Re: [SOGo] Button to expand LDAP groups in mail editor is not shown

[Rowland Penny]

On 20/01/2020 16:31, Lars Liedtke (lied...@punkt.de) wrote:


No,

neither

(&(|(samaccountname=Team-mOps)(mail=Team-mOps)(userPrincipalName=Team-mOps))(|(&(&(ObjectClass=user)(|(memberOf=CN=OX-Test-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)(memberOf=CN=OX-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))(ObjectClass=group)))

nor

(&(|(samaccountname=Team-Pi)(mail=Team-Pi)(userPrincipalName=Team-Pi))(|(&(&(ObjectClass=user)(|(memberOf=CN=OX-Test-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)(memberOf=CN=OX-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))(ObjectClass=group)))

do return a result, but with Team-Pi it seems to do another query 
afterwards, which returns the Team for u:


Jan 20 17:15:47 sogod [1076]: <0x0x80bcc9418[NGLdapConnection]> Using 
ldap_initialize for LDAP URL:ldap://127.0.0.1:389
2020-01-20 17:15:47.782 sogod[1076:100238] -[NGLdapConnection 
_searchAtBaseDN:qualifier:attributes:scope:]: search at base 
'ou=mitarbeiter,dc=intern,dc=punkt, dc=de' filter 
'(&(|(samaccountname=Team-Pi)(mail=Team-Pi)(userPrincipalName=Team-Pi))(|(&(&(ObjectClass=user)(|(memberOf=CN=OX-Test-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)(memberOf=CN=OX-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))(ObjectClass=group)))'
 for attrs '*'  
    │
Jan 20 17:15:47 sogod [1076]: <0x0x80bccb538[NGLdapConnection]> Using 
ldap_initialize for LDAP URL:ldap://127.0.0.1:389
2020-01-20 17:15:47.810 sogod[1076:100238] -[NGLdapConnection 
_searchAtBaseDN:qualifier:attributes:scope:]: search at base 
'ou=mitarbeiter,dc=intern,dc=punkt,dc=de' filter '(samaccountname=Team-Pi)' for 
attrs '*'

and with Team-mOps it seems not to do the second query

But when I change the sAmAccountName of Team-mOps, this group is 
working, too. So I must havce been wrong with the difference between 
CN and sAMAccountName. So thank you for your help. I will change all 
sAMAccountNames.


Lars

If the software relies on the 'CN' == 'sAMAccountName' then it is a bug, 
there is nothing in AD that specifies that they must be the same, in 
fact, they are very often different.


Rowland


--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] AD LDAP SOGoUserSources

[Rowland Penny]

On Thu, 24 Jan 2019 14:48:01 -0800
"Carl Doss" (cd...@bahaicenter.net)  wrote:


> >
> > On 1/24/2019 1:28 PM, Matthew Valdez (maval...@ludlums.com) wrote:
> >> Hello,
> >>
> >> I am trying to setup the SOGoUserSources by using Active Directory 
> >> and LDAP and for some reason I cannot seem to get it to work. I am 
> >> able to login if I use the type SQL, but cannot seem to get it to 
> >> work with ldap. Any help would be appreciate, this is what I have
> >> for SOGoUserSources, of course modified a little to share with you
> >> all.
> >>
> >>
> >>     SOGoUserSources = (
> >>     {
> >>             type             = ldap;
> >>             CNFieldName     = cn;
> >>             IDFieldName     = uid;
> >>             UIDFieldName     = uid;
> >>             baseDN            = "cn=Users,dc=domain,dc=local";
> >>             bindDN           = 
> >> "cn=sogo,cn=Users,dc=domain,dc=local";
> >>             bindPassword    = password;
> >>             canAuthenticate = YES;
> >>             displayName        = "Shared Addresses";
> >>             hostname        = "ldap://dns.dc.local:389;;
> >>             id             = public;
> >>             isAddressBook   = YES;
> >>     }
> >>     );
> >>

Taking this:

cn=Users,dc=domain,dc=local

and this:

ldap://dns.dc.local:389

into account, is the FQDN of the AD DC really
'dns.dc.local' ?

To put it another way, they do not match, 'dc=domain,dc=local' will
come from your dns domain 'domain.local' so the 'hostname' should be
'ldap://' or 'ldap://.domain.local'

Rowland
  

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Problems logging on to the server with Outlook 2010/2013

[Rowland Penny]

On Sat, 30 Sep 2017 17:03:13 +0200
"init" (26196...@web.de) <users@sogo.nu> wrote:

> Hello, everyone.
> 
> I have now made a new installation and use a public domain with a
> trusted certificate and a working Autodiscover for the public Domain
> which refers to my server mail.example.com
> 
> Here's my environmental data:
>  
> Interne "Domain/Workgroup" = example.intern
> Interner Server Name = sogo.example.intern
> Interner Server IP = 192.168.146.6
> Mail Domain = example.com
> Web Domain = mail.example.com
> 
> When using the Outlook wizard I get NO warnings about certificates.
> At the first point "Establish network connection" I get a green tick.
> If I use a valid email address of the domain at the second point
> "Search for postmas...@fritz.box-Serversettings", then I get a green
> tick and come to the next point. If I use an invalid email address of
> the domain, then I get a red cross at point 2. At the 3rd point
> "Logging on to the server" I get a red cross with the message "The
> action cannot be completed. No connection to Microsoft Exchange is
> available. Outlook must be in online mode or connected to complete
> this process." (German --> Die Aktion kann nicht abgeschlossen
> werden. Es steht keine Verbindung mit Microsoft Exchange zur
> Verfügung. Outlook muss im Onlinemodus oder verbunden sein, um diesen
> Vorgang abzuschließen)
> 
> After that I get a popup where I have to fill the fields "Microsoft
> Exchange Server" and "Mailbox". These fields have the following
> default values: Microsoft Exchange Server = "mail.example.com"
> Mailbox = "=SMTP:postmas...@example.com"
> 
> Here is my smb.conf
>   # Global parameters
>   [global]
>workgroup = EXAMPLE
>realm = EXAMPLE.INTERN
>netbios name = SOGO
>server role = active directory domain controller
>dns forwarder = 192.168.146.1
>#server services = dns
>#server services = -dns -winbindd +winbind
>
>#disable default strong auth
>ldap server require strong auth = No
>   
>### Configuration required by OpenChange server ###
>dsdb:schema update allowed = true
>dcerpc endpoint servers = epmapper, mapiproxy, dnsserver
>dcerpc_mapiproxy:server = true
>dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp,
> exchange_ds_rfr ### Configuration required by OpenChange server ###
>   
>mapistore:namedproperties = mysql
>namedproperties:mysql_user = openchange-user
>namedproperties:mysql_pass = pwd
>namedproperties:mysql_host = localhost
>namedproperties:mysql_db = openchange
>   
>mapistore:indexing_backend =
> mysql://openchange-user:pwd@localhost/openchange
> mapiproxy:openchangedb =
> mysql://openchange-user:pwd@localhost/openchange [netlogon]

I cannot really comment about the Sogo aspects of this, but I can
assure you of this, Openchange is a dead project, it is not maintained
and I am surprised that you have managed to get it working with The
version of Samba that comes with Ubuntu 16.04, that is if it is working.

To put it another way, try starting again, but this time, do not bother
with Openchange.

Rowland Penny
Samba team member
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] SOGo - Openchange issue

[Rowland Penny]

On 05/05/16 18:41, Ludovic Marcotte (lmarco...@inverse.ca) wrote:

On 2016-05-05 13:40, Jonathan Mathews (jm3185...@gmail.com) wrote:


Will OpenChange also be updated?


Yes.
--
Ludovic Marcotte
lmarco...@inverse.ca   ::  +1.514.755.3630  ::http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence 
(http://packetfence.org)
--
users@sogo.nu
https://inverse.ca/sogo/lists


Does this mean you have taken on development of Openchange ?

Rowland
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] SOGo - Openchange issue

[Rowland Penny]

On 05/05/16 18:35, Ludovic Marcotte (lmarco...@inverse.ca) wrote:

On 2016-05-05 13:29, Jonathan Mathews (jm3185...@gmail.com) wrote:


In your opinion, what would be the best way to SOGo to connect to 
Outlook 2010,  I need to make sure that the calendar is able to sync.



We will soon update the Samba packages - 2-3 weeks time frame.

More news to come regarding this real soon.

Thanks,
--
Ludovic Marcotte
lmarco...@inverse.ca   ::  +1.514.755.3630  ::http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence 
(http://packetfence.org)
--
users@sogo.nu
https://inverse.ca/sogo/lists


Hi, did you possibly miss what happened on the 12th of last month ???

Rowland

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] SOGo - Openchange issue

[Rowland Penny]

On 05/05/16 18:29, Jonathan Mathews (jm3185...@gmail.com) wrote:


Hi Rowland

Thank you for the information, it explains a lot.

In your opinion, what would be the best way to SOGo to connect to 
Outlook 2010,  I need to make sure that the calendar is able to sync.


Thanks
Jonathan




Hi Jonathon, I do not use Outlook, so I have no idea, I just know 
something about the Openchange problems.


Rowland

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] SOGo - Openchange issue

[Rowland Penny]

On 05/05/16 16:42, Jonathan Mathews (jm3185...@gmail.com) wrote:

Hi

Hope someone could assist me.

I am interested in using SOGo as my email server, but have been 
experiencing some issues.


I have been trying to install SOGo with OpenChange, as some of the 
users prefer to use Outlook 2010.


So I have a CentOS 6.7 server, with epel repo and rpmforge, and have 
been following the installation guide on the website, and also the 
following guide which is for Ubuntu


https://github.com/DigitalOcean-User-Projects/Articles-and-Tutorials/blob/master/sogo_an_MS_exchange_alt.md

So, when I do yum install samba4, it only installs two packages, 
samba4 and samba4-common, so when you run samba-tool, you get a 
command not found. I eventually found out that you have to purchase it 
from sernet, which gives you all the dependencies to run samba-tool.


I then added the SOGo repo and ran yum install sogo*, the install went 
perfect. Then the next step is to install OpenChange, I used the 
following instructions:


http://www.openchange.org/download/el.html

So when I ran yum install |openchange sogo-openchange-backend 
openchange-ocsmanager openchange-rpcproxy


|
|I get ||openchange-ocsmanager openchange-rpcproxy packages does not 
exist.


|
|I am not sure if I am doing something wrong, but I followed the 
instructions. To me it looks like it is a repo issue, yet I have given 
the exact repo that the webstie points me to.


|
|I would apriceate any advice anyone can give me.

|
||





For various reasons, Openchange development seems to have stalled and 
Openchange will only work with Samba version 4.1.18 at latest. This 
version of Samba is now EOL and is possibly subject to MITM attacks, so 
I wouldn't use it. If I remember correctly, there was also a problem 
building ocsmanager on later versions.


All in all, I think, for the time being anyway, you should not consider 
using Openchange.


Rowland

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Openchange + Samba 4.4.0

[Rowland Penny]

On 26/03/16 16:27, Jesús García Sáez (blax...@gmail.com) wrote:



On Fri, Mar 25, 2016 at 11:44 AM, Andrey Cherepanov > wrote:


Can anybody compile openchange with samba 4.4.0? Now samba contains

commit 218f96f2bf10f7f03ec964c4515f6e248fc31ad8
Author: Jelmer Vernooij >
Date:   Mon Jan 4 00:56:10 2016 +

libcli: Make headers for private libraries private.

Signed-off-by: Jelmer Vernooij >
Reviewed-By: Andrew Bartlett >
Reviewed-By: Stefan Metzmacher >

ldap_ndr.h is now private header and is not available for openchange:
Compiling libmapiadmin/mapiadmin_user.c with -fPIC
libmapiadmin/mapiadmin_user.c:33:22: fatal error: ldap_ndr.h: No
such file or directory

OpenChange 2.4-zentyal22 is still use it:
$ git grep 'ldap_ndr.h>' | cat
libmapiadmin/mapiadmin_user.c:#include 
mapiproxy/servers/default/emsmdb/emsmdbp.c:#include 

I try to subscribe de...@lists.openchange.org
 and create issue on
https://github.com/zentyal/openchange but without any result.

-- 
Andrey Cherepanov

c...@altlinux.org 
-- 
users@sogo.nu 

https://inverse.ca/sogo/lists




You don't need to remove that commit from samba, you can use something 
like this 
https://github.com/blaxter/openchange/commit/5f5783711d2c2496a824e66c8aa439781cac67fa 
and it will compile just fine

--
users@sogo.nu
https://inverse.ca/sogo/lists


OK, I can now tell you, do not use Samba 4.1.18 with Openchange unless 
you can backport the badlock patches or if Openchange does so, Samba 
will not backport these packages.


There are various problems covered by the patches, chiefly there is a 
risk of 'man in the middle' attacks.


Rowland
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Openchange + Samba 4.4.0

[Rowland Penny]

On 25/03/16 10:44, Andrey Cherepanov (c...@altlinux.org) wrote:

Can anybody compile openchange with samba 4.4.0? Now samba contains

commit 218f96f2bf10f7f03ec964c4515f6e248fc31ad8
Author: Jelmer Vernooij 
Date:   Mon Jan 4 00:56:10 2016 +

libcli: Make headers for private libraries private.

Signed-off-by: Jelmer Vernooij 
Reviewed-By: Andrew Bartlett 
Reviewed-By: Stefan Metzmacher 

ldap_ndr.h is now private header and is not available for openchange:
Compiling libmapiadmin/mapiadmin_user.c with -fPIC
libmapiadmin/mapiadmin_user.c:33:22: fatal error: ldap_ndr.h: No such 
file or directory


OpenChange 2.4-zentyal22 is still use it:
$ git grep 'ldap_ndr.h>' | cat
libmapiadmin/mapiadmin_user.c:#include 
mapiproxy/servers/default/emsmdb/emsmdbp.c:#include 

I try to subscribe de...@lists.openchange.org and create issue on 
https://github.com/zentyal/openchange but without any result.




As far as I am aware, you can only compile Openchange with Samba 4.1.18 
and the 4.1.x series went EOL last Tuesday and I don't think the Samba 
4.1.x series *will get any further updates*


The problem was that Openchange relied on Samba internal headers that 
should never have been public (because they can and do change). You will 
need to take this up with Openchange, but development of this seems to 
have stalled.


Rowland

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Sogo, CentOS 7 & Openchange

[Rowland Penny]

On 08/03/16 19:47, Chris wrote:

Hi Stefan,

Better than an installation guide, it'd be best if somebody would 
write an installation script for Samba 4 AD DC!


Probably based on the wiki page referred by Rowland:

https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller 



Because IMO, doing these Samba 4 AD DC installations by hand is a 
waste of valuable time...




On 3/7/2016 7:28 PM, Stefan Klatt wrote:

Hi,

has somebody written a installation guide for CentOS 7?

