Recent Posts

Pages: 1 2 [3] 4 5 ... 10
21
News and Announcements / Upgrade from Zentyal 6.0 to 6.1 is now available
« Last post by blorente on November 15, 2019, 04:37:34 pm »
Hi all,

The upgrade path from Zentyal Server Development 6.0 to 6.1 has been published now. When you upgrade the 'zentyal-core' package to its latest version, "Upgrade button" will appear on the Dashboard. 

We would recommend you to follow this checklist to avoid issues:

* Back up your server and data before upgrading
* Make sure that there are no errors in the /var/log/zentyal/zentyal.log file
* Make sure that there is space available on the disk
* Make sure that the server is updated
* Make sure that there are no broken packages
* Make sure that there are no errors in the internal Samba database or in the MySQL databases
* Make sure that you have Internet connectivity
* Click on the Upgrade button on the Dashboard
* Make sure that the packages have been updated

The official documentation for Zentyal Server 6.1 will include more detailed instructions (it will be published shortly).

Looking forward to receiving your feedback and comments.
22
Contributions / Tips&Tricks / Features Requests / Traefik reverse proxy?
« Last post by TechnicalValues on November 14, 2019, 11:24:05 pm »
Has anyone in here setup Traefik, running ON the Zentyal server in order to provide reverse proxy? My goal is to have a reproducable labe environment where Zentyal is the main system that handles the typical stuff like Active Directory, Certificate Authority, DNS, DHCP, and have it as the default gateway for a few different "Internal" networks. The goal with the reverse proxy would be to have the external interface serving multiple URLs that would each be directed to different servers that sit behind Zentyal on the Internal networks.
23
Installation and Upgrades / open-vm-tools for Zentyal 6.1?
« Last post by TechnicalValues on November 14, 2019, 11:00:51 pm »
I don't recall having this issue when I did a fresh install of 6.0, but with 6.1 when I go to the console and enter:
sudo apt install -y open-vm-tools

I get an error that no candidate is available. It would be great if these tools were available under System Updates or Zentyal Components
24
Installation and Upgrades / best practices for two Zentyal servers
« Last post by sspeed on November 14, 2019, 09:56:26 pm »
I'm finally convincing myself to retire the old Windows 2003 server that I have running alongside Zentyal since I have SMB1 long disabled.  Looking for the best practices when having two Zentyal servers.  Last time I attempted two Zentyal servers dcpromo failed on the old 2003 box and the DNS_Zentyal domain account broke on the original server when I brought the new Zentyal server online.  As of now I have all 7 FSMO roles transferred to Zentyal.

1) Are there any gotchas on the dcpromo for a 2003 box as long as the FSMO roles are transferred?
2) Has anyone else had the DNS_Zentyal account problem with two Zentyals?
3) On the domain tab, do I set my first one up as "Domain controller" and the new one as "Additional Domain Controller"?
4) What else am I missing?  What, if any, functionality will I lose by tombstoning the 2003 server?
25
Installation and Upgrades / zentyal.squid3-external killed by KILL signal
« Last post by Gilberto Ferreira on November 13, 2019, 06:12:23 pm »
Hi there friends...

I have zentyal 4 works fine, but sometimes I see this message is syslog

Nov 13 08:29:20 servidor kernel: [46271.777040] init: zentyal.set-uid-gid-numbers main process (5337) killed by TERM signal
Nov 13 08:31:26 servidor kernel: [46397.332330] init: zentyal.squid3-external main process (11425) killed by KILL signal
Nov 13 10:22:34 servidor kernel: [53058.929901] init: isc-dhcp-server main process (6625) killed by TERM signal
Nov 13 10:22:53 servidor kernel: [53078.020586] init: zentyal.squid3-external main process (1191) killed by KILL signal
Nov 13 10:24:16 servidor kernel: [53160.763082] init: isc-dhcp-server main process (17178) killed by TERM signal
Nov 13 10:34:37 servidor kernel: [53781.188780] init: isc-dhcp-server main process (19818) killed by TERM signal
Nov 13 10:34:56 servidor kernel: [53800.450145] init: zentyal.squid3-external main process (18356) killed by KILL signal
Nov 13 10:39:24 servidor kernel: [54067.794495] init: isc-dhcp-server main process (21955) killed by TERM signal
Nov 13 10:46:18 servidor kernel: [54481.453223] init: zentyal.squid3-external main process (23132) killed by KILL signal
Nov 13 10:46:22 servidor kernel: [54485.832787] init: ebox.loggerd main process (28496) killed by TERM signal
Nov 13 12:05:32 servidor kernel: [59231.181414] init: zentyal.squid3-external main process (29111) killed by KILL signal
Nov 13 12:05:35 servidor kernel: [59233.623781] init: ebox.loggerd main process (29215) killed by TERM signal
Nov 13 13:43:28 servidor kernel: [65100.929273] init: ebox.loggerd main process (22277) killed by TERM signal
Nov 13 13:55:25 servidor kernel: [65818.057803] init: zentyal.squid3-external main process (22142) killed by KILL signal
Nov 13 13:55:28 servidor kernel: [65820.470901] init: ebox.loggerd main process (320) killed by TERM signal

