Line 1: |
Line 1: |
| {{Languages|SME_Server:Documentation:FAQ}} | | {{Languages|SME_Server:Documentation:FAQ}} |
− | | + | {{WIP box|Allsorts}} |
− | ==Frequently Asked Questions==
| |
| | | |
| This Section lists ''Frequently Asked Questions'' (FAQ) for SME 7. Problems many people run into installing SME 7 for the first time or upgrading to later versions are found here. | | This Section lists ''Frequently Asked Questions'' (FAQ) for SME 7. Problems many people run into installing SME 7 for the first time or upgrading to later versions are found here. |
Line 7: |
Line 6: |
| If your question isn't listed here, it's possible it's a ''Rarely Asked Question'' (RAQ), in which case you'll be better off searching for answers in [http://bugs.contribs.org Bugzilla]. | | If your question isn't listed here, it's possible it's a ''Rarely Asked Question'' (RAQ), in which case you'll be better off searching for answers in [http://bugs.contribs.org Bugzilla]. |
| | | |
− | ===Installation troubles=== | + | ==[[SME Server:Documentation:FAQ:Section01|Section 1 - Installation]]== |
− | ====Installer prompts for installation file location====
| + | * Installation Troubles |
− | Problems have been reported installing SME Server off a PATA CD-ROM drive. The system is able to boot from the CD-ROM drive but after that you get prompted by a message to specify the location where the installation image can be found. This might either mean that the disk is not readable or the CD-ROM drive is not recognized.
| + | * Yum Updates |
− | If you have validated the disk and are sure that the disk passes you might try to add the all-generic-ide option to the boot prompt before starting the installer like this:
| + | * Add dag repository to SME 7 (Centos 4) |
− | linux all-generic-ide
| + | * Add Dag repository to SME 8 (Centos 5) |
− | | + | * Other popular repositories |
− | ===Yum Updates===
| + | * Removing Software |
− | ==== Which repositories should be enabled====
| + | * Hardware Compatibility List |
− | | + | * Client Computers |
− | You should only have the following repositories enabled (names as listed in server manager panel)
| + | * Web Applications |
− | CentOS - os
| + | * Reset the root and admin password |
− | CentOS - updates
| + | * File Size Limitations |
− | SME Server - addons
| + | * External DNS |
− | SME Server - extras
| + | * Domains |
− | SME Server - os
| + | * Virus Scanning |
− | SME Server - updates.
| + | * Proxy Pass |
− | | + | * Shell Access |
− | The following command can be used to list the names & status of all configured repos.
| + | * Upgrading Server |
− | /sbin/e-smith/audittools/repositories
| + | * Changing maximum Ibay, Account or Group name length |
− | As this command lists db entries, then the equivalent names of the default enabled repositories referred to above are (listed in the same order)
| + | * Deletion of Users Ibays Groups |
− | base: enabled
| + | * Access denied to i-bay with newly created group |
− | updates: enabled
| + | * Password Strength Checking |
− | smeaddons: enabled
| + | * Hard Drives, RAID's, USB Hard Drives |
− | smeextras: enabled
| + | * Backups & Restores |
− | smeos: enabled
| + | * Supervised Services |
− | smeupdates: enabled
| + | * Server-Manager |
− | | + | * Booting with SMP kernel after upgrade to version 7.2 from CD |
− | DO NOT enable '''SME Server - updates testing''' which is considered beta, unless
| + | * Special Characters |
− | * it is a TEST server NOT a production server or
| + | * Upstream proxy server configuration |
− | * you want to be part of a bug-testing group.
| + | * Memory usage and limits |
− | | |
− | Additionally
| |
− | * '''SME Server - test''' is considered alpha
| |
− | * '''SME Server - dev''' contains automatically built rpms. It contains lots of experimental,
| |
− | incomplete and mutually incompatible packages.
| |
− | | |
− | {{Warning box|msg=If upgrading from a system prior to 7.1 update 1, ie a 7.1 CD install or earlier,
| |
− | you need to ensure you have the latest versions of the following rpms prior to applying the rest of the updates.
| |
− | This speeds up install process and avoids updates from centos that may be ahead of the distribution.
| |
− | | |
− | yum update dbus dbus-glib smeserver-support smeserver-yum yum yum-plugin-fastest-mirror python-sqlite
| |
− | signal-event post-upgrade; signal-event reboot
| |
− | }}
| |
− | | |
− | {{Note box|A system installed from the SME 7.1 CD will have the 5 repositories above enabled. A system installed from the SME 7.0 iso and updated to 7.1 or later will only have the 3 SME Server repositories enabled. After updating from SME 7.0 to SME 7.1.x you should enable the ''Centos - os'' & ''Centos - updates'' repositories in server-manager.
| |
− | }}
| |
− | | |
− | *For another way to reset the repositories to the default see [[:SME Server:Adding_Software#Restoring_Default_Yum_Repositories]]
| |
− | | |
− | ====Reconfigure / post-upgrade and reboot====
| |
− | *When is a post-upgrade and reboot required? | |
− | | |
− | After installing a smeserver-* or e-smith-* rpm
| |
− | | |
− | If you are in any doubt or if after clicking '''Reconfigure''' the server does not actually reboot.
| |
− | You can run the following.
