653
edits
Changes
Jump to navigation
Jump to search
Line 1:
Line 1: − ==Frequently Asked Questions==+ − This Section lists ''Frequently Asked Questions'' (FAQ) for SME 7. Problems many people run into installing SME 7 for the first time or upgrading to later versions are found here. − If your question isn't listed here, it's possible it's a ''Rarely Asked Question'' (RAQ), in which case you'll be better off searching for answers in [http://bugs.contribs.org Bugzilla]. + − ===Yum Updates===+ − ==== Which repositories should be enabled==== − You should have the following repositories enabled (blue)+ − CentOS - os − CentOS - updates − SME Server - addons − SME Server - os − SME Server - updates. − − DO NOT enable '''SME Server - updates testing''' which is considered beta, unless − * it is a TEST server NOT a production server or − * you want to be part of a bug-testing group. − − Additionally − * '''SME Server - test''' is considered alpha − * '''SME Server - dev''' contains automatically built rpms. It contains lots of experimental, − incomplete and mutually incompatible packages. − − {{Warning box|msg=If upgrading from a system prior to 7.1 update 1, ie a 7.1 CD install or earlier, − you need to ensure you have the latest versions of the following rpms prior to applying the rest of the updates. − This speeds up install process and avoids updates from centos that may be ahead of the distribution. − − yum update dbus dbus-glib smeserver-support smeserver-yum yum yum-plugin-fastest-mirror python-sqlite − signal-event post-upgrade; signal-event reboot − }} − − {{DrawBoxNote|content=A system installed from the SME 7.1 CD will have the 5 repositories above enabled. A system installed from the SME 7.0 iso and updated to 7.1 or later will only have the 3 SME Server repositories enabled. After updating from SME 7.0 to SME 7.1.x you should enable the ''Centos - os'' & ''Centos - updates'' repositories in server-manager. − }} − − *For another way to reset the repositories to the default see [[:AddingSoftware#Restoring_Default_Yum_Repositories]] − − ====Reconfigure / post-upgrade and reboot==== − *When is a post-upgrade and reboot required? − The server manager yum installer has no way of determining whether − any configuration files will change if all are re-expanded or to know which − binaries have changed (or use libraries which have now changed) and therefore − need to be restarted. The only '''safe''' option is to reconfigure and restart − everything. − − After clicking '''Reconfigure''' check the Status message and that the server does actually reboot. − Rarely circumstances arise that prevent the reconfigure from triggering. If so run the following, − − signal-event post-upgrade; signal-event reboot − − ====Updating from SME 7.x to SME 7.2==== − See [[:Updating_to_SME_7.2#Yum_Update]] − − ====General==== − *Please Wait - Yum Running (prereposetup) − This means Yum is working out what updates are available. − Occasionally such as when large sets of updates are released this could take 10+ minutes to complete − − *Yum doesn't seem to be working correctly. What do I do now? − If for some reason you can't get yum to work correctly, try: − yum clean metadata − or possibly 'yum clean all' − yum update − − *Fix for 'Metadata file does not match checksum' − Typical error message − http://apt.sw.be/fedora/3/en/i386/dag/repodata/primary.xml.gz: − [Errno -1] Metadata file does not match checksum Trying other mirror. − Error: failure: repodata/primary.xml.gz from dag: [Errno 256] No more mirrors to try. − − To flush the up stream proxies, using wget, run: − − wget --cache=off http://apt.sw.be/fedora/3/en/i386/dag/repodata/filelists.xml.gz − wget --cache=off http://apt.sw.be/fedora/3/en/i386/dag/repodata/primary.xml.gz − wget --cache=off http://apt.sw.be/fedora/3/en/i386/dag/repodata/repomd.xml − yum update − − * An unclean shutdown during a system update can put the system into a state where it's difficult to recover. − Try not to kick the power cord and use a UPS − − * Where can I go to learn more about yum, and about how SME uses it? − [[:AddingSoftware ]], man yum, http://linux.duke.edu/projects/yum/ − − ===Client Computers=== − − *Samba trust relationships lost? − This is a possible bug with an upgrade from SME6. After an upgrade, local workstations cannot log in. If you are experiencing this problem, please have a look at this bug for a fix, and provide followup: − [[https://sourceforge.net/tracker/index.php?func=detail&aid=1234009&group_id=96750&atid=615772]] − − − *Windows XP Clients - Patch to logon