And I thing this errors make squid restart (at least the process) and kill internet access for a moment, than back online again...

Any body get this error too???

Thanks
26
Magyar / Re: Vendég share lehetséges azonosítás nélküli csatlakozással?
« Last post by acs.peter on November 13, 2019, 10:51:37 am »
Sziasztok!

Ez engem is érdekelne, nyomtatós szkennelés miatt.
27
Other modules / Re: Zentyal 6 - HTTPS packets dropped
« Last post by mdtech on November 12, 2019, 07:45:42 pm »
Yes Proxy is Enabled...but not  always configured at the workstation but problem is the same.

Please note that AA.BBB.CCC.DDD is not AA.BBB.CCC.DDE

sudo iptables -t nat --list-rules
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N postmodules
-N premodules
-A PREROUTING -j premodules
-A POSTROUTING -j postmodules
-A POSTROUTING ! -s AA.BBB.CCC.DDE/32 -o eth0 -j SNAT --to-source AA.BBB.CCC.DDE
-A premodules ! -d 192.168.1.2/32 -i eth1 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A premodules ! -d 192.168.1.2/32 -i eth1 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A premodules ! -d 192.168.2.1/32 -i eth2 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A premodules ! -d 192.168.2.1/32 -i eth2 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A premodules ! -d 192.168.3.1/32 -i eth3 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A premodules ! -d 192.168.3.1/32 -i eth3 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A premodules ! -d 192.168.4.1/32 -i eth4 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A premodules ! -d 192.168.4.1/32 -i eth4 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A premodules ! -d 192.168.5.1/32 -i eth5 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A premodules ! -d 192.168.5.1/32 -i eth5 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
==================================================================
sudo iptables -t mangle --list-rules
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N CHECKIP-TEST
-N FAILOVER-TEST
-A PREROUTING -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A PREROUTING -m mark --mark 0x0/0xff -m mac --mac-source 00:C1:64:25:26:1F -j MARK --set-xmark 0x1/0xffffffff
-A PREROUTING -m mark --mark 0x0/0xff -j MARK --set-xmark 0x1/0xffffffff
-A PREROUTING -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A OUTPUT -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A OUTPUT -m mark --mark 0x0/0xff -j MARK --set-xmark 0x1/0xffffffff
-A OUTPUT -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A OUTPUT -j FAILOVER-TEST
-A OUTPUT -j CHECKIP-TEST