| |
− | | |
− | signal-event post-upgrade; signal-event reboot
| |
− | | |
− | ====Updating from SME 7.x to SME 7.2====
| |
− | See [[:Updating_to_SME_7.2#Yum_Update]]
| |
− | | |
− | ====Warning in rkhunter email report====
| |
− | After upgrading to SME Server 7.4, the admin user may receive the following warning from rkhunter:
| |
− | | |
− | Warning: The SSH and rkhunter configuration options should be the same:
| |
− | SSH configuration option 'PermitRootLogin': yes
| |
− | Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
| |
− | | |
− | This warning message is not indicative of a software error or security issue and can be safely ignored. The issue is to be attended to in a future release. See this [http://bugs.contribs.org/show_bug.cgi?id=3718 bug report] for more information.
| |
− | | |
− | From June 2009 smeserver-rkhunter was removed from smeos and made a contrib.
| |
− | | |
− | You will need to either complete the removal with
| |
− | | |
− | rpm -e rkhunter
| |
− | | |
− | or re-add from smecontribs
| |
− | | |
− | yum install smeserver-rkhunter --enablerepo=smecontribs
| |
− | | |
− | ====Frequency====
| |
− | * By default SME's yum implementation checks for update daily, this can be customized to check weekly:
| |
− | config setprop yum check4updates weekly;signal-event yum-modify
| |
− | or monthly:
| |
− | config setprop yum check4updates monthly;signal-event yum-modify
| |
− | or reset to default:
| |
− | config delprop yum check4updates;signal-event yum-modify
| |
− | | |
− | ====General====
| |
− | *Please Wait - Yum Running (prereposetup)
| |
− | This means Yum is working out what updates are available.
| |
− | Occasionally such as when large sets of updates are released this could take 10+ minutes to complete
| |
− | | |
− | *Yum doesn't seem to be working correctly. What do I do now? | |
− | If for some reason you can't get yum to work correctly, try:
| |
− | yum clean metadata
| |
− | or possibly 'yum clean all'
| |
− | yum update
| |
− | | |
− | *Fix for 'Metadata file does not match checksum'
| |
− | Typical error message
| |
− | http://apt.sw.be/fedora/3/en/i386/dag/repodata/primary.xml.gz:
| |
− | [Errno -1] Metadata file does not match checksum Trying other mirror.
| |
− | Error: failure: repodata/primary.xml.gz from dag: [Errno 256] No more mirrors to try.
| |
− | | |
− | To flush the up stream proxies, using wget, run:
| |
− | | |
− | wget --cache=off http://apt.sw.be/fedora/3/en/i386/dag/repodata/filelists.xml.gz
| |
− | wget --cache=off http://apt.sw.be/fedora/3/en/i386/dag/repodata/primary.xml.gz
| |
− | wget --cache=off http://apt.sw.be/fedora/3/en/i386/dag/repodata/repomd.xml
| |
− | yum update
| |
− | | |
− | *Fix for 'Header is not complete'
| |
− | Typical error message
| |
− | ---> Downloading header for php-mysql to pack into transaction set.
| |
− | php-mysql-4.3.9-3.22.15.i 100% |=========================| 37 kB 00:00
| |
− | http://sme-mirror.firewall-services.com/releases/7/smeupdates/i386/RPMS/php-mysql-4.3.9-3.22.15.i386.rpm: [Errno -1] Header is not complete.
| |
− | Trying other mirror.
| |
− | | |
− | This is mostly due to external firewalls; there are known issues with Fortigate and Sonicwall appliances.
| |
− | Try disabling AV/Anti spyware check
| |
− | | |
− | | |
− | * An unclean shutdown during a system update can put the system into a state where it's difficult to recover. | |
− | find all the duplicate rpm's
| |
− | rpm -qa | sort | less
| |
− | Then remove all the duplicate rpm's
| |
− | rpm -e --nodeps rpmname
| |
− | Install the newest rpms
| |
− | yum install rpmname
| |
− | signal-event post-upgrade; signal-event reboot
| |
− | | |
− | * Where can I go to learn more about yum, and about how SME uses it?
| |
− | [[:SME Server:Adding_Software ]], man yum, http://linux.duke.edu/projects/yum/
| |
− | | |
− | ====Adding, removing or disabling repositories ====
| |
− | | |
− | *What is the recommended way to add other yum repositories
| |
− | The following code uses the dag repository as an example and sets the status to disabled.
| |
− | The repository is configured to be used via the command line with the --enablerepo= option
| |
− | {{Repository|dag}}
| |
− | | |
− | *How do I remove yum repositories
| |
− | | |
− | db yum_repositories delete repositoryname
| |
− | signal-event yum-modify
| |
− | | |
− | *How do I disable the status of a repository to allow future use via command line with the --enablerepo= option | |
− | | |
− | db yum_repositories setprop repositoryname status disabled
| |
− | signal-event yum-modify
| |
− | | |
− | ====Other popular repositories====
| |
− | | |
− | A list off other repositories can be found at [[:Category:Yum_Repository]].
| |
− | | |
− | Be careful updating software from these repositories. Only update packages by name eg.
| |
− | yum update --enablerepo=reponame packagename
| |
− | | |
− | Do not do a general update with the 3rd party repository enabled as it could update many packages that will overwrite SME versions.
| |
− | | |
− | | |
− | ====Removing Software====
| |
− | If you wish to remove rpms from the command line use
| |
− | rpm -e rpmname
| |
− | yum remove rpmname, will work if the rpm to be removed is non essential, but what you consider non essential may differ to the system so it's best to use rpm -e
| |
− | | |
− | ===Hardware Compatibility List===
| |
− | [http://wiki.contribs.org/KnownProblems#Hardware List of Hardware that known have problems with SME Server]
| |
− | | |
− | Maintaining a complete HCL is difficult,
| |
− | the following links will give a indication of hardware being used by SME Servers and upstream providers
| |
− | | |
− | *https://hardware.redhat.com/index.cgi
| |
− | *http://smolt.contribs.org
| |
− | *http://wiki.centos.org/HardwareList | |
− | | |
− | ===Client Computers===
| |
− | | |
− | *Windows 7 support for SME 7?
