Rien ne me fascine plus que le travail : je peux rester assis et le contempler pendant des heures. Jérôme K. Jérôme
SME Server Manual
Soumis par MasterSleepy le dim, 23/06/2013 - 21:10
Table of Contents
- 1. Welcome to your SME Server
-
- 1.1.
About This Guide
-
- 1.1.1. Production
- 1.1.2. History
- 1.1.3. Endorsements
- 1.1.4. Acknowledgements
- 1.2. Software Licensing Terms and Conditions
- 1.3. About Our Test Company: The Pagan Vegan
- 1.4.What's New
-
- 1.4.1. Server Features
- 1.1.
- 2. The role of the SME Server
- 3. Your Internet Service Provider (ISP)
-
- 3.1. Dedicated versus dialup connectivity
- 3.2. The IP address
- 3.3. Arranging connectivity with your ISP
- 3.4. Arranging Services From Your ISP
-
- 3.4.1. Service List A
- 3.4.2. Service List B
- 3.4.3. Service List C
- 3.4.4. Service List D
- 4. Hardware Requirements of the SME Server Host
Computer -
- 4.1. Hardware Requirements for a Category 1 Server
- 4.2. Hardware Requirements for a Category 2 Server
- 4.3. Hardware Requirements for a Category 3 Server
- 4.4. Hardware Requirements for a Category 4 Server
- 4.5. Supported Ethernet Adapters
-
- 4.5.1. Supported Ethernet Adapters
- 4.6. Supported SCSI Adapters
- 4.7. Supported Tape Drives
- 5. Installing And Configuring Your SME Server Software
-
- 5.1. Licensing Terms and Conditions
- 5.2. RAID1 Support (Disk Mirroring)
-
- 5.2.1. Software Mirroring
- 5.2.2. Hardware Mirroring
- 5.3. Upgrading From A Previous Version
- 5.4. Installing the Software
- 5.5. Configuring your SME Server
- 5.6. Setting Your Administrator Password
- 5.7. Configuring Your System Name and Domain Name
- 5.8. Configuring Your Local Network
- 5.9. Operation Mode
- 5.10. Configuring Server and Gateway Mode
- 5.11. Server and Gateway Mode - Dedicated
- 5.12. Configuring the Server for Server and Gateway Mode - Dialup Access
- 5.13. Configuring Your DHCP Server
- 5.14. Further Miscellaneous Parameters
- 6. The Server Console
- 7. Configuring the Computers on Your Network
- 8. On-going Administration Using the server manager
- 9. Security
-
- 9.1. Password
- 9.2. Remote Access
- 9.3. Local networks
- 10. Configuration
-
- 10.1. Set date and time
- 10.2. Workgroup
- 10.3. Directory
- 10.4. Printers
- 10.5. Hostnames and addresses
-
- 10.5.1. Creating New Hostnames
- 10.5.2. Reserving IP Addresses Through DHCP
- 10.6. E-mail Retrieval
- 10.7. Other E-mail Settings
- 10.8. Review Configuration
- 11. Collaboration
-
- 11.1. User Accounts
-
- 11.1.1. Disabling User Accounts
- 11.1.2. Changing User Passwords
- 11.2. Quota Management
- 11.3. Groups
- 11.4. Pseudonyms
- 11.5. Information Bays
- 11.6. Virtual Domains
- 12. Administration
-
- 12.1. Backup or Restore
-
- 12.2.1. Backup To Desktop
- 12.2.2. Restore From Desktop
- 12.2.3. Verify Desktop Backup File
- 12.2.4. Configure Tape Backup
- 12.2.5. Restore From Tape
- 12.3. Reinstallation Disk
- 12.4. Mail Log File Analysis
- 12.5. View Log Files
- 12.6. Reboot or Shutdown
- 13. Miscellaneous
-
- 13.1. Online manual
- 13.2. Create Starter Web Site
- 13.3. Other Administration Notes
- 14. Information Bays (i-bays)
-
- 14.1. i-bay Directories
- 14.2. Accessing the i-bays
- 14.3. Creating an i-bay
- 14.4. Modifying an i-bay
- 14.5. An i-bay Used as a Customer Site: The Miles Gabriel Art
Exposition - 14.6. An i-bay Used as a Shared Network Drive
- 14.7. An i-bay Used as an Intranet: The Pagan Vegan "Vegemite"
- 14.8. An i-bay Used to Expedite Processes: Samson's Farms
- 14.9. An i-bay Used as Your Customer Download Site
- 15. User File Storage on the SME Server
-
- 15.1. Windows
- 15.2. Macintosh OS
- 16. Webmail
-
- 16.1. Enabling Webmail On Your System
- 16.2. Starting Webmail
- 16.3. Logging In
- 16.4. Viewing The Inbox
- 16.5. Logging Out of Webmail
- 16.6. Composing Messages
- 16.7. Reading Messages
- 16.8. Deleting Messages
- 16.9. Using Contacts
- 16.10. Changing Webmail Preferences
- 17. Additional Software
- A. Introduction to the Ethernet Local Area Network (LAN)
- B. Dynamic DNS Services
- C. Proxy Servers
- D. Technical Support
Table of Contents
- 1.1.
About This Guide
-
- 1.1.1. Production
- 1.1.2. History
- 1.1.3. Endorsements
- 1.1.4. Acknowledgements
- 1.2. Software Licensing Terms and Conditions
- 1.3. About Our Test Company: The Pagan Vegan
- 1.4. What's New
-
- 1.4.1. Server Features
Congratulations on
choosing the SME Server as your network and communications server!
Companies all over the
world are using the Internet to communicate more effectively and efficiently
to a broader audience. The SME Server is founded upon state
of the art technologies - such as the Linux operating system - which have
been mainstays in the infrastructure of larger organizations for several
years. Contribs.org has customized these technologies to make them straightforward
to use, while still giving you local control over your Internet services.
The result is a cost-effective Internet infrastructure that will reliably
serve your organization as it grows and as its use of the Internet evolves.
This user's guide walks
you step-by-step through the straightforward process of installing and
configuring your SME Server. The Appendices in the back
of the guide provide background information on subjects related to networking
and the Internet and are intended to supplement chapters in the main section
of the user's guide.
We created this user's
guide using Docbook
on the Linux operating system. Images were created using The GIMP.
The HTML version of this manual was generated from DocBook XML
using libxslt
with customized XSLT stylesheets. More information about our documentation
process is available at
http://www.e-smith.org/docs/
Most of the editing was done by Dan York and Kirrily "Skud" Robert using
the vim editor.
-
January 2004 - First print
edition of the SME Server User Guidepublished by Contribs.org.
Available on your instalation CD or on the contribs.org site
http://contribs.org/modules/phpwiki/
Primary author/editor Craig Jensen. -
January 2002 - First print
edition of the SME Server User Guide
published by Mitel Networks Corporation. Also published in HTML and DocBook XML/SGML.Available at:
http://www.esmith.org/docs/manual/5.1/
Primary author/editor Dan York. -
August 2001 - First print
edition of the SME Server user's manualpublished by Contribs.org.
Also published online in HTML and DocBook XML/SGML. Available at
http://www.e-smith.org/docs/manual/5.0/
Primary author/editor Dan York. -
February 13, 2001 - e-smith
server and gateway user's manual for version 4.1 published
online in HTML and DocBook SGML by e-smith, inc. Available at
http://www.e-smith.org/docs/manual/4.1/ Primary author/editor Dan
York. -
December 4, 2000 - e-smith
server and gateway user's manual for version 4.0 published
online in HTML and DocBook SGML by e-smith, inc. Available at -
July 2000 - e-smith server
and gateway user's manual for version 4.0 published in print form
by e-smith, inc.
PDF and PostScript versions
also made available via FTP at
ftp://ftp.e-smith.net/pub/e-smith/e-smith-4.0/. Primary
author/editor Ross Laver using StarOffice 5.1. -
November 1999 - e-smith server
and gateway user's manual for version 3.1 published in print
form by e-smith, inc. Primary author Kim Morrison using StarOffice 5.1.
This is the official documentation for
SME Server and is endorsed by
Contribs.org
The SME Server is licensed under the General Public License (GPL). This means that you are free to use, and alter the software. If you do
alter any of the packages, you must make the source code (with patches please)freely available.
Agreement found on the CD. Acceptance of this agreement is required
during the software installation.
SME Server users may copy and redistribute this software. The text of the GPL license may be found on the
web at http://www.fsf.org/copyleft/gpl.html. The
applicable license for each software module is specifically identified and
can be seen by running the rpm -qiv packagename command,
from the command
line.
In this user's guide, we use examples of a catering and event-planning company, The Pagan Vegan
or TPV, that configures, administers and makes use of their server. As far as we know,
no company of this name exists.
For the most complete list of information about changes that have
been made in SME Server, see the release notes that accompany your
software.
-
User quotas - Through a new
web panel, you have the ability to set a
limit on the amount of a disk space a user can use for files and e-mail. -
Windows 2000 and XP domain logon support -
Previous versions have allowed the server to act as a domain controller for
client computers running Windows 95, 98, ME or NT. This version now extends
that domain logon support to Windows 2000 and Windows XP. -
USB printer support -
It is now possible to connect the SME Server to a printer via the USB
port. The printer configuration panel has also changed slightly. -
Improved Macintosh file sharing
support- The server now includes better support for Macintosh
file sharing and eliminates some previous cases where Macintosh users
were unable to access i-bays. -
Experimental ISDN card support - While
our software has always supported external ISDN adapters, this version now
includes experimental support for using an internal passive ISDN card.
Your SME Server manages your connection to the Internet by routing Internet
data packets to and from your network (which allows all the computers on
your network to share a single Internet connection) and by providing security
for your network, minimizing the risk of intrusions.
When one of your local
computers contacts the Internet, or is contacted by an outside machine
on the Internet, the SME Server not only routes that connection,
but seamlessly interposes itself into the communication. This prevents
a direct connection from being established between an external computer
on the Internet and a computer on your local network
thereby significantly reducing the risk of intrusion onto your
network.
Your server also provides services - including e-mail, web access and a
powerful file sharing and collaboration feature called "i-bays" - that
allow you to communicate better internally and with the rest of the world
using the Internet.
Throughout this user's
guide, the word gateway is used to mean the computer that acts as
the interface between your local, internal network and the external world.
If you prefer, you can
also run your SME Server in "server-only" mode. In "server-only" mode,
your server provides your network with services, but not the routing
and security functions associated with the role of "gateway". The server-only
mode is typically used for networks already behind a firewall. In that
configuration, the firewall fulfills the role of gateway, providing routing
and network security.
Once installed, your SME Server can be configured and managed remotely. Routine administration
is handled from your desktop using a web-based interface, so only on rare
occasions will you require direct access to the server
computer. Once installation is complete, most customers put the server
in an out-of-the-way place like a utility closet. If
you wish, you can disconnect the keyboard and monitor. (Note that
some computers may not operate correctly without an attached keyboard.)
Table of Contents
- 3.1. Dedicated versus dialup connectivity
- 3.2. The IP address
- 3.3. Arranging connectivity with your ISP
- 3.4. Arranging Services From Your ISP
-
- 3.4.1. Service List A
- 3.4.2. Service List B
- 3.4.3. Service List C
- 3.4.4. Service List D
Your ISP is your connection to the Internet - it routes Internet data packets to and from
your server. It also provides other essential services. This section
of the user's guide reviews what ISPs offer and what the implications are
in choosing among the various options available to you. While your ISP
can also assist you in selecting and arranging the right Internet services
for your organization, it's important to know the general range of services
available, since not all ISPs offer all services.