==================================================================

sudo iptables -t filter --list-rules

-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-N drop
-N faccept
-N fdns
-N fdrop
-N ffwdrules
-N fglobal
-N fmodules
-N fnoexternal
-N fnospoof
-N fnospoofmodules
-N fredirects
-N ftoexternalonly
-N iaccept
-N idrop
-N iexternal
-N iexternalmodules
-N iglobal
-N imodules
-N inoexternal
-N inointernal
-N inospoof
-N inospoofmodules
-N log
-N oaccept
-N odrop
-N oglobal
-N ointernal
-N omodules
-N preforward
-N preinput
-N preoutput
-A INPUT -i lo -j ACCEPT
-A INPUT -j preinput
-A INPUT -m state --state INVALID -j idrop
-A INPUT -m state --state RELATED,ESTABLISHED -j iaccept
-A INPUT -j inospoof
-A INPUT -j iexternalmodules
-A INPUT -j iexternal
-A INPUT -j inoexternal
-A INPUT -j imodules
-A INPUT -j iglobal
-A INPUT -p icmp ! -f -m icmp --icmp-type 8 -m state --state NEW -j iaccept
-A INPUT -p icmp ! -f -m icmp --icmp-type 0 -m state --state NEW -j iaccept
-A INPUT -p icmp ! -f -m icmp --icmp-type 3 -m state --state NEW -j iaccept
-A INPUT -p icmp ! -f -m icmp --icmp-type 4 -m state --state NEW -j iaccept
-A INPUT -p icmp ! -f -m icmp --icmp-type 11 -m state --state NEW -j iaccept
-A INPUT -p icmp ! -f -m icmp --icmp-type 12 -m state --state NEW -j iaccept
-A INPUT -j idrop
-A FORWARD -j preforward
-A FORWARD -m state --state INVALID -j fdrop
-A FORWARD -m state --state RELATED,ESTABLISHED -j faccept
-A FORWARD -j fnospoof
-A FORWARD -j fredirects
-A FORWARD -j fmodules
-A FORWARD -j ffwdrules
-A FORWARD -j fnoexternal
-A FORWARD -j fdns
-A FORWARD -j fglobal
-A FORWARD -p icmp ! -f -m icmp --icmp-type 8 -m state --state NEW -j faccept
-A FORWARD -p icmp ! -f -m icmp --icmp-type 0 -m state --state NEW -j faccept
-A FORWARD -p icmp ! -f -m icmp --icmp-type 3 -m state --state NEW -j faccept
-A FORWARD -p icmp ! -f -m icmp --icmp-type 4 -m state --state NEW -j faccept
-A FORWARD -p icmp ! -f -m icmp --icmp-type 11 -m state --state NEW -j faccept
-A FORWARD -p icmp ! -f -m icmp --icmp-type 12 -m state --state NEW -j faccept
-A FORWARD -j fdrop
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j preoutput
-A OUTPUT -m state --state INVALID -j odrop
-A OUTPUT -m state --state RELATED,ESTABLISHED -j oaccept
-A OUTPUT -j ointernal
-A OUTPUT -j omodules
-A OUTPUT -j oglobal
-A OUTPUT -p icmp ! -f -m icmp --icmp-type 8 -m state --state NEW -j oaccept
-A OUTPUT -p icmp ! -f -m icmp --icmp-type 0 -m state --state NEW -j oaccept
-A OUTPUT -p icmp ! -f -m icmp --icmp-type 3 -m state --state NEW -j oaccept
-A OUTPUT -p icmp ! -f -m icmp --icmp-type 4 -m state --state NEW -j oaccept
-A OUTPUT -p icmp ! -f -m icmp --icmp-type 11 -m state --state NEW -j oaccept
-A OUTPUT -p icmp ! -f -m icmp --icmp-type 12 -m state --state NEW -j oaccept
-A OUTPUT -j odrop
-A drop -m limit --limit 50/min --limit-burst 10 -j LOG --log-prefix "zentyal-firewall drop " --log-level 7
-A drop -j DROP
-A faccept -i eth0 -j NFQUEUE --queue-num 0
-A faccept -j ACCEPT
-A fdrop -j drop
-A ffwdrules -i eth1 -j RETURN
-A ffwdrules -i eth2 -j RETURN
-A ffwdrules -i eth3 -j RETURN
-A ffwdrules -i eth4 -j RETURN
-A ffwdrules -i eth5 -j RETURN
-A fglobal -j faccept
-A fnoexternal -i eth0 -m state --state NEW -j fdrop
-A fnospoof -j fnospoofmodules
-A fnospoof -s 192.168.2.211/32 -m mac ! --mac-source 10:60:4B:14:25:50 -j fdrop
-A fnospoof -s 192.168.2.210/32 -m mac ! --mac-source 00:20:78:0E:F8:53 -j fdrop
-A fnospoof -s AA.BBB.CCC.DDD/30 ! -i eth0 -j fdrop
-A fnospoof -s 192.168.1.0/24 ! -i eth1 -j fdrop
-A fnospoof -s 192.168.2.0/24 ! -i eth2 -j fdrop
-A fnospoof -s 192.168.3.0/24 ! -i eth3 -j fdrop
-A fnospoof -s 192.168.4.0/24 ! -i eth4 -j fdrop
-A fnospoof -s 192.168.5.0/24 ! -i eth5 -j fdrop
-A ftoexternalonly -o eth0 -j faccept
-A ftoexternalonly -j fdrop
-A iaccept -i eth0 -j NFQUEUE --queue-num 0
-A iaccept -j ACCEPT
-A idrop -j drop
-A iexternal -i eth1 -j RETURN
-A iexternal -i eth2 -j RETURN
-A iexternal -i eth3 -j RETURN
-A iexternal -i eth4 -j RETURN
-A iexternal -i eth5 -j RETURN
-A iexternal -p udp -m udp --sport 631 --dport 631 -m state --state NEW -j iaccept
-A iexternal -p tcp -m tcp --sport 631 --dport 631 -m state --state NEW -j iaccept
-A iexternal -p udp -m udp --dport 4000 -m state --state NEW -j iaccept
-A iexternal -p tcp -m tcp --dport 4000 -m state --state NEW -j iaccept
-A iexternal -p tcp -m tcp --dport 22 -m state --state NEW -j iaccept
-A iexternal -p udp -m udp --dport 10000 -m state --state NEW -j iaccept
-A iexternal -p tcp -m tcp --dport 10000 -m state --state NEW -j iaccept
-A iexternal -p tcp -m tcp --dport 8443 -m state --state NEW -j iaccept
-A iexternal -p tcp -m tcp --dport 587 -m state --state NEW -j drop
-A iexternal -p tcp -m tcp --dport 110 -m state --state NEW -j drop
-A iexternal -p tcp -m tcp --dport 143 -m state --state NEW -j drop
-A iexternal -p tcp -m tcp --dport 993 -m state --state NEW -j drop
-A iexternal -p tcp -m tcp --dport 995 -m state --state NEW -j drop