Regards

Stefan


Am 04.03.2016 um 20:59 schrieb Rowland Penny:

On 04/03/16 19:44, Chris wrote:

Stefan,

According to this thread:

https://lists.inverse.ca/sogo/arc/users/2014-12/msg00196.html

Samba4 not existing for CentOS 7/RHEL 7, has been an issue for SOGO
users, since December 2014!

There are Samba4 packages for Centos, there just aren't any Samba4 AD
DC packages.


Anyway, here is a step by step guide on how to install Samba4 on
CentOS 7:

http://wiki.eri.ucsb.edu/stadm/AD_Samba4_Centos_7

Please don't follow that link, you will not get the required AD DC if
you follow it, try the Samba wiki:

https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller 




Rowland



Once you complete installing Samba4, you should then install the
newest Openchange stable from centos 7 or EPEL repo (assuming the
package exists!), and achieve outlook compatibility.




On 3/4/2016 4:08 AM, Stefan Klatt wrote:

Hello Christian,

thats right, but what about REHL7? I think REHL5 ist for
Centos/Redhat 5?

Stefan

Am 04.03.2016 um 01:33 schrieb Christian Jensen:

Hi.

looking at http://inverse.ca/downloads/SOGo/RHEL5/x86_64/RPMS/ it
looks like all the files are there
have a look at
http://sogo.nu/support/faq/article/how-to-install-sogo-and-sope-through-yum.html 



maybe you missed something?

-- Christian

Den 03-03-2016 kl. 21:55 skrev Stefan Klatt:

Hi,

did I miss something or is it possible to install this combination?
I didn't found the needed openchange rpms at the repository.

Where is my fault?

Stefan





It is not quite as simple as that, I am sorry to say, as far as I can 
see the latest Openchange package is version 2.3. This is only 
compatible with Samba 4.1.18 and you will need to build samba in a 
different way to that show on the Samba wiki. The last time I looked, 
Openchange provided a script to download and build Samba, but the only 
problem (if you can call it 'only') is that Samba 4.4.0 is planned to be 
released next Tuesday (15th March) and when this is released, samba 
4.1.x will go EOL and will receive no more updates.


If you follow Openchanges 'cookbook', this will install all the required 
packages you need.


Rowland
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Sogo, CentOS 7 & Openchange

[Rowland Penny]

On 04/03/16 19:44, Chris wrote:

Stefan,

According to this thread:

https://lists.inverse.ca/sogo/arc/users/2014-12/msg00196.html

Samba4 not existing for CentOS 7/RHEL 7, has been an issue for SOGO 
users, since December 2014!


There are Samba4 packages for Centos, there just aren't any Samba4 AD DC 
packages.




Anyway, here is a step by step guide on how to install Samba4 on 
CentOS 7:


http://wiki.eri.ucsb.edu/stadm/AD_Samba4_Centos_7


Please don't follow that link, you will not get the required AD DC if 
you follow it, try the Samba wiki:


https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller

Rowland




Once you complete installing Samba4, you should then install the 
newest Openchange stable from centos 7 or EPEL repo (assuming the 
package exists!), and achieve outlook compatibility.





On 3/4/2016 4:08 AM, Stefan Klatt wrote:

Hello Christian,

thats right, but what about REHL7? I think REHL5 ist for 
Centos/Redhat 5?


Stefan

Am 04.03.2016 um 01:33 schrieb Christian Jensen:

Hi.

looking at http://inverse.ca/downloads/SOGo/RHEL5/x86_64/RPMS/ it
looks like all the files are there
have a look at
http://sogo.nu/support/faq/article/how-to-install-sogo-and-sope-through-yum.html 


maybe you missed something?

-- Christian

Den 03-03-2016 kl. 21:55 skrev Stefan Klatt:

Hi,

did I miss something or is it possible to install this combination?
I didn't found the needed openchange rpms at the repository.

Where is my fault?

Stefan





--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Sogo, CentOS 7 & Openchange

[Rowland Penny]

On 03/03/16 20:55, Stefan Klatt wrote:

Hi,

did I miss something or is it possible to install this combination?
I didn't found the needed openchange rpms at the repository.

Where is my fault?

Stefan



Hi, I think this is probably because what you really need is Centos7, 
Sogo, Samba4 AD DC and Openchange. The only problem, there are no Samba4 
AD DC rpms yet and you need these to install Openchange.

You could try another OS.

Rowland
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] OpenChange without Samba

[Rowland Penny]

On 17/02/16 13:47, Steve Ankeny wrote:

On 02/17/2016 06:44 AM, Rowland Penny wrote:

On 17/02/16 07:39, Dennis Moebus wrote:

Hi all,

I'm sorry for my late response...
First of all, thank you for your advices!!!

I joined my Samba4 Server as a Member to my Windows 2012 AD.
(https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member)
This worked without any problems.

This is my smb.conf, hope this will help :-)

#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Some options that are often worth tuning have been included as
# commented-out examples in this file.
#  - When such options are commented with ";", the proposed setting
#differs from the default Samba behaviour
#  - When commented with "#", the proposed setting is the default
#behaviour of Samba but the option is considered important
#enough to be mentioned here
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not made any basic syntactic
# errors.

#=== Global Settings ===

[global]

netbios name = SOGo
security = ADS
workgroup = 3PC
realm = 3PC.LOCAL

log file = /var/log/samba/%m.log
log level = 1

dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes

winbind trusted domains only = no
winbind use default domain = yes
winbind enum users  = yes
winbind enum groups = yes

# idmap config used for your domain.
# Choose one of the following backends fitting to your
# requirements and add the corresponding configuration.
#  - idmap config ad
#  - idmap config rid
#  - idmap config autorid

###  Configuration required by OpenChange server ###
 dsdb:schema update allowed = true
 dcerpc endpoint servers = epmapper, mapiproxy, dnsserver
 dcerpc_mapiproxy:server = true
 dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp,
exchange_ds_rfr
### Configuration required by OpenChange server ###

mapistore:namedproperties = mysql
namedproperties:mysql_user = openchange
namedproperties:mysql_pass = *
namedproperties:mysql_host = localhost
namedproperties:mysql_db = openchange
mapistore:indexing_backend =
mysql://openchange:*@localhost/openchange
mapiproxy:openchangedb =
mysql://openchange:*@localhost/openchange

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will 
part of

#   workgroup = WORKGROUP

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its 
WINS Server

#   wins support = no

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT 
both

;   wins server = w.x.y.z

# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no

 Networking 

# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
;   interfaces = 127.0.0.0/8 eth0

# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba 
machine is

# not protected by a firewall or is a firewall itself. However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
;   bind interfaces only = yes



 Debugging/Accounting 

# This tells Samba to use a separate log file for each machine
# that connects
#   log file = /var/log/samba/log.%m

# Cap the size of the individual log files (in KiB).
max log size = 1000

# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
#   syslog only = no

# We want Samba to log a minimum amount of information to syslog. 
Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want 
to log
# through syslog you should set the following parameter to something 
higher.

syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d


### Authentication ###

# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller".
#
# M

Re: [SOGo] OpenChange without Samba

[Rowland Penny]

On 17/02/16 07:39, Dennis Moebus wrote:

Hi all,

I'm sorry for my late response...
First of all, thank you for your advices!!!

I joined my Samba4 Server as a Member to my Windows 2012 AD.
(https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member)
This worked without any problems.

This is my smb.conf, hope this will help :-)

#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Some options that are often worth tuning have been included as
# commented-out examples in this file.
#  - When such options are commented with ";", the proposed setting
#differs from the default Samba behaviour
#  - When commented with "#", the proposed setting is the default
#behaviour of Samba but the option is considered important
#enough to be mentioned here
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not made any basic syntactic
# errors.

#=== Global Settings ===

[global]

netbios name = SOGo
security = ADS
workgroup = 3PC
realm = 3PC.LOCAL

log file = /var/log/samba/%m.log
log level = 1

dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes

winbind trusted domains only = no
winbind use default domain = yes
winbind enum users  = yes
winbind enum groups = yes

# idmap config used for your domain.
# Choose one of the following backends fitting to your
# requirements and add the corresponding configuration.
#  - idmap config ad
#  - idmap config rid
#  - idmap config autorid

###  Configuration required by OpenChange server ###
 dsdb:schema update allowed = true
 dcerpc endpoint servers = epmapper, mapiproxy, dnsserver
 dcerpc_mapiproxy:server = true
 dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp,
exchange_ds_rfr
### Configuration required by OpenChange server ###

mapistore:namedproperties = mysql
namedproperties:mysql_user = openchange
namedproperties:mysql_pass = *
namedproperties:mysql_host = localhost
namedproperties:mysql_db = openchange
mapistore:indexing_backend =
mysql://openchange:*@localhost/openchange
mapiproxy:openchangedb =
mysql://openchange:*@localhost/openchange

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
#   workgroup = WORKGROUP

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
#   wins support = no

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no

 Networking 

# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
;   interfaces = 127.0.0.0/8 eth0

# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself.  However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
;   bind interfaces only = yes



 Debugging/Accounting 

# This tells Samba to use a separate log file for each machine
# that connects
#   log file = /var/log/samba/log.%m

# Cap the size of the individual log files (in KiB).
max log size = 1000

# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
#   syslog only = no

# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d


### Authentication ###

# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller".
#
# Most people will want "standalone sever" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe 

Re: [SOGo] Outlook clients failure (MAPIStoreIOException)

[Rowland Penny]

On 29/10/15 13:01, Steve Ankeny wrote:

On 10/26/2015 01:54 PM, Rowland Penny wrote:
Two things, you can ignore the 'setproctitle' lines, these are very 
common and are harmless.
You should not start smbd and samba-ad-dc together, you should just 
start samba-ad-dc, this will start the 'samba' daemon, which will 
then start the 'smbd' daemon and on later versions of samba4, it will 
also start the 'winbindd' daemon. Note that you should never start 
the 'nmbd' daemon if running a Samba4 AD DC.


Rowland


We've discussed this before, Rowland.

When I install the Inverse Samba packages, I have the following 
running --


adam@sogo:~$ sudo initctl list | egrep 'samba|smb|nmb|winbind'
nmbd start/running
winbind stop/waiting
smbd stop/waiting
reload-smbd stop/waiting
samba-ad-dc start/running, process 814
adam@sogo:~$

I've tried "disabling" nmbd but the only way I've found was to change 
the filename at '/etc/init.d/nmbd'


It doesn't seem to "harm" my Samba AD DC (but it might have an effect 
on my OpenChange, not sure)





Can you copy any samba init files in /etc/init.d and send them to me and 
I will have a look at them, can you also check with 'ps ax' just what is 
running.


Rowland

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Outlook clients failure (MAPIStoreIOException)

[Rowland Penny]

On 26/10/15 17:35, Harold Fines wrote:

Christian: I tried, unfortunately to no avail :(

In case this provides a clue: After boot I have to manually "systemctl 
restart smbd samba-ad-dc", otherwise I get:


[2015/10/26 17:35:43.091643,  0] libmapi/oc_log.c:52(oc_logv)
  MAPIPROXY server mode enabled
[2015/10/26 17:35:43.094140,  0] libmapi/oc_log.c:54(oc_logv)
  Using MySQL backend for openchangedb: 
mysql://openchange:password@localhost/openchange
[2015/10/26 17:35:43.109776,  0] 
mapiproxy/servers/default/emsmdb/dcesrv_exchange_emsmdb.c:1672(dcesrv_exchange_emsmdb_init)

  ===
[2015/10/26 17:35:43.110149,  0] 
mapiproxy/servers/default/emsmdb/dcesrv_exchange_emsmdb.c:1672(dcesrv_exchange_emsmdb_init)

  OPENCHANGE INTERNAL ERROR: pid 1182
[2015/10/26 17:35:43.110348,  0] 
mapiproxy/servers/default/emsmdb/dcesrv_exchange_emsmdb.c:1672(dcesrv_exchange_emsmdb_init)

  [exchange_emsmdb] Unable to initialize openchangedb
[2015/10/26 17:35:43.112247,  0] 
mapiproxy/libmapiproxy/fault_util.c:53(debug_print_backtrace)

  BACKTRACE: 14 stack frames:
   #00 
/usr/lib/x86_64-linux-gnu/libmapiproxy.so.0(debug_print_backtrace+0xa1) [0x7f993878ff38]
   #01 
/usr/lib/x86_64-linux-gnu/libmapiproxy.so.0(openchange_abort+0x75) 
[0x7f99387900b7]
   #02 
/usr/lib/x86_64-linux-gnu/openchange/dcerpc_mapiproxy_server/exchange_emsmdb.so(+0x11459) 
[0x7f9935a9b459]
   #03 /usr/lib/x86_64-linux-gnu/libmapiproxy.so.0(+0xa17b) 
[0x7f993877517b]
   #04 
/usr/lib/x86_64-linux-gnu/libmapiproxy.so.0(mapiproxy_server_init+0x89) [0x7f9938775241]
   #05 
/usr/lib/x86_64-linux-gnu/samba/dcerpc_server/dcesrv_mapiproxy.so(+0x1e157) 
[0x7f99389ce157]
   #06 
/usr/lib/x86_64-linux-gnu/libdcerpc-server.so.0(dcesrv_init_context+0x97) 
[0x7f9943950ed7]
   #07 /usr/lib/x86_64-linux-gnu/samba/service/dcerpc.so(+0xc95) 
[0x7f9943bc7c95]
   #08 
/usr/lib/x86_64-linux-gnu/samba/process_model/standard.so(+0x1642) 
[0x7f99486ae642]
   #09 
/usr/lib/x86_64-linux-gnu/samba/libservice.so.0(task_server_startup+0x4f) 
[0x7f99563c500f]
   #10 
/usr/lib/x86_64-linux-gnu/samba/libservice.so.0(server_service_startup+0x92) 
[0x7f99563c3cd2]

   #11 /usr/sbin/samba(+0x99fd) [0x7f99576d09fd]
   #12 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) 
[0x7f9953210b45]

   #13 /usr/sbin/samba(+0x5dee) [0x7f99576ccdee]
[2015/10/26 17:35:43.116238,  0] 
../source4/rpc_server/dcerpc_server.c:1194(dcesrv_init_context)
  dcesrv_init_context: failed to init endpoint server = 'mapiproxy': 
NT_STATUS_INTERNAL_ERROR
[2015/10/26 17:35:43.117175,  0] 
../source4/smbd/service_task.c:35(task_server_terminate)

  task_server_terminate: [Failed to startup dcerpc server task]
  STATUS=daemon 'samba' finished starting up and ready to serve 
connectionssamba_terminate: Failed to startup dcerpc server task
[2015/10/26 17:36:38.802556,  0] 
../file_server/file_server.c:48(file_server_smbd_done)

  file_server smbd daemon exited normally
[2015/10/26 17:36:38.803751,  0] 
../source4/smbd/service_task.c:35(task_server_terminate)

  task_server_terminate: [smbd child process exited]

After "systemctl restart smbd samba-ad-dc":
[2015/10/26 17:36:40.995337,  0] libmapi/oc_log.c:52(oc_logv)
  MAPIPROXY server mode enabled
samba: setproctitle not initialized, please either call 
setproctitle_init() or link against libbsd-ctor.