Connectivity, also referred
to as Internet access type, refers to the physical connection between your
site and your ISP. How you connect to your ISP affects the speed of your
Internet connection, which, in turn, impacts such things as how quickly
your web site is displayed to visitors.
Dedicated connectivity
refers to a full-time connection to your ISP. Although they are more expensive
than the alternative, dedicated connections are generally faster and allow
you to use the full range of services on your server.
There are several common types of dedicated connectivity.
ADSL
provides relatively fast data transmission over phone lines. A cable
connection links you to your cable company, which provides you with
many (though not all) of the same services as a traditional ISP. The speed
of transmission over a cable network can vary widely (from quite fast to
very slow) based in part on the usage within your neighborhood.
If you have dialup connectivity,
your server is not permanently connected to the Internet.
Rather, it connects to your ISP over a phone line using a modem or ISDN adapter.
Because your connection to the Internet is not permanent, some of the services
on your server cannot be provided to the outside world.
For example, having your server host your external company
web site would create a problem because whenever your server was not connected
to the Internet, the web site would not be available. (However, it could
certainly host an intranet web site because the local network would always be
connected.)
An IP address is an
identifying number assigned to all devices connected to the Internet, and
is used in routing information from one device to another. Like your phone
number, your IP address enables other people to reach you. In our standard
configuration, your ISP only needs to allocate one IP address for your
network. It is assigned to your server, which will
accept all the Internet data packets intended for your network and distribute
them to the appropriate computer - much like an office receptionist is
able to accept incoming calls and direct them to the appropriate extension.
A static IP address
never changes. It is permanently assigned to your server
by your ISP.
 |
Note |
|---|---|
|
Static IP addressing is preferable to dynamic IP addressing because it |
|
Dynamic IP address
assignment means that your IP address is assigned to you only temporarily
and may be changed by your ISP. This makes it more difficult to ensure
continuity of service to your network. Consider again our telephone
number analogy. When your telephone number changes, you are able to place
outgoing calls. However, until your new phone number is registered with
Directory Services, other people are unable to look up your new number and place
calls to you. Similarly, whenever your IP address changes, a record associating
your server with its new IP address must be published
with the equivalent of Directory Services (known as Domain Name Service
or DNS) before incoming traffic can find you.
If your IP address is
dynamically assigned and you have a dedicated connection to your ISP (for
example, with a typical cablemodem), you may find it helpful to use a
dynamic
DNS service. We strongly recommend you review Appendix B: Dynamic
DNS services for more information about this worthwhile
option.
If an IP address is
analogous to your phone number, then a routable IP address is the
equivalent of a full telephone number complete with country code and area code
such as +1-613-555-1234. Using the same analogy, a non-routable
address is the equivalent of an office extension. If your server
is assigned a non-routable address,
it cannot directly receive
incoming Internet connections, which limits the services that it can provide
to your site.
If you are going to be using your server in "server and gateway" mode, you will
need to arrange for a connection to the Internet. Your ISP will help you
connect your site and provide you with services that enable you to take
advantage of the Internet (e.g. e-mail delivery). To some extent, the type
of connection used determines the services needed. Therefore, we guide
you first through arranging connectivity and then direct you to the appropriate
list of services for each type of connection. The terms used in the following
sections are defined at the end of this chapter.
To connect your site
to the Internet, you not only need to arrange your physical connection
(modem, ISDN, DSL, cable modem, etc.), but you also need to ensure that your server
can locate the appropriate devices at your ISP's site. Your ISP will give
you this information (e.g. IP addresses for their devices) which must eventually
be entered into your server console (a straightforward process covered
in a later chapter). Many ISPs use a DHCP server which can directly configure
your server with some or all of these parameters.
Typically, your ISP
will arrange for and configure your external hub and router. Alternatively,
you may be required to install that hardware yourself under their direction.
If a special phone line is required, the ISP will typically arrange that.
It is most typical with corporate service that you receive a routable,
static IP address. In fact, usually you will be allocated a block of routable,
static IP addresses for your corporation - you will need only one for your
server.
Information provided to you by your ISP:
-
static IP address (or block of addresses from which you
choose one) -
IP address of router ("gateway IP
address") -
subnet mask
Order services from: Service List A
Typically, your cable
company or ADSL provider will install a configured cablemodem or ADSL router
at your site. If you do not have cable access, your cable company will
install it for you. ADSL connects to the ISP via a conventional phone line.
If you require an additional phone line, it is typical for you to arrange
that yourself. There are three possible configurations when ordering cablemodem
or residential ADSL services.
-
You receive a routable, static IP address
Information provided to you by your ISP:
-
static IP address
-
IP address of cablemodem or ADSL router ("gateway IP address")
-
subnet mask
Order services from: Service List A
-
-
You receive a routable, dynamically assigned IP address
and you elect to use a dynamic DNS service (We encourage you to
review Appendix B: Dynamic DNS Services for a
discussion of dynamic DNS services.)Information provided to you by your ISP:
-
gateway IP address*
-
subnet mask*
Information provided by dynamic DNS service:
-
DNS service account name
-
DNS service password
Order services from: Service List B
-
-
You receive a routable, dynamically assigned IP address
and you elect not to use a dynamic DNS service OR your IP
address is non-routable.Information provided to you by your ISP:
-
IP address of cablemodem or ADSL router
("gateway IP address")* -
subnet mask*
Order services from: Service List D
-
It is typical for you to purchase and install your own modem or
ISDN adapter for your dialup connection. (Be
sure to use a Linux-compatible modem - WinModems will not work.) Your modem
connects to your ISP over a conventional phone line. If you require an
additional phone line, it is typical for you to arrange that yourself.
Your ISDN adapter will connect to the ISDN connection installed by your ISP or
local telecommunications provider. The software can work with external ISDN
adapters and includes support for passive ISDN cards.
There are two possible
configurations with dialup service:
-
Your ISP is able to meet all of the following three
conditions:-
you receive a routable, static IP
address -
your ISP will provide a secondary mail
server for your domain, which receives e-mail when your
server is not
connected. -
your ISP is able to accept the "ETRN
command". (This command is used by the server to
retrieve the mail held by the ISP's secondary mail
server.)
Information provided to you by your ISP:
-
static IP address
-
dialup access number
-
dialup account name
-
dialup account password
Order services from: Service List C
-
-
Your ISP is unable to meet all three of the above
conditionsInformation provided to you by your ISP:
-
dialup access number
-
dialup account name
-
dialup account password
Order services from: Service List D
-
In each section on connectivity, above, we direct you to the appropriate
list of services that should be ordered from your ISP.
-
domain name set up and hosting
-
publication of DNS address records for your web server,
FTP server and e-mail server -
publication of DNS mail (MX) records
-
secondary mail server (optional)
-
Internet news server (optional)
Services to order from ISP:
-
secondary mail server (optional)
-
Internet news server (optional)
Services From Dynamic DNS Service
-
domain name (depending on the service purchased, your
dynamic DNS service may restrict what your domain name can
be) -
publication of DNS address records for your web server,
FTP server and e-mail server -
publication of DNS mail (MX) records
-
PPP dialup access (with static IP)
-
domain name
-
publication of DNS address records for your e-mail
server* -
publication of DNS mail (MX) records
-
secondary mail server (ETRN must be
supported) -
Internet news server (optional)
Your web and
FTP servers are available to the external world only when your server
is connected to the Internet. DNS address records for web and FTP
servers only need to be published if it is likely that someone external
to your site will need to connect to them for a particular reason.
Please read the important
notes (below) on the limitations of this configuration.
-
PPP dialup access (if you are using dialup
connectivity) -
POP mailbox (with generous size
limitation) -
domain name - route all mail for domain name to the
single POP mailbox -
Internet news server (optional)
Terms used in ordering connectivity and services
- ADSL (or DSL)
-
ADSL is a type of high-speed Internet access that uses regular phone lines and
is available in many metropolitan areas. - Domain Name
-
This refers to the
unique name attached to your organization on the Internet. For example,
"tofu-dog.com" or "e-smith.com". If you don't have a domain name, your
ISP can help you select one, ensure it is available, and register it. - DNS (Domain Name Service)
-
DNS, or Domain Name
Service, refers to the software and protocols involved in translating domain
names to IP addresses. Your server provides DNS lookup
services for your local network, and your ISP typically also provides you
with the IP addresses of DNS servers. These servers do not need to be configured into your server
as the DNS server that is provided with your server will
correctly resolve all local and Internet names. - DNS: Publication of DNS Address Records
-
The publication of
DNS address information allows other DNS servers to look up your domain
information. Your ISP must publish DNS address records associating the
name of your web server ("www.domain.xxx"), FTP server ("ftp.domain.xxx")
and e-mail server ("mail.domain.xxx") with the IP address of your server. - DNS: Publication of DNS Mail (MX) Records
-
The publication of
DNS mail (MX) records is the method used to inform Domain Name Services
worldwide that all e-mail to your domain ("yourdomain.xxx") should be delivered
to your e-mail server ("mail.yourdomain.xxx"). - ETRN
-
ETRN is a command
used for dialup solutions in order to retrieve e-mail temporarily stored
at your ISP - Gateway IP Address
-
A gateway is the device
on your network that forwards packets to and from the Internet. The gateway
IP address is the IP address for that device. - Internet News Service
-
If you want access
to Internet newsgroups, your ISP will need to provide the IP address of
an Internet news server. The ISP will provide direction in configuring
your web browser or other newsreading software. - PPP
-
PPP refers to the "Point-to-Point Protocol" used when a modem connects to the ISP.
- PPPoE
-
"PPP over Ethernet" is a modified version of PPP that is used over some
high-speed ADSL connections to the ISP. - Secondary Mail Server
-
A secondary mail server
receives e-mail for your domain if your server is unavailable,
and reattempts delivery later. - Subnet Mask (or netmask)
-
A subnet mask (or
a netmask) has four numeric segments (each between 0 and 255) and looks
like an IP address. It enables your computers to deduce what network they
are on. Your ISP provides the netmask for the external network between
the ISP and your server.
Table of Contents
- 4.1. Hardware Requirements for a Category 1 Server
- 4.2. Hardware Requirements for a Category 2 Server
- 4.3. Hardware Requirements for a Category 3 Server
- 4.4. Hardware Requirements for a Category 4 Server
- 4.5. Supported Ethernet Adapters
-
- 4.5.1. Supported Ethernet Adapters
- 4.6. Supported SCSI Adapters
- 4.7. Supported Tape Drives
The hardware requirements
of the SME Server are modest compared with other server
software available today. However, because of its critical role in your
office, selecting an appropriate host computer is important. The hardware
requirements of the host computer depend on such things as the number of
users on your network, whether you plan to use the proxy server on the
server, and the speed of your Internet connection.
Because the SME Server software relies upon your computer meeting the hardware
standards noted in this section, Contribs.org cannot support a server installed
on hardware that does not meet these standards.
Before you consider the requirements defined below, please be aware
of the following notes:
-
The server ships with the remote access services disabled
by default. Enabling webmail will increase the resource
requirements of your server, in particular the memory requirement. Other
remote access services, such as ssh and PPTP, are also processor-intensive.
