[SOLVED] zmsetup issue ldap 28160

[jbond1967]

I'm having an issue with the zmsetup.pl script. I did a search on my error and found ldap initialization failed, which says I need to check my mx record and my /etc/hosts file (done).

I'm still getting errors.

The error in the script:

DNS ERROR resolving MX for mail.myserver.com
It is suggested that the domain name have an MX record configured in DNS

If I force the script to go on, I get the following error in the log

IO::Socket::INET: connect: timeout at /opt/zimbra/libexec/zmldapinit line 136.
Tue Nov 3 12:10:51 2009 failed. (28160)

now, my mx record is correct: dig mail.myserver.com returns (sanitized for my privacy, of course):
[indent]; QUESTION SECTION:
;mail.myserver.com. IN A

;; ANSWER SECTION:
mail.myserver.com. XXXX IN A XX.XX.XX.XX

;; AUTHORITY SECTION:
myserver.com. XXXXX IN NS xx.worldnic.com.
myserver.com. XXXXX IN NS xx.worldnic.com.


and my etc/hosts file contains the two following lines

127.0.0.1 localhost.localdomain
XX.XX.XX.XX mail.myserver.com mail

I'm at a loss. Suggestions,

Thanks

[phoenix]

You have not shown any evidence that your MX record is correct or even exists. Post the output of the following commands (run on the zimbra server):

Code:

cat /etc/hosts
cat /etc/resolv.conf
dig yourdomain.com any
dig yourdomain.com mx
host `hostname`  <-- use that exact command with backticks not single quotes

Please note that the domain name in the dig commands should be yourdomain.com and not mail.yourdomain.com (that's the FQDN of your server) and that's probably why the install is failing.

[jbond1967]

It looks like you're right, I ran the dig and got the wrong ip address for the A record. It is probably the source of the problem. I changed the base address to match the server address. I will wait for the address to propagate and try again.

If that doesn't work, I will post the results to all the commands you requested. Else I will document the mistakes I made and what was done to solve them and mark the post solved.

Thanks,
Joe

[jbond1967]

I decided to try a different approach (well, I was told to test the install behind the firewall). The firewall is 10.1.10.1 (LAN side) and DNS also runs on it. The mail is 10.1.10.4, and cvt.local is the internal domain. I placed an MX record on the DNS server. Now, the LDAP error is gone, but much of the installation following fails.

The installation log is *huge* and won't fit in this post, but I'm seeing hundreds of errors relating to LDAP.

Examples:

Code:

Wed Nov  4 12:37:56 2009 This is the ldap master and ldap hasn't been configured yet.

Wed Nov  4 12:38:45 2009 ERROR: service.FAILURE (system failure: unable to lookup server by name: mail.checkmypharm.com message: [LDAP: error code 49 - Invalid Credentials]) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])

etc.

so, here are the results of the command outputs you requested (run from the mail server)

Code:

[root@mail /]# cat /etc/hosts
127.0.0.1       localhost localhost.localdomain
10.1.10.4       mail.checkmypharm.com mail

Code:

cat /etc/resolv.conf
domain          cvt.local
search          cvt.local
nameserver      10.1.10.1

and since you will probably ask, the firewall resolv.conf

Code:

firewall.cvt.local{root}[78]: cat /etc/resolv.conf
domain cvt.local
search cvt.local
nameserver 10.1.10.1
nameserver 66.7.224.17
nameserver 66.7.224.18
nameserver 4.2.2.1

Code:

[root@mail /]# dig checkmypharm.com any

; <<>> DiG 9.6.1-P1-RedHat-9.6.1-6.P1.fc11 <<>> checkmypharm.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44644
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;checkmypharm.com.              IN      ANY

;; ANSWER SECTION:
checkmypharm.com.       86400   IN      SOA     firewall.cvt.local. root.checkmypharm.com. 2009110402 10800 900 604800 86400
checkmypharm.com.       86400   IN      NS      firewall.cvt.local.
checkmypharm.com.       86400   IN      MX      0 mail.checkmypharm.com.
checkmypharm.com.       86400   IN      A       10.1.10.4

;; ADDITIONAL SECTION:
firewall.cvt.local.     86400   IN      A       10.1.10.1
mail.checkmypharm.com.  86400   IN      A       10.1.10.4

;; Query time: 1 msec
;; SERVER: 10.1.10.1#53(10.1.10.1)
;; WHEN: Wed Nov  4 13:07:15 2009
;; MSG SIZE  rcvd: 176

Code:

[root@mail /]# dig checkmypharm.com mx

; <<>> DiG 9.6.1-P1-RedHat-9.6.1-6.P1.fc11 <<>> checkmypharm.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61431
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:
;checkmypharm.com.              IN      MX

;; ANSWER SECTION:
checkmypharm.com.       86400   IN      MX      0 mail.checkmypharm.com.

;; AUTHORITY SECTION:
checkmypharm.com.       86400   IN      NS      firewall.cvt.local.

;; ADDITIONAL SECTION:
mail.checkmypharm.com.  86400   IN      A       10.1.10.4
firewall.cvt.local.     86400   IN      A       10.1.10.1

;; Query time: 1 msec
;; SERVER: 10.1.10.1#53(10.1.10.1)
;; WHEN: Wed Nov  4 13:08:07 2009
;; MSG SIZE  rcvd: 119

So far I *think* there is not a problem... however, the next result looks problematic to me:

Code:

[root@mail /]# host `hostname`
mail.cvt.local has address 10.1.10.4

I've spent several days on this, and am starting to think this project is beyond me. Unless the solution is clearly solvable by me based on the feedback I get here, I plan on advocating the hiring of a Zimbra consultant, letting me get back to my other duties.

Thanks for your help,

Joe