Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - doncamilo

Pages: 1 [2] 3 4 ... 32
Installation and Upgrades / Re: Zentyal 7 release date?
« on: January 22, 2021, 01:34:37 pm »
Got another problem.. Any advice? Not sure what caused this.. I noticed problems when I changed interface address and it did not update in DNS (the realm is dynamic).

Code: [Select]
2021/01/21 16:11:23 INFO> EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2021/01/21 16:12:01 ERROR> EBox::Sudo::_rootError - root command nsupdate -g -t 10 /var/lib/zentyal/tmp/s9lkGpokAt failed.
Error output: tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  Minor code may provide more information, Minor = Cannot contact any KDC for realm 'ZENTYAL.LAN'.

Command output: .
Exit value: 2 at root command nsupdate -g -t 10 /var/lib/zentyal/tmp/s9lkGpokAt failed.

Run this:

Code: [Select]
sudo samba_dnsupdate --verbose --all-names

You'll see all the samba dns records. Check them. In addition, I wonder if could be useful configure the [realm] krb5.conf section with the kdc of the realm.


Other modules / Re: WebAdmin https://localhost:8443 not responding
« on: January 22, 2021, 12:24:22 pm »

The command you are looking for isn't

Code: [Select]
systemctl status service nginx.service but this one
Code: [Select]
systemctl status zentyal.webadmin-nginx.service
You should check this one too
Code: [Select]
systemctl status zentyal.webadmin-uwsgi.service
These logs could be useful:

  • /var/log/nginx/error.log
  • /var/log/zentyal/uwsgi.log
  • /var/log/zentyal/zentyal.log

Code: [Select]
2020/12/30 11:41:32 [emerg] 6291#6291: SSL_CTX_use_PrivateKey_file("/var/lib/zentyal/conf/ssl/ssl.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
You have an issue with your SSL key and certificate for Webadmin.

You can check that your key and cert match this way:

Code: [Select]
sudo openssl rsa -in /var/lib/zentyal/conf/ssl/ssl.key -noout -modulus | openssl md5
(stdin)= e4420cbf00bb6017b32a7a29e9aa26ac
sudo openssl x509 -in /var/lib/zentyal/conf/ssl/ssl.pem -noout -modulus | openssl md5
(stdin)= e4420cbf00bb6017b32a7a29e9aa26ac

You can fix it manually by changing the nginx.conf.mas this way:

Code: [Select]
ssl_certificate <% $zentyalconfdir %>ssl/ssl.pem;
ssl_certificate_key <% $zentyalconfdir %>ssl/ssl.pem;

Use the before openssl commands to check the match between the private key in ssl.pem and the public key in the same file.


Installation and Upgrades / Re: Command line shutdown/power off
« on: January 22, 2021, 11:46:03 am »

Did you think about UPower?


Contributions / Tips&Tricks / Features Requests / Re: IPv6 support
« on: January 18, 2021, 09:15:40 am »
Since a moment, and now in 2021, ISP gives only IPv6.

The problem is that Zentyal does not support IPv6.

Can you add IPv6 support?

Ticket on GitHub:

Thanks in advance.


A really creepy warning. Could you paste here some references? What ISP do you use?   :-\


Installation and Upgrades / Re: Let's Encrypt (Lets Encrypt) support
« on: January 18, 2021, 09:02:38 am »

Configuring Let's Encrypt certificates is a five minutes task and it's described in detail in the documentation.

Why do you think that Let's Encrypt isn't supported by Zentyal?   :o

Do you need some detailed help? :)


Since my first ticket for Let's Encrypt support: (it has been closed by Zentyal Team).

I have created a second ticket for Let's Encrypt support which has been closed by Zentyal Team too.

I have created a third ticket for Let's Encrypt support, can you like, comment on it?


Zentyal admite certificados Let's Encrypt (y cualquier otro certificado válido emitido por otras CAs) En cualquier caso, no da la impresión de que el problema de esté relacionado con un intento fallido de instalar LE... ¿No crees?

Lee ésto y ésto



I would bet that you have some other broken packages. Paste here this command output:

Code: [Select]
dpkg -l | egrep -v '^(ii|rc)'



Paste here the output of these commands:

Code: [Select]
sudo systemctl status zentyal.webadmin-nginx.service
sudo systemctl status zentyal.webadmin-uwsgi.service
sudo egrep -a 'ERROR' /var/log/zentyal/zentyal.log
sudo egrep -a 'ERROR' /var/log/zentyal/uwsgi.log
sudo egrep -a 'ERROR' /var/log/nginx/error.log



How to modify file smb.conf because after restart any changes are destroyed ?




I don't know, but, any case, Bionic has standard support until April 2023.

It's your need for upgrading so critical or, simply,  do you want (like myself) to get your teeth into samba 4.11?  (Samba PSOs are a great improvement) ;)

Developers told ( Oct 30) that it will be released in a few weeks,35064.msg113882.html#msg113882


Directory and Authentication / Re: Avoid samba binding to a vlan interfaces
« on: December 11, 2020, 02:09:52 pm »

Could be a great solution. Indeed, the samba.conf file isn't generated by templates, so you can change the parameters directly. Actually the change of the listen_external to "no" removes the external interfaces from the smb.conf "interfaces" parameter.

Defining a network interface as external apply the iptables rules configured for external networks and this section of the firewall has a default policy of denying any connection

So, you'll have to configure the needed firewall rules in order to grant permissions to the usual network traffic in your trunk interface.

Try it and tell us about it!

A great idea.


There are several ways to check if the account is enabled. For instance, in my lab server:

Code: [Select]
# An enabled user account
root@orthanc:~# pdbedit -v -u jesus.quesada | egrep '^Account\sFlags:'
Account Flags:        [U          ]
# A disabled user account
root@orthanc:~# pdbedit -v -u eldelas.bermudas | egrep '^Account\sFlags:'
Account Flags:        [DU         ]

About the account flags: man pdbedit

Code: [Select]
Possible flags
           are listed below.

                  ·   N: No password required

                  ·   D: Account disabled

                  ·   H: Home directory required

                  ·   T: Temporary duplicate of other account

                  ·   U: Regular user account

                  ·   M: MNS logon user account

                  ·   W: Workstation Trust Account

                  ·   S: Server Trust Account

                  ·   L: Automatic Locking

                  ·   X: Password does not expire

                  ·   I: Domain Trust Account

You can use ldbsearch and this table to check the user account control parameter:

Code: [Select]
root@orthanc:~# ldbsearch -H /var/lib/samba/private/sam.ldb 'userAccountControl=*' samaccountname useraccountcontrol

The flags are like octal Unix permissions. It's easy to write a script to know the disabled accounts.



Did you try to use some other e-mail client instead of Outlook?  It seems to me some problem with the Outlook configuration.


Pages: 1 [2] 3 4 ... 32