19,954 bytes added
, 09:59, 13 June 2013
{{Languages|SME_Server:Documentation:Administration_Manual:Chapter9}}
===Collaboration===
====Utilisateurs====
Les comptes d'utilisateurs doivent être mis en place pour chaque personne dans votre organisation. Un compte utilisateur inclue, un compte mail protégé par un mot de passe et des zones de stockage de fichiers(personnels ou communes pour les groupes).
Si c'est la première fois que vous mettez en place des comptes utilisateur pour votre organisation, vous aurez besoin de trouver et de mettre en place votre convention de nom. Supposons que vous avez décidé que le nom du compte doit comprendre l'initiale du prénom suivie du nom de famille. Donc, si vous avez un employé nommé Fred Frog, le compte d'utilisateur de Fred sera "ffrog". En supposant que votre nom de domaine est tofu-dog.com, l'adresse e-mail de Fred sera "ffrog@tofu-dog.com". Le répertoire de fichiers de Fred sur le serveur sera également nommé "ffrog". Il y a quelques règles de base intégrées dans le serveur de ce qui constitue un nom de compte valide. Le nom du compte doit contenir que des lettres minuscules et des chiffres et doit commencer par une lettre minuscule (pas par un nombre).
User account names are limited to twelve characters to maintain consistency with various versions of Windows. Longer names can be created for email through the >Pseudonyms panel. For your information, pseudonyms of "firstname.lastname" and "firstname_lastname" are automatically created for each account.
Le nombre de charactères du nom des comptes utilisateurs est limités à douze caractères pour maintenir la cohérence avec les différentes versions de Windows (Ne semble pas affecter SME Server 8). Les noms longs peuvent être créés pour le courrier électronique par le biais du panneau de gestion des pseudonymes>. Pour votre information, les pseudonymes de "prénom.nom" et "prénom_nom" sont créés automatiquement pour chaque compte.
[[Image:Users.png]]
Dans la section "Comptes d'utilisateurs" du server-manager, vous verrez une liste de vos comptes courants. Si vous n'avez pas encore créé de compte, sélectionnez "Ajouter un Utilisateur" et remplissez les informations demandées - le nom du compte (la partie de l'adresse e-mail qui vient avant "@"), le nom et le prénom de la personne, son adresse, son service dans la société, le nom de l'entreprise et son numéro de téléphone. Par commodité, les valeurs par défaut que vous avez inscrits dans la section «Annuaire LDAP» du server-manager apparaissent chaque fois que vous créez un nouveau compte. Vous pouvez, si nécessaire, modifier les informations pour chaque utilisateur lorsque vous créez le compte.
Dans la liste des comptes d'utilisateurs, vous pouvez facilement modifier ou supprimer un compte d'utilisateur (en cliquant sur "Modifier" ou "Supprimer" à côté du nom d'utilisateur) ou définir le mot de passe de l'utilisateur. Les comptes d'utilisateurs sont verrouillés et ne peuvent être utilisées jusqu'à ce que vous définissez le mot de passe initial pour chaque compte. Pour vous rappelez de ce fait, les comptes utilisateurs apparaissent en rouge jusqu'à ce que le mot de passe soit modifié. (Dans l'exemple illustré ici, l'administrateur n'a pas encore changé le mot de passe de l'utilisateur «Sally Salmon»).
{{Note box|If you want someone to have an email address at your company, but want the messages forwarded to another external email address, you can create the user account but set the email delivery option in the user account to 'Forward to address below' and enter the external address. If you leave the user account locked out, the user will not be able to access services on your server, but the email will be delivered to the external email address.}}
=====Disabling User Accounts=====
There may be times when you do not wish to delete a user account but instead merely want to disable it. For instance, when an employee leaves the company, you may want to immediately remove their access to the server, but still keep their files or email address active until the information can be examined. To disable any user account on your server, just click on the Lock Account link on the User Accounts server-manager panel. As soon as you click the link, the account will be locked out. The user will no longer be able to retrieve email or connect to any files or other resources on the server.