[2015/10/26 17:36:41.005783,  0] libmapi/oc_log.c:54(oc_logv)
  Using MySQL backend for openchangedb: 
mysql://openchange:password@localhost/openchange
[2015/10/26 17:36:41.008768,  0] 
../lib/util/become_daemon.c:136(daemon_ready)
samba: setproctitle not initialized, please either call 
setproctitle_init() or link against libbsd-ctor.


I do get intermittent messages like this in log.samba:

samba: setproctitle not initialized, please either call 
setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call 
setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call 
setproctitle_init() or link against libbsd-ctor.


There is nothing in ocsmanager.log that provides any insight (I also 
tried enabling debug line in config, no change):


Starting server in PID 703.
serving on http://127.0.0.1:5000
2015-10-26 17:37:47,150 INFO [openchange.web.auth.NTLMAuthHandler] 
[worker 0] client did not pass auth cookie
2015-10-26 17:37:52,804 INFO [openchange.web.auth.NTLMAuthHandler] 
[worker 1] client did not pass auth cookie
2015-10-26 17:37:52,828 INFO [openchange.web.auth.NTLMAuthHandler] 
[worker 2] client did not pass auth cookie
2015-10-26 17:37:52,838 INFO [openchange.web.auth.NTLMAuthHandler] 
[worker 3] client did not pass auth cookie
2015-10-26 17:37:52,839 INFO [openchange.web.auth.NTLMAuthHandler] 
[worker 3] acquiring lock 
/var/cache/ntlmauthhandler/ntlm-127.0.0.1.lock (703)
2015-10-26 17:37:53,426 INFO [openchange.web.auth.NTLMAuthHandler] 
[worker 4] acquiring lock 
/var/cache/ntlmauthhandler/ntlm-127.0.0.1.lock 

Re: [SOGo] Re: Multiple mail fields in LDAP

[Rowland Penny]

On 05/10/15 14:40, Christian Mack wrote:

Hello

Am 05.10.2015 um 14:23 schrieb Sven Schwedas:

On 2015-10-05 14:12, Mathieu Mirmont wrote:

Anyone? Should I file a bug report? Is it a bug?

The mail field is supposed to be single-valued, I don't think it's a bug
in SOGo if you break your LDAP scheme on purpose.

(Exchange e.g. adds the multi-valued proxyAddresses attribute for this
purpose, and other groupware solutions use similar named ones. None, to
my knowledge, tries to make the main mail attribute multi-valued.)


You are wrong.
Attribute mail is multivalued, and is used as such.


You are both correct, but only depending on your point of view :-)
If your point of view is from AD i.e. Exchange, then 'mail' is single 
valued

If your point of view is from LDAP, then 'mail' is multi-valued

Rowland



This bug is already known, and it is a Thunderbird/Lightning bug, as it
always uses the last email address it gets for a user, instead of the
registered one.
As LDAP has no means of sorting multi value attributes, you almost
always get the wrong one.
It should use the registered one and the one used in the event.




--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Samba backend question

[Rowland Penny]

On 24/09/15 19:41, Paul van der Vlis wrote:

Op 24-09-15 om 19:13 schreef Rowland Penny:

On 24/09/15 16:57, Paul van der Vlis wrote:

Op 24-09-15 om 08:27 schreef Martin Simovic:


samba-tool has these options, invoke help to list all of them.

I found an option "--mail-address=" for samba-tool what works, but it is
not documented in the man-page or in the help (Samba 4.1.17).

As far as I am aware, setting the mail address has always been there:

root@dc01:~# samba -V
Version 4.1.17-Debian

samba-tool user create --help
   --mail-address=MAIL_ADDRESS
 User's email address

Ah, thanks!


I did not found an option to set the common name in samba-tool. I will
search further, thanks for you help!

--use-username-as-cn  Force use of username as user's CN

I want e.g. "john" as username and "John Doe" as CN. so not the same.


Ah, well, that would be :

  --surname=SURNAME User's surname
  --given-name=GIVEN_NAME
User's given name

Rowland





So far I know the username is "sAMAccountName" in Samba terms.

With regards,
Paul van der Vlis.




--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Samba backend question

[Rowland Penny]

On 24/09/15 16:57, Paul van der Vlis wrote:

Op 24-09-15 om 08:27 schreef Martin Simovic:


samba-tool has these options, invoke help to list all of them.

I found an option "--mail-address=" for samba-tool what works, but it is
not documented in the man-page or in the help (Samba 4.1.17).


As far as I am aware, setting the mail address has always been there:

root@dc01:~# samba -V
Version 4.1.17-Debian

samba-tool user create --help
  --mail-address=MAIL_ADDRESS
User's email address


I did not found an option to set the common name in samba-tool. I will
search further, thanks for you help!

--use-username-as-cn  Force use of username as user's CN


Rowland


--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Failed logins with DCERPC calls in 'smb.conf'

[Rowland Penny]

On 16/08/15 15:15, Steve Ankeny wrote:

On 08/15/2015 05:24 PM, Rowland Penny wrote:


*two questions* --

(1) should nmbd be running?


Definitely no, there is an 'nbt' component built into the 'samba' 
process.


having difficulty removing it from startup

'initctl list' BEFORE removal --

adam@sogo:~$ sudo initctl list | egrep 'samba|smb|nmb|winbind'
nmbd start/running
winbind stop/waiting
smbd stop/waiting
reload-smbd stop/waiting
samba-ad-dc start/running, process 854
adam@sogo:~$

stop and remove 'nmbd' --

adam@sogo:~$ sudo service nmbd stop
nmbd stop/waiting
adam@sogo:~$ sudo update-rc.d -f nmbd remove
 Removing any system startup links for /etc/init.d/nmbd ...
adam@sogo:~$

'initctl list' AFTER removal --

adam@sogo:~$ sudo initctl list | egrep 'samba|smb|nmb|winbind'
nmbd start/running
winbind stop/waiting
smbd stop/waiting
reload-smbd stop/waiting
samba-ad-dc start/running, process 854
adam@sogo:~$

How do I remove 'nmbd' from startup?

I tried ' sudo initctl --system stop nmbd' with the same results.

thx



Are you sure nmbd is starting at boot ?
Try 'ps ax | grep 'nmb' after the machine has just rebooted, if it 
returns anything, then it is starting at boot and you need to stop it.
You seem to be mixing up 'is it running' with 'can I start it' commands, 
it may help you to look here:


http://askubuntu.com/questions/19320/how-to-enable-or-disable-services

Rowland

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Failed logins with DCERPC calls in 'smb.conf'

[Rowland Penny]

On 15/08/15 18:50, Steve Ankeny wrote:

On 08/15/2015 12:52 PM, Rowland Penny wrote:
Can I ask how you installed Openchange, one of the lines you have in 
smb.conf is only needed when updating the AD schema 'dsdb:schema 
update allowed = true', I would think that Openchange only does this 
once, so you can probably remove this.


Rowland


SOGo Native Microsoft Outlook Configuration 
http://www.sogo.nu/files/docs/SOGo%20Native%20Microsoft%20Outlook%20Configuration.pdf, 
pg 9 lists the packages to install --


apt-get install openchangeserver \
sogo-openchange \
openchangeproxy \
python-ocsmanager \
mysql-server \
python-mysqldb \
openchange-ocsmanager \
openchange-rpcproxy \
python-sievelib \
python-spyne \
python-rpclib

here are my installed packages (plus 'mariadb-server' and libs)

adam@sogo:~$ sudo dpkg --get-selections | egrep 
'openchange|ocsmanager|rpc|spyne'

libgssrpc4:amd64install
openchange-ocsmanager   install
openchange-rpcproxy install
openchangeproxy   install
openchangeserver  install
python-ocsmanagerinstall
python-rpclib   install
python-spyne  install
sogo-openchange:amd64install
adam@sogo:~$

pg 10 of the manual discusses Samba 4 configuration and includes --

––– Configuration required by OpenChange server –––
dsdb:schema update allowed = true
dcerpc endpoint servers = epmapper, mapiproxy, dnsserver
dcerpc_mapiproxy:server = true
dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, 
exchange_ds_rfr

––– Configuration required by OpenChange server –––

my 'smb.conf' reads --

### Configuration required by OpenChange server ###
#dsb:schema update allowed = true
#dcerpc endpoint servers = +mapiproxy
#dcerpc_mapiproxy:server = true
#dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, 
exchange_ds_rfr

### Configuration required by OpenChange server ###

currently, I have the dcerpc calls commented out of the conf (as above)


I believe you need the dcerpc lines to use openchange.



*two questions* --

(1) should nmbd be running?


Definitely no, there is an 'nbt' component built into the 'samba' process.



(2) should the 'dsb:schema' line be commented out?


I am not sure, normally it shouldn't be there, have a look here:

https://wiki.samba.org/index.php/Samba_AD_Schema_Extenstions

but openchange seems to want to do things it own way, so it might have 
to be there, if it does, then that is another thing openchange shouldn't 
be doing.


Rowland



thx, as always



--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Failed logins with DCERPC calls in 'smb.conf'

[Rowland Penny]

On 14/08/15 14:17, Steve Ankeny wrote:

On 08/01/2015 03:28 PM, Steve Ankeny wrote:

On 07/31/2015 10:23 AM, Steve Ankeny wrote:

In '/var/log/auth.log' there are a series of authentication errors --

Jul 27 08:33:04 sogo auth: pam_unix(dovecot:auth): check pass; user 
unknown
Jul 27 08:33:04 sogo auth: pam_unix(dovecot:auth): authentication 
failure; logname= uid=0 euid=0 tty=dovecot ruser=michael rhost=127.0.0.1
Jul 27 08:33:04 sogo auth: pam_winbind(dovecot:auth): getting 
password (0x0388)
Jul 27 08:33:04 sogo auth: pam_winbind(dovecot:auth): pam_get_item 
returned a password


These were logged during an attempt to login to Samba AD

It appears there's an issue with Dovecot authentication (or pam) 
but it may be elsewhere.


This is the instance where dcerpc calls from 'smb.conf' --

 ### Configuration required by OpenChange server ###
 dsb:schema update allowed = true
 dcerpc endpoint servers = +mapiproxy
 dcerpc_mapiproxy:server = true
 dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, 
exchange_ds_rfr

 ### Configuration required by OpenChange server ###

When I uncomment those dcerpc calls, Samba AD allows the first few 
users to login then gives Access denied to the next users.  
Curiously enough, even in that instance, Samba services are STILL 
running.


*Looking further in '/var/log/samba/log.samba'* --

[2015/07/27 10:17:14.598525,  0] 
../source4/smbd/server.c:370(binary_smbd_main)

  samba version 4.1.18-Debian started.
  Copyright Andrew Tridgell and the Samba Team 1992-2013
[2015/07/27 10:17:17.689989,  0] 
../source4/smbd/server.c:488(binary_smbd_main)

  samba: using 'standard' process model
samba: setproctitle not initialized, please either call 
setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call 
setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call 
setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call 
setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call 
setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call 
setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call 
setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call 
setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call 
setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call 
setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call 
setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call 
setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call 
setproctitle_init() or link against libbsd-ctor.
[2015/07/27 10:17:18.257922,  0] 
../lib/util/become_daemon.c:136(daemon_ready)

[2015/07/27 10:17:19.731517,  0] libmapi/oc_log.c:52(oc_logv)
*MAPIPROXY server mode enabled*
[2015/07/27 10:17:19.735772,  0] libmapi/oc_log.c:54(oc_logv)
  Using MySQL backend for openchangedb: 
mysql://openchange-user:$passwd@localhost/openchange
[2015/07/27 10:17:19.849272,  0] 
mapiproxy/servers/default/emsmdb/dcesrv_exchange_emsmdb.c:2012(dcesrv_exchange_emsmdb_init)

===
[2015/07/27 10:17:19.849708,  0] 
mapiproxy/servers/default/emsmdb/dcesrv_exchange_emsmdb.c:2012(dcesrv_exchange_emsmdb_init)

*OPENCHANGE INTERNAL ERROR: pid 1486*
[2015/07/27 10:17:19.850012,  0] 
mapiproxy/servers/default/emsmdb/dcesrv_exchange_emsmdb.c:2012(dcesrv_exchange_emsmdb_init)

*[exchange_emsmdb] Unable to initialize openchangedb*
[2015/07/27 10:17:19.955017,  0] 
mapiproxy/libmapiproxy/fault_util.c:53(debug_print_backtrace)

  BACKTRACE: 14 stack frames:
   #00 
/usr/lib/x86_64-linux-gnu/libmapiproxy.so.0(debug_print_backtrace+0x96) 
[0x7f6634c36368]
   #01 
/usr/lib/x86_64-linux-gnu/libmapiproxy.so.0(openchange_abort+0x75) 
[0x7f6634c364d6]
   #02 
/usr/lib/x86_64-linux-gnu/openchange/dcerpc_mapiproxy_server/exchange_emsmdb.so(+0x1087f) 
[0x7f66333fe87f]
   #03 /usr/lib/x86_64-linux-gnu/libmapiproxy.so.0(+0x9aca) 
[0x7f6634c1caca]
   #04 
/usr/lib/x86_64-linux-gnu/libmapiproxy.so.0(mapiproxy_server_init+0x89) 
[0x7f6634c1cb7c]
   #05 
/usr/lib/x86_64-linux-gnu/samba/dcerpc_server/dcesrv_mapiproxy.so(+0x162ce) 
[0x7f6634e6c2ce]
   #06 
/usr/lib/x86_64-linux-gnu/libdcerpc-server.so.0(dcesrv_init_context+0x79) 
[0x7f6640052069]
   #07 /usr/lib/x86_64-linux-gnu/samba/service/dcerpc.so(+0xc99) 
[0x7f66402c7c99]
   #08 
/usr/lib/x86_64-linux-gnu/samba/process_model/standard.so(+0x1656) 
[0x7f6645046656]
   #09 
/usr/lib/x86_64-linux-gnu/samba/libservice.so.0(task_server_startup+0x4a) 
[0x7f6652c28eda]
   #10 

Re: [SOGo] Failed logins with DCERPC calls in 'smb.conf'

[Rowland Penny]

On 15/08/15 13:37, Steve Ankeny wrote:

On 08/14/2015 09:32 AM, Rowland Penny wrote:

On 14/08/15 14:17, Steve Ankeny wrote:

On 08/01/2015 03:28 PM, Steve Ankeny wrote:

On 07/31/2015 10:23 AM, Steve Ankeny wrote:

[ redacted text ]

This is the instance where dcerpc calls from 'smb.conf' --

 ### Configuration required by OpenChange server ###
 dsb:schema update allowed = true
 dcerpc endpoint servers = +mapiproxy
 dcerpc_mapiproxy:server = true
 dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, 
exchange_ds_rfr

 ### Configuration required by OpenChange server ###

When I uncomment those dcerpc calls, Samba AD allows the first 
few users to login then gives Access denied to the next users.  
Curiously enough, even in that instance, Samba services are STILL 
running.