to SME domain − This patch can be used when Windows XP clients won't be able to log on to the SME Server domain. The registry patch is located here: − http://servername/server-resources/regedit/winxplogon.reg − Double click on the winxplogon.reg file and the settings will be added to the Windows Registry. − − − *How to disable password caching on Windows 95/98/ME/2000 Clients? − This patch can be used if you don't want Windows clients to remember password for shared folders on SME Server. The registry patch is located here: http://servername/server-resources/regedit/win98pwdcache.reg − Just double click on the win98pwdcache.reg file and the settings will be added to the Windows Registry. − − '''Note''' − Although the filename seems to indicate that this patch will only work for Windows 98, but it also works in Windows 95, Windows ME and Windows 2000. − − − *LDAP Directory Gives MAPI_E_CALL_FAIL Errors on Outlook 2002 or Outlook 2003 − In Outlook 2002 or 2003 when someone tries to find a contact using the LDAP server, a message stating that "Unavailable critical extension" and then a second message saying "The search could not be completed. MAPI_E_CALL_FAIL" shows up and nothing shows up from the search. The directory works beautifully in Thunderbird 1.5 as well as Outlook 2000, but not 2002 or 2003. More information can be found here:[[http://support.microsoft.com/default.aspx?scid=kb;en-us;555536&sd=rss&spid=2559]] [[http://bugs.contribs.org/show_bug.cgi?id=1406]] − − − *Where is the netlogon directory? − The netlogon directory is located on the SMESERVER at: /home/e-smith/files/samba/netlogon − It can also be found by a client computer at: \\servername\netlogon − − − ===Firewall/Port Forwarding,Opening,Blocking=== − − *How do I configure the firewall? − The server manager is the GUI front end for the firewall. The firewall is modified automatically in response to changes you make in the configuration, such as enabling/disabling services, marking them public/private, forwarding ports, etc. If you wish to make changes beyond those provided for by the server manager, you can do so by providing custom templates − − *How do I allow public access to a service I've added to SME Server 7? − The procedure has changed and is now much simpler in SME Server 7. For this example the service you have installed is called 'manta' and 'nnn' is the TCP port number that needs to be opened. Watch your capitalization with the command below: − − config set manta service access public status enabled TCPPort nnn − − For UDP services, use UDPPort instead of TCPPort. − Note that you can also set restrictions with AllowHosts and DenyHosts: − − config setprop manta AllowHosts 1.2.3.4,10.11.12.0/24 − config setprop manta DenyHosts 16.17.18.18 − − Then, to activate, do: − − signal-event remoteaccess-update − − − *I want to block traffic from some ip-addresses to my server on some port. − config setprop httpd-e-smith DenyHosts a.b.c.d,w.x.y.z − signal-event post-upgrade − signal-event reboot − − − *I want to block All traffic from some ip-addresses to my server. − Create a custom template and list the IP's − mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/ − pico -w /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40DenyRiffRaff − /sbin/iptables -A INPUT -s 69.212.12.76/32 -j DROP − /sbin/iptables -A INPUT -s 88.28.215.11/32 -j DROP − − expand and restart − /sbin/e-smith/expand-template /etc/rc.d/init.d/masq − /etc/init.d/masq restart − − − *I want to have two WAN addresses; one for the SMESERVER and another that needs to be treated like a "Local Network". I can't set any address from the WAN subnet as a "Local Network". − − This is intended behaviour as SMESERVER is secure by design. If you need to do something like this, you should know what you are doing and understand what to poke under the covers. − − ===Web Applications=== − *chmod 777 − − Using 777 is always wrong (despite the fact that many howtos recommend it). 