You should consider a fast processor speed if you intend to make
significant use of these services. -
The server should work with any Pentium,
Celeron, AMD or Cyrix processor that can run Red Hat Linux 7.3. -
For a dedicated connection in server and gateway mode, your server requires
two ethernet adapters (also called network adapters or network
interface cards). For a dialup connection or server-only
mode, one ethernet adapter is needed. -
SCSI (Small Computer Systems Interface) is a system for adding peripherals to
a computer which enhances performance, reliability and scalability. If
you are using a SCSI system, you will need a specific adapter/driver (installed
similarly to an ethernet adapter) and will need to purchase SCSI-enabled
peripherals. These tend to be more expensive than their non-SCSI counterparts
but the tradeoff is often worth it if the system will be under heavy loads.
|
Note |
|---|---|
|
Our hardware recommendations only apply to servers |
|
The following information outlines what we consider the minimum
system that can give satisfactory performance as a basic file/print server and
network gateway. Note that we do not believe such a system will
provide satisfactory performance for features such as webmail, remote
access via PPTP.
Table 4.1. Definition of a Category 1 Server
| # of Users | Up to 10 |
| Usage | Light (minimal use of remote access, file sharing and other disk-intensive activity. No use of webmail, virus scanning or VPNs.) |
Table 4.2. Hardware Requirements for a Category 1 Server
| Architecture | PCI-based Pentium-class processor |
| Processor speed | 90 MHz (or better) |
| Minimum RAM | 32 MB (64 MB recommended) |
| Hard drive | IDE or SCSI - at least 1 GB |
| SCSI adapter | SCSI adapter must appear on the
supported list (only necessary for SCSI systems) |
| Ethernet adapters | The ethernet adapters installed on your server must appear on the supported list. |
| Modem (for dialup only) | Only modems that are Linux-compatible may be used. WinModems are not supported. |
| CD-ROM drive | ATAPI or SCSI |
| Floppy drive | any |
| Monitor | any |
| Graphics card | any |
| Mouse | none required |
| Sound card | none required |
Table 4.3. Definition of a Category 2 Server
| # of Users | Up to 40 |
| Usage | Light (moderate use of remote access, file sharing and other disk-intensive activity) |
Table 4.4. Hardware Requirements for a Category 2 Server
| Architecture | PCI-based Pentium-class processor |
| Processor speed | 400 MHz (or better) |
| Minimum RAM | 128 MB |
| Hard drive | IDE or SCSI - at least 6 GB |
| SCSI adapter | SCSI adapter must appear on the
supported list (only necessary for SCSI systems) |
| Ethernet adapters | The ethernet adapters installed on your server must appear on the supported list. |
| Modem (for dialup only) | Only modems that are Linux-compatible may be used. WinModems are not supported. |
| CD-ROM drive | ATAPI or SCSI |
| Floppy drive | any |
| Monitor | any |
| Graphics card | any |
| Mouse | none required |
| Sound card | none required |
Table 4.5. Definition of a Category 3 Server
| # of Users | Up to 40 |
| Usage | Heavy (heavy use of remote access, file sharing and other disk-intensive activity) |
Table 4.6. Hardware Requirements of a Category 3 Server
| Architecture | PCI-based Pentium-class processor |
| Processor speed | 600 MHz (or better) |
| Minimum RAM | 256 MB |
| Hard drive | IDE or SCSI (SCSI highly recommended) - at least 10 GB |
| SCSI adapter | SCSI adapter must appear on the
supported list (only necessary for SCSI systems) |
| Ethernet adapters | The ethernet adapters installed on your server must appear on the supported list. |
| Modem (for dialup only) | Only modems that are Linux-compatible may be used. WinModems are not supported. |
| CD-ROM drive | ATAPI or SCSI |
| Floppy drive | any |
| Graphics card | any |
| Mouse | none required |
| Sound card | none required |
Table 4.7. Definition of a Category 4 Server
| # of Users | Up to 500 |
| Usage | Heavy |
Table 4.8. Hardware Requirements of a Category 4 Server
| Architecture | PCI-based Pentium-class processor |
| Processor speed | 700 MHz (or better) |
| Minimum RAM | 256 MB |
| Hard drive | SCSI - at least 20 GB (2 large SCSI drives using RAID1 strongly recommended) |
| SCSI adapter | SCSI adapter must appear on the
supported list |
| Ethernet adapters | The ethernet adapters installed on your server must appear on the supported list. |
| Modem (for dialup only) | Only modems that are Linux-compatible may be used. WinModems are not supported. |
| CD-ROM drive | ATAPI or SCSI |
| Floppy drive | any |
| Monitor | any |
| Graphics card | any |
| Mouse | none required |
| Sound card | none required |
Either one ethernet
adapter (in the case of dialup connectivity or server-only mode) or two
ethernet adapters (for dedicated connections in server and gateway mode)
must be installed on your SME Server. This section describes
which types of ethernet adapter can be used in the computer that will become
your server. (There are no restrictions on the ethernet
adapters in your other computers.)
Any adapters installed
on the server must appear on the following supported
list. Note that only PCI adapters are supported. The PCMCIA adapters
used in many laptops and the older ISA adapters are not supported.
|
Note |
|---|---|
|
Because SME Server is based on Red Hat | |
The following PCI Ethernet adapters are supported by SME Server:
-
3Com 3C501, 3C503, 3C556, 3C590, 3C592, 3C595, 3C597
-
3Com 3C900, 3C900B, 3C905, 3C905B, 3C905C, 3C980, 3C985
-
3Com Megahertz 3CXE589D, EC, ET
-
Accton EN1203, EN1207, EN1207(B,C,D,F), EN2212 EtherDuo PCI, SOHO BASIC EN220
-
Adaptec ANA6901/C, ANA6911/TX, ANA6911A/TX
-
ALFA GFC2206
-
AMD
-
Allied Telesyn AT-2550, AT-2560
-
AMD 79c970 (PCnet LANCE), 79c978 (HomePNA)
-
AT&T GIS (NCR) 100VG
-
C-NET CNE-935
-
Cogent EM100, EM110, EM400, EM960, EM964 (Quartet)
-
Compaq NetFlex 3/P, Integrated NetFlex 3/P
-
Compaq Netelligent 10 T PCI UTP, 10 T/2 PCI UTP/Coax, 10/100 TX Embedded,
10/100 TX PCI UTP,10/100 TX UTP, Dual 10/100 TX PCI UTP, Integrated 10/100 TX UTP, ProLiant
Integrated 10/100 -
Compex ReadyLink 100TX, 2000, ENET100-VG4
-
D-Link DE-530CT, DFE500-Tx, DFE540-Tx
-
Danpex EN-9400P3
-
DEC 21040, 21041
-
Davicom Ethernet 100/10
-
Farallon PN9000SX
-
Fujitsu FMV-181, FMV-182, FMV-183, FMV-184
-
General Instruments SB1000
-
Genius GF100TXR (RTL8139)
-
HP J2585A, J2585B, J2970, J2973
-
IBM EtherJet PCI 10/100 adapter (i82557)
-
Intel 82556, 82557, 82865
-
Intel PCI EtherExpress Pro 10+, Pro100+, Pro100B
-
Kingston EtherX KNE100TX, KNE110TX, KNE120TX, KNE20T, KNE30T, KNT40T,
KNECB4TX -
Lite-ON LNE100TX
-
Lucent WaveLan
-
Macronix MX98713, MX987x5
-
Microdyne/Eagle NE10/100 (i82557 w/DP83840 transceiver)
-
NDC Communications NE100TX-E
-
Netgear FA310TX 10/100, FA310TXC 10/100, GA620
-
Novell NE1000, NE2000, NE2100, NE2500, NE3210, NL-10000
-
Olicom OC-2183, OC-2325, OC-2326
-
Racal Interlan ES3210
-
Realtek 8029
-
Samsung Smartether100 SC1100
-
Sis 900
-
SMC 8432T, 8432BT, EtherPower, EtherPower10/100, EZ 1208T, EZ 1211TX, 83C170QF, LANEPIC
-
Surecom EP-320X
-
Symbios 83C885, Yellowfin G-NIC
-
Syskonnect Gigabit Ethernet
-
Thomas Conrad TC5048
-
Znyx ZX312 (EtherArray), ZX314, ZX315, ZX342, ZX344, ZX345, ZX346, ZX348, ZX351
If your adapter is not listed above, it may be supported if it is based on one of the
following chipsets (check with Red Hat's web site mentioned above for
confirmation):
-
Alteon AceNIC Gigabit Ethernet
-
Compex RL2000
-
DEC Tulip
-
KTI ET32P2
-
NetVin NV5000SC
-
RealTek RTL8029, RTL8029AS, RTL8129/8139
-
VIA Rhine, VT86C926 "Amazon"
-
Winbond 89C940
If the computer you
plan to use for your server has a SCSI hard disk, your
SCSI adapter must be supported by Red Hat Linux 7.3.
PLEASE NOTE: Only PCI
SCSI adapters are supported by the SME Server. Furthermore,
they must contain a SCSI BIOS so that the PC can boot from the SCSI disk.
|
Note |
|---|---|
|
As SME Server is based on Red Hat |
|
|
Note |
|---|---|
|
In the list below the use of an 'x' symbolizes a
|
|
-
Adaptec AIC-78xx, AHA-29xx, AHA-394x, 29160/39160,
AHA-1520B -
Advansys ABP510, ABP514x, ABP930/40, ASC1200
-
AMI MegaRAID
-
Artop Electronic Corp AEC671x
-
Dell PowerEdge RAID Controller
2[1], Expandable RAID Controller
2/3 -
Future Domain TMC-18C30
-
HP NetRAID-4M
-
IBM ServeRAID
-
ICP Raid Controller GDT 6xxx, GDT 7xxx
-
Initio Corp INI-940, INI-950, INI-9100/9100W, 360P
-
Intel 80960RP
-
LSI MegaRAID express500
-
Mylex (BusLogic) FlashPoint Series, MultMaster 01/10
-
Symbios 53c1510, 53c8xx
-
Q Logic QLA10160, 1080, 1240, 1280, 2100, 2200 12160
If you intend to use the tape backup
capabilities of the SME Server, you must have a tape drive
that will work with a Linux system.
We believe that most SCSI tape drives and many IDE tape drives will work
correctly. Unfortunately, the popular OnStream tape
drives do not at the current time work with Red Hat Linux version 7.3,
and hence are not supported by your SME Server.
We have tested the following tape drives and know that they work with
the SME Server:
Table 4.9. Supported SCSI Tape Drives
| Vendor | Model | Revision | Format |
|---|---|---|---|
| Dell | Powervault 100T | DAT | |
| HP | HP35470A | T603 | DAT |
| Seagate | Python 06408 | XXX | DAT |
| SONY | SDX-300C | 0400 | AIT |
Table 4.10. Supported ATA (IDE) Tape Drives
| Vendor | Model | Revision | Format |
|---|---|---|---|
| Seagate | STT20000A | 8A51 | |
| Seagate | STT32000A |
We have tested and verified that the following tape drives do
not work with the SME Server:
Table 4.11. Unsupported ATA (IDE) Tape Drives
| Vendor | Model | Revision | Format |
|---|---|---|---|
| OnStream | DI-30 | ADR |
If you do not have one of the supported
drives listed above you may want to check with http://hardware.redhat.com/ for
information about how well that drive will work with Red Hat Linux
7.3.
|
Note |
|---|---|
|
If your tape drive is not listed at Red Hat's site, you can visit http://www.linuxtapecert.org/ to see |
|
[1] Note that the firmware on this controller may need to be updated before
it can work your server. See http://contribs.org/modules/xoopsfaq/ for more
information.
