This action might not be possible to undo. Are you sure you want to continue?
SME Server:Documentation:Administration Manual:Booklet
From SME Server
Languages: English • Deutsch
■ 1 Welcome to SME Server 7 ■ 1.1 About This Manual ■ 1.1.1 Production ■ 1.1.2 History ■ 1.1.3 Endorsements ■ 1.1.4 Acknowledgements ■ 1.2 Software Licensing Terms and Conditions ■ 1.3 About Our Example Company: The Pagan Vegan ■ 1.4 What's New ■ 1.5 Server Features ■ 2 The role of the SME Server ■ 3 Your Internet Service Provider (ISP) ■ 3.1 Dedicated versus dialup connectivity ■ 3.2 The IP address ■ 3.2.1 Static versus dynamic IP addressing ■ 3.2.2 Routable versus non-routable IP addresses ■ 3.3 Arranging connectivity with your ISP ■ 3.3.1 Ordering a corporate ADSL or other commercial dedicated connection ■ 3.3.2 Ordering cablemodem or residential ADSL service ■ 3.3.3 Ordering a dialup connection ■ 3.4 Arranging Services From Your ISP ■ 3.4.1 Service List A ■ 3.4.2 Service List B ■ 3.4.3 Service List C ■ 3.4.4 Service List D ■ 3.5 Terms used in ordering connectivity and services ■ 4 Hardware Requirements of the SME Server ■ 4.1 4.1. Minimum Hardware Requirements ■ 4.2 4.2. Recommended Hardware Requirements ■ 4.3 4.3. Hard Drive Configuration ■ 4.4 4.4. Supported Ethernet or SCSI Adapters, or Tape Drives ■ 5 Installing And Configuring Your SME Server Software ■ 5.1 Licensing Terms and Conditions ■ 5.2 RAID1 Support (Disk Mirroring) ■ 5.2.1 Software Mirroring ■ 5.2.2 Hardware Mirroring ■ 5.3 Upgrading From A Previous Version ■ 5.4 Installing the Software ■ 5.5 Restoring a Backup ■ 5.6 Configuring your SME Server ■ 5.7 Setting Your Administrator Password ■ 5.8 Configuring Your System Name and Domain Name ■ 5.9 Configuring Your Local Network ■ 5.9.1 Selecting Your Local Ethernet Adapter 10/18/2010
Page 2 of 111 ■ 5.9.2 Configuring Local Network Parameters ■ 5.10 Operation Mode ■ 5.10.1 Option 1: Server and gateway mode ■ 5.10.2 Option 2: Private server and gateway ■ 5.10.3 Option 3: Server-only mode ■ 5.11 Configuring Server and Gateway Mode ■ 5.12 Server and Gateway Mode - Dedicated ■ 5.12.1 Configuring Your External Ethernet Adapter ■ 5.12.2 Assigning Your Ethernet Adapters to Network Connection ■ 5.12.3 Configuring Your External Interface ■ 5.12.4 Configuring Dynamic DNS ■ 5.13 Configuring the Server for Server and Gateway Mode - Dialup Access ■ 5.14 Configuring Your DHCP Server ■ 5.14.1 Configuring the DHCP Address Range 6 The Server Console ■ 6.1 Option 1: Check status of this server ■ 6.2 Option 2: Configure this server ■ 6.3 Option 3: Test internet access ■ 6.4 Option 4: Reboot, shutdown or reconfigure you server ■ 6.5 Option 5: Manage disk redundancy ■ 6.6 Option 6: Access server manager ■ 6.6.1 Using the Text-based Browser ■ 6.6.2 Accessing the Linux Root Prompt ■ 6.7 Option 7: View support and licensing information ■ 6.8 Option 8: Perform backup to USB device 7 Configuring the Computers on Your Network ■ 7.1 What Order to do Things ■ 7.2 Configuring Your Desktop Operating System ■ 7.2.1 Automatic DHCP Service ■ 7.2.2 Manual entry for computers not using DHCP service ■ 7.2.3 MS Windows workgroup configuration ■ 7.2.4 MS Windows Domain configuration ■ 22.214.171.124 Connecting to a Domain ■ 126.96.36.199 Setting up network drives 8 On-going Administration using the server-manager 9 Collaboration ■ 9.1 Users ■ 9.1.1 Disabling User Accounts ■ 9.1.2 Changing User Passwords ■ 9.2 Groups ■ 9.2.1 Setting admin rights ■ 9.3 Quotas ■ 9.4 Pseudonyms ■ 9.5 Information Bays 10 Administration ■ 10.1 Backup or restore ■ 10.1.1 To desktop ■ 10.1.2 To Tape ■ 10.1.3 To Workstation or USB Drive ■ 10.2 View log files ■ 10.3 Mail log file analysis ■ 10.4 Reboot or shutdown 11 Security ■ 11.1 Remote Access ■ 11.1.1 PPTP (VPN) ■ 11.1.2 Remote Management ■ 11.1.3 SSH ■ 11.1.4 FTP ■ 11.1.5 Telnet ■ 11.2 Local networks 10/18/2010
Page 3 of 111 ■ 11.3 Port forwarding ■ 11.4 Proxy settings 12 Miscellaneous ■ 12.1 Support and licensing ■ 12.2 Create Starter Web Site ■ 12.3 Online manual ■ 12.4 Other Administration Notes 13 Configuration ■ 13.1 Software Installer Panel ■ 13.2 Set date and time ■ 13.3 Workgroup ■ 13.4 Directory ■ 13.5 Printers ■ 13.6 Hostnames and addresses ■ 13.6.1 Creating New Hostnames ■ 13.6.2 Reserving IP Addresses Through DHCP ■ 13.7 Domains ■ 13.8 E-mail ■ 13.8.1 E-mail Access ■ 13.8.2 E-mail Filtering ■ 13.8.3 E-mail Retrieval ■ 13.8.4 E-mail Delivery ■ 13.9 Review Configuration 14 Information Bays (i-bays) ■ 14.1 i-bay Directories ■ 14.2 Accessing the i-bays ■ 14.3 Creating an i-bay ■ 14.4 Modifying an i-bay ■ 14.5 An i-bay Used as a Customer Site: The Miles Gabriel Art Exposition ■ 14.6 An i-bay Used as a Shared Network Drive ■ 14.7 An i-bay Used as an Intranet: The Pagan Vegan "Vegemite" ■ 14.8 An i-bay Used to Expedite Processes: Samson's Farms ■ 14.9 An i-bay Used as Your Customer Download Site 15 SME Manual Appendix ■ 15.1 Appendix A. Introduction to the Ethernet Local Area Network (LAN) ■ 15.2 Appendix B. DNS ■ 15.2.1 DNS Basics ■ 15.2.2 PTR Records ■ 15.2.3 SPF Records ■ 15.2.4 Dynamic DNS Services ■ 15.2.5 DNS Service Providers ■ 15.3 Appendix C. Proxy Servers ■ 15.4 Appendix D. Technical Support 16 Glossary
Welcome to SME Server 7
Congratulations on choosing the SME Server as your network and communications server! SME Server is an open-source Linux server distribution designed to be: ■ Simple to setup and use: Installation and basic configuration takes less than 20 minutes, and every configuration option can be set via a web-based interface. ■ Secure and stable to operate: SME Server only includes what is necessary, which translates into the entire ISO being around 500MB. Stability comes from using proven, supported rpm packages and from an update system that notifies you with available updates. ■ Cross-platform and extendable to meet future needs: SME Server already has everything necessary to provide the core services most people need to network Linux, Macintosh, and Windows systems. ■ And it's completely free! 10/18/2010
com/) . you must make the source code (with patches please) freely available. If you do alter any of the packages. RPMForge is a collaborative effort of several RPM packagers that build RPMs not included with CentOS.org. The agreement is found on the ISO.net and wiki.org History ■ October 2005 . About This Manual This manual walks you step-by-step through the straightforward process of installing and configuring your SME Server. Mitel and contribs. and are the basis for this manual) Endorsements This is the official documentation for SME Server and is endorsed by the developers at http://wiki. And thank you to the companies and people that support the developers.0 started at sourceforge.net) .Page 4 of 111 ■ Download the ISO from http://wiki. Mitel's commercial offering is known as the "Mitel Managed Application Server". The purpose of doing so is to take advantage of the stability that comes from the huge user base that uses these packages.com/pub/redhat/linux/enterprise/4/en/os/i386/SRPMS) and aims to be binary compatible. for security. and in the past was known as e-Smith.Revisions for SME Server 7.contribs. 10/18/2010 .net (Previous versions were published by e-smith. The Appendices and Glossary provide background information on subjects related to networking and the Internet and are intended to supplement chapters in the main section of this document. and alter the software.sourceforge. SME Server 7 uses many packages from CentOS (http://centos.contribs.mitel. Software Licensing Terms and Conditions The SME Server is licensed under the General Public License (GPL). and to allow automatic updates as soon as an update is available from the upstream vendor.org/SME_Server:Download The heart of SME Server 7 is based on the GPL'd sources of the unsupported developer release of SME 7.contribs. Security updates from Redhat/Centos should be available until 2012 for Centos 4. Mitel has been very generous to fund development of the alpha and beta versions and to keep to the spirit of the GPL by sharing their source code freely.redhat. who is the copyright holder for much of what makes SME Server what it is.0 alpha from Mitel (http://www.org) and RPMForge (http://rpmforge. This means that you are free to use. CentOS 4 is built from publicly available open source Red Hat Enterprise Linux SRPMS (http://ftp. Acceptance of this agreement is required during the software installation.org Acknowledgements Thank you to the developers that create and maintain the SME Server distribution. Production This document was revised on the wiki's at smeserver. Almost all of the packages that SME Server includes from these upstream vendors are included unmodified.
The text of the GPL license may be found at http://www. easy-to-install package. The Pagan Vegan or TPV.html.opensource.fsf. that configures. from the command line. administers and makes use of their server.org/licenses/. no company of this name exists. The applicable license for each software module is specifically identified and can be seen by running the rpm -qiv packagename command. What's New For the most complete list of information about changes that have been made in SME Server.org/licensing/licenses/gpl. About Our Example Company: The Pagan Vegan In this manual. In one simple. Server Features The SME Server server and gateway installs automatically on a PC.Page 5 of 111 SME Server users may copy and redistribute this software. converting it to an industrial-strength communications server that optionally allows all of the computers on your network to share a single Internet connection. we use examples of a catering and event-planning company. Details on other open source licences can be obtained here: http://www. As far as we know. you get: 10/18/2010 . Some packages may have an alternate open source licence. see the release notes that accompany your download.
While our software has always supported external ISDN adapters. This prevents a direct connection from being established between an external computer on the Internet and a computer on your local network thereby significantly reducing the risk of intrusion onto your network. this version now includes experimental support for using an internal passive ISDN card. internal network and the external world. and you can now enter pseudonyms of pseudonyms. 10/18/2010 . and 6+ Drives as RAID6. ME or NT. a unique communications and collaborative facility that makes it easy for users to work together on projects. control remote access.org ■ SMTP Email reception is now handled by qpsmtpd. The result is that any other Redhat EL4 or Centos 4 RPMS should work without modification. web access and a powerful file sharing and collaboration feature called "i-bays" . Turba and Ingo from horde. ■ Spam Filtering with Spamassassin.It is now possible to connect the SME Server to a printer via the USB port. configure network printers. ■ Browser based server-manager software that makes it easy to add new user accounts. ■ Installation on a system with 1 hard drive is automatically set up half of a RAID1 mirror. ■ A shared email address book that is maintained automatically. ■ Special services that speed web and Internet access. POP3/SSL. ■ Email attachment handling: Including the ability to block EXE. ■ Quota Management . Imp. Advanced but simple to use plugin system to easily install extra functionality and write local rules. ZIP. Systems with 2 drives are set up as RAID 1. Throughout this user's guide. ■ i-bays.The server now includes better support for Macintosh file sharing and eliminates some previous cases where Macintosh users were unable to access i-bays. You now have the ability to send (e. Approved contribs and official updates can now be installed in the server-manager. ■ Use of unmodified packages from upstream providers . but seamlessly interposes itself into the communication. ■ Antivirus email and hard drive scanning is now provided by ClamAV. 3-5 drives as RAID5. ■ USB printer support . and program updates will be available automatically via the software installer (yum).including e-mail.9 kernel). ■ A web server to host your company web and/or intranet site. SMTP AUTH over SMTP/SSL.) support@domain1 and support@domain2 to different places. When one of your local computers contacts the Internet.Page 6 of 111 ■ A high performance email server that handles email to and from your users.Packages from Centos 4 (2. Automatic tagging with X-spam-status headers. the word gateway is used to mean the computer that acts as the interface between your local. ready to accept a second drive. ■ Enhanced security features that reduce the risk of intrusion. ■ Webmail has been upgraded to the latest versions of Horde. ■ Enhancement to the pseudonyms panel.Previous versions have allowed the server to act as a domain controller for client computers running Windows 95. The role of the SME Server Your SME Server manages your connection to the Internet by routing Internet data packets to and from your network (which allows all the computers on your network to share a single Internet connection) and by providing security for your network. Almost all features are implemented in plugins.g. ■ Yum based Software installer panel. and other packages from atrpms and rpmforge are used unmodified whenever possible. improving the performance of your network. This version now extends that domain logon support to Windows 2000 and Windows XP. or is contacted by an outside machine on the Internet. ■ A central file server enabling seamless information exchange among Windows. Virus definitions are kept up to date automatically. the SME Server not only routes that connection.that allow you to communicate better internally and with the rest of the world using the Internet. set up workgroups and connect additional networks. ■ Improved Macintosh file sharing support . Macintosh and Unix machines. ■ Secure email enhancements. and optional filtering and subject tagging. SMTP/SSL. PIF and automatic conversion of TNEF or UUENCODE encoded attachments to MIME. Mitel. Your server also provides services . Selectable "Automatically install updates" option.6.you have the ability to set a limit on the amount of a disk space a user can use for files and e-mail. ■ Experimental ISDN card support . IMAP/SSL. Configurable rejection levels. ■ Windows 2000 and XP domain logon support . minimizing the risk of intrusions. 98.
your SME Server can be configured and managed remotely. The server-only mode is typically used for networks already behind a firewall. you can also run your SME Server in "server-only" mode. most customers put the server in an out-of-the-way place like a utility closet. so only on rare occasions will you require direct access to the server computer. (Note that some computers may not operate correctly without an attached keyboard. In "server-only" mode. briefly explains ethernet. providing routing and network security. the firewall fulfills the role of gateway.Page 7 of 111 >>++Server and Gateway Mode++]] If you prefer. your server provides your network with services. you can disconnect the keyboard and monitor. 10/18/2010 . If you wish. In that configuration. >>++Server only Mode++]] Once installed. but not the routing and security functions associated with the role of "gateway". Once installation is complete.) Tip: More About Ethernet Appendix A: Introduction to the Ethernet Local Area Network (LAN) . Routine administration is handled from your desktop using a web-based interface. ethernet components and typical ethernet configuration.
and is used in routing information from one device to another. Dedicated connectivity refers to a full-time connection to your ISP. How you connect to your ISP affects the speed of your Internet connection. which provides you with many (though not all) of the same services as a traditional ISP. having your server host your external company web site would create a problem because whenever your server was not connected to the Internet. Dedicated versus dialup connectivity Connectivity. it connects to your ISP over a phone line using a modem or ISDN adapter . your IP address enables other people to reach you. since not all ISPs offer all services. your server is not permanently connected to the Internet. depending on your plans for the server. your ISP may need to publish DNS records associating your mail and/or web servers with your firewall IP address. the web site would not be available.much like an office receptionist is able to accept incoming calls and direct them to the appropriate extension. some of the services on your server cannot be provided to the outside world. it could certainly host an intranet web site because the local network would always be connected. in turn. Although they are more expensive than the alternative. For example. In server-only mode. also referred to as Internet access type. You may also need to configure your firewall for port forwarding of services. refers to the physical connection between your site and your ISP. For example. impacts such things as how quickly your web site is displayed to visitors. Warning: If you are operating the product in "server-only" mode. While your ISP can also assist you in selecting and arranging the right Internet services for your organization. In our standard configuration. ADSL provides relatively fast data transmission over phone lines.it routes Internet data packets to and from your server. a server-only server must always be behind a local firewall. Rather. dedicated connections are generally faster and allow you to use the full range of services on your server. A cable connection links you to your cable company. your ISP only needs to allocate one IP address for your network. (However.Page 8 of 111 Your Internet Service Provider (ISP) Your Internet Service Provider or ISP is your connection to the Internet . For that reason. This section of the user's guide reviews what ISPs offer and what the implications are in choosing among the various options available to you. You should not directly connect such a system to the Internet via an Internet Service Provider. If you have dialup connectivity. you will need to review your gateway/firewall documentation and perhaps consult with your ISP regarding your configuration. which. The speed of transmission over a cable network can vary widely (from quite fast to very slow) based in part on the usage within your neighborhood. There are several common types of dedicated connectivity. 10/18/2010 . Because your connection to the Internet is not permanent. Like your phone number. It is assigned to your server.) The IP address An IP address is an identifying number assigned to all devices connected to the Internet. It also provides other essential services. the single Ethernet connection to the local network is "trusted" as being secure and packet filtering is disabled. which will accept all the Internet data packets intended for your network and distribute them to the appropriate computer . it's important to know the general range of services available.
you not only need to arrange your physical connection (modem. usually you will be allocated a block of routable. static IP address. Your ISP will help you connect your site and provide you with services that enable you to take advantage of the Internet (e. it cannot directly receive incoming Internet connections. whenever your IP address changes. ISDN. It is permanently assigned to your server by your ISP. static IP addresses for your corporation . When your telephone number changes. Therefore. Note: Static IP addressing is preferable to dynamic IP addressing because it makes it easier for users on the Internet to connect to your services. a non-routable address is the equivalent of an office extension. you will need to arrange for a connection to the Internet. with a typical cablemodem). Dynamic IP address assignment means that your IP address is assigned to you only temporarily and may be changed by your ISP.you will need only one for your server. your ISP will arrange for and configure your external hub and router. In fact. We strongly recommend you review Appendix B: Dynamic DNS services for more information about this worthwhile option. the type of connection used determines the services needed. we guide you first through arranging connectivity and then direct you to the appropriate list of services for each type of connection. other people are unable to look up your new number and place calls to you. cable modem. Consider again our telephone number analogy. but you also need to ensure that your server can locate the appropriate devices at your ISP's site.g.). To connect your site to the Internet.g. If your server is assigned a nonroutable address. This makes it more difficult to ensure continuity of service to your network. Arranging connectivity with your ISP If you are going to be using your server in "server and gateway" mode. Routable versus non-routable IP addresses If an IP address is analogous to your phone number. However. Many ISPs use a DHCP server which can directly configure your server with some or all of these parameters. If a special phone line is required. The terms used in the following sections are defined at the end of this chapter. the ISP will typically arrange that. you may find it helpful to use a dynamic DNS service . Using the same analogy. you may be required to install that hardware yourself under their direction. IP addresses for their devices) which must eventually be entered into your server console (a straightforward process covered in a later chapter). etc. It is most typical with corporate service that you receive a routable. Similarly. If your IP address is dynamically assigned and you have a dedicated connection to your ISP (for example. until your new phone number is registered with Directory Services. To some extent. Ordering a corporate ADSL or other commercial dedicated connection Typically.Page 9 of 111 Static versus dynamic IP addressing A static IP address never changes. Alternatively. which limits the services that it can provide to your site. Your ISP will give you this information (e. a record associating your server with its new IP address must be published with the equivalent of Directory Services (known as Domain Name Service or DNS) before incoming traffic can find you. DSL. you are able to place outgoing calls. 10/18/2010 . e-mail delivery). then a routable IP address is the equivalent of a full telephone number complete with country code and area code such as +1-613-555-1234.
your cable company or ADSL provider will install a configured cablemodem or ADSL router at your site. 10/18/2010 . If you require an additional phone line. ADSL connects to the ISP via a conventional phone line. There are three possible configurations when ordering cablemodem or residential ADSL services. your cable company will install it for you.Page 10 of 111 Information provided to you by your ISP: ■ static IP address (or block of addresses from which you choose one) ■ IP address of router ("gateway IP address") ■ subnet mask Order services from: Service List A Ordering cablemodem or residential ADSL service Typically. If you do not have cable access. it is typical for you to arrange that yourself.
