[SOGo] BTS activities for Saturday, October 06 2012

2012-10-06 Thread SOGo reporter 
Title: BTS activities for Saturday, October 06 2012





  
BTS Activities

  Home page: http://www.sogo.nu/bugs
  Project: SOGo
  For the period covering: Saturday, October 06 2012

  
  
idlast updatestatus (resolution)categorysummary
	
	
	  
	
2004
	2012-10-06 15:00:25
	resolved (fixed)
	OpenChange backend
	scalability: the fetching of mailboxes should fetch mail content bodies in batch

[SOGo] Re: [Samba] Custom SAMBA4/OpenChage ZEG applicance

2012-10-06 Thread John Russell 
Or could be reverse lookup is not working...

root@sogo:~# nslookup sogo
Server: 172.16.1.7
Address:172.16.1.7#53

Name:   sogo.example.com
Address: 172.16.1.7

root@sogo:~# nslookup 172.16.1.7
Server: 172.16.1.7
Address:172.16.1.7#53

** server can't find 7.1.16.172.in-addr.arpa: SERVFAIL


On Sat, Oct 6, 2012 at 10:22 PM, John Russell  wrote:

> Finally got DNS partially working, the following tests were successful:
> host -t SRV _ldap._tcp.example.com.
> host -t SRV _kerberos._udp.example.com.
> host -t A sogo.example.com.
>
> Still can not join any windows clients (XP or 7) to the EXAMPLE.COMdomain. 
> Tried provisioning SAMBA with both --dns-backend=BIND9_DLZ and then
> --dns-backend=SAMBA_INTERNAL but both return "update failed: REFUSED"
>
> So DNS now seems to be having permission problems?
>
> Attached are outputs from "samba_dnsupdate --verbose --all-names" and the
> subsequent "tail /var/log/syslog". Any ideas?
>
>
> On Fri, Sep 21, 2012 at 4:30 AM, John Russell  wrote:
>
>> Thought for sure this was a real bug, but you are correct Mr. Bartlett,
>> thats just how the SMB protocol works. I verified this with another
>> wireshark capture from the same XP machine and a working SAMBA4 appliance
>> from Sernet. This second capture also reveals that bind9 is still having
>> issues on the SOGo appliance. The host machine registers itself into the
>> DNS zone, but will not add client machines when they try to join the
>> domain. How do I use the internal DNS service with SAMBA4?
>>
>>
>> On Fri, Sep 21, 2012 at 2:24 AM, Andrew Bartlett wrote:
>>
>>> On Sat, 2012-09-15 at 11:02 -0400, John Russell wrote:
>>> > Ran wireshark on the XP client while joining the domain and saw SAM
>>> LOGON
>>> > request from client and SAM Active Directory Response - user unknown.
>>> >
>>> > I noticed on the request and the response packets the user name field
>>> in
>>> > the packet is blank (yes, I am typing the user name and password into
>>> the
>>> > prompt from the XP machine!).
>>> >
>>> > Any ideas on what causes this?
>>>
>>> While an odd feature of the protocol, this is actually a normal
>>> successful response to the expected packet.  (Essentially, this is a
>>> historical oddity from a time when asking if a server knew about a user
>>> over an un-authenticated UDP packet wasn't considered a
>>> security/confidentially issue).
>>>
>>> --
>>> Andrew Bartlett
>>> http://samba.org/~abartlet/
>>> Authentication Developer, Samba Team   http://samba.org
>>>
>>>
>>>
>>
>>
>> --
>> "It's better to be boldly decisive and risk being wrong than to agonize
>> at length and be right too late."
>> Marilyn Moats Kennedy
>>
>
>
>
> --
> "It's better to be boldly decisive and risk being wrong than to agonize at
> length and be right too late."
> Marilyn Moats Kennedy
>



-- 
"It's better to be boldly decisive and risk being wrong than to agonize at
length and be right too late."
Marilyn Moats Kennedy
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

[SOGo] Re: [Samba] Custom SAMBA4/OpenChage ZEG applicance

2012-10-06 Thread John Russell 
Finally got DNS partially working, the following tests were successful:
host -t SRV _ldap._tcp.example.com.
host -t SRV _kerberos._udp.example.com.
host -t A sogo.example.com.

Still can not join any windows clients (XP or 7) to the EXAMPLE.COM domain.
Tried provisioning SAMBA with both --dns-backend=BIND9_DLZ and then
--dns-backend=SAMBA_INTERNAL but both return "update failed: REFUSED"

So DNS now seems to be having permission problems?

Attached are outputs from "samba_dnsupdate --verbose --all-names" and the
subsequent "tail /var/log/syslog". Any ideas?