*Looking further in '/var/log/samba/log.samba'* --

[ redacted text ]
===
[2015/07/27 10:17:19.849708,  0] 
mapiproxy/servers/default/emsmdb/dcesrv_exchange_emsmdb.c:2012(dcesrv_exchange_emsmdb_init)

*OPENCHANGE INTERNAL ERROR: pid 1486*
[2015/07/27 10:17:19.850012,  0] 
mapiproxy/servers/default/emsmdb/dcesrv_exchange_emsmdb.c:2012(dcesrv_exchange_emsmdb_init)

*[exchange_emsmdb] Unable to initialize openchangedb*
[2015/07/27 10:17:19.955017,  0] 
mapiproxy/libmapiproxy/fault_util.c:53(debug_print_backtrace)

  BACKTRACE: 14 stack frames:
   #00 
/usr/lib/x86_64-linux-gnu/libmapiproxy.so.0(debug_print_backtrace+0x96) 
[0x7f6634c36368]
   #01 
/usr/lib/x86_64-linux-gnu/libmapiproxy.so.0(openchange_abort+0x75) 
[0x7f6634c364d6]
   #02 
/usr/lib/x86_64-linux-gnu/openchange/dcerpc_mapiproxy_server/exchange_emsmdb.so(+0x1087f) 
[0x7f66333fe87f]
   #03 /usr/lib/x86_64-linux-gnu/libmapiproxy.so.0(+0x9aca) 
[0x7f6634c1caca]
   #04 
/usr/lib/x86_64-linux-gnu/libmapiproxy.so.0(mapiproxy_server_init+0x89) 
[0x7f6634c1cb7c]
   #05 
/usr/lib/x86_64-linux-gnu/samba/dcerpc_server/dcesrv_mapiproxy.so(+0x162ce) 
[0x7f6634e6c2ce]
   #06 
/usr/lib/x86_64-linux-gnu/libdcerpc-server.so.0(dcesrv_init_context+0x79) 
[0x7f6640052069]
   #07 /usr/lib/x86_64-linux-gnu/samba/service/dcerpc.so(+0xc99) 
[0x7f66402c7c99]
   #08 
/usr/lib/x86_64-linux-gnu/samba/process_model/standard.so(+0x1656) 
[0x7f6645046656]
   #09 
/usr/lib/x86_64-linux-gnu/samba/libservice.so.0(task_server_startup+0x4a) 
[0x7f6652c28eda]
   #10 
/usr/lib/x86_64-linux-gnu/samba/libservice.so.0(server_service_startup+0x93) 
[0x7f6652c27b83]

   #11 samba(+0x9a35) [0x7f6653f31a35]
   #12 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) 
[0x7f664fa82ec5]

   #13 samba(+0x5e4e) [0x7f6653f2de4e]
[2015/07/27 10:17:19.957226,  0] 
../source4/rpc_server/dcerpc_server.c:1194(dcesrv_init_context)
*dcesrv_init_context: failed to init endpoint server = 'mapiproxy': 
NT_STATUS_INTERNAL_ERROR*
[2015/07/27 10:17:19.957543,  0] 
../source4/smbd/service_task.c:35(task_server_terminate)

*task_server_terminate: [Failed to startup dcerpc server task]*
  STATUS=daemon 'samba' finished starting up and ready to serve 
connections*samba_terminate: Failed to startup dcerpc server task*


I've *emboldened* the lines showing 'openchangedb' is not initiating.

It appears to err on '*exchange_emsmdb*'  That's one of the 
dcerpc calls in 'smb.conf'


--


sorry to be so late updating this issue, it is STILL unresolved

I uncommented the dcerpc calls in 'smb.conf' and restarted the server.

Samba services were running --

adam@sogo:~$ sudo initctl list | egrep 'samba|smb|nmb|winbind'
nmbd start/running


Something wrong here, nmbd shouldn't be running on a DC, how are you 
starting samba ?




'samba-ad-dc'


OK



adam@sogo:~$ sudo ls /etc/init.d/ | egrep 
'samba|smb|nmb|winbind|ocsmanager'

nmbd
openchange-ocsmanager
samba
samba-ad-dc
smbd
winbind


That just show what you *could* start, not what you are starting.


adam@sogo:~$


winbind stop/waiting
smbd stop/waiting
reload-smbd stop/waiting
samba-ad-dc start/running, process 841
adam@sogo:~$



What does 'ps ax' show ?


adam@sogo:~$ sudo ps ax | egrep 'samba|smb|nmb|winbind|ocsmanager'
  765 ?Ss 0:05 samba -D
 1334 ?S  0:00 samba -D
 1344 ?S  1:37 samba -D
 1382 ?S  0:10 samba -D
 1420 ?S  0:03 samba -D
 1448 ?Ss 2:06 /usr/sbin/smbd -D --option=server role 
check:inhibit=yes --foreground

 1450 ?S  4:20 samba -D
 1452 ?S  0:32 samba -D
 1476 ?S  0:58 samba -D
 1487 ?S 13:42 samba -D
 1488 ?S  0:27 samba -D
 1489 ?S  0:03 samba -D
 1490 ?S  9:26 samba -D
 1499 ?S  2:38 samba -D
 1501 ?S  3:19 samba -D
 1516 ?S  0:10 /usr/sbin/smbd -D --option=server role 
check:inhibit=yes --foreground


OK, that is what I would expect.

 8340 pts/2S+ 0:00 egrep --color=auto 
samba

Re: [SOGo] Adding users via Windows Admin Tools doesn't work

[Rowland Penny]

On 10/08/15 20:38, Gerald Brandt wrote:

Hi Rowland,

I changed dovecots ldap file to the following:

# cat /etc/dovecot/dovecot-ldap.conf.ext

hosts = 127.0.0.1:389
dn = cn=administrator,cn=Users,dc=erlphase,dc=com
dnpass = 
base = cn=Users,dc=erlphase,dc=com
auth_bind = yes
pass_filter = (samaccountname=%n)
user_filter = (samaccountname=%n)
user_attrs = cn=home=/var/spool/dovecot/%$

And I can now log in via IMAP and Web nicely.  However, sending email 
locally has issues.  If I send to g...@erlphase.com, I see the 
following in the logs:


Aug 10 14:33:01 pdc postfix/cleanup[2138]: 4422DE10FF: 
message-id=654-55c8fc80-3-57a4d200@35647971
Aug 10 14:33:01 pdc postfix/qmgr[1236]: 4422DE10FF: 
from=g...@erlphase.com, size=502, nrcpt=2 (queue active)
Aug 10 14:33:01 pdc postfix/smtpd[2036]: disconnect from 
localhost[127.0.0.1]

Aug 10 14:33:01 pdc dovecot: lmtp(2145): Connect from 127.0.0.1
Aug 10 14:33:01 pdc dovecot: auth: 
ldap(bra...@erlphase.com,127.0.0.1): unknown user

Aug 10 14:33:01 pdc dovecot: lmtp(2146): Connect from 127.0.0.1
Aug 10 14:33:01 pdc dovecot: auth: 
ldap(ger...@erlphase.com,127.0.0.1): unknown user
Aug 10 14:33:01 pdc postfix/lmtp[2143]: 4422DE10FF: 
to=bra...@erlphase.com, orig_to=g...@erlphase.com, 
relay=127.0.0.1[127.0.0.1]:24, delay=0.13, delays=0.09/0.02/0.01/0.01, 
dsn=5.1.1, status=bounced (host 127.0.0.1[127.0.0.1] said: 550 5.1.1 
bra...@erlphase.com User doesn't exist: bra...@erlphase.com (in 
reply to RCPT TO command))



It takes the user 'gbr' and tries to send to firstname (Gerald) and 
lastname (Brandt) as separate users.


Gerald


On 2015-07-25 03:12 AM, Rowland Penny wrote:

On 24/07/15 23:03, Gerald Brandt wrote:



On 2015-07-24 03:44 PM, Rowland Penny wrote:

On 24/07/15 19:13, Gerald Brandt wrote:


On 2015-07-24 10:57 AM, Rowland Penny wrote:

On 24/07/15 16:17, Gerald Brandt wrote:

Hi,

I added two users to my SAMBA/SOGo/Openchange server via the 
Windows tools from Windows 7.  I then went to the Linux server 
and ran opechnage_newuser -- create user.


When the user connects via Outlook (2003), they can send and 
receive emails, calendar, etc.


When the user connects via IMAP, they can't login. Dovecot can't 
find the user in LDAP.


When the user connects voa the SOGo web interface, login takes 
awhile, and the user is presented with no email folders.



I added a user with samba-tool user add and the 
openchange_newuser --create, and all three (Outlook, IMAP, and 
web) work perfectly.


Should I file a bug report with Openchnage on this? With SOGo?

Thanks,
Gerald



Hi, can you post you dovecot ldap conf file (suitably sanitized 
of course) also what version of samba4 you are using.


Rowland



Hi,

I'm using everything from the inverse repo.  Dovecot authorizes 
fine when I use samba-tool to add a user. Samba version is 4.1.18.


I use a script to build my Samba/SOGo/Openchange install. You can 
see my script at http://majentis.com/?p=344 . It has every config 
file I use.


Here's my dovecot.conf

# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol

postmaster_address=administra...@erlphase.com

# AUTH
disable_plaintext_auth = yes
auth_master_user_separator = *
auth_mechanisms = plain login

# master users
#passdb {
#  driver = passwd-file
#  master = yes
#  args = /etc/dovecot/master-users

  # Unless you're using PAM, you probably still want the 
destination user to
  # be looked up from passdb that it really exists. pass=yes does 
that.

  #pass = yes
#}

# ldap users
passdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap.conf.ext
}

userdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap.conf.ext
}

# trust on 127.0.0.1
passdb {
 driver = static
 args = nopassword=y allow_nets=127.0.0.1/32
}


# LOGGING
auth_verbose = yes
mail_debug = no
plugin {
  # Events to log. Also available: flag_change append
  #mail_log_events = delete undelete expunge copy mailbox_delete 
mailbox_rename
  # Available fields: uid, box, msgid, from, subject, size, vsize, 
flags

  # size and vsize are available only for expunge and copy events.
  #mail_log_fields = uid box msgid size
}

# MAIL and NAMESPACES
mail_location = maildir:~/maildir
mail_uid = vmail
mail_gid = vmail
mail_plugins = acl quota

namespace {
  type = private
  separator = /
  prefix =
  inbox = yes

  mailbox INBOX {
auto = create
  }
}
namespace {
  type = shared
  separator = /
  prefix = shared/%%u/
  location = maildir:%%h/maildir:INDEX=~/maildir/shared/%%u
  subscriptions = no
  list = children
}


# MASTER
service imap-login {
  inet_listener imap {
#port = 143
  }
  inet_listener imaps {
#port = 993
ssl = yes
  }
  # this is suboptimal since imap and imaps will also accept nopass
  inet_listener imap-nopass {
port = 144
  }

}
service pop3-login {
  inet_listener pop3 {
#port = 110
  }
  inet_listener pop3s {
#port = 995
#ssl = yes
  }
}
service lmtp {
  unix_listener lmtp {
#mode = 0666
  }
  # Create inet

Re: [SOGo] OpenChange 'dcerpc' calls stop Samba domain services

[Rowland Penny]

On 28/07/15 01:37, Steve Ankeny wrote:

This was initially sent to the wrong mailing list.  Updated at bottom.
--

Over the weekend, I configured OpenChange, OCS Manager  RPC Proxy in 
the manner described in the Outlook Configuration Guide to work with 
Samba in anticipation of setting up my first Outlook 2010 profile.


Specifically, I followed the instructions on pg. 10-17 with reference 
to 'smb.conf'  'ocsmanager.ini'


When I initially configured Samba AD DC, I inserted the language on 
pg. 10  13 in 'smb.conf' but commented it out so Samba-AD-DC would 
work correctly.  That was prior to the upgrade to SOGo  OpenChange 2.3


I also initially provisioned OpenChange  created the 'openchange' DB 
in MySQL


When I completed my configuration of OpenChange  OCS Manager, my 
Samba services stopped running.


The only working solution is to comment out the OpenChange lines in 
'smb.conf'


Here's my 'smb.conf' --

[global]
workgroup = SMBDOMAIN
realm = smbdomain.com
netbios name = SOGO
server role = active directory domain controller
dns forwarder = 192.168.121.1
idmap_ldb:use rfc2307 = yes
passdb backend = samba
allow dns updates = nonsecure

### Configuration required by OpenChange server ###
#dsb:shema update allowed = true
#dcerpc endpoint servers = +epmapper, +mapiproxy
#dcerpc_mapiproxy:server = true
#dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, 
exchange_ds_rfr

### Configuration required by OpenChange server ###

#mapistore:namedproperties = mysql
#namedproperties:mysql_user = openchange-user
#namedproperties:mysql_pass = $passwd
#namedproperties:mysql_host = localhost
#namedproperties:mysql_db = openchange
#mapistore:indexing_backend = 
mysql://openchange-user:$passwd@localhost/openchange
#mapiproxy:openchangedb = 
mysql://openchange-user:$passwd@localhost/openchange


[netlogon]
path = /var/lib/samba/sysvol/smbdomain.com/scripts
read only = No

[sysvol]
path = /var/lib/samba/sysvol
read only = No

And, my 'ocsmanager.ini' --

[DEFAULT]
debug = true
email_to = valid.u...@smbdomain.com
smtp_server = localhost
error_email_from = paste@localhost

[main]
auth = ldap
mapistore_root = /var/lib/samba/private
mapistore_data = /var/lib/samba/private/mapistore
debug = yes

[auth:file]

[auth:ldap]
host = ldap://127.0.0.1
port = 389
bind_dn = cn=Administrator,cn=Users,dc=smbdomain,dc=com
bind_pw = $passwd
basedn = cn=Users,dc=smbdomain,dc=com

[auth:single]
username = openchange
# password is test
*#password = {SSHA}I6Hy5Wv0wuxyXvMBFWFQDVVN12_CLaX9* *(Is this a 
problem?)*

password = $passwd

[server:main]
use = egg:Paste#http
host = 127.0.0.1
port = 5000
protocol_version = HTTP/1.1

[app:main]
use = egg:ocsmanager
full_stack = true
static_files = true
cache_dir = %(here)s/data
beaker.session.key = ocsmanager
beaker.session.secret = SDyKK3dKyDgW0mlpqttTMGU1f
app_instance_uuid = {ee533ebc-f266-49d1-ae10-d017ee6aa98c}
NTLMAUTHHANDLER_WORKDIR = /var/cache/ntlmauthhandler
SAMBA_HOST = 127.0.0.1

