Profile Details

Toggle Sidebar
Recent updates
  • Tomas
    Tomas started a new discussion, Sentinel RMS -

    Sentinel RMS -

    Hi

    I'm trying to set up Sentinel RMS server on our 7.5 server.

    I can only execute 64 binaries though - start and stop the service. When I try to execute 32bit binaries I get e.g. ./lslic :



    Google search points me to "glibc.i686.rpm" package needed but it's not available under ClearOS. Only the following are:



    I found the package on https://centos.pkgs.org/7/centos-x86_64/glibc-2.17-222.el7.i686.rpm.html

    But when I run "yum install http://mirror.centos.org/centos/7/os/x86_64/Packages/glibc-2.17-222.el7.i686.rpm"; I get:



    "yum provides libfreebl3.so" gives "No matches found". Another Google search pointed me to " nss-softokn-freebl.x86_64" package that supposedly includes the dependency needed but it's already installed on our server. At this point I don't know what to do...:(

  • Tomas
    Tomas replied to a discussion, OpenVPN - route all traffic

    Many thanks, Nick.

    I disabled the 3 custom rules, added "float" to .ovpn files, added "multihome", "push "redirect-gateway def1 bypass-dhcp"" to /etc/openvpn/clients.conf and disabled the UDP 1194 port destination rules - will do some testing now to see how it all works.

  • Tomas
    Tomas started a new discussion, OpenVPN - route all traffic

    OpenVPN - route all traffic

    Hi

    We need rock stable openVPN with routing all traffic via our network for our new project.

    Let me very briefly describe the config - 7.5 set as gateway with multi-wan (2 fibre connections).

    multi-wan configured:

    enp4s0 (backup) - Weight 1
    enp5s0 - Weight 100

    We also have Destination Port Rule for UDP 1194 to go through enp5s0, and a disabled rule for UDP 1194 to go through enp4s0 (so it's easy to enable when something goes wrong).

    We added:

    push "redirect-gateway def1"

    to /etc/openvpn/clients.conf.

    We also added "reneg-sec 28800" to the server side and client side config.

    All seems to work nicely...But I have also came across this article:

    https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_forcing_openvpn_traffic_for_clients_through_server

    that advises to add 3 custom firewall rules

    iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow VPN client traffic back in if established
    iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT # Allow VPN clients out
    iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE # nat for VPN

    Do we need this (with enp5s0 instead of eth0 for our server) or it's an outdated documentation? I have added those rules but it seems to work with them or without them correctly during my short tests.

    Thanks.

  • tomas wrote:

    Hi

    Anyone tried to share a printer on domain members running W10 1803 (1507 domain joined then upgraded to 1803)?.The client is visible, but can't be accessed most of the time...


    I have managed to sort it out -> the client used static IP config (with WINS), I switched to DHCP and the client can be accessed now.

  • Hi

    Anyone tried to share a printer on domain members running W10 1803 (1507 domain joined then upgraded to 1803)? I have one Zebra label printer connected to a client via USB and then shared to others.

    I tried many things but couldn't get it to work reliably...3rd party firewall uninstalled, Windows firewall disabled and I get 95 times out of 100 "Could connect to \\client-name" message when accessed under Network. SMB1 added via Add/Remove Windows features....I have "Function Discovery Provider Host" and "Function Discovery Resource Publication" services enabled and set to Automatic (Delayed Start), but that for some reason doesn't solve the issue completely...The client is visible, but can't be accessed most of the time...

  • Hi

    Just started tracking this...We tried to join W10 1803 to our domain and got an error...Still have 15xx build .iso so will go with that for now, but future is uncertain....One day this possibly won't work anymore meaning after upgrading domain logons won't be possible...

    How would any possible solutions work for paid 7.x customers using master server and slave server (PDC and BDC)?

  • Tomas
    Tomas replied to a discussion, Update mariadb to 10.2 version

    Same here - need MariaDB 10 for tomcat application to run properly... :( Trying to ditch old Windows server and this is last thing I gotta do...

    Any luck with your task? Did you solve it? Does the upgrade affect functionality of ClearOS web-interface?

    Help from devs would be appreciated here...

  • Tomas
    Tomas replied to a discussion, Mount flexshare from other COS server

    There was an error in rsync xinetd config file. Once I corrected it all is working well.

    The rsync xinetd config file is:



    This starts rsync --daemon automatically after boot. BTW the way Nick suggested to start it works too.

    On the slave system /etc/rsyncd.conf contains:



    On master in /etc/crontab I put:


    All is working well. First full backup was 2 days ago, then yesterday just incremental. Happy days :) I will change this and put a proper script in the future to backup more stuff and send email notification once completed. For now this will do and I can check /var/log/rsyncd.log if needed.

    BTW there is a way to mount flexshares from another server by using mount -t cifs e.g.


    and then backup that folder using rsync.

    The problem is you need to use a username and password, and use fstab to mount flexshare on boot. This means fstab would contain a username and password of one of the users of the system. This doesn't sound secure to me even on closed networks like ours that's why I decided to go with the above solution. You can use "guest" account too - then you don't need a password, so if data you would like to backup doesn't need to be secured by password going with "mount - t cifs" makes perfect sense.

    Hope this helps someone in the future.

  • Tomas
    Tomas replied to a discussion, Mount flexshare from other COS server

    Nick Howitt wrote:

    tomas wrote:
    Good progress here. Will post the full solution once I try to figure out how to automatically start rsync daemon on server reboot ... ;)
    Put the line in /etc/rc.d/rc.local and make the file executable.


    I have installed on the slave xinetd and created rsync containing:



    But now I get:

    rsync: read error: Connection reset by peer (104)

    when I start

    rsync -a /var/flexshare/shares/data/ root@192.168.2.2::BACKUP --exclude=.trash --delete &

    on the master for some reason no matter if I use xinetd to start rsync daemon or start it manually. It was working fine before - tested more than 5 times...

  • Tomas
    Tomas replied to a discussion, Mount flexshare from other COS server

    Good progress here. Will post the full solution once I try to figure out how to automatically start rsync daemon on server reboot ... ;)