P. 1
SME Server Documentation

SME Server Documentation

|Views: 1.451|Likes:
Publicado pormmchokies

More info:

Published by: mmchokies on Nov 20, 2010
Direitos Autorais:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

11/16/2012

pdf

text

original

Sections

  • About This Manual
  • Software Licensing Terms and Conditions
  • About Our Example Company: The Pagan Vegan
  • What's New
  • Server Features
  • Tip:
  • More About Ethernet
  • Warning:
  • Dedicated versus dialup connectivity
  • The IP address
  • Note:
  • Arranging connectivity with your ISP
  • Arranging Services From Your ISP
  • Note on Service List D (Multidrop Mail)
  • Terms used in ordering connectivity and services
  • ADSL (or DSL)
  • Domain Name
  • DNS (Domain Name Service)
  • DNS: Publication of DNS Address Records
  • DNS: Publication of DNS Mail (MX) Records
  • ETRN
  • Gateway IP Address
  • 4.1. Minimum Hardware Requirements
  • CD-ROM drive ATAPI or SCSI Monitor any Graphics card any
  • 4.2. Recommended Hardware Requirements
  • 4.3. Hard Drive Configuration
  • 4.4. Supported Ethernet or SCSI Adapters, or Tape Drives
  • Licensing Terms and Conditions
  • RAID1 Support (Disk Mirroring)
  • Upgrading From A Previous Version
  • Installing the Software
  • Restoring a Backup
  • Configuring your SME Server
  • Setting Your Administrator Password
  • Configuring Your System Name and Domain Name
  • Configuring Your Local Network
  • Operation Mode
  • Configuring Server and Gateway Mode
  • Server and Gateway Mode - Dedicated
  • Configuring the Server for Server and Gateway Mode - Dialup Access
  • Choice HTTP Timeout Other Timeout
  • Configuring Your DHCP Server
  • Option 1: Check status of this server
  • Option 2: Configure this server
  • Option 3: Test internet access
  • Option 4: Reboot, shutdown or reconfigure youserver
  • Option 5: Manage disk redundancy
  • Option 6: Access server manager
  • Option 7: View support and licensing information
  • Option 8: Perform backup to USB device
  • What Order to do Things
  • Configuring Your Desktop Operating System
  • enable DHCP
  • Item Description What to enter
  • Users
  • Password strength checking is too strong. How do I change it?
  • Groups
  • Group Description Domain Rights
  • Quotas
  • Pseudonyms
  • Practical usage guidelines
  • Information Bays
  • Backup or restore
  • Backup to desktop
  • Restore from desktop
  • Configure tape backup
  • Restore from tape
  • Configure workstation backup
  • Verify workstation backup
  • Restore from workstation
  • Selective file restore from workstation
  • View log files
  • Mail log file analysis
  • Reboot or shutdown
  • Remote Access
  • Local networks
  • Port forwarding
  • Proxy settings
  • Support and licensing
  • Create Starter Web Site
  • Online manual
  • Other Administration Notes
  • Software Installer Panel
  • Set date and time
  • Workgroup
  • Directory
  • Printers
  • Hostnames and addresses
  • Domains
  • Public DNS Records
  • E-mail
  • Review Configuration
  • i-bay Directories
  • Accessing the i-bays
  • Creating an i-bay
  • Modifying an i-bay
  • An i-bay Used as a Customer Site: The Miles Gabriel Art Exposition
  • An i-bay Used as a Shared Network Drive
  • An i-bay Used as an Intranet: The Pagan Vegan "Vegemite"
  • An i-bay Used to Expedite Processes: Samson's Farms
  • An i-bay Used as Your Customer Download Site
  • Appendix A. Introduction to the Ethernet Local Area Network (LAN)
  • Appendix B. DNS
  • Appendix C. Proxy Servers
  • Appendix D. Technical Support

Page 1 of 111

SME Server:Documentation:Administration Manual:Booklet
From SME Server
Languages: English • Deutsch

Contents
■ 1 Welcome to SME Server 7 ■ 1.1 About This Manual ■ 1.1.1 Production ■ 1.1.2 History ■ 1.1.3 Endorsements ■ 1.1.4 Acknowledgements ■ 1.2 Software Licensing Terms and Conditions ■ 1.3 About Our Example Company: The Pagan Vegan ■ 1.4 What's New ■ 1.5 Server Features ■ 2 The role of the SME Server ■ 3 Your Internet Service Provider (ISP) ■ 3.1 Dedicated versus dialup connectivity ■ 3.2 The IP address ■ 3.2.1 Static versus dynamic IP addressing ■ 3.2.2 Routable versus non-routable IP addresses ■ 3.3 Arranging connectivity with your ISP ■ 3.3.1 Ordering a corporate ADSL or other commercial dedicated connection ■ 3.3.2 Ordering cablemodem or residential ADSL service ■ 3.3.3 Ordering a dialup connection ■ 3.4 Arranging Services From Your ISP ■ 3.4.1 Service List A ■ 3.4.2 Service List B ■ 3.4.3 Service List C ■ 3.4.4 Service List D ■ 3.5 Terms used in ordering connectivity and services ■ 4 Hardware Requirements of the SME Server ■ 4.1 4.1. Minimum Hardware Requirements ■ 4.2 4.2. Recommended Hardware Requirements ■ 4.3 4.3. Hard Drive Configuration ■ 4.4 4.4. Supported Ethernet or SCSI Adapters, or Tape Drives ■ 5 Installing And Configuring Your SME Server Software ■ 5.1 Licensing Terms and Conditions ■ 5.2 RAID1 Support (Disk Mirroring) ■ 5.2.1 Software Mirroring ■ 5.2.2 Hardware Mirroring ■ 5.3 Upgrading From A Previous Version ■ 5.4 Installing the Software ■ 5.5 Restoring a Backup ■ 5.6 Configuring your SME Server ■ 5.7 Setting Your Administrator Password ■ 5.8 Configuring Your System Name and Domain Name ■ 5.9 Configuring Your Local Network ■ 5.9.1 Selecting Your Local Ethernet Adapter 10/18/2010

