Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: [SOLVED] Change hostname to dns name

  1. #1
    Join Date
    May 2008
    Location
    Des Moines, IA
    Posts
    89
    Rep Power
    7

    Default [SOLVED] Change hostname to dns name

    During the install Zimbra picks up the hostname and uses that for everything. I would prefer that Zimbra use the DNS name 'mail' but Im not sure how to affect this change without breaking Zimbra. I searched everything I think but the hostname appears only in these places:

    Code:
    Global
    $ zmprov getAllConfig | grep -i hostname
    zimbraBackupReportEmailRecipients: admin@hostname.domain.com
    zimbraBackupReportEmailSender: admin@hostname.domain.com
    zimbraChangePasswordURL: https://hostname.domain.com/h/changepass
    zimbraLogHostname: hostname.domain.com
    
    COS
    zmprov gac -v | grep -i host
    zimbraMailHostPool: 8bcba67b-11d0-4bd5-b70a-9ec7e96003d6
    
    SERVER
    zmprov gas -v | grep -i hostname
    # name hostname.domain.com
    cn: hostname.domain.com
    zimbraBackupReportEmailRecipients: admin@hostname.domain.com
    zimbraBackupReportEmailSender: admin@hostname.domain.com
    zimbraMtaAuthHost: hostname.domain.com
    zimbraMtaAuthURL: https://hostname.domain.com:443/service/soap/
    zimbraServiceHostname: hostname.domain.com
    zimbraSmtpHostname: hostname.domain.com
    zimbraSpellCheckURL: http://hostname.domain.com:7780/aspell.php
    zimbraSshPublicKey: ssh-dss AAAAB3NzaC1kc3MAAACBALXPeAfqEHRae47BK1d9epKVYyyuVG1qi3M/eHY4i2K95KifsHBYovyB4LuvvlFhNkSMFFc1Uj2ukmBVrD7uDHpn4W01hdPb0ajk0/OdWrGttAMmOdjIG6XcLViiVp9KdV9jNbxv+LbZ2B+ZLuSRBQ9rC61TGBbziLuZZ/1FR0QnAAAAFQDZVMoTiq+HhSHIzwaP048wUDO/kQAAAIAbvexo0OCGv+daN4mvCubyg4I5vYGkKQSnSN0oWsVN8N7x8EbgX8aW3jkK92cgRn4f3FbXkuaX7pxlrgB/nQjl77KFvvFLsOng2A1z6TucbA4+644QkEvQmmma253V1R24nvEv5h0zIGJNl1X9enUIHSZlkcBjqOC32Ck6k/kBHQAAAIEAi/VWlDgdr1PRNT8+INmIj6dt6+hpdgqvUYhQLD7Fk2Y4mtC5K4TWiDySV+b+ar63Sm0IjNG0KiWYAJwYLH01zBPw0iMjAQ0X7m2hXZKuj4pMQlvFdZ9+PDsayUn/7Rm86JuEBfQ+DP8KDQvvRmEIY4eDmWQ9lgVkQtJhZOrvqRU= hostname.domain.com
    
    SERVER
    zmprov gas -v | grep -i host
    zimbraMailReferMode: wronghost
    zimbraMtaAuthHost: hostname.domain.com
    zimbraMtaMyDestination: localhost
    zimbraServiceHostname: hostname.domain.com
    zimbraSmtpHostname: hostname.domain.com
    Q1: Generally, how do I get a fully functional, non-broken Zimbra install changed from hostname.domain.com --> mail.domain.com ?

    Q2: Which of these attributes are necessary to change? 1, some, all?

    Q3: If you change the zimbraSshPublicKey do I need to re-gen a new one with the new name?

    Thanks in advance,
    todd_dsm

    Don't forget to Vote for this RFE:
    RFE: A place To Display the contents of 'My Documents'
    Reasoning: It's new, bold, and cool.
    Last edited by todd_dsm; 10-08-2010 at 10:37 AM.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Use zmprov with RenameDomain, check this article: Zmprov - Zimbra :: Wiki Obviously it's advisable to take a backup first.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    May 2008
    Location
    Des Moines, IA
    Posts
    89
    Rep Power
    7

    Default

    Im not sure where you're going with RenameDomain. I want to rename the hostname. ;-)

    Thanks in advance,
    todd_dsm

    Don't forget to Vote for this RFE:
    RFE: A place To Display the contents of 'My Documents'
    Reasoning: It's new, bold, and cool.
    Last edited by todd_dsm; 10-08-2010 at 10:37 AM.