-A iexternal -p tcp -m tcp --dport 4190 -m state --state NEW -j drop
-A iexternal -p tcp -m tcp --dport 25 -m state --state NEW -j drop
-A iexternal -p tcp -m tcp --dport 465 -m state --state NEW -j drop
-A iexternal -p udp -m udp --dport 1812 -m state --state NEW -j drop
-A iexternal -p tcp -m tcp --dport 5222 -m state --state NEW -j drop
-A iexternal -p tcp -m tcp --dport 5223 -m state --state NEW -j drop
-A iexternalmodules -i eth1 -j RETURN
-A iexternalmodules -i eth2 -j RETURN
-A iexternalmodules -i eth3 -j RETURN
-A iexternalmodules -i eth4 -j RETURN
-A iexternalmodules -i eth5 -j RETURN
-A iglobal -p tcp -m tcp --dport 80 -m state --state NEW -j iaccept
-A iglobal -p udp -m udp --dport 10000 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 10000 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 587 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 110 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 143 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 993 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 995 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 4190 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 25 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 465 -m state --state NEW -j iaccept
-A iglobal -p udp -m udp --dport 1812 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 5222 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 5223 -m state --state NEW -j iaccept
-A iglobal -p udp -m udp --dport 88 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 88 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 135 -m state --state NEW -j iaccept
-A iglobal -p udp -m udp --dport 137 -m state --state NEW -j iaccept
-A iglobal -p udp -m udp --dport 138 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 139 -m state --state NEW -j iaccept
-A iglobal -p udp -m udp --dport 389 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 389 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 445 -m state --state NEW -j iaccept
-A iglobal -p udp -m udp --dport 464 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 464 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 636 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 3268 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 3269 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 49152:65535 -m state --state NEW -j iaccept
-A iglobal -p udp -m udp --dport 53 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 53 -m state --state NEW -j iaccept
-A iglobal -p udp -m udp --dport 123 -m state --state NEW -j iaccept
-A iglobal -p udp -m udp --sport 67:68 --dport 67:68 -m state --state NEW -j iaccept
-A iglobal -p udp -m udp --dport 69 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 22 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 8443 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 20 -m state --state NEW -j iaccept
-A iglobal -p tcp -m tcp --dport 21 -m state --state NEW -j iaccept
-A imodules -i eth1 -p tcp -m state --state NEW -m tcp --dport 3128 -j iaccept
-A imodules -i eth2 -p tcp -m state --state NEW -m tcp --dport 3128 -j iaccept
-A imodules -i eth3 -p tcp -m state --state NEW -m tcp --dport 3128 -j iaccept
-A imodules -i eth4 -p tcp -m state --state NEW -m tcp --dport 3128 -j iaccept
-A imodules -i eth5 -p tcp -m state --state NEW -m tcp --dport 3128 -j iaccept
-A imodules -p tcp -m state --state NEW -m tcp --dport 3129 -j DROP
-A inoexternal -i eth0 -m state --state NEW -j idrop
-A inospoof -j inospoofmodules
-A inospoof -s 192.168.2.211/32 -m mac ! --mac-source 10:60:4B:14:25:50 -j idrop
-A inospoof -s 192.168.2.210/32 -m mac ! --mac-source 00:20:78:0E:F8:53 -j idrop
-A inospoof -s AA.BBB.CCC.DDD/30 ! -i eth0 -j idrop
-A inospoof -s 192.168.1.0/24 ! -i eth1 -j idrop
-A inospoof -s 192.168.2.0/24 ! -i eth2 -j idrop
-A inospoof -s 192.168.3.0/24 ! -i eth3 -j idrop
-A inospoof -s 192.168.4.0/24 ! -i eth4 -j idrop
-A inospoof -s 192.168.5.0/24 ! -i eth5 -j idrop
-A log -m limit --limit 50/min --limit-burst 10 -j LOG --log-prefix "zentyal-firewall log " --log-level 7
-A log -j RETURN
-A oaccept -j ACCEPT
-A odrop -j drop
-A oglobal -m state --state NEW -j oaccept
-A omodules -p tcp -m tcp --dport 80 -j oaccept
-A omodules -p udp -m udp --dport 53 -j oaccept
-A omodules -p tcp -m tcp --dport 53 -j oaccept
-A omodules -p tcp -m tcp --dport 80 -j oaccept
-A omodules -p tcp -m state --state NEW -m tcp --dport 80 -j oaccept
-A omodules -p tcp -m state --state NEW -m tcp --dport 443 -j oaccept
28
Spanish / Re: Ayuda con Proxy en zentyal 6.0
« Last post by ljcolomer86 on November 11, 2019, 08:45:10 pm »
ejemplo hermano quedaria asi:
% if ($cache_host and $cache_port) {
%   my $peerAuth = '';
%   if ($cache_user and $cache_passwd) {
# WARN: remember that for squid auth % are HTML escapes
%  $cache_host =  '200.125.14.1';
%  $cache_port =  '3128';
%  $cache_user =  '*';
%  $cache_passwd =  'nopassword';