Page 2 of 111 ■ 5.9.2 Configuring Local Network Parameters ■ 5.10 Operation Mode ■ 5.10.1 Option 1: Server and gateway mode ■ 5.10.2 Option 2: Private server and gateway ■ 5.10.3 Option 3: Server-only mode ■ 5.11 Configuring Server and Gateway Mode ■ 5.12 Server and Gateway Mode - Dedicated ■ 5.12.1 Configuring Your External Ethernet Adapter ■ 5.12.2 Assigning Your Ethernet Adapters to Network Connection ■ 5.12.3 Configuring Your External Interface ■ 5.12.4 Configuring Dynamic DNS ■ 5.13 Configuring the Server for Server and Gateway Mode - Dialup Access ■ 5.14 Configuring Your DHCP Server ■ 5.14.1 Configuring the DHCP Address Range 6 The Server Console ■ 6.1 Option 1: Check status of this server ■ 6.2 Option 2: Configure this server ■ 6.3 Option 3: Test internet access ■ 6.4 Option 4: Reboot, shutdown or reconfigure you server ■ 6.5 Option 5: Manage disk redundancy ■ 6.6 Option 6: Access server manager ■ 6.6.1 Using the Text-based Browser ■ 6.6.2 Accessing the Linux Root Prompt ■ 6.7 Option 7: View support and licensing information ■ 6.8 Option 8: Perform backup to USB device 7 Configuring the Computers on Your Network ■ 7.1 What Order to do Things ■ 7.2 Configuring Your Desktop Operating System ■ 7.2.1 Automatic DHCP Service ■ 7.2.2 Manual entry for computers not using DHCP service ■ 7.2.3 MS Windows workgroup configuration ■ 7.2.4 MS Windows Domain configuration ■ 7.2.4.1 Connecting to a Domain ■ 7.2.4.2 Setting up network drives 8 On-going Administration using the server-manager 9 Collaboration ■ 9.1 Users ■ 9.1.1 Disabling User Accounts ■ 9.1.2 Changing User Passwords ■ 9.2 Groups ■ 9.2.1 Setting admin rights ■ 9.3 Quotas ■ 9.4 Pseudonyms ■ 9.5 Information Bays 10 Administration ■ 10.1 Backup or restore ■ 10.1.1 To desktop ■ 10.1.2 To Tape ■ 10.1.3 To Workstation or USB Drive ■ 10.2 View log files ■ 10.3 Mail log file analysis ■ 10.4 Reboot or shutdown 11 Security ■ 11.1 Remote Access ■ 11.1.1 PPTP (VPN) ■ 11.1.2 Remote Management ■ 11.1.3 SSH ■ 11.1.4 FTP ■ 11.1.5 Telnet ■ 11.2 Local networks 10/18/2010

■ ■

Page 3 of 111 ■ 11.3 Port forwarding ■ 11.4 Proxy settings 12 Miscellaneous ■ 12.1 Support and licensing ■ 12.2 Create Starter Web Site ■ 12.3 Online manual ■ 12.4 Other Administration Notes 13 Configuration ■ 13.1 Software Installer Panel ■ 13.2 Set date and time ■ 13.3 Workgroup ■ 13.4 Directory ■ 13.5 Printers ■ 13.6 Hostnames and addresses ■ 13.6.1 Creating New Hostnames ■ 13.6.2 Reserving IP Addresses Through DHCP ■ 13.7 Domains ■ 13.8 E-mail ■ 13.8.1 E-mail Access ■ 13.8.2 E-mail Filtering ■ 13.8.3 E-mail Retrieval ■ 13.8.4 E-mail Delivery ■ 13.9 Review Configuration 14 Information Bays (i-bays) ■ 14.1 i-bay Directories ■ 14.2 Accessing the i-bays ■ 14.3 Creating an i-bay ■ 14.4 Modifying an i-bay ■ 14.5 An i-bay Used as a Customer Site: The Miles Gabriel Art Exposition ■ 14.6 An i-bay Used as a Shared Network Drive ■ 14.7 An i-bay Used as an Intranet: The Pagan Vegan "Vegemite" ■ 14.8 An i-bay Used to Expedite Processes: Samson's Farms ■ 14.9 An i-bay Used as Your Customer Download Site 15 SME Manual Appendix ■ 15.1 Appendix A. Introduction to the Ethernet Local Area Network (LAN) ■ 15.2 Appendix B. DNS ■ 15.2.1 DNS Basics ■ 15.2.2 PTR Records ■ 15.2.3 SPF Records ■ 15.2.4 Dynamic DNS Services ■ 15.2.5 DNS Service Providers ■ 15.3 Appendix C. Proxy Servers ■ 15.4 Appendix D. Technical Support 16 Glossary