When an account is disabled, email will still be received for that user name, but the user will be unable to retrieve the email. As noted above, if a user account is set to forward email to an external email address, the email will be forwarded to that external address. To prevent this, you will need to modify the properties for that user account.
To re-enable the user account, you need to reset the password using the link on the User Accounts server-manager panel.
=====Changing User Passwords=====
Once they have an active account, your users can set their own passwords by accessing the user-password URL which is only accessible from Local Networks. They do this through their web browsers by visiting the URL www.yourdomain.xxx/user-password (where "www.yourdomain.xxx" is the web server name you entered into the server console). The staff at The Pagan Vegan would visit the URL www.yourdomain.xxx/user-password .
To make the change, a user would enter his or her account name (the characters before "@"), the old password and the new password (to ensure accuracy, the screen asks for the new password twice). Note that changing the password for a user in the server-manager overrides any previous password entered by your user. Therefore, when a user forgets his password, simply reset it in the server- manager.
{{Note box|There is no way for the administrator to recover a forgotten password for a user. All they can do is set a new password for the user.}}
{{Note box|'''Password strength checking is too strong. How do I change it?'''<br />
First a warning - Far too many systems out there have weak passwords and they will be broken into. Educating your users on the necessity of strong passwords is the best option. If that fails, here is how you change the password strength checking from 'strong' to 'normal', which was the setting in previous versions of SME. Be careful to use the exact capitalization.<br />
config setprop passwordstrength Users normal
config setprop passwordstrength Ibays normal
It is also possible, but strongly discouraged, to disable password strength checking by setting to 'none'
}}
====Groups====
This screen allows you to create, remove or change user groups, which are simply lists of people with a shared interest - for example, they work in the same department or are collaborating on a project. The user group function serves two purposes in the SME Server: it permits email to be sent conveniently to a group of users, and it allows the system administrator to associate groups of users with a single information bay (i-bay).
[[Image:Group.png]]
Creating a new group is a simple three-step process. You enter the group name (as with account names, these should begin with a lower-case letter and consist only of lower-case letters and numbers), followed by a brief description. Finally, check the boxes next to the names of the users who should be associated with that group.
{{Warning box|When you create a group, you are required to assign at least one user to that group. If you fail to do so, the group will not be created and you will receive an error message.}}
[[bugzilla:6934]]
After you add (or remove) a user account from a group, the user must log out and log back in for those changes to take effect. Until the user does so, he or she will still have their old group membership information. For instance, suppose you create a new group "sales" and assign user "ffrog" (Fred Frog) to that group. You then create a new i-bay called "salesinfo" that only the "sales" group can access, until Fred logs out and then logs back in he will not have access to the new "sales" group and its ibay "salesinfo".
{{Note box|A windows user who is still logged into a Windows PC and tries to connect to the new i-bay through Windows Explorer. They will receive a permission-denied error. They must log out of Windows (they do not need to shut down or reboot, just log out) and login again. Now they should be able to go through Windows Explorer and access the "salesinfo" i-bay without any problem.}}
====Setting Windows Admin Rights====
If you are using SME Server as a domain controller and the windows workstations have joined the domain then by adding users to special groups you are able to change the rights a users has on that workstation.
The domain always has three groups created, assigned as follows:
{| border="1" cellpadding="10" cellspacing="0"
!Group Description
!Domain Rights
|-
|Domain Admins
|admin
|-
|Domain Users
|shared (everyone)
|-
|Domain Guests
|nobody
|}
If you create a group and name it whatever you want but put one of the above for the description then the newly created group will replace the above mapping. So if you create a group called "admins" and give it a description of "Domain Admins" then anyone you assign to this group will be a domain admin and also a local admin on ANY box that has joined the domain.
You can also create a less privileged group "Power Users"<br>
see http://www.kellys-korner-xp.com/xp_groups.htm for the rights granted to the different groups.
