[SOLVED] ZCS 5.0.1 and admin console problems (SSH?)

[nsmarler]

I have a server running Ubuntu 6.06.2 and ZCS 5.0.1 that won't let me view its certificate. When I attempt to do so through the admin console, I get this error:

Code:

Server error encountered 
Message: system failure: exception during auth {RemoteManager: mail.domain.com->zimbra@mail.domain.com:22} Error code: service.FAILURE Method: GetCertRequest Details:soap:Receiver

.

sshd_config lists the present port as 22, and running

Code:

zmprov gs `zmhostname` | grep zimbraRemoteManagementPort

gets me:

Code:

zimbraRemoteManagementPort: 22

If I run this:

Code:

zmprov gs `zmhostname` | grep -i remote

I get:

Code:

zimbraRemoteManagementCommand: /opt/zimbra/libexec/zmrcd
zimbraRemoteManagementPort: 22
zimbraRemoteManagementPrivateKeyPath: /opt/zimbra/.ssh/zimbra_identity
zimbraRemoteManagementUser: zimbra

I followed the steps in Mail Queue Monitoring - Zimbra :: Wiki to regenerate the keys, and also tried unlocking the Zimbra user. Of course, on one server at a different client (running 5.0.4), this worked perfectly; on this one, I get this when I check the verbose output for ssh:

Code:

ssh -i .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@server.domain.com -p 22

...which yields:

Code:

Warning:  Identity file .ssh/zimbra_identity not accessible:  No such file or directory.
zimbra@mail.domain.com's password:

No amount of regenerating keys or unlocking the zimbra user changes this, and I'm stuck with the original error in the admin console.

I haven't tried fixing permissions. Beyond that, what are my next steps?

Of interest, I can log-in to the Ubuntu box as root, and su - zimbra, but I can't su - root when I am zimbra--it says "Sorry." But I can logout back to the root user and continue as normal. This is also weird compared to the other box I normally work with.

I need to upgrade this server to 5.0.6 in a few days, and I'm nervous that this is just the tip of an icky iceberg--I'd like to make sure all is working as advertised before I dive in to the upgrade!

Thank you as always for all your excellent help!

[nsmarler]

While the 5.0.6 upgrade went well, I still can't see mail queues or access the certs in the admin console.

I found that someone had messed with the /etc/groups file such that zimbra couldn't su as root, so I figured out that issue, but I'm still stumped as to how to resolve this.

Sshd is on port 22...I tried regenerating keys and updating them, then doing a zmmailboxdctl restart...no good. What am I missing?

Could someone from Zimbra ping me to perhaps work with me on this? There has to be a reasonably straightforward explanation for this...

Thanks again!

[jholder]

Can you post the error that occurs in your mailbox.log when you try to view the queue? Also, check the perms on the ssh dir and files. run zmfixperms if needed.

[adamcrow64]

su - zimbra
then run
ssh-keygen -t dsa

Choose to save the generated keys at /opt/zimbra/.ssh/zimbra_identity
do not give it a password

then edit your /opt/zimbra/.ssh/authorized_keys file to use the text that is in the /opt/zimbra/.ssh/zimbra-identity.pub file. it replaces the old key text.

that will permit zimbra to run remote ssh

ACC