Welcome to SME Server 7
Congratulations on choosing the SME Server as your network and communications server! SME Server is an open-source Linux server distribution designed to be: ■ Simple to setup and use: Installation and basic configuration takes less than 20 minutes, and every configuration option can be set via a web-based interface. ■ Secure and stable to operate: SME Server only includes what is necessary, which translates into the entire ISO being around 500MB. Stability comes from using proven, supported rpm packages and from an update system that notifies you with available updates. ■ Cross-platform and extendable to meet future needs: SME Server already has everything necessary to provide the core services most people need to network Linux, Macintosh, and Windows systems. ■ And it's completely free! 10/18/2010

Almost all of the packages that SME Server includes from these upstream vendors are included unmodified. This means that you are free to use.com/) . and are the basis for this manual) Endorsements This is the official documentation for SME Server and is endorsed by the developers at http://wiki. The Appendices and Glossary provide background information on subjects related to networking and the Internet and are intended to supplement chapters in the main section of this document. you must make the source code (with patches please) freely available. The purpose of doing so is to take advantage of the stability that comes from the huge user base that uses these packages. Mitel's commercial offering is known as the "Mitel Managed Application Server".contribs. Production This document was revised on the wiki's at smeserver.Revisions for SME Server 7. Acceptance of this agreement is required during the software installation.net (Previous versions were published by e-smith.redhat.org) and RPMForge (http://rpmforge.0 alpha from Mitel (http://www. Mitel and contribs.net and wiki.org. for security. Software Licensing Terms and Conditions The SME Server is licensed under the General Public License (GPL).net) .Page 4 of 111 ■ Download the ISO from http://wiki.com/pub/redhat/linux/enterprise/4/en/os/i386/SRPMS) and aims to be binary compatible. If you do alter any of the packages.org/SME_Server:Download The heart of SME Server 7 is based on the GPL'd sources of the unsupported developer release of SME 7. The agreement is found on the ISO.0 started at sourceforge. 10/18/2010 .sourceforge. About This Manual This manual walks you step-by-step through the straightforward process of installing and configuring your SME Server. Security updates from Redhat/Centos should be available until 2012 for Centos 4.org History ■ October 2005 . and alter the software.contribs. SME Server 7 uses many packages from CentOS (http://centos. who is the copyright holder for much of what makes SME Server what it is. and in the past was known as e-Smith. and to allow automatic updates as soon as an update is available from the upstream vendor.contribs. Mitel has been very generous to fund development of the alpha and beta versions and to keep to the spirit of the GPL by sharing their source code freely.org Acknowledgements Thank you to the developers that create and maintain the SME Server distribution. And thank you to the companies and people that support the developers. CentOS 4 is built from publicly available open source Red Hat Enterprise Linux SRPMS (http://ftp. RPMForge is a collaborative effort of several RPM packagers that build RPMs not included with CentOS.mitel.

In one simple. no company of this name exists.Page 5 of 111 SME Server users may copy and redistribute this software.fsf. Details on other open source licences can be obtained here: http://www.html. we use examples of a catering and event-planning company. The Pagan Vegan or TPV. easy-to-install package. you get: 10/18/2010 .org/licenses/. converting it to an industrial-strength communications server that optionally allows all of the computers on your network to share a single Internet connection. Some packages may have an alternate open source licence.org/licensing/licenses/gpl. Server Features The SME Server server and gateway installs automatically on a PC. The applicable license for each software module is specifically identified and can be seen by running the rpm -qiv packagename command. What's New For the most complete list of information about changes that have been made in SME Server. As far as we know. administers and makes use of their server. see the release notes that accompany your download.opensource. The text of the GPL license may be found at http://www. from the command line. that configures. About Our Example Company: The Pagan Vegan In this manual.