0770 is sufficient, as long as www is a member of the group owning the directory, and is safer. − − Use chown www /path/to/dir <br /> − and preferably put your app in /opt/app not in an ibay − − *Wasn't mod_perl installed in previous versions? How do I install it? − It may have been, but it was not used so it is no longer included. If you do want to install it do the following: − − − The commands on a linux shell are case-sensitive, this means that Capital is not the same as capital. − − yum install mod_perl − config setprop modPerl status enabled − signal-event post-upgrade ; signal-event reboot − − *The directory structure is visible. How do I disable indexes in ibays? − SME Server 6.0, 6.0.1, and 6.5 all had the following for the ibays/html directory - "Options Indexes Includes". This would indicate that indexes were allowed for html directories. In SME Server 7.0 this is made a parameter and it defaults to enabled to be compatible with SME Server releases before SME Server 7.0 installations. − − To disable indexes for an ibay in SME Server 7.0 do the following: − − db accounts setprop //ibayname// Indexes disabled − signal-event ibay-modify //ibayname// − − This issue was first reported here: − [[https://sourceforge.net/tracker/?func=detail&atid=615772&aid=1275351&group_id=96750]] − − *I need to create (or install) a PHP application that needs access to the /tmp directory. − db accounts setprop ibayname PHPBaseDir /tmp/:/home/e-smith/files/ibays/ibayname/ − signal-event ibay-modify ibayname − − By default if you have PHP code in an IBAY, it can only run in that IBAY. The above commands will allow PHP code in the IBAY to run outside of its installed directory. − − Here is a list of all the IBAY specific settings: [[http://wiki.contribs.org/SME_Server:Documentation:Technical_Manual:Booklet#Apache_server_ibay_specific_.28httpd-e-smith.29]] − − ===Reset the root and admin password=== − − 1. Restart your server and at the beginning of the boot-up use the arrow keys to select the kernel you would like to boot into. − − 2. Press A , to allow you to append parameters to your grub boot settings. − − 3. Be careful not to change anything, only add the following after the A (Be sure to put a space before single): − single − 4. Press enter. you will be presented with a prompt. − − 5. At this prompt type the following two commands (each followed by a return). You will be asked to provide a new password. − Reset both your root and your admin password and set them to the same value: − passwd root − passwd admin − Reboot your server and everything should be okay now. − − − ===File Size Limitations=== − *Apache, the web server can only transfer or show files under 2G − − *Backup to USB Disk − FAT32 only supports file size of <4GB. It is recommended that you format your external usb drives to ext3. − − ===Log Messages=== − − *Log message regarding permissions on /var/spool/qpsmtpd/ − You may see messages similar to this in your log file: − − @400000004326e9472eccc42c 3243 trying to get config for spool_dir − @400000004326e9472ed518fc 3243 Permissions on spool_dir /var/spool/qpsmtpd/ are not 0700 − − They can be safely ignored. Clamav runs under a different user and needs read access to the spool area to avoid copying the file. − [[https://sourceforge.net/tracker/index.php?func=detail&aid=1314168&group_id=96750&atid=615772]] − − − *I get messages that look like: (pam_unix)[31705]: session opened for user root by (uid=0) − Most likely these messages coming from a package called SYSSTAT. The package was included in the previous versions of SMESERVER but were removed from the final version of V7. If you see the messages, most likely you had a previous version and upgraded. SYSSTAT isn't needed unless you have a contrib package called SME7ADMIN. − − You can safely remove the package by: − yum remove sysstat − − Please note that these messages may be caused by other cron jobs (tasks that run automatically) or packages authenticating as root. − − − *I get a message saying that: the RSA server certificate CommonName (CN)`servername.domainname.tld' does NOT match server name! − If you change the servername, you will be prompted to reboot. When you do, the SMESERVER will generate a certificate for the new servername-domainname combination and httpd.conf will now reference that new name. References to other virtual domains and hosts will generate warnings in the log. − − − *I get: server squid[3145]: WARNING: Disk space over limit: 148412 KB 102400 KB. − This message is just log noise. The message is informational and squid takes care of the issue itself. − − − *I get in the radius log: Info: Using deprecated naslist file. Support for this will go away soon. − This is just the radius daemon (a computer program that runs in the background, rather than under the direct control of a user) complaining about a file that exists in the directory. We don't use it. − − − *I get in the clamd log: Error: cli_untar: only standard TAR files are currently supported − Clam (the antivirus portion of SMESERVER) has found a file type which it can't deal with, and so is telling you that it can't scan that file. − − Nothing