Table of Contents
- 6.1. Licensing Terms and Conditions
- 5.2. RAID1 Support (Disk Mirroring)
-
- 5.2.1. Software Mirroring
- 5.2.2. Hardware Mirroring
- 5.3. Upgrading From A Previous Version
- 5.4. Installing the Software
- 5.5. Configuring your SME Server
- 5.6. Setting Your Administrator Password
- 5.7. Configuring Your System Name and Domain Name
- 5.8. Configuring Your Local Network
- 5.9. Operation Mode
- 5.10. Configuring Server and Gateway Mode
- 5.11. Server and Gateway Mode - Dedicated
- 5.12. Configuring the Server for Server and Gateway Mode - Dialup Access
- 5.13. Configuring Your DHCP Server
- 5.14. Further Miscellaneous Parameters
In installing the SME Server software, you are agreeing to the open source licensing
terms and conditions associated with it. You can read these terms and conditions
in the introduction to this guide under the title
Software Licensing Terms and
Conditions.
|
Note |
|---|---|
|
If you have previously installed and configured a |
|
With SME Server, you have the ability to set up disk
mirroring, also called RAID Level 1. In disk mirroring, you basically
write all of your data to two separate hard disks installed in your
server. One is the mirror of the
other. Should the primary disk experience a hardware failure, the
mirror disk will continue operations as if nothing had happened. All
of your data will be protected.
Disk mirroring can be accomplished through either software
or hardware .
To enable software RAID1 support, you must first have two disks that are
either the same size or capable of having partitions of the same size. They
can be either SCSI or IDE drives.
They must both be installed in your system prior
to installing the SME Server software. Software RAID support can
only be configured at the time you install the
software. If you choose not to configure RAID support on your
server, and later wish to do so, you will need to reinstall the SME Server software.
Once you have two disk drives, activating RAID support requires only a
very slight change in the software
installation process.
With hardware mirroring, you use a special RAID disk controller to perform the
actual mirroring across multiple disks. As mirroring is performed in hardware, the performance can be significantly
faster than software mirroring. Additionally it can simplify
configuration because to the operating system the entire RAID disk system
looks like one single disk. You should be able to use any supported SCSI
hardware RAID controller.
If you are going to use hardware mirroring, you should NOT choose Install - Dual hard
disk with software RAID-1 mirroring in the installation process. (Doing so will enable
software mirroring.) Instead, you should do a
regular installation of the software.
|
Note |
|---|---|
|
Using one of the supported hardware RAID controllers, you will be able to upgrade from an earlier version of |
|
If you have previously installed a server
and now
wish to upgrade to version 5.1, you can do so while
preserving your configuration data. To do so, select
Upgrade from the appropriate screen in the installation process.
While the upgrade should proceed smoothly, we do
recommend that you back up your system prior to performing
this upgrade just to be safe.
 |
Warning |
|---|---|
|
It is not possible to use the Upgrade option
If you previously installed software mirroring with a previous version
|
|
|
Note |
|---|---|
|
If you are configuring your system with RAID1 support, notice that |
|
Step 1: Insert
the CD-ROM. If your computer is an older model that is unable to boot from
CD-ROM, you will also need to insert the boot floppy. Most modern computers do
not need to use a boot floppy.
Step 2: Review
the warning screen and type accept to indicate
your acceptance of Contribs.org's legal terms
and conditions and your acknowledgment that installation of the software
will rewrite the host computer's hard drive.
|
Warning |
|---|---|
|
The installation process formats and |
|
Step 3: Read the software licensing terms
and indicate your acceptance of the license.
Step 4: Choose whether you wish to
Install on a single hard disk (or use hardware mirroring),
Install on dual hard disks using software mirroring
(RAID1 support), or
Upgrade.
Step 5: Read the screen offering a final
warning. Type
proceed and hit enter on the "OK" button to continue.
The installation process will now automatically proceed to install the
necessary packages.
Step 6: Indicate
whether you wish to create an emergency boot diskette.
This can be used in the future to boot the system in the event that you are
unable to boot from the hard disk. If you choose yes, you will be prompted
to insert a blank diskette. We recommend that you do
create an emergency boot floppy and put it in a safe place where you can
easily retrieve it when necessary.
Step 7: Finishing the installation
is automatic and takes only a few minutes. At the end of the process, you
will be prompted to remove the floppy diskette and CD and then to reboot
your computer.
Once your system has restarted (so that it is no longer booting from
the installation CD), you are ready to configure your system.
If your ISP provided
you with a summary of your configuration choices and network information,
we suggest that you keep it handy while completing the screens in the configuration
section of the server console.
There are
several types of configuration parameters that must be entered into your server:
-
the system password
-
the type of ethernet adapters (network interface cards, or NICs) that will be used by your
server to communicate with the internal network and the Internet (or external network).
Typically, the server software will detect this information automatically. (Note
that if you are connecting to the Internet with a dialup connection, you only
need one ethernet adapter.) -
configuration for the internal (local) network - you must provide information
about your internal network so that your server can communicate with other machines
on your local network. -
operation mode - you must select whether your server will operate
in server and gateway mode or server-only mode. -
configuration for the external network/Internet - you must configure your
server so that it can communicate with your ISP
either by a dedicated connection or using a dialup connection (only for
server and gateway mode). -
miscellaneous information - there are several final items to configure, such
as whether
to allow your users to use a proxy server, whether to provide status reporting
to Contribs.org, and whether you wish to secure the server console so that it can only be accessed using the administrator's password.
As you select a given
configuration parameter, you will be presented only with the screens necessary
for your given configuration. Each screen will provide you with a simple,
detailed explanation of the required information.
As shown in the image below, the first thing you will be asked to do is to set the system
password. This is the password you will enter to access the web-based server manager. Depending on how you configure the system, you may also
need to enter this password to access the server console. It is
extremely important that you choose a good password and
keep that password secret.
Anyone who gains access to this password has the
power to make any change to your server!
After you enter the password once, you will be asked to type it again to
confirm that the password was recorded correctly. The password will also be
examined to determine how strong it is from a security point-of-view. If it
is found to be weak (for instance, a dictionary word), you will see an
additional screen asking if you really want to use this
password. You will have the option to go back and change to a stronger
password or to continue using the weaker password.
As shown below, your next step is to enter the primary domain name that
will be associated with your SME Server. (You can later configure other
virtual domains that work with the server.)
Next you need to provide a name for your server. You should think
carefully about this as changing it later may create additional work. (For
instance, Windows client computers may be mapping drives to your server
using its name. Those clients would need to remap the drive using the new
name.)
An ethernet adapter
- also called an ethernet card or network interface card (NIC) - is a special
piece of hardware that serves as the interface between a computer and the
ethernet network. It connects your computer and
the ethernet, allowing the computer to communicate with other computers
and devices on the network.
A computer needs a special
software program, called an "ethernet driver", to use an ethernet adapter.
Which ethernet driver is required depends on which ethernet adapter is
installed on your computer.
You will first need to select the appropriate driver for the ethernet adapter
connected to your local network, a shown in the screen below:
If you are using a PCI
ethernet adapter that appears on our supported list, it is likely that your server will be able to detect your hardware
automatically and you will simply be able to choose option 1,
"Use xxxx (for chipset yyyy)", where 'xxxx' and 'yyyy' are specific to your
hardware. If the software fails to detect it correctly, you can manually select the
appropriate driver for your ethernet adapter from
a list of drivers or from a list of ethernet adapter models.
After the appropriate driver is selected, select "OK"
and proceed to the next screen.
Your SME Server needs information about your local network in order to communicate
with the other computers on your network.
This includes the IP address and the subnet mask on your server's internal
interface. Because your server acts as a gateway and firewall, these will
differ from the IP address and subnet mask on the external interface.
If you plan to operate in server and gateway mode (explained in greater detail below),
your server will act as a relay between your local network
and the Internet. Because no computer on your local network, other than
your server, directly interacts with the external world,
the IP addresses assigned to those computers need only be
unique with regards to your local network. (It doesn't matter if a computer
on someone else's local network uses the same IP address, because the two
machines will not be in direct contact.) As a result, we are able to use
special "non-routable IP addresses" for your local network, including the
internal interface of your server.
If you have no reason to prefer one set of IP addresses
over another for your local network, your server will
prompt you with default parameters that are probably appropriate in your
situation.
If, however, you are operating your server in "server-only" mode and there are already
servers on your network, you will need to obtain
an unused IP address for your local network.
Next, you will be prompted to enter the subnet mask for your local
network. If you are adding your server to an existing network, you
will need to use the subnet mask used by the local network. Otherwise,
unless you have a specific need for some other setting, you
can accept the default setting.
After configuring your
SME Server for your local network, you will
see the following screen. This is where you select your server's operation mode.
In server and gateway
mode, your server provides services (such as e-mail,
web services, file and print sharing) to your network and also acts as
a gateway between your internal network and the outside world. The fact
that it serves as a "gateway" means it has separate interfaces with each
network, and provides security and routing.
If you configure your
server to operate in server and gateway mode, your
server will require either:
-
two ethernet adapters (one to communicate
with the local network and the other to communicate with the external
network/Internet) -
one ethernet adapter (for the local network) and a modem for a dialup
connection
With server and gateway mode, there are a number of extra parameters
that will need to be configured. These will be discussed in the next section.
This mode is a variation of option 1 and provides the same functionality
with the following differences:
-
Your web server is not visible to anyone outside of the local network.
-
Your mail server is not accessible from outside of the local network.
-
Additional firewall rules have been configured to drop packets for
various services (such as 'ping' requests).
All services are available on the internal network.
The differences are entirely in how your server is seen by the external world.
You would select this mode only if you wish to use the server as
a gateway, but do not wish to publish any services to the external Internet.
Server-only mode is
appropriate if you do not wish to use the gateway capabilities of your
server. In this configuration,
your server connects only to the local network and
does not connect directly to the outside world (although it may connect
indirectly through your firewall or another server).
|
Warning |
|---|---|
|
Because the server "trusts" the local network be behind a firewall of some type. Under no conditions should it |
|
Your network will resemble the image below:
If you have a connection to the Internet by
way of another gateway or corporate firewall,
you can configure your server
to provide services (including e-mail, web services, file and print-sharing)
to your network. In this instance, you do not need your server
to provide the gateway role because that role is fulfilled
by your firewall. If you select Option 3, "Server-only mode - protected network
",
your server will provide your local network with web,
e-mail, file and print-sharing.
On the next configuration screen, you should enter the IP
address for the Internet gateway on your local network.
If you do not have an Internet connection, simply leave this configuration
screen blank.
If you are configuring
your server to operate in server and gateway mode,
you must select one of two Internet connection types - a dedicated connection
(such as ADSL or cable modem) or a dialup connection (in which case
you will be connecting to your ISP via a modem).
The next step after
selecting a connection type is to enter the specific parameters representing that connection.
How you configure your server's
external interface depends on whether you are using a dedicated connection
or a dialup connection. Therefore, if you configured your server
for "server and gateway mode - dedicated connection" you
will be presented with very different configuration screens than if you
configured the server for "server and gateway - dialup connection" (as
discussed in the next section).