You receive a routable. However.) Information provided to you by your ISP: ■ gateway IP address* ■ subnet mask* Information provided by dynamic DNS service: ■ DNS service account name ■ DNS service password 10/18/2010 . You receive a routable. ■ Some ISPs block outgoing HTTP connections. 1. dynamically assigned IP address and you elect to use a dynamic DNS service (We encourage you to review Appendix B: Dynamic DNS Services for a discussion of dynamic DNS services.Page 11 of 111 Note: In the tables below. using the ISP's proxy server will normally work fine.. forcing you to use their proxy server. the test for Internet connectivity will fail erroneously). This interferes in a few minor ways with your server (e. static IP address Information provided to you by your ISP: ■ static IP address ■ IP address of cablemodem or ADSL router ("gateway IP address") ■ subnet mask Order services from: Service List A 2.g. please keep the following information in mind: ■ ISPs often supply the items marked * to your server by DHCP.
Warning: While the software includes experimental support for ISDN cards. it is typical for you to arrange that yourself. Information provided to you by your ISP: ■ IP address of cablemodem or ADSL router ("gateway IP address")* ■ subnet mask* Order services from: Service List D Ordering a dialup connection It is typical for you to purchase and install your own modem or ISDN adapter for your dialup connection. You receive a routable.Page 12 of 111 Order services from: Service List B 3. Your ISP is able to meet all of the following three conditions: 10/18/2010 . There are two possible configurations with dialup service: 1. The software can work with external ISDN adapters and includes support for passive ISDN cards. dynamically assigned IP address and you elect not to use a dynamic DNS service OR your IP address is non-routable. (Be sure to use a Linux-compatible modem .~WinModems will not work. If you require an additional phone line. we do not provide technical support for the use of these cards as they have not yet been tested in a wide enough variety of environments.) Your modem connects to your ISP over a conventional phone line. Your ISDN adapter will connect to the ISDN connection installed by your ISP or local telecommunications provider.
static IP address ■ your ISP will provide a secondary mail server for your domain. ■ your ISP is able to accept the "ETRN command". Your ISP is unable to meet all three of the above conditions Information provided to you by your ISP: ■ dialup access number ■ dialup account name ■ dialup account password Order services from: Service List D Arranging Services From Your ISP In each of the previous sections on connectivity.) Information provided to you by your ISP: ■ ■ ■ ■ static IP address dialup access number dialup account name dialup account password Order services from: Service List C 2. Service List A ■ ■ ■ ■ ■ domain name set up and hosting publication of DNS address records for your web server. (This command is used by the server to retrieve the mail held by the ISP's secondary mail server.Page 13 of 111 ■ you receive a routable. FTP server and e-mail server ■ publication of DNS mail (MX) records Service List C ■ ■ ■ ■ ■ ■ PPP dialup access (with static IP) domain name publication of DNS address records for your e-mail server* publication of DNS mail (MX) records secondary mail server (ETRN must be supported) Internet news server (optional) 10/18/2010 . FTP server and e-mail server publication of DNS mail (MX) records secondary mail server (optional) Internet news server (optional) Service List B Services to order from ISP: ■ secondary mail server (optional) ■ Internet news server (optional) Services From Dynamic DNS Service ■ domain name (depending on the service purchased. we direct you to the appropriate list of services that should be ordered from your ISP. your dynamic DNS service may restrict what your domain name can be) ■ publication of DNS address records for your web server. which receives e-mail when your server is not connected.
messages from mailing lists (and other sources where the user's account name is not present in the headers) cannot be delivered. messages from mailing lists (and other 10/18/2010 . As e-mail messages are delivered into the POP mailbox at your ISP. Any e-mail that cannot be delivered will be returned to the sender. Some ISPs add a header to each e-mail message as it enters the POP mailbox to assist in determining the addressee. This works very well for normal person-to-person e-mail. However. To determine to whom the e-mail message is addressed. this configuration does not allow you to host a web page or FTP site using your SME Server. If the e-mail cannot be returned to sender. As e-mail messages are delivered into the POP mailbox at your ISP. Because there is no published address receiving incoming network connections. In this case. your server uses several heuristics. it will be directed to the system administrator. One common header tag is: "X-Delivered-To". this configuration does not allow you to host a web page or FTP site using your SME Server. we strongly encourage you to consider other means of mail delivery before resorting to using multidrop. you can use another ISP for your e-mail hosting. Your POP mailbox must be large enough to hold the e-mail for your organization until it is fetched.Page 14 of 111 Your web and FTP servers are available to the external world only when your server is connected to the Internet. some of the addressee information is removed. To determine to whom the e-mail message is addressed.route all mail for domain name to the single POP mailbox Internet news server (optional) Warning: Note on Service List D (Multidrop Mail) Service list D is applied to configurations where the publication of DNS records is not practical either because your IP address changes frequently or because it is non-routable. If your primary ISP cannot supply this. However. In this case. Because of the potential problems involved with delivery of e-mail to multidrop mailboxes. which involves temporarily storing all e-mail messages addressed to your domain in a POP mailbox at your ISP until your server connects and fetches them. which involves temporarily storing all email messages addressed to your domain in a POP mailbox at your ISP until your server connects and fetches them. If your primary ISP cannot supply this. ■ ■ ■ ■ PPP dialup access (if you are using dialup connectivity) POP mailbox (with generous size limitation) domain name . your server uses several heuristics. DNS address records for web and FTP servers only need to be published if it is likely that someone external to your site will need to connect to them for a particular reason. Service list D is applied to configurations where the publication of DNS records is not practical either because your IP address changes frequently or because it is non-routable. make note of the header tag used so that you can configure your server to look for it (explained in a later section). Your POP mailbox must be large enough to hold the e-mail for your organization until it is fetched. e-mail is handled using a method called "multidrop". you can use another ISP for your e-mail hosting. e-mail is handled using a method called "multidrop". Because there is no published address receiving incoming network connections. This works very well for normal person-to-person e-mail. some of the addressee information is removed. If your ISP does this. Service List D Please read the important notes (below) on the limitations of this configuration.
These servers do not need to be configured into your server as the DNS server that is provided with your server will correctly resolve all local and Internet names. ensure it is available. If you don't have a domain name. refers to the software and protocols involved in translating domain names to IP addresses. Any e-mail that cannot be delivered will be returned to the sender.xxx"). Your ISP must publish DNS address records associating the name of your web server ("www.com". ETRN ETRN is a command used for dialup solutions in order to retrieve e-mail temporarily stored at your ISP Gateway IP Address A gateway is the device on your network that forwards packets to and from the Internet. If the e-mail cannot be returned to sender.domain. One common header tag is: "X-Delivered-To". Domain Name This refers to the unique name attached to your organization on the Internet. DNS: Publication of DNS Address Records The publication of DNS address information allows other DNS servers to look up your domain information. DNS: Publication of DNS Mail (MX) Records The publication of DNS mail (MX) records is the method used to inform Domain Name Services worldwide that all e-mail to your domain ("yourdomain.xxx") and e-mail server ("mail. 10/18/2010 .xxx"). make note of the header tag used so that you can configure your server to look for it (explained in a later section). and your ISP typically also provides you with the IP addresses of DNS servers. we strongly encourage you to consider other means of mail delivery before resorting to using multidrop.xxx") should be delivered to your e-mail server ("mail. DNS (Domain Name Service) DNS. Some ISPs add a header to each e-mail message as it enters the POP mailbox to assist in determining the addressee.com" or "e-smith. Terms used in ordering connectivity and services ADSL (or DSL) ADSL is a type of high-speed Internet access that uses regular phone lines and is available in many metropolitan areas. For example. your ISP can help you select one. "tofu-dog. or Domain Name Service.Page 15 of 111 sources where the user's account name is not present in the headers) cannot be delivered. FTP server ("ftp. and register it. Because of the potential problems involved with delivery of e-mail to multidrop mailboxes.domain.xxx") with the IP address of your server.domain.yourdomain. Your server provides DNS lookup services for your local network. it will be directed to the system administrator. If your ISP does this.
com/hwcert/. 10/18/2010 Category Architecture Processor speed RAM Hard Drive SCSI adapter Ethernet adapter(s) Modem (for dialup only) . You should consider a fast processor speed if you intend to make significant use of these services. ■ The amount of available RAM is one of the most important considerations for server performance as it reduces the load on the disks. will function correctly with SME Server 7. whether you plan to use the proxy server on the server. Table 4.4 and uses the 2. ■ For a dedicated connection in server and gateway mode. which are cpu intensive will not perform well on this platform.0. your server requires two ethernet adapters (also called network adapters or network interface cards).contribs. selecting an appropriate host computer is important. We expect that all hardware which is marked as "Certified" or "Compatible" for RedHat Enterprise Linux Update 4 on the RedHat Hardware Compatibility web site.1.15 Note: Version 7. WinModems are not supported. Other remote access services. Virus and Spam Scanners. ■ The server should work with any i586 or i686 compatible CPU that can run Centos 4. We do not recommend the use of server hardware which is not listed as "Certified" or "Compatible". Enabling webmail will increase the resource requirements of your server.php?topic=36603.Page 16 of 111 Hardware Requirements of the SME Server The hardware requirements of the SME Server are modest compared with other server software available today. See also a forum thread with users suggestions http://forums. located at: https://hardware.0 of SME Server is based on CentOS 4. but it is important that any hardware chosen for the server has been tested for compatibility before deployment. are also processor-intensive. 4.0.org/index. extra RAM will usually be more beneficial than a faster CPU. For a dialup connection or server-only mode. one ethernet adapter is needed. Only modems that are Linux-compatible may be used. To utilize all the features of SME Server 7. However. When you consider the requirements. Note that we do not believe such a system will provide satisfactory performance for features such as webmail. remote access via PPTP. The hardware requirements of the host computer depend on such things as the number of users on your network.6 series Linux kernel.redhat. because of its critical role in your office. If a tradeoff is required. in particular the memory requirement.at least 4 GB SCSI adapter must appear on the supported list (only necessary for SCSI systems) The ethernet adapters installed on your server must appear on the supported list. This combination supports a wide variety of hardware.4.1 Minimum Hardware Requirements Specifications PCI-based i586 or i686 compatible processor 400 MHz 256 MB SATA/PATA or SCSI . please have a look at the 'Recommended' Hardware Requirements. please be aware of the following notes: ■ The server ships with the remote access services disabled by default. Minimum Hardware Requirements The following information outlines what we consider the bare minimum system that will function as a basic file/print server and network gateway. such as SSH and PPTP. and the speed of your Internet connection.
WinModems are not supported.Software RAID 5 (4-5 drives with SME 7. 5 or 6.Software RAID 6 Note: With SME 7. Recommended Hardware Requirements The following information is what we would suggest is the recommended minimum to utilize all the features of SME Server 7.1) 6+ Drives .0.5GHz 512 MB One or more SATA/PATA or SCSI .Automatic configuration of Software RAID 1. In the case of RAID 6. How many users this configuration will support depends on how heavily the server will be utilized. Your server will be automatically configured as follows: ■ ■ ■ ■ 1 Drive . ATAPI or SCSI any any 4. Hard Drive Configuration SME Server 7 introduces a new feature .Software RAID 1 (ready to accept a second drive). the system will still function.0 if you utilize more than one drive.at least 40 GB SCSI adapter must appear on the supported list (only necessary for SCSI systems) The ethernet adapters installed on your server must appear on the supported list. they should all be identical in size and model. 10/18/2010 . Only modems that are Linux-compatible may be used.Software RAID 1 3-5 Drives . RAID is a way of storing data on more than one hard drive at once.3. so that if one drive fails. From SME 7. Recommended Hardware Requirement Specifications PCI-based i686 compatible processor 1.1 this is no longer a requirement.2. We highly recommend that at a minimum you utilize 2 identical drives in your sytem to take advantage of the redundancy provided by the RAID configuration. two drives can fail and the system will still function. but should be sufficient for at least 25 users. 2 Drives .2. Category Architecture Processor speed RAM Hard Drive SCSI adapter Ethernet adapter(s) Modem (for dialup only) CD-ROM drive Monitor Graphics card Table 4.Page 17 of 111 CD-ROM drive Monitor Graphics card ATAPI or SCSI any any 4.
Your ethernet adapters must be supported by Red Hat Enterprise Linux 4. If the computer you plan to use for your server has a SCSI hard disk. If you intend to use the tape backup capabilities of the SME Server. as explained in chapter 10.contribs. the mirror disk will continue operations as if nothing had happened. They can be either SCSI or IDE drives. The server is configured to accept any number of drives and will function properly. The level of Raid depends on the number of drives installed. RAID1 Support (Disk Mirroring) With SME Server.Page 18 of 111 4. of this guide under the title Software Licensing Terms and Conditions . One is the mirror of the other. also called RAID Level 1. All of your data will be protected. Upgrading From A Previous Version in order to preserve your existing configuration and data. Licensing Terms and Conditions In installing the SME Server software. you basically write all of your data to two separate hard disks installed in your server.org/Raid 10/18/2010 . You can verify the RAID status from the console.1. You can do so easily by selecting "Backup or restore" from the server manager. Installing And Configuring Your SME Server Software The following sections explain in detail the process of installing the SME Server software.4. There is more technical information on SME Raid at http://wiki. Supported Ethernet or SCSI Adapters. you have the ability to set up disk mirroring. your SCSI adapter must be supported by Red Hat Enterprise Linux 4. Should the primary disk experience a hardware failure. user directories. i-bay contents and web site and configuration parameters. Simply performing a new installation will erase all previously existing user accounts. Note: If you have previously installed and configured a server and are reinstalling the software. you must have a tape drive that is supported by Red Hat Enterprise Linux 4.3.2. Software Mirroring The SME Server comes by default with RAID disk mirroring. If you later wish to add more drives. you may wish to back up the contents of your server onto one of your desktop computers. In disk mirroring. or Tape Drives Either one ethernet adapter (in the case of dialup connectivity or server-only mode) or two ethernet adapters (for dedicated connections in server and gateway mode) must be installed on your SME Server. Disk mirroring can be accomplished through either software or hardware . please be aware that you should use the procedure described in section 5. just add them and instruct the server via the console to create the mirror. but we strongly advise they are the same size and type. It will take some time to build so do it during scheduled maintenance. You can read these terms and conditions in|Chapter 1. you are agreeing to the open source licensing terms and conditions associated with it. If you have not already done so.
Dual hard disk with software RAID-1 mirroring during the installation process described in section 5. you should be able to upgrade without any problems. Installing the Software. If you are going to use hardware mirroring. Additionally it can simplify configuration because to the operating system the entire RAID disk system looks like one single disk. However. we do recommend that you back up your system prior to performing this upgrade just to be safe. Upgrading From A Previous Version. Upgrading From A Previous Version If you have previously installed a server and now wish to upgrade to version 7. perform a backup through the server manager as detailed in chapter 10. restore the backup through the server manager Installing the Software Note: 10/18/2010 .1.4. if you want to upgrade a previous version of the software that was not installed with software mirroring to use software mirroring (RAID1) support. select Upgrade from the appropriate screen in the installation process as described in section 5.4. you will be able to upgrade from an earlier version of the SME Server to version 6.Page 19 of 111 Hardware Mirroring With hardware mirroring.) Instead. While the upgrade should proceed smoothly. You should be able to use any supported SCSI hardware RAID controller. If you previously installed software mirroring with a previous version of the software.3. you use a special RAID disk controller to perform the actual mirroring across multiple disks. As mirroring is performed in hardware. the performance can be significantly faster than software mirroring. perform a fresh install selecting the software mirroring option 3. To do so. You should back up all your data and test carefully after installation. you should do a regular installation of the software. you should: 1. you can do so while preserving your configuration data. Warning: It is not possible to use the Upgrade option to add software mirroring (RAID1) to an existing server. Note: Using one of the supported hardware RAID controllers. you should NOT choose Install . Backup or restore 2. (Doing so will enable software mirroring. Also see the related Howto UpgradeDisk if you are restoring to a new server or new Drive.x using the standard upgrade process detailed in section 5. Installing the Software.