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Then use the following command: ZmSetServerName - Zimbra :: Wiki That command changes the hostname but I'd suggest it's the domain name that need changing not the hostname. You want the Zimbra hostname to be the same as the FQDN of your server and the domain name to be domain.com - take your pick but I think you're tyring to change the wrong thing by changing the hostname.
    Last edited by phoenix; 11-05-2009 at 01:31 PM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    May 2008
    Location
    Des Moines, IA
    Posts
    89
    Rep Power
    7

    Default More precisely...

    It appears that I'm lacking relevant specifics. Let me cure that. I'm using the Zimbra/Samba walk-through.

    What I would prefer is separation of church and state. I would prefer that:
    1) All mail related services (webmail/IMAP) be accessible via the dns name: mail.example.tld

    2) All ldap communication be accessible via the hostname: hostname.example.tld

    3) The certificate allows, and is functional for both.
    ===
    I've attempted to use zmsetservername mail.example.tld but this breaks ldap; the uri needs to be hostname.example.tld

    Sorry about the confusion.

  6. #6
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    So basically you have for some reason set your server's FQDN to hostname.example.tld, but you want all access to the server to be via mail.example.tld?

    Just leave everything the way it is, and in DNS set the A record for mail.example.tld to the same IP address. You might also want to set a virtual host on the zimbra server to mail.example.tld.

    Zimbra doesn't really care what hostname people use to access the server, the only part where it matters is the login screen where if users are not accessing via the FQDN they would need to enter their account name as "account@example.tld", however if you set a virtual host on the users domain to the address they are accessing the server by, then the server will know to add the "@example.tld" part for them.

  7. #7
    Join Date
    May 2008
    Location
    Des Moines, IA
    Posts
    89
    Rep Power
    7

    Default Let me refine...

    Quote Originally Posted by ArcaneMagus View Post
    So basically you have for some reason set your server's FQDN to hostname.example.tld, but you want all access to the server to be via mail.example.tld?
    NO, I would prefer, like any other mail server, that mail services be accessible from a dns name, in this case I prefer: mail.example.tld - not so crazy.

    And that all internal services, such as ldap, communicate via the hostname; eg: uri ldap://hostname.example.tld - also not so crazy.

    Quote Originally Posted by ArcaneMagus View Post
    Just leave everything the way it is, and in DNS set the A record for mail.example.tld to the same IP address. You might also want to set a virtual host on the zimbra server to mail.example.tld.
    These are the relevant bits of the 'Internal View' dns map. This has been in place while I've been testing.
    Code:
    # cat /var/named/chroot/var/named/example.tld.zone
    $TTL 1H
    @       SOA     hostname          root.example.tld. (
                                            42              ; serial
                                            3H              ; refresh
                                            1H              ; retry
                                            1W              ; expiry
                                            1H )            ; minimum
    
                       NS           hostname
                    IN NS           hostname
                    IN MX   5       mail
                    IN A            10.0.0.14
    hostname        IN A            10.0.0.14
    mail            IN A            10.0.0.14
    I will test the virtual host next. As you've suggested.

    Quote Originally Posted by ArcaneMagus View Post
    Zimbra doesn't really care what hostname people use to access the server, the only part where it matters is the login screen where if users are not accessing via the FQDN they would need to enter their account name as "account@example.tld", however if you set a virtual host on the users domain to the address they are accessing the server by, then the server will know to add the "@example.tld" part for them.
    Well, this is true, Zimbra doesn't really care what hostname people use to access the server, but the client does care. If you use Thunderbird to test this, it asks you if you would like to accept the certificate. I always answer Yes / Permanently. Moments later, Thunderbird displays a message to the user:
    Security Error: Domain Name Mismatch
    You have attempted to establish a connection with mail.example.tld. However, the security certificate belongs to hostname.example.tld...

    This message will display at intervals. I'm not sure how often exactly but let's just call it ever 10 minutes - it's incredibly annoying.

    I understand this makes it a compound problem but, first things first. I'll test the virtual host, if the only way to achieve this, it just seems a bit convoluted.