■ Browser based server-manager software that makes it easy to add new user accounts. and you can now enter pseudonyms of pseudonyms. ready to accept a second drive. minimizing the risk of intrusions. Advanced but simple to use plugin system to easily install extra functionality and write local rules.including e-mail.Previous versions have allowed the server to act as a domain controller for client computers running Windows 95. configure network printers.you have the ability to set a limit on the amount of a disk space a user can use for files and e-mail. ■ Special services that speed web and Internet access. Almost all features are implemented in plugins. Automatic tagging with X-spam-status headers. ZIP. ■ Antivirus email and hard drive scanning is now provided by ClamAV.9 kernel).that allow you to communicate better internally and with the rest of the world using the Internet. the word gateway is used to mean the computer that acts as the interface between your local.Page 6 of 111 ■ A high performance email server that handles email to and from your users. the SME Server not only routes that connection. 98. The role of the SME Server Your SME Server manages your connection to the Internet by routing Internet data packets to and from your network (which allows all the computers on your network to share a single Internet connection) and by providing security for your network. ■ Quota Management . The result is that any other Redhat EL4 or Centos 4 RPMS should work without modification.g.org ■ SMTP Email reception is now handled by qpsmtpd.The server now includes better support for Macintosh file sharing and eliminates some previous cases where Macintosh users were unable to access i-bays. Your server also provides services . set up workgroups and connect additional networks.) support@domain1 and support@domain2 to different places. ■ Spam Filtering with Spamassassin. 10/18/2010 . ■ i-bays. web access and a powerful file sharing and collaboration feature called "i-bays" . SMTP AUTH over SMTP/SSL. ■ Windows 2000 and XP domain logon support . Approved contribs and official updates can now be installed in the server-manager. improving the performance of your network. but seamlessly interposes itself into the communication. You now have the ability to send (e.It is now possible to connect the SME Server to a printer via the USB port. ■ Webmail has been upgraded to the latest versions of Horde. and 6+ Drives as RAID6. Turba and Ingo from horde. ME or NT.While our software has always supported external ISDN adapters. IMAP/SSL. ■ Experimental ISDN card support . ■ USB printer support . ■ Yum based Software installer panel. PIF and automatic conversion of TNEF or UUENCODE encoded attachments to MIME. Systems with 2 drives are set up as RAID 1. Mitel. Imp. ■ Enhancement to the pseudonyms panel.Packages from Centos 4 (2. POP3/SSL. ■ A shared email address book that is maintained automatically. Macintosh and Unix machines. When one of your local computers contacts the Internet. or is contacted by an outside machine on the Internet. 3-5 drives as RAID5. and optional filtering and subject tagging. ■ Improved Macintosh file sharing support . This prevents a direct connection from being established between an external computer on the Internet and a computer on your local network thereby significantly reducing the risk of intrusion onto your network. ■ Installation on a system with 1 hard drive is automatically set up half of a RAID1 mirror. internal network and the external world. ■ A web server to host your company web and/or intranet site. Virus definitions are kept up to date automatically. ■ Secure email enhancements. ■ Use of unmodified packages from upstream providers . and other packages from atrpms and rpmforge are used unmodified whenever possible. ■ Enhanced security features that reduce the risk of intrusion. SMTP/SSL. ■ Email attachment handling: Including the ability to block EXE. This version now extends that domain logon support to Windows 2000 and Windows XP. and program updates will be available automatically via the software installer (yum). this version now includes experimental support for using an internal passive ISDN card. control remote access. ■ A central file server enabling seamless information exchange among Windows. Selectable "Automatically install updates" option. Throughout this user's guide.6. a unique communications and collaborative facility that makes it easy for users to work together on projects. Configurable rejection levels.

In that configuration. so only on rare occasions will you require direct access to the server computer. The server-only mode is typically used for networks already behind a firewall. but not the routing and security functions associated with the role of "gateway".Page 7 of 111 >>++Server and Gateway Mode++]] If you prefer. the firewall fulfills the role of gateway. your SME Server can be configured and managed remotely. Once installation is complete. providing routing and network security. In "server-only" mode. 10/18/2010 . If you wish. (Note that some computers may not operate correctly without an attached keyboard. >>++Server only Mode++]] Once installed. your server provides your network with services. briefly explains ethernet. you can disconnect the keyboard and monitor. you can also run your SME Server in "server-only" mode.) Tip: More About Ethernet Appendix A: Introduction to the Ethernet Local Area Network (LAN) . most customers put the server in an out-of-the-way place like a utility closet. Routine administration is handled from your desktop using a web-based interface. ethernet components and typical ethernet configuration.

it connects to your ISP over a phone line using a modem or ISDN adapter . also referred to as Internet access type. you will need to review your gateway/firewall documentation and perhaps consult with your ISP regarding your configuration. For example. depending on your plans for the server. For that reason. which provides you with many (though not all) of the same services as a traditional ISP. A cable connection links you to your cable company. refers to the physical connection between your site and your ISP. your ISP only needs to allocate one IP address for your network. having your server host your external company web site would create a problem because whenever your server was not connected to the Internet. Rather. dedicated connections are generally faster and allow you to use the full range of services on your server. There are several common types of dedicated connectivity.much like an office receptionist is able to accept incoming calls and direct them to the appropriate extension. Warning: If you are operating the product in "server-only" mode. the web site would not be available. For example. your IP address enables other people to reach you.) The IP address An IP address is an identifying number assigned to all devices connected to the Internet. it could certainly host an intranet web site because the local network would always be connected. This section of the user's guide reviews what ISPs offer and what the implications are in choosing among the various options available to you. since not all ISPs offer all services. Like your phone number. impacts such things as how quickly your web site is displayed to visitors. your server is not permanently connected to the Internet. Dedicated versus dialup connectivity Connectivity. It is assigned to your server. (However. it's important to know the general range of services available. 10/18/2010 . You may also need to configure your firewall for port forwarding of services.Page 8 of 111 Your Internet Service Provider (ISP) Your Internet Service Provider or ISP is your connection to the Internet . In our standard configuration. If you have dialup connectivity. in turn. It also provides other essential services. The speed of transmission over a cable network can vary widely (from quite fast to very slow) based in part on the usage within your neighborhood. How you connect to your ISP affects the speed of your Internet connection. the single Ethernet connection to the local network is "trusted" as being secure and packet filtering is disabled. In server-only mode. your ISP may need to publish DNS records associating your mail and/or web servers with your firewall IP address. some of the services on your server cannot be provided to the outside world. ADSL provides relatively fast data transmission over phone lines. which will accept all the Internet data packets intended for your network and distribute them to the appropriate computer . Dedicated connectivity refers to a full-time connection to your ISP. Because your connection to the Internet is not permanent. a server-only server must always be behind a local firewall. which.it routes Internet data packets to and from your server. While your ISP can also assist you in selecting and arranging the right Internet services for your organization. and is used in routing information from one device to another. Although they are more expensive than the alternative. You should not directly connect such a system to the Internet via an Internet Service Provider.