If you skipped section 5. Choose OK to test the CD media or choose Skip to start the installation. Step 2: You will be given the option of testing the CD --ROM-.media before beginning installation. Step 1: Insert the CD-ROM media. it would be advisable to read it before proceeding. notice that your step 4 below will be slightly different. Step 3: Select the language you would like to use during the installation process.2 RAID1 Support (Disk Mirroring). 10/18/2010 .Page 20 of 111 If you are configuring your system with RAID1 support.
You must choose Yes to proceed. 10/18/2010 .Page 21 of 111 Step 4: Select which model keyboard is attached to your computer. Step 5: You are informed that all disks will be formatted and any data will be lost.
If you have multiple hard drives. The installation process will now automatically proceed to install the necessary packages. USB hard drives are considered non-removable drives. be sure to back them up prior to starting the installation process.Page 22 of 111 Warning: The installation process formats and erases all attached hard drives. The installer ignores all removable drives and uses all non-removable drives that are at least 2Gb in size. Step 6: Select which time zone you are in. 10/18/2010 . Removable drives are USB pen drives and floppy/cd rom drives. Be sure to unplug USB drives.
At the end of the process.Page 23 of 111 Step 7: Finishing the installation is automatic and takes only a few minutes. you will be prompted to remove the CD and then to reboot your computer. 10/18/2010 .
you are ready to configure your system. you only need one ethernet adapter. you will be presented only with the screens necessary for your given configuration. the server software will detect this information automatically. when you are 10/18/2010 . such as whether to allow your users to use a proxy server. Once your system has restarted (so that it is no longer booting from the installation CD). Restoring a Backup If you have a tar backup (usually smeserver.you must configure your server so that it can communicate with your ISP either by a dedicated connection or using a dialup connection (only for server and gateway mode).Page 24 of 111 Warning: The installation (or upgrade) process rewrites the boot sector on your hard drive. Configuring your SME Server Tip: To change configuration settings. If your ISP provided you with a summary of your configuration choices and network information. DVD. You will be take through the configuration routine just like during installation. Each screen will provide you with a simple. detailed explanation of the required information. ■ configuration for the external network/Internet . ■ operation mode . Enter your media.there are several final items to configure. USB Disk or Tape drive If you have a DAR backup perform your restore from the server-manager after configuration. Make your necessary changes or use the Keep option to preserve the settings you have set previously. Typically.) ■ configuration for the internal (local) network . As you select a given configuration parameter. you will notice that there is a "Keep" option which will allow you to keep the choices you may have made previously. There are several types of configuration parameters that must be entered into your server: ■ the system password ■ the type of ethernet adapters (network interface cards.org. ■ miscellaneous information . CD. we suggest that you keep it handy while completing the screens in the configuration section of the server console.tgz) you are prompted if you wish to restore. you have set during install. This may cause machines with BIOS boot sector virus detection to not boot unattended. and whether you wish to secure the server console so that it can only be accessed using the administrator's password. at a later date you can login as admin user to your server console and choose the option to Reconfigure your server. whether to provide status reporting to Contribs. or NICs) that will be used by your server to communicate with the internal network and the Internet (or external network). (Note that if you are connecting to the Internet with a dialup connection.you must select whether your server will operate in server and gateway mode or server-only mode. Obviously. Note: As you move through the configuration screens.you must provide information about your internal network so that your server can communicate with other machines on your local network. This detection should be disabled in your system's BIOS.
) 10/18/2010 . this option can save time. An example might be "IwmSMES!" as in "I want my SME Server!" (Please don't use this example as your password!) Configuring Your System Name and Domain Name As shown below.Page 25 of 111 configuring your system for the first time. yet also be easy to remember. you will see an additional screen asking if you really want to use this password. your next step is to enter the primary domain name that will be associated with your SME Server. you may also need to enter this password to access the server console. you will be asked to type it again to confirm that the password was recorded correctly. The password will also be examined to determine how strong it is from a security point-of -view. you should choose a password that cannot be guessed easily. This is the password you will enter to access the web-based server manager. Warning: You can use any ASCII printable characters in the administrator password. Setting Your Administrator Password As shown in the image below. If it is found to be weak (for instance. Depending on how you configure the system. a dictionary word). A good password should contain mixed upper. many of these choices will not have been made. (You can later configure other virtual domains that work with the server. You will have the option to go back and change to a stronger password or to continue using the weaker password. Anyone who gains access to this password has the power to make any change to your server! After you enter the password once. the first thing you will be asked to do is to set the system password. numbers and punctuation. but if you later go back to re-configure the system.and lower-case letters. As this password gives someone total control over your server. It is extremely important that you choose a good password and keep that password secret.
Using some type of theme. Which ethernet driver is required depends on which ethernet adapter is installed on your computer.also called an ethernet card or network interface card (NIC) . You should think carefully about this as changing it later may create additional work. Configuring Your Local Network Selecting Your Local Ethernet Adapter An ethernet adapter . Windows client computers may be mapping drives to your server using its name. each server will need a unique name. called an "ethernet driver".is a special piece of hardware that serves as the interface between a computer and the ethernet network.Page 26 of 111 Next you need to provide a name for your server. A computer needs a special software program. (For instance. a shown in the screen below: 10/18/2010 . allowing the computer to communicate with other computers and devices on the network. You will first need to select the appropriate driver for the ethernet adapter connected to your local network. may be an effective way to ensure unique names. When you do.) Tip: You should make the system name as unique as possible in case you someday decide to link your server to another server using an IPSEC VPN. such as location names. to use an ethernet adapter. Those clients would need to remap the drive using the new name. It connects your computer and the ethernet.
Because no computer on your local network. If the software fails to detect it correctly. these will differ from the IP address and subnet mask on the external interface. because the two machines will not be in direct contact. you can manually select the appropriate driver for your ethernet adapter from a list of drivers or from a list of ethernet adapter models. Configuring Local Network Parameters Your SME Server needs information about your local network in order to communicate with the other computers on your network. 10/18/2010 . "Use xxxx (for chipset yyyy)".) As a result. This includes the IP address and the subnet mask on your server's internal interface. After the appropriate driver is selected. (It doesn't matter if a computer on someone else's local network uses the same IP address. it is likely that your server will be able to detect your hardware automatically and you will simply be able to choose option 1. your server will act as a relay between your local network and the Internet. other than your server. If you plan to operate in server and gateway mode (explained in greater detail below). directly interacts with the external world. the IP addresses assigned to those computers need only be unique with regards to your local network. Warning: If you configure your server in server-gateway mode make sure the IP address for the internal interface and the one for the external interface are in different ranges that do not overlap.Page 27 of 111 If you are using a PCI ethernet adapter that appears on our supported list. we are able to use special "non-routable IP addresses" for your local network. Because your server acts as a gateway and firewall. including the internal interface of your server. where 'xxxx' and 'yyyy' are specific to your hardware. select "OK" and proceed to the next screen.
you will see the following screen. two ethernet adapters (one to communicate with the local network and the other to communicate with the ext 1. Operation Mode After configuring your SME Server for your local network. one ethernet adapter (for the local network) and a modem for a dialup connection With server and gateway mode. Tip: If you are installing servers at multiple sites within your organization. This is where you select your server's operation mode. it would be safest to use unique network addresses for each location. you are operating your server in "server-only" mode and there are already servers on your network. your server will prompt you with default parameters that are probably appropriate in your situation. however. you can accept the default setting. you will need to obtain an unused IP address for your local network. These will be discussed in the next section. web services. The fact that it serves as a "gateway" means it has separate interfaces with each network. you will be prompted to enter the subnet mask for your local network. If. Next. if you ever want to establish an IPSEC VPN between the servers. there are a number of extra parameters that will need to be configured. unless you have a specific need for some other setting. 10/18/2010 . Even if you are not planning to use a VPN right now. Otherwise. your server provides services (such as e-mail. you will need to use the subnet mask used by the local network. file and print sharing) to your network and also acts as a gateway between your internal network and the outside world. Option 1: Server and gateway mode In server and gateway mode. If you are adding your server to an existing network. you may find it useful for later troubleshooting to use different network addresses for each site. and provides security and routing. If you configure your server to operate in server and gateway mode. each server will need to use a different range of IP addresses.Page 28 of 111 If you have no reason to prefer one set of IP addresses over another for your local network. your server will require either: 1. Additionally.
Your network will resemble the image below: If you have a connection to the Internet by way of another gateway or corporate firewall. you should enter the IP address for the Internet gateway on your local network. simply leave this configuration screen blank. All services are available on the internal network. you do not need your server to provide the gateway role because that role is fulfilled by your firewall. The differences are entirely in how your server is seen by the external world. ■ our mail server is not accessible from outside of the local network. it must be behind a firewall of some type. your server will provide your local network with web. " Server-only mode . you can configure your server to provide services (including e-mail. ■ Additional firewall rules have been configured to drop packets for various services (such as 'ping' requests). file and print-sharing) to your network. In this instance. but do not wish to publish any services to the external Internet. If you select Option 3. You would select this mode only if you wish to use the server as a gateway. 10/18/2010 . On the next configuration screen. If you do not have an Internet connection. file and print-sharing.protected network ". Option 3: Server-only mode Server-only mode is appropriate if you do not wish to use the gateway capabilities of your server.Page 29 of 111 Option 2: Private server and gateway This mode is a variation of option 1 and provides the same functionality with the following differences: ■ our web server is not visible to anyone outside of the local network. Under no conditions should it be directly connected to the Internet. Warning: Because the server "trusts" the local network to be secure in server-only mode. In this configuration. your server connects only to the local network and does not connect directly to the outside world (although it may connect indirectly through your firewall or another server). web services. e-mail.
if you configured your server for "server and gateway mode . Assigning Your Ethernet Adapters to Network Connection To communicate successfully.a dedicated connection (such as ADSL or cable modem) or a dialup connection (in which case you will be connecting to your ISP via a modem).dialup connection" (as discussed in the next section). Your server will make this 10/18/2010 . your server needs to know which ethernet adapter connects it to the internal network and which adapter connects it to the external network/Internet. Server and Gateway Mode . "Keep current driver". you need to configure the driver for your external ethernet adapter. As before. If it correctly identifies the card.Dedicated How you configure your server's external interface depends on whether you are using a dedicated connection or a dialup connection. Therefore.dedicated connection" you will be presented with very different configuration screens than if you configured the server for "server and gateway . you must select one of two Internet connection types . Configuring Your External Ethernet Adapter As you did previously with your local ethernet adapter. The next step after selecting a connection type is to enter the specific parameters representing that connection. you will need to manually select the driver. you can proceed using Option 1. If it does not. the software will attempt to detect the card.Page 30 of 111 Configuring Server and Gateway Mode If you are configuring your server to operate in server and gateway mode.
internal network and the second ethernet adapter (in position "eth1") will normally be assigned to the external network/Internet. Tip: If you are using two different network interface cards. we suggest you leave it in the default configuration while completing the rest of the screens. If you don't know which ethernet adapter is designated to eth0 and which is designated to eth1. If you have two cards that use the identical driver you will see a screen such as the one above where the actual driver is not listed. this screen allows you to easily swap that designation. swap the card assignment and retry the test. In the event that this assumption is incorrect. return to this screen.the first ethernet adapter (in position "eth0") will normally be assigned to the local. This information can help you determine which card is eth0 and which is eth1. you will see which driver is associated with eth0 and which is associated with eth1. Configuring Your External Interface With a dedicated connection in server and gateway mode.Page 31 of 111 designation automatically . you will be presented with the following screen: Your server must know three additional things to communicate on the Internet: 10/18/2010 . You will later have the opportunity to "Test Internet Access" from the server console. If your test fails at that time.
However. ■ the IP address of the external gateway for your server. Otherwise. choose Option 3. then your ISP will give you the static IP address. Please read the next section on dynamic DNS for more information about dynamic DNS.only configured to run over an Ethernet connection. Successive screens will prompt you to enter each parameter. ■ a subnet mask (also called a netmask) which looks like an IP address and allows other computers to infer your network address from your IP address. If your ISP is providing you with a dynamic IP address. If you are using ADSL and need PPP over Ethernet. you will be presented with an additional screen where you can choose which dynamic DNS service you wish to use. select Option 1. If you plan to use a Dynamic DNS service. you would need to know this information and enter it into the server console. the ISP will configure this through DHCP or PPPoE and your server will be re-configured automatically whenever your IP address changes. It is a simple. If you have a static IP address and your ISP is configuring your server using DHCP or PPPoE. You will then be asked for the user name and password you use to connect to your ISP. This is the IP address of the router on your server's external network.Page 32 of 111 ■ its own unique IP address so that Internet data packets can reach it. Many ISPs that provide ADSL connections use PPPoE as the method of connecting their customers to the Internet over ADSL. select Option 2. Essentially. Configuring Dynamic DNS If you choose either of the DHCP options or PPPoE. you can go ahead and select Option 4. Assuming you have this information on hand. affordable way to ensure continuity of service when your IP address changes. When you first connect to your ISP. 2 or 3 depending upon how you will be connecting to your ISP. it is an implementation of the popular PPP protocol used for dialup connections . 10/18/2010 . There are some very good reasons to use a dynamic DNS service if you have a dynamically assigned IP address. If you have a static IP address and your ISP does not offer DHCP or PPPoE. most ISPs are capable of automatically assigning these configuration parameters to your server using a DHCP server or PPPoE . subnet mask (or netmask). It identifies the computer that your server should contact in order to exchange information with the rest of the Internet. your server will automatically be given its external interface configuration parameters. Normally. Tip: What is PPPoE? PPPoE is the Point-to-Point Protocol over Ethernet . select Option 1. Note that some ISPs require you to enter their domain name as well as your user name. and the gateway IP address of the device that your server should connect to in order to communicate with the Internet.
We are aware of at least one case in which a failed modem link at the ISP resulted in several thousand connection attempts over a couple of days . If your telephone carrier charges you per-call or per-minute fees. you might want to have long connection times or a continuous connection. (You can elect to use a different service.org. If you are in a small office and wish to share your phone line between your computer and phone or fax. but doing so would require some customization of the server. NB.) Once the service is selected. and tzo. additional information may need to be entered here ■ the dialup access phone number ■ username ■ password ■ connection policy This last item may be of special interest. dyndns. but with some particular modems or ISDN cards. This is also true if your ISP charges a fee on a per-minute basis. please be aware that you can incur very steep phone charges due to dialup connection attempts to the ISP.Commercial service" doesn't work. you can configure what type of policy you wish to have in place during typical work hours. (These two parameters would be given to you by the service. you may wish to minimize the time you are online. if you have a separate phone line or unlimited time with your ISP. 10/18/2010 .Page 33 of 111 The server is pre-configured to operate with four dynamic DNS organizations: yi. Warning: If you are using a dial-on-demand link to your ISP.and a hefty phone bill. successive screens will ask you for the following information: ■ information regarding the modem or ISDN connection with your ISP. dyndns. such as the serial port your modem is connected to *2 ■ modem or ISDN initialization screen . if you wish to use this service select custom and write your own script. Configuring the Server for Server and Gateway Mode .com .org. As shown in the screen below.) Please read Appendix B on dynamic DNS for more information about whether a dynamic DNS is right for you.com. the subsequent two screens will prompt you to enter your account name and the password for your account.Dialup Access If you select dialup access. On the other hand. we suggest that you contact your ISP and ask whether it is willing to assume responsibility if a failure at their end results in a large phone bill. the script for "dyndns.com.most users can simply leave this blank. Note that the dynamic DNS service may place restrictions on which domain name you can use for your company.
Page 34 of 111 After configuring this policy for "work" hours. The down side to this is that if someone is reading a long page on the web site or steps away from their computer for a brief moment. This reduces the risk of error and simplifies the process of configuring your network. the phone line will used for a larger amount of time. these settings would give your users the fastest response time as the connection would always be online. The timeout values are shown in the table below. the Short option minimizes the amount of connection time and frees up the phone line for later use. you can then configure the policy for time outside of office hours and additionally for the weekend. but only doing so through the use of a dial-up connection and a modem or ISDN adapter. Choosing this option is basically equivalent to creating a permanent or dedicated connection. You may also be able to visually identify which port your modem uses. Assuming that your ISP is okay with this arrangement and you can afford to do so financially. The DHCP server can automatically configure the other computers on your internal network with such parameters as non-routable IP address. The other is a more general timeout for any other types of packets. the server will probably have disconnected and will need to redial and connect. Medium or Long. There are two separate timeout values configured by each choice. These specify how long the server should wait before disconnecting the dialup connection. Configuring Your DHCP Server You now will be prompted regarding DHCP service. The difference is there because it is assumed that people reading a web page may take longer to go on to another web page. whereas users connecting to another service (such as ssh or POP3 to an external server) probably will be more active than someone using a web browser. setting the Long connection time will result in users experiencing fewer delays while waiting for the server to reconnect. Notice that you do have the choice of never. when they want to then go to another web page. #2 Your modem documentation may indicate which serial port is used by the modem. The connection policy defines several choices including Short. On the other hand. subnet mask and gateway IP address. which would allow you to restrict your system from connecting on weekends or during off-hours. If your office only shares a single phone line. Choice HTTP Timeout Other Timeout Short 3 minutes 30 seconds Medium 10 minutes 5 minutes Long 20 minutes 10 minutes Note that there is also the option for a Continuous dial-up connection. Your SME Server can be configured to provide DHCP service to your internal network. However. 10/18/2010 . One value is the length of time since the last HTTP (web) packet went through the server. One example of this use might be to set a Continuous connection policy during work hours and then some variable policy during off-hours and the weekend.
the opening screen of the SME Server server console will appear: Tip: If you set the server console mode to "login". you will be given a login prompt. After you enter the user name "admin" and your system password. As above. Client IP Addresses are handed out at the high end of the range. you will see the server console screen above. You should not do this if there is an existing DHCP server on your network as there should typically be only one DHCP server per network. If you have fewer than 180 machines on your local network and no reason to prefer one range of IP addresses over another. you need to tell it what range of IP addresses it can safely distribute. 10/18/2010 . this section is pre-configured with defaults that are appropriate in most situations. The Server Console When installation is complete and if you set server console mode to "auto". you can simply accept the defaults for these screens.Page 35 of 111 We recommend configuring your server to use DHCP to configure all of your network clients. Configuring the DHCP Address Range Before the DHCP server is able to assign IP addresses to the computers on your network.
etc.Page 36 of 111 Note: Any time that you login to your system as the "admin" user you will see the server console. direct access to your server.). DNS. The server console provides you with basic. Option 3: Test internet access Allows you to test your Internet access. This is true even when connecting to the server remotely using a tool such as ssh (discussed later in the chapter on Remote Access). IP address information. domain names. DHCP. Option 2: Configure this server Allows you to view and modify the configuration information you entered during the original installation (ethernet cards. 10/18/2010 . From the server console you can get the following information and perform the following tasks: Option 1: Check status of this server Provides you with uptime information about your server.
