Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 06-26-2008, 11:27 PM
Intermediate Member
 
Posts: 23
Default [SOLVED] ZCS 5.0.1 and admin console problems (SSH?)

I have a server running Ubuntu 6.06.2 and ZCS 5.0.1 that won't let me view its certificate. When I attempt to do so through the admin console, I get this error:

Code:
Server error encountered 
Message: system failure: exception during auth {RemoteManager: mail.domain.com->zimbra@mail.domain.com:22} Error code: service.FAILURE Method: GetCertRequest Details:soap:Receiver
.

sshd_config lists the present port as 22, and running

Code:
zmprov gs `zmhostname` | grep zimbraRemoteManagementPort
gets me:

Code:
zimbraRemoteManagementPort: 22
If I run this:

Code:
zmprov gs `zmhostname` | grep -i remote
I get:

Code:
zimbraRemoteManagementCommand: /opt/zimbra/libexec/zmrcd
zimbraRemoteManagementPort: 22
zimbraRemoteManagementPrivateKeyPath: /opt/zimbra/.ssh/zimbra_identity
zimbraRemoteManagementUser: zimbra
I followed the steps in Mail Queue Monitoring - Zimbra :: Wiki to regenerate the keys, and also tried unlocking the Zimbra user. Of course, on one server at a different client (running 5.0.4), this worked perfectly; on this one, I get this when I check the verbose output for ssh:

Code:
ssh -i .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@server.domain.com -p 22
...which yields:

Code:
Warning:  Identity file .ssh/zimbra_identity not accessible:  No such file or directory.
zimbra@mail.domain.com's password:
No amount of regenerating keys or unlocking the zimbra user changes this, and I'm stuck with the original error in the admin console.

I haven't tried fixing permissions. Beyond that, what are my next steps?

Of interest, I can log-in to the Ubuntu box as root, and su - zimbra, but I can't su - root when I am zimbra--it says "Sorry." But I can logout back to the root user and continue as normal. This is also weird compared to the other box I normally work with.

I need to upgrade this server to 5.0.6 in a few days, and I'm nervous that this is just the tip of an icky iceberg--I'd like to make sure all is working as advertised before I dive in to the upgrade!

Thank you as always for all your excellent help!
Reply With Quote
  #2 (permalink)  
Old 06-30-2008, 11:43 PM
Intermediate Member
 
Posts: 23
Default Well...

While the 5.0.6 upgrade went well, I still can't see mail queues or access the certs in the admin console.

I found that someone had messed with the /etc/groups file such that zimbra couldn't su as root, so I figured out that issue, but I'm still stumped as to how to resolve this.

Sshd is on port 22...I tried regenerating keys and updating them, then doing a zmmailboxdctl restart...no good. What am I missing?

Could someone from Zimbra ping me to perhaps work with me on this? There has to be a reasonably straightforward explanation for this...

Thanks again!
Reply With Quote
  #3 (permalink)  
Old 07-01-2008, 08:25 AM
Former Zimbran
 
Posts: 5,606
Default

Can you post the error that occurs in your mailbox.log when you try to view the queue? Also, check the perms on the ssh dir and files. run zmfixperms if needed.
Reply With Quote
  #4 (permalink)  
Old 07-21-2008, 10:23 PM
Starter Member
 
Posts: 2
Default to fix port 22 thing

su - zimbra
then run
ssh-keygen -t dsa

Choose to save the generated keys at /opt/zimbra/.ssh/zimbra_identity
do not give it a password

then edit your /opt/zimbra/.ssh/authorized_keys file to use the text that is in the /opt/zimbra/.ssh/zimbra-identity.pub file. it replaces the old key text.

that will permit zimbra to run remote ssh

ACC
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com




 

SEO by vBSEO ©2011, Crawlability, Inc.