to be concerned about. The fix, if any arrives, will come from the Clam team if they Determine this file format is worthy of their attention. − − − *I get in the smeserver-clamscan.log: LibClamAV Warning: Multipart/alternative MIME message contains no boundary header. − This is just log noise. Clamav is scanning badly formatted MIME mail. − − ===Virtual Domains=== − − *When I create a VIRTUAL DOMAIN, I don't see anything listed in the HOSTNAMES AND ADDRESSES panel for that VIRTUAL DOMAIN. − − For a virtual domain to be effective (for email or web), it needs to be configured as INTERNET DNS SERVERS (this is the default value). Since the domain resolves via INTERNET DNS SERVERS, no hostnames or addresses are created locally. For more info please visit the Administration Manual section regarding Domains: [[http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter13#Domains]] − − ===Proxy Pass=== − − *I want to pass some http requests to a server behind my SME Server or external to my site, how can I do this? − − You can set a ProxyPass directive that will pass certain requests to an internal or external server that hosts the domain to be proxypassed − db domains set proxypassdomain.com domain Nameservers internet − db domains setprop proxypassdomain.com ProxyPassTarget http://xxx.xxx.xxx.xxx/ − db domains setprop proxypassdomain.com TemplatePath ProxyPassVirtualHosts − signal-event domain-create proxypassdomain.com − where proxypassdomain.com is the domain name hosted on the internal or external server − and http://xxx.xxx.xxx.xxx/ is the IP address of the internal or external server eg 192.168.1.20 or 122.456.12.171 (it must be the publicly accessible IP if an external server) − − {{DrawBoxNote|content=If you have added the internal or external server's domain name as a virtual domain on the SME Server, you must remove it prior to issueing these commands. This ProxyPass has only been tested with http (not https). Some have reported success with https however YMMV. The server-manager domains panel will show the proxy pass entry but you will not be able to edit it. A ProxyPass panel is in the works, see [[bugzilla:1612]]. − }} − − ===Shell Access=== − *I need to give a user shell access to the SMESERVER. − Shell access should only be provided to users who have a *need* for it and can be trusted. You can enable shell access for a user by: − db accounts setprop username Shell /bin/bash − chsh -s /bin/bash username − − − *Improve user remote shell cosmetics − Create a .bash_profile file for the user in ~ − − # include .bashrc if it exists − if [ -f ~/.bashrc ]; then − source ~/.bashrc − fi − − ===Upgrading=== − *What's the best way to upgrade from previous versions? − An article is written for this subject. Please visit: http://wiki.contribs.org/UpgradeDisk − − − ===Users=== − *I can't delete a user for some reason. What do I do now? − If for some reason you can't delete a user try: − signal-event user-delete <username> − db accounts delete <username> − − − *I was looking in the home directory of a user and I see a hidden directory called ".junkmail". Do I need that? Can I delete it? − Don't remove or rename .junkmail folders. − − − ===Password Strength Checking=== − *How can I change password strength & what do the strength settings mean? − − − You are strongly advised not to use weak passwords on your sme server as this only reduces security. − − Note also that pam authentication requires that passwords be at least 7 characters long, so setting a password that is shorter than that may cause other problems later. − − − The available setting choices are: − − strong = The password is passed through Cracklib for dictionary type word checking as well as requiring upper case, lower case, number, non alpha & 7 characters. − − normal = The password requires upper case, lower case, number, non alpha & 7 characters. − − none = The password can be anything as no checking is done. − Please note that "none" does not mean no password, it just means no password strength checking, so you can enter any (weak) password you want. − − − To set password strength do: − config setprop passwordstrength Admin strengthvalue − config setprop passwordstrength Users strengthvalue − config setprop passwordstrength Ibays strengthvalue − where strengthvalue = strong or normal or none − − − eg Although strongly discouraged, to disable password strength checking for Users do: − config setprop passwordstrength Users none − − To review the current settings do: − config show passwordstrength − − which should display