For more information see the Raid howto 10/18/2010 . shutdown or reconfigure you server Allows you to smoothly reboot.Page 37 of 111 Option 4: Reboot. reconfigure or shut down your server. Option 5: Manage disk redundancy Allows you to manage and view the current RAID status.
10/18/2010 . This option merely allows you to perform these functions directly from the server console. Lynx has a wide range of other commands which you can learn about through the online help available at http://lynx. Access server manager with text-mode browser. Navigation is primarily with the arrow keys . the server uses a text-based browser called lynx to allow you to access the web-based server manager from the server console. This is the same interface to which you can connect from another system using a normal graphical browser.Page 38 of 111 Option 6: Access server manager Provides you with a means to access the web-based server manager using a text-based browser. right arrow to follow a link.browser. left arrow to go back.org/ Note that for security reasons some regular features of lynx are disabled when you are browsing from the server console (such as the ability to specify an external URL).up and down to move through the page. Type 'q' (for 'quit') to exit the text-based browser. Using the Text-based Browser For Option 4.
You should always ensure that you log out from the root account when you are finished and before you switch back to the server console. If you connect in remotely as the "admin" user and see the server console. (You can. Simply type mc at the command prompt. Be aware that this ability to switch between the server console and a login prompt is only available when you have physical access to the server. you may be interested in trying a file management tool called Midnight Commander. If your server is displaying the server console and not a login prompt. you will not be able to switch to a login prompt in that window. To switch back.Page 39 of 111 Accessing the Linux Root Prompt If you are an expert user and would like to do advanced modifications to the configuration of your server. however.) Note that remote administrative access is disabled by default and must be specifically enabled through the Remote Access panel of the server manager. you can press Alt-F2 to switch to another screen with a login prompt.org for support. It allows you to perform many file operations through a menu-driven interface. Option 8: Perform backup to USB device Attach a USB Device and follow the prompts. The password for the "root" user is whatever password is currently set for the administrator of the server. 10/18/2010 . Option 7: View support and licensing information Displays the GNU General Public License (the license governing the distribution and use of SME Server software) and information on how to contact Contribs. you can access the Linux operating system underlying the SME Server software by logging in as the user "root". Press the function key "F1" for help and "F10" to quit. open up another remote connection to your server and login as the "root" user. Note: If you are not familiar with working from the Linux prompt. press Alt-F1. Note that this is the same password as that used by the "admin" user account.
we cannot accurately explain the process of configuring each of them. 10/18/2010 . web browsing and LDAP (using the information in this chapter). we recommend you configure your desktop computers in the following order: Step 1: First. operating systems and software applications.Page 40 of 111 To restore this type of USB Backup. e-mail. explains this simple process. they might be useful supplements to this chapter. SME_Server:Documentation:Administration_Manual:Chapter10 Configuring the Computers on Your Network What Order to do Things For efficiency. you can now access the server manager over the web and create your employees' user accounts. The next chapter. configure one of your desktop computers to work with TCP/IP (using the information in this chapter). This chapter helps you configure software and hardware supplied by other companies and for that reason is not as specific as the rest of this guide. Don't have the Drive attached during the install or the drive will be formatted !! Note: The console backup to USB device is an independent method not related to the server-manager backup options. Given the wide range of computers. Step 3: Once e-mail accounts are created. Step 2: With TCP/IP up and running on one of your computers. you can ensure that all the computers on your network are configured for TCP/IP. If your computers and applications came with manuals. perform a clean install and when prompted if you wish to restore attach the USB Drive. Technical problems encountered in networking your desktop computers and applications are best resolved with the vendors who support them for you.
select "DHCP server". etc. As an example. Description All your computers must communicate enable TCP/IP on the network using the TCP/IP protocol protocol. In Apple. disable non. Configuring Your Desktop Operating System The dialog box where you configure your desktop differs from operating system to operating system and version to version. disable all other protocols protocols. On a Windows 95/98 system. in Microsoft Windows 95 or 98. Turn "off" other networking protocols (e. Note: We strongly recommend that you configure all clients machines using DHCP rather than manually using static IP addresses. client configuration occurs in the "Properties" dialog box associated with the TCP/IP protocol for your ethernet adapter.Unless an application relies on a nonTCP/IP TCP/IP protocol. you may need to add one before you can configure its properties with the following information. 10/18/2010 . To get there. enable DHCP service See section below Item What to enter In Windows you add a TCP/IP protocol. open TCP/IP Control Panel. you will find it much easier to work in an environment where addresses are automatically assigned. go to the "Control Panel" and select "Network". NetBeui.) In Windows. In Apple. If a TCP/IP protocol is not yet associated with your ethernet adapter.g. enable "Obtain an IP address service automatically". the window will look like the image below. Should you ever need to change network settings or troubleshoot your network later.Page 41 of 111 Warning: This chapter demonstrates only one of the many possible ways to configure your client computers and is provided here as an example.
Next you will go to the Hostnames and addresses web panel of the server manager and enter the information there. subnet mask. gateway IP address and DNS IP address(es). Note: In some rare cases.Page 42 of 111 Automatic DHCP Service Your server provides a DHCP server that assigns each of the computers on your network an IP address. Warning: 10/18/2010 . you may want to use a static IP address for a particular client machine. However. you will first need to determine the Ethernet address of the client computer (usually through the network properties). To do so. The typical approach is to manually enter this IP address into the network properties of the specific machine. consult the section in the|Chapter 5 called "Configuring Your DHCP Server". it is possible to provide this static IP address directly through DHCP rather than manually configuring the client computer. For a more detailed explanation of DHCP. The negative side of this approach is that you cannot easily change or alter network settings without having to go in and modify the information on the client machine.
255. In enabling DHCP service in the server console.168. the running in server-only mode. you designated a range of IP addresses for DHCP assignment.1. gateway IP addresses and DNS addresses will be assigned automatically by the server DHCP server. server that restricts internal queries to Internet DNS servers.0". IP addresses of your domain name servers It is critical that every computer on your network has a unique IP address and that you don't assign two computers the same address.1. in the case of server-only mode. Enter its IP or. netmasks.Page 43 of 111 Only One DHCP Server It is imperative that no other DHCP server is on your network. firewall or network router). If you are your network's gateway (e. you may need to enter additional DNS servers here. IP addresses 192. you must manually enter the following information into your TCP/IP properties: Item IP address subnet mask (or netmask) gateway IP address Description Manually enter this information (see paragraph below).168. Leave DHCP enabled.168.1. You also allocated a block of IP addresses for manual assignment. and reboot each computer. enter the IP address for address here: the default is "192. your server is your local network's gateway. However.64 will have been set aside for manual entry. Manual entry for computers not using DHCP service As noted above. we strongly recommend that you perform all your client configuration using DHCP.255. If you accepted the defaults pre-configured into the server console. "255. use only those IP addresses when manually assigning IP addresses to your computers. enter the IP address for the device interfacing with your external network.g.168. If you have a firewall other than your Manually enter this information. he default subnet mask (or netmask) is Manually enter this number.1. If a former DHCP server configured your computers. you should remove that DHCP server from your network.2 through 192. New IP addresses. To avoid duplication.the default used in the server console is "192. unique IP address to computers not accepting DHCP (see note below).1". 10/18/2010 . Normally you would just add the IP address for your server .1". Enter the IP address for the server If you are running in server and gateway mode. if your computers do not support DHCP. It is even possible to assign a static IP address through the Hostnames and addresses web panel of the server manager that will be distributed through your DHCP server. What to enter You must assign a different.
MS Windows Domain configuration SME Server can be configured to be the "Workgroup and Domain Controller" for your network. go to the "Control Panel". (For example. MS Windows workgroup configuration If you are using a Microsoft operating system.Page 44 of 111 After configuring the TCP/IP parameters. In the field for "Workgroup". Enter your servers "workgroup" value in the domain field and 'Connect'. we'll explain how this can be set using the web-based server manager. select "System" --"Network"-. your computer will be connected to the server and to the Internet. you may need to reboot your desktop computer to implement the configuration changes. (In a subsequent chapter. select "System". and click on change. (In a subsequent chapter. here users do not need accounts on individual PC's but authenticate against the Server.) Go to the Control Panel. most Windows systems need to be rebooted after the TCP/IP configuration has been changed. then "Computer Name".and "Computer Name" and click Change. Enter 10/18/2010 .) Once the settings take effect.) Connecting to a Domain To connect a windows XP client to your domain. type your "workgroup". you must ensure that your workgroup is the same as the workgroup name of your server. we'll explain how this can be set using the webbased server manager.
bat REM To set the time when clients logon to the domain: net time \\servername /set /yes REM To map a home directory to drive h: net use h: /home /persistent:no net use j: \\servername\ibay1 /persistent:no net use p: \\servername\ibay2 /persistent:no if exist Z: net use Z: /del /yes and reset file to dos format unix2dos /home/e-smith/files/samba/netlogon/netlogon.Page 45 of 111 the username of admin(*) with the servers admin password when asked.xxx/server-manager ■ https://ip-of-your-server/server-manager ■ https://name-of-your-server/server-manager If you had chosen the server name "nemo" and ip-adress 192.1.99/server-manager or https://nemo/server-manager. and you should get back the response 'Connected to workgroup'. The server-manager can be accessed via a web browser from any client connected to the same local network using a variety of URL formats: ■ https://www.168.bat Chapter 13 has an alternative method for admin to edit the netlogon. Setting up network drives If you are using SME Server as a domain controller and the workstations have joined the domain you can automate drive mapping and syncronise the PC time with the netlogon.yourdomain. (*) Admin or any user in the 'Domain Admins' group can join the domain.1.99 during initial configuration you gain access with---https://192. you are only able to access the server-manager through a web browser on the local network.bat file pico -w /home/e-smith/files/samba/netlogon/netlogon.168. Remote access is only possible using remote access tools such as ssh and PPTP or by allowing access to IP ranges set in Security > Remote Access 10/18/2010 . --- Note: For security reasons.bat file On-going Administration using the server-manager The server-manager is your SME Server control panel for administrative tasks.
If this is the first time you are setting up user accounts for your organization. The account name must contain only lower-case letters and numbers and should start with a lower-case letter (not a number). we'll explain each of the administrative functions.lastname" and "firstname_lastname" are automatically created for each account.com. Longer names can be created for email through the >Pseudonyms panel. Assuming your domain name is tofu-dog. Collaboration Users User accounts should be set up for each person in your organization. if you have an employee named Fred Frog. 10/18/2010 . Fred's email address would be "ffrog@tofu-dog. password-protected email and file storage areas. Fred's file directory on the server would also be named "ffrog". For your information. you'll be asked to enter your user name (which is always "admin") and the password you created during the installation process. pseudonyms of "firstname. Enter that information and click "OK" to be taken to the server-manager. A user account includes separate. Configuration and Miscellaneous. It will look like the screen shown above. So. User account names are limited to twelve characters to maintain consistency with various versions of Windows. you will need to establish what your naming convention will be. Let's assume you've decided that the account name should consist of first initial and last name. Security.com". The links are grouped together under four headings: Collaboration. Administration.Page 46 of 111 When you arrive at the correct URL. Fred's user account would be "ffrog". In the next five chapters. There are some basic rules built into the server as to what constitutes a valid account name.
10/18/2010 . User accounts are locked out and cannot be used until you set the initial password for each account . Note: If you want someone to have an email address at your company. you can easily modify or remove a user account (by clicking on "modify" or "remove" next to the user name) or set the user's password. but want the messages forwarded to another external email address. modify the information for each user as you create the account.the account name (the part of the email address that comes before "@"). As a convenience. As a reminder of this. the person's name. You can. company and phone number. if necessary. the administrator has not yet changed the password for user "Sally Salmon"). the user will not be able to access services on your server. address. you can create the user account but set the email delivery option in the user account to 'Forward to address below' and enter the external address.Page 47 of 111 In the "User Accounts" section of the server-manager. If you haven't already created any accounts. department. From the list of user accounts. but the email will be delivered to the external email address. you will see a list of your current accounts. user accounts appear in red until the password is changed. If you leave the user account locked out. select "Click here" and fill in the requested information . (In the example shown here. the defaults that you entered in the "Directory" section of the server-manager appear each time you create a new account.
you need to reset the password using the link on the User Accounts servermanager panel. the screen asks for the new password twice). Changing User Passwords Once they have an active account. Note: There is no way for the administrator to recover a forgotten password for a user.manager. For instance. if a user account is set to forward email to an external email address. How do I change it? First a warning .yourdomain. when an employee leaves the company. your users can set their own passwords by accessing the user-password URL which is only accessible from Local Networks.yourdomain. To disable any user account on your server.xxx" is the web server name you entered into the server console). just click on the Lock Account link on the User Accounts server-manager panel. As soon as you click the link. The user will no longer be able to retrieve email or connect to any files or other resources on the server. here is how you change the password strength checking from 'strong' to 'normal'. To prevent this.xxx/user-password .Page 48 of 111 Disabling User Accounts There may be times when you do not wish to delete a user account but instead merely want to disable it. Therefore. the account will be locked out. Note that changing the password for a user in the server-manager overrides any previous password entered by your user.Far too many systems out there have weak passwords and they will be broken into. The staff at The Pagan Vegan would visit the URL www. They do this through their web browsers by visiting the URL www. you may want to immediately remove their access to the server. when a user forgets his password. Be careful to use the exact capitalization. simply reset it in the server. As noted above. a user would enter his or her account name (the characters before "@"). If that fails. which was the setting in previous versions of SME. All they can do is set a new password for the user.xxx/user-password (where "www. the email will be forwarded to that external address. When an account is disabled. To re-enable the user account. but still keep their files or email address active until the information can be examined. Educating your users on the necessity of strong passwords is the best option. the old password and the new password (to ensure accuracy. email will still be received for that user name. To make the change. Note: Password strength checking is too strong.yourdomain. but the user will be unable to retrieve the email. config setprop passwordstrength Users normal config setprop passwordstrength Ibays normal 10/18/2010 . you will need to modify the properties for that user account.
remove or change user groups. followed by a brief description. check the boxes next to the names of the users who should be associated with that group. they work in the same department or are collaborating on a project. the group will not be created and you will receive an error message. and it allows the system administrator to associate groups of users with a single information bay (ibay).for example. to disable password strength checking by setting to 'none' Groups This screen allows you to create. Creating a new group is a simple three-step process. Finally. but strongly discouraged. these should begin with a lower-case letter and consist only of lower-case letters and numbers).Page 49 of 111 It is also possible. If you fail to do so. you are required to assign at least one user to that group. You enter the group name (as with account names. which are simply lists of people with a shared interest . 10/18/2010 . The user group function serves two purposes in the SME Server: it permits email to be sent conveniently to a group of users. Warning: When you create a group.
the user must log out and log back in for those changes to take effect. assigned as follows: Group Description Domain Admins Domain Users Domain Guests Domain Rights admin shared (everyone) nobody If you create a group and name it whatever you want but put one of the above for the description then the newly created group will replace the above mapping.com/xp_groups. He must log out of Windows (he does not need to shut down or reboot. he or she will still have their old group membership information. you will see a list of user accounts. You then create a new i-bay called "salesinfo" that only the "sales" group can access. You can also create a less privileged group "Power Users" see http://www. just log out) and login again. Setting admin rights If you are using SME Server as a domain controller and the windows workstations have joined the domain then by adding users to special groups you are able to change the rights a users has on that workstation. suppose you create a new group "sales" and assign user "ffrog" (Fred Frog) to that group.htm for the rights granted to the different groups. However.Page 50 of 111 After you add (or remove) a user account from a group. 10/18/2010 . set for that user account. So if you create a group called "admins" and give it a description of "Domain Admins" then anyone you assign to this group will be a domain admin and also a local admin on ANY box that has joined the domain. if any. He will receive a permission-denied error. Fred Frog is still logged into a Windows PC and now tries to connect to the new i-bay through Windows Explorer. For instance. Quotas By default. the actual disk space they are using and the quotas. The domain always has three groups created. Now he should be able to go through Windows Explorer and access the "salesinfo" i-bay without any problem.kellys-korner-xp. if you wish to limit the disk space a particular user account can use. Until the user does so. there is no size limit on the files a user may store on the server nor the amount of email that can be received. As shown in the image below. you may do so on the " Quotas " panel in the server-manager.