As you did previously with your local ethernet
adapter, you need to configure the driver for your external ethernet
adapter. As before, the software will attempt to detect the card. If it
correctly identifies the card, you can proceed using Option 1, "Keep current
driver". If it does not, you will need to manually select the driver.
To communicate successfully, your server
needs to know which ethernet adapter connects it to the internal
network and which adapter connects it to the external network/Internet.
Your server will make this designation automatically
- the first ethernet adapter (in position "eth0") will normally be assigned
to the local, internal network and the second ethernet adapter (in position
"eth1") will normally be assigned to the external network/Internet. In
the event that this assumption is incorrect, this screen allows you to
easily swap that designation.
If you don't know which
ethernet adapter is designated to eth0 and which is designated to eth1,
we suggest you leave it in the default configuration while completing the
rest of the screens. You will later have the opportunity to "Test
Internet Access" from the server console. If your test fails at that time,
return to this screen, swap the card assignment and retry the test.
With a dedicated connection in server and gateway mode, you will be presented
with the following screen:
Your server must know three additional things to communicate on the Internet:
-
its own unique IP address so that Internet data packets can reach it.
-
a subnet mask (also called a netmask) which looks like an IP address and
allows other computers to infer your network address from your IP
address. -
the IP address of the external gateway for your server.
This is the IP address of the router on your server's external network.
It identifies the computer that your server should
contact in order to exchange information with the rest of the
Internet.
Normally, you would
need to know this information and enter it into the server console. However,
most ISPs are capable of automatically assigning these configuration
parameters to your server using a DHCP
server or PPPoE.
If you have a static IP address and your ISP is configuring your server
using DHCP or PPPoE, select Option 1, 2 or 3 depending upon how
you will be connecting to your ISP. When you first connect to your ISP,
your server will automatically be given its external
interface configuration parameters.
If your ISP is providing
you with a dynamic IP address, the ISP will configure this through
DHCP or PPPoE and your server will be re-configured
automatically
whenever your IP address changes. If you plan to use a Dynamic DNS service,
select Option 2. Otherwise, select Option 1.
There are some very good reasons to use a dynamic DNS
service if you have a dynamically assigned IP address. It is a simple,
affordable way to ensure continuity of service when your IP address changes.
Please read the next section on dynamic DNS
for more information about dynamic DNS.
If you are using ADSL and need PPP over Ethernet
, choose Option 3. You will then be asked for the user name and
password you use to connect to your ISP. Note that some ISPs require you to
enter their domain name as well as your user name.
If you have a static
IP address and your ISP does not offer DHCP or PPPoE, then your ISP will
give you the static IP address, subnet mask (or netmask), and the gateway
IP address of the device that your server should connect
to in order to communicate with the Internet. Assuming you have this information
on hand, you can go ahead and select Option 4. Successive screens will
prompt you to enter each parameter.
If you choose either of the DHCP options or PPPoE, you will be presented with an additional screen where you can choose which dynamic DNS service you wish to use.
The server is pre-configured to operate with four dynamic DNS
organizations:
yi.org,
dyndns.com,
dyndns.org, and
tzo.com. (You can elect to use a different service, but doing
so would require some customization of the server.) Once the service is
selected, the subsequent two screens will prompt you to enter your account
name and the password for your account. (These two parameters would be
given to you by the service. Note that the dynamic DNS service may place
restrictions on which domain name you can use for your company.)
Please read Appendix B on dynamic DNS for more information about whether a dynamic DNS is right for you.
If you select dialup
access, successive screens will ask you for the following information:
-
information regarding the modem or ISDN
connection with your ISP, such as the serial port your modem is connected
to
[2] -
modem or ISDN initialization screen - most users can simply leave this blank,
but with some particular modems or ISDN cards, additional information may need to be entered
here -
the dialup access phone number
-
username
-
password
-
connection policy
This last item may be of special interest. As shown in the screen below,
you can configure what type of policy you wish to have in place during typical
work hours. If you are in a small office and wish to share your phone line
between your computer and phone or fax, you may wish to minimize the time you
are online. This is also true if your ISP charges a fee on a per-minute basis.
On the other hand, if you have a separate phone line or unlimited time with
your ISP, you might want to have long connection times or a continuous
connection.
After configuring this policy for "work" hours, you can then configure
the policy for time outside of office hours and additionally for the weekend.
Notice that you do have the
choice of never , which would allow you to restrict your
system from connecting on weekends or during off-hours.
The connection policy defines several choices
including Short,
Medium or Long. These specify how
long the server should wait before disconnecting the dialup
connection. If your office only shares a single phone line, the
Short option minimizes the amount of connection time and
frees up the phone line for later use. The down side to this is that if
someone is reading a long page on the web site or steps away from their
computer for a brief moment, when they want to then go to another web page,
the server will probably have disconnected and will need to redial and
connect. On the other hand, setting the Long connection
time will result in users experiencing fewer delays while waiting for the
server to reconnect. However, the phone line will used for a larger amount of
time.
There are two separate timeout values configured by each choice. One
value is the length of time since the last HTTP (web) packet went through the
server. The other is a more general timeout for any other types of packets.
The difference is there because it is assumed that people reading a web page
may take longer to go on to another web page, whereas users connecting to
another service (such as ssh or POP3 to an external server) probably will be
more active than someone using a web browser. The timeout values are shown in
the table below.
| Choice | HTTP Timeout | Other Timeout |
|---|---|---|
| Short | 3 minutes | 30 seconds |
| Medium | 10 minutes | 5 minutes |
|
Long |
20 minutes | 10 minutes |
Note that there is also the option for a
Continuous dial-up connection. Choosing this option is
basically equivalent to creating a permanent or dedicated connection, but
only doing so through the use of a dial-up connection and a modem or ISDN
adapter.
One example of this use might be to set a Continuous
connection policy during work hours and then some variable policy during
off-hours and the weekend. Assuming that your ISP is okay with this
arrangement and you can afford to do so financially, these settings would give
your users the fastest response time as the connection would always be online.
You now will be prompted regarding DHCP service.
Your SME Server can be configured to provide DHCP service
to your internal
network. The DHCP server can automatically configure the other computers
on your internal network with such parameters as non-routable IP address,
subnet mask and gateway IP address. This reduces the risk of error and
simplifies the process of configuring your network.
We recommend configuring your server to use DHCP to
configure all of your network clients. You should not do
this if there is an existing DHCP server on your network as there should
typically be only one DHCP server per network.
Before the DHCP server
is able to assign IP addresses to the computers on your network, you need
to tell it what range of IP addresses it can safely distribute. As above,
this section is pre-configured with defaults that are appropriate in most
situations. If you have fewer than 180 machines on your local network and
no reason to prefer one range of IP addresses over another, you can simply
accept the defaults for these screens.
If the defaults are not appropriate
to your situation, you may need a bit of background to understand how to
configure this range. For example, if you entered the server address
of 192.168.1.1 and subnet mask of 255.255.255.0 (the
default settings), the configuration script will infer that your "network" is
192.168.1.0 and that valid addresses are from 192.168.1.1 to 192.168.1.254.
If you entered some number such as
192.168.100.1 for the server, the script will infer that your valid addresses
will be 192.168.100.1 through 192.168.100.254.
If you enter the number "192.168.202.65" as the "beginning of DHCP address
range", as shown below, the first computer served by the DHCP server would receive the IP
address of 192.168.202.65. The second computer would receive the IP address
of 192.168.1.66, and so on.
If you specify that the end of
the range is "192.168.202.250", as shown below, then the last
computer able to receive
DHCP service would be assigned the IP address 192.168.202.250. Once all the
available IP addresses within that range are assigned, your DHCP server
will no longer serve IP addresses to new computers.
The usual range maximum
is 254: Normally the "end of DHCP address range" cannot exceed "254".
If you have more than 253 computers on your network and would like to exceed
this range maximum, you can use a Class B or Class A non-routable address
for your network. In this case the number entered in the "end of range"
field needs to be calculated and entered a little differently. Note that the default range maximum is 250. As explained
below, this is to allow a few static addresses at the end of the range.
The local IP address
assigned to your server itself must fall outside of
this range: In other words, you should not assign your server
a non-routable IP address that is also assignable by the DHCP
service to another computer on your network. If your server
is assigned the IP address of "192.168.1.1" then the lowest possible
number in the DHCP range should be "2".
We recommend that
you leave a small pool of IP addresses that can be manually
assigned: Some
of the computers (or devices such as network printers) on your network
may not be able to accept DHCP service. Therefore,
it is preferable to exclude some IP addresses from the DHCP range so they
are available to be assigned manually to those computers. For example,
using the 192.168.1.0 block of addresses, the default "beginning of DHCP
address range" is "192.168.1.65". This ensures that
non-routable IP addresses "192.168.1.2"
through "192.168.1.64"
are available to you if any computers on your network cannot accept DHCP
service. Additionally, the default end of "192.168.1.250" leaves addresses
"192.168.1.251"
through "192.168.1.254" available.
There are a few, final
connectivity-related parameters that must be entered into your SME Server.
Master DNS server: The first option is
for a master (or primary) DNS server. You should only configure this value if
your server is behind a firewall and cannot perform direct queries to
Internet DNS servers. Most installations should leave this setting blank. You
do not need to configure your server to use your ISP's DNS servers.
External proxy server:
The next screen allows you to configure
your server so that the computers on your network will use
a proxy server outside of your own network . Some
Internet Service Providers may require this. Additionally, if your server
is behind another firewall, it may need to use the external proxy
server. If
you have questions about whether to use a proxy server,
we recommend you read Appendix C on using
a proxy server. In most environments you can probably leave this blank.
Status reporting: You will be asked
to decide whether to enable status reporting to Contribs.org. Through status
reporting, Contribs.org, tracks the performance of its servers worldwide. Every
day, your server would send a small packet of data
containing up-time information to Contribs.org. The information sent to Contribs.org
is minimal and is not shared with any other organization.
Console mode: Next, as shown below, you select
the security setting for the server console itself - in other words, whether
users will require a password to access the server console. If you choose the
default, "auto", the server console will be displayed on your server
monitor. In many small office or home office situations, this is
perfectly acceptable. However, doing so allows anyone with physical access to your
server monitor and keyboard to make system-wide changes. If you are concerned
about security in your situation, you may wish to choose "login." This
setting prevents users from accessing the server console unless they login as
"admin" with the system password you set earlier in the process. Note
that this setting controls access to the server console only; it does not
control whether you (or anyone
else) can administer your server using the web interface.
Contact e-mail address:
Finally, you will have the option of providing a contact e-mail address
and name. If you would like to be notified of security updates or new versions
of software,
we strongly encourage you to provide at least your e-mail
address. As the screen indicates, we will only send you
notices of updates and no other information. Your contact information will not
be shared.
The last screen asks you to confirm the
changes you have made. After the changes take effect, you will see other services starting up. When that is
finished, your server should be fully operational!
Congratulations -
you have configured your SME Server!!
Afterward you may want to test your Internet access using the test option in the server console.
If you chose "auto" earlier, the server console remains permanently "up" on your
server. Otherwise you would need to login as "admin".
Most routine administration (for example, adding or deleting e-mail addresses) is
done from your desktop computer using the web-based server manager (reviewed in
a later chapter). Therefore, once it is up and running, most users
put their server in an out-of-the-way place and turn
off the monitor.
[2]
Your modem documentation may indicate which serial port is used by the
modem. You may also be able to visually identify which port your modem
uses.
