Changes

5,045 bytes added , 21:44, 3 June 2021

→‎For version 10 on

Line 1: Line 1: −

−

~~===Installation troubles===~~

Section 1 - Mainly deals with configuration of various services once installation of the server software is complete.

−

====Installer prompts for installation file location====

==Installer prompts for installation file location==

Problems have been reported installing SME Server off a PATA CD-ROM drive. The system is able to boot from the CD-ROM drive but after that you get prompted by a message to specify the location where the installation image can be found. This might either mean that the disk is not readable or the CD-ROM drive is not recognized.

If you have validated the disk and are sure that the disk passes you might try to add the all-generic-ide option to the boot prompt before starting the installer like this:

linux all-generic-ide

−

==~~=Yum Updates===~~

==Installing with encrypted filesystem - SME10==

−

~~==== Which repositories should be enabled==~~==

In the installer for SME10, the option is given to modify the partitions created automagically. If you go into the (manual) partition edit screen then there is a tick box for the mainroot partition "encrypt data". If you tick then "update" then "done", then after allowing the installation to proceed it will ask for a passphrase. This is put in twice to verify it. Do not forget or lose this phrase else you will NOT be able to boot into your server.

Once the installation is complete, then at the beginning of every boot the system will ask for the passphrase. This means that you will always need a console on the server during the boot process.

==Yum Updates==

===Which repositories should be enabled===

You should only have the following repositories enabled (names as listed in server manager panel)

CentOS - os

Line 49: Line 55:

*For another way to reset the repositories to the default see [[:SME Server:Adding_Software#Restoring_Default_Yum_Repositories]]

−

====Reconfigure / post-upgrade and reboot====

===Reconfigure / post-upgrade and reboot===

*When is a post-upgrade and reboot required?

Line 59: Line 65:

signal-event post-upgrade; signal-event reboot

−

====Updating from SME 7.x to SME 7.2====

===Updating from SME 7.x to SME 7.2===

See [[:Updating_to_SME_7.2#Yum_Update]]

−

====Warning in rkhunter email report====

===Warning in rkhunter email report===

After upgrading to SME Server 7.4, the admin user may receive the following warning from rkhunter:

Line 81: Line 87:

yum install smeserver-rkhunter --enablerepo=smecontribs

−

====Frequency====

===Frequency===

* By default SME's yum implementation checks for update daily, this can be customized to check weekly:

config setprop yum check4updates weekly;signal-event yum-modify

Line 89: Line 95:

config delprop yum check4updates;signal-event yum-modify

−

====General====

===General===

*Please Wait - Yum Running (prereposetup)

This means Yum is working out what updates are available.

Line 97: Line 103:

If for some reason you can't get yum to work correctly, try:

yum clean metadata

−

or ~~possibly '~~yum clean all'

yum clean all --enablerepo=*

then

yum update

Line 136: Line 144:

[[:SME Server:Adding_Software ]], man yum, http://linux.duke.edu/projects/yum/

−

====Adding, removing or disabling repositories ====

===Adding, removing or disabling repositories ===

*What is the recommended way to add other yum repositories

The following code uses the dag repository as an example and sets the status to disabled.

The repository is configured to be used via the command line with the --enablerepo= option

−

~~{{Repository~~|dag}}

see [[dag|dag repository]] <br />

*How do I remove yum repositories

Line 162: Line 174:

Do not do a general update with the 3rd party repository enabled as it could update many packages that will overwrite SME versions.