====Quotas====
By default, there is no size limit on the files a user may store on the server nor the amount of email that can be received. However, if you wish to limit the disk space a particular user account can use, you may do so on the " Quotas " panel in the server-manager. As shown in the image below, you will see a list of user accounts, the actual disk space they are using and the quotas, if any, set for that user account.
[[Image:Quotas.png]]
{{Warning box|Note that the quotas apply to all files that a user stores on the server. This includes not just their home directory, but also all files that they may put into any of the i-bays.}}
There are two quotas that can be applied to each user account:
* Limit with grace period - when a user's disk usage exceeds this limit, an email warning message will be sent to the user account each night until the disk usage is brought back under the limit.
* Absolute limit - when a user's disk usage hits this limit, the user will no longer be able to save files to the server or receive email.
Note that if the user account exceeds the "Limit with grace period" for seven consecutive days, the account will be treated as if it exceeded the absolute limit and will no longer be able to save files or receive email.
{{Warning box|Email for the user account is not lost! It is held in the delivery queue and will be delivered to the user when their disk usage drops back below their absolute limit (or the "limit with grace period" if they were locked out due to seven days above that limit).}}
By selecting " Modify " you are able to set a quota (in Megabytes) for a particular user account. Note that you do not have to set both limits for a user account and can choose to set only one of the limits.
If you set a limit and later wish to disable the quota for a given user account, all you need to do is set the limit to "0".
====Pseudonyms====
Any user who has an account on your SME Server will be able to receive email sent to that user ID. For instance, if you have a user named Fred Frog with the user account "ffrog", his primary email address will be "ffrog@mycompany.xxx".
Likewise, when you create a group account, that group account name functions as an email alias, so that messages addressed to the group ID will be sent to all members of the group. If, for example, you create a group called "sales", messages to "sales@mycompany.xxx" will be distributed automatically to all members of that group. As you add and remove members to the group, your server automatically updates the email alias.
In addition to user and group accounts, your server also automatically creates several pseudonyms . For instance, for each user account, the server creates two separate pseudonyms using the first and last names of the user. These two pseudonyms are in the form of "firstname.lastname" and "firstname_lastname". Hence, when you create the user account "ffrog" for a user with the name Fred Frog, he will also be able to receive email sent to "fred.frog@mycompany.xxx" and "fred_frog@mycompany.xxx".
Additionally, your server creates a special pseudonym called "everyone" that includes all user accounts on the system. Two other pseudonyms, "postmaster" and "mailer-daemon" are created pointing to the "admin" user.
If you wish to modify or remove any of these pseudonyms, or create new ones, you can use the web panel found under the "Collaboration" section of the server-manager, as shown below.
{{Note box|The special pseudonyms of "everyone", "postmaster" and "mailer-daemon" will only be visible after you have either added a user account to the system or have added a custom pseudonym. Until that time, these three pseudonyms are there, but will not be visible on the Pseudonyms web panel.}}
[[Image:Pseudonyms.png]]
As noted on the screen below, there are some restrictions on the text content of the names. Pseudonyms can be linked to existing user or group accounts. In the example shown, a pseudonym for webmaster is being set to point to ffrog.
[[Image:Create-a-pseudonym.png]]
'''Practical usage guidelines'''
An SME Server has only one name set, meaning only one occurrence of a name can be in the system, whether it be a user, a group, a pseudonym or an ibay. Therefore whenever you create a user account and you have multiple domains, then that user will apply to all domains automatically.
So the user account "sales" will receive email for:
*sales@domain1
*sales@domain2
*sales@domain3
*sales@domain4
The problem with this is that you cannot have different people using the same user account name to collect email.
Using the pseudonyms panel is the only way that SME Server can distribute email for the same user "name@different-domain" names, but you need to use it in conjunction with the correct underlying naming concepts.
The golden rule is never allocate unique user names to end users accounts as these will no longer be available for globalname@domain type email address usage.
*create your domains eg domain1, domain2, domain3, domain4 and configure those domains to use different ibays for the web content. You can even setup different groups to allow only different users to access each ibay to update web content etc.
