Difference between revisions of "SME Server:Documentation:FAQ"

From SME Server
Jump to navigationJump to search
(typo)
(25 intermediate revisions by 6 users not shown)
Line 1: Line 1:
 
{{Languages|SME_Server:Documentation:FAQ}}
 
{{Languages|SME_Server:Documentation:FAQ}}
  
==Frequently Asked Questions==
+
{{Donate}}
  
This Section lists ''Frequently Asked Questions'' (FAQ) for SME 7. Problems many people run into installing SME 7 for the first time or upgrading to later versions are found here.
 
  
If your question isn't listed here, it's possible it's a ''Rarely Asked Question'' (RAQ), in which case you'll be better off searching for answers in [http://bugs.contribs.org Bugzilla].
 
  
===Installation troubles===
+
===F.A.Q===
====Installer prompts for installation file location====
 
Problems have been reported installing SME Server off a PATA CD-ROM drive. The system is able to boot from the CD-ROM drive but after that you get prompted by a message to specify the location where the installation image can be found. This might either mean that the disk is not readable or the CD-ROM drive is not recognized.
 
If you have validated the disk and are sure that the disk passes you might try to add the all-generic-ide option to the boot prompt before starting the installer like this:
 
linux all-generic-ide
 
  
===Yum Updates===
+
This Section lists ''Frequently Asked Questions'' (FAQ) for SME server. Problems many people run into installing SME server for the first time or upgrading to later versions are found here.
==== Which repositories should be enabled====
 
  
You should have the following repositories enabled (blue)
+
If your question isn't listed here, it's possible it's a ''Rarely Asked Question'' (RAQ), in which case you'll be better off searching for answers in [http://bugs.contribs.org Bugzilla].
CentOS - os
 
CentOS - updates
 
SME Server - addons
 
SME Server - extras
 
SME Server - os
 
SME Server - updates.
 
 
 
DO NOT enable '''SME Server - updates testing''' which is considered beta, unless
 
* it is a TEST server NOT a production server or
 
* you want to be part of a bug-testing group.
 
 
 
Additionally
 
* '''SME Server - test''' is considered alpha
 
* '''SME Server - dev''' contains automatically built rpms. It contains lots of experimental,
 
incomplete and mutually incompatible packages.
 
 
 
{{Warning box|msg=If upgrading from a system prior to 7.1 update 1, ie a 7.1 CD install or earlier,
 
you need to ensure you have the latest versions of the following rpms prior to applying the rest of the updates.
 
This speeds up install process and avoids updates from centos that may be ahead of the distribution.
 
 
 
yum update dbus dbus-glib smeserver-support smeserver-yum yum yum-plugin-fastest-mirror python-sqlite
 
signal-event post-upgrade; signal-event reboot
 
}}
 
 
 
{{Note box|A system installed from the SME 7.1 CD will have the 5 repositories above enabled.  A system installed from the SME 7.0 iso and updated to 7.1 or later will only have the 3 SME Server repositories enabled.  After updating from SME 7.0 to SME 7.1.x you should enable the ''Centos - os'' & ''Centos - updates'' repositories in server-manager.
 
}}
 
 
 
*For another way to reset the repositories to the default see [[:Adding_Software#Restoring_Default_Yum_Repositories]]
 
 
 
====Reconfigure / post-upgrade and reboot====
 
*When is a post-upgrade and reboot required?
 
 
 
After installing a smeserver-* or e-smith-* rpm
 
 
 
If you are in any doubt or if after clicking '''Reconfigure''' the server does not actually reboot.
 
You can run the following.
 
 
 
signal-event post-upgrade; signal-event reboot
 
 
 
====Updating from SME 7.x to SME 7.2====
 
See [[:Updating_to_SME_7.2#Yum_Update]]
 
 
 
====Warning in rkhunter email report====
 
After upgrading to SME Server 7.4, the admin user may receive the following warning from rkhunter:
 
 
 
Warning: The SSH and rkhunter configuration options should be the same:
 
        SSH configuration option 'PermitRootLogin': yes
 
        Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
 
 
 
This warning message is not indicative of a software error or security issue and can be safely ignored.  The issue is to be attended to in a future release.  See this [http://bugs.contribs.org/show_bug.cgi?id=3718 bug report] for more information.
 
 
 
From June 2009 smeserver-rkhunter was removed from smeos and made a contrib.
 
 
 
You will need to either complete the removal with
 
 
 
rpm -e rkhunter
 
 
 
or re-add from smecontribs
 
 
 
yum install smeserver-rkhunter --enablerepo=smecontribs
 
 
 
====Frequency====
 
* By default SME's yum  implementation checks for update daily, this can be customized to check weekly:
 
config setprop yum check4updates weekly;signal-event yum-modify
 
or monthly:
 
config setprop yum check4updates monthly;signal-event yum-modify
 
or reset to default:
 
config delprop yum check4updates;signal-event yum-modify
 
 
 
====General====
 
*Please Wait - Yum Running (prereposetup)
 
This means Yum is working out what updates are available.
 
Occasionally such as when large sets of updates are released this could take 10+ minutes to complete
 
 
 
*Yum doesn't seem to be working correctly. What do I do now?
 