−

==Removing Software==

−

====Removing Software====

If you wish to remove rpms from the command line use

rpm -e rpmname

yum remove rpmname, will work if the rpm to be removed is non essential, but what you consider non essential may differ to the system so it's best to use rpm -e

−

===Hardware Compatibility List===

==Hardware Compatibility List==

−

[~~http://wiki.contribs.org/~~KnownProblems#Hardware List of Hardware that known have problems with SME Server]

[[KnownProblems#Hardware|List of Hardware that known have problems with SME Server]]

Maintaining a complete HCL is difficult,

Line 178: Line 189:

*http://wiki.centos.org/HardwareList

−

===Client Computers===

==Windows Client Computers==

{{Warning box|msg=All versions of Windows prior to versions 10 and 8.1 are unsupported by Microsoft unless you are paying them directly for support. Version 10 is a rolling edition which is continuously updated, so even early version of Windows 10 without updates are unsafe to use. Windows 8.1 is in limited "extended support" until January 20, 2023. Whatever our opinions of this situation may be, '''versions of Windows previous to v.8.1 are not safe to use on the public internet.''' We cannot support use of Windows previous to v.8.1. If you have an application that only runs on an earlier version be sure to lock it down from access outside of your network.

}}

*Windows 7 support for SME Server 8. See [[Windows_7_Support]]

Actually the SME Server 8.0 allows this windows client to reach the SME Server domain, Be aware you have to import the registery patch which you can download at http://your-sme-server/server-resources/regedit

*Windows 8 support for SME Server 8. See [[Windows_8_Support]]

−

*~~Windows 7 support for SME 7?~~

*Windows 7 cannot join to SME 7.x domains due to trust relationship issues. However, you can configure an optional unsupported update if Windows 7 support is critical for your environment.

−

Windows 7 cannot join to SME 7.x domains due to trust relationship issues. However, you can configure an optional unsupported update if Windows 7 support is critical for your environment.

More information is available [[Windows 7 Support|here]].

Line 192: Line 207:

More information can be found here: [http://blogs.technet.com/filecab/archive/2007/03/16/using-offline-files-with-samba-emc-servers-nas-devices.aspx]

−

*Samba trust relationships lost?

This is a possible bug with an upgrade from SME6. After an upgrade, local workstations cannot log in. If you are experiencing this problem, please have a look at this bug for a fix, and provide followup:

[https://sourceforge.net/tracker/index.php?func=detail&aid=1234009&group_id=96750&atid=615772]

−

*Windows XP Clients - Patch to logon to SME domain

Line 203: Line 216:

http://servername/server-resources/regedit/winxplogon.reg

Double click on the winxplogon.reg file and the settings will be added to the Windows Registry.

−

*Windows XP Clients - "domain is not available" error

If the client pc uses a Gigabit lan adapter, try [http://support.microsoft.com/kb/938449]

−

*How to disable password caching on Windows 95/98/ME/2000 Clients?

Line 215: Line 226:

'''Note'''

Although the filename seems to indicate that this patch will only work for Windows 98, but it also works in Windows 95, Windows ME and Windows 2000.

−

*LDAP Directory Gives MAPI_E_CALL_FAIL Errors on Outlook 2002 or Outlook 2003

In Outlook 2002 or 2003 when someone tries to find a contact using the LDAP server, a message stating that "Unavailable critical extension" and then a second message saying "The search could not be completed. MAPI_E_CALL_FAIL" shows up and nothing shows up from the search. The directory works beautifully in Thunderbird 1.5 as well as Outlook 2000, but not 2002 or 2003. More information can be found here: [http://support.microsoft.com/default.aspx?scid=kb;en-us;555536&sd=rss&spid=2559] [http://bugs.contribs.org/show_bug.cgi?id=1406]

−

*Where is the netlogon directory?

Line 225: Line 234:

It can also be found by a client computer at: \\servername\netlogon

−

===Web Applications===

==Web Applications==

*chmod 777

Line 265: Line 274:

Here is a list of all the [[:DB_Variables_Configuration#Apache_server_ibay_specific_.28httpd-e-smith.29 | IBAY specific settings]]

−

===Reset the root and admin password===

==Reset the root and admin password==

−

=== For versions previous to 10 ===

1. Restart your server and at the beginning of the boot-up use the arrow keys to select the kernel you would like to boot into.

Line 281: Line 291:

Reboot your server and everything should be okay now.

−

===File Size Limitations===

=== For version 10 on ===

# At boot use ESC to bring up the boot prompt.

# At the boot prompt, use E to enter edit mode.

# Find the kernel line which starts with '''linux16'''.

# Alter '''ro''' to '''rw init=/sysroot/bin/sh'''. The rest of the line after that can be left as-is.

# Use either CTRL+X or F10 to boot into single user mode.

# Change root to the system by issuing: '''chroot /sysroot'''.

# Type '''passwd''' and follow the prompts to change the root password.

# Type '''passwd admin''' and follow the prompts to change the admin password. This and the root password must both be the same.

# Run '''reboot -f''' or ctrl-alt-del to reboot the server.

==File Size Limitations==

*Apache, the web server can only transfer or show files under 2G

*Backup to USB Disk

−

FAT32 only supports file size of <4GB. It is recommended that you format your external usb drives to ext3.

FAT32 only supports file size of <4GB. It is recommended that you format your external usb drives to ext3 or ext4.

−

===External DNS===

==External DNS==

To allow external users to communicate with your server, you must have correctly configured DNS records. Once you have purchased a domain, you should configure the following records (customised if necessary) to allow web and email communication:

Line 300: Line 322:

The example shown assumes that your server is operating in Server and Gateway mode and has a static external IP address. Depending on your network design and server configuration, the example may need to be modified. For example, if you use a Dynamic DNS service, you would need to modify the A record to point to your Dynamic DNS hostname, rather than a static IP address.

−

===Domains===

==Domains==

*When I create a DOMAIN, I don't see anything listed in the HOSTNAMES AND ADDRESSES panel for that DOMAIN.

Line 306: Line 328:

For a domain to be effective (for email or web), it needs to be configured as INTERNET DNS SERVERS (this is the default value). Since the domain resolves via INTERNET DNS SERVERS, no hostnames or addresses are created locally. For more info please visit the Administration Manual section regarding Domains: [[http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter13#Domains]]

−

====Delegate DNS====

===Delegate DNS===

SME Allows for 3 Settings for DNS Resolution of a Domain

Line 325: Line 347:

cat /var/service/dnscache/root/servers/test.com

−

===Virus Scanning===

===DNS Forwarding===

The dnscache service can be configured to forward all queries for a specific domain to an alternate server using the "domain-remote" record type in the domains db. This could be used to direct DNS for a domain to an internal DNS server connected to your network using a VPN or a custom route, or to direct your local active directory DNS to your Active Directory server, etc.

To forward all DNS for <domainname> to a specified remote DNS server (4.2.2.1 in this example):

db domains set <domainname> domain-remote Nameservers 4.2.2.1

signal-event domain-modify

As a side-effect, you can block DNS for a domain by configuring DNS forwarding to 'localhost'.

This command tells your SME to do all DNS lookups on <domainname> locally, but doesn't configure any corresponding DNS entries. Attempted lookups for the domain and all sub-domains will fail:

db domains set <domainname> domain-remote Nameservers localhost

signal-event domain-modify

* 'domain-remote' entries do not appear in server-manager; they can be managed only from the command line.

* Nameservers can be a comma-delimited list of servernames or IP addresses

==Virus Scanning==

*When you elect to nightly scan your server for viruses the current default is to scan /home/e-smith/files

Note that early SME 7 Servers defaulted to /.

−

Also you may want to scan under /opt if have contribs that store user data there

Also you may want to scan under /opt if you have installed contribs that store user data there

the db property to change to the default

Line 336: Line 375:

or to scan different areas of the server is

config setprop clamav FilesystemScanFilesystems "/home/e-smith/files /opt"

−

*How do I exclude some directories from scanning

Line 353: Line 391:

−

===Shell Access===

==Shell Access==

*I need to give a user shell access to the SME Server.

Line 365: Line 403:

chsh -s /bin/bash username

−

===Upgrading Server===

==Upgrading Server==

*What's the best way to upgrade to a new server ?

An article is written for this subject. Please visit: [[:UpgradeDisk]].

Line 374: Line 412:

Please visit: [[:Moving SME to new Hardware]]

−

===Changing maximum Ibay, Account or Group name length===

==Changing maximum Ibay, Account or Group name length==

* How do I change the default maximum (12 characters) name length of an I-Bay, account or group?

Enter following command on the console as root:

Line 385: Line 423:

/sbin/e-smith/signal-event console-save

−

===Deletion of Users Ibays Groups===

==Deletion of Users Ibays Groups==

*I can't delete & create a user for some reason. What do I do now?

If for some reason you can't delete & create a user, then first do:

Line 406: Line 444: −

===Access denied to i-bay with newly created group===

==Access denied to i-bay with newly created group==

*Problem: If I try to write to an i-bay immediately after creating a new group, and being a member of that group, and assigning that group access rights to the i-bay, access is denied. Changing the i-bay access to an older group of which I am a member, access is allowed as desired.

Line 413: Line 451:

The issue seems to be with samba not SME. See [[Bugzilla:4961]] Privileges are assigned upon logon in Linux, hence the need to log out and then log in again to receive the newly created group's privileges.

−

===Password Strength Checking===

==Change the User Password by command line==

If you want to change password to your users by the command Line instead of the user panel of SME Server you can do it like this. For a large list of changes you should look to a contrib named [[Lazy_Admin_Tools|lazy_admin_tools]]

perl -e "use esmith::util;esmith::util::setUserPassword( 'username', 'password');"; /sbin/e-smith/signal-event password-modify username

run it for each user separately and replace

username

and

password

with the appropriate values for each of your users.

==Password Strength Checking==

*How can I change password strength & what do the strength settings mean?

Line 423: Line 473:

−

! setting

! setting explanation

−

! ~~explanation~~

| ''strong''

Line 460: Line 510:

This contrib will let you configure password strength and aging through a web panel in the server-manager.

−

===Hard Drives, RAID's, USB Hard Drives===

==Hard Drives, RAID's, USB Hard Drives==

*How should I setup my hard-drives?

We never recommend anything other than a '''single disk install''' or '''multiple disks of the same type'''. Anything else and you are following an unrecommended setup and you will need to navigate for yourself. Repeat, we never recommend anything other than a '''single disk install''' or '''multiple disks of the same type'''. If you're thinking of doing anything else (setup your own partitions), read this section again.

Line 490: Line 540:

* Further information regarding USB disks can be found in this HOW TO: [[USBDisks]]

−

===Backups & Restores===

==Backups & Restores==

*AIT-1 Backup: buffer unreliable

An AIT-1 is unreliable if used with variable block size. Set the setting

Line 512: Line 562: −

===Supervised Services===

==Supervised Services==

*Many services on SME are supervised, to see which are type

ps ax |grep runsv

Line 525: Line 575: −

===Server-Manager===

==Server-Manager==

*I can't access the server-manager. What do I do now?

There are many reasons why you wouldn't be to access the server-manager. First try:

Line 540: Line 590:

This feature has been deprecated a long time and finally removed in V7.2

−

If you really want to use this then forward 443 to localhost:443 and then use

If you really want to use this then forward 443 to localhost:443

−

https://localhost/server-manager/

ssh -L 443:localhost:443 root@ip-sme-or-hostname-sme

and then use this url in your web browser

https://localhost/server-manager/

*Access with non standard ports

In certain cases which you are not root on the local computer, you can not redirect port < 1024, so you have to use port > 1024 as the example below.

ssh -L 9443:localhost:443 root@your-remote-ip -p 22

9443 : local port

443 : remote https port

your-remote-ip : the remote host (could be an ip or a domain name)

22 : this is the port where the ssh server is listening, you can change it in accordance with the remote server

'''Keep the terminal open''', Then you need to use this specific URL in your WEB Browser to go to the server-manager

https://localhost:9443/server-manager

*Using a ssh client, the /server-manager login screen is difficult to read

Line 554: Line 619:

-go to the HOSTNAMES & ADDRESSES panel and you should be able to modify/remove the name

−

===Booting with SMP kernel after upgrade to version 7.2 from CD===

==Booting with SMP kernel after upgrade to version 7.2 from CD==

*I've upgraded and now the SMP kernel isn't available.

This is because when upgrading to 7.2 from CD, kernel modules are

Line 569: Line 634: −

===Special Characters===

==Special Characters==

*I get strange characters & letters when look at my file names.

If you get filenames that look like: "Ã©Ã¨Ã.txt" It's most likely because the SME server isn't understanding special characters you may be using. You can change it to understand special characters in filenames by:

Line 577: Line 642: −

===Upstream proxy server configuration===

==Upstream proxy server configuration==

SME Server allows you to proxy internet traffic for various components through an 'upstream' proxy server.

Line 585: Line 650:

* You are required to impose internet access restrictions on your users (at a school, for example)

−

====Browser Access from LAN Workstations====

===Browser Access from LAN Workstations===

*How do I configure a mandatory upstream proxy server, there used to be a panel in earlier versions of sme server, but it's missing in sme7.x

Line 595: Line 660:

[The SquidParentPort setting is optional if the upstream proxy is on port 3128.]

−

====Yum (system updates)====

===Yum (system updates)===

How do I get yum updates through a proxy server (in case my SME server does not have direct internet access)

Line 613: Line 678: −

====ClamAV / freshclam====

===ClamAV / freshclam===

How do I configure freshclam to download updates for ClamAV through a proxy server?

Line 621: Line 686:

config setprop clamav HTTPProxyUsername ""

config setprop clamav HTTPProxyPassword ""

expand-template /etc/freshclam.conf

sv t freshclam

</nowiki>

Line 639: Line 705:

[LibClamAV] Detected duplicate databases /var/clamav/main.cvd and /var/clamav/main.cld, please manually remove one of them

−

If you just leave it, freshclam should take of this as it is just log noise. See [[Bugzilla 7164]]

If you just leave it, freshclam should take of this as it is just log noise. See [[Bugzilla:7164]]

−

====Spamassassin====

===Spamassassin===

From http://wiki.apache.org/spamassassin/RuleUpdates:

<blockquote>'''What if I need update requests to go through a proxy server?'''<br />

Line 649: Line 715:

On a sme server, this should work with '''<tt><nowiki>export http_proxy='http://localhost:3128'</nowiki></tt>''', which would need to be added to /etc/cron.daily/sa_update

−

====curl, wget====

===curl, wget===

For curl and wget to work correctly on a SME server without direct internet access, you must execute the following command in the same program or shell session beforehand:

Line 658: Line 724:

curl http://www.google.com</nowiki>

−

====ssh, ftp, telnet====

===ssh, ftp, telnet===

{{Note box|ssh, ftp and telnet do not work via an http "upstream" proxy, although they may work in conjunction with [http://linux.die.net/man/8/tsocks tsocks] (available from the dag repository)}}

−

====Testing and Verification====

===Testing and Verification===

You can verify that a particular program is being proxied through squid on your local SME server by searching /var/log/squid/access.log for access to the target web address originating from '127.0.0.1'.

Line 671: Line 737:

1329759611.923 64 '''127.0.0.1''' TCP_MISS/301 726 GET '''<nowiki>http://www.google.com</nowiki>''' - DIRECT/74.125.113.94 text/html

−

===Memory usage and limits===

==Memory usage and limits==

*How much memory can sme server handle

Stabilys

Administrators (Semantic MediaWiki), Administrators

653

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/18453...40257"

Changes

SME Server:Documentation:FAQ:Section01 (view source)

Revision as of 21:44, 3 June 2021

Navigation menu

Search