10/18/2010 . but also all files that they may put into any of the i-bays. Note that if the user account exceeds the "Limit with grace period" for seven consecutive days. There are two quotas that can be applied to each user account: ■ Limit with grace period .when a user's disk usage hits this limit.when a user's disk usage exceeds this limit. ■ Absolute limit .Page 51 of 111 Warning: Note that the quotas apply to all files that a user stores on the server. the account will be treated as if it exceeded the absolute limit and will no longer be able to save files or receive email. the user will no longer be able to save files to the server or receive email. Warning: Email for the user account is not lost! It is held in the delivery queue and will be delivered to the user when their disk usage drops back below their absolute limit (or the "limit with grace period" if they were locked out due to seven days above that limit). an email warning message will be sent to the user account each night until the disk usage is brought back under the limit. This includes not just their home directory.
"postmaster" and "mailer-daemon" will only be visible after you have either added a user account to the system or have added a custom pseudonym. Likewise. these three pseudonyms are there. Pseudonyms Any user who has an account on your SME Server will be able to receive email sent to that user ID. These two pseudonyms are in the form of "firstname. that group account name functions as an email alias.frog@mycompany. when you create the user account "ffrog" for a user with the name Fred Frog. Note that you do not have to set both limits for a user account and can choose to set only one of the limits.lastname" and "firstname_lastname".xxx" will be distributed automatically to all members of that group. Until that time. all you need to do is set the limit to "0". 10/18/2010 . For instance. the server creates two separate pseudonyms using the first and last names of the user. you can use the web panel found under the "Collaboration" section of the server-manager. If you wish to modify or remove any of these pseudonyms. "postmaster" and "mailer-daemon" are created pointing to the "admin" user. Hence. for each user account. your server also automatically creates several pseudonyms .xxx". Note: The special pseudonyms of "everyone". for example. but will not be visible on the Pseudonyms web panel. his primary email address will be "ffrog@mycompany. Two other pseudonyms. when you create a group account.xxx". For instance. If you set a limit and later wish to disable the quota for a given user account.Page 52 of 111 By selecting " Modify " you are able to set a quota (in Megabytes) for a particular user account. or create new ones. your server automatically updates the email alias.xxx" and "fred_frog@mycompany. he will also be able to receive email sent to "fred. if you have a user named Fred Frog with the user account "ffrog". your server creates a special pseudonym called "everyone" that includes all user accounts on the system. messages to "sales@mycompany. In addition to user and group accounts. If. Additionally. so that messages addressed to the group ID will be sent to all members of the group. As you add and remove members to the group. as shown below. you create a group called "sales".
10/18/2010 . a pseudonym for webmaster is being set to point to ffrog. there are some restrictions on the text content of the names. Pseudonyms can be linked to existing user or group accounts.Page 53 of 111 As noted on the screen below. In the example shown.
eg create your domains eg domain1. 10/18/2010 . whether it be a user. Therefore whenever you create a user account and you have multiple domains.Page 54 of 111 Practical usage guidelines An SME Server has only one name set. a pseudonym or an ibay. a group. domain3. You can even setup different groups to allow only different users to access each ibay to update web content etc. then that user will apply to all domains automatically. domain2. meaning only one occurrence of a name can be in the system. domain4 and configure those domains to use different ibays for the web content. The golden rule is never allocate unique user names to end users accounts as these will no longer be available for globalname@domain type email address usage. Using the pseudonyms panel is the only way that SME Server can distribute email for the same user "name@different-domain" names. but you need to use it in conjunction with the correct underlying naming concepts. So the user account "sales" will receive email for sales@domain1 sales@domain2 sales@domain3 sales@domain4 The problem with this is that you cannot have different people using the same user account name to collect email.
as users often have different "position related" pseudonyms anyway eg manager@domain1 forwards to user1. in the pseudonyms field type the whole pseudonym name as sales@domain1 Note do not use sales. The email address for the user will be the same as the pseudonym ie sales@domain1 and that is the address the user should publish and use as the return email address. user10. info or accounts for any other purpose ie. johnw. user12 as needed for users who want to use the email address "accounts". user2. user3. but note also that email "inadvertantly" sent to user1@domain2 or user1@domain3 or user1@domain4 will also be sent to user1. Obviously the name before the @domain is different to their login username. user6. It is quite common in practise. As the user account user1 has been created on the server. eg login to webmail as the end user eg user1 (for domain1) and setup the profile for that user to show the return email address of sales@domain1 login to webmail as the end user eg user2 (for domain2) and setup the profile for that user to show the return email address of sales@domain2 Do the same for all other webmail accounts that will be issued configuring the profile and return address as applicable. If your want your end users to use webmail then they login in using the URL https://domain1/webmail https://domain2/webmail https://domain3/webmail https://domain4/webmail If you want webmail to be configured for the correct domain for the correct end user the first time they use it. user11. then that will also work as a valid email address ie user1@domain1 will deliver email to user1.Page 55 of 111 create user accounts user1. that's the compromise to be accepted if using sme this way. then you will need to do that manually yourself before issuing the login details to the user. user7. user8 as needed for users who want to use the email address "info". johnb2. but keep in mind they will use the login name user5 etc rather than info create user accounts user9. user4 as needed for users who want to use the email address "sales". This is not usually a problem as you simply don't tell user1 that any other hosted domain addresses will work for that name. but keep in mind they will use the login name user9 etc rather than accounts create pseudonyms eg sales@domain1 which forwards to user1 sales@domain2 which forwards to user2 sales@domain3 which forwards to user3 sales@domain4 which forwards to user4 info@domain1 which forwards to user5 info@domain2 which forwards to user6 info@domain3 which forwards to user7 info@domain4 which forwards to user8 accounts@domain1 which forwards to user9 accounts@domain2 which forwards to user10 accounts@domain3 which forwards to user11 accounts@domain4 which forwards to user12 ie. Summary eg For user1 for domain1 The user account will be user1 (eg johnb) and the person uses that name (& corresponding password) to login to the server or to webmail. If you don't configure webmail profiles manually then they will have the default return address of loginusername@domain1 (or the main domain name of the server if different). johnm etc) create user accounts user5. Alternative configuration of users 10/18/2010 . as user account names or group names or pseudonym names (on its own) or ibay names. but keep in mind they will use the login name user1 rather than sales (the login names could be johnb.
johnws etc. Any email sent to any of the addresses will automatically be received by the end user account.php?topic=30953.org/index. similar to what ISP's do anyway. johnb1. very flexible and powerful way for you to share information with others. then the only other way you could setup users is to have only one occurrence of a user name in the system eg john. There are posts in the contribs. it is the console backup it is refering to.0 Information Bays The i-bay (information bay) feature of the SME Server is a simple. There is no need to configure pseudonyms in that case. johnb. johnb2. Administration Backup or restore You can easily back up the contents of your SME Server using one of three methods. They are controlled through the web panel shown below. Note: The console backup to USB device is an independent method not related to these options.contribs. You will still need to configure Webmail profiles manually for each domain that is different to the default domain. It is such a rich and important feature that we've devoted Chapter 14 (http://wiki. The following backup methods are restored from the server manager. Every username will be a valid (email address) for every domain hosted on your server.org forums explaining how to do this and forward/delegate email for different domains from one gateway server to other server-only boxes on the same LAN using the same Internet connection. and the user account name and login name will be the same. john2. johnw. john3.Page 56 of 111 If the above method is not acceptable/desirable. but you only tell the end user about their domain eg john@domain1 john2@domain1 john3@domain2 johnb@domain1 johnb2@domain2 johnb3@domain3 etc but john@domain2 and john@domain3 etc will still work. 10/18/2010 .org/SME_Server:Documentation:Administration_Manual:Chapter14) entirely to dealing with Information Bays. john1.contribs. The ultimate answer to having separately administered domains and identical user names at different domains. is to host only one domain on each SME Server ie have a different server for every domain. See this thread for details http://forums. SME_Server:Documentation:Administration_Manual:Chapter6#Option_8:_Perform_backup_to_USB_d When prompted if you wish to restore from a backup during a new install.
Therefore.Page 57 of 111 You have seven actions you can perform. To desktop Backup to desktop The first type of backup allows you to save a snapshot of your server configuration onto your desktop computer. user directories. ensure you have copied the backup file to to an attached USB disk. The web panel shows you the size of the backup file so that you can verify whether sufficient space exists on your desktop machine. Please be aware that there is a 2GB limit on backup to desktop. each of which is described in the following sections. Restore from desktop Restore from Desktop was removed in version 7. use backup to workstation to perform large backups to locally attached USB disks or network shares.4 Ideally you should restore on a freshly installed server. as well as the configuration parameters entered using the server console and the server manager. i-bay contents and web content. CD or DVD 10/18/2010 . if you are planning to do a restore. you should first re-install the SME Server software and then perform the "Restore from backup" when prompted. This will save all user accounts. When you choose Backup to desktop. a browser window will appear that will allow you to name the file and select the location on your desktop where the file will be saved.
Configure tape backup The second type of backup involves configuring your system to perform a daily full system backup to a tape drive using a software package called flexbackup . and full or selective restore with use of dar program. To Workstation or USB Drive Backup to workstation provides for daily full or incremental backup on LAN workstation (via nfs or cifs) or local usb disk. you can also restore user data and configuration settings by using the Restore from tape option. 10/18/2010 . Warning: Note that this restore procedure only restores user data and configuration information. but you can change this in the server manager. Note: When using a CIFS mount you need to be aware of limitations in the characters you can choose in your password. For more details see bugzilla:4850. This is normally the user admin. check the box next to Enable Tape Backup and then specify the time at which you wish the backup to occur and the time at which reminder notices should be sent.net/man/8/mount. If you wish to activate this option. Note that in order to restore data from tape. you will not be able to restore from tape using the server manager.die.cifs) page comma's should be avoided. After you press the Perform button. you should first re-install the SME Server software and then perform a restore from tape.Page 58 of 111 To Tape Warning: Be aware that you must use a supported tape drive and that a tape must be inserted in the drive for the backup to work. It does not restore system files. Restore from tape If you are performing regular backups. If you experienced a serious system crash. You must reboot your system after the restore for the changes to take effect. you must have first checked off Enable Tape Backup and scheduled nightly backups. If you have not done this. Note: Reminder e-mail messages for tape backups are automatically sent to the e-mail address that is configured to receive administrative notices.cifs (http://linux. the system will read the files from tape and overwrite any currently existing files. According to the man mount. but users have also noticed that leading spaces and exclamation marks should not be used.
exactly as it was for any of the saved days in your sets. The second function is keeping more than one set of backup (a set is full backup data and all data of next daily incremental backups) with automatic rotation. and providing this in a simple way with panels is useful. You have the option of restricting the file to a date range. This probably has no utility to do full restore of the system as it was one month ago. Without any filter options. For changes to standard usage and fuller explanations see Backup_with_dar For help with USB Disk preparation see USBDisks Configure workstation backup Configure your backup destination and optoins to suit your situation.. 10/18/2010 . but also say : make restore of the most recent version of the file before this given date. one month.. you will see the entire log file. Dar permits to manage selective restore and e-smithbackup with dar panels tries to keep this function as simple as possible to use. Selective restore is not an easy thing to manage by hand. As shown in the image below. three days. you select the log file that you want to view and press the "View Log File" button. This should ideally only be performed on a clean install. View log files This panel allows you to view the system log files on you server. one week. Restore from workstation This option allows you to restore a complete backup. you can do only nightly full backups but keep three sets of backup for security reason (as being able to restore the system as it was 72h ago). Verify workstation backup This option allows you to verify that the backup was completed successfully. The third function is selective restore of any saved file or directory.Page 59 of 111 The main features of backup with dar aside use of session timeout are: Incremental backup. but restoring a file lost by a user two or three weeks ago can be useful. 100 days. and restore your system at any state it was during this period of time. This means that you can backup and restore data for the period of time you want : one day. And restoring a safe system more than one day old can be needed. Not only you can restore a lost file at it's last state. Selective file restore from workstation This option allows you to restore a single file.. e.g..
Be aware that the filter is case-sensitive. if you pop up the menu. you could examine the log file messages with a filter pattern of DHCP. you will see a range of other options.Page 60 of 111 You will probably find the log file of most interest to be messages where most of the system services write log messages. If you enter any text in the " Filter Pattern " box. If you further add a highlight pattern of DHCPACK. If you suspect that there is a problem with the delivery of your e-mail. that text will be shown in bold. This will show you all DHCP-related messages. there are now a number of reports available that can help you analyze your system's performance. the messages relating to DHCP acknowledgements will appear in bold. Mail log file analysis If you are using your SME Server to send and receive e-mail. If you enter any text in the " Highlight Pattern " box. Both options can be used together. 10/18/2010 . The information can also help you decide how best to optimize your system. As an example. you can use these reports to see how your system is operating. if you were interested in messages relating to DHCP. only lines of the log file containing that text will be displayed. While the default setting provides basic statistics.
There is a similar function in the server console as well. 10/18/2010 . using this screen will ensure that the shutdown sequence occurs gracefully. Note that this screen initiates the shutdown or reboot immediately after you click the "Perform" button.Page 61 of 111 Reboot or shutdown If you need to shut down or reboot your server. preserving all configuration and information on your server.
you have the ability to access your computer network securely from a remote computer. All of these operations are configured from the screen shown below in the server manager. either from a computer on your internal network or from a computer outside your site on the Internet. the SME Server provides several different ways to access the underlying operating system. 10/18/2010 . Each of these remote access methods is described below. Additionally.Page 62 of 111 Security Remote Access If you're an advanced user.
Page 63 of 111 10/18/2010 .
you must decide how many individual PPTP clients you will allow to connect to your server simultaneously. an industry group which included Microsoft and several other companies.Page 64 of 111 PPTP (VPN) The Point-to-Point Tunnelling Protocol (PPTP) is used to create client-to-server Virtual Private Networks (VPNs) and was developed by the PPTP Forum. if you have five users who from time to time use PPTP to connect remotely. For instance. you entered 0. Microsoft's PPTP implementation is widely used in the Windows world to provide remote access across the Internet. if you have a slow connection to the Internet and do not want all of those PPTP clients to connect at the same time. a laptop or a home computer) that has access to the Internet. The simplest method is to enter the total number of remote PPTP clients in your organization. Entering 2 would only allow two users to connect at any given time. If a third user tried to connect. you can also access the information stored on your server. no PPTP connections would be allowed. If. If you wish to enable VPN access. he or she would receive an error message and would not be able to connect until one of the other users disconnected. A VPN is a private network of computers that uses the public Internet to connect some nodes. If you have a remote Windows system (for instance. PPTP allows users to connect to their corporate networks across the Internet. you can enter a lower number here. 10/18/2010 . and enter that number here. Alternatively. on the other hand. entering 5 here would allow all of them to connect at any time.
When you then open up your Network Neighborhood window.Page 65 of 111 Before the server is ready to accept PPTP connections each user that is to be allowed access is to be granted 'VPN Client Access' in the Users panel of the /server-manager. If you are using an external router or gateway to your server. In most cases. Forwarding PPTP inbound is frequently unreliable due to the way PPTP works. and require an inbound VPN connection to support external users. Note: PPTP uses TCP port 1723 and the Generic Routing Encapsulation (GRE) protocol. You may need to install the 40-bit encryption update first. To connect using PPTP. the SME Server enforces the use of 128-bit encryption for PPTP connections.com/ and download the appropriate update. Typically. Note that with Microsoft's ActiveUpdate process. rather than the 40-bit encryption provided in earlier versions of Microsoft's PPTP software. if you are not presented with the choice for this update. this is done through the Network Control Panel (you may need to have your original Windows installation CD available).microsoft. reliable solution is to remove the router and let the SME Server handle the link directly. If you are unable to establish a PPTP connection to your server. you should see your server workgroup listed there. The simple. 10/18/2010 .wikipedia. you should be able to initiate a PPTP connection by double-clicking the appropriate icon in the Dial-Up Networking window.org/wiki/Point-topoint_tunneling_protocol Warning: To protect your network. the page may appear differently depending upon the version of Windows you are using. Due to the dynamic nature of Microsoft's web site. it is most likely already installed in your system. and then install the 128-bit encryption update. you will need both TCP port 1723 and the GRE protocol to be forwarded. you can create new connections through the Dial-Up Networking panel by entering the external IP address of the server you wish to connect to. the protocol must be installed on each remote Windows client. you should visit http://windowsupdate. After it is installed (a reboot of your Windows system may be needed). However most PPTP passthrough routers only allow outbound connections. you will want to look or search for Virtual Private Networking or a Dial Up Networking 128-bit encryption update . Note: After changing the number of pptp clients allowed. Once you're finished. For a more detailed description of the PPTP protcol see http://en. Not all allow inbound connections. the increased number of users is not updated until existing users have logged off.