    Thanks in advance,
    todd_dsm

    Don't forget to Vote for this RFE:
    RFE: A place To Display the contents of 'My Documents'
    Reasoning: It's new, bold, and cool.
    Last edited by todd_dsm; 10-08-2010 at 10:38 AM.

  8. #8
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Ah so your root problem is that Thunderbird thinks your certificate is invalid because it is for a different hostname, yet you have said "The certificate allows, and is functional for both."

    So which is it? The certificate works for both host names, or the certificate doesn't work for both host names? As far as I know you would need a wildcard ssl certificate for that to work properly.

    Depending on your user base size, you could look into installing Remember Mismatched Domains, but getting the wildcard ssl cert working would probably work better for you.

  9. #9
    Join Date
    May 2008
    Location
    Des Moines, IA
    Posts
    89
    Rep Power
    7

    Default Whittling down...

    Sorry if I wasn't clear on some of these points...

    Quote Originally Posted by ArcaneMagus View Post
    Ah so your root problem is that Thunderbird thinks your certificate is invalid because it is for a different hostname,
    No, again, there is no way to get Zimbra to install with hostname/dns name separation by default. Or, it's not fully supported (because of the certs). That is the root problem. If I were to just name the host 'mail' this would be a non-issue. Except that my ldap uri would also be a publicly known dns name. I'd prefer more anonymity than that. (obscurity = security)

    Quote Originally Posted by ArcaneMagus View Post
    yet you have said "The certificate allows, and is functional for both." So which is it? The certificate works for both host names, or the certificate doesn't work for both host names?
    "3) The certificate allows, and is functional for both." is a requirement, not a reality.

    Quote Originally Posted by ArcaneMagus View Post
    Depending on your user base size, you could look into installing Remember Mismatched Domains,
    I'd prefer not to patch every desktop when it should be possible to realize a central solution.

    Quote Originally Posted by ArcaneMagus View Post
    As far as I know you would need a wildcard ssl certificate for that to work properly....getting the wildcard ssl cert working would probably work better...
    A wildcard ssl certificate is a good idea but it didn't work for me. I tried a number of different ways to gen a cert that would work. The method that finally worked was going into the Admin UI and re-installing a new cert that had a "Subject Alternative Name".

    The only problem with this is that (4) I need to produce it from the command line. Here are the steps I took: (the hashes are comments/output)

    Code:
    # Generate a new Certificate Authority (CA). 
    /opt/zimbra/bin/zmcertmgr createca -new
    # ** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
    # ** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
    # ** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
    
    # Generate a certificate signed by the CA that expires in 365 days. 
    /opt/zimbra/bin/zmcertmgr createcrt -new -days 365 -subject "/C=US/ST=IA/L=Des Moines/O=PTEST/OU=OFFICE/CN=hostname.domain.com" -subjectAltNames "mail.domain.com"
    # Validation days: 365
    # Subject: /C=US/ST=IA/L=DSM/O=PTEST/OU=OFFICE/CN=*.domain.com
    # ** Creating /opt/zimbra/conf/zmssl.cnf...done
    # ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20091111221244
    # ** Generating a server csr for download self -new
    # ** Creating /opt/zimbra/conf/zmssl.cnf...done
    # ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20091111221244
    # ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    # ** Saving server config key zimbraSSLPrivateKey...done.
    # ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    
    # Deploy the certificate
    /opt/zimbra/bin/zmcertmgr deploycrt self
    # ** Saving server config key zimbraSSLCertificate...done.
    # ** Saving server config key zimbraSSLPrivateKey...done.
    # ** Installing mta certificate and key...done.
    # ** Installing slapd certificate and key...done.
    # ** Installing proxy certificate and key...done.
    # ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    # ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    # ** Installing CA to /opt/zimbra/conf/ca...done.
    
    $ zmcontrol stop; zmcontrol start; zmcontrol status (restart was successful) 
    