| |
− | | |
− | Windows 7 cannot join to SME 7.x domains due to trust relationship issues. However, you can configure an optional unsupported update if Windows 7 support is critical for your environment.
| |
− | | |
− | More information is available [[Windows 7 Support|here]].
| |
− | | |
− | *Offline files with Windows XP and Windows 7 clients problems?
| |
− | Set the following registry key on the Windows Vista or Windows 7 client to prevent files from getting pulled down to the client again right after synchronizing changes to the server (due to Linux file systems having coarser timestamp resolution than Windows):
| |
− | | |
− | Create a DWORD value named <tt>RoundUpWriteTimeOnSync</tt> under the <tt>HKLM\Software\Microsoft\Windows\CurrentVersion\NetCache</tt> key (create the key if it does not exist) and set it to 1.
| |
− | | |
− | More information can be found here: [http://blogs.technet.com/filecab/archive/2007/03/16/using-offline-files-with-samba-emc-servers-nas-devices.aspx]
| |
− | | |
− | | |
− | *Samba trust relationships lost?
| |
− | This is a possible bug with an upgrade from SME6. After an upgrade, local workstations cannot log in. If you are experiencing this problem, please have a look at this bug for a fix, and provide followup:
| |
− | [https://sourceforge.net/tracker/index.php?func=detail&aid=1234009&group_id=96750&atid=615772]
| |
− | | |
− |
| |
− | *Windows XP Clients - Patch to logon to SME domain
| |
− | This patch can be used when Windows XP clients won't be able to log on to the SME Server domain. The registry patch is located here:
| |
− | http://servername/server-resources/regedit/winxplogon.reg
| |
− | Double click on the winxplogon.reg file and the settings will be added to the Windows Registry.
| |
− | | |
− | | |
− | *Windows XP Clients - "domain is not available" error
| |
− | If the client pc uses a Gigabit lan adapter, try [http://support.microsoft.com/kb/938449]
| |
− | | |
− | | |
− | *How to disable password caching on Windows 95/98/ME/2000 Clients?
| |
− | This patch can be used if you don't want Windows clients to remember password for shared folders on SME Server. The registry patch is located here: http://servername/server-resources/regedit/win98pwdcache.reg
| |
− | Just double click on the win98pwdcache.reg file and the settings will be added to the Windows Registry.
| |
− | | |
− | '''Note'''
| |
− | Although the filename seems to indicate that this patch will only work for Windows 98, but it also works in Windows 95, Windows ME and Windows 2000.
| |
− | | |
− |
| |
− | *LDAP Directory Gives MAPI_E_CALL_FAIL Errors on Outlook 2002 or Outlook 2003
| |
− | In Outlook 2002 or 2003 when someone tries to find a contact using the LDAP server, a message stating that "Unavailable critical extension" and then a second message saying "The search could not be completed. MAPI_E_CALL_FAIL" shows up and nothing shows up from the search. The directory works beautifully in Thunderbird 1.5 as well as Outlook 2000, but not 2002 or 2003. More information can be found here: [http://support.microsoft.com/default.aspx?scid=kb;en-us;555536&sd=rss&spid=2559] [http://bugs.contribs.org/show_bug.cgi?id=1406]
| |
− | | |
− | | |
− | *Where is the netlogon directory? | |
− | The netlogon directory is located on the SMESERVER at: /home/e-smith/files/samba/netlogon
| |
− | It can also be found by a client computer at: \\servername\netlogon
| |
− | | |
− | ===Web Applications===
| |
− | *chmod 777 | |
− | | |
− | Using 777 is always wrong (despite the fact that many howtos recommend it). 0770 is sufficient, as long as www is a member of the group owning the directory, and is safer.
| |
− | | |
− | Use chown www /path/to/dir <br />
| |
− | and preferably put your app in /opt/app not in an ibay
| |
− | | |
− | * Generic Instructions for Installing a Web Application
| |
− | [[:Web_Application_RPM]]
| |
− | | |
− | *Wasn't mod_perl installed in previous versions? How do I install it?
| |
− | It may have been, but it was not used so it is no longer included. If you do want to install it do the following:
| |
− | | |
− | '''Note'''
| |
− | The commands on a linux shell are case-sensitive, this means that Capital is not the same as capital.
| |
− | | |
− | yum install mod_perl
| |
− | config setprop modPerl status enabled
| |
− | signal-event post-upgrade ; signal-event reboot
| |
− |
| |
− | *The directory structure is visible. How do I disable indexes in ibays?
| |
− | SME Server 6.0, 6.0.1, and 6.5 all had the following for the ibays/html directory - "Options Indexes Includes". This would indicate that indexes were allowed for html directories. In SME Server 7.0 this is made a parameter and it defaults to enabled to be compatible with SME Server releases before SME Server 7.0 installations.
| |
− | | |
− | To disable indexes for an ibay in SME Server 7.0 do the following:
| |
− | | |
− | db accounts setprop //ibayname// Indexes disabled
| |
− | signal-event ibay-modify //ibayname//
| |
− |
| |
− | This issue was first reported here:
| |
− | [[https://sourceforge.net/tracker/?func=detail&atid=615772&aid=1275351&group_id=96750]]
| |
− | | |
− | *I need to create (or install) a PHP application that needs access to the /tmp directory.