19. unencrypted text across your network or the Internet. From here you can change the server configuration. encrypted way to login to a remote machine across a network or to copy files from a local machine to a server.Change the port the ssh client connects to the server. 822 This provides some protection from attacks on the usual port of 22. access the server manager through a text browser or perform other server console tasks. OpenSSH. you should next be prompted for your user name. In the default configuration. The server provides the ssh client programs as well as an ssh server daemon and supports both the SSH1 and SSH2 protocols. Once ssh is enabled. in that someone wishing to break into your system could connect to your ssh server and repeatedly enter user names and passwords in an attempt to find a valid combination.) If you do not have any reason to allow remote access.255. users will be able to connect to the server using a standard user name and password.com/. ■ Allow ssh using standard passwords . visit http://www. The user would then have full access to the underlying operating system. we suggest you set this to No access. (See the section below.24 255. If you do enable ssh access. is a free version of the ssh tools and protocol. See the User Manual for details ■ TCP Port for secure shell access . After you enter admin and your administrative password. The protocol itself has two versions . you have additional configuration options: ■ Allow administrative command line access over ssh .If you choose Yes (the default).com/. ssh and its companion program scp provide a secure way to login or copy files. The ssh protocol was originally invented by SSH Communications Security which sells commercial ssh servers.SSH1 and SSH2 .This allows someone to connect to your server and login as "root" with the administrative password. 223.102.Page 66 of 111 Remote Management To allow access to the /server-manager from remote networks add allowed IP addresses to the Remote Management section. To allow a single computer (or network of computers behind a firewall) add it's IP and the netmask. choose a random free port eg.both of which are supported by most clients and servers today. and other related products. In addition to UNIX and Linux systems. visit http://www.255. A more secure way to allow ssh access is called RSA Authentication and involves the copying of an ssh key from the client to the server. This can be useful if someone is providing remote support for your system.255 SSH If you need to connect directly to your server and login from a remote system belonging to you. Note: 10/18/2010 . Many people do not realize that many programs such as telnet and ftp transmit your password in plain. This may be a concern from a security point of view. For more information about SSH Communications Security and its commercial products. you will be in the server console. SSH (secure shell) provides a secure. you should be able to connect to your server simply by launching the ssh client on your remote system and ensuring that it is pointed to the external domain name or IP address for your server. In most cases we recommend setting this to No.ssh. ssh client software is now also available for Windows and Macintosh systems.openssh. For more information about OpenSSH. included with the SME Server. we strongly encourage you to use ssh. clients.
only two user names can be used to login remotely to the server: admin (to access the server console) and root (to use the Linux shell). telnet access has been removed from the SME Server Local networks Your SME Server provides services to machines on the local network and it gives machines on that network special privileges and access. Some advanced users may wish to extend privileges to more than one network of computers. academic and certain non-commercial uses. Telnet Telnet has traditionally been one of the tools used to login remotely to other systems across a network or the Internet. you would choose the "Public" setting. Regular users are not permitted to login to the server itself. 10/18/2010 .html and http://www.Page 67 of 111 By default. you want to be able to update your web site from home using FTP.com/windows. Public FTP access allows users both inside and outside your local network to read or write files on your server. if you choose "Disable public FTP access" here and then later configure an i-bay to allow public FTP access from the Internet. For example. This screen enables you to set your policy for FTP. When you configured your server. You have two options that you can set here.ssh. when you use telnet. you do not need to add any information here. such access will be forbidden. However. We strongly recommend you leave this as Private unless you have a specific reason to do so. dramatically reducing the security of your server. ■ SSH clients A number of different free software programs provide ssh clients for use in a Windows. you will need to access the underlying Linux operating system and manually change the user's shell. A commercial ssh client is available from SSH Communications Security at: http://www. all user names and passwords are transmitted without any kind of encryption. Note that one of the choices here allows you to completely disable any use of FTP. For example. Machines on the network are automatically identified by the server as being eligible for these privileges and access. Because ssh usage has increased to an acceptable level. or "file transfer protocol". If your company only has one network that is being serviced by the server. for example.openssh. Several are extensions of existing telnet programs that include ssh functionality. If you would like your server to identify one or more additional networks for those privileges. The setting you choose here will override all other FTP settings on your server . FTP user account access: Private FTP access allows only people on your internal network to write files to your server. Two different lists of known clients can be found online at http://www. FTP access limits: This allows you to set an overall site-wide policy for FTP access. Note that the client is free for evaluation. If you give another user the ability to login remotely to the server. you will be asked to enter those network IDs and the subnet mask for each network here. FTP Another way to upload or download files to and from your server is to enable a protocol called FTP.com/products/ssh/download. Macintosh or Linux environment. only machines connected to the local network can access the mail server on your server to send mail.freessh.org/. If.html. provided they have an account and password. you provided it with sufficient information to deduce its own local network. Note that allowing liberal FTP access to your server does reduce your security.
you may wish to contact Contribs. If you have questions regarding adding another network. the instructions for configuring the client machines on that additional network may be different than the instructions outlined in the chapter in this user guide. Port forwarding Your SME Server provides the ability to forward its ports to other machines. 10/18/2010 .org and visit the forums.Page 68 of 111 Note: Depending on the architecture of your network infrastructure.
The server's HTTP proxy works to reduce overall uplink usage by caching recently-visited pages.Page 69 of 111 You can use the panel shown above to modify your firewall rules so as to open a specific port (or range of ports) on this server and forward it to another port on another host. Do not use this feature lightly. 10/18/2010 . The server's transparent SMTP proxy works to reduce virus traffic from infected client hosts by forcing all outgoing SMTP traffic through this server. Doing so will permit incoming traffic to directly access a private host on your LAN. Warning: Misuse of this feature can seriously compromise the security of your network. or without fully understanding the implications of your actions. It is transparent to web browsers using this server as their gateway. and this server is your gateway to it. Proxy settings Your SME Server has a transparent HTTP and SMTP proxy. disable this proxy. If you wish to use an alternate SMTP server.
If you do not have a customized web site and wish to create your starter home page. simply fill out the appropriate fields. Create Starter Web Site If you already have a customized web site. http://www.xxx.yourdomain.htm file. This will create a basic home page that you can visit by entering your domain name for your site. you should not use this section.Page 70 of 111 Miscellaneous Support and licensing This Panel displays a copy of the license under which SME Server is released. you can use "http://www/" to view your starter web site. since it will overwrite your index. On your local network. 10/18/2010 . there is typically a delay of one or more days before your ISP publishes your domain address records. as previously explained. Note that. in your web browser.
Page 71 of 111 10/18/2010 .
Other Administration Notes Accessing administrative areas of your server via Windows file sharing: To access administrative areas of your server using Windows file sharing. you can replace or revise your starter web page by replacing or revising the files in the html directory on your server. This applies particularly to the NETLOGON share (where you e netlogon. you must be logged into your network as "admin" with the server system password. Online manual In the top right corner of the server-manager there is a 'Question mark' This is a link that will list the online Doumentation Available. the 10/18/2010 . Select the "primary" share and then select the "html" directory. The html directory for your web site can be accessed using Windows file sharing.bat file). Ensure you are logged onto your network using the admin name and password and then use file sharing to go to the server. Note: These links are under development and may not be ready yet.Page 72 of 111 At any point in the future. Note that you must be connected to the Internet to read the online user guide.
This ensures that regional variations in time zones and daylight savings time are accurately reflected. <math>Insert formula here</math> Configuration Software Installer Panel The Software installer Panel allows you to configure and install updates to SME Server. There are worldwide time zones with multiple selections for countries with multiple time zones. states/provinces and even cities). Pull-down menus for month and time zone ensure accurate entry.Page 73 of 111 Primary share (where the main web site is stored) and any i-bays that are writable only by the user admin. (including standard time zones. 10/18/2010 . The server manager will reset the time automatically during daylight savings time. Set date and time Accessing this section allows you to set the system date and time either manually or using a network time server. You can install additional software from enabled repositories by setting 'Manage individual packages' to enabled.
Warning: After you start using a network time server.ntp.pool. visit http://www. you should NOT set the time or date manually.org Tip: 10/18/2010 . the network time synchronization will no longer function. Many organizations around the world provide Internet time servers for free. add the domain name or IP address of the time server in the space provided and click "Save NTP Settings". Using a time server is optional but doing so can greatly increase the accuracy of your system. For more information about using or becoming a network time server. A time server is a device on the Internet that keeps accurate time and is able to communicate the time to other computers over the Internet using the Network Time Protocol (NTP) . This screen in the server manager allows you to configure your server to connect regularly to a time server and synchronize the clock on the server with the time provided by the time server. To do this.Page 74 of 111 Instead of setting the time manually. you can use a network time server. If you do so. simply check the box for "Enable NTP Service".
Macintosh users need only enter a server name or accept the defaults. In order that you may later connect multiple locations using IPSEC VPNs. Workgroup If you are using a computer on a local network and you wish to access the server via Windows file sharing. Also in this section. After doing that. it is important that you are logged onto the same workgroup as your SME Server. go back to this panel and set the server to use a network time server. you should go through this screen once and manually set the time to be correct and with the correct timezone.Page 75 of 111 In order to make sure the network time server is set to your timezone. you can specify whether the server should be the domain master for your Windows workgroup. This screen allows you to enter the name of the Windows workgroup the server should appear in. If you wish you can change the workgroup name to correspond with an existing workgroup. we suggest that you use a different name for each server. You should also enter the Windows server name. Warning: 10/18/2010 . Most sites should choose "Yes" unless you are adding an server to an existing network which already has a domain master.
bat script by logging on to a Windows system as "admin". The netlogon. you should most likely answer "no" because that other server will act as the domain master. If you do configure your system to be the domain master. but advanced users can.bat file we provide by default does very little. by using the specific path: \\ servername \NETLOGON\ The sample file contains a few examples of setting the system time for each machine and also for mapping a common drive for all Windows client.Page 76 of 111 If you have a Windows NT server or Windows 2000 server on your network that is functioning as a network server. Directory Your SME Server provides an easy mechanism for creating a company directory. your directory will be automatically updated with the new information. a special Windows share called NETLOGON is created with a DOS batch file called netlogon. Each time you create or delete an e-mail account. As the NETLOGON share is only writable by the "admin" user. As the "admin" user. if they wish. you modify the netlogon. you will need to connect to the share or map a drive to it. connecting to the share and then modifying the script using a Windows text editor. modify this script to set environment variables for their clients or provide automatic drive mappings. 10/18/2010 . This batch file is executed by Windows clients that have been configured to "Logon to domain". Be aware that the NETLOGON share will not be visible in Network Neighborhood or other similar tools.bat.
Choosing "update with new defaults" is a convenient one-click method of revising your directory when. The field to do this is located near the bottom of the screen. street address. for example. you will see an additional screen that will ask for the hostname or IP address and the network printer name.Page 77 of 111 In this section of the server manager.the user's department. "the printer down the hall") and the location of the printer . The printer can be either locally attached to a parallel or USB port on your server or can be a network printer. Enter that information where requested. Each time you create an e-mail account. your company has moved to a new address. (raw is the name used by most network printers for their main print queues. as long as it starts with a lower-case letter and consists only of lower-case letters and numbers. the fields will contain the information entered here as the default.) 10/18/2010 .whether it's on the network or directly connected to your server through a parallel or USB port. you specify the default directory information for new accounts . you can change the information for each user. you can change the default information and have the new information apply to all new users or to all existing users as well. company. All the server needs is some basic information: the printer name (which can be anything you want. For the network printer name. If you choose "Network printer". a brief description (for example. with no spaces). If you wish. raw. unless you have some reason to do otherwise. At any time in the future. you can use the default setting. city and phone number. Printers Your SME Server enables all users on your network to easily share a printer.
These printers cannot be used on the server. Note that many modern network printers can be configured automatically. we suggest that you enter the hostname for a network printer here and enter the IP address of the printer through the Hostnames and addresses panel of the server manager. For instance. and also to modify the configuration. If you are concerned about whether your printer will work with your server. That name and several other "standard" names are automatically configured in your system's host table during the installation process. they will be taken to wherever "www" has been set to point to. the user will not be able to print to the printers managed by the server. Either the user will have to logout and log back in as a valid user or the tturtle account will need to be created on the server. Most printers are supported as long as the appropriate driver is installed in the operating system on your client computers. you should be aware that in order to use the printers available through your server a user must be logged in to their client system with a user name and password that is valid on the server.redhat. As seen in the image below. the SME Server does not have a list of "supported printers".org.xxx". when someone tries to connect to "www.com/hcl/) or explore the information found at LinuxPrinting. enter their hostname. you were asked to provide a name for your system. The "Hostnames and address" web panel allows you to modify this table and specify different host "names" for each domain on your system. For instance. you can visit Red Hat's Hardware Compatibility List (http://hardware. For this reason.mycompany. Note also that the server printing system does not perform any filtering and passes the print requests directly from the client computers to the printer in the "raw" or "pass-through" machines. 10/18/2010 . To do so. Hostnames and addresses When you installed your SME Server. This allows you to have one central location listing IP addresses and allowing you to make changes. there are some newer printers that only have a Windows driver available and rely heavily on that operating system to perform their print functions. However. As a final item. This host table is consulted as part of the name resolution process. IP address and Ethernet address in the Hostnames and addresses panel.Page 78 of 111 Note: For maximum flexibility in making changes later. as well as to control how those names resolve both for systems on your local network and also for systems on the larger Internet. this screen in the server manager allows you to view these default settings. if a user is logged in as tturtle on their Windows desktop and that user account does not exist on the server.
If you wanted "www." link next to "www". you will find the text "Publish globally?" with a checkbox next to it..xxx" to point to your ISP's server. you would modify the entry here by clicking the "Modify. The image below shows the screen in which you would perform the task: 10/18/2010 . Suppose. your company's web site was hosted at some other location. for example. such as on your ISP's web servers.mycompany.Page 79 of 111 Using the Hostnames Panel Throughout the screens linked to from the Hostnames panel..
you simply enter the hostname. Remote hosts: As mentioned in the example earlier. Local hosts: This screen is a bit more complicated because you have more options. This allows you. Note that if your system is configured with any virtual domains. you can create other names such as "home". you might want to set up "intranet. and enter the remote IP address.xxx" pointing to a completely separate IP address. just type in 10/18/2010 . To do this.Page 80 of 111 You would first change the location to "Remote" and then enter the IP address of your ISP's server in the field marked "Global IP". While "www" is created by default. for instance.xxx" to point to your server. if appropriate. you can create a hostname in a domain that points to another computer on your local network.com" pointing to one IP address and "www. All you do here is enter the hostname and.mycompany. you might want to point a hostname such as "www" to a remote system. In the form. to have "www. you will have the choice of the domain in which you want to create the hostname. choose the domain for the hostname. At a basic level. choose the domain. The hostnames you can create on this panel fall into three categories: Additional names for your server: For instance.tofu-dog.mycompany. or any other appropriate name. "research". Creating New Hostnames Creating new hostnames simply involves selecting one of the links at the top of the Hostnames and addresses panel and filling out the appropriate fields.
Rather than configuring the machine manually. you must first determine the Ethernet address of your client system. you might have another intranet web server within your company that you want to always have the same IP address. This has the same result as manually configuring a static IP address. the target computer system will need to have two network interface cards . click on the link to create a new hostname for a local host.mycompany.xxx" to be accessible both inside and outside your local network. you have to keep track somewhere of the fact that you have assigned a specific IP address to that machine. Note: The "Ethernet address" field when creating a hostname pointing to a local host is only used for reserving IP addresses through DHCP as mentioned in the next section. Second. Windows 95/98 users can run the command winipcfg . If you wish to change those settings. For that reason. For instance. the Ethernet address along with the desired IP address into the web panel. Reserving IP Addresses Through DHCP Another task you can perform through this panel is to reserve an IP address for a given system based on its Ethernet address. Add the hostname of the target system. First. your SME Server will be able to receive e-mail and host a web site for that domain. The negative aspect of doing this is that if you later want to change the network settings for that machine. through the DHCP server you will provide network settings.one connected to the internal network and one connected to the external network. All DHCP clients will then receive those updated changes when they renew their DHCPprovided addresses. The challenge is that your local IP addresses are only accessible inside your network. Where this gets complicated is when you want "research. you must manually go and configure that machine. 10/18/2010 . Additionally.Page 81 of 111 the hostname and enter the IP address in the "Local IP" field. you can reserve an IP address from the DHCP server for that specific machine. Linux/UNIX users can type ifconfig. the change can be simply done on your server. but offers two benefits. Domains When you create a domain using this section of the server manager. For instance. From this point on specified IP address will only be provided to a client system with the matching Ethernet address. An example would be if one of your DNS servers changed its IP address. you might want "research" to point to a computer system inside your network. One method of assigning that address is to manually configure the client machine to have a static IP address. you have one location to keep track of all assigned static address. Windows NT/2000 users can type the command ipconfig /all . You would then enter both IP addresses in this screen in the "Local IP" and "Global IP" fields. To reserve an IP address. Once you have determined the client's Ethernet address.
you can create a virtual domain by entering "tofu-bird. you should supply the fully-qualified domain name .com". Be aware that you can point the domain to either the primary web site or to one of the ibays . your server will be automatically configured to answer to web requests for www. You then tell the server where to find the content for that domain . For instance. fill in the domain name and a description of the site. but without any prefixes like "www" or "ftp". You cannot point a domain to a subdirectory that you simply create inside of the primary web site file area. In most cases the DNS for the server is not handled by the server but by some Internet DNS servers.xxx and will accept e-mail for your virtual domain as well. including any extensions like ". Public DNS Records Once you have created a domain. So.domainname. This feature allows you to host multiple web sites from a single server. but not by entering "tofu-bird" or "www. or you can create a new set of web pages and store them in one of your i-bays. the default is to pass DNS requests for anything but the primary domain to the Internet DNS servers.it can be the same as your primary web site. This is the full name of the domain. Clicking the arrow in the "Content" field will show you a list of your current i-bays and allow you to make a selection. 10/18/2010 .tofu-bird.com". Note: When you are entering the name for the domain.Page 82 of 111 To create a domain. You need to use an i-bay instead.com".
_ for more information. including all local hostnames. Warning: While the server is prepared to offer web and e-mail services for this domain. However. That's why it is not the default. E-mail As shown below. but the dns cache will forward them to the chosen DNS servers. In order for users on the Internet to successfully connect to your machine using the domain.Page 83 of 111 The primary domain is resolved locally as we generate (fairly) complete DNS records for that domain. your ISP will need to configure an M record for the domain in order for you to receive inbound e-mail to that domain. For instance. this section of the server manager allows you to specify the protocol used to retrieve e-mail from your ISP and configure other settings regarding the retrieval of e-mail. There is a comprehensive email howto with alternative and advanced suggestions. since you need to set up the Internet DNS servers with the correct information anyway. If you set a domain to "Resolve locally". See Appendix B. the only DNS records seen will be the ones entered on the SME Server. ■ Complex setup where some domains are handled by internal/corporate DNS servers and we want to choose those in preference to the Internet DNS servers. there is one more step that occur. you w need to work with your ISP or whoever controls the DNS entries for your domain to have the appropriat DNS entries pointed to the IP address of your server.org/SME_Server:Documentation:Administration_Manual:Appendix#Appendix_B. 10/18/2010 . DNS (http://wiki. why duplicate the work to enter it locally? Note that in all cases the server will act as a DNS cache/proxy/forwarder and so all domains will actually _technically_ be "resolve locally". but DNS is handled by Internet DNS servers ■ Moderately complex setup where the SME Server DNS should take preference over the Internet DNS records. The new settings are there to allow for various configurations: ■ Simple setup where the SME Server is a gateway. This is a conscious decision to run a splithorizon/internal fake root where the Internet and Intranet have different DNS records.contribs. You need to be careful here as the external world view will not match the internal world view.