*create user accounts user1, user2, user3, user4 as needed for users who want to use the email address "sales", but keep in mind they will use the login name user1 rather than sales (the login names could be johnb, johnb2, johnw, johnm etc)
*create user accounts user5, user6, user7, user8 as needed for users who want to use the email address "info", but keep in mind they will use the login name user5 etc rather than info
*create user accounts user9, user10, user11, user12 as needed for users who want to use the email address "accounts", but keep in mind they will use the login name user9 etc rather than accounts
*create pseudonyms eg
**sales@domain1 which forwards to user1
**sales@domain2 which forwards to user2
**sales@domain3 which forwards to user3
**sales@domain4 which forwards to user4
**info@domain1 which forwards to user5
**info@domain2 which forwards to user6
**info@domain3 which forwards to user7
**info@domain4 which forwards to user8
**accounts@domain1 which forwards to user9
**accounts@domain2 which forwards to user10
**accounts@domain3 which forwards to user11
**accounts@domain4 which forwards to user12
ie. in the pseudonyms field type the whole pseudonym name as sales@domain1
Note do not use sales, info or accounts for any other purpose ie. as user account names or group names or pseudonym names (on its own) or ibay names.
If your want your end users to use webmail then they login in using the URL
https://domain1/webmail
https://domain2/webmail
https://domain3/webmail
https://domain4/webmail
If you want webmail to be configured for the correct domain for the correct end user the first time they use it, then you will need to do that manually yourself before issuing the login details to the user, eg
login to webmail as the end user eg user1 (for domain1) and setup the profile for that user to show the return email address of sales@domain1
login to webmail as the end user eg user2 (for domain2) and setup the profile for that user to show the return email address of sales@domain2
Do the same for all other webmail accounts that will be issued configuring the profile and return address as applicable.
If you don't configure webmail profiles manually then they will have the default return address of loginusername@domain1 (or the main domain name of the server if different).
'''Summary'''
eg For user1 for domain1
The user account will be user1 (eg johnb) and the person uses that name (& corresponding password) to login to the server or to webmail.
The email address for the user will be the same as the pseudonym ie sales@domain1 and that is the address the user should publish and use as the return email address.
Obviously the name before the @domain is different to their login username, that's the compromise to be accepted if using sme this way.
It is quite common in practise, as users often have different "position related" pseudonyms anyway eg manager@domain1 forwards to user1.
As the user account user1 has been created on the server, then that will also work as a valid email address ie user1@domain1 will deliver email to user1, but note also that email "inadvertantly" sent to user1@domain2 or user1@domain3 or user1@domain4 will also be sent to user1.
This is not usually a problem as you simply don't tell user1 that any other hosted domain addresses will work for that name.
'''Alternative configuration of users'''
If the above method is not acceptable/desirable, then the only other way you could setup users is to have only one occurrence of a user name in the system eg john, john1, john2, john3, johnb, johnb1, johnb2, johnw, johnws etc, similar to what ISP's do anyway.
Every username will be a valid (email address) for every domain hosted on your server, but you only tell the end user about their domain eg
john@domain1
john2@domain1
john3@domain2
johnb@domain1
johnb2@domain2
johnb3@domain3
etc
but
john@domain2
and
john@domain3
etc will still work.
Any email sent to any of the addresses will automatically be received by the end user account, and the user account name and login name will be the same. There is no need to configure pseudonyms in that case.
You will still need to configure Webmail profiles manually for each domain that is different to the default domain.
The ultimate answer to having separately administered domains and identical user names at different domains, is to host only one domain on each SME Server ie have a different server for every domain.
There are posts in the contribs.org forums explaining how to do this and forward/delegate email for different domains from one gateway server to other server-only boxes on the same LAN using the same Internet connection.
See this thread for details
http://forums.contribs.org/index.php?topic=30953.0
====Information Bays====
The i-bay (information bay) feature of the SME Server is a simple, very flexible and powerful way for you to share information with others. It is such a rich and important feature that we've devoted [http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter14 Chapter 14] entirely to dealing with Information Bays.