[rpcproxy:ldap]
host = localhost
port = 389
*basedn = CN=Users,DC=example,DC=com   (Is this a problem?)*
set debug = true

[autodiscover]

[autodiscover:rpcproxy]
enabled = true

[outofoffice]

[outofoffice:file]
sieve_script_path = /var/vmail/$domain/$user/sieve-script
sieve_script_path_mkdir = false

[outofoffice:managesieve]
secret = secret

[loggers]
keys = root

[handlers]
keys = console

[formatters]
keys = generic

[logger_root]
level = INFO
handlers = console

[handler_console]
class = StreamHandler
secret = secret

# Logging configuration
[loggers]
keys = root

[handlers]
keys = console

[formatters]
keys = generic

[logger_root]
level = INFO
handlers = console

[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic

[formatter_generic]
format = %(asctime)s %(levelname)-5.5s [%(name)s] [%(threadName)s] 
%(message)s



Notice the *em**boldened* lines in 'ocsmanager.ini'

*Could those errors turn off my Samba services?*


With the OpenChange lines uncommented in 'smb.conf,' I see the 
following --


adam@sogo:~$ sudo initctl list | egrep 'samba|smb|nmb|winbind'
nmbd start/running
winbind stop/waiting
smbd stop/waiting
reload-smbd stop/waiting
samba-ad-dc stop/running
adam@sogo:~$

With those same lines commented out, I see the following --

adam@sogo:~$ sudo initctl list | egrep 'samba|smb|nmb|winbind'
nmbd start/running
winbind stop/waiting
smbd stop/waiting
reload-smbd stop/waiting
samba-ad-dc start/running, process 875
adam@sogo:~$

Here's my package selections --

adam@sogo:~$ sudo dpkg --get-selections | egrep 'samba|smb|nmb|winbind'
libnss-winbind:amd64install
libpam-winbind:amd64install
libsmbclient:amd64  install

Re: [SOGo] Adding users via Windows Admin Tools doesn't work

[Rowland Penny]

On 24/07/15 23:03, Gerald Brandt wrote:



On 2015-07-24 03:44 PM, Rowland Penny wrote:

On 24/07/15 19:13, Gerald Brandt wrote:


On 2015-07-24 10:57 AM, Rowland Penny wrote:

On 24/07/15 16:17, Gerald Brandt wrote:

Hi,

I added two users to my SAMBA/SOGo/Openchange server via the 
Windows tools from Windows 7.  I then went to the Linux server and 
ran opechnage_newuser -- create user.


When the user connects via Outlook (2003), they can send and 
receive emails, calendar, etc.


When the user connects via IMAP, they can't login. Dovecot can't 
find the user in LDAP.


When the user connects voa the SOGo web interface, login takes 
awhile, and the user is presented with no email folders.



I added a user with samba-tool user add and the openchange_newuser 
--create, and all three (Outlook, IMAP, and web) work perfectly.


Should I file a bug report with Openchnage on this?  With SOGo?

Thanks,
Gerald



Hi, can you post you dovecot ldap conf file (suitably sanitized of 
course) also what version of samba4 you are using.


Rowland



Hi,

I'm using everything from the inverse repo.  Dovecot authorizes fine 
when I use samba-tool to add a user.  Samba version is 4.1.18.


I use a script to build my Samba/SOGo/Openchange install.  You can 
see my script at http://majentis.com/?p=344 . It has every config 
file I use.


Here's my dovecot.conf

# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol

postmaster_address=administra...@erlphase.com

# AUTH
disable_plaintext_auth = yes
auth_master_user_separator = *
auth_mechanisms = plain login

# master users
#passdb {
#  driver = passwd-file
#  master = yes
#  args = /etc/dovecot/master-users

  # Unless you're using PAM, you probably still want the destination 
user to

  # be looked up from passdb that it really exists. pass=yes does that.
  #pass = yes
#}

# ldap users
passdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap.conf.ext
}

userdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap.conf.ext
}

# trust on 127.0.0.1
passdb {
 driver = static
 args = nopassword=y allow_nets=127.0.0.1/32
}


# LOGGING
auth_verbose = yes
mail_debug = no
plugin {
  # Events to log. Also available: flag_change append
  #mail_log_events = delete undelete expunge copy mailbox_delete 
mailbox_rename

  # Available fields: uid, box, msgid, from, subject, size, vsize, flags
  # size and vsize are available only for expunge and copy events.
  #mail_log_fields = uid box msgid size
}

# MAIL and NAMESPACES
mail_location = maildir:~/maildir
mail_uid = vmail
mail_gid = vmail
mail_plugins = acl quota

namespace {
  type = private
  separator = /
  prefix =
  inbox = yes

  mailbox INBOX {
auto = create
  }
}
namespace {
  type = shared
  separator = /
  prefix = shared/%%u/
  location = maildir:%%h/maildir:INDEX=~/maildir/shared/%%u
  subscriptions = no
  list = children
}


# MASTER
service imap-login {
  inet_listener imap {
#port = 143
  }
  inet_listener imaps {
#port = 993
ssl = yes
  }
  # this is suboptimal since imap and imaps will also accept nopass
  inet_listener imap-nopass {
port = 144
  }

}
service pop3-login {
  inet_listener pop3 {
#port = 110
  }
  inet_listener pop3s {
#port = 995
#ssl = yes
  }
}
service lmtp {
  unix_listener lmtp {
#mode = 0666
  }
  # Create inet listener only if you can't use the above UNIX socket
  inet_listener lmtp {
# Avoid making LMTP visible for the entire internet
address = 127.0.0.1
port = 24
  }
}
service imap {
  executable = imap postlogin
}
service auth {
  # auth_socket_path points to this userdb socket by default. It's 
typically
  # used by dovecot-lda, doveadm, possibly imap process, etc. Its 
default
  # permissions make it readable only by root, but you may need to 
relax these
  # permissions. Users that have access to this socket are able to 
get a list

  # of all usernames and get results of everyone's userdb lookups.
  unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
  }
}
service postlogin {
  executable = script-login -d rawlog
  unix_listener postlogin {
  }
}

# SSL/TLS support: yes, no, required. doc/wiki/SSL.txt
ssl = yes
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_key = /etc/ssl/private/dovecot.pem

# LDA
quota_full_tempfail = yes
protocol lda {
  # Space separated list of plugins to load (default is global 
mail_plugins).

  #mail_plugins = $mail_plugins
}

# PROTOCOLS
protocol imap {
  mail_plugins = $mail_plugins autocreate imap_acl imap_quota
}
protocol lmtp {
  mail_plugins = $mail_plugins sieve
}

service managesieve-login {
  inet_listener sieve {
port = 4190
address = 127.0.0.1
  }
}
service managesieve {
}
protocol sieve {
}

plugin {
  acl = vfile
  acl_shared_dict = file:/var/spool/dovecot/shared-mailboxes.db

  quota_rule = *:storage=2G
  quota_rule2 = Trash:storage=+100M
  quota = dict:::file:%h/dovecot-quota

  sieve = ~/.dovecot.sieve
  sieve_dir

Re: [SOGo] Adding users via Windows Admin Tools doesn't work

[Rowland Penny]

On 24/07/15 16:17, Gerald Brandt wrote:

Hi,

I added two users to my SAMBA/SOGo/Openchange server via the Windows 
tools from Windows 7.  I then went to the Linux server and ran 
opechnage_newuser -- create user.


When the user connects via Outlook (2003), they can send and receive 
emails, calendar, etc.


When the user connects via IMAP, they can't login.  Dovecot can't find 
the user in LDAP.


When the user connects voa the SOGo web interface, login takes awhile, 
and the user is presented with no email folders.



I added a user with samba-tool user add and the openchange_newuser 
--create, and all three (Outlook, IMAP, and web) work perfectly.


Should I file a bug report with Openchnage on this?  With SOGo?

Thanks,
Gerald



Hi, can you post you dovecot ldap conf file (suitably sanitized of 
course) also what version of samba4 you are using.


Rowland

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Re: SOGo upgrade issue

[Rowland Penny]

On 21/07/15 14:26, Steve Ankeny wrote:

On 07/18/2015 05:34 PM, Christian M. Jensen wrote:

hi.

this is just a suggestion, if the problem really just is the postinst 
script


download the package using wget or other local tool
then unpack it and extract the DEBIAN folder from it like this

*NOTE* foo.deb is the package you modify
*NOTE* tmpdir is the folder you extract the deb archive to.
*NOTE* hacked.deb is the package you install!

dpkg-deb -x foo.deb tmpdir
dpkg-deb --control foo.deb tmpdir/DEBIAN

now edit the postinst script

 nano tmpdir/DEBIAN/control

now pack the deb file and install it

dpkg -b tmpdir hacked.deb
dpkg -i hacked.deb

I've done this my self a few times, and might just be what you need 
if you don't want to compile it

just a suggestion.

Regards
Christian Jensen



just a followup --

*Christian's suggestion was the ONLY suggestion that worked.*

(1) 'update-rc.d -f samba remove'  'apt-get -f install' didn't work

No matter the order in which I performed the procedures, it never 
completed the installation.


(2) neither did 'mv /etc/init.d/samba /etc/init.d/samba_old' work

That appeared to me simply a different way of removing the 'samba' 
link in '/etc/init.d/'


As it turns out --

(3) *There is an error in the Inverse 'samba' package 
'/tmpdir/DEBIAN/postinst' script*


line 51 reads 'update-rc.d samba remove' but SHOULD read 'update-rc.d 
-f samba remove'


The first DOES NOT WORK but the second does.

(4) removing 'samba' before installing the hacked deb package is a 
mistake


The deb package requires other Samba packages, such as 
'samba-common' 'samba-common-bin' etc., so those MUST be installed 
before installing the hacked deb package ('samba' will fail at that 
point)


THEN the hacked deb package will install properly over the failed 
'samba' package.


After completing the installation --

(5) domain login worked properly (most likely because I had not 
removed or disturbed 'samba')


The domain user DB was intact, and it allowed login to the domain 
(machines were properly joined)


(6) HOWEVER, I had issues with logging into the SOGo web interface 
(not recognizing user/password)


I will have to troubleshoot why I could not log into SOGo and/or 
why the web interface would not load.  Actually, although Apache was 
running, I could not access the SOGo web page itself (so, there's an 
issue)


I have rolled back (restored) the snapshot of my server so users can 
work uninterrupted today.


Any suggestions on how to troubleshoot my e-mail/calendar server will 
be appreciated.  I successfully ran the 'sql-update' script, but I was 
never able to test it because SOGo would not recognize user/password.


I would appreciate Inverse correcting the issue with the 'postinst' 
script (it would save time)





The problem is Inverse is basing their packages on the Debian Packages, 
Debian came up with that line to cure a systemd problem and probably 
because (in my opinion) you have to be brain dead to use systemd, they 
forgot the '-f'


Rowland

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Re: SOGo upgrade issue

[Rowland Penny]

On 18/07/15 21:50, Steve Ankeny wrote:

On 07/18/2015 02:56 PM, Rowland Penny wrote:

On 18/07/15 19:26, Steve Ankeny wrote:

On 07/18/2015 12:53 PM, Rowland Penny wrote:

On 18/07/15 15:27, Steve Ankeny wrote:

On 07/01/2015 02:39 PM, Steve Ankeny wrote:

thx, I'll look at it when I'm back off my downtime

On 07/01/2015 12:21 PM, Achim Gottinger wrote:

Hello Steve,

You used purge and not remove so all configs got removed as well.
Take an look in /var/lib/samba you may find backup's there done 
by apt/dpkg durcing upgrades.
I have an bunch of backed-up-by-dpkg-on-2015-03-10T16.56.tar.gz 
files there.
Seems these include all the necessary ldb's but they all have an 
suffix like backed-up-by-dpkg-on-2015-03-10T16.56 here which 
must be removed.


achim~





ok, finally gave this a try

However, there are STILL errors --

(here are the steps I used in order)

adam@sogo:~$ sudo apt-get remove samba
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  libgnutls28 libhogweed2 libldb-dev libldb1 libnettle4 libsmbclient
  python-ldb python-samba samba-common samba-common-bin samba-dev
  samba-dsdb-modules samba-libs samba-vfs-modules smbclient
Suggested packages:
  gnutls-bin heimdal-clients
The following packages will be REMOVED:
  libnss-winbind libpam-winbind openchangeproxy openchangeserver 
samba winbind

The following NEW packages will be installed:
  libgnutls28 libhogweed2 libnettle4
The following packages will be upgraded:
  libldb-dev libldb1 libsmbclient python-ldb python-samba samba-common
  samba-common-bin samba-dev samba-dsdb-modules samba-libs 
samba-vfs-modules

  smbclient
12 upgraded, 3 newly installed, 6 to remove and 8 not upgraded.
Need to get 8,559 kB of archives.
After this operation, 16.1 MB disk space will be freed.
Do you want to continue? [Y/n]Y

(completes without error)

(edit 'dns-nameservers' and restart network)

(reinstall packages that were REMOVED -- using -f yields same 
results)


adam@sogo:~$ sudo apt-get install samba openchangeproxy 
openchangeserver winbind libnss-winbind libpam-winbind 
python-ocsmanager

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  python-mapistore python-rpclib python-sievelib python-spyne 
python-support

  python-tz
Suggested packages:
  bind9 bind9utils ctdb ntp smbldap-tools
The following NEW packages will be installed:
  libnss-winbind libpam-winbind openchangeproxy openchangeserver
  python-mapistore python-rpclib python-sievelib python-spyne 
python-support

  python-tz samba winbind
The following packages will be upgraded:
  python-ocsmanager
1 upgraded, 12 newly installed, 0 to remove and 0 not upgraded.
Need to get 2,833 kB of archives.
After this operation, 21.7 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y

(errors follow -- highlighted)

Setting up samba (2:4.1.18+dfsg-3~inverse1) ...
Installing new version of config file /etc/logrotate.d/samba ...
Installing new version of config file /etc/init/smbd.conf ...
Installing new version of config file /etc/init.d/samba ...
*update-rc.d: /etc/init.d/samba exists during rc.d purge (use -f 
to force)**

**dpkg: error processing package samba (--configure):**
** subprocess installed post-installation script returned error 
exit status 1**

*


OK, This error seems to be coming from the debian postinst script:

if dpkg --compare-versions $2 lt-nl 2:4.1.13+dfsg-2~; then
# on upgrades from wheezy to jessie, the samba init script 
should not stay

# active, see #766690
update-rc.d samba remove
fi

This is from 'man update-rc.d' :

REMOVING SCRIPTS
   When  invoked  with the remove option, update-rc.d removes 
any links in
   the /etc/rcrunlevel.d directories to the script 
/etc/init.d/name.   The
   script  must have been deleted already.  If the script is 
still present

   then update-rc.d aborts with an error message.