Table of Contents
When installation is
complete and if you set server console mode to "auto", the opening
screen of the SME Server server console will appear:
If you set the server console mode to "login", you will be given a login
prompt. After you enter the user name "admin" and your system password, you
will see the server console screen above.
The server console
provides you with basic, direct access to your server.
From the server console you can get the following information and perform the
following tasks:
Option 1: Provides
you with uptime information about your server.
Option 2: Allows you to view and modify
the configuration information you entered during the original installation
(ethernet cards, IP address information, DHCP, DNS, domain names, etc.)
Option 3: Provides
you with a summary of the configuration parameters entered into your server.
Option 4: Allows
you to test your Internet access by sending a small test packet of information
to a server on the Internet (located at Contribs.org) which will confirm
that your server is communicating on the Internet.
Option 5: Allows
you to smoothly reboot or shut down your server.
Option 6: Provides you with a means to
access the web-based server manager using a text-based browser. This is the
same interface to which you can connect from another system using a normal
graphical browser. This option merely allows you to perform these functions
directly from the server console.
Option 7: Connects to http://contribs.org/modules/phpwiki/
to allow you to read the online version of this user guide.
Option 8: Displays
the GNU General Public License (the license governing the distribution and
use of SME Server software) and information on how to contact Contribs.org for
support.
For Option 6, Access server manager with text-mode browser,
the server uses a text-based browser called
lynx to allow you to access the web-based server manager from the
server console. Navigation is primarily with the arrow keys - up and down to move
through the page, right arrow to follow a link, left arrow to go back. Lynx
has a wide range of other commands which you can learn about through the
online help available at
http://www.lynx.browser.org/ Note that for security reasons some
regular features of lynx are
disabled when you are browsing from the server console (such as
the ability to specify an external URL). Type 'q' (for 'quit') to exit the
text-based browser.
If you are an expert user and would like to do advanced
modifications to the configuration of your server,
you can access the Linux operating system underlying the SME Server software
by logging in as the user "root". If your server
is displaying the server console and not a login prompt, you can
press Alt-F2 to switch to another screen with a login prompt. To
switch back, press Alt-F1. You should always ensure that you log out from
the root account when you are finished and before you switch back to the
server console.
The password for the "root" user is whatever password is currently set for
the administrator of the server. Note that this is the
same password as that used by the "admin" user account.
Be aware that this ability to switch between the server console and a login
prompt is only available when you have physical access to the server.
If you connect in remotely as the "admin" user and see the
server console, you will not be able to switch to a
login prompt in that window. (You can, however, open up another remote
connection to your server and login as the "root" user.) Note that remote
administrative access is disabled by default and must be
specifically enabled through the Remote
Access panel of the server manager.
Table of Contents
For efficiency, we recommend
you configure your desktop computers in the following order:
Step 1: First,
configure one of your desktop computers to work with TCP/IP (using the
information in this chapter).
Step 2: With
TCP/IP up and running on one of your computers, you can now access the
server manager over the web and create your employees' user accounts.
The next chapter, On-going Administration
Using the server manager,
explains this simple process.
Step 3: Once
e-mail accounts are created, you can ensure that all the computers on your
network are configured for TCP/IP, e-mail, web browsing and LDAP (using
the information in this chapter).
This chapter helps
you configure software and hardware supplied by other companies and for
that reason is not as specific as the rest of this guide. Given the wide
range of computers, operating systems and software applications, we cannot
accurately explain the process of configuring each of them. If your computers
and applications came with manuals, they might be useful supplements to
this chapter. Technical problems encountered in networking your desktop
computers and applications are best resolved with the vendors who support
them for you.
The dialog box where
you configure your desktop differs from operating system to operating system
and version to version. As an example, in Microsoft Windows 95 or 98,
client configuration occurs
in the "Properties" dialog box associated with the TCP/IP protocol for
your ethernet adapter. To get there, go to the "Control Panel" and select
"Network". If a TCP/IP protocol is not yet associated with your ethernet
adapter, you may need to add one before you can configure its properties
with the following information.
|
Item |
Description | What to enter |
|---|---|---|
| enable TCP/IP protocol |
All your computers |
In Windows you add |
|
disable non-TCP/IP protocols |
Unless an application relies on a non- TCP/IP protocol, disable all other protocols. |
Turn "off" other networking protocols (e.g. NetBeui, etc.) |
| enable DHCP service | See section below |
In Windows, enable "Obtain an IP address service automatically". In Apple, select "DHCP server". |
On a Windows 95/98 system, the window will look like the image below.
Your server provides a DHCP server that assigns each of the computers on
your network an IP address, subnet mask, gateway IP address and DNS IP
address(es). For a more detailed explanation of DHCP, consult the section in the
Chapter 5 called "Configuring Your DHCP Server".
|
Note |
|---|---|
|
In some rare cases, you may want to use a static IP address for |
|
As noted above, we strongly recommend that you perform all your client
configuration using DHCP. It is even possible to assign a static IP
address through the Hostnames and addresses
web panel of the server manager that will be distributed through your
DHCP server.
However, if your computers do
not support DHCP, you must manually enter the following information into your
TCP/IP properties:
| Item | Description | What to enter |
|---|---|---|
| IP address | Manually enter this information (see paragraph below). |
You must assign a different, unique IP address to computers not accepting DHCP (see note below). |
| subnet mask (or netmask) |
Manually enter this number. |
The default subnet mask (or netmask) is "255.255.255.0". |
| gateway IP address |
Enter the IP address for the server or, in the case of server-only mode, enter the IP address for your network's gateway (e.g. the firewall or network router). |
If you are running in server and gateway mode, your server is your local network's gateway. Enter its IP address here: the default is "192.168.1.1". If you are running in server-only mode, enter the IP address for the device interfacing with your external network. |
|
IP addresses of your domain name servers |
Manually enter this information. |
Normally you would just add the IP address for your server - the default used in the server console is "192.168.1.1". If you have a firewall other than your server that restricts internal queries to Internet DNS servers, you may need to enter additional DNS servers here. |
It is critical that
every computer on your network has a unique IP address and that you don't
assign two computers the same address. In enabling DHCP service in the
server console, you designated a range of IP addresses for DHCP assignment.
You also allocated a block of IP addresses for manual assignment. If you
accepted the defaults pre-configured into the server console, IP addresses 192.168.1.2
through 192.168.1.64 will have been set aside for manual entry. To avoid duplication, use only those IP addresses when manually
assigning IP addresses to your computers.
After configuring the
TCP/IP parameters, you may need to reboot your desktop computer to implement the configuration changes. (For example, most Windows systems need to be rebooted after the
TCP/IP configuration has been changed.) Once the settings take effect, your computer will be connected to the server and to the Internet.
If you are using a Microsoft
operating system, you must ensure that your workgroup is the same as the
workgroup name of your server. (The default workgroup name is your domain name.
In a subsequent chapter, we'll explain how this can be changed using the
web-based server manager.) If you are using the default name, go to the
Control Panel, select "Network" and then
select "Identification". In the field for "Workgroup", type your domain name.
There are two common
standards for e-mail management, IMAP and POP3. Your server supports both protocols.
You will need to select the protocol that
is right for your organization.
POP3 is the earlier,
better-known e-mail protocol. POP3 was designed to permit on-demand retrieval
to a single client machine. E-mail is stored on the mail server until you
retrieve it, at which time it is transferred over the network to your desktop
machine and stored in your e-mail box there.
| Benefits of POP3 | Drawbacks of POP3 |
|---|---|
|
Even when you are not connected to your network, you have access to the e-mail stored on your desktop. |
POP3 was not originally intended to support users accessing and managing their e-mail from remote systems. Because your e-mail is stored on your desktop, setting up remote access of your e-mail when you are at a different computer can be complex. |
IMAP e-mail, in contrast,
is designed to permit interactive access to multiple mailboxes from multiple
client machines. You manage your e-mail on the mail server over the network.
You read your e-mail over the network from your desktop, but the e-mail is
not stored on your desktop machine - rather, it is permanently stored and
managed on the server.
| Benefits of IMAP | Drawbacks of IMAP |
|---|---|
|
You can access all Because all employee |
If you are not connected |
Each user's e-mail application
requires information about that user's account, where to send outgoing
e-mail and pick up incoming e-mail. This information is usually entered in
the "preferences" or "options" section. Most e-mail applications require
you to enter the following information:
User's e-mail address:
The user's e-mail address is the user account as created in the server manager
plus the @domain name. Typically it will be in the form of username@yourdomain.xxx
(e.g. afripp@tofu-dog.com).
E-mail server or
outgoing e-mail SMTP server: This is the name of the e-mail server from
the server. Normally you should just enter mail
here. If you prefer, you should also be able to use the full domain name of
mail.yourdomain.xxx (e.g. mail.tofu-dog.com).
E-mail account name
or user name: this is the name before the @ in the e-mail address. For
example, the username for "afripp@tofu-dog.com" is
"afripp".
If you choose POP3 e-mail service:
Enable POP3 protocol:
Typically,
to enable the POP3 protocol for incoming e-mail, you click on the POP3 checkbox
or select POP3 from a pull-down menu in the section of your e-mail application
dedicated to the incoming e-mail server.
Disable IMAP protocol:
To
disable the IMAP protocol for outgoing mail (not all e-mail applications
have IMAP protocol) click the IMAP checkbox "off".
Delete read e-mail
from server: We recommend you configure your e-mail application so e-mail
that has been read is not left on the server. To do this, click off the
checkbox marked "leave mail on server" or click on the checkbox marked
"delete mail from server".
If
you select IMAP e-mail:
Enable IMAP protocol:
Typically, to enable the IMAP protocol for incoming e-mail (note that
not all e-mail applications offer IMAP support) you click on the IMAP checkbox
or select IMAP from a pull down menu in the section of your e-mail application
dedicated to the incoming e-mail server.
Disable POP3 protocol:
To disable the POP3 protocol for outgoing mail, click the POP3 checkbox
"off".
The images below show you the sequence in Netscape. First you choose
Preferences from the Edit menu and
click on Mail Servers as shown in:
If you have not configured a mail server yet, you will need to press the
Add... button and enter information about your server.
Otherwise, you will select the default mail server listed and click on the the
Edit... button. This will bring up a screen where you
enter the user name and choose whether you are using IMAP or POP3:
Netscape should now be ready to send and receive e-mail.
Most browsers are
configured using a dialog box called "preferences", "network preferences"
or "options". Some browsers need to be configured to access the Internet
either directly or via a proxy server. When required, most desktop applications,
your web browser included, should be configured as though they were directly
accessing the Internet. Although the server uses a security feature known as IP
masquerading, thereby creating an indirect connection to the Internet, this is a
transparent operation to most of your desktop applications.
Hence, you should ensure that the "Direct connection
to the Internet" check box is clicked "on" in your web browser.
Under certain circumstances,
using a proxy server can improve the perceived performance of your network.
The server includes HTTP, FTP and Gopher proxy servers.
Normally, we recommend these be disabled in your browser.
If you decided that you do want to use proxy servers
[3], you will need to enter the IP address or domain name
of the proxy server (i.e. your server) into the
configuration screens of your web browser. The port number you will need to
enter to connect to the proxy server is 3128.
This information is the same for HTTP, Gopher and FTP proxying.
The image below shows how a proxy server would be configured
in Netscape Navigator.
