[SOGo] BTS activities for Saturday, October 06 2012
Title: BTS activities for Saturday, October 06 2012 BTS Activities Home page: http://www.sogo.nu/bugs Project: SOGo For the period covering: Saturday, October 06 2012 idlast updatestatus (resolution)categorysummary 2004 2012-10-06 15:00:25 resolved (fixed) OpenChange backend scalability: the fetching of mailboxes should fetch mail content bodies in batch
[SOGo] Re: [Samba] Custom SAMBA4/OpenChage ZEG applicance
Or could be reverse lookup is not working... root@sogo:~# nslookup sogo Server: 172.16.1.7 Address:172.16.1.7#53 Name: sogo.example.com Address: 172.16.1.7 root@sogo:~# nslookup 172.16.1.7 Server: 172.16.1.7 Address:172.16.1.7#53 ** server can't find 7.1.16.172.in-addr.arpa: SERVFAIL On Sat, Oct 6, 2012 at 10:22 PM, John Russell wrote: > Finally got DNS partially working, the following tests were successful: > host -t SRV _ldap._tcp.example.com. > host -t SRV _kerberos._udp.example.com. > host -t A sogo.example.com. > > Still can not join any windows clients (XP or 7) to the EXAMPLE.COMdomain. > Tried provisioning SAMBA with both --dns-backend=BIND9_DLZ and then > --dns-backend=SAMBA_INTERNAL but both return "update failed: REFUSED" > > So DNS now seems to be having permission problems? > > Attached are outputs from "samba_dnsupdate --verbose --all-names" and the > subsequent "tail /var/log/syslog". Any ideas? > > > On Fri, Sep 21, 2012 at 4:30 AM, John Russell wrote: > >> Thought for sure this was a real bug, but you are correct Mr. Bartlett, >> thats just how the SMB protocol works. I verified this with another >> wireshark capture from the same XP machine and a working SAMBA4 appliance >> from Sernet. This second capture also reveals that bind9 is still having >> issues on the SOGo appliance. The host machine registers itself into the >> DNS zone, but will not add client machines when they try to join the >> domain. How do I use the internal DNS service with SAMBA4? >> >> >> On Fri, Sep 21, 2012 at 2:24 AM, Andrew Bartlett wrote: >> >>> On Sat, 2012-09-15 at 11:02 -0400, John Russell wrote: >>> > Ran wireshark on the XP client while joining the domain and saw SAM >>> LOGON >>> > request from client and SAM Active Directory Response - user unknown. >>> > >>> > I noticed on the request and the response packets the user name field >>> in >>> > the packet is blank (yes, I am typing the user name and password into >>> the >>> > prompt from the XP machine!). >>> > >>> > Any ideas on what causes this? >>> >>> While an odd feature of the protocol, this is actually a normal >>> successful response to the expected packet. (Essentially, this is a >>> historical oddity from a time when asking if a server knew about a user >>> over an un-authenticated UDP packet wasn't considered a >>> security/confidentially issue). >>> >>> -- >>> Andrew Bartlett >>> http://samba.org/~abartlet/ >>> Authentication Developer, Samba Team http://samba.org >>> >>> >>> >> >> >> -- >> "It's better to be boldly decisive and risk being wrong than to agonize >> at length and be right too late." >> Marilyn Moats Kennedy >> > > > > -- > "It's better to be boldly decisive and risk being wrong than to agonize at > length and be right too late." > Marilyn Moats Kennedy > -- "It's better to be boldly decisive and risk being wrong than to agonize at length and be right too late." Marilyn Moats Kennedy -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] Re: [Samba] Custom SAMBA4/OpenChage ZEG applicance
Finally got DNS partially working, the following tests were successful: host -t SRV _ldap._tcp.example.com. host -t SRV _kerberos._udp.example.com. host -t A sogo.example.com. Still can not join any windows clients (XP or 7) to the EXAMPLE.COM domain. Tried provisioning SAMBA with both --dns-backend=BIND9_DLZ and then --dns-backend=SAMBA_INTERNAL but both return "update failed: REFUSED" So DNS now seems to be having permission problems? Attached are outputs from "samba_dnsupdate --verbose --all-names" and the subsequent "tail /var/log/syslog". Any ideas? On Fri, Sep 21, 2012 at 4:30 AM, John Russell wrote: > Thought for sure this was a real bug, but you are correct Mr. Bartlett, > thats just how the SMB protocol works. I verified this with another > wireshark capture from the same XP machine and a working SAMBA4 appliance > from Sernet. This second capture also reveals that bind9 is still having > issues on the SOGo appliance. The host machine registers itself into the > DNS zone, but will not add client machines when they try to join the > domain. How do I use the internal DNS service with SAMBA4? > > > On Fri, Sep 21, 2012 at 2:24 AM, Andrew Bartlett wrote: > >> On Sat, 2012-09-15 at 11:02 -0400, John Russell wrote: >> > Ran wireshark on the XP client while joining the domain and saw SAM >> LOGON >> > request from client and SAM Active Directory Response - user unknown. >> > >> > I noticed on the request and the response packets the user name field in >> > the packet is blank (yes, I am typing the user name and password into >> the >> > prompt from the XP machine!). >> > >> > Any ideas on what causes this? >> >> While an odd feature of the protocol, this is actually a normal >> successful response to the expected packet. (Essentially, this is a >> historical oddity from a time when asking if a server knew about a user >> over an un-authenticated UDP packet wasn't considered a >> security/confidentially issue). >> >> -- >> Andrew Bartlett >> http://samba.org/~abartlet/ >> Authentication Developer, Samba Team http://samba.org >> >> >> > > > -- > "It's better to be boldly decisive and risk being wrong than to agonize at > length and be right too late." > Marilyn Moats Kennedy > -- "It's better to be boldly decisive and risk being wrong than to agonize at length and be right too late." Marilyn Moats Kennedy root@sogo:~# samba_dnsupdate --verbose --all-names IPs: ['fe80::a00:27ff:fef2:b592%eth0', '172.16.1.7'] Calling nsupdate for A example.com 172.16.1.7 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: example.com.900 IN A 172.16.1.7 update failed: REFUSED Failed nsupdate: 2 Calling nsupdate for A sogo.example.com 172.16.1.7 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: sogo.example.com. 900 IN A 172.16.1.7 update failed: REFUSED Failed nsupdate: 2 Calling nsupdate for A gc._msdcs.example.com 172.16.1.7 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: gc._msdcs.example.com. 900 IN A 172.16.1.7 update failed: REFUSED Failed nsupdate: 2 Calling nsupdate for CNAME a6b5369c-1f1d-457e-813a-dcef9ec89f8b._msdcs.example.com sogo.example.com Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: a6b5369c-1f1d-457e-813a-dcef9ec89f8b._msdcs.example.com. 900 IN CNAME sogo.example.com. update failed: REFUSED Failed nsupdate: 2 Calling nsupdate for SRV _kpasswd._tcp.example.com sogo.example.com 464 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kpasswd._tcp.example.com. 900 IN SRV 0 100 464 sogo.example.com. update failed: REFUSED Failed nsupdate: 2 Calling nsupdate for SRV _kpasswd._udp.example.com sogo.example.com 464 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kpasswd._udp.example.com. 900 IN SRV 0 100 464 sogo.example.com. update failed: REFUSED Failed nsupdate: 2 Calling nsupdate for SRV _kerberos._tcp.example.com sogo.example.com 88 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kerberos._tcp.example.com. 900 IN SRV 0 100 88 sogo.example.com. update failed: REFUSED Failed nsupdate: 2 Calling nsupdate for SRV _kerberos._tcp.dc._msdcs.example.com sogo.example.com 88 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id
[SOGo] Nightly built broken web interface
Hi, this morning I upgraded the nightly-built to 2.0.0.20121006-1 It seems that paths have changes for WebServices. There is a new folder ckeditor. I tried modifying my Alias statements, but not sure what to do there. Does someone know, how to get SOGo running again? Here is my nginx config part: server { listen 443; server_name sogo.roessner-net.de; root /usr/share/nginx/www; index index.html index.htm; ssl on; ssl_certificate /etc/ssl/certs/sogo.roessner-net.de.crt; ssl_certificate_key /etc/ssl/private/sogo.roessner-net.de.key; ssl_session_timeout 5m; ssl_session_cache shared:SSL:5m; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH; rewrite ^/$ https://$host/SOGo permanent; location /favicon.ico { alias /var/www/favicon.ico; } location ^~ /SOGo { proxy_pass http://127.0.0.1:2; proxy_set_headerX-Real-IP $remote_addr; proxy_set_headerX-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_headerHost $host; proxy_set_headerx-webobjects-server-protocol HTTP/1.0; proxy_set_headerx-webobjects-remote-host $remote_addr; proxy_set_headerx-webobjects-server-port 443; proxy_set_headerx-webobjects-server-name $server_name; proxy_set_headerx-webobjects-server-url $scheme://$host; proxy_connect_timeout 600; proxy_send_timeout 90; proxy_read_timeout 600; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; client_max_body_size50m; client_body_buffer_size 128k; break; } location /SOGo.woa/WebServerResources/ { alias /usr/lib/GNUstep/SOGo/WebServerResources/; expires 1y; } location /SOGo/WebServerResources/ { alias /usr/lib/GNUstep/SOGo/WebServerResources/; expires 1y; } location ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$ { alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2; expires 1y; } } I guess the location and alias lines need updates for me. Changing to what? Thanks in advance :) -Christian Rößner --- Bachelor of Science Informatik Erlenwiese 14, 36304 Alsfeld T: +49 6631 78823400, F: +49 6631 78823409, M: +49 176 93118939 USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com -- users@sogo.nu https://inverse.ca/sogo/lists