Consider again our telephone number analogy. ISDN. cable modem. This makes it more difficult to ensure continuity of service to your network.g. you may be required to install that hardware yourself under their direction. Your ISP will help you connect your site and provide you with services that enable you to take advantage of the Internet (e. When your telephone number changes. your ISP will arrange for and configure your external hub and router. we guide you first through arranging connectivity and then direct you to the appropriate list of services for each type of connection. but you also need to ensure that your server can locate the appropriate devices at your ISP's site. until your new phone number is registered with Directory Services. Your ISP will give you this information (e. Using the same analogy. To connect your site to the Internet. static IP addresses for your corporation .Page 9 of 111 Static versus dynamic IP addressing A static IP address never changes. If a special phone line is required. However.g. Arranging connectivity with your ISP If you are going to be using your server in "server and gateway" mode. Routable versus non-routable IP addresses If an IP address is analogous to your phone number. you are able to place outgoing calls. Alternatively. In fact. the ISP will typically arrange that. with a typical cablemodem).you will need only one for your server. We strongly recommend you review Appendix B: Dynamic DNS services for more information about this worthwhile option.). If your server is assigned a nonroutable address. Ordering a corporate ADSL or other commercial dedicated connection Typically. usually you will be allocated a block of routable. the type of connection used determines the services needed. whenever your IP address changes. It is most typical with corporate service that you receive a routable. Therefore. etc. Dynamic IP address assignment means that your IP address is assigned to you only temporarily and may be changed by your ISP. e-mail delivery). a non-routable address is the equivalent of an office extension. a record associating your server with its new IP address must be published with the equivalent of Directory Services (known as Domain Name Service or DNS) before incoming traffic can find you. it cannot directly receive incoming Internet connections. Many ISPs use a DHCP server which can directly configure your server with some or all of these parameters. Note: Static IP addressing is preferable to dynamic IP addressing because it makes it easier for users on the Internet to connect to your services. which limits the services that it can provide to your site. DSL. It is permanently assigned to your server by your ISP. you not only need to arrange your physical connection (modem. you may find it helpful to use a dynamic DNS service . The terms used in the following sections are defined at the end of this chapter. static IP address. other people are unable to look up your new number and place calls to you. To some extent. IP addresses for their devices) which must eventually be entered into your server console (a straightforward process covered in a later chapter). If your IP address is dynamically assigned and you have a dedicated connection to your ISP (for example. Similarly. then a routable IP address is the equivalent of a full telephone number complete with country code and area code such as +1-613-555-1234. you will need to arrange for a connection to the Internet. 10/18/2010 .

If you require an additional phone line. If you do not have cable access. it is typical for you to arrange that yourself. your cable company will install it for you.Page 10 of 111 Information provided to you by your ISP: ■ static IP address (or block of addresses from which you choose one) ■ IP address of router ("gateway IP address") ■ subnet mask Order services from: Service List A Ordering cablemodem or residential ADSL service Typically. 10/18/2010 . your cable company or ADSL provider will install a configured cablemodem or ADSL router at your site. There are three possible configurations when ordering cablemodem or residential ADSL services. ADSL connects to the ISP via a conventional phone line.

1. static IP address Information provided to you by your ISP: ■ static IP address ■ IP address of cablemodem or ADSL router ("gateway IP address") ■ subnet mask Order services from: Service List A 2. the test for Internet connectivity will fail erroneously).g. This interferes in a few minor ways with your server (e.. ■ Some ISPs block outgoing HTTP connections. However. forcing you to use their proxy server. dynamically assigned IP address and you elect to use a dynamic DNS service (We encourage you to review Appendix B: Dynamic DNS Services for a discussion of dynamic DNS services.Page 11 of 111 Note: In the tables below. please keep the following information in mind: ■ ISPs often supply the items marked * to your server by DHCP. You receive a routable.) Information provided to you by your ISP: ■ gateway IP address* ■ subnet mask* Information provided by dynamic DNS service: ■ DNS service account name ■ DNS service password 10/18/2010 . You receive a routable. using the ISP's proxy server will normally work fine.