On Fri, Sep 21, 2012 at 4:30 AM, John Russell  wrote:

> Thought for sure this was a real bug, but you are correct Mr. Bartlett,
> thats just how the SMB protocol works. I verified this with another
> wireshark capture from the same XP machine and a working SAMBA4 appliance
> from Sernet. This second capture also reveals that bind9 is still having
> issues on the SOGo appliance. The host machine registers itself into the
> DNS zone, but will not add client machines when they try to join the
> domain. How do I use the internal DNS service with SAMBA4?
>
>
> On Fri, Sep 21, 2012 at 2:24 AM, Andrew Bartlett wrote:
>
>> On Sat, 2012-09-15 at 11:02 -0400, John Russell wrote:
>> > Ran wireshark on the XP client while joining the domain and saw SAM
>> LOGON
>> > request from client and SAM Active Directory Response - user unknown.
>> >
>> > I noticed on the request and the response packets the user name field in
>> > the packet is blank (yes, I am typing the user name and password into
>> the
>> > prompt from the XP machine!).
>> >
>> > Any ideas on what causes this?
>>
>> While an odd feature of the protocol, this is actually a normal
>> successful response to the expected packet.  (Essentially, this is a
>> historical oddity from a time when asking if a server knew about a user
>> over an un-authenticated UDP packet wasn't considered a
>> security/confidentially issue).
>>
>> --
>> Andrew Bartlett
>> http://samba.org/~abartlet/
>> Authentication Developer, Samba Team   http://samba.org
>>
>>
>>
>
>
> --
> "It's better to be boldly decisive and risk being wrong than to agonize at
> length and be right too late."
> Marilyn Moats Kennedy
>



-- 
"It's better to be boldly decisive and risk being wrong than to agonize at
length and be right too late."
Marilyn Moats Kennedy
root@sogo:~# samba_dnsupdate --verbose --all-names
IPs: ['fe80::a00:27ff:fef2:b592%eth0', '172.16.1.7']
Calling nsupdate for A example.com 172.16.1.7
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
example.com.900 IN  A   172.16.1.7

update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for A sogo.example.com 172.16.1.7
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
sogo.example.com.   900 IN  A   172.16.1.7

update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for A gc._msdcs.example.com 172.16.1.7
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.example.com.  900 IN  A   172.16.1.7

update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for CNAME 
a6b5369c-1f1d-457e-813a-dcef9ec89f8b._msdcs.example.com sogo.example.com
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
a6b5369c-1f1d-457e-813a-dcef9ec89f8b._msdcs.example.com. 900 IN CNAME 
sogo.example.com.

update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for SRV _kpasswd._tcp.example.com sogo.example.com 464
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._tcp.example.com. 900  IN  SRV 0 100 464 sogo.example.com.

update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for SRV _kpasswd._udp.example.com sogo.example.com 464
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._udp.example.com. 900  IN  SRV 0 100 464 sogo.example.com.

update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for SRV _kerberos._tcp.example.com sogo.example.com 88
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.example.com. 900 IN  SRV 0 100 88 sogo.example.com.

update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for SRV _kerberos._tcp.dc._msdcs.example.com sogo.example.com 
88
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id

[SOGo] Nightly built broken web interface

2012-10-06 Thread Christian Rößner 
Hi,

this morning I upgraded the nightly-built to 2.0.0.20121006-1

It seems that paths have changes for WebServices. There is a new folder 
ckeditor. I tried modifying my Alias statements, but not sure what to do there. 
Does someone know, how to get SOGo running again?

Here is my nginx config part:

server {
listen 443;
server_name sogo.roessner-net.de;

root /usr/share/nginx/www;
index index.html index.htm;

ssl on;
ssl_certificate /etc/ssl/certs/sogo.roessner-net.de.crt;
ssl_certificate_key /etc/ssl/private/sogo.roessner-net.de.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH;

rewrite ^/$ https://$host/SOGo permanent;

location /favicon.ico {
alias /var/www/favicon.ico;
}

location ^~ /SOGo {
proxy_pass  http://127.0.0.1:2;
proxy_set_headerX-Real-IP   
$remote_addr;
proxy_set_headerX-Forwarded-For 
$proxy_add_x_forwarded_for;
proxy_set_headerHost
$host;
proxy_set_headerx-webobjects-server-protocol
HTTP/1.0;
proxy_set_headerx-webobjects-remote-host
$remote_addr;
proxy_set_headerx-webobjects-server-port
443;
proxy_set_headerx-webobjects-server-name
$server_name;
proxy_set_headerx-webobjects-server-url 
$scheme://$host;
proxy_connect_timeout   600;
proxy_send_timeout  90;
proxy_read_timeout  600;
proxy_buffer_size   4k;
proxy_buffers   4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size  64k;
client_max_body_size50m;
client_body_buffer_size 128k;
break;
}

location /SOGo.woa/WebServerResources/ {
alias   /usr/lib/GNUstep/SOGo/WebServerResources/;
expires 1y;
}
location /SOGo/WebServerResources/ {
alias   /usr/lib/GNUstep/SOGo/WebServerResources/;
expires 1y;
}
location ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$ {
alias   /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
expires 1y;
}
}

I guess the location and alias lines need updates for me. Changing to what?

Thanks in advance :)

-Christian Rößner

---
Bachelor of Science Informatik
Erlenwiese 14, 36304 Alsfeld
T: +49 6631 78823400, F: +49 6631 78823409, M: +49 176 93118939
USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com

-- 
users@sogo.nu
https://inverse.ca/sogo/lists