If for some reason you can't get yum to work correctly, try:
 
yum clean metadata
 
or possibly 'yum clean all'
 
yum update
 
 
 
*Fix for 'Metadata file does not match checksum'
 
Typical error message
 
http://apt.sw.be/fedora/3/en/i386/dag/repodata/primary.xml.gz:
 
[Errno -1] Metadata file does not match checksum Trying other mirror.
 
Error: failure: repodata/primary.xml.gz from dag: [Errno 256] No more mirrors to try.
 
 
 
To flush the up stream proxies, using wget, run:
 
 
 
wget --cache=off http://apt.sw.be/fedora/3/en/i386/dag/repodata/filelists.xml.gz
 
wget --cache=off http://apt.sw.be/fedora/3/en/i386/dag/repodata/primary.xml.gz
 
wget --cache=off http://apt.sw.be/fedora/3/en/i386/dag/repodata/repomd.xml
 
yum update
 
 
 
*Fix for 'Header is not complete'
 
Typical error message
 
---> Downloading header for php-mysql to pack into transaction set.
 
php-mysql-4.3.9-3.22.15.i 100% |=========================|  37 kB    00:00
 
http://sme-mirror.firewall-services.com/releases/7/smeupdates/i386/RPMS/php-mysql-4.3.9-3.22.15.i386.rpm: [Errno -1] Header is not complete.
 
Trying other mirror.
 
 
 
This is mostly due to external firewalls; there are known issues with Fortigate and Sonicwall appliances.
 
Try disabling AV/Anti spyware check
 
 
 
 
 
* An unclean shutdown during a system update can put the system into a state where it's difficult to recover.
 
find all the duplicate rpm's
 
rpm -qa | sort | less
 
Then remove all the duplicate rpm's
 
rpm -e --nodeps rpmname
 
Install the newest rpms 
 
yum install rpmname
 
signal-event post-upgrade; signal-event reboot
 
 
 
* Where can I go to learn more about yum, and about how SME uses it?
 
[[:Adding_Software ]], man yum, http://linux.duke.edu/projects/yum/
 
 
 
====Adding, removing or disabling repositories ====
 
 
 
*What is the recommended way to add other yum repositories
 
The following code uses the dag repository as an example and sets the status to disabled.
 
The repository is configured to be used via the command line with the --enablerepo= option
 
{{Repository|dag}}
 
 
 
*How do I remove yum repositories
 
 
 
db yum_repositories delete repositoryname
 
signal-event yum-modify
 
 
 
*How do I disable a repository to allow future use via command line with the --enablerepo= option
 
 
 
db yum_repositories repositoryname setprop status disabled
 
signal-event yum-modify
 
 
 
====Other popular repositories====
 
 
 
A list off other repositories can be found at [[:Category:Yum_Repository]].
 
 
 
Be careful updating software from these repositories. Only update packages by name eg.
 
yum update --enablerepo=reponame  packagename
 
 
 
Do not do a general update with the 3rd party repository enabled as it could update many packages that will overwrite SME versions.
 
 
 
 
 
====Removing Software====
 
If you wish to remove rpms from the command line use
 
rpm -e rpmname
 
yum remove rpmname, will work if the rpm to be removed is non essential, but what you consider non essential may differ to the system so it's best to use rpm -e
 
 
 
===Hardware Compatibility List===
 
[http://wiki.contribs.org/KnownProblems#Hardware List of Hardware that known have problems with SME Server]
 
 
 
Maintaining a complete HCL is difficult,
 
the following links will give a indication of hardware being used by SME Servers and upstream providers
 
 
 
*https://hardware.redhat.com/index.cgi
 
*http://smolt.contribs.org
 
*http://wiki.centos.org/HardwareList
 
 
 
===Client Computers===
 
 
 
*Windows 7 support for SME 7?
 
 
 
Windows 7 cannot join to SME 7.x domains due to trust relationship issues. However, you can configure an optional unsupported update if Windows 7 support is critical for your environment.
 
 
 
More information is available [[Windows 7 Support|here]].
 
 
 
*Offline files with Windows XP and Windows 7 clients problems?
 
Set the following registry key on the Windows Vista or Windows 7 client to prevent files from getting pulled down to the client again right after synchronizing changes to the server (due to Linux file systems having coarser timestamp resolution than Windows):
 
 
 
Create a DWORD value named <tt>RoundUpWriteTimeOnSync</tt> under the <tt>HKLM\Software\Microsoft\Windows\CurrentVersion\NetCache</tt> key (create the key if it does not exist) and set it to 1.
 
 
 
More information can be found here: [http://blogs.technet.com/filecab/archive/2007/03/16/using-offline-files-with-samba-emc-servers-nas-devices.aspx]
 
 
 
 
 
*Samba trust relationships lost?
 
This is a possible bug with an upgrade from SME6. After an upgrade, local workstations cannot log in. If you are experiencing this problem, please have a look at this bug for a fix, and provide followup:
 
[https://sourceforge.net/tracker/index.php?func=detail&amp;aid=1234009&amp;group_id=96750&amp;atid=615772]
 
 
 
 
 
*Windows XP Clients - Patch to logon to SME domain
 
This patch can be used when Windows XP clients won't be able to log on to the SME Server domain. The registry patch is located here:
 
http://servername/server-resources/regedit/winxplogon.reg
 
Double click on the winxplogon.reg file and the settings will be added to the Windows Registry.
 