You receive a routable. we do not provide technical support for the use of these cards as they have not yet been tested in a wide enough variety of environments. Warning: While the software includes experimental support for ISDN cards. it is typical for you to arrange that yourself. (Be sure to use a Linux-compatible modem .Page 12 of 111 Order services from: Service List B 3. dynamically assigned IP address and you elect not to use a dynamic DNS service OR your IP address is non-routable.~WinModems will not work. There are two possible configurations with dialup service: 1.) Your modem connects to your ISP over a conventional phone line. Information provided to you by your ISP: ■ IP address of cablemodem or ADSL router ("gateway IP address")* ■ subnet mask* Order services from: Service List D Ordering a dialup connection It is typical for you to purchase and install your own modem or ISDN adapter for your dialup connection. If you require an additional phone line. Your ISP is able to meet all of the following three conditions: 10/18/2010 . The software can work with external ISDN adapters and includes support for passive ISDN cards. Your ISDN adapter will connect to the ISDN connection installed by your ISP or local telecommunications provider.

we direct you to the appropriate list of services that should be ordered from your ISP. (This command is used by the server to retrieve the mail held by the ISP's secondary mail server.) Information provided to you by your ISP: ■ ■ ■ ■ static IP address dialup access number dialup account name dialup account password Order services from: Service List C 2. static IP address ■ your ISP will provide a secondary mail server for your domain. FTP server and e-mail server ■ publication of DNS mail (MX) records Service List C ■ ■ ■ ■ ■ ■ PPP dialup access (with static IP) domain name publication of DNS address records for your e-mail server* publication of DNS mail (MX) records secondary mail server (ETRN must be supported) Internet news server (optional) 10/18/2010 . Your ISP is unable to meet all three of the above conditions Information provided to you by your ISP: ■ dialup access number ■ dialup account name ■ dialup account password Order services from: Service List D Arranging Services From Your ISP In each of the previous sections on connectivity. Service List A ■ ■ ■ ■ ■ domain name set up and hosting publication of DNS address records for your web server. FTP server and e-mail server publication of DNS mail (MX) records secondary mail server (optional) Internet news server (optional) Service List B Services to order from ISP: ■ secondary mail server (optional) ■ Internet news server (optional) Services From Dynamic DNS Service ■ domain name (depending on the service purchased. your dynamic DNS service may restrict what your domain name can be) ■ publication of DNS address records for your web server.Page 13 of 111 ■ you receive a routable. ■ your ISP is able to accept the "ETRN command". which receives e-mail when your server is not connected.

make note of the header tag used so that you can configure your server to look for it (explained in a later section). Because there is no published address receiving incoming network connections. Your POP mailbox must be large enough to hold the e-mail for your organization until it is fetched. this configuration does not allow you to host a web page or FTP site using your SME Server. If your ISP does this. some of the addressee information is removed. Any e-mail that cannot be delivered will be returned to the sender. This works very well for normal person-to-person e-mail.route all mail for domain name to the single POP mailbox Internet news server (optional) Warning: Note on Service List D (Multidrop Mail) Service list D is applied to configurations where the publication of DNS records is not practical either because your IP address changes frequently or because it is non-routable. Service list D is applied to configurations where the publication of DNS records is not practical either because your IP address changes frequently or because it is non-routable. If your primary ISP cannot supply this. Some ISPs add a header to each e-mail message as it enters the POP mailbox to assist in determining the addressee. which involves temporarily storing all email messages addressed to your domain in a POP mailbox at your ISP until your server connects and fetches them. As e-mail messages are delivered into the POP mailbox at your ISP. this configuration does not allow you to host a web page or FTP site using your SME Server. you can use another ISP for your e-mail hosting. e-mail is handled using a method called "multidrop".Page 14 of 111 Your web and FTP servers are available to the external world only when your server is connected to the Internet. your server uses several heuristics. One common header tag is: "X-Delivered-To". ■ ■ ■ ■ PPP dialup access (if you are using dialup connectivity) POP mailbox (with generous size limitation) domain name . e-mail is handled using a method called "multidrop". To determine to whom the e-mail message is addressed. In this case. Service List D Please read the important notes (below) on the limitations of this configuration. messages from mailing lists (and other sources where the user's account name is not present in the headers) cannot be delivered. If your primary ISP cannot supply this. If the e-mail cannot be returned to sender. you can use another ISP for your e-mail hosting. some of the addressee information is removed. messages from mailing lists (and other 10/18/2010 . As e-mail messages are delivered into the POP mailbox at your ISP. To determine to whom the e-mail message is addressed. However. However. Because of the potential problems involved with delivery of e-mail to multidrop mailboxes. which involves temporarily storing all e-mail messages addressed to your domain in a POP mailbox at your ISP until your server connects and fetches them. Because there is no published address receiving incoming network connections. we strongly encourage you to consider other means of mail delivery before resorting to using multidrop. Your POP mailbox must be large enough to hold the e-mail for your organization until it is fetched. In this case. it will be directed to the system administrator. DNS address records for web and FTP servers only need to be published if it is likely that someone external to your site will need to connect to them for a particular reason. This works very well for normal person-to-person e-mail. your server uses several heuristics.