So, 'Installing new version of config file /etc/init.d/samba ...' 
installs the script
The debian postinst script tries to remove the links from 
'/etc/rcrunlevel.d' but fails because the script exists (see line 
above)


There is a way around this, it doesn't matter if the script exists 
if the links don't, so, in my opinion, whoever wrote the script 
should have added '-f', this would remove the links even if the 
script exists.


Of course, this is really an artifact of using systemd.

Rowland



Thanks, Rowland!  I knew you'd take notice (and reply)  You've been 
a big help to me.


*Is there any way for me to work around this or must I wait for 
Inverse?*


I was hoping there might still be a way to use 'dpkg' to force 
reconfiguration/installation.


Even downloading packages individually and using 'dpkg' is 
acceptable (until Inverse edits the script)





There may be a way to fix this, open /var/lib/dpkg/status in your 
favourite editor

Re: [SOGo] Re: SOGo upgrade issue

[Rowland Penny]

On 18/07/15 15:27, Steve Ankeny wrote:

On 07/01/2015 02:39 PM, Steve Ankeny wrote:

thx, I'll look at it when I'm back off my downtime

On 07/01/2015 12:21 PM, Achim Gottinger wrote:

Hello Steve,

You used purge and not remove so all configs got removed as well.
Take an look in /var/lib/samba you may find backup's there done by 
apt/dpkg durcing upgrades.
I have an bunch of backed-up-by-dpkg-on-2015-03-10T16.56.tar.gz 
files there.
Seems these include all the necessary ldb's but they all have an 
suffix like backed-up-by-dpkg-on-2015-03-10T16.56 here which must be 
removed.


achim~





ok, finally gave this a try

However, there are STILL errors --

(here are the steps I used in order)

adam@sogo:~$ sudo apt-get remove samba
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  libgnutls28 libhogweed2 libldb-dev libldb1 libnettle4 libsmbclient
  python-ldb python-samba samba-common samba-common-bin samba-dev
  samba-dsdb-modules samba-libs samba-vfs-modules smbclient
Suggested packages:
  gnutls-bin heimdal-clients
The following packages will be REMOVED:
  libnss-winbind libpam-winbind openchangeproxy openchangeserver samba 
winbind

The following NEW packages will be installed:
  libgnutls28 libhogweed2 libnettle4
The following packages will be upgraded:
  libldb-dev libldb1 libsmbclient python-ldb python-samba samba-common
  samba-common-bin samba-dev samba-dsdb-modules samba-libs 
samba-vfs-modules

  smbclient
12 upgraded, 3 newly installed, 6 to remove and 8 not upgraded.
Need to get 8,559 kB of archives.
After this operation, 16.1 MB disk space will be freed.
Do you want to continue? [Y/n]Y

(completes without error)

(edit 'dns-nameservers' and restart network)

(reinstall packages that were REMOVED -- using -f yields same results)

adam@sogo:~$ sudo apt-get install samba openchangeproxy 
openchangeserver winbind libnss-winbind libpam-winbind python-ocsmanager

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  python-mapistore python-rpclib python-sievelib python-spyne 
python-support

  python-tz
Suggested packages:
  bind9 bind9utils ctdb ntp smbldap-tools
The following NEW packages will be installed:
  libnss-winbind libpam-winbind openchangeproxy openchangeserver
  python-mapistore python-rpclib python-sievelib python-spyne 
python-support

  python-tz samba winbind
The following packages will be upgraded:
  python-ocsmanager
1 upgraded, 12 newly installed, 0 to remove and 0 not upgraded.
Need to get 2,833 kB of archives.
After this operation, 21.7 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y

(errors follow -- highlighted)

Setting up samba (2:4.1.18+dfsg-3~inverse1) ...
Installing new version of config file /etc/logrotate.d/samba ...
Installing new version of config file /etc/init/smbd.conf ...
Installing new version of config file /etc/init.d/samba ...
*update-rc.d: /etc/init.d/samba exists during rc.d purge (use -f to 
force)**

**dpkg: error processing package samba (--configure):**
** subprocess installed post-installation script returned error exit 
status 1**

*


OK, This error seems to be coming from the debian postinst script:

if dpkg --compare-versions $2 lt-nl 2:4.1.13+dfsg-2~; then
# on upgrades from wheezy to jessie, the samba init script should 
not stay

# active, see #766690
update-rc.d samba remove
fi

This is from 'man update-rc.d' :

REMOVING SCRIPTS
   When  invoked  with the remove option, update-rc.d removes any 
links in
   the /etc/rcrunlevel.d directories to the script 
/etc/init.d/name.   The
   script  must have been deleted already.  If the script is still 
present

   then update-rc.d aborts with an error message.

So, 'Installing new version of config file /etc/init.d/samba ...' 
installs the script
The debian postinst script tries to remove the links from 
'/etc/rcrunlevel.d' but fails because the script exists (see line above)


There is a way around this, it doesn't matter if the script exists if 
the links don't, so, in my opinion, whoever wrote the script should have 
added '-f', this would remove the links even if the script exists.


Of course, this is really an artifact of using systemd.

Rowland


**dpkg: dependency problems prevent configuration of winbind:
 winbind depends on samba (= 2:4.1.18+dfsg-3~inverse1); however:
  Package samba is not configured yet.

dpkg: error processing package winbind (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of libnss-winbind:amd64:
 libnss-winbind:amd64 depends on winbind (= 2:4.1.18+dfsg-3~inverse1); 
however:

  Package winbind is not configured yet.

dpkg: error processing package libnss-winbind:amd64 (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of 

Re: [SOGo] Re: SOGo upgrade issue

[Rowland Penny]

On 23/06/15 15:04, Ludovic Marcotte wrote:

On 23/06/2015 08:40, Steve Ankeny wrote:
Would upgrading to Ubuntu 14.10 Utopic complete the upgrade?  Or, 
purging the 'winbind' packages?
You probably need to remove *all* Samba packages from 14.04 before 
installing our packages.


The is the list of packages we provide: 
http://inverse.ca/ubuntu/pool/trusty/s/samba/


From a minimal install of 14.04, our packages install like a snap 
without any issue. That's how the ZEG is built (and is from *scratch* 
after every release).


Thanks!



OH very funny, if you have to remove the standard samba packages from a 
distro before trying to upgrade samba, then:

A) you are not upgrading, you are installing
B) inverse samba packages are broken, you can install the Sernet samba 
packages over the standard packages.


Rowland

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Re: SOGo upgrade issue

[Rowland Penny]

On 23/06/15 16:05, Ludovic Marcotte wrote:

On 23/06/2015 10:48, Rowland Penny wrote:


OH very funny, if you have to remove the standard samba packages from 
a distro before trying to upgrade samba, then:

A) you are not upgrading, you are installing
B) inverse samba packages are broken, you can install the Sernet 
samba packages over the standard packages.


So help us improve them - you'll see how OH very funny it is to 
build Samba packages.


The Sernet packages will not bring you what's necessary to support 
OpenChange. That might have changed, but wasn't the case weeks ago.




That is the very problem with Openchange, or it is as far as I am 
concerned, you need to use the inverse samba packages or Openchange will 
not work. In my opinion (for what it is worth) Openchange needs to be a 
package that can be installed with *any* regular samba packages, distro 
or Sernet, or a self compiled samba, it shouldn't depend on samba being 
compiled in a certain way.


Rowland
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Dovecot can't authenticate against Samba

[Rowland Penny]

On 02/04/15 12:49, Gerald Brandt wrote:
These are the messages in the log file.  It looks like I'm not using 
the right credentials.


2015-04-02 06:44:49 master: Info: Dovecot v2.2.9 starting up (core 
dumps disabled)
2015-04-02 06:44:52 auth: Error: LDAP: binding failed (dn 
cn=admin,dc=erlphase,dc=com): Invalid credentials, Simple Bind Failed: 
NT_STATUS_LOGON_FAILURE
2015-04-02 06:44:59 auth: Error: LDAP: binding failed (dn 
cn=admin,dc=erlphase,dc=com): Invalid credentials, Simple Bind Failed: 
NT_STATUS_LOGON_FAILURE
2015-04-02 06:45:05 auth-worker(5304): Error: LDAP: binding failed (dn 
cn=admin,dc=erlphase,dc=com): Invalid credentials, Simple Bind Failed: 
NT_STATUS_LOGON_FAILURE
2015-04-02 06:45:43 imap-login: Info: Disconnected (auth failed, 1 
attempts in 44 secs): user=johndoe, method=PLAIN, rip=::1, lip=::1, 
secured, session=I2WVXLwS3wAB


I passed in an admin password when I provisioned the domain, and I 
created two users with samba-tool, Administrator and JohnDoe.


Gerald

On 2015-04-02 2:32 AM, Dániel L. wrote:

Hi Gerald,

What do you see in the logs, when trying to login?

Open another terminal and check this:
tail -f /var/log/mail.log | grep dovecot

rgrds,
Daniel

2015-04-02 5:09 GMT+02:00 Gerald Brandt g...@majentis.com 
mailto:g...@majentis.com:


Hi,

I've been following the Openchange 'cookbook' on getting
Sogo/Openchange installed, using the inverse PPA.

I've just completed the Dovecot section, and I can't get Dovecot
to authenticate at all.

# nc localhost 143
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID
ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot (Ubuntu) ready.
1 LOGIN JohnDoe openchange123
1 NO [UNAVAILABLE] Temporary authentication failure.
[ubuntu:2015-04-02 03:00:36]


This is my /etc/dovecot/dovecot.conf file:

# cat /etc/dovecot/dovecot.conf
disable_plaintext_auth = no
log_path = /var/log/dovecot.message
log_timestamp = %Y-%m-%d %H:%M:%S 
mail_location = maildir:/var/mail/%u
mail_privileged_group = mail
passdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
passdb {
  driver = pam
}
protocols = imap
service auth {
  unix_listener auth-master {
group = vmail
mode = 0600
user = vmail
  }
  unix_listener auth-userdb {
user = vmail
  }
  user = root
}
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_key = /etc/ssl/private/dovecot.pem
userdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
userdb {
  driver = passwd
}
protocol lda {
  hostname = oc.local
  log_path = /var/log/dovecot.message
  postmaster_address = postmaster@oc.local
}

protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
}


and this is my /etc/dovecot/dovecot-ldap.conf file:

# cat /etc/dovecot/dovecot-ldap.conf
uris = ldap://localhost
dn = cn=administrator,dc=erlphase,dc=com
dnpass = openchange1!
tls = no
ldap_version = 3
base = dc=oc,dc=local
scope = subtree
user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
user_filter = (uid=%u)
pass_attrs = uid=user,userPassword=password
pass_filter = (uid=%u)


Any helpful hints or directions I could look would be appreciated.

Gerald
-- 
users@sogo.nu mailto:users@sogo.nu

https://inverse.ca/sogo/lists





--
Gerald Brandt
Majentis Technologies
204-229-6595
g...@majentis.com



You posted your /etc/dovecot/dovecot-ldap.conf file, this showed that 
your login DN is:


dn = cn=administrator,dc=erlphase,dc=com

The portion of your log shows:

Error: LDAP: binding failed (dn cn=admin,dc=erlphase,dc=com): Invalid 
credentials


Are you trying to bind with 'cn=admin' as shown in the log, or with 
'cn=administrator' ?


Your 'dovecot-ldap.conf' also shows your search base as:

base = dc=oc,dc=local

er, thats different from 'dc=erlphase,dc=com'

finally, did you really create ' Administrator' with samba-tool ?

Rowland
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Dovecot can't authenticate against Samba

[Rowland Penny]

On 02/04/15 13:51, Szládovics Péter wrote:

2015-04-02 13:49 keltezéssel, Gerald Brandt írta:
These are the messages in the log file.  It looks like I'm not using 
the right credentials.


2015-04-02 06:44:49 master: Info: Dovecot v2.2.9 starting up (core 
dumps disabled)
2015-04-02 06:44:52 auth: Error: LDAP: binding failed (dn 
cn=admin,dc=erlphase,dc=com): Invalid credentials, Simple Bind 
Failed: NT_STATUS_LOGON_FAILURE
2015-04-02 06:44:59 auth: Error: LDAP: binding failed (dn 
cn=admin,dc=erlphase,dc=com): Invalid credentials, Simple Bind 
Failed: NT_STATUS_LOGON_FAILURE
2015-04-02 06:45:05 auth-worker(5304): Error: LDAP: binding failed 
(dn cn=admin,dc=erlphase,dc=com): Invalid credentials, Simple Bind 
Failed: NT_STATUS_LOGON_FAILURE
2015-04-02 06:45:43 imap-login: Info: Disconnected (auth failed, 1 
attempts in 44 secs): user=johndoe, method=PLAIN, rip=::1, lip=::1, 
secured, session=I2WVXLwS3wAB


Could you please give us your anonymized dovecot (and dovecot-ldap) 
conf? I think your problem there is in it.


He did, they are the first post, unless he has changed them.

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Dovecot can't authenticate against Samba

[Rowland Penny]

On 02/04/15 19:18, Szládovics Péter wrote:

2015-04-02 14:58 keltezéssel, Rowland Penny írta:

On 02/04/15 13:51, Szládovics Péter wrote:

2015-04-02 13:49 keltezéssel, Gerald Brandt írta:
These are the messages in the log file.  It looks like I'm not 
using the right credentials.


2015-04-02 06:44:49 master: Info: Dovecot v2.2.9 starting up (core 
dumps disabled)
2015-04-02 06:44:52 auth: Error: LDAP: binding failed (dn 
cn=admin,dc=erlphase,dc=com): Invalid credentials, Simple Bind 
Failed: NT_STATUS_LOGON_FAILURE
2015-04-02 06:44:59 auth: Error: LDAP: binding failed (dn 
cn=admin,dc=erlphase,dc=com): Invalid credentials, Simple Bind 
Failed: NT_STATUS_LOGON_FAILURE
2015-04-02 06:45:05 auth-worker(5304): Error: LDAP: binding failed 
(dn cn=admin,dc=erlphase,dc=com): Invalid credentials, Simple Bind 
Failed: NT_STATUS_LOGON_FAILURE
2015-04-02 06:45:43 imap-login: Info: Disconnected (auth failed, 1 
attempts in 44 secs): user=johndoe, method=PLAIN, rip=::1, 
lip=::1, secured, session=I2WVXLwS3wAB


Could you please give us your anonymized dovecot (and dovecot-ldap) 
conf? I think your problem there is in it.


He did, they are the first post, unless he has changed them.


Is it?

dn = cn=administrator,dc=erlphase,dc=com
base = dc=oc,dc=local

The accounts isn't on one branch of the tree (red). Will they see each 
other?
Ant this config isn't the live config, the log and the config is 
different (blue).