 
 
 
 
*Windows XP Clients - "domain is not available" error
 
If the client pc uses a Gigabit lan adapter, try [http://support.microsoft.com/kb/938449]
 
 
 
 
 
*How to disable password caching on Windows 95/98/ME/2000 Clients?
 
This patch can be used if you don't want Windows clients to remember password for shared folders on SME Server. The registry patch is located here: http://servername/server-resources/regedit/win98pwdcache.reg
 
Just double click on the win98pwdcache.reg file and the settings will be added to the Windows Registry.
 
 
 
'''Note'''
 
Although the filename seems to indicate that this patch will only work for Windows 98, but it also works in Windows 95, Windows ME and Windows 2000.
 
 
 
 
*LDAP Directory Gives MAPI_E_CALL_FAIL Errors on Outlook 2002 or Outlook 2003
 
In Outlook 2002 or 2003 when someone tries to find a contact using the LDAP server, a message stating that "Unavailable critical extension" and then a second message saying "The search could not be completed. MAPI_E_CALL_FAIL" shows up and nothing shows up from the search. The directory works beautifully in Thunderbird 1.5 as well as Outlook 2000, but not 2002 or 2003.  More information can be found here: [http://support.microsoft.com/default.aspx?scid=kb;en-us;555536&amp;sd=rss&amp;spid=2559] [http://bugs.contribs.org/show_bug.cgi?id=1406]
 
 
 
 
 
*Where is the netlogon directory?
 
The netlogon directory is located on the SMESERVER at: /home/e-smith/files/samba/netlogon
 
It can also be found by a client computer at: \\servername\netlogon
 
 
 
===Web Applications===
 
*chmod 777
 
 
 
Using 777 is always wrong (despite the fact that many howtos recommend it). 0770 is sufficient, as long as www is a member of the group owning the directory, and is safer.
 
 
 
Use chown www /path/to/dir <br />
 
and preferably put your app in /opt/app not in an ibay
 
 
 
* Generic Instructions for Installing a Web Application
 
[[:Web_Application_RPM]]
 
 
 
*Wasn't mod_perl installed in previous versions? How do I install it?
 
It may have been, but it was not used so it is no longer included. If you do want to install it do the following:
 
 
 
'''Note'''
 
The commands on a linux shell are case-sensitive, this means that Capital is not the same as capital.
 
 
 
  yum install mod_perl
 
  config setprop modPerl status enabled
 
  signal-event post-upgrade ; signal-event reboot
 
 
*The directory structure is visible. How do I disable indexes in ibays?
 
SME Server 6.0, 6.0.1, and 6.5 all had the following for the ibays/html directory - "Options Indexes Includes". This would indicate that indexes were allowed for html directories. In SME Server 7.0 this is made a parameter and it defaults to enabled to be compatible with SME Server releases before SME Server 7.0 installations.
 
 
 
To disable indexes for an ibay in SME Server 7.0 do the following:
 
 
 
  db accounts setprop //ibayname// Indexes disabled
 
  signal-event ibay-modify //ibayname//
 
 
This issue was first reported here:
 
[[https://sourceforge.net/tracker/?func=detail&amp;atid=615772&amp;aid=1275351&amp;group_id=96750]]
 
 
 
*I need to create (or install) a PHP application that needs access to the /tmp directory.
 
db accounts setprop ibayname PHPBaseDir /tmp/:/home/e-smith/files/ibays/ibayname/
 
signal-event ibay-modify ibayname
 
 
 
By default if you have PHP code in an IBAY, it can only run in that IBAY. The above commands will allow PHP code in the IBAY to run outside of its installed directory.
 
 
 
Here is a list of all the  [[:DB_Variables_Configuration#Apache_server_ibay_specific_.28httpd-e-smith.29 | IBAY specific settings]]
 
 
 
===Reset the root and admin password===
 
 
 
1. Restart your server and at the beginning of the boot-up use the arrow keys to select the kernel you would like to boot into.
 
 
 
2. Press A , to allow you to append parameters to your grub boot settings.
 
 
 
3. Be careful not to change anything, only add the following after the A ('''Be sure to put a space before "single"'''):
 
  single
 
4. Press enter. you will be presented with a prompt.
 
 
 
5. At this prompt type the following two commands (each followed by a return). You will be asked to provide a new password.
 
Reset both your root and your admin password and set them to the same value:
 
  passwd root
 
  passwd admin
 
Reboot your server and everything should be okay now.
 
 
 
===File Size Limitations===
 
*Apache, the web server can only transfer or show files under 2G
 
 
 
*Backup to USB Disk
 
FAT32 only supports file size of <4GB.  It is recommended that you format your external usb drives to ext3.
 
 
 
===External DNS===
 
To allow external users to communicate with your server, you must have correctly configured DNS records. Once you have purchased a domain, you should configure the following records (customised if necessary) to allow web and email communication:
 
 
 
1. An A record, myserver.mydomain.com, pointing to the external IP address of your server
 
 
 
2. A CNAME record, *.mydomain.com, pointing to the A record myserver.mydomain.com [this is a catchall that allows aliases such as www.mydomain.com and mail.mydomain.com to be resolved without having to create multiple CNAME records]
 
 
 
3. An MX record, pointing to myserver.mydomain.com, to allow for email delivery
 
 
 
If your registrar does not allow you to create DNS records, you may use a free service such as http://www.zoneedit.com or similar.
 