These servers do not need to be configured into your server as the DNS server that is provided with your server will correctly resolve all local and Internet names. DNS: Publication of DNS Mail (MX) Records The publication of DNS mail (MX) records is the method used to inform Domain Name Services worldwide that all e-mail to your domain ("yourdomain. your ISP can help you select one. we strongly encourage you to consider other means of mail delivery before resorting to using multidrop. Some ISPs add a header to each e-mail message as it enters the POP mailbox to assist in determining the addressee. If your ISP does this.domain. DNS (Domain Name Service) DNS. it will be directed to the system administrator. or Domain Name Service.domain.domain. ETRN ETRN is a command used for dialup solutions in order to retrieve e-mail temporarily stored at your ISP Gateway IP Address A gateway is the device on your network that forwards packets to and from the Internet. Your server provides DNS lookup services for your local network. Because of the potential problems involved with delivery of e-mail to multidrop mailboxes. Domain Name This refers to the unique name attached to your organization on the Internet. "tofu-dog. For example. 10/18/2010 . and register it. Any e-mail that cannot be delivered will be returned to the sender. Terms used in ordering connectivity and services ADSL (or DSL) ADSL is a type of high-speed Internet access that uses regular phone lines and is available in many metropolitan areas.yourdomain. FTP server ("ftp. make note of the header tag used so that you can configure your server to look for it (explained in a later section).com".Page 15 of 111 sources where the user's account name is not present in the headers) cannot be delivered.xxx") should be delivered to your e-mail server ("mail.xxx") with the IP address of your server. One common header tag is: "X-Delivered-To". Your ISP must publish DNS address records associating the name of your web server ("www. DNS: Publication of DNS Address Records The publication of DNS address information allows other DNS servers to look up your domain information. If the e-mail cannot be returned to sender.xxx").xxx"). refers to the software and protocols involved in translating domain names to IP addresses. and your ISP typically also provides you with the IP addresses of DNS servers. If you don't have a domain name. ensure it is available.xxx") and e-mail server ("mail.com" or "e-smith.

However. We do not recommend the use of server hardware which is not listed as "Certified" or "Compatible".redhat.at least 4 GB SCSI adapter must appear on the supported list (only necessary for SCSI systems) The ethernet adapters installed on your server must appear on the supported list.6 series Linux kernel. selecting an appropriate host computer is important.15 Note: Version 7. ■ The amount of available RAM is one of the most important considerations for server performance as it reduces the load on the disks.1. located at: https://hardware. your server requires two ethernet adapters (also called network adapters or network interface cards).4 and uses the 2. 10/18/2010 Category Architecture Processor speed RAM Hard Drive SCSI adapter Ethernet adapter(s) Modem (for dialup only) . please have a look at the 'Recommended' Hardware Requirements.Page 16 of 111 Hardware Requirements of the SME Server The hardware requirements of the SME Server are modest compared with other server software available today. For a dialup connection or server-only mode. but it is important that any hardware chosen for the server has been tested for compatibility before deployment. WinModems are not supported.0 of SME Server is based on CentOS 4. See also a forum thread with users suggestions http://forums. Enabling webmail will increase the resource requirements of your server.php?topic=36603. The hardware requirements of the host computer depend on such things as the number of users on your network. one ethernet adapter is needed. Virus and Spam Scanners. such as SSH and PPTP. extra RAM will usually be more beneficial than a faster CPU. We expect that all hardware which is marked as "Certified" or "Compatible" for RedHat Enterprise Linux Update 4 on the RedHat Hardware Compatibility web site. You should consider a fast processor speed if you intend to make significant use of these services. To utilize all the features of SME Server 7.1 Minimum Hardware Requirements Specifications PCI-based i586 or i686 compatible processor 400 MHz 256 MB SATA/PATA or SCSI . ■ The server should work with any i586 or i686 compatible CPU that can run Centos 4. because of its critical role in your office. are also processor-intensive. Only modems that are Linux-compatible may be used.org/index. will function correctly with SME Server 7. ■ For a dedicated connection in server and gateway mode. Note that we do not believe such a system will provide satisfactory performance for features such as webmail. Minimum Hardware Requirements The following information outlines what we consider the bare minimum system that will function as a basic file/print server and network gateway. and the speed of your Internet connection.4.0. Other remote access services. When you consider the requirements. please be aware of the following notes: ■ The server ships with the remote access services disabled by default. Table 4.contribs.com/hwcert/. This combination supports a wide variety of hardware. 4.0. remote access via PPTP. in particular the memory requirement. If a tradeoff is required. whether you plan to use the proxy server on the server. which are cpu intensive will not perform well on this platform.