| |
− | db accounts setprop ibayname PHPBaseDir /tmp/:/home/e-smith/files/ibays/ibayname/
| |
− | signal-event ibay-modify ibayname
| |
− | | |
− | By default if you have PHP code in an IBAY, it can only run in that IBAY. The above commands will allow PHP code in the IBAY to run outside of its installed directory.
| |
− | | |
− | Here is a list of all the [[:DB_Variables_Configuration#Apache_server_ibay_specific_.28httpd-e-smith.29 | IBAY specific settings]]
| |
− | | |
− | ===Reset the root and admin password===
| |
− |
| |
− | 1. Restart your server and at the beginning of the boot-up use the arrow keys to select the kernel you would like to boot into.
| |
− | | |
− | 2. Press A , to allow you to append parameters to your grub boot settings.
| |
− | | |
− | 3. Be careful not to change anything, only add the following after the A ('''Be sure to put a space before "single"'''):
| |
− | single
| |
− | 4. Press enter. you will be presented with a prompt.
| |
− | | |
− | 5. At this prompt type the following two commands (each followed by a return). You will be asked to provide a new password.
| |
− | Reset both your root and your admin password and set them to the same value:
| |
− | passwd root
| |
− | passwd admin
| |
− | Reboot your server and everything should be okay now.
| |
− | | |
− | ===File Size Limitations===
| |
− | *Apache, the web server can only transfer or show files under 2G | |
− | | |
− | *Backup to USB Disk
| |
− | FAT32 only supports file size of <4GB. It is recommended that you format your external usb drives to ext3.
| |
− | | |
− | ===External DNS===
| |
− | To allow external users to communicate with your server, you must have correctly configured DNS records. Once you have purchased a domain, you should configure the following records (customised if necessary) to allow web and email communication:
| |
− | | |
− | 1. An A record, myserver.mydomain.com, pointing to the external IP address of your server
| |
− | | |
− | 2. A CNAME record, *.mydomain.com, pointing to the A record myserver.mydomain.com [this is a catchall that allows aliases such as www.mydomain.com and mail.mydomain.com to be resolved without having to create multiple CNAME records]
| |
− | | |
− | 3. An MX record, pointing to myserver.mydomain.com, to allow for email delivery
| |
− | | |
− | If your registrar does not allow you to create DNS records, you may use a free service such as http://www.zoneedit.com or similar.
| |
− | | |
− | The example shown assumes that your server is operating in Server and Gateway mode and has a static external IP address. Depending on your network design and server configuration, the example may need to be modified. For example, if you use a Dynamic DNS service, you would need to modify the A record to point to your Dynamic DNS hostname, rather than a static IP address.
| |
− | | |
− | ===Domains===
| |
− | | |
− | *When I create a DOMAIN, I don't see anything listed in the HOSTNAMES AND ADDRESSES panel for that DOMAIN. | |
− | | |
− | For a domain to be effective (for email or web), it needs to be configured as INTERNET DNS SERVERS (this is the default value). Since the domain resolves via INTERNET DNS SERVERS, no hostnames or addresses are created locally. For more info please visit the Administration Manual section regarding Domains: [[http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter13#Domains]]
| |
− | | |
− | ====Delegate DNS====
| |
− | | |
− | SME Allows for 3 Settings for DNS Resolution of a Domain
| |
− | # Resolve Locally
| |
− | # Internet DNS Servers
| |
− | # Corporate DNS servers
| |
− | | |
− | If this is not sufficient, you can extended these for individual domains on your SME server (forwarding all DNS Queries for the specified domain to another server) as follows:
| |
− | | |
− | First, create the necessary virtual domains using server-manager::Configuration::Domains::Add Domain.
| |
− | | |
− | Then, (assuming your domain is called test.com and the actual DNS server is at a.b.c.d issue the following commands:
| |
− | | |
− | db domains setprop test.com Nameservers a.b.c.d
| |
− | signal-event domain-modify
| |
− | | |
− | Check with
| |
− | cat /var/service/dnscache/root/servers/test.com
| |
− | | |
− | ===Virus Scanning===
| |
− | *When you elect to nightly scan your server for viruses the current default is to scan /home/e-smith/files | |
− | | |
− | Note that early SME 7 Servers defaulted to /.
| |
− | | |
− | Also you may want to scan under /opt if have contribs that store user data there
| |
− | | |
− | the db property to change to the default
| |
− | config setprop clamav FilesystemScanFilesystems /home/e-smith/files
| |
− | or to scan different areas of the server is
| |
− | config setprop clamav FilesystemScanFilesystems "/home/e-smith/files /opt"
| |
− | | |
− | | |
− | *How do I exclude some directories from scanning | |
− | Set the db value to exclude more directories
| |
− | | |
− | The default
| |
− | config setprop clamav FilesystemScanExclude /proc,/sys,/usr/share,/var
| |
− | | |
− | Change with
| |
− | config setprop clamav FilesystemScanExclude /proc,/sys,/usr/share,/var,/home/e-smith/files/ibays
| |
− | | |
− | After any change, run the signal-event for expand and regenerate configuration files, and restart pertinent services
| |
− | | |
− | signal-event clamav-update
| |
− | | |
− | {{:SME Server:Documentation:ProxyPass}}
| |
− | | |
− | ===Shell Access===
| |
− | *I need to give a user shell access to the SME Server.
| |
− | | |
− | Shell access should only be provided to users who have a *need* for it and can be trusted.
| |
− | | |
− | Before a user can have shell access Admin must enable ssh access at
| |
− | server-manager -> Security -> Remote Access
| |
− | | |
− | You then enable shell access for a user by:
| |
− | db accounts setprop username Shell /bin/bash
| |
− | chsh -s /bin/bash username
| |
− | | |
− | ===Upgrading Server===
| |
− | *What's the best way to upgrade to a new server ? | |
− | An article is written for this subject. Please visit: [[:UpgradeDisk]].
| |
− | | |
− | *Do you want to move a running SME 7 Server installation to new hardware ?
| |
− | There is a document that describes a method using the Affa contrib.
| |
− | Affa makes it possible to move with a minimal effort and minimal downtime of the production server.
| |
− | Please visit: [[:Moving SME to new Hardware]]
| |
− | | |
− | ===Changing maximum Ibay, Account or Group name length===
| |
− | * How do I change the default maximum (12 characters) name length of an I-Bay, account or group? | |
− | Enter following command on the console as root:
| |
− | /sbin/e-smith/db configuration set maxIbayNameLength xx
| |
− | /sbin/e-smith/db configuration set maxAcctNameLength xx
| |
− | /sbin/e-smith/db configuration set maxGroupNameLength xx
| |
− | where 'xx' is the new size e.g. 15.
| |
− | | |
− | Followed by:
| |
− | /sbin/e-smith/signal-event console-save
| |
− | | |
− | ===Deletion of Users Ibays Groups===
| |
− | *I can't delete & create a user for some reason. What do I do now? | |
− | If for some reason you can't delete & create a user, then first do:
| |
− | signal-event user-delete <username>
| |
− | db accounts delete <username>
| |
− | | |
− | *I can't delete & create a ibay for some reason. What do I do now?
| |
− | If for some reason you can't delete & create a ibay, then first do:
| |
− | signal-event ibay-delete <ibayname>
| |
− | db accounts delete <ibayname>
| |
− | | |
− | *I can't delete & create a group for some reason. What do I do now?
| |
− | If for some reason you can't delete & create a group, then first do:
| |
− | signal-event group-delete <groupname>
| |
− | db accounts delete <groupname>
| |
− | | |
− | | |
− | *I was looking in the home directory of a user and I see a hidden directory called ".junkmail". Do I need that? Can I delete it?
| |
− | Don't remove or rename .junkmail folders.
| |
− | | |
− | | |
− | ===Access denied to i-bay with newly created group===
| |
− | *Problem: If I try to write to an i-bay immediately after creating a new group, and being a member of that group, and assigning that group access rights to the i-bay, access is denied. Changing the i-bay access to an older group of which I am a member, access is allowed as desired. | |
− | | |
− | Workaround: log out after creating the group and then log back in
| |
− | | |
− | The issue seems to be with samba not SME. See [[Bugzilla:4961]] Privileges are assigned upon logon in Linux, hence the need to log out and then log in again to receive the newly created group's privileges.
| |
− | | |
− | ===Password Strength Checking===
| |
− | *How can I change password strength & what do the strength settings mean? | |
− | | |
− | {{Warning box|It is strongly advised not to set the password strength setting to ''none'' as this will lower the security of your server significantly.}}
| |
− | | |
− | {{Note box|PAM module requires passwords to be at least 6 characters long, so setting a password that is shorter than that may cause other problems later. SME server default settings enforce 7 character passwords.}}
| |
− | | |
− | The following settings are available to specify the password strength on SME Server:
| |
− | | |
− | {|
| |
− | ! setting
| |
− | ! explanation
| |
− | |-
| |
− | | ''strong''
| |
− | | The password is passed through Cracklib for dictionary type word checking as well as requiring upper case, lower case, number, non alpha and a mimimum length of 7 characters.
| |
− | |-
| |
− | | ''normal''
| |
− | | The password requires upper case, lower case, number, non alpha and a minimum length of 7 characters.
| |
− | |-
| |
− | | ''none''
| |
− | | The password can be anything as no checking is done.
| |
− | Please note that "none" does not mean no password, it just means no password strength checking, so you can enter any (weak) password you want as long as it is at least 7 characters long.
| |
− | |}
| |
− | | |
− | To set password strength do:
| |
− | config setprop passwordstrength Admin strengthvalue
| |
− | config setprop passwordstrength Users strengthvalue
| |
− | config setprop passwordstrength Ibays strengthvalue
| |
− | where strengthvalue is one of the entries listed in the table above; either "strong", "normal" or "none" .
| |
− | | |
− | e.g.
| |
− | config setprop passwordstrength Users normal
| |
− | | |
− | To review the current settings do:
| |
− | config show passwordstrength
| |
− | | |
− | which should display something like:
| |
− | | |
− | passwordstrength=configuration
| |
− | Admin=strong
| |
− | Ibays=strong
| |
− | Users=strong
| |
− | | |
− | Alternatively, you can install the smeserver-password contrib discussed here: [[Password]]
| |
− | | |
− | This contrib will let you configure password strength and aging through a web panel in the server-manager.
| |
− | | |
− | ===Hard Drives, RAID's, USB Hard Drives===
| |
− | *How should I setup my hard-drives? | |
− | We never recommend anything other than a '''single disk install''' or '''multiple disks of the same type'''. Anything else and you are following an unrecommended setup and you will need to navigate for yourself. Repeat, we never recommend anything other than a '''single disk install''' or '''multiple disks of the same type'''. If you're thinking of doing anything else (setup your own partitions), read this section again.
| |
− | | |
− | *How should I setup my RAID?
| |
− | A full article on RAID is found here: [[:Raid]]
| |
− | | |
− | | |
− | *I want to use a hardware RAID. What do you suggest?
| |
− | Please see the notes in the RAID article: [[:Raid#Raid_Notes]]
| |
− | | |
− | | |
− | *How do I recover an SME Server with lvm drives
| |
− | A full article on the recovery method is found here: [[:Recovering_SME_Server_with_lvm_drives]]
| |
− | | |
− | | |
− | *I'm installing a RAID 5 but it seems to take a long time. Is there something wrong?
| |
− | RAID 5 systems (those with 3+ disks) can take a long time during and after the install for everything to sync. Reportedly, it takes almost 2 hours before the disks finally finish syncing on 4 X 80GB disks.
| |
− | | |
− | | |
− | *If I boot my SMESERVER with a USB hard drive attached, it recognizes the drive. However, after unplugging the drive, then replugging, it no longer exists. Any ideas why?
| |
− | Reportedly, some external usb hd's must be completely powered up before connecting the usb cable.
| |
− | | |
− | | |
− | *If I boot my SMESERVER with a USB hard drive attached, it doesn't recognize the drive. Any workarounds for this?
| |
− | Some USB drives need to be plugged twice into the server to be recognized.
| |
− | | |
− | | |
− | * Further information regarding USB disks can be found in this HOW TO: [[USBDisks]]
| |
− | | |
− | ===Backups & Restores===
| |
− | *AIT-1 Backup: buffer unreliable
| |
− | An AIT-1 is unreliable if used with variable block size. Set the setting
| |
− | config setprop flexbackup TapeBlocksize 512
| |
− | AIT-2, DAT and LTO seem to work well with variable block size.
| |
− | | |
− | | |
− | *Slow tape backup performance may be improved by changing Flex backup settings
| |
− | config setprop flexbackup Blocksize 256
| |
− | config setprop flexbackup BufferMegs 16
| |
− | | |
− | | |
− | *In the ADMIN CONSOLE, there is an option to BACKUP TO USB but there are no restore options. | |
− | The RESTORE option is only visible on a new install. If you missed this during install, you can
| |
− | config set PasswordSet no
| |
− | signal-event post-upgrade; signal-event reboot
| |
− | | |
− | During reboot reconfiguration process you should see the new restore via USB backup option.
| |
− | -NOW plug in the usb drive (Do not plug in the usb drive until you reach this point).
| |
− | -pick YES or RESTORE (or whatever is presented to you)
| |
− | | |
− | | |
− | ===Supervised Services===
| |
− | *Many services on SME are supervised, to see which are type
| |
− | ps ax |grep runsv
| |
− | To control them read the sv manual
| |
− | man sv
| |
− | | |
− | *it seems that "sv u http-e-smith" gives no errors, even if the service fails to restart, so you need to use "sv s httpd-e-smith" to check if it fails (example: due to a httpd.conf error) | |
− | | |
− | This is just the way that runsv (part of the runit package) works. The "sv u http-e-smith"
| |
− | only sends a message to runsv saying that we want the service to be up.
| |
− | runsv then will keep trying to get the service running.
| |
− | | |
− | | |
− | ===Server-Manager===
| |
− | *I can't access the server-manager. What do I do now? | |
− | There are many reasons why you wouldn't be to access the server-manager. First try:
| |
− | signal-event post-upgrade; signal-event reboot
| |
− | | |
− | If you still can't access, there are reports that a certificates mis-match might have occurred after update. In that case:
| |
− | rm /home/e-smith/ssl.key/*.key
| |
− | rm /home/e-smith/ssl.pem/*.pem
| |
− | rm /home/e-smith/ssl.crt/*.crt
| |
− | signal-event domain-modify; signal-event reboot
| |
− | | |
− | | |
− | *I used to access the SERVER-MANAGER with localhost:980 remotely via SSH tunnel and now I can't. What happened?
| |
− | This feature has been deprecated a long time and finally removed in V7.2
| |
− | | |
− | If you really want to use this then forward 443 to localhost:443 and then use
| |
− | https://localhost/server-manager/
| |
− | | |
− | | |
− | *Using a ssh client, the /server-manager login screen is difficult to read
| |
− | The text is white, so you need to adjust your ssh client to use a dark background
| |
− | | |
− | | |
− | *I've renamed my server with the ADMIN CONSOLE. The old name appears under the SERVER-MANAGER, HOSTNAMES panel. It cannot be deleted as there are no MODIFY/REMOVE links.
| |
− | | |
− | -login to the shell console
| |
− | -type: db hosts setprop <local.mycompany.local> static no
| |
− | -go to the HOSTNAMES & ADDRESSES panel and you should be able to modify/remove the name
| |
− | | |
− | ===Booting with SMP kernel after upgrade to version 7.2 from CD===
| |
− | *I've upgraded and now the SMP kernel isn't available. | |
− | This is because when upgrading to 7.2 from CD, kernel modules are
| |
− | missing for SMP '''IF''' the output of "cat/proc/cpuinfo"
| |
− | does not show multiple processors. The SMP kernel, if not present, can be installed via yum using:
| |
− | Do:
| |
− | yum install kernel-smp kmod-ppp-smp kmod-slip-smp kmod-appletalk-smp
| |
− | signal-event post-upgrade
| |
− | signal-event reboot
| |
− | Details: http://bugs.contribs.org/show_bug.cgi?id=3095
| |
− | | |
− | *I'm getting a kernel panic after upgrade from CD. What do I do now?
| |
− | When upgrading with a CD, the upgrade will rewrite the grub.conf file. As a result, any additional boot arguments (i.e. acpi=off) will be lost during upgrade. Please edit the grub.conf file.
| |
− | | |
− | | |
− | ===Special Characters===
| |
− | *I get strange characters & letters when look at my file names. | |
− | If you get filenames that look like: "éèÃ.txt" It's most likely because the SME server isn't understanding special characters you may be using. You can change it to understand special characters in filenames by:
| |
− | db configuration setprop smb UnixCharSet ISO8859-1
| |
− | expand-template /etc/smb.conf
| |
− | /etc/init.d/smb restart
| |
− | | |
− | | |
− | ===Upstream proxy server configuration===
| |
− | SME Server allows you to proxy internet traffic for various components through an 'upstream' proxy server.
| |
− | | |
− | You might need to do this if:
| |
− | * Your SME server does not have direct access to the Internet
| |
− | * You have several sites and need centralized internet activity control and reporting
| |
− | * You are required to impose internet access restrictions on your users (at a school, for example)
| |
− | | |
− | ====Browser Access from LAN Workstations====
| |
− | *How do I configure a mandatory upstream proxy server, there used to be a panel in earlier versions of sme server, but it's missing in sme7.x
| |
− | | |
− | config set SquidParent a.b.c.d
| |
− | config set SquidParentPort nnn
| |
− | signal-event post-upgrade
| |
− | signal-event reboot
| |
− | | |
− | [The SquidParentPort setting is optional if the upstream proxy is on port 3128.]
| |
− | | |
− | ====Yum (system updates)====
| |
− | How do I get yum updates through a proxy server (in case my SME server does not have direct internet access)
| |
− | | |
− | Based on [[Bugzilla:2407]]:
| |
− | <nowiki>mkdir -p /etc/e-smith/templates-custom/etc/yum.conf
| |
− | cd /etc/e-smith/templates-custom/etc/yum.conf
| |
− | echo '{
| |
− | my $YumProxy = $yum{'Proxy'} || "none";
| |
− | $OUT = ($YumProxy eq "none") ? "" : "proxy=$YumProxy";
| |
− | }' > 10main_proxy
| |
− | config setprop yum Proxy http://localhost:3128/
| |
− | expand-template /etc/yum.conf
| |
− | </nowiki>
| |
− | | |
− | * The code shown above should work (untested) if you have configured SquidParent for your server.
| |
− | * You could (alternatively) replace '''<tt><nowiki>http://localhost:3128</nowiki></tt>''' with the address of your upstream proxy.
| |
− | | |
− | | |
− | ====ClamAV / freshclam====
| |
− | How do I configure freshclam to download updates for ClamAV through a proxy server?
| |
− | | |
− | Based on examination of '''<tt>/etc/e-smith/templates/etc/freshclam.conf/ProxySettings</tt>''':
| |
− | <nowiki>config setprop clamav HTTPProxyServer localhost
| |
− | config setprop clamav HTTPProxyPort 3128
| |
− | config setprop clamav HTTPProxyUsername ""
| |
− | config setprop clamav HTTPProxyPassword ""
| |
− | sv t freshclam
| |
− | </nowiki>
| |
− | * The code shown will proxy ClamAV updates through your local squid proxy. | |
− | * You could (alternatively) replace the values shown above with the values required for any upstream proxy.
| |
− | * [[Bugzilla:542]]
| |
− | | |
− | | |
− | When freshclam is run:
| |
− | [root@gateway0 ~]# freshclam
| |
− | ClamAV update process started at Mon Nov 12 09:22:00 2012
| |
− | main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
| |
− | daily.cvd is up to date (version: 15564, sigs: 284901, f-level: 63, builder: guitar)
| |
− | bytecode.cld is up to date (version: 191, sigs: 37, f-level: 63, builder: neo)
| |
− | | |
− | The following may appear
| |
− | [LibClamAV] Detected duplicate databases /var/clamav/daily.cvd and /var/clamav/daily.cld, please manually remove one of them
| |
− | [LibClamAV] Detected duplicate databases /var/clamav/main.cvd and /var/clamav/main.cld, please manually remove one of them
| |
− | | |
− | If you just leave it, freshclam should take of this as it is just log noise. See [[Bugzilla 7164]]
| |
− | | |
− | ====Spamassassin====
| |
− | From http://wiki.apache.org/spamassassin/RuleUpdates:
| |
− | <blockquote>'''What if I need update requests to go through a proxy server?'''<br />
| |
− | | |
− | sa-update uses the LWP::UserAgent module, which allows certain environment variables to be set so that requests use defined proxy servers. The main one of interest is "http_proxy", which should be set to an URL defining the proxy. ie: export http_proxy='http://proxy.example.com:8080/'</blockquote>
| |
− | | |
− | On a sme server, this should work with '''<tt><nowiki>export http_proxy='http://localhost:3128'</nowiki></tt>''', which would need to be added to /etc/cron.daily/sa_update
| |
− | | |
− | ====curl, wget====
| |
− | For curl and wget to work correctly on a SME server without direct internet access, you must execute the following command in the same program or shell session beforehand:
| |
− | | |
− | export http_proxy=localhost:3128
| |
− | | |
− | eg:
| |
− | <nowiki>export http_proxy=localhost:3128
| |
− | curl http://www.google.com</nowiki>
| |
− | | |
− | ====ssh, ftp, telnet====
| |
− | {{Note box|ssh, ftp and telnet do not work via an http "upstream" proxy, although they may work in conjunction with [http://linux.die.net/man/8/tsocks tsocks] (available from the dag repository)}}
| |
− | | |
− | ====Testing and Verification====
| |
− | You can verify that a particular program is being proxied through squid on your local SME server by searching /var/log/squid/access.log for access to the target web address originating from '127.0.0.1'.
| |
− | | |
− | That is, after executing these commands:
| |
− | <nowiki>export http_proxy=localhost:3128
| |
− | curl http://www.google.com</nowiki>
| |
− | | |
− | you should see an entry similary to the following <tt>/var/log/squid/access.log:</tt>
| |
− | 1329759611.923 64 '''127.0.0.1''' TCP_MISS/301 726 GET '''<nowiki>http://www.google.com</nowiki>''' - DIRECT/74.125.113.94 text/html
| |
− | | |
− | ===Memory usage and limits===
| |
− | | |
− | *How much memory can sme server handle
| |
− | | |
− | SME server currently (v7.3) supports 16GB of RAM, with a maximum of 3GB per process. These limits can easily be increased to 64GB total and 4GB per process by installing and running the "hugemem" variant of the kernel
| |
− | | |
− | *Why does my sme server always seem to be using all the memory, there is no spare memory left
| |
− | | |
− | Utilities such as top or htop always report that all available memory is being used.
| |
− | The Linux OS is designed to utilise all available memory all of the time. If other processes require more memory then it is made available to those processes. Fully utilising all the available memory is a good thing as it optimises the performanece of your server.
| |
− | | |
− | *How can I tell if my sme server needs more memory
| |
− | | |
− | Watch the availabe swap memory usage eg using top, htop or ps -aux. If swap memory usage regularly exceeds 50% of the available swap memory, then you should add more physical RAM to your system.
| |
− | Other indications that additional RAM is required are "out of memory" messages in log files, and at times the server becomes inactive for a period, often related to spam & virus scanning & high email loads.
| |
− | | |
− | {{:Booting}}
| |
− | | |
− | {{:Log_Files}}
| |
− | | |
− | {{:Email}}
| |
− | | |
− | {{:Firewall}}
| |
− | | |
− | {{:MySQL}}
| |
| | | |
− | ==Later versions of applications== | + | ==[[SME Server:Documentation:FAQ:Section02|Section 2 - Booting]]== |
| + | * Installation |
| + | * Boot Options |
| + | * More |
| | | |
− | ===Why does SME Server still not have PHP 5, MySql4, Apach2, xxx === | + | ==[[SME Server:Documentation:FAQ:Section03|Section 3 - Log Files]]== |
− | SME Server 7.x is based on Centos 4.x which in term is based on RedHat Enterprise Linux 4.x. Since the development team is limited in person and time, all work is done in spare time, we do not have the time to implement such big changes and cope with the maintenance of such work.
| + | * Access |
| + | * Logfile Names |
| + | * Error Messages |
| + | * RK Hunter Messages |
| | | |
− | ===Is xxx on SME Server still safe to run? === | + | ==[[SME Server:Documentation:FAQ:Section04|Section 4 - Email]]== |
− | Yes, because security fixes and bug fixes are backported to the 4.x releases and they are propagated to the users as updates, for more information have a look at http://www.redhat.com/security/updates/backporting.
| + | * Troubleshooting |
| + | * Spam |
| + | * Anti Virus |
| + | * Email Clients |
| + | * Server Settings |
| + | * External Access |
| + | * Imap |
| + | * qpsmtpd |
| + | * Internal Mail Servers |
| + | * Secondary/Backup Mail Server Considerations |
| + | * User accounts |
| | | |
− | ===Can I install a later version of xxx=== | + | ==[[SME Server:Documentation:FAQ:Section05|Section 5 - Firewall]]== |
− | Yes, but you are then responsible for updates and possible conflicts with updates
| + | * FAQs |
| + | * DB Settings |
| + | * Custom templates |
| + | * Open Ports in Private Server/Gateway Mode |
| | | |
− | For example see this page for [[:PHP#PHP_5 PHP]] updates and warnings
| + | ==[[SME Server:Documentation:FAQ:Section06|Section 6 - MySQL]]== |
| + | * General |
| + | * MySQL root password |
| + | * Access MySQL from the local network |
| + | * Access MySQL from a remote network |
| + | * Create MySQL user(s) with access from other computers |
| + | * Enable InnoDB engine |
| + | * Administration |
| + | * Optimizing MYSQL default settings |
| | | |
− | ==Known Problems== | + | ==[[SME Server:Documentation:FAQ:Section07|Section 7 - Later versions of applications]]== |
| + | * Why does SME Server still not have PHP 5, MySql4, Apach2, etc... |
| + | * Is xxx on SME Server still safe to run? |
| + | * Can I install a later version of xxx |
| | | |
− | {{Note box|This section is to be used to document problems that cannot or will not be fixed through development of SME Server 7. <br>
| + | ==[[SME Server:Documentation:FAQ:Section08|Section 8 - Known Problems]]== |
− | Please refer to the [[:KnownProblems]] page}}
| + | * Backup/Restore |
| + | * Hardware |
| + | * Installation (not hardware related) & Initial Configuration |
| + | * Services |
| + | * Packages |
| | | |
| [[Category:SME Server]] | | [[Category:SME Server]] |