 
 
The example shown assumes that your server is operating in Server and Gateway mode and has a static external IP address. Depending on your network design and server configuration, the example may need to be modified. For example, if you use a Dynamic DNS service, you would need to modify the A record to point to your Dynamic DNS hostname, rather than a static IP address.
 
 
 
===Domains===
 
 
 
*When I create a DOMAIN, I don't see anything listed in the HOSTNAMES AND ADDRESSES panel for that DOMAIN.
 
 
 
For a domain to be effective (for email or web), it needs to be configured as INTERNET DNS SERVERS (this is the default value). Since the domain resolves via INTERNET DNS SERVERS, no hostnames or addresses are created locally. For more info please visit the Administration Manual section regarding Domains: [[http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter13#Domains]]
 
 
 
====Delegate DNS====
 
 
 
SME Allows for 3 Settings for DNS Resolution of a Domain
 
# Resolve Locally
 
# Internet DNS Servers
 
# Corporate DNS servers
 
  
If this is not sufficient, you can extended these for individual domains on your SME server (forwarding all DNS Queries for the specified domain to another server) as follows:
+
{| style="color:red;background-color:#ffffcc;"
 
+
|
First, create the necessary virtual domains using server-manager::Configuration::Domains::Add Domain.
+
Please see [[Help:Contents#How_to_get_a_wiki_account.3F|'''how to get a wiki account''']]
 
 
Then, (assuming your domain is called test.com and the actual DNS server is at a.b.c.d issue the following commands:
 
 
 
db domains setprop test.com Nameservers a.b.c.d
 
signal-event domain-modify
 
 
 
Check with
 
cat /var/service/dnscache/root/servers/test.com
 
 
 
===Virus Scanning===
 
*When you elect to nightly scan your server for viruses the current default is to scan /home/e-smith/files
 
 
 
Note that early SME 7 Servers defaulted to /.
 
 
 
Also you may want to scan under /opt if have contribs that store user data there
 
 
 
the db property to change to the default
 
config setprop clamav FilesystemScanFilesystems /home/e-smith/files
 
or to scan different areas of the server is
 
config setprop clamav FilesystemScanFilesystems "/home/e-smith/files /opt"
 
 
 
 
 
*How do I exclude some directories from scanning
 
Set the db value to exclude more directories
 
 
 
The default
 
  config setprop clamav FilesystemScanExclude /proc,/sys,/usr/share,/var
 
 
 
Change with
 
config setprop clamav FilesystemScanExclude /proc,/sys,/usr/share,/var,/home/e-smith/files/ibays
 
 
 
After any change, run the signal-event for expand and regenerate configuration files, and restart pertinent services
 
 
 
signal-event clamav-update
 
 
 
{{:SME Server:Documentation:ProxyPass}}
 
 
 
===Shell Access===
 
*I need to give a user shell access to the SME Server.
 
 
 
Shell access should only be provided to users who have a *need* for it and can be trusted.
 
 
 
Before a user can have shell access Admin must enable ssh access at
 
server-manager -> Security -> Remote Access
 
 
 
You then enable shell access for a user by:
 
db accounts setprop username Shell /bin/bash
 
chsh -s /bin/bash username
 
 
 
===Upgrading Server===
 
*What's the best way to upgrade to a new server ?
 
An article is written for this subject. Please visit: [[:UpgradeDisk]].
 
 
 
*Do you want to move a running SME 7 Server installation to new hardware ?
 
There is a document that describes a method using the Affa contrib.
 
Affa makes it possible to move with a minimal effort and minimal downtime of the production server.
 
Please visit: [[:Moving SME to new Hardware]]
 
 
 
===Changing maximum Ibay, Account or Group name length===
 
* How do I change the default maximum (12 characters) name length of an I-Bay, account or group?
 
Enter following command on the console as root:
 
/sbin/e-smith/db configuration set maxIbayNameLength xx
 
/sbin/e-smith/db configuration set maxAcctNameLength xx
 
/sbin/e-smith/db configuration set maxGroupNameLength xx
 
where 'xx' is the new size e.g. 15.
 
 
 
Followed by:
 
/sbin/e-smith/signal-event console-save
 
 
 
===Deletion of Users Ibays Groups===
 
*I can't delete & create a user for some reason. What do I do now?
 
If for some reason you can't delete & create a user, then first do:
 
signal-event user-delete <username>
 
db accounts delete <username>
 
 
 
*I can't delete & create a ibay for some reason. What do I do now?
 
If for some reason you can't delete & create a ibay, then first do:
 
signal-event ibay-delete <ibayname>
 
db accounts delete <ibayname>
 
 
 
*I can't delete & create a group for some reason. What do I do now?
 
If for some reason you can't delete & create a group, then first do:
 
signal-event group-delete <groupname>
 
db accounts delete <groupname>
 
 
 
 
 
*I was looking in the home directory of a user and I see a hidden directory called ".junkmail". Do I need that? Can I delete it?
 
Don't remove or rename .junkmail folders.
 
 
 
 
 
===Access denied to i-bay with newly created group===
 
*Problem: If I try to write to an i-bay immediately after creating a new group, and being a member of that group, and assigning that group access rights to the i-bay, access is denied. Changing the i-bay access to an older group of which I am a member, access is allowed as desired.
 
 
 
Workaround: log out after creating the group and then log back in
 
 
 
The issue seems to be with samba not SME. See [[Bugzilla:4961]] Privileges are assigned upon logon in Linux, hence the need to log out and then log in again to receive the newly created group's privileges.
 
 
 
===Password Strength Checking===
 
*How can I change password strength & what do the strength settings mean?
 
 
 
{{Warning box|It is strongly advised not to set the password strength setting to ''none'' as this will lower the security of your server significantly.}}
 
 
 
{{Note box|PAM module requires passwords to be at least 6 characters long, so setting a password that is shorter than that may cause other problems later. SME server default settings enforce 7 character passwords.}}
 
 
 
The following settings are available to specify the password strength on SME Server:
 
 
 
{|
 
! setting
 
! explanation
 
|-
 
| ''strong''
 
| The password is passed through Cracklib for dictionary type word checking as well as requiring upper case, lower case, number, non alpha and a mimimum length of 7 characters.
 
|-
 
| ''normal''
 
| The password requires upper case, lower case, number, non alpha and a minimum length of 7 characters.
 
|-
 
| ''none''
 
| The password can be anything as no checking is done.
 
Please note that "none" does not mean no password, it just means no password strength checking, so you can enter any (weak) password you want as long as it is at least 7 characters long.
 
 
|}
 
|}
  
To set password strength do:
 
config setprop passwordstrength Admin strengthvalue
 
config setprop passwordstrength Users strengthvalue
 
config setprop passwordstrength Ibays strengthvalue
 
where strengthvalue is one of the entries listed in the table above; either "strong", "normal" or "none" .
 
 
e.g.
 
config setprop passwordstrength Users normal
 
 
To review the current settings do:
 
config show passwordstrength
 
 
which should display something like:
 
 
passwordstrength=configuration
 
  Admin=strong
 
  Ibays=strong
 
  Users=strong
 
 
Alternatively, you can install the smeserver-password contrib discussed here: [[Password]]
 
 
This contrib will let you configure password strength and aging through a web panel in the server-manager.
 
 
===Hard Drives, RAID's, USB Hard Drives===
 
*How should I setup my hard-drives?
 
We never recommend anything other than a '''single disk install''' or '''multiple disks of the same type'''. Anything else and you are following an unrecommended setup and you will need to navigate for yourself. Repeat, we never recommend anything other than a '''single disk install''' or '''multiple disks of the same type'''. If you're thinking of doing anything else (setup your own partitions), read this section again.
 
 
*How should I setup my RAID?
 
A full article on RAID is found here: [[:Raid]]
 
 
 
*I want to use a hardware RAID. What do you suggest?
 
Please see the notes in the RAID article: [[:Raid#Raid_Notes]]
 
 
 
*How do I recover an SME Server with lvm drives
 
A full article on the recovery method is found here: [[:Recovering_SME_Server_with_lvm_drives]]
 
 
 
*I'm installing a RAID 5 but it seems to take a long time. Is there something wrong?
 
RAID 5 systems (those with 3+ disks) can take a long time during and after the install for everything to sync. Reportedly, it takes almost 2 hours before the disks finally finish syncing on 4 X 80GB disks.
 
 
 
*If I boot my SMESERVER with a USB hard drive attached, it recognizes the drive. However, after unplugging the drive, then replugging, it no longer exists. Any ideas why?
 
Reportedly, some external usb hd's must be completely powered up before connecting the usb cable.
 
 
 
*If I boot my SMESERVER with a USB hard drive attached, it doesn't recognize the drive. Any workarounds for this?
 
Some USB drives need to be plugged twice into the server to be recognized.
 
 
 
* Further information regarding USB disks can be found in this HOW TO: [[USBDisks]]
 
 
===Backups & Restores===
 
*AIT-1 Backup: buffer unreliable
 
An AIT-1 is unreliable if used with variable block size. Set the setting
 
config setprop flexbackup TapeBlocksize 512
 
AIT-2, DAT and LTO seem to work well with variable block size.
 
 
 
*Slow tape backup performance may be improved by changing Flex backup settings
 
config setprop flexbackup Blocksize 256
 
config setprop flexbackup BufferMegs 16
 
 
 
*In the ADMIN CONSOLE, there is an option to BACKUP TO USB but there are no restore options.
 
The RESTORE option is only visible on a new install. If you missed this during install, you can
 
config set PasswordSet no
 
signal-event post-upgrade; signal-event reboot
 
 
During reboot reconfiguration process you should see the new restore via USB backup option.
 
-NOW plug in the usb drive (Do not plug in the usb drive until you reach this point).
 
-pick YES or RESTORE (or whatever is presented to you)
 
 
 
===Supervised Services===
 
*Many services on SME are supervised, to see which are type
 
ps ax |grep runsv
 
To control them read the sv manual
 
man sv
 
 
*it seems that "sv u http-e-smith" gives no errors, even if the service fails to restart, so you need to use "sv s httpd-e-smith" to check if it fails (example:  due to a httpd.conf error)
 
 
This is just the way that runsv (part of the runit package) works. The "sv u http-e-smith"
 
only sends a message to runsv saying that we want the service to be up.
 
runsv then will keep trying to get the service running.
 
 
 
===Server-Manager===
 
*I can't access the server-manager. What do I do now?
 
There are many reasons why you wouldn't be to access the server-manager. First try:
 
signal-event post-upgrade;  signal-event reboot
 
 
If you still can't access, there are reports that a certificates mis-match might have occurred after update. In that case:
 
rm /home/e-smith/ssl.key/*.key
 
rm /home/e-smith/ssl.pem/*.pem
 
rm /home/e-smith/ssl.crt/*.crt
 
signal-event domain-modify; signal-event reboot
 
 
 
*I used to access the SERVER-MANAGER with localhost:980 remotely via SSH tunnel and now I can't. What happened?
 
This feature has been deprecated a long time and finally removed in V7.2
 
 
If you really want to use this then forward 443 to localhost:443 and then use
 
https://localhost/server-manager/
 
 
 
*Using a ssh client, the /server-manager login screen is difficult to read
 
The text is white, so you need to adjust your ssh client to use a dark background
 
 
 
*I've renamed my server with the ADMIN CONSOLE. The old name appears under the SERVER-MANAGER, HOSTNAMES panel. It cannot be deleted as there are no MODIFY/REMOVE links.
 
 
-login to the shell console
 
-type: db hosts setprop <local.mycompany.local> static no
 
-go to the HOSTNAMES & ADDRESSES panel and you should be able to modify/remove the name
 
 
===Booting with SMP kernel after upgrade to version 7.2 from CD===
 
*I've upgraded and now the SMP kernel isn't available.
 
This is because when upgrading to 7.2 from CD, kernel modules are
 
missing for SMP '''IF''' the output of "cat/proc/cpuinfo"
 
does not show multiple processors.  The SMP kernel, if not present, can be installed via yum using:
 
Do:
 
yum install kernel-smp kmod-ppp-smp kmod-slip-smp kmod-appletalk-smp
 
signal-event post-upgrade
 
signal-event reboot
 
Details: http://bugs.contribs.org/show_bug.cgi?id=3095
 
 
*I'm getting a kernel panic after upgrade from CD. What do I do now?
 
When upgrading with a CD, the upgrade will rewrite the grub.conf file.  As a result, any additional boot arguments (i.e. acpi=off) will be lost during upgrade. Please edit the grub.conf file.
 
 
 
===Special Characters===
 
*I get strange characters & letters when look at my file names.
 
If you get filenames that look like: "éèÃ.txt" It's most likely because the SME server isn't understanding special characters you may be using. You can change it to understand special characters in filenames by:
 
db configuration setprop smb UnixCharSet ISO8859-1
 
expand-template /etc/smb.conf
 
/etc/init.d/smb restart
 
 
 
===Upstream proxy server configuration===
 
SME Server allows you to proxy internet traffic for various components through an 'upstream' proxy server.
 
 
You might need to do this if:
 
* Your SME server does not have direct access to the Internet
 
* You have several sites and need centralized internet activity control and reporting
 
* You are required to impose internet access restrictions on your users (at a school, for example)
 
 
====Browser Access from LAN Workstations====
 
*How do I configure a mandatory upstream proxy server, there used to be a panel in earlier versions of sme server, but it's missing in sme7.x
 
 
config set SquidParent a.b.c.d
 
config set SquidParentPort nnn
 
signal-event post-upgrade
 
signal-event reboot
 
 
[The SquidParentPort setting is optional if the upstream proxy is on port 3128.]
 
 
====Yum (system updates)====
 
How do I get yum updates through a proxy server (in case my SME server does not have direct internet access)
 
 
Based on [[Bugzilla:2407]]:
 
<nowiki>mkdir -p /etc/e-smith/templates-custom/etc/yum.conf
 
cd /etc/e-smith/templates-custom/etc/yum.conf
 
echo '{
 
    my $YumProxy = $yum{'Proxy'} || "none";
 
    $OUT = ($YumProxy eq "none") ? "" : "proxy=$YumProxy";
 
}' > 10main_proxy
 
config setprop yum Proxy http://localhost:3128/
 
expand-template /etc/yum.conf
 
</nowiki>
 
 
* The code shown above should work (untested) if you have configured SquidParent for your server.
 
* You could (alternatively) replace '''<tt><nowiki>http://localhost:3128</nowiki></tt>''' with the address of your upstream proxy.
 
 
 
====ClamAV / freshclam====
 
How do I configure freshclam to download updates for ClamAV through a proxy server?
 
 
Based on examination of '''<tt>/etc/e-smith/templates/etc/freshclam.conf/ProxySettings</tt>''':
 
<nowiki>config setprop clamav HTTPProxyServer localhost
 
config setprop clamav HTTPProxyPort 3128
 
config setprop clamav HTTPProxyUsername ""
 
config setprop clamav HTTPProxyPassword ""
 
sv t freshclam
 
</nowiki>
 
* The code shown will proxy ClamAV updates through your local squid proxy.
 
* You could (alternatively) replace the values shown above with the values required for any upstream proxy.
 
* [[Bugzilla:542]]
 
 
====Spamassassin====
 
From http://wiki.apache.org/spamassassin/RuleUpdates:
 
<blockquote>'''What if I need update requests to go through a proxy server?'''<br />
 
 
sa-update uses the LWP::UserAgent module, which allows certain environment variables to be set so that requests use defined proxy servers. The main one of interest is "http_proxy", which should be set to an URL defining the proxy. ie: export http_proxy='http://proxy.example.com:8080/'</blockquote>
 
 
On a sme server, this should work with '''<tt><nowiki>export http_proxy='http://localhost:3128'</nowiki></tt>''', which would need to be added to /etc/cron.daily/sa_update
 
 
====curl, wget====
 
For curl and wget to work correctly on a SME server without direct internet access, you must execute the following command in the same program or shell session beforehand:
 
 
export http_proxy=localhost:3128
 
 
eg:
 
<nowiki>export http_proxy=localhost:3128
 
curl http://www.googl.com</nowiki>
 
 
====ssh, ftp, telnet====
 
{{Note box|ssh, ftp and telnet do not work via an http "upstream" proxy.}}
 
 
====Testing and Verification====
 
You can verify that a particular program is being proxied through squid on your local SME server by searching /var/log/squid/access.log for access to the target web address originating from '127.0.0.1'.
 
 
That is, after executing these commands:
 
<nowiki>export http_proxy=localhost:3128
 
curl http://www.google.com</nowiki>
 
 
you should see an entry similary to the following <tt>/var/log/squid/access.log:</tt>
 
1329759611.923    64 '''127.0.0.1''' TCP_MISS/301 726 GET '''<nowiki>http://www.google.com</nowiki>''' - DIRECT/74.125.113.94 text/html
 
 
===Memory usage and limits===
 
 
*How much memory can sme server handle
 
 
SME server currently (v7.3) supports 16GB of RAM, with a maximum of 3GB per process. These limits can easily be increased to 64GB total and 4GB per process by installing and running the "hugemem" variant of the kernel
 
 
*Why does my sme server always seem to be using all the memory, there is no spare memory left
 
 
Utilities such as top or htop always report that all available memory is being used.
 
The Linux OS is designed to utilise all available memory all of the time. If other processes require more memory then it is made available to those processes. Fully utilising all the available memory is a good thing as it optimises the performanece of your server.
 
 
*How can I tell if my sme server needs more memory
 
 
Watch the availabe swap memory usage eg using top, htop or ps -aux. If swap memory usage regularly exceeds 50% of the available swap memory, then you should add more physical RAM to your system.
 
Other indications that additional RAM is required are "out of memory" messages in log files, and at times the server becomes inactive for a period, often related to spam & virus scanning & high email loads.
 
 
{{:Booting}}
 
 
{{:Log_Files}}
 
  
{{:Email}}
+
{{Tip box|[[SME_Server:Documentation:FAQ:booklet |One page FAQ Manual]] All the chapters on one page. This is a very large page !}}
  
{{:Firewall}}
+
----
 +
[[SME Server:Documentation:FAQ:Section01|Section 1 - Installation]]
 +
* Installation Troubles
 +
* Yum Updates
 +
* Removing Software
 +
* Hardware Compatibility List
 +
* Client Computers
 +
* Web Applications
 +
* Reset the root and admin password
 +
* File Size Limitations
 +
* External DNS
 +
* Domains
 +
* Virus Scanning
 +
* Proxy Pass
 +
* Shell Access
 +
* Upgrading Server
 +
* Changing maximum Ibay, Account or Group name length
 +
* Deletion of Users Ibays Groups
 +
* Access denied to i-bay with newly created group
 +
* Change Password Users by command Line
 +
* Password Strength Checking
 +
* Hard Drives, RAID's, USB Hard Drives
 +
* Backups & Restores
 +
* Supervised Services
 +
* Server-Manager
 +
* Booting with SMP kernel after upgrade to version 7.2 from CD
 +
* Special Characters
 +
* Upstream proxy server configuration
 +
* Memory usage and limits
  
{{:MySQL}}
+
[[SME Server:Documentation:FAQ:Section02|Section 2 - Booting]]
 +
* Installation
 +
* Boot Options
 +
* More
  
==Later versions of applications==
+
[[SME Server:Documentation:FAQ:Section03|Section 3 - Log Files]]
 +
* Access
 +
* Logfile Names
 +
* Error Messages
 +
* RK Hunter Messages
  
===Why does SME Server still not have PHP 5, MySql4, Apach2, xxx ===
+
[[SME Server:Documentation:FAQ:Section04|Section 4 - Email]]
SME Server 7.x is based on Centos 4.x which in term is based on RedHat Enterprise Linux 4.x. Since the development team is limited in person and time, all work is done in spare time, we do not have the time to implement such big changes and cope with the maintenance of such work.
+
* Troubleshooting
 +
* Spam
 +
* Anti Virus
 +
* Email Clients
 +
* Server Settings
 +
* External Access
 +
* Imap
 +
* qpsmtpd
 +
* Internal Mail Servers
 +
* Secondary/Backup Mail Server Considerations
 +
* User accounts
 +
* Mail server on dynamic IP
  
===Is xxx on SME Server still safe to run? ===
+
[[SME Server:Documentation:FAQ:Section05|Section 5 - Firewall]]
Yes, because security fixes and bug fixes are backported to the 4.x releases and they are propagated to the users as updates, for more information have a look at http://www.redhat.com/security/updates/backporting.
+
* FAQs
 +
* DB Settings
 +
* Custom templates
 +
* Open Ports in Private Server/Gateway Mode
  
===Can I install a later version of xxx===
+
[[SME Server:Documentation:FAQ:Section06|Section 6 - MySQL]]
Yes, but you are then responsible for updates and possible conflicts with updates
+
* General
 +
* MySQL root password
 +
* Access MySQL from the local network
 +
* Access MySQL from a remote network
 +
* Create MySQL user(s) with access from other computers
 +
* Enable InnoDB engine
 +
* Administration
 +
* Optimizing MYSQL default settings
  
For example see this page for [[:PHP#PHP_5 PHP]] updates and warnings
+
[[SME Server:Documentation:FAQ:Section07|Section 7 - Later versions of applications]]
 +
* Is xxx on SME Server still safe to run?
 +
* Can I install a later version of xxx
  
==Known Problems==
+
[[SME Server:Documentation:FAQ:Section08|Section 8 - Known Problems]]
 +
* Backup/Restore
 +
* Hardware
 +
* Installation (not hardware related) & Initial Configuration
 +
* Services
 +
* Packages
  
{{Note box|This section is to be used to document problems that cannot or will not be fixed through development of SME Server 7. <br>
+
[[Category:SME Server]]
Please refer to the [[:KnownProblems]] page}}
 

Revision as of 20:10, 22 January 2014



The Koozali SME Server project

The Koozali Foundation Inc. is a nonprofit corporation that governs the open source Koozali SME Server project. Koozali SME Server is a stable, secure and easy to use/manage linux server that provides common server functionalities out of the box. Many open source contributions are available that can extend the default server functionality making Koozali SME Server an even more powerful and flexible business server solution. Thousands of Koozali SME Severs have been deployed as real or virtual servers and in the cloud to serve many small to medium enterprises, and this number is growing day by day. The Koozali SME Server is free to use but it takes a lot of effort and money to develop, make, and maintain. We therefore ask you for your considerations.

Volunteering

Koozali Foundation Inc. together with its community hosted at https://contribs.org is a collaborative effort of volunteers. You too can contribute to the development and continuity of the Koozali SME Server project as described on our volunteering page. Everybody is welcome to join the already 4000+ member contribs.org community and can contribute with any skill set.

Financial donations

You can also show your support by making financial donations. The preferred way to make financial donations is using the donate option in the forums. You are free to choose any amount and frequency, being monthly, yearly or only once. The benefit of donating through your forums account is that your forum user name will receive a badge, showing your donation status. If you do not have a forum account, you can create one, or select the below PayPal option to make your donations.

Commercial usage

Organizations that use Koozali SME Server for their business, provide professional services related to SME Server or in any other way benefit commercially from the Koozali SME Server project, are kindly requested to consider regular financial donations that reflect their business benefits.

Koozali Foundation Inc. is happy to supply an invoice for any donations received. For more information on invoicing please send a mail to treasurer@koozali.org.

Thank you for your considerations and support!


F.A.Q

This Section lists Frequently Asked Questions (FAQ) for SME server. Problems many people run into installing SME server for the first time or upgrading to later versions are found here.

If your question isn't listed here, it's possible it's a Rarely Asked Question (RAQ), in which case you'll be better off searching for answers in Bugzilla.

Please see how to get a wiki account


Information.png Tip:
One page FAQ Manual All the chapters on one page. This is a very large page !



Section 1 - Installation

  • Installation Troubles
  • Yum Updates
  • Removing Software
  • Hardware Compatibility List
  • Client Computers
  • Web Applications
  • Reset the root and admin password
  • File Size Limitations
  • External DNS
  • Domains
  • Virus Scanning
  • Proxy Pass
  • Shell Access
  • Upgrading Server
  • Changing maximum Ibay, Account or Group name length
  • Deletion of Users Ibays Groups
  • Access denied to i-bay with newly created group
  • Change Password Users by command Line
  • Password Strength Checking
  • Hard Drives, RAID's, USB Hard Drives
  • Backups & Restores
  • Supervised Services
  • Server-Manager
  • Booting with SMP kernel after upgrade to version 7.2 from CD
  • Special Characters
  • Upstream proxy server configuration
  • Memory usage and limits

Section 2 - Booting

  • Installation
  • Boot Options
  • More

Section 3 - Log Files

  • Access
  • Logfile Names
  • Error Messages
  • RK Hunter Messages

Section 4 - Email

  • Troubleshooting
  • Spam
  • Anti Virus
  • Email Clients
  • Server Settings
  • External Access
  • Imap
  • qpsmtpd
  • Internal Mail Servers
  • Secondary/Backup Mail Server Considerations
  • User accounts
  • Mail server on dynamic IP

Section 5 - Firewall

  • FAQs
  • DB Settings
  • Custom templates
  • Open Ports in Private Server/Gateway Mode

Section 6 - MySQL

  • General
  • MySQL root password
  • Access MySQL from the local network
  • Access MySQL from a remote network
  • Create MySQL user(s) with access from other computers
  • Enable InnoDB engine
  • Administration
  • Optimizing MYSQL default settings

Section 7 - Later versions of applications

  • Is xxx on SME Server still safe to run?
  • Can I install a later version of xxx

Section 8 - Known Problems

  • Backup/Restore
  • Hardware
  • Installation (not hardware related) & Initial Configuration
  • Services
  • Packages