2 Drives . but should be sufficient for at least 25 users. Your server will be automatically configured as follows: ■ ■ ■ ■ 1 Drive .2. so that if one drive fails.Software RAID 1 (ready to accept a second drive). 5 or 6.3. two drives can fail and the system will still function.2.1) 6+ Drives .Automatic configuration of Software RAID 1. From SME 7.Software RAID 5 (4-5 drives with SME 7. the system will still function. How many users this configuration will support depends on how heavily the server will be utilized. In the case of RAID 6. We highly recommend that at a minimum you utilize 2 identical drives in your sytem to take advantage of the redundancy provided by the RAID configuration.5GHz 512 MB One or more SATA/PATA or SCSI . Only modems that are Linux-compatible may be used. Hard Drive Configuration SME Server 7 introduces a new feature . Recommended Hardware Requirements The following information is what we would suggest is the recommended minimum to utilize all the features of SME Server 7.0. WinModems are not supported. RAID is a way of storing data on more than one hard drive at once.Page 17 of 111 CD-ROM drive Monitor Graphics card ATAPI or SCSI any any 4.1 this is no longer a requirement.Software RAID 1 3-5 Drives . 10/18/2010 . Recommended Hardware Requirement Specifications PCI-based i686 compatible processor 1. they should all be identical in size and model.at least 40 GB SCSI adapter must appear on the supported list (only necessary for SCSI systems) The ethernet adapters installed on your server must appear on the supported list.Software RAID 6 Note: With SME 7.0 if you utilize more than one drive. Category Architecture Processor speed RAM Hard Drive SCSI adapter Ethernet adapter(s) Modem (for dialup only) CD-ROM drive Monitor Graphics card Table 4. ATAPI or SCSI any any 4.

your SCSI adapter must be supported by Red Hat Enterprise Linux 4. In disk mirroring.org/Raid 10/18/2010 . You can do so easily by selecting "Backup or restore" from the server manager. If the computer you plan to use for your server has a SCSI hard disk. The level of Raid depends on the number of drives installed. Note: If you have previously installed and configured a server and are reinstalling the software. The server is configured to accept any number of drives and will function properly. One is the mirror of the other. Supported Ethernet or SCSI Adapters.1. If you intend to use the tape backup capabilities of the SME Server. Your ethernet adapters must be supported by Red Hat Enterprise Linux 4. Software Mirroring The SME Server comes by default with RAID disk mirroring.contribs. You can read these terms and conditions in|Chapter 1. Licensing Terms and Conditions In installing the SME Server software. of this guide under the title Software Licensing Terms and Conditions .Page 18 of 111 4. also called RAID Level 1. You can verify the RAID status from the console. user directories.4. you must have a tape drive that is supported by Red Hat Enterprise Linux 4. It will take some time to build so do it during scheduled maintenance. you are agreeing to the open source licensing terms and conditions associated with it. you have the ability to set up disk mirroring. They can be either SCSI or IDE drives. Simply performing a new installation will erase all previously existing user accounts. Installing And Configuring Your SME Server Software The following sections explain in detail the process of installing the SME Server software. you may wish to back up the contents of your server onto one of your desktop computers. There is more technical information on SME Raid at http://wiki. as explained in chapter 10. RAID1 Support (Disk Mirroring) With SME Server.3. If you later wish to add more drives. Should the primary disk experience a hardware failure. but we strongly advise they are the same size and type. Upgrading From A Previous Version in order to preserve your existing configuration and data. Disk mirroring can be accomplished through either software or hardware . or Tape Drives Either one ethernet adapter (in the case of dialup connectivity or server-only mode) or two ethernet adapters (for dedicated connections in server and gateway mode) must be installed on your SME Server. i-bay contents and web site and configuration parameters. just add them and instruct the server via the console to create the mirror. please be aware that you should use the procedure described in section 5. All of your data will be protected. the mirror disk will continue operations as if nothing had happened. If you have not already done so. you basically write all of your data to two separate hard disks installed in your server.2.

restore the backup through the server manager Installing the Software Note: 10/18/2010 . you should NOT choose Install . If you are going to use hardware mirroring. Installing the Software. Additionally it can simplify configuration because to the operating system the entire RAID disk system looks like one single disk.Page 19 of 111 Hardware Mirroring With hardware mirroring. You should be able to use any supported SCSI hardware RAID controller. As mirroring is performed in hardware. you can do so while preserving your configuration data. select Upgrade from the appropriate screen in the installation process as described in section 5.4. However. Upgrading From A Previous Version. (Doing so will enable software mirroring. Installing the Software.x using the standard upgrade process detailed in section 5.Dual hard disk with software RAID-1 mirroring during the installation process described in section 5. you should do a regular installation of the software. you should: 1. you use a special RAID disk controller to perform the actual mirroring across multiple disks. You should back up all your data and test carefully after installation. Upgrading From A Previous Version If you have previously installed a server and now wish to upgrade to version 7. Also see the related Howto UpgradeDisk if you are restoring to a new server or new Drive.1. Backup or restore 2.) Instead. Note: Using one of the supported hardware RAID controllers. perform a backup through the server manager as detailed in chapter 10. we do recommend that you back up your system prior to performing this upgrade just to be safe.4. Warning: It is not possible to use the Upgrade option to add software mirroring (RAID1) to an existing server.3. To do so. the performance can be significantly faster than software mirroring. you should be able to upgrade without any problems. if you want to upgrade a previous version of the software that was not installed with software mirroring to use software mirroring (RAID1) support. If you previously installed software mirroring with a previous version of the software. perform a fresh install selecting the software mirroring option 3. While the upgrade should proceed smoothly. you will be able to upgrade from an earlier version