something like: − − passwordstrength=configuration − − Admin=strong − − Ibays=strong − − Users=strong − − − References: − https://sourceforge.net/tracker/?func=detail&atid=615772&&aid=1228269&group_id=96750 − − − ===Hard Drives, RAID's, USB Hard Drives=== − *How should I setup my hard-drives? − We never recommend anything other than a '''single disk install''' or '''multiple disks of the same type'''. Anything else and you are following an unrecommended setup and you will need to navigate for yourself. Repeat, we never recommend anything other than a '''single disk install''' or '''multiple disks of the same type'''. If you're thinking of doing anything else (setup your own partitions), read this section again. − − − *How should I setup my RAID? − A full article on RAID is found here: [[http://wiki.contribs.org/Raid]] − − − *I want to use a hardware RAID. What do you suggest? − Please see the notes in the RAID article: [[http://wiki.contribs.org/Raid#Raid_Notes]] − − − *I'm installing a RAID 5 but it seems to take a long time. Is there something wrong? − RAID 5 systems (those with 3+ disks) can take a long time during and after the install for everything to sync. Reportedly, it takes almost 2 hours before the disks finally finish syncing on 4 X 80GB disks. − − − *If I boot my SMESERVER with a USB hard drive attached, it recognizes the drive. However, after unplugging the drive, then replugging, it no longer exists. Any ideas why? − Reportedly, some external usb hd's must be completely powered up before connecting the usb cable. − − − ===Backups & Restores=== − *AIT-1 Backup: buffer unreliable − An AIT-1 is unreliable if used with variable block size. Set the setting − config setprop flexbackup TapeBlocksize 512 − AIT-2, DAT and LTO seem to work well with variable block size. − − − *Slow tape backup performance may be improved by changing Flex backup settings − config setprop flexbackup Blocksize 256 − config setprop flexbackup BufferMegs 16 − − − *In the ADMIN CONSOLE, there is an option to BACKUP TO USB but there are no restore options. − The RESTORE option is only visible on a new install. If you missed this during install, you can − config set PasswordSet no − signal-event post-upgrade; signal-event reboot − − During reboot reconfiguration process you should see the new restore via USB backup option. − -NOW plug in the usb drive (Do not plug in the usb drive until you reach this point). − -pick YES or RESTORE (or whatever is presented to you) − − ===Supervised Services=== − *Many services on SME are supervised, to see which are type − ps ax |grep runsv − To control them read the sv manual − man sv − − *it seems that "sv u http-e-smith" gives no errors, even if the service fails to restart, so you need to use "sv s httpd-e-smith" to check if it fails (example: due to a httpd.conf error) − This is just the way that runsv (part of the runit package) works. The "sv u http-e-smith"+ − only sends a message to runsv saying that we want the service to be up. + − runsv then will keep trying to get the service running.+ + − ===Server-Manager===+ − *I can't access the server-manager. What do I do now?+ − There are many reasons why you wouldn't be to access the server-manager. First try:+ − signal-event post-upgrade; signal-event reboot+ + + + + + + + + + + + + + + + + + + + + + + + + + + + − If you still can't access, there are reports that a certificates mis-match might have occurred after update. In that case:+ − rm /home/e-smith/ssl.key/*.key+ − rm /home/e-smith/ssl.pem/*.pem+ − rm /home/e-smith/ssl.crt/*.crt+ − signal-event domain-modify; signal-event reboot + + + + + − + − This feature has been deprecated a long time and finally removed in V7.2+ + + + + + + + + + + + − If you really want to use this then forward 443 to localhost:443 and then use+ − https://localhost/server-manager/+ + + + − ==Email==+ + + + + + + + + − {{DrawBoxNote|content=Please refer to the [[:Email]] Page }}+ + + − ==Known Problems==+ − This section is to be used to document problems that cannot or will not be fixed through development of SME7.+ + + + + − {{DrawBoxNote|content=Please refer to the [[:KnownProblems]] page}}+
SME Server:Documentation:FAQ (view source)
Revision as of 13:58, 5 October 2021
, 13:58, 5 October 2021→F.A.Q
{{Languages|SME_Server:Documentation:FAQ}}
{{Languages|SME_Server:Documentation:FAQ}}
{{Donate}}
===F.A.Q===
This Section lists ''Frequently Asked Questions'' (FAQ) for SME server. Problems many people run into installing SME server for the first time or upgrading to later versions are found here.