So I really need the actual config...






I pointed that out earlier and he has now posted them again, though they 
are different now.


Anyway, he could try this dovecot-ldap.conf:

hosts   = localhost:389
ldap_version= 3
auth_bind   = yes
dn  = administra...@erlphase.com
dnpass  = openchange1!
base= cn=users,dc=home,dc=lan
scope   = subtree
deref   = never
user_filter = 
((mail=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_filter = 
((mail=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

pass_attrs  = userPassword=password
default_pass_scheme = CRYPT
user_attrs  = 
=home=/var/vmail/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/%Ld/%Ln/Maildir/



--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Change password at login SOGO - Samba

[Rowland Penny]

On 14/01/15 15:02, Helder Ottoniel Gramajo Lopez wrote:

Hi,

I would like to enable the functionality Change password at next login in SOGo Webapp. 
As I read from SOGo documentation, I understood that I need to enable passwordPolicy in 
my LDAP user source in my Sogo.conf. Then I indicate to my LPAD which users must change their 
password at login. When those users login in SOGo, it should appears a popup to request the new 
password and after completed the password is changed.

I'm using Samba as LDAP controller and I've enabled passwordPolicy in my 
sogo.conf however the users cannot login into SOGO webapp anymore. The SOGO shows the 
following message:

Login failed due to unhandled error case: -1

The SOGo's log indicates the following error:

Jan 06 21:20:56 sogod [7174]: |SOGo| starting method 'POST' on uri 
'/SOGo/connect'
Jan 06 21:20:56 sogod [7174]: |SOGo| traverse(acquire): SOGo = connect
Jan 06 21:20:56 sogod [7174]: |SOGo| do traverse name: 'SOGo'
Jan 06 21:20:56 sogod [7174]: |SOGo| do traverse name: 'connect'
Jan 06 21:20:56 sogod [7174]: |SOGo| set clientObject: SOGo[0x0x7fb3e884d538]: 
name=SOGo
Jan 06 21:20:56 sogod [7174]: 0x0x7fb3e8bbbfc8[NGLdapConnection] Using 
ldap_initialize for LDAP URL: ldap://127.0.0.1:389/
Jan 06 21:20:56 sogod [7174]: 0x0x7fb3e8bc3748[NGLdapConnection] Using 
ldap_initialize for LDAP URL: ldap://127.0.0.1:389/
2015-01-06 21:20:56.485 sogod[7171] -[NGLdapConnection 
_searchAtBaseDN:qualifier:attributes:scope:]: search at base '' filter 
'(objectClass=*)' for attrs 'subschemaSubentry'
2015-01-06 21:20:56.486 sogod[7171] -[NGLdapConnection 
_searchAtBaseDN:qualifier:attributes:scope:]: search at base 
'CN=Aggregate,CN=Schema,CN=Configuration,DC=example,DC=com' filter 
'(objectClass=*)' for attrs 'objectclasses'
2015-01-06 21:20:56.503 sogod[7171] -[NGLdapConnection 
_searchAtBaseDN:qualifier:attributes:scope:]: search at base 
'cn=users,dc=example,dc=com' filter '(sAMAccountName=sogo1)' for attrs 'dn'
Jan 06 21:20:56 sogod [7174]: 0x0x7fb3e8bbbfc8[NGLdapConnection] bind - 
ldap_result call result: 97
Jan 06 21:20:56 sogod [7174]: 0x0x7fb3e8bbbfc8[NGLdapConnection] bind - 
ldap_parse_result - ctrls is NULL
Jan 06 21:20:56 sogod [7174]: SOGoRootPage Login from '192.168.10.146' for user 
'sogo1' might not have worked - password policy: -1 grace: -1 expire: -1 bound: 0
Jan 06 21:20:56 sogod [7174]: |SOGo| request took 0.050072 seconds to execute
192.168.10.146 - - [06/Jan/2015:21:20:56 GMT] POST /SOGo/connect HTTP/1.1 403 
31/37 0.054 - - 464K

I've noticed that password policy has value -1 in the log, that means SOGo 
can't retrieve the required information to login the user, I've been searching 
on google for various days how to enable password policy in Samba LDAP or 
implement the change password at login using Samba as LDAP backend, however I 
haven't  found any reference on the Internet, the examples I found only 
mentions Open LDAP as backend. So I'm wondering If Samba LDAP support the 
password policy to indicate if a user must change the password at login. 
Otherwise could you give me an insight of how to implement this functionality.

Moreover I've enabled SOGoPasswordChangeEnabled in sogo.conf for users can 
changes their password in SOGo and this option works well.

For my test, I'm using ZEG Virtualbox appliance that I've downloaded from 
http://www.sogo.nu/downloads/zeg.html, I've modify the sogo.conf there.

The version is ZEG-2.2.13 that has the following package installed:

Ubuntu 14.04.1 LTS
SOGO 2.2.13
Samba 4.1.6-Ubuntu
Postfix 2.11.0
Dovecot 2.2.9

Thanks in advances

Helder Ottoniel Gramajo López


Digital Geko
Blvd. Los Próceres 24-69 z. 10
Zona Pradera Torre I of. 601
GUATEMALA
T. +(502) 2267 1107






OK, if you are running samba4 as an AD DC, you can investigate 
'samba-tool domain passwordsettings --help' , this will show what can be 
changed and how to do the changes. If you want to make your users change 
their passwords at next logon, you need to set an attribute in the users 
object in AD, you need to set the 'pwdLastSet' attribute to '0'.


Rowland
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] IMAP4 login failed . . .

[Rowland Penny]

On 30/12/14 15:36, Steve Ankeny wrote:

I'm still confused by it.

administra...@smb-domain.com accesses the Samba ldap server and 
authenticates the users.


I see that in SOGo, as it accesses the sogo table in MySQL and 
authenticates the users.


But administra...@smb-domain.com is not allowing Postfix/Dovecot to 
access the Samba ldap server.


It must not be a valid account for Postfix/Dovecot to read (that's 
all I see about it)


Yes, I've read and read the Arch Wiki, and I'm sure I'm as ignorant as 
the day is long, but it's not helping.  Neither have I found the right 
documentation in the SOGo Installation Guide (again, being ignorant)


I don't have any problem with any of that.  I just want it to work, 
and I'm confused by my results.



On 12/30/2014 10:19 AM, jacek burghardt wrote:
Well both postfix and dovecot need to have users that can access port 
389 on samba server. Samba is running its own ldap server just like 
server 2008/2012 domain controller. I would recommend creation of 
user that can access ldap on samba and it would read user names. You 
can test with administrator but what are the security risks. I have 
samba running as domain controller and openchange.
I had followed archlinux wiki on openchange it explains it well the 
steps as does sogo wiki






You can integrate iredmail with active directory, so possibly this page 
will give you the necessary hints:


http://www.iredmail.org/docs/active.directory.html

Rowland

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Fwd: SAMBA 4.0.1 unstable with Openchange ? missing implemented method and property tag.

[Rowland Penny]

On 18/11/14 15:03, Maxime RUBINO wrote:

Hi Martin,

Thanks for the answer.

Your installation is heavily outdated. You should use SOGo nightly 
builds and debian backports to get


samba 4.1
openchange 2.2


OK, I have activated backports-wheezy and SOGo Nightly but samba4 
doesn't exist ?!


root@sogo:~# aptitude -t wheezy-backports search samba4
p   samba4-clients  - client utilities 
from Samba 4
p   samba4-common-bin   - Samba 4 common files 
used by both the server and the
p   samba4-dev  - tools for extending 
Samba

p   samba4-testsuite- test suite from Samba 4

Damned...


it is just called 'samba' on backports.

Rowland
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Sogo LDAP posixAccount Postfix delivery failure

[Rowland Penny]

On 08/01/14 11:48, gert.ho...@securityicon.com wrote:

Hi!

Its been a while since I have configured a production server and also since I
have used a mailing list so please forgive me if a miss a few details.

Here is the scenario:
I am experimenting with a virtual server environment. I have SOGo running on a
Ubuntu 12.04 server with Postfix, Dovecot and SAMBA4.

I have a separate LDAP server running on the same version of Ubuntu. I use
phpmyldap to administer this LDAP server. I have created the structures within
the LDAP server with this tool.

What LDAP server? Samba4 uses an AD server

I used various installation guides but decided to use apt-get to install SOGo
and openchange on what is the mail server.

The basic configurations is according to teh following guides:
http://www.openchange.org/cookbook/backends/sogo/index.html
http://tracker.openchange.org/projects/1/wiki/HowTo_build_your_own_OpenChangeSOGo_appliance

The problem is this:
Jan  8 12:30:03 mail postfix/pipe[6078]: 48081320D97: to=us...@example.com,
relay=dovecot, delay=1785, delays=1785/0/0/0.03, dsn=4.3.0, status=deferred
(temporary failure)

I have created this using a ldif file. The moment I add the object class
posixAccount to the object the mail fails to deliver.However I am able to send 
and receive mail fine if I create an object without
the posixAccount objectClass.

This is a problem for me as we are looking to implement a single sign on
environment for all technologies.

This is not a problem, the 'posixAccount' objectClass is an auxillary 
class of the objectClass 'user' in AD and as such does not need to be 
added and in fact shouldn't be added.


Rowland



Any ideas?



--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Samba4 won't start on CentOS6

[Rowland Penny]

open /etc/init.d/samba4 in your favourite editor, change every 'smbd' to
'samba'
save  close
restart samba4

or

 sed 's/smbd/samba/g' /etc/init.d/samba4
restart samba4

Rowland



On 30 July 2013 10:01, Markus Schönhaber 
sogo-us...@list-post.ddt-consult.de wrote:

 Hello,

 by following the guide here
 
 http://www.sogo.nu/files/docs/SOGo%20Native%20Microsoft%20Outlook%20Configuration.pdf
 
 I tried to set up the native Outlook connector on CentOS6.
 samba-tool domain provision [...], openchange_provision and
 openchange_provision --openchangedb ran without errors. But
 /etc/init.d/samba4 start fails with the following error in the logs:

 | [2013/07/30 10:51:04,  0] ../source3/smbd/server.c:1200(main)
 |   smbd version 4.0.1-4.centos6.1 started.
 |   Copyright Andrew Tridgell and the Samba Team 1992-2012
 | [2013/07/30 10:51:04.636169,  0] ../source3/smbd/server.c:1252(main)
 |   server role = 'active directory domain controller' not compatible
 with running smbd standalone.
 |   You should start 'samba' instead, and it will control starting smbd
 if required

 How can I get Samba4 running?

 --
 Regards
   mks
 --
 users@sogo.nu
 https://inverse.ca/sogo/lists

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] ZEG install script

[Rowland Penny]

Hi, I am having problems with your install script, I have got to the
Openchange part and I am having problems.

The code is:

  PROX=`ldapsearch -D $BDN -w $APW -b $OU
sAMAccountName=Administrator | egrep ^proxyAddresses | egrep -v
postmaster | sed s/SMTP\(.*\)/smtp\1\nproxyAddresses: SMTP:$EML/ | sed
s/\(^[^:]\+\)/-\nadd: \1\n\1/`
  echo dn: $BDN
changetype: modify
delete: proxyAddresses
$PROX | ldapmodify -D $BDN -w $APW

Which before you run it, you have:

proxyAddresses: =EX:/o=First Organization/ou=First Administrative
Group/cn=Rec
 ipients/cn=Administrator
proxyAddresses: smtp:postmaster@example.local
proxyAddresses: X400:c=US;a= ;p=First Organizati;o=Exchange;s=Administrator
proxyAddresses: SMTP:Administrator@example.local

After running it, you have:

proxyAddresses: =EX:/o=First Organization/ou=First Administrative
Group/cn=Rec
proxyAddresses: X400:c=US;a= ;p=First Organizati;o=Exchange;s=Administrator
proxyAddresses: smtp:Administrator@example.local
proxyAddresses: SMTP:Administrator@example.local

Notice that the first proxyAddresses line has been truncated, the second
has become 'Administrator@example.local' instead of
'postmaster@example.local'.

Could you please explain just what you are trying to do here and why? My
reading is that you wanted to delete the proxyAddresses lines apart from
the postmaster one, but the last part of the 'PROX' line has 'add' in it.
Also the prox line refers to $EML, but this is the only occurence of EML in
the entire script,  should EML=Administrator@$DOM , if not what does it
equal?

Thanks

Rowland


On 10 July 2013 14:33, Garth Keesler gar...@gdcjk.com wrote:

  Still getting the following after Samba install completes. This is
 probably my fault since I'm not entirely sure how to answer some of the
 questions during apt-get installs.

 Assume the following:

 VM name:sogo1
 Domain:   sogotest.com

 It would be a great help if you could reply with reasonable answers
 (ignoring passwd requests) for the products that get installed (like LDAP
 and KDC servers). No need to do them all; just the stranger ones.

 The following is still showing up:


 Wait to start Samba4 LDAP .. OK
 ldap_result: Can't contact LDAP server (-1)
 [!] User 'Administrator' not found
 ldap_result: Can't contact LDAP server (-1)
 ldap_result: Can't contact LDAP server (-1)
 ERROR: Failed to set expiry for user 'administrator': Unable to find user
 ((objectClass=user)(sAMAccountName=administrator))
 ERROR(ldb): Failed to create group SOGOTEST Users - objectclass: Cannot
 add CN=SOGOTEST Users,CN=Users,DC=sogotest,DC=com, parent does not exist!
 Operations are OK [Yn]?

 Thanx much!


 On 07/10/2013 08:08 AM, Garth Keesler wrote:


 On 07/10/2013 07:55 AM, Szládovics Péter wrote:

 2013-07-10 14:23 keltezéssel, Garth Keesler írta:

 First Q: There are a list of DNS entries that I am supposed to add that
 refer to my routable IP address assigned by my ISP (I have a 29 subnet) and
 I'm not sure what to do with these since I don't intend to publish this on
 the Internet. Can I just ignore them?


 If you plan to use remote outlook users, you maybe need autodiscover A
 record (and SRV records too, if you wont use standard HTTPS ports)

 I'll remember this for later testing.


  The script seems to run much better until the below pops up during Samba
 installation.

 Wait to start Samba4 LDAP .. OK
 ldap_result: Can't contact LDAP server (-1)
 [!] User 'Administrator' not found
 ldap_result: Can't contact LDAP server (-1)
 ldap_result: Can't contact LDAP server (-1)
 ERROR: Failed to set expiry for user 'administrator': Unable to find user
 ((objectClass=user)(sAMAccountName=administrator))
 ERROR(ldb): Failed to create group SOGOTEST Users - objectclass: Cannot
 add CN=SOGOTEST Users,CN=Users,DC=sogotest,DC=com, parent does not exist!
 Operations are OK [Yn]?

 Any ideas? Do you need more info? Should I answer Y or n?


