653
edits
Changes
Jump to navigation
Jump to search
mLine 1:
Line 1: − + Line 6:
Line 6: + + + + + + Line 97:
Line 103: − + + + Line 142:
Line 150: − {{Repository|dag}}+ + + + Line 162:
Line 173: − Line 170:
Line 180: − + Line 179:
Line 189: − + − + − + + + + + − + Line 193:
Line 207: − − Line 204:
Line 216: − − Line 216:
Line 226: − − Line 267:
Line 275: − + + Line 281:
Line 290: + + + + + + + + + + + + Line 286:
Line 307: − + Line 325:
Line 346: + + + + + + + + + + + + + + + + + Line 331:
Line 369: − + Line 337:
Line 375: − Line 413:
Line 450: + + + + + + + + + + + + Line 424:
Line 473: − + − + Line 541:
Line 590: − + − + + + + + + + + + + + + + + + + Line 622:
Line 686: + Line 640:
Line 705: − +
SME Server:Documentation:FAQ:Section01 (view source)
Revision as of 21:44, 3 June 2021
, 21:44, 3 June 2021→For version 10 on
{{WIP box|Allsorts}}
{{usefulnote}}
Section 1 - Mainly deals with configuration of various services once installation of the server software is complete.
Section 1 - Mainly deals with configuration of various services once installation of the server software is complete.
If you have validated the disk and are sure that the disk passes you might try to add the all-generic-ide option to the boot prompt before starting the installer like this:
If you have validated the disk and are sure that the disk passes you might try to add the all-generic-ide option to the boot prompt before starting the installer like this:
linux all-generic-ide
linux all-generic-ide
==Installing with encrypted filesystem - SME10==
In the installer for SME10, the option is given to modify the partitions created automagically. If you go into the (manual) partition edit screen then there is a tick box for the mainroot partition "encrypt data". If you tick then "update" then "done", then after allowing the installation to proceed it will ask for a passphrase. This is put in twice to verify it. Do not forget or lose this phrase else you will NOT be able to boot into your server.
Once the installation is complete, then at the beginning of every boot the system will ask for the passphrase. This means that you will always need a console on the server during the boot process.
==Yum Updates==
==Yum Updates==
If for some reason you can't get yum to work correctly, try:
If for some reason you can't get yum to work correctly, try:
yum clean metadata
yum clean metadata
or possibly 'yum clean all'
or
yum clean all --enablerepo=*
then
yum update
yum update
The repository is configured to be used via the command line with the --enablerepo= option
The repository is configured to be used via the command line with the --enablerepo= option
see [[dag|dag repository]] <br />
*How do I remove yum repositories
*How do I remove yum repositories
Do not do a general update with the 3rd party repository enabled as it could update many packages that will overwrite SME versions.
Do not do a general update with the 3rd party repository enabled as it could update many packages that will overwrite SME versions.
==Removing Software==
==Removing Software==
==Hardware Compatibility List==
==Hardware Compatibility List==
[http://wiki.contribs.org/KnownProblems#Hardware List of Hardware that known have problems with SME Server]
[[KnownProblems#Hardware|List of Hardware that known have problems with SME Server]]
Maintaining a complete HCL is difficult,
Maintaining a complete HCL is difficult,
*http://wiki.centos.org/HardwareList
*http://wiki.centos.org/HardwareList
==Client Computers==
==Windows Client Computers==
{{Warning box|msg=All versions of Windows prior to versions 10 and 8.1 are unsupported by Microsoft unless you are paying them directly for support. Version 10 is a rolling edition which is continuously updated, so even early version of Windows 10 without updates are unsafe to use. Windows 8.1 is in limited "extended support" until January 20, 2023. Whatever our opinions of this situation may be, '''versions of Windows previous to v.8.1 are not safe to use on the public internet.''' We cannot support use of Windows previous to v.8.1. If you have an application that only runs on an earlier version be sure to lock it down from access outside of your network.
*Windows 7 support for SME 7?
}}
*Windows 7 support for SME Server 8. See [[Windows_7_Support]]
Actually the SME Server 8.0 allows this windows client to reach the SME Server domain, Be aware you have to import the registery patch which you can download at http://your-sme-server/server-resources/regedit
*Windows 8 support for SME Server 8. See [[Windows_8_Support]]
Actually the SME Server 8.0 allows this windows client to reach the SME Server domain, Be aware you have to import the registery patch which you can download at http://your-sme-server/server-resources/regedit
Windows 7 cannot join to SME 7.x domains due to trust relationship issues. However, you can configure an optional unsupported update if Windows 7 support is critical for your environment.
*Windows 7 cannot join to SME 7.x domains due to trust relationship issues. However, you can configure an optional unsupported update if Windows 7 support is critical for your environment.
More information is available [[Windows 7 Support|here]].
More information is available [[Windows 7 Support|here]].
More information can be found here: [http://blogs.technet.com/filecab/archive/2007/03/16/using-offline-files-with-samba-emc-servers-nas-devices.aspx]
More information can be found here: [http://blogs.technet.com/filecab/archive/2007/03/16/using-offline-files-with-samba-emc-servers-nas-devices.aspx]
*Samba trust relationships lost?
*Samba trust relationships lost?
This is a possible bug with an upgrade from SME6. After an upgrade, local workstations cannot log in. If you are experiencing this problem, please have a look at this bug for a fix, and provide followup:
This is a possible bug with an upgrade from SME6. After an upgrade, local workstations cannot log in. If you are experiencing this problem, please have a look at this bug for a fix, and provide followup:
[https://sourceforge.net/tracker/index.php?func=detail&aid=1234009&group_id=96750&atid=615772]
[https://sourceforge.net/tracker/index.php?func=detail&aid=1234009&group_id=96750&atid=615772]
*Windows XP Clients - Patch to logon to SME domain
*Windows XP Clients - Patch to logon to SME domain
http://servername/server-resources/regedit/winxplogon.reg
http://servername/server-resources/regedit/winxplogon.reg
Double click on the winxplogon.reg file and the settings will be added to the Windows Registry.
Double click on the winxplogon.reg file and the settings will be added to the Windows Registry.
*Windows XP Clients - "domain is not available" error
*Windows XP Clients - "domain is not available" error
If the client pc uses a Gigabit lan adapter, try [http://support.microsoft.com/kb/938449]
If the client pc uses a Gigabit lan adapter, try [http://support.microsoft.com/kb/938449]
*How to disable password caching on Windows 95/98/ME/2000 Clients?
*How to disable password caching on Windows 95/98/ME/2000 Clients?
'''Note'''
'''Note'''
Although the filename seems to indicate that this patch will only work for Windows 98, but it also works in Windows 95, Windows ME and Windows 2000.
Although the filename seems to indicate that this patch will only work for Windows 98, but it also works in Windows 95, Windows ME and Windows 2000.
*LDAP Directory Gives MAPI_E_CALL_FAIL Errors on Outlook 2002 or Outlook 2003
*LDAP Directory Gives MAPI_E_CALL_FAIL Errors on Outlook 2002 or Outlook 2003
In Outlook 2002 or 2003 when someone tries to find a contact using the LDAP server, a message stating that "Unavailable critical extension" and then a second message saying "The search could not be completed. MAPI_E_CALL_FAIL" shows up and nothing shows up from the search. The directory works beautifully in Thunderbird 1.5 as well as Outlook 2000, but not 2002 or 2003. More information can be found here: [http://support.microsoft.com/default.aspx?scid=kb;en-us;555536&sd=rss&spid=2559] [http://bugs.contribs.org/show_bug.cgi?id=1406]
In Outlook 2002 or 2003 when someone tries to find a contact using the LDAP server, a message stating that "Unavailable critical extension" and then a second message saying "The search could not be completed. MAPI_E_CALL_FAIL" shows up and nothing shows up from the search. The directory works beautifully in Thunderbird 1.5 as well as Outlook 2000, but not 2002 or 2003. More information can be found here: [http://support.microsoft.com/default.aspx?scid=kb;en-us;555536&sd=rss&spid=2559] [http://bugs.contribs.org/show_bug.cgi?id=1406]
*Where is the netlogon directory?
*Where is the netlogon directory?
==Reset the root and admin password==
==Reset the root and admin password==
=== For versions previous to 10 ===
1. Restart your server and at the beginning of the boot-up use the arrow keys to select the kernel you would like to boot into.
1. Restart your server and at the beginning of the boot-up use the arrow keys to select the kernel you would like to boot into.
passwd admin
passwd admin
Reboot your server and everything should be okay now.
Reboot your server and everything should be okay now.
=== For version 10 on ===
# At boot use ESC to bring up the boot prompt.
# At the boot prompt, use E to enter edit mode.
# Find the kernel line which starts with '''linux16'''.
# Alter '''ro''' to '''rw init=/sysroot/bin/sh'''. The rest of the line after that can be left as-is.
# Use either CTRL+X or F10 to boot into single user mode.
# Change root to the system by issuing: '''chroot /sysroot'''.
# Type '''passwd''' and follow the prompts to change the root password.
# Type '''passwd admin''' and follow the prompts to change the admin password. This and the root password must both be the same.
# Run '''reboot -f''' or ctrl-alt-del to reboot the server.
==File Size Limitations==
==File Size Limitations==
*Backup to USB Disk
*Backup to USB Disk
FAT32 only supports file size of <4GB. It is recommended that you format your external usb drives to ext3.
FAT32 only supports file size of <4GB. It is recommended that you format your external usb drives to ext3 or ext4.
==External DNS==
==External DNS==
Check with
Check with
cat /var/service/dnscache/root/servers/test.com
cat /var/service/dnscache/root/servers/test.com
===DNS Forwarding===
The dnscache service can be configured to forward all queries for a specific domain to an alternate server using the "domain-remote" record type in the domains db. This could be used to direct DNS for a domain to an internal DNS server connected to your network using a VPN or a custom route, or to direct your local active directory DNS to your Active Directory server, etc.
To forward all DNS for <domainname> to a specified remote DNS server (4.2.2.1 in this example):
db domains set <domainname> domain-remote Nameservers 4.2.2.1
signal-event domain-modify
As a side-effect, you can block DNS for a domain by configuring DNS forwarding to 'localhost'.
This command tells your SME to do all DNS lookups on <domainname> locally, but doesn't configure any corresponding DNS entries. Attempted lookups for the domain and all sub-domains will fail:
db domains set <domainname> domain-remote Nameservers localhost
signal-event domain-modify
* 'domain-remote' entries do not appear in server-manager; they can be managed only from the command line.
* Nameservers can be a comma-delimited list of servernames or IP addresses
==Virus Scanning==
==Virus Scanning==
Note that early SME 7 Servers defaulted to /.
Note that early SME 7 Servers defaulted to /.
Also you may want to scan under /opt if have contribs that store user data there
Also you may want to scan under /opt if you have installed contribs that store user data there
the db property to change to the default
the db property to change to the default
or to scan different areas of the server is
or to scan different areas of the server is
config setprop clamav FilesystemScanFilesystems "/home/e-smith/files /opt"
config setprop clamav FilesystemScanFilesystems "/home/e-smith/files /opt"
*How do I exclude some directories from scanning
*How do I exclude some directories from scanning
The issue seems to be with samba not SME. See [[Bugzilla:4961]] Privileges are assigned upon logon in Linux, hence the need to log out and then log in again to receive the newly created group's privileges.
The issue seems to be with samba not SME. See [[Bugzilla:4961]] Privileges are assigned upon logon in Linux, hence the need to log out and then log in again to receive the newly created group's privileges.
==Change the User Password by command line==
If you want to change password to your users by the command Line instead of the user panel of SME Server you can do it like this. For a large list of changes you should look to a contrib named [[Lazy_Admin_Tools|lazy_admin_tools]]
perl -e "use esmith::util;esmith::util::setUserPassword( 'username', 'password');"; /sbin/e-smith/signal-event password-modify username
run it for each user separately and replace
username
and
password
with the appropriate values for each of your users.
==Password Strength Checking==
==Password Strength Checking==
{|
{|
! setting
! setting explanation
! explanation
!
|-
|-
| ''strong''
| ''strong''
This feature has been deprecated a long time and finally removed in V7.2
This feature has been deprecated a long time and finally removed in V7.2
If you really want to use this then forward 443 to localhost:443 and then use
If you really want to use this then forward 443 to localhost:443
https://localhost/server-manager/
ssh -L 443:localhost:443 root@ip-sme-or-hostname-sme
and then use this url in your web browser
https://localhost/server-manager/
*Access with non standard ports
In certain cases which you are not root on the local computer, you can not redirect port < 1024, so you have to use port > 1024 as the example below.
ssh -L 9443:localhost:443 root@your-remote-ip -p 22
9443 : local port
443 : remote https port
your-remote-ip : the remote host (could be an ip or a domain name)
22 : this is the port where the ssh server is listening, you can change it in accordance with the remote server
'''Keep the terminal open''', Then you need to use this specific URL in your WEB Browser to go to the server-manager
https://localhost:9443/server-manager
*Using a ssh client, the /server-manager login screen is difficult to read
*Using a ssh client, the /server-manager login screen is difficult to read
config setprop clamav HTTPProxyUsername ""
config setprop clamav HTTPProxyUsername ""
config setprop clamav HTTPProxyPassword ""
config setprop clamav HTTPProxyPassword ""
expand-template /etc/freshclam.conf
sv t freshclam
sv t freshclam
</nowiki>
</nowiki>
[LibClamAV] Detected duplicate databases /var/clamav/main.cvd and /var/clamav/main.cld, please manually remove one of them
[LibClamAV] Detected duplicate databases /var/clamav/main.cvd and /var/clamav/main.cld, please manually remove one of them
If you just leave it, freshclam should take of this as it is just log noise. See [[Bugzilla 7164]]
If you just leave it, freshclam should take of this as it is just log noise. See [[Bugzilla:7164]]
===Spamassassin===
===Spamassassin===