Your SME Server will automatically create a company directory and update it
as you maintain your e-mail accounts. The next chapter explains how to configure
this service. Any client program that uses LDAP (Lightweight Directory
Access Protocol), such as the address book in Netscape Communicator, will
be able to access the directory. For example, with Netscape, look under
the "Communicator" menu and choose "Address Book". Then look under the
File menu and select "New Directory". You will see a dialog box similar
to the one shown here.
You will need to enter the following information:
-
Enter the name you wish to give your company directory - any name will
do. -
The LDAP server is the name of your web server, in the form www.yourdomain.xxx.
-
The Server Root information can be found on the "Directory" screen in your
server manager (more information on this is available in the next chapter).
The usual form, assuming your domain is yourdomain.xxx, is
dc=yourdomain,dc=xxx.
(No spaces should be entered between the "dc=" statements.) -
The Port Number is always 389.
Once the address book
has been created, Netscape can display a list of all e-mail accounts if
you type an asterisk into the search field and press "Enter".
[3]
Note
that laptop users should disable proxy servers when working away from their
local area networks.
The server manager
is a simple control panel that allows you to administer your network. Using
the server manager, you perform such tasks as adding or deleting e-mail addresses,
setting the system date and time, and creating a starter web page. The server manager
is accessed through a web browser by visiting the URL
http://www.yourdomain.xxx/server-manager or
more simply
http://www/server-manager.
The staff at The Pagan Vegan would access the server manager using the
URL http://www.tofu-dog.com/server-manager.
We recommend you bookmark
this address so that you can return to it whenever you wish to access the
server manager.
|
Note |
|---|---|
|
For security reasons, you are only able to access the server manager through a web |
|
When you arrive at the
correct URL, you'll be asked to enter your user name (which is always "admin")
and the password you created during the installation process.
Enter that
information and click "OK" to be taken to the server manager. It
will look like the screen shown above.
In the next four
chapters, we'll explain each of the administrative functions in the order
in which they appear in the frame running down the left side of the screen.
The links are grouped together under four headings: Security, Configuration,
Collaboration and Miscellaneous.
|
Note |
|---|---|
|
As even one further layer of security, you can also connect to the server manager |
|
Table of Contents
- 9.1. Password
- 9.2. Remote Access
- 9.3. Local networks
This screen lets you
change your system password at any time. To do so, type the new password
in the first field. Verify the new password by entering it in the
second field. (Your password can be any combination of printable
characters, including upper- and lower-case letters, numbers, and
punctuation marks.)
If you
make a mistake, click the "Back" button on your browser and try again.
Note that whenever you change your password, the system will prompt you
for the revised password as soon as you access another feature. When you
get the "Authorization Failed" message, click OK, enter the new password
and press "Enter".
If you're an advanced
user, the SME Server provides several different ways to access
the underlying operating system, either from a computer on your internal
network or from a computer outside your site on the Internet. Additionally,
you have the ability to access your computer network securely from a remote
computer. All of these operations are configured from the screen shown
below in the server manager.
Each of these remote access methods is described below.
If you need to connect directly to your server and login from a remote system belonging to you,
we strongly encourage you to use ssh
instead of telnet. In addition to UNIX and Linux systems, ssh client software
is now also available for Windows and Macintosh systems. (See the section
below.)
If you do not have any reason to allow remote
access, we suggest you set this to No access.
Once ssh is enabled, you should be able to connect to your server simply by launching
the ssh client on your remote system and ensuring that it is pointed to the external domain name or
IP address for your server. In the default configuration, you should
next be
prompted for your user name. After you enter admin and your
administrative password, you will be in the server console. From here you can change the
server configuration, access the server manager through a text browser or perform
other server console tasks.
If you do enable ssh access, you have two additional configuration options:
-
Allow administrative command line access over
ssh - This allows someone to connect to your server and login as
"root" with the administrative password. The user would then have full access
to the underlying operating system. This can be useful if someone is providing remote support for your system, but in most cases we recommend setting this to
No. -
Allow ssh using standard passwords -
If you choose Yes (the default), users will be able to connect to the server
using a standard user name and password. This may be a concern from a security point of view, in that someone wishing to
break into your system could connect to your ssh server and repeatedly enter
user names and passwords in an attempt to find a valid combination. A more
secure way to allow ssh access is called RSA Authentication
and involves the copying of an ssh key from the client to the
server. This method is supported by your server, but is
beyond the scope of this user guide and will eventually
be covered by additional documentation on the contribs.org web site.
A number of different free software programs provide ssh clients for use
in a Windows or Macintosh environment. Several are extensions of existing
telnet programs that include ssh functionality. Two different lists of known clients
can be found online at
http://www.openssh.com/windows.html and http://www.freessh.org/.
A commercial ssh client is available from SSH Communications Security
at:
http://www.ssh.com/products/ssh/download.html. Note that the client is
free for evaluation, academic and certain non-commercial uses.
The Point-to-Point Tunnelling Protocol (PPTP)
is used to create client-to-server Virtual Private Networks (VPNs) and was
developed by the PPTP Forum, an industry group which included Microsoft and
several other companies. A VPN is a private network of computers
that uses the public Internet to connect some nodes. PPTP allows users to
connect to their corporate networks across the Internet.
Microsoft's PPTP implementation is widely used in the Windows world to provide remote access
across the Internet. If you have a remote Windows system (for instance, a
laptop or a home computer) that has access to the Internet,
you can also access the information stored on your server.
If you wish to enable VPN access, you must decide how many individual PPTP clients you will
allow to connect to your server simultaneously, and enter that number here. The simplest method is to enter the total number of
remote PPTP clients in your organization. Alternatively, if you have a slow connection
to the Internet and do not want all of those PPTP clients to connect at the
same time, you can enter a lower number here. For instance, if you have five users who from time to time use
PPTP to connect remotely, entering 5 here would allow all of them to connect at any time. Entering 2 would only allow two users to
connect at any given time. If a third user tried to connect, he or she would receive an
error message and would not be able to connect until one of the other users
disconnected. If, on the other hand, you entered 0 , no PPTP connections would
be allowed.
After you enter a number and press Save, the server should
be ready to accept PPTP connections.
To connect using PPTP, the protocol must be installed on each remote Windows client. Typically, this is done through the Network Control Panel (you may need to have
your original Windows installation CD available). After it is installed (a
reboot of your Windows system may be needed), you can create new
connections through the Dial-Up Networking panel by entering the external IP address of the server you wish to connect to. Once you're finished, you should be able
to initiate a PPTP connection by double-clicking the appropriate icon in the Dial-Up Networking window. When you then open up your
Network Neighborhood window, you should see your server workgroup
listed there.
Another way to upload or download files to and from your
server is to enable a protocol called FTP, or "file transfer
protocol". This screen enables you to set your policy for FTP. Note that
allowing liberal FTP access to your server does reduce your security.
You have two options that you can set here.
FTP user account access:
Private
FTP access allows only people on your internal network to write files to
your server. Public FTP access allows users both inside and outside
your local network to read or write files on your server,
provided they have an account and password. If, for example, you want to
be able to update your web site from home using FTP, you would choose the "Public"
setting. We strongly recommend you leave this as Private unless you have a specific reason to do so.
FTP access limits: This allows you to set
an overall site-wide policy for FTP access. The setting you choose here will override all
other FTP settings on your server. For example, if you choose "Disable public
FTP access" here and then later configure an i-bay to allow public FTP access from
the Internet, such access will be forbidden. Note that one of the
choices here allows you to completely disable any use of FTP.
telnet has traditionally been one of the tools used to
login remotely to other systems across a network or the Internet. This
screen gives you the options to control the
use of telnet as a means of connecting to your server.
Telnet can be useful in that
it allows you to login remotely and diagnose problems or configure settings.
However, when you use telnet, all user names and passwords are transmitted without
any kind of encryption, dramatically reducing the security of
your server. For that reason, we strongly
recommend the use of ssh as described above.
|
Note |
|---|---|
|
Because telnet has been and continues to be widely used to date, we are |
|
Telnet access: This can be set to
"No Access", "Private" or "Public".
Because of the inherent security weakness mentioned above,
we strongly recommend that you leave this set to No Access (the default) and instead use ssh as described above. If you
do need to enable telnet access, we suggest that you enable "public" or
"private" telnet access only when absolutely necessary, and disable such access when it is no longer required. If "public" access is enabled, a red warning will appear at the
top of every server manager screen.
Your SME Server provides services to machines on the local network and
it gives machines on that network special privileges and access. For example,
only machines connected to the local network can access the mail server on your server
to send mail. When you configured your server, you
provided it with sufficient information to deduce its own local network.
Machines on the network are automatically identified by the server
as being eligible for these privileges and access.
If your company only
has one network that is being serviced by the server,
you do not need to add any information here.
Some advanced users
may wish to extend privileges to more than one network of computers. If
you would like your server to identify one or more
additional networks for those privileges, you will be asked to enter those
network IDs and the subnet mask for each network here.
Note that depending
on the architecture of your network infrastructure, the instructions for
configuring the client machines on that additional network may be different
than the instructions outlined in the chapter in this user guide. If you have
questions regarding adding another network, you may wish to contact Contribs.org
and visit the forums.
Table of Contents
- 10.1. Set date and time
- 10.2. Workgroup
- 10.3. Directory
- 10.4. Printers
- 10.5. Hostnames and addresses
-
- 10.5.1. Creating New Hostnames
- 10.5.2. Reserving IP Addresses Through DHCP
- 10.6. E-mail Retrieval
- 10.7. Other E-mail Settings
- 10.8. Review Configuration
Accessing this section
allows you to set the system date and time either manually or using a network
time server. Pull-down menus for month and
time zone ensure accurate entry. The server manager will reset the time
automatically during daylight savings time. There are worldwide time zones
with multiple selections for countries with multiple time zones.
(including standard time zones, states/provinces and even cities).
This ensures that regional variations
in time zones and daylight savings time are accurately reflected.
Instead of setting the time manually, you can use a network
time server. A time server is a device
on the Internet that keeps accurate time and is able to communicate
the time to other computers over the Internet using the Network
Time Protocol (NTP). Many organizations around
the world provide Internet time servers for free.
|
Warning |
|---|---|
|
After you start using a network time server, you should |
|
This screen in the server manager allows you to configure your server
to connect regularly to a time server and synchronize the clock
on the server with the time provided by the time server.
To do this, simply check the box for "Enable NTP Service", add the domain
name or IP address of the time server
in the space provided and click "Save NTP Settings". Using a time server
is optional but doing so can greatly increase the accuracy of your system.
For more information about using a network time server, visit
http://www.ntp.org/. You can also
find a list of publicly available time servers at
http://www.eecis.udel.edu/~mills/ntp/servers.htm. You should always
use a secondary time server (also called a
stratum 2 server) to lighten the load on the primary time
servers.
If you are using a computer
on a local network and you wish to access the server
via Windows file sharing, it is important that you are logged onto the
same workgroup as your SME Server. This screen allows you
to enter the name of the Windows workgroup the server should appear
in. You should also enter the Windows server name. In order that you may
later connect multiple locations using IPSEC VPNs, we suggest that you use a
different name for each server. If you wish you
can change the workgroup name to correspond with an existing workgroup.
Macintosh users need only enter a server name or accept the defaults.
Also in this section,
you can specify whether the server should be the domain master
for your Windows workgroup. Most sites should choose "Yes" unless you are
adding an server to an existing network which already has a domain
master.