 Yes. I think your administrator password has some illegal characters (eg
 space or other /\$'-, etc.).
 Please use only characters and numbers - because the script is require it.

 Will do. I used - (hyphen) in all of the passwords and will redo using
 only alphanumerics.

 More soon...



-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] ZEG install script

[Rowland Penny]

OK, I have downloaded it and examined it and if you expand the
proxyAddresses part, you get something like this to pass to ldapmodify:

changetype: modify
delete: proxyAddresses
-
add: proxyAddresses
proxyAddresses: =EX:/o=First Organization/ou=First Administrative
Group/cn=Rec

Now forget the address, you are setting ldapmodify to delete a
proxyAddresses and then pass it lines to add proxyAddresses, which do you
want to do

Rowland


On 10 July 2013 19:48, Szládovics Péter p...@szladovics.hu wrote:

  2013-07-10 20:15 keltezéssel, Szládovics Péter írta:

 Anyway - At the fixing the previously (cut the line) bug, I'll try to
 review this line, and fix this too, if it's a really another bug.


 Yes, it was.
 I corrected two bugs in config.sh and one bug in createuser.sh scripts.
 Please use this package: http://www.onlinedemo.hu/images/bin/config.tgz


-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] ZEG install script

[Rowland Penny]

Hi, Thanks for explaining it, I just couldn't understand deleting and
adding the attribute at the same time LOL

Rowland


On 10 July 2013 20:20, Szládovics Péter p...@szladovics.hu wrote:

 2013-07-10 21:11 keltezéssel, Rowland Penny írta:

  OK, I have downloaded it and examined it and if you expand the
 proxyAddresses part, you get something like this to pass to ldapmodify:

 changetype: modify
 delete: proxyAddresses
 -
 add: proxyAddresses
 proxyAddresses: =EX:/o=First Organization/ou=First Administrative
 Group/cn=Rec


 This cut-line error has gone ;)



 Now forget the address, you are setting ldapmodify to delete a
 proxyAddresses and then pass it lines to add proxyAddresses, which do you
 want to do


 How can you modify _one_ proxyAddresses field, if it is a multiple filed?
 No way.
 You need to store all of them, delete from all from LDAP, modify the one
 of stored property, and add all of stored properties against to the LDAP.
 This line exactly do that.
 --
 users@sogo.nu
 https://inverse.ca/sogo/lists

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Ubuntu 12.04 LTS samba4 (From Inverse) - REWRITE: list servers not implemented

[Rowland Penny]

On 13/02/13 07:37, Malte Brunnlieb wrote:


Hi,

I am in the same situation, that I cannot get SOGo running with native 
Outlook support on my ubuntu 12.04 vserver. Unfortunately, after 
trying this several weeks now I have less time to go deeper into this 
topic.


For the samba4 installation, I used this PPA: 
https://launchpad.net/~wagungs/+archive/samba4

Perhaps this will help you.

My greatest problem are the start/stop scripts of samba4 as they do 
not terminate and thus the installation/configuration/deinstallation 
of the samba4 package has to be interrupted manually...
I had this problem also with the native supported samba4 alpha package 
from the officially supported package list for pecise, but I do not 
know how to get rid of it. Any ideas? Anybody who observes the same 
issue and get it solved?


Greetings

Am 12.02.2013 20:18, schrieb Netwo Dist:

Okay, I have managed to install samba4 frm iverse ignoring 
acl_xattr.so errors.
I have used dpkg -i --force-conflicts samba4-clients to squeeze in 
samba4-clients - so basically I have version 4 client as my server is 
version 4 too. Right.
I have been following official install docs as closely as possible 
and asking any advice on the mailing lists as i go along. Now let's 
test our samba4 before we can go ahead and get sogo up and running:

root@server:~/debs# smbclient4 -L localhost -U%
Failed to connect to ncacn_np:localhost - NT_STATUS_NO_MEMORY
REWRITE: list servers not implemented
*Wooops, what is that? Doesn't seem to work.*
HELP
My 14th day trying to get all of these things installed on my super 
stable Ubuntu 12.04 LTS. I am still not getting there. Samba4 was ok 
when I compiled it from sources but then openchange and sogo 
apt-get install said Hold on my brother, there is no samba4, x and 
y, and z installed, STOP. Okay I thought, let's do it the official 
way Basically there is no way to get it installed still.

Thank you for your patience,
-The man who is going to die



--
This message has been scanned for viruses and
dangerous content by *MailScanner* http://www.mailscanner.info/, and is
believed to be clean. 
Hi, have you tried the openchange way of installing? go here: 
http://www.openchange.org/cookbook/initializing.html

Follow the instructions, it will take some time, but it works.

Rowland


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Help installing from source

[Rowland Penny]

On 25/01/13 03:38, Steven Swarts wrote:


G'day guys,

I'm following this tutorial:

Major steps

1)http://www.openchange.org/developers/initializing.html

2)http://www.openchange.org/developers/downloading.html

3)http://www.openchange.org/developers/building.html

4)http://www.openchange.org/developers/configuring.html

5)http://www.openchange.org/developers/backends/sogo/index.html

Now I'm trying to compile and run openchange, sogo, sope as an 
exchange replacement on the Debian 6 Squeeze server.


So far everything is working as expected.

However part of the SOGo tutorial assumes that I have a user 
openchange which I've created (I'm guessing from the beginning) but I 
didn't.


All I have is root user access, and so far that didn't cause any issues.

Does this mean that I have duped my whole system? Need to re-install 
everything using sudoers and a username openchange?? Does he have to 
be part of root group?


I couldn't find any information on the tutorial about that.

Thanks in advance,

Steve


--
This message has been scanned for viruses and
dangerous content by *MailScanner* http://www.mailscanner.info/, and is
believed to be clean. 

Hi, I pointed this out some time ago, just create the user:

useradd -d /home/openchange -m -N -r -s /bin/false openchange

then become the user:

su - -s /bin/bash openchange

then continue where you left off, just type 'exit' after you have done 
the SOGo commands, you will need to become the openchange user again to 
run SOGo later.


Rowland


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Help installing from source

[Rowland Penny]

On 25/01/13 17:12, Steven Swarts wrote:


Thank you for the heads up, I have now completed everything up until 
the run command.


As openchange user I run the command

$ sogod

This is what it comes back with:

-su: sogod: command not found

Any ideas?

*/Regards,/*

*/Steven Swarts/*

*From:*Rowland Penny [mailto:rpe...@f2s.com]
*Sent:* Friday, 25 January 2013 7:15 PM
*To:* users@sogo.nu
*Subject:* Re: [SOGo] Help installing from source

On 25/01/13 03:38, Steven Swarts wrote:

G'day guys,

I'm following this tutorial:

Major steps

1)http://www.openchange.org/developers/initializing.html

2)http://www.openchange.org/developers/downloading.html

3)http://www.openchange.org/developers/building.html

4)http://www.openchange.org/developers/configuring.html

5)http://www.openchange.org/developers/backends/sogo/index.html

Now I'm trying to compile and run openchange, sogo, sope as an
exchange replacement on the Debian 6 Squeeze server.

So far everything is working as expected.

However part of the SOGo tutorial assumes that I have a user
openchange which I've created (I'm guessing from the beginning)
but I didn't.

All I have is root user access, and so far that didn't cause any
issues.

Does this mean that I have duped my whole system? Need to
re-install everything using sudoers and a username openchange??
Does he have to be part of root group?

I couldn't find any information on the tutorial about that.

Thanks in advance,

Steve


-- 
This message has been scanned for viruses and

dangerous content by *MailScanner* http://www.mailscanner.info/,
and is
believed to be clean.

Hi, I pointed this out some time ago, just create the user:

useradd -d /home/openchange -m -N -r -s /bin/false openchange

then become the user:

su - -s /bin/bash openchange

then continue where you left off, just type 'exit' after you have done 
the SOGo commands, you will need to become the openchange user again 
to run SOGo later.


Rowland


--
This message has been scanned for viruses and
dangerous content by *MailScanner* http://www.mailscanner.info/, and is
believed to be clean.


--
This message has been scanned for viruses and
dangerous content by *MailScanner* http://www.mailscanner.info/, and is
believed to be clean. 

Hi again, just use the full path: /usr/local/sbin/sogod

Rowland

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] ANN: SOGo v1.3.14

[Rowland Penny]

On 25/03/12 18:14, Dominique wrote:



On 25/03/2012 18:48, Christian Rößner wrote:

Hi,

Just updated from 1.3.11 to 1.3.14 on ubuntu server 10.04 and no 
change. The apt-get command did not seems to find any SOGO updates, 
just for SOPE - which I did. Did I miss something or is the package 
incomplete ? By the way, SOGo still works and the about window still 
shows 1.3.11 (and yes I cleared my cache).


I did upgrade on a ubuntu server 11.04 without problem.

Anyone with similar situation ?


I can not confirm this bug. I have updated 2 SOGo-Server Ubuntu 10.04 
without any problems.


lsb_release -a
No LSB modules are available.
Distributor ID:Ubuntu
Description:Ubuntu 10.04.4 LTS
Release:10.04
Codename:lucid

dpkg -l sogo
Desired=Unknown/Install/Remove/Purge/Hold
| 
Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend

|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ NameVersion Description
+++-===-===-== 

ii  sogo1.3.14  a modern 
and scalable groupware


-Christian

---
Roessner-Network-Solutions
Bachelor of Science Informatik
Nahrungsberg 81, 35390 Gießen
F: +49 641 5879091, M: +49 176 93118939
USt-IdNr.: DE225643613
http://www.roessner-network-solutions.com


Was your upgrade path from 1.3.11 to 1.3.14 as well ? When trying 
update again, the system does not find new updates, although it 
registers only version 1.3.11 installed:


root@hra-srv-2:~# apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
  linux-headers-server linux-image-server linux-server sogo
0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
root@hra-srv-2:~#

root@hra-srv-2:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 10.04.4 LTS
Release:10.04
Codename:   lucid

root@hra-srv-2:~# dpkg -l sogo
Desired=Unknown/Install/Remove/Purge/Hold
| 
Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend

|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name   VersionDescription
+++-==-==- 


ii  sogo   1.3.11 a modern and scalable groupware

Still stuck.

Dominique

From reading your reply, it would seem that you have found the Sogo 
update but apt wants you to do a dist-upgrade to install it. whether you 
do this is up to you, but if you do you will also get a new kernel.


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] samba4 package in nightly?

[Rowland Penny]

On 10/01/12 10:07, Szombathelyi Gy|rgy wrote:

Hi,
Samba4 in its current (alpha) state has both smbd (from Samba3) and 
samba(the new daemon). For SOGo you only need samba.

Br,
György

Daniel Müller danielmuell...@gmx.net írta:

I think samba4 does not have testparm anymore.
you are using testparm from samba3 package.


 Original-Nachricht 
 Datum: Mon, 09 Jan 2012 22:41:04 +
 Von: Rowland Penny rpe...@f2s.com
 An: users@sogo.nu
 Betreff: Re: [SOGo] samba4 package in nightly?

 On 09/01/12 18:40, Jean Raby wrote:
  On 12-01-09 10:39 AM, Denis  Medvedev wrote:
  Hello, dear developers, There is NO such package in Sogo repo for
 CENTOS
  6 x86_64 nightly. You can see it yourself by visiting

 http://www.sogo.nu/files/downloads/SOGo/RHEL6/x86_64/RPMS/ Looks like
  it's a misconfig. For who can do it - please fix it.
 
  Hi,
 
  please use the nightly repo, not the release repo:
  http://www.sogo.nu/files/downloads/SOGo/RHEL6/nightly/x86_64/RPMS/
 
 
 Slight problem with that :-)

 I have installed samba4 from the nightly repo:
 yum list installed | grep 'samba'
 samba4.x86_644.0.0-1.alpha17.centos6.5

 but 'testparm' gives:

 Load smb config files from /etc/samba4/smb.conf
 rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
 Unknown parameter encountered: server role
 Ignoring unknown parameter server role
 Processing section [netlogon]
 Processing section [sysvol]
 Loaded services file OK.
 Server role: ROLE_STANDALONE
 Press enter to see a dump of your service definitions

 [global]
  workgroup = HOME
  realm = HOME.LAN
  passdb backend = samba4
  idmap config * : backend = tdb

 [netlogon]
  path = /var/lib/samba4/sysvol/home.lan/scripts
  read only = No

 [sysvol]
  path = /var/lib/samba4/sysvol
  read only = No

 and in /var/log/messages
 smbd[28463]: [2012/01/09 21:56:13.034696,  0]
 ../source3/param/loadparm.c:7340(lp_do_parameter)
 smbd[28463]:   Ignoring unknown parameter server role
 smbd[28463]: [2012/01/09 21:56:13.037257,  0]
 ../source3/smbd/server.c:1077(main)
 smbd[28463]:   standard input is not a socket, assuming -D option
 named[28338]: error (network unreachable) resolving
 '_kerberos._udp.HOME/SRV/IN': 2001:7fd::1#53
 named[28338]: error (network unreachable) resolving
 '_kerberos._tcp.HOME/SRV/IN': 2001:dc3::35#53

 It would seem that SOGo's samba4 rpm thinks it is actually samba3 (or at

 least partially)

 Any chance this can be fixed?

 Thanks

 --
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.

 --
 users@sogo.nu
 https://inverse.ca/sogo/lists

-- 
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir

belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
-- 
users@sogo.nu

https://inverse.ca/sogo/lists


--
This message has been scanned for viruses and
dangerous content by *MailScanner* http://www.mailscanner.info/, and is
believed to be clean. 
Well ok, but there is something going wrong, I only have samba4 from the 
nightly repo installed:


yum list installed | grep 'samba'
samba4.x86_644.0.0-1.alpha17.centos6.5

Checking for samba in /etc/init.d gives:

ls /etc/init.d/samba*
/etc/init.d/samba4

and 'service samba4 restart' puts this into /var/log/messages

smbd[906]: [2012/01/10 11:06:46.538026,  0] 
../source3/param/loadparm.c:7340(lp_do_parameter)

smbd[906]:   Ignoring unknown parameter server role
smbd[906]: [2012/01/10 11:06:46.542348,  0] 
../source3/smbd/server.c:1077(main)

smbd[906]:   standard input is not a socket, assuming -D option

evidently the wrong smbd is getting started but the only samba binary 
is  /usr/sbin/smbd and  the pidfile is /var/run/samba4/smbd.pid


'/usr/sbin/smbd -V' gives:
Version 4.0.0alpha17-1.alpha17.centos6.5

If I download and compile samba (GIT18) I get a binary called samba4 (I 
tried previously, before reinstalling SL6.1) but this is not compatible 
with SOGo  Openchange yet.


So, am I doing something wrong and if so what?


I only have one smb.conf and this is in /etc/samba4/ and was set up when 
I provisioned samba4.




--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
users@sogo.nu
https://inverse.ca/sogo/lists