    # Verify the certificate was deployed to all the services
    /opt/zimbra/bin/zmcertmgr viewdeployedcrt
    # ::service mta::
    # notBefore=Nov 10 01:44:55 2009 GMT
    # notAfter=Nov 10 01:44:55 2010 GMT
    # subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.domain.com
    # issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.domain.com
    # SubjectAltName=
    # ::service proxy::
    # notBefore=Nov 10 01:44:55 2009 GMT
    # notAfter=Nov 10 01:44:55 2010 GMT
    # subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.domain.com
    # issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.domain.com
    # SubjectAltName=
    # ::service mailboxd::
    # notBefore=Nov 10 01:44:55 2009 GMT
    # notAfter=Nov 10 01:44:55 2010 GMT
    # subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.domain.com
    # issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.domain.com
    # SubjectAltName=
    # ::service ldap::
    # notBefore=Nov 10 01:44:55 2009 GMT
    # notAfter=Nov 10 01:44:55 2010 GMT
    # subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.domain.com
    # issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.domain.com
    # SubjectAltName=
    No matter what I do the SubjectAltName= is always blank if I do this from the command line.
    ---
    Side bar: the fact that this is a standard setup and I've got to jump through so many hoops makes me wonder if I'm not doing something wrong more fundamentally.
    ---
    Anyway, I know I write a bit terse so I'd like to say thank you for taking an interest. I sure don't mean to sound rude brother ;-)


    Don't forget to Vote for this RFE:
    RFE: A place To Display the contents of 'My Documents'
    Reasoning: It's new, bold, and cool.
    Last edited by todd_dsm; 10-08-2010 at 10:38 AM.

  10. #10
    Join Date
    May 2008
    Location
    Des Moines, IA
    Posts
    89
    Rep Power
    7

    Default Apologies

    I must have boogered up my test environment. I re-tested the wild-card certificate and it works just fine.

    Code:
    # ./inst_new-cert.sh
    ###
    ###       005726: Start ./inst_new-cert.sh script
    ###
    
    ### ./inst_new-cert.sh:005726:12: Generating a new Certificate Authority... ###
    ** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
    ** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
    ** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
    
    ### ./inst_new-cert.sh:005727:18: Generating a new wild-card certificate for 365 days... ###
    Validation days: 365
    Subject: /C=US/ST=IA/L=Des Moines/O=TEST/OU=OFFICE/CN=*.domain.com
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20091116005728
    ** Generating a server csr for download self -new
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20091116005728
    ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    
    ### ./inst_new-cert.sh:005733:24: Deploying New Certificate... ###
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
    
    ### ./inst_new-cert.sh:005745:30: This is the New Certificate... ###
    ::service mta::
    notBefore=Nov 16 06:57:33 2009 GMT
    notAfter=Nov 16 06:57:33 2010 GMT
    subject= /C=US/ST=IA/O=TEST/OU=OFFICE/CN=*.domain.com
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hostname.domain.com
    SubjectAltName=
    ::service proxy::
    notBefore=Nov 16 06:57:33 2009 GMT
    notAfter=Nov 16 06:57:33 2010 GMT
    subject= /C=US/ST=IA/O=TEST/OU=OFFICE/CN=*.domain.com
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hostname.domain.com
    SubjectAltName=
    ::service mailboxd::
    notBefore=Nov 16 06:57:33 2009 GMT
    notAfter=Nov 16 06:57:33 2010 GMT
    subject= /C=US/ST=IA/O=TEST/OU=OFFICE/CN=*.domain.com
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hostname.domain.com
    SubjectAltName=
    ::service ldap::
    notBefore=Nov 16 06:57:33 2009 GMT
    notAfter=Nov 16 06:57:33 2010 GMT
    subject= /C=US/ST=IA/O=TEST/OU=OFFICE/CN=*.domain.com
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hostname.domain.com
    SubjectAltName=
    ###
    ###       005747: Finish ./inst_new-cert.sh script
    ###
    Thanks again,
    todd_dsm

    Don't forget to Vote for this RFE:
    RFE: A place To Display the contents of 'My Documents'
    Reasoning: It's new, bold, and cool.
    Last edited by todd_dsm; 10-08-2010 at 10:40 AM.

Similar Threads

  1. [SOLVED] How to change the default hostname?
    By bhwong in forum Migration
    Replies: 4
    Last Post: 04-12-2009, 09:01 PM
  2. Replies: 15
    Last Post: 04-14-2008, 01:29 PM
  3. Change DNS Settings in Admin Console
    By snixon in forum Installation
    Replies: 3
    Last Post: 03-29-2008, 11:41 AM
  4. Change hostname
    By bramm in forum Administrators
    Replies: 1
    Last Post: 08-01-2007, 12:30 AM
  5. Change hostname and IP Address!
    By celeron in forum Administrators
    Replies: 6
    Last Post: 07-15-2007, 10:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •