Difference between revisions of "SME Server:Documentation:User Manual:Chapter1"
m (→VPN Access) |
|||
(20 intermediate revisions by 7 users not shown) | |||
Line 5: | Line 5: | ||
The user's password gives access to server login, file storage, email accounts and the like. | The user's password gives access to server login, file storage, email accounts and the like. | ||
If a user's password is lost the administrator can reset to a new value, but not retrieve the old one. | If a user's password is lost the administrator can reset to a new value, but not retrieve the old one. | ||
− | + | Passwords must be sufficiently complex, with the rules controlled by the server administrator. | |
− | Passwords must be sufficiently complex | ||
− | + | Users can reset their passwords at <b>www.yourserver.net/user-password</b> | |
− | |||
− | + | For windows clients, If the server is the domain PDC the user can reset his password after issuing a Ctrl+Alt+Del, Note that windows error messages may not explain clearly enough that the user password isn't [[SME_Server:Documentation:Administration_Manual:Chapter9#Changing_User_Passwords|sufficiently complex]]. | |
− | + | ====Admin/root passwords==== | |
+ | Unlike user passwords, the admin/root passwords can not be set via <b>www.yourserver.net/user-password</b>, nor can they be set on a windows client via Ctrl+Alt+Del. Admin/root passwords must be set via the server manager or via the console commands ''passwd'', either on the console directly or via SSH. | ||
− | + | ===VPN Access=== | |
+ | {{WIP box}} | ||
+ | {{warning box|PPTP is UNSAFE and has been DEPRECATED. This section is in the process of being rewritten. Use VPN (qv) instead of PPTP}} | ||
+ | <!--To configure VPN access the administrator must | ||
+ | [[:SME_Server:Documentation:Administration_Manual:Chapter11#PPTP_.28VPN.29 | configure PPTP.]] | ||
− | + | * First Admin must enable PPTP connections globally in the "Remote access" panel. Enter the number of concurrent PPTP connections that will be established. To disable all PPTP connections enter "0" (default). | |
− | + | * Then Admin must enable VPN access for each user that will be allowed to connect via VPN to your SME Server. Use the "Users" panel to configure each user that requires VPN access. | |
− | + | To configure your VPN client, in Win XP, go to Networking in Control Panel. (New Connection Wizard) | |
− | + | * Establish the connection from XP by double clicking the VPN icon for your connection & entering a valid SME user/password combination. Your connection to the Internet needs to be established first before you initiate the PPTP connection | |
− | + | * It is suggested/advised you to use the same login name on your Windows PC as you use on sme, it's easier (& seamless) to deal with permissions for ibays etc that way. | |
− | |||
− | {{ | + | * When you then open up your Network Neighborhood window, you should see your server workgroup listed there. Alternatively, map a drive as required like: |
+ | net use M: \\192.168.1.1\ibayname --> | ||
+ | |||
+ | {{Note box|When setting up VPN make sure your subnet is not the same as your VPN, for example your location "home" has a subnet of 192.168.1.0 and your "office" is 192.168.1.0 will not allow you to VPN, you will either need to change your "home" subnet to be different or set up your server to be a unique subnet.}} | ||
===Shell Access=== | ===Shell Access=== | ||
+ | * '''Password access''' | ||
+ | If your admin allows it you can connect with just a username and password. | ||
− | + | * '''SSH Keys access''' | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | '''SSH | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
If you need to get SSH access to your server from outside the LAN (e.g. you want to get to your work server from home) then the advised method is to use Public / Private Keys. | If you need to get SSH access to your server from outside the LAN (e.g. you want to get to your work server from home) then the advised method is to use Public / Private Keys. | ||
− | + | During Logon, the server runs a check to see if your Private Key corresponds to its stored Public key for the user that you are trying to log on as. If they don't match then the server simply drops the TCP session. | |
− | |||
− | |||
− | During Logon, the server runs a | ||
− | If they don't match then the server simply drops the TCP session | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Setup your keys with the information at [[:SSH_Public-Private_Keys]] | |
− | |||
− | |||
− | |||
− | + | When you have SSH Keys working, the server Admin can disable logging in using passwords. | |
− | |||
− | |||
+ | * Improve user remote shell cosmetics | ||
+ | Create a .bash_profile file for the user in ~ | ||
− | + | # include .bashrc if it exists | |
+ | if [ -f ~/.bashrc ]; then | ||
+ | source ~/.bashrc | ||
+ | fi |
Latest revision as of 18:05, 30 June 2021
Chapter 1 - Access
Passwords
The user's password gives access to server login, file storage, email accounts and the like. If a user's password is lost the administrator can reset to a new value, but not retrieve the old one. Passwords must be sufficiently complex, with the rules controlled by the server administrator.
Users can reset their passwords at www.yourserver.net/user-password
For windows clients, If the server is the domain PDC the user can reset his password after issuing a Ctrl+Alt+Del, Note that windows error messages may not explain clearly enough that the user password isn't sufficiently complex.
Admin/root passwords
Unlike user passwords, the admin/root passwords can not be set via www.yourserver.net/user-password, nor can they be set on a windows client via Ctrl+Alt+Del. Admin/root passwords must be set via the server manager or via the console commands passwd, either on the console directly or via SSH.
VPN Access
Shell Access
- Password access
If your admin allows it you can connect with just a username and password.
- SSH Keys access
If you need to get SSH access to your server from outside the LAN (e.g. you want to get to your work server from home) then the advised method is to use Public / Private Keys.
During Logon, the server runs a check to see if your Private Key corresponds to its stored Public key for the user that you are trying to log on as. If they don't match then the server simply drops the TCP session.
Setup your keys with the information at SSH_Public-Private_Keys
When you have SSH Keys working, the server Admin can disable logging in using passwords.
- Improve user remote shell cosmetics
Create a .bash_profile file for the user in ~
# include .bashrc if it exists if [ -f ~/.bashrc ]; then source ~/.bashrc fi