%    $peerAuth = 'login=' . $cache_user . ':' . $cache_passwd;
%   }
cache_peer <% $cache_host %> parent <% $cache_port %> 0 no-query no-digest <% $peerAuth %>
% }
hermano dime si asi estaria bien es lo que esta en negrita gracias
29
Email and Groupware / Re: Journaling
« Last post by doncamilo on November 11, 2019, 05:58:46 pm »
 :)

If you mean to the use of Systemd journactl and/or rsyslog + logrotate, the answer is yes.

Cheers!
30
Spanish / Re: Brocken Packages al ACTUALIZAR Zentyal!!!
« Last post by doncamilo on November 11, 2019, 05:21:06 pm »
 :)

Pega aquí el contenido de tu /etc/apt/sources.list (y de cualquier archivo contenido en /etc/apt/sources.list.d). Después ejecuta los comandos
Code: [Select]
sudo sudo apt-get check o
Code: [Select]
sudo dpkg -l | grep -Ev '^(ii|rc)' y
Code: [Select]
sudo dpkg -l zentyal-* y pega aquí los resultados a ver qué se puede hacer.

Me temo que había algo mal en tu repositorio APT y has entrado en el https://en.wikipedia.org/wiki/Dependency_hell

¡Salud!

Pages: 1 2 [3] 4 5 ... 10