Page 84 of 111 10/18/2010 .
The former allows access only from your local network. Note: Even with POP and IMAP configured for public access. use webmail to read and send their mail. use the STMP server of their local ISP. Allowing this would open your server to abuse by spammers as a mail relay.Page 85 of 111 E-mail Access ■ POP and IMAP server access: The options are "Private" and "Secure Public". users outside your local network are not able to send e-mail using your server as their SMTP host. ■ Enable/Disable Webmail: With this option you can enable or disable the webmail component of your server. or a. 10/18/2010 . More information can be found in the Chapter on Webmail. The latter allows access from anywhere on the Internet. use PPTP to connect to your internal network. Users who are travelling should either: a. a.
Page 86 of 111 E-mail Filtering Extra types of email attachments can be blocked with the instructions at Virus_blocking_tutorial 10/18/2010 .
■ If you arranged "ETRN" support with your ISP. you will need to specify the user account and password assigned by your ISP for this POP 10/18/2010 . choose that setting and then scroll down to the field that asks for the IP address or hostname of your ISP's secondary mail server. set E-mail retrieval mode to "Standard". choose "multidrop" and then scroll down to the field that asks for the IP address or hostname of your ISP's secondary mail server. ■ If you arranged "multidrop" mail service from your ISP. This secondary mail server will receive all e-mail for your domain and store it in a single POP mailbox. Further down the screen. This secondary mail server will provide temporary e-mail storage when your server is not connected to the Internet.Page 87 of 111 E-mail Retrieval Your choice of e-mail retrieval mode will depend on the arrangements you made with your Internet service provider: ■ If you have a dedicated connection.
Page 88 of 111 mailbox. Your server will periodically fetch this mail and distribute it to individual POP mailboxes on the server. (Note that due to problems receiving mail for mailing lists, we strongly encourage people to NOT use multi-drop e-mail.) If you want to forward e-mail to another mail server for processing, enter the mail server IP address in the box marked Delegate mail server . A common use for this is if your server is receiving inbound e-mail from the Internet, but you would like to pass that mail to a different mail server on your internal network. Note: Delegate mail server implies that all mail which is accepted is passed on to the delegate mail server (IOW, that other guy is the mail server, I'm not, so I expect him to do everything, eg spam filtering) If you intend to have an external mail server handle mail for your domain, just send the mail directly to that mail server, via the MX record for your domain. If you have a dialup connection, the server allows you to control how frequently it fetches e-mail from your ISP. This is particularly useful in situations where you incur phone or Internet charges each time your system contacts your ISP. The default settings are every 15 minutes during standard office hours and every hour outside normal office hours on weekdays or on weekends. The fields allow you to customize those settings. Finally, if you have "multidrop" mail service you need to select the sort method used by the server to decide which user each message should be delivered to. Your server has a default method for this (it examines various headers such as "To" and "Resent-To") which works in most circumstances but is not suitable for certain purposes such as mailing list messages. Some ISPs add a header to each e-mail message which can help your server determine the correct recipient. If your ISP does not add a header to multidrop e-mail, select the "Default" sort method and ignore the "select sort header" field. If your ISP does add a header to multidrop e-mail, then select "Specify below" and enter the header tag provided by your ISP. Because you will experience problems with mailing-lists when using multi-drop e-mail, we strongly recommend that you work with your ISP to have a special header added to each message. The "Default" sort method should be only used as a last resort.
This screen presents you with additional options for controlling how your system handles e-mail.
Page 89 of 111
■ Forwarding address for administrative notices: The default address for administrative notices (i.e. undeliverable mail, backup notifications and other status/error messages) is "admin". If you'd like those messages to be sent elsewhere, enter the address here. Note, This option has been moved to the Collaboration > User panel.
Note: Be aware that all messages sent to postmaster, root or mailer-daemon at your domain are sent to either admin or the address that you enter in this field.
■ E-mail to unknown users: This field allows you to choose whether incoming messages to unknown users are bounced back to the sender or forwarded to the system administrator. Some users prefer the latter setting because it allows them to catch and reroute e-mail that was incorrectly addressed.
Note: If you choose to have messages forwarded to the system administrator, they will be sent to either "admin" or the e-mail address specified in the forwarding address field mentioned above.
Page 90 of 111 ■ Internet provider's SMTP server: Normally the server will send outgoing messages directly to their intended destination. If, however, you have an unreliable connection or are using a residential Internet service, it may be advisable to route e-mail via your provider's SMTP server. In that case, you should enter the SMTP server's hostname or IP address here. In fact, if you have a temporary dial-up connection to the Internet, you may find that you need to use your ISP's mail server in order to deliver mail to some locations. As a reaction to the huge volume of unsolicited commercial e-mail ("spam"), many Internet sites are refusing direct SMTP connections from IP addresses that are known to be temporary dial-up accounts. For this reason, you may need to use your ISP's mail server since it will have a permanent connection to the Internet. Review Configuration This section of the server manager summarizes how your server is configured. This is the data that you entered during the installation process and possibly changed later through the server console or the server manager. As you can see from the screen below, this is essentially a report that you can print out for your records. You do not have the ability to make changes from this screen.
■ password protection: the administrator can specify whether a password is required to access an i-bay from the Internet and what that password will be. are a unique feature built into your SME Server. ■ user access via file-sharing or FTP: The administrator can also control who has the ability to save a file into or modify the contents of the files in the i-bay (write access) and who has the ability to view the contents of the i-bay (read access). Note: If you select Password Required. flexible mechanism for creating distinct information-sharing sites. whether on the local network or on the Internet). The network administrator can define several characteristics for each new i-bay they create: ■ write access: the administrator can control access to the i-bay by associating the i-bay with a group. or i-bays. simple. Similarly. users who connect to the i-bay via FTP or HTTP will be prompted to supply that particular i-bay's username and password. the administrator can control whether group members only can read the contents of the i-bay or whether the contents can be read by anyone.Page 91 of 111 Information Bays (i-bays) Information bays. i-bays are a powerful. All groups previously created in the groups section of the server manager will appear in the drop-down menu under "group" in this section. The user name is always the name of the i-bay 10/18/2010 . In addition. The administrator can specify whether the entire group can write to the i-bay or whether the administrator alone has the power to save files to the i-bay. two default groups will always appear "administrator" and "everyone" (meaning all users.
Note: If an i-bay is set for no public access via web or anonymous ftp. the name may be up to 12 characters long *4 and may contain only lowercase letters. John Smith and Bus-Partner are not. sales and client3.prj8 are all valid names. ■ html: When an i-bay is accessed using a web browser (via http).not the individual user's password. which are in use by the system and cannot be used for an i-bay name. The files directory is for all files that you want people to access through FTP or regular file sharing. The i-bay name should also start with a lower-case letter. the user will enter the html directory and the web browser will automatically open the index file (usually index. i-bays are simple to create and manage. if the i-bay requires a password. any i-bay that requires a password will appear in red until that password has been changed from "default" (the i-bay for Samson's Farms in the following image is an example of this). #4This 12-character restriction ensures that the i-bay can be shared correctly to all Windows machines. periods and underscores. users will then see the top-level directory of the i-bay with the three subdirectories of html. they will see the files in this directory. users will not be able to access the i-bay until the administrator sets the password. as you will see in the upcoming examples. Note that. each associated with a specific i-bay. If a password is required. primary and public. you can delete an i-bay (which will delete all contents of the i-bay directory) and. files and cgi-bin. the name of each i-bay and a description of its contents. a company-wide file sharing server. This can be very powerful and useful. 10/18/2010 . if the ibay settings are later changed to allow public access through web or anonymous ftp. ■ files: This directory holds files that can be accessed either locally only or publicly. you can think of the html directory as the place to put all files. For example. Generally. Note that there are two special names. CGI scripts are tools used in advanced web site creation and are not discussed here. it will display the web page associated with that i-bay. i-bay accounts are locked out by default. In this section. as with user accounts. Note: When you create an i-bay.htm) in that ibay. It can be used for such things as a company download site.Page 92 of 111 and the password is whatever the administrator assigns to that i-bay . Finally. users connecting to the i-bay through Windows or Macintosh file sharing will see only the contents of the files directory. The "Information bays" section of the server manager shows all current i-bays. Each directory is briefly outlined below: ■ cgi-bin: This directory is set aside to hold "CGI scripts" used for that i-bay's web pages. while 3associates. As with your user account directory. It must be unique. you can set it here. This means you can have different web sites running on your server. i-bay Directories Each i-bay has three directories . In other words. images and documents that you would like to be accessible through the web . However. Note that you can have as many subdirectories as you wish underneath either html or files but you cannot create additional directories at the top level of the i-bay. numbers. an i-bay cannot use the same name as an existing user or group account. files and cgi-bin.html. johnson. When someone connects to the i-bay using FTP. or a document sharing site for a specific customer.html or index. The items they were used to seeing before will now be found in the files directory.
Windows file sharing / AppleTalk. The Pagan Vegan. you use your FTP client to connect to your server and use the i-bay name as the login id. ■ accessing an i-bay via Windows file sharing and ~AppleTalk: To access the i-bay using Windows file sharing or AppleTalk. or FTP. This will be in one of the following forms.tofudog. That user account must be a member of the group that has been given write permission for the i-bay (configured on the i-bay screen). depending on whether or not a password is required: ftp:// ibayname @ftp. this would be via "Network Neighborhood") and select the i-bay you want to enter from those appearing. but to do so you must login to the server with a valid user name. you will see the index. Assuming you are entitled to access this i-bay. For example. If the i-bay requires a password. not the i-bay name.. you will need to enter a FTP URL./. ■ accessing an i-bay via the FTP server: To access the i-bay using FTP.. Creating an i-bay No matter how you are going to use an i-bay. to demonstrate their capabilities. we will take a look at some examples of i-bays that have been created by our hypothetical catering and event-planning company. You can only access an i-bay in this way if you are on the local network. the process of creating an i-bay starts by clicking on the "Click here" link at the top of the Information Bays panel in the server manager. domainname Warning: Be aware that FTP transmits all passwords in the clear without encryption and can therefore be a security risk. In the next few sections. domainname ftp:// ibayname : password @ftp.com/samfarms". If you are using a command-line or graphical FTP client. ■ It is possible to upload files using FTP. If you are using a web browser. enter "www. They can only download files from the i-bay to their client. the URL for Samson's Farms i-bay is "www. You will now be able to upload files from your FTP client to the appropriate directories. you will usually be prompted for the login username and password. simply navigate to the server over your network browser (in Windows. ■ accessing an i-bay using a web browser (via http): To view an i-bay using a browser. you will need to enter the i-bay password as well. You will be presented with the form shown in the image below. You would then change to the i-bay directory (using the ftp command "cd .xxx/i-bayname". If you are concerned about security. ■ Note that users accessing the i-bay via FTP in this manner are not able to upload files to the i-bay.Page 93 of 111 Accessing the i-bays You can access the contents of an i-bay using a web browser. 10/18/2010 . we suggest you consider the scp "secure copy" command associated with ssh as an alternative to FTP./ibays/ibayname").html page in the html directory in the Samson's Farms i-bay. a password dialog box will appear before the contents of the i-bay are served to the web browser.yourdomain. If a password is required to see the contents of the ibay.
you can choose to allow access to just the local network or the wider Internet. Note that the ftp access described below can be overridden by the FTP access limits setting on the Remote access panel of the server manager. For instance. even though you will appear to be able to enable it from the i-bay configuration screen. The i-bay name will be what users will enter in the URL after the hostname to access the i-bay from the web. The group ownership plays a role in the next setting for user access. ftp access for individual ibays will not be allowed.com/intranet/'. an i-bay named 'intranet' can be accessed by the Pagan Vegan staff at 'http://www. ■ Information bay name: This is the short name of the i-bay (subject to the 12-character length restriction mentioned earlier). 10/18/2010 . If you want others to be able to access the i-bay via web or anonymous ftp. you can leave public access set to the default of None . ■ Public access: Here you set what type of public access you wish to have for the i-bay.Page 94 of 111 You now need to fill out the form providing the information and making the choices described below. If you choose to "Disable public FTP access" there. if public access is enabled. If the i-bay is just to be used by a small group of users. ■ Brief description: This text will appear in various administrative screens and can be a useful reminder of the i-bay content. ■ User access: You need to decide who will be able to add and modify content in the i-bay and who will be able to read the content. You also can choose whether or not you wish to require a password. ■ Group: Ownership of the i-bay content is assigned to an existing group.tofu-dog.
However. you can execute those scripts from the cgi-bin directory of your i-bay. a few items to be aware of when modifying i-bays: ■ If an i-bay is set for no public access via web or anonymous ftp. (The good news is that simply changing the public access setting back to "None" will return i-bay file sharing access to its previous configuration.) An i-bay Used as a Customer Site: The Miles Gabriel Art Exposition "The Pagan Vegan" (TPV) has found that customers like having access to a customized web page which summarizes all of the information pertaining to their particular event. users connecting through file sharing will then see the top-level directory of the i-bay with the three subdirectories of html. The items they were used to seeing before will now be found in the files directory. and access methods. Creating each web site is a straightforward.) ■ After an i-bay is modified. The ". all Macintosh users will be disconnected from the i-bay and will need to reconnect. rather than their own user name and password. files and cgi-bin. There are. public access will not be available until you set the i-bay password from the main information bay panel in the server manager. If you wish to change the actual name of the i-bay. 10/18/2010 . fill-inthe-blanks process.html" files in the i-bay's html directory are based on a template that TPV uses for each customer. For instance. users connecting to the i-bay through Windows or Macintosh file sharing will see only the contents of the files directory. group ownership. Once done filling out the form. Modifying an i-bay At any point in time you can modify the attributes of an i-bay (except for its name) by clicking on the " Modify " link next to the i-bay name on the "Information bays" panel of the server manager. click the Create button and the server manager will create your i-bay. (Note that this will delete the contents of the i-bay. you can easily change the description. ■ Execution of CGI scripts: If you want to use CGI scripts to add functionality to your web site. however. If you wish to change these settings at any later point. you can modify the i-bay as often as you wish. Once you do so. for security reasons you must first choose enabled here to allow such scripts to be executed. so make sure you have backed up the i-bay data before you remove it. Outside of those concerns. All Macintosh users will receive an alert stating that they will be disconnected in 5 minutes. The company finds it reduces the risk of miscommunication and improves its image and reputation. users can access the i-bay through their web browser or ftp by using the i-bay name and i-bay password. This may disrupt Windows shortcuts and configuration settings. However. you will need to remove the i-bay and create it again. you can click on Modify next to the i-bay name in the information bays panel of the server manager. if the ibay settings are later changed to allow public access through web or anonymous ftp.Page 95 of 111 Note: If you choose one of the modes of Public access via web or anonymous ftp that requires a password.
(TPV created individual passwords and securely provided them to their customers. a password is required to enter the site. Because it contains important customer information.Page 96 of 111 TPV has chosen a naming convention for i-bays that customers can easily remember . To prevent others from accessing the customer's i-bay. last name. only the site administrator can save files into this i-bay.first initial.) 10/18/2010 .
All employees can read and write files to this directory. Note: This is only true if the i-bay has been set to allow public access via web or anonymous ftp. For example. He can check at any time to ensure the arrangements are correct.com/mgabriel . Gabriel's account called "mgabriel". TPV uses an i-bay for a company-wide network drive to hold documents to which all employees should have access. simply access the server over the network (via Network Neighborhood) and open the appropriate i-bay . If an i-bay is set for no public access via web or anonymous ftp.Page 97 of 111 Miles Gabriel has contacted The Pagan Vegan to cater an art exposition. You will see the files located in the files directory and can then open them or copy them to your system. Gabriel has access to a summary of his event information. The i-bay is accessed via Windows file sharing. To access using file sharing. However.tofu-dog. at midnight tonight he can access his i-bay to show his spouse the design used for his invitations! An i-bay Used as a Shared Network Drive Having a shared network drive can be very helpful as a way of storing and sharing documents company-wide. As you can see. users will then see 10/18/2010 . if the i-bay settings are later changed to allow public access through web or anonymous ftp. users connecting to the i-bay through Windows or Macintosh file sharing will simply see the contents of the files directory. Mr. Mr. The Pagan Vegan has created an ibay specifically for Mr. Gabriel accesses the site with the URL www. ~AppleTalk or FTP.
As an example. The items they were used to seeing before will now be found in the files directory. they will then see the list of documents provided there: 10/18/2010 . they double-click on "E-smith-server" as shown in: They will then see a list of i-bays accessible through Windows file sharing. they see the three folders inside of the i-bay: When they go inside of files. files and cgi-bin. when the staff of The Pagan Vegan goes into their Network Neighborhood. When they click on one of them called "sharedfiles".Page 98 of 111 the top-level directory of the i-bay with the three subdirectories of html.
10/18/2010 . Providing a centralized location for company documents (such as expense report templates) ensures that everyone always has access to these documents and uses the most up-to-date version. The company has found this to be a good way for employees to express themselves and share information. An i-bay Used as an Intranet: The Pagan Vegan "Vegemite" The Pagan Vegan has created an i-bay for its company newsletter / intranet.Page 99 of 111 As you can see in this example. The Pagan Vegan has several files in this directory for company use.
