RAM and an Intel Core2 4300@1.8ghz.
On a Gbit LAN, running iperf with the IDS module enabled iperf reported:
------------------------------------------------------------
Client connecting to 192.168.2.225, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size: 160 KByte (default)
------------------------------------------------------------
[ 3] local 192.168.2.209 port 57406 connected with 192.168.2.225 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-30.0 sec 2.84 GBytes 813 Mbits/sec
[ 3] Sent 2074263 datagrams
[ 3] Server Report:
[ 3] 0.0-30.2 sec 773 MBytes 214 Mbits/sec 15.333 ms 1522671/2074260 (73%)
[ 3] 0.0-30.2 sec 51223 datagrams received out-of-order
When IDS module disabled:
------------------------------------------------------------
Client connecting to 192.168.2.225, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size: 160 KByte (default)
------------------------------------------------------------
[ 3] local 192.168.2.209 port 54567 connected with 192.168.2.225 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-30.0 sec 2.84 GBytes 813 Mbits/sec
[ 3] Sent 2074370 datagrams
[ 3] Server Report:
[ 3] 0.0-30.0 sec 2.82 GBytes 808 Mbits/sec 0.045 ms 13230/2074369 (0.64%)
[ 3] 0.0-30.0 sec 1 datagrams received out-of-order
Same results when I enable IDS, but disable all the rules. Also, while running the test, I watched "top" on Zentyal and saw suricata peg the CPU over 1 during the test.
I know my server is not very powerful, but I wonder how this scales with more powerful hardware, and/or how to with GPU offloading.
The Zentyal server has only 1 gig of RAM and an Intel Core2 4300@1.8ghz.
On a Gbit LAN, running iperf with the IDS module enabled iperf reported:
------------------------------------------------------------
Client connecting to 192.168.2.225, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size: 160 KByte (default)
------------------------------------------------------------
[ 3] local 192.168.2.209 port 57406 connected with 192.168.2.225 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-30.0 sec 2.84 GBytes 813 Mbits/sec
[ 3] Sent 2074263 datagrams
[ 3] Server Report:
[ 3] 0.0-30.2 sec 773 MBytes 214 Mbits/sec 15.333 ms 1522671/2074260 (73%)
[ 3] 0.0-30.2 sec 51223 datagrams received out-of-order
When IDS module disabled:
------------------------------------------------------------
Client connecting to 192.168.2.225, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size: 160 KByte (default)
------------------------------------------------------------
[ 3] local 192.168.2.209 port 54567 connected with 192.168.2.225 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-30.0 sec 2.84 GBytes 813 Mbits/sec
[ 3] Sent 2074370 datagrams
[ 3] Server Report:
[ 3] 0.0-30.0 sec 2.82 GBytes 808 Mbits/sec 0.045 ms 13230/2074369 (0.64%)
[ 3] 0.0-30.0 sec 1 datagrams received out-of-order
Same results when I enable IDS, but disable all the rules. Also, while running the test, I watched "top" on Zentyal and saw suricata peg the CPU over 1 during the test.
I know my server is not very powerful, but I wonder how this scales with more powerful hardware, and/or how to with GPU offloading.
8
Installation and Upgrades / Re: Granting local administrator rights
« on: October 08, 2013, 05:40:53 pm »
Is controlling the users local administrator privileges still performed on each desktop in a Zentyal 3.2 domain. I do not see any way elevate privileges except to domain admin the web gui.
9
Installation and Upgrades / Re: Resetting of file sharing permissions slows down boot process
« on: October 08, 2013, 04:43:25 pm »
Interesting I didn't think this was an issue in 3.2 see:
http://forum.zentyal.org/index.php/topic,18294.msg70807.html#msg70807
http://forum.zentyal.org/index.php/topic,18294.msg70807.html#msg70807
10
Installation and Upgrades / Re: Samba and managing ACL
« on: October 05, 2013, 08:52:49 pm »
Thanks for the heads up, I need to pay closer attention to github for Zentyal I think.
11
Installation and Upgrades / Re: Applying recursive file/folder permissions
« on: October 05, 2013, 08:34:37 pm »
I think it is for a better understanding of system, for when things go wrong, which they eventually do...
12
Installation and Upgrades / Re: RAID
« on: October 04, 2013, 07:35:36 pm »
Agreed. The documentation on some of the finer points on setting up a server could be more clear. Maybe pointers to references in the documentation would help, or is that what the purchased documentation from Zentyal contains...
13
Installation and Upgrades / Re: Samba and managing ACL
« on: October 04, 2013, 07:31:25 pm »
I did notice that Zentyal 3.2 did boot faster in relation to this. Because of unmanaged_acls option in 3.0 it would take 10+ minutes for Zentyal to boot, because it was reapplying permissions on many thousands of files on the network share. But my permissions were not defined separately on sub directories, they all inherited parent permissions, so I guess it is a plus for me, but agreed, there should have been something mentioning this....
14
Installation and Upgrades / Re: After upgrading to 3.2 from 3.0.x The dashboard no longer updates itself
« on: October 03, 2013, 06:11:37 pm »
I have noticed this as well on more than one installation.
15
Installation and Upgrades / Re: User-Rights gone wrong
« on: July 22, 2013, 05:05:57 am »
What I have noticed with the "unmanaged acls" option is that if there are a lot of files in the share, after a reboot it will take awhile before the gui is available. after a reboot, ssh in, run top, and look for permission process (I forget the name) running at the beginning of the list.