If you do configure your system to be the domain master,
a special Windows share called NETLOGON is
created with a DOS batch file called netlogon.bat
. This batch file is executed by Windows clients that have been
configured to "Logon to domain". The netlogon.bat file we provide by default
does very little, but advanced users can, if they wish, modify this script to set environment
variables for their clients or provide automatic drive mappings.
As the
NETLOGON share is only writable by the "admin" user, you modify the
netlogon.bat script by logging on to a Windows system as "admin",
connecting to the share and then modifying the script using a Windows
text editor. Be aware that the NETLOGON share will not be visible in Network
Neighborhood or other similar tools. As the "admin" user, you will need to
connect to the share or map a drive to it, by using the specific path:
\\servername\NETLOGON\ |
The sample file contains a few examples of setting the system time for
each machine and also for mapping a common drive for all Windows client.
Your SME Server provides an easy mechanism for creating a company directory.
Each time you create or delete an e-mail account, your directory will be
automatically updated with the new information.
In this section of the
server manager, you specify the default directory information for new accounts
- the user's department, company, street address, city and phone number.
Each time you create an e-mail account, the fields will contain the information
entered here as the default. If you wish, you can change the information
for each user.
At any time in the future,
you can change the default information and have the new information apply
to all new users or to all existing users as well. The field to do this
is located near the bottom of the screen. Choosing "update with new defaults"
is a convenient one-click method of revising your directory when, for example,
your company has moved to a new address.
Your SME Server enables all users on your network to easily share a printer.
The printer can be either locally attached to a parallel or USB port on your
server or can be a network printer. All the server
needs is some basic information: the printer name (which can be anything
you want, as long as it starts with a lower-case letter and consists only
of lower-case letters and numbers, with no spaces), a brief description
(for example, "the printer down the hall") and the location of the printer
- whether it's on the network or directly connected to your server through
a parallel or USB port.
If you choose "Network printer", you will see an additional screen that will
ask for the hostname or IP address and the network printer name.
Enter
that information where requested.
For the network printer name, you can use the default setting,
raw, unless you have some reason to do otherwise.
(raw is the name used by most network printers for their
main print queues.)
|
Note |
|---|---|
|
For maximum flexibility in making changes later, we suggest that you |
|
Note also that the server printing system does not perform any
filtering and passes the print requests directly from
the client computers to the printer in the "raw" or "pass-through" machines.
For this reason, the SME Server does not have a list of "supported printers". Most
printers are supported as long as the appropriate driver is installed in the
operating system on your client computers.
However, there are some newer printers that only have a Windows driver
available and rely heavily on that operating system to perform their print
functions. These printers cannot be used on the server. If you are
concerned about whether your printer will work with your server, you can visit
Red
Hat's Hardware Compatibility List or explore the information found
at LinuxPrinting.org.
As a final item, you should be aware that in order to use the printers
available through your server a user must be logged in to their client
system with a user name and password that is valid on the server. For
instance, if a user is logged in as tturtle on their
Windows desktop and that user account does not exist on
the server, the user will not be able to print to
the printers managed by the server. Either the user will have to
logout and log back in as a valid user or the tturtle
account will need to be created on the server.
When you installed your SME Server, you were asked to provide a name
for your system. That name and several other
"standard" names are automatically configured in your system's host
table during the installation process. This host table is
consulted as part of the name resolution process. The "Hostnames and address"
web panel allows you to modify this table and specify different host "names"
for each domain on your system, as well as to control how those names resolve
both for systems on your local network and also for systems on the larger
Internet.
For instance, when someone
tries to connect to "www.mycompany.xxx", they will be taken to wherever "www"
has been set to point to. As seen in the image below,
this screen in the server manager allows you to view these default settings, and
also to modify the configuration.
|
Using the Hostnames Panel
Throughout the screens linked to from the Hostnames panel, you will find  Suppose, for example, your company's web site was hosted at some other location, such as on your  You would first change the location to "Remote" and then enter the IP
Creating new hostnames simply involves selecting one of the links at the top Note that if your system is configured with any virtual domains, you will have the choice of The hostnames you can create on this panel fall into three categories: Additional names for your server: For Remote hosts: As mentioned in the Local hosts: This screen is a bit Where this gets complicated is when you want "research.mycompany.xxx" "Global IP" fields. Another task you can perform through this panel is to reserve an IP Rather than configuring the machine manually, you can To reserve an IP address, you must first determine the Ethernet address winipcfg. Linux/UNIX users can type Once you have determined the client's Ethernet address, click on the
As shown below, this section of the server manager allows you to specify the  
Your choice of e-mail
If you want to forward e-mail to another mail
If you have a dialup
Finally, if you have sort method and ignore the "select sort header" field. If your ISP does
This screen presents 
This section of the server manager summarizes how your server is configured.  Table of Contents
User accounts should be
If this is the first User account names are limited to twelve characters to maintain 
In the "User Accounts"
From the list of user User accounts are locked out and cannot be used until you set the There may be times when you do not wish to delete a user account As soon as you click the link, the account will be locked When an account is disabled, e-mail will still be To re-enable the user account, you need to reset the password using the
Once they have an active account, is the web server name you entered into the server console).
To make the change, By default, there is no size limit on the files a user may store on the 
There are two quotas that can be applied to each user account:
Note that if the user account exceeds the "Limit with grace period" for By selecting "Modify..." you are able to set a If you set a limit and later wish to disable the
This screen allows you
Creating a new group is a simple three-step process. You enter the group name (as with
After you add (or remove) a user account from a group, the user must log "sales" group can access. Fred Frog is still logged into a Windows PC and now tries
Any user who has an account on your SME Server will be able to
Likewise, when you create a group account, that group account name functions as an "sales", messages to "sales@mycompany.xxx" will be distributed automatically
In addition to user and group accounts, however, your server also
Additionally, your server creates a special pseudonym called "everyone" If you wish to modify or remove any of these pseudonyms, or create new ones, 
As noted on the screen below, there are some restrictions on the is being set to point to ffrog. 
The i-bay (information
When you are supporting
To create a virtual field will show you a list of your current i-bays and allow you to make Be aware that you can point the virtual domain to either the
Once you have Table of Contents
You can easily back  You have four actions you can perform, each of which is described in the
The first type of backup allows you to save a snapshot of your server configuration onto your desktop
When you choose Backup to desktop,
If This option allows you to verify that the backup to disk was completed
The second type of backup involves configuring your system to perform a  Be aware that you must use a supported tape drive
If you are performing regular backups, you can also restore user data and configuration settings by using the and scheduled nightly backups. If you have not done this, you will not be
Using this section of the server manager, you can create a reinstallation
Note that this reinstallation disk serves a different The reinstallation disk, on the other hand, will boot your system option. If you are using your SME Server to send and receive This panel allows you to view the system log files on you server. As  You will probably find the log file of most interest to be
As an example, if you were interested in messages relating to DHCP, you could
If you need to shut Table of Contents
This link will take you directly from the server manager to the online
If you already have
If you do not have a
At any point in the "html" directory.
Accessing administrative areas of your server Table of Contents
Information bays, or
i-bays are simple to
Each i-bay has three directories - html,
Generally, you can think of the html directory as directory is for all files that you want people to access through FTP or
You can access the contents
In the next few sections, we will take a look at some examples No matter how you are going to use an i-bay, the process of creating an  You now need to fill out the form providing the information and making
Once done filling out the form, click the Create next to the i-bay name in the information bays panel of the At any point in time you can modify the attributes of an i-bay (except There are, however, a few items to be aware of when modifying i-bays:
Outside of those concerns, you can modify the i-bay as often as you
"The Pagan Vegan" (TPV) 
TPV has chosen a naming 
Miles Gabriel has contacted Having a shared network
The i-bay is accessed As an example, when the staff of The Pagan Vegan goes into their Network  They will then see a list of i-bays accessible through Windows file  When they go inside of files, they will then see 
As you can see in this
The Pagan Vegan has 
In keeping with TPV's
The intranet is, of 
This particular newsletter
Samson's Organic Farms 
Here's how the process
When customers hire 
TPV set the i-bay for 
When the cursor is placed [4] This 12-character restriction ensures that the i-bay Table of Contents
When you
For example, in Windows the user would open "Network
When you click on the 
By clicking on her own 
To use file sharing from a Macintosh computer, you will need to be set
The first step is to choose your Ethernet adapter (usually "Built-in
To use AppleTalk over TCP/IP it is best that your Mac's network settings
The next step is to choose a server to connect to via AppleTalk. Click 
Double clicking on the server will bring up a list of all the volumes 
The "Primary" volume is your default area set up by your server for sharing
The highlighted volumes are those you wish to connect to. Any ticked
Once you have chosen your volumes to mount, whether or not they are 
Use your server user name and password to connect. This screen will
Your desktop should now have icons for each successful volume, such as  MacOS 8.5 or above  MacOS 7.5 to 8.1 Notice the wire at the bottom of the icon, denoting a network volume.
Clicking on one of these icons should show you a window similar to the  Table of Contents
If you wish, you can configure your SME Server so that users can access their e-mail via a web interface. Once webmail is enabled, users will be able to access their e-mail from the local network or anywhere in the world via the Internet using any standard web browser (provided it supports Javascript and For added security, the server supports the use of
If you intend to enable webmail, you should consider whether your A second issue is that using webmail will affect Because the use of webmail can be resource-intensive, the server
After you perform these steps, your users should be able to To use webmail, a user first needs a valid user account
The https
Note that if your server is behind another firewall, that firewall will Once connected, a user will immediately be confronted with a login  Once logged in, you will see your inbox, as shown in screen below.  Let's take a quick tour of the Inbox window.
We will describe the various functions in greater detail later in this chapter, Before we discuss the features of webmail, it is important to emphasize To compose a new message, click on Compose in the menu on the left. You should see a screen similar to that  At the top of the compose screen, your available options include the ability to spell-check If you choose to save a draft, your Below that are the familiar e-mail fields for you to fill out. To read a message, click on the From  You now have several options. You can:
By clicking on the Reply button, you will be able  You can delete a message while reading it, as mentioned previously, or  To do so, check the box next to each message you wish to delete.
As an example, in the image above, 
If you do not want to see the deleted messages, you have two choices. If you The server webmail system provides two means of keeping track of e-mail You can view and edit your contacts through two menu choices. From the  In either case, you will find yourself viewing a window that looks like  If this is the first time you have entered the Contacts window, you will To update a contact's information, select the user's Delete Contact button. As mentioned earlier, if you entered the Contacts window from the link To search the company directory, use the lower section of the is the text you enter, which requires an exact match. You may find After entering your text and choosing your search options, press
Note
 By clicking on the Preferences link on the  You have four preferences you can configure:
When you are done modifying your preferences, press the Save [5] In fact, the bounce command will send the message on to a third-party "sales", but your name would not appear anywhere in the [6] The search is called an LDAP search because In the process of developing the SME Server, we found it
A local area network (LAN) is the system of wires and other hardware that connects
The hub, a common
An ethernet adapter,
A router ensures 
Allowing a third party,
If your IP address is
A dynamic DNS service Contribs.org has tested
Contribs.org has tested the
If your IP address is The server comes with a proxy server called Squid which can proxy the web
Many gateway systems
In general, we recommend
A proxy server is generally | ||||||||||||||||||||||||||||||||||||||||||||||
Category:
Howtos pour E-Smith/SME