Page 100 of 111 In keeping with TPV's culture. and. as a result. viewable only from the internal network. To access the intranet. the newsletter is very casual. The intranet is.com/intranet/filename.tofu-dog. The company has a high degree of trust in its employees. TPV employees use their web browsers to access the URL www. 10/18/2010 . employees are given full access to the contents of the intranet so anyone on staff can revise it. No password is required. A more typical company might want the intranet to be created by a particular staff member and "checked in" by the administrator (write access "administrator only").htm. of course.
TPV has created an i-bay for Samson's called "samfarms". it took only about an hour to create the main page and the other pages that make up this newsletter. Anyone on TPV's local network can write to it. Samson's and TPV use an i -bay to improve the ordering and delivery process.Page 101 of 111 This particular newsletter was created using a desktop office application called StarOffice (similar to Microsoft Office).html" format and then transferred into the html directory of the "intranet" i-bay using Windows file sharing. It is accessible to the external Internet but password-protected so that only staff at TPV and Samson's Farms can read it. The files were created as typical word processing documents. saved into ". Starting with just a blank document. An i-bay Used to Expedite Processes: Samson's Farms Samson's Organic Farms delivers fresh produce to The Pagan Vegan every week. 10/18/2010 .
■ The day before delivery. Samson updates his online order sheet to include only produce that will be ripe and ready for the next delivery date. ■ The chef's assistant then reviews the menus. Mr. He saves it in ". reviews what produce will be available. checks against existing inventory and determines what should be ordered. ■ Upon receiving the e-mail. and plans menus. the chef reviews his assistant's order (as shown in the image below) using a web browser and makes any last minute adjustments. TPV's administrator saves the file directly into the html directory of the "samfarms" i-bay. ■ The chef accesses the samfarms i-bay. 10/18/2010 . The assistant enters TPV's order directly onto the order sheet in the samfarms i-bay using an HTML editor.html" format and e-mails it to The Pagan Vegan's administrator.Page 102 of 111 Here's how the process works: ■ Each week.
Samson's shipping staff accesses the i-bay over the Internet. table-setting rentals. prints out TPV's order from the samfarms i-bay. where customers can download the catalogue files themselves and view the contents on their desktop machines. and fills it. An i-bay Used as Your Customer Download Site When customers hire The Pagan Vegan to plan events. so it decided to provide customers with access to this information online.menu options. catalogues from various vendors for event stationary.Page 103 of 111 ■ On the day of delivery. etc. 10/18/2010 . called "menus". Often customers want several days to review it all. TPV has only a limited number of catalogues for loan. TPV created a download i-bay. To accomplish this. they need to review a great deal of information .
This is what the customer sees: 10/18/2010 .Page 104 of 111 TPV set the i-bay for Administrator-only write access.com . viewable over the entire Internet.tofu-dog. A customer accesses the site using the FTP client in their web browser to login as the i-bay user name by entering the URL ftp://menus@ftp. with no password required.
An ethernet adapter. Introduction to the Ethernet Local Area Network (LAN) A local area network (LAN) is the system of wires and other hardware that connects the computers within your office and allows them to communicate with one another. Appendix A. the customer simply clicks on the file name.) reach the appropriate computers on your network. Routing is one of the functions performed by the server in server and gateway mode. To download a particular file. Switching 10/100 MB hubs can operate at either speed. If you want your SME server to be available to users outside your office using a name instead of your IP address. It can help you select. and provide a good way to upgrade your network gradually. operating at 10 MB/sec. also called an ethernet card or network interface card (NIC). An ethernet LAN is the most common type.Page 105 of 111 When the cursor is placed over a file name. Allowing a third party. and cannot be used as a public DNS server for anyone outside your location. DNS Basics SME. you MUST: ■ Register your domain name with a Registrar ■ Configure your host names on a publicly accessible DNS Server Note: you can avoid 'Registering' your domain name if you use #Dynamic DNS Services Imagine the following scenario: Root_DNS | Registrar | / DNS Server | / / Other_DNS | | / / Internet---Other_ISP---Remote_User | 10/18/2010 . Different hubs operate at different speeds: slower hubs. Appendix B. the full name of the file appears. procure and install the appropriate ethernet adapters. web page information. A browser window allows the customer to select a destination directory for the file on his or her local hard drive. hub and cables. SME Manual Appendix The following Appendix pages are included for your information. etc. DNS DNS or the Domain Name Service is a distributed system of servers designed to translate human-readable names into computer routable IP addresses. operating at 100 MB/sec. serves as a point of interface between computers on the network. e-mail. connects each computer to the ethernet LAN. a common component of an ethernet. one connects it to your LAN and the other connects it to the external network that leads to your ISP. Ethernet refers both to a kind of connection and to a protocol for how Internet data packets travel around your network. If your server connects to your ISP using a modem or ISDN adapter. are suitable for larger networks. does not respond to DNS queries from outside your local network. The hub. faster hubs. Each computer on your network is connected to the hub using an ethernet network cable. There are also various how-to guides available in bookstores if you are committed to installing it on your own. it only requires one ethernet adapter. such as a systems integrator or networking company. A router ensures that Internet data packets (e. are suitable for small networks. by design. to install your ethernet can be a good idea.g. An server with a dedicated Internet connection requires two ethernet adapters.
b.com is configured for Local resolution.com.d).in-addr. Basically.arpa is registered. his computer asks Other_DNS how to find 'mysmeserver.c. Other_DNS server then ■ ■ ■ ■ asks the Root_DNS servers for the Registrar in charge of 'mysmeserver.Page 106 of 111 Your_ISP---Your_ISPs_DNS | SME | Local_User Let's assume that ■ SME has IP Address a. PTR records are managed by the organization that controls the IP address (which makes sense.com' asks the Registrar for the DNS_Server that will answer queries about 'mysmeserver. This is probably but not necessarily Your_ISPs_DNS.com' asks the DNS_Server for the IP address of 'mysmeserver.com' saves the answer in its local cache for the amount of time specified by the administrator of the DNS record at DNS_Server. if you think about it). ■ asks the Registrar where to get more info about d. 10/18/2010 .b.) So. If you have already registered your domain name. and if so. Remote_User asks for information about your IP address (a.com'. ■ asks the host indicated by the Registrar (probably Your_ISPs_DNS) what name belongs to 'd.com ■ Remote_User is configured to use Other_DNS for DNS lookups If Remote_User tries to browse to http://mysmeserver. If Local_User tries to open http://mysmeserver.c.b. the SME proceeds just as the first example from Root_DNS to Registrar to DNS_Server to local cache (actually. for you to host a public web server at your own location you need: ■ An ISP to provide connectivity ■ A DNS Registrar where you can 'register' your domain name and publish the addresses of your DNS servers.arpa'. how to configure them.c. his DNS server ■ asks the Root_DNS servers where d. the SME server returns the data that has been configured locally. Sometimes you will need 3 separate vendors for these separate services.in-addr.. on the other hand.c.a. it checks the local cache first. ■ A DNS service provider who will respond to queries about your domain Some ISP's provide registration and DNS hosting capabilities as part of the connectivity package.a. find out if your Registrar provides DNS hosting services.arpa.c. They'll provide you with a web address where you can configure your DNS. ■ If mysmeserver.a. If.d ■ SME has domain name mysmeserver.. Some Registrars provide DNS hosting as part of the registration.inaddr.com is configured to use Internet DNS Servers. Some ISP's provide DNS hosting but not Registration as part of the connectivity package.com (assuming a default SME installation with DHCP and therefore DNS provided by the SME server): ■ If mysmeserver.b.b. The return value is almost always a generic filler based on your IP address unless you contact your ISP and ask them to change the PTR data for your IP address.
com/mscorp/safety/content/technologies/senderid/wizard/default. With very few exceptions all PTR records are registered to the ISP that controls the IP block in question.d and not an error or some other address. Registrar.arpa'. http://www. so frequently the ONLY way to change your PTR records is to contact your ISP and request that they be changed. See #DNS_Service_Providers below. The SPF entries are added to your external DNS records. you'll need to find a 3rd party vendor to do this.org/ Here is a test site at Microsoft/Hotmail where you can check if SPF records are configured for your domain. the PTR record for a. The PTR record for your SME Server only becomes important if you plan to deliver email directly from your SME to recipient email servers (without using your ISP's mail server as a relay). PTR records are constructed by reversing your IP address and appending the special suffix 'in-addr. PTR Records PTR Records (or Pointer records. Here is additional information re getting your mail through to Hotmail servers. Some email providers will not accept your email if the name returned by the 'reverse lookup' of your IP address does not in its turn result in your IP address when it. See http://www. itself is looked up.Page 107 of 111 If they do NOT provide DNS hosting services. Look for tech support pages for the provider.Root_DNS.c.mycity. try to find a Registrar who provides free DNS services.myispsname. DNS_Server.myispsname.a. then edit the Registrar page to point to the DNS servers indicated by your ISP.microsoft.com returns your a. 10/18/2010 . It doesn't necessarily need to match your configured domain name. sometimes for identity verification. For example. If you have not yet registered your domain name. but it has to work both ways.c. Ask them. or Reverse DNS records) are used by internet hosts to convert an IP address into a name .b. if the nslookup d. except that the return value will be a host name instead of an IP address. it's where you start the process going for Hotmail if you still have problems after having configured SPF records.in-addr.mycity.arpa (the reverse lookup for your IP) returns dsl-a-b-cd.b. SPF Records SPF (Sender Policy Framework) records are added to the DNS zone record for domain names.d is d.a.c. your ISP might. Many receiving mail servers now require sending mail servers to have properly configured SPF records for the domain(s) being sent from.openspf.com then before trying to send email directly from your SME to the Internet at large you want to make sure that nslookup dsl-a-b-c-d.in-addr.c.b.sometimes for information only.aspx Different providers have different mail acceptance policies. They are not configured on the sme server.b.arpa. If so. configure your DNS on their servers. A DNS lookup for a PTR record looks just like a DNS lookup for a domain name at this point . For example. Failure to have SPF records can result in mail being rejected by mail servers eg Hotmail servers will reject mail that comes from mail servers without SPF records. PTR records are only rarely used for their original purpose of verifying the identity of a particular computer this is now done with SSL certificates and Trust Authorities. If neither your Registrar nor your ISP provides DNS hosting.
you should implement multidrop e-mail as your e-mail solution as this will ensure that no e-mail is misdirected to another IP address (See Some important notes on Service list D (multidrop mail) in|Chapter 3.php/topic. In pre-configuring the server for this particular service. all you need to do is visit the appropriate web site to sign up for service.42373. and your web site and other services would be unavailable for several days until the change was processed.org/index. A dynamic DNS service provides you with an automated way to notify them whenever your IP address changes so that they can immediately publish new DNS records for your domain.php/topic.aspx?productKey=edfsmsbl&ct=eformts&scrx=1 References: http://forums. During these times.org/index. it will automatically update the dynamic DNS service 10/18/2010 .html http://forums. You can easily enable the usage of a dynamic DNS service by selecting it on your server console.php/topic.php/topic.com (commercial) and dyndns.contribs. If you have arranged dynamic IP address assignment from your ISP and you wish to use one of these services.html http://forums. This means that the risk of misdirected information is much greater with a dialup connection.org/index. and enable that particular function in the server console. dyndns.0.org has tested four dynamic DNS services.contribs.contribs.34664. but you decide not to use a dynamic DNS service. If your system receives an IP address via DHCP or PPPoE.html http://forums.0.0.org/index.Page 108 of 111 http://postmaster.org (free).php/topic.0. Contribs. of which two are free services and two are commercial services: yi. we in no way interfere with nor prevent you from using another dynamic DNS service if you wish.31726. A dynamic DNS service can be a great solution when used with a dedicated connection.com/ Here's where you submit your (detailed) request to Hotmail https://support. Contribs. your IP address changes much more frequently (possibly every time your server connects) and.com/eform.contribs. However.contribs.) Note: Dynamic DNS services are not perfect. would require some customized configuration on your part.40009.live. To do so.org has tested the functionality of these services with our software.0. Without dynamic DNS.msn. A failure on the part of your dynamic DNS service can result in your network becoming temporarily unreachable from the Internet. They merely point hostnames to IP addresses. you would have to contact your ISP to have them change your DNS records.org (free).21631. we recommend and support the use of dynamic DNS services only for dedicated connections. For this reason. If your IP address is assigned dynamically and you intend to receive all your e-mail directly (rather than having it stored at an ISP and retrieving it via POP or IMAP). we accept no liability for any breach of service on their part. With a typical dialup connection. however.html Dynamic DNS Services If your IP address is assigned dynamically. your e-mail may be undeliverable. we have preprogrammed the server to work with these services (including pre-installing their client software).org/index. For simplicity. you may find it helpful to use a dynamic DNS service. there is a delay in informing the dynamic DNS service of the change. because the server only connects intermittently.html http://forums. tzo.com (commercial).
Technical Support If you are having difficulty configuring another vendor's hardware or software. when your server disconnects from the Internet. 10/18/2010 . it is possible that someone else will be assigned your IP address by your ISP. the web proxy server will store that web page.easydns. If this occurs.org/ $free ■ dyndns. we recommend you refer to the manual or contact the vendor for that product. In this case. The SME Server is open source software. with most dynamic DNS services your server does not indicate that it is offline in any way to the dynamic DNS service.95USD per year Appendix C. Networked applications such as web browsers will work perfectly without proxying. Using the proxy server can benefit the organization if you have a slow Internet connection and you've installed your server software on a fast computer.org http://www. Proxy servers temporarily store information from the Internet on the hard drive of the server. due to the IP masquerading capability of the server. but with the server it is optional.com http://www. rather than over the Internet. allowing other users to access it directly from that hard drive. Proxy Servers The server comes with a proxy server called Squid which can proxy the web (HTTP). In general.tzo. In this case.org encourages users to freely share copies of our software.com $free ■ FreeDNS http://freedns. though. when an employee visits a web page.dyndns.afraid.dyndns.x: ■ yi.zoneedit. ■ Dynamic DNS client included in SME 7. This slightly reduces the network performance for the first visitor to that web page. It also offers no benefit to your organization if employees at your site do not tend to visit the same web pages.Page 109 of 111 each time it comes online.org $free ■ tzo. we recommend that proxying be disabled in your network applications.yi. The inclusion of a vendor here does not constitute endorsement by the SME developers. Contribs. FTP and Gopher protocols. with most dynamic DNS services this other system will now start receiving your e-mail and web page requests until your server comes back online and updates the service with your new IP address.com $19.org http://www. A proxy server is generally not appropriate if you have a fast Internet connection and you've installed your server software on a lower. There is not much you can do about this. However.org $free ■ EasyDNS http://www. but can enhance the performance for subsequent visitors. For example. Appendix D. Remember. but you should be aware of this fact if there is any chance your system will be offline for a long period of time. Subsequent visitors to that web page will read it from your proxy server's hard drive. that a proxy server benefits the second and subsequent visitors to a site but not the first visitor. Many gateway systems require the use of proxy servers. DNS Service Providers Here is a brief list of vendors who provide DNS service hosting. reading from the hard drive will be faster than reading from the Internet.com http://www.or mid-level computer.com $$$ (for 'Custom DNS' services) ■ Other providers (dynamic DNS client not included in SME): ■ Zoneedit http://www. so this benefit only applies if your users tend to visit the same sites repeatedly. reading from the hard drive of the computer may not be faster than over the Internet. If your system is offline for a period of time.com $$$ ■ dyndns.
Dual channel ISDN provides speeds of 110K to 128K.org . and register it. Domain Name This refers to the unique name attached to your organization on the Internet. shared directories and other resources ISDN Integrated Services Digital Network. There are also links there to other web sites relating to the server. Digital modem line. "tofu-dog. DNS Domain Name Service.ISO Standards Glossary. If you don't have a domain name. International Organization for Standardization.iso. Download speeds are typically much faster than upload speeds (hence the term "asymmetric"). ADSL is a technology to transmit digital information at high bandwidths across existing copper phone lines. Relevant link: www. 10/18/2010 . and your ISP typically also provides you with the IP addresses of DNS servers. Your server provides DNS lookup services for your local network.ISO Home Page 2. For example.com" or "contribs. ensure it is available. Provides higher speeds than K56/V90.standardsglossary. ISO 1. These servers do not need to be configured into your server as the DNS server that is provided with your server will correctly resolve all local and Internet names.Page 110 of 111 Developers may wish to note that additional documentation. ISO followed by a number is used to identify one of the published ISO standards. Glossary Below are some useful terms and their definitions. your ISP can help you select one.contribs. Refers to the software and protocols involved in translating domain names to IP addresses.org". extranets. i-bay Information Bay. ADSL Asymmetric Digital Subscriber Line.http://wiki. ETRN ETRN is a command used for dialup solutions in order to retrieve e-mail temporarily stored at your ISP Gateway IP Address A gateway is the device on your network that forwards packets to and from the Internet. A mechanism for creating intranets.org/. including HOWTO documents and a FAQ. lists all the international standards published by ISO and provides a quick reference for looking up the topic of an ISO standard. Single channel ISDN provides speeds of 56K to 64K.com . can be found on our development web site . Relevant link: www. The gateway IP address is the IP address for that device.
contribs. ■ Content is available under GNU Free Documentation License 1. A file containing a complete release of SME Server that is downloaded and burned to CD.2. at 11:43. 10/18/2010 . or to copy files from a local machine to a server VPN Virtual Private Network (see PPTP) Retrieved from "http://wiki.Page 111 of 111 3. The CD is then used to install the SME Server Operating System ISP Internet Service Provider LDAP Lightweight Directory Access Protocol PPTP Point-to-Point Tunneling Protocol (see VPN) RAID1 Disk mirroring SCSI Small Computer Systems Interface SME Small and Medium Enterprise SSH Secure shell. encrypted way to log in to a remote machine across a network.org/SME_Server:Documentation:Administration_Manual:Booklet" ■ This page was last modified on 9 May 2008. A secure.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.