If your question isn't listed here, it's possible it's a ''Rarely Asked Question'' (RAQ), in which case you'll be better off searching for answers in [http://bugs.contribs.org Bugzilla].
'''Note'''
http://bugs.contribs.org/show_bug.cgi?id=161
{| style="color:red;background-color:#ffffcc;"
|
Please see [[Help:Contents#How_to_get_a_wiki_account.3F|'''how to get a wiki account''']]
|}
{{Tip box|[[SME_Server:Documentation:FAQ:booklet |One page FAQ Manual]] All the chapters on one page. This is a very large page !}}
{{Warning box|Many of the FAQ tips are for SME Server versions earlier than the current version of SME Server. Please verify that the FAQ is relevant to the version you are working with before applying any changes. The current released and only supported version is Koozali SME Server version 10.}}
----
[[SME Server:Documentation:FAQ:Section01|Section 1 - Installation]]
* Installation Troubles
* Yum Updates
* Removing Software
* Hardware Compatibility List
* Client Computers
* Web Applications
* Reset the root and admin password
* File Size Limitations
* External DNS
* Domains
* Virus Scanning
* Proxy Pass
* Shell Access
* Upgrading Server
* Changing maximum Ibay, Account or Group name length
* Deletion of Users Ibays Groups
* Access denied to i-bay with newly created group
* Change Password Users by command Line
* Password Strength Checking
* Hard Drives, RAID's, USB Hard Drives
* Backups & Restores
* Supervised Services
* Server-Manager
* Booting with SMP kernel after upgrade to version 7.2 from CD
* Special Characters
* Upstream proxy server configuration
* Memory usage and limits
[[SME Server:Documentation:FAQ:Section02|Section 2 - Booting]]
* Installation
* Boot Options
* More
[[SME Server:Documentation:FAQ:Section03|Section 3 - Log Files]]
* Access
* Logfile Names
* Error Messages
* RK Hunter Messages
*I used to access the SERVER-MANAGER with localhost:980 remotely via SSH tunnel and now I can't. What happened?
[[SME Server:Documentation:FAQ:Section04|Section 4 - Email]]
* Troubleshooting
* Spam
* Anti Virus
* Email Clients
* Server Settings
* External Access
* Imap
* qpsmtpd
* Internal Mail Servers
* Secondary/Backup Mail Server Considerations
* User accounts
* Mail server on dynamic IP
[[SME Server:Documentation:FAQ:Section05|Section 5 - Firewall]]
* FAQs
* DB Settings
* Custom templates
* Open Ports in Private Server/Gateway Mode
[[SME Server:Documentation:FAQ:Section06|Section 6 - MySQL]]
* General
* MySQL root password
* Access MySQL from the local network
* Access MySQL from a remote network
* Create MySQL user(s) with access from other computers
* Enable InnoDB engine
* Administration
* Optimizing MYSQL default settings
[[SME Server:Documentation:FAQ:Section07|Section 7 - Later versions of applications]]
* Is xxx on SME Server still safe to run?
* Can I install a later version of xxx
[[SME Server:Documentation:FAQ:Section08|Section 8 - Known Problems]]
* Backup/Restore
* Hardware
* Installation (not hardware related) & Initial Configuration
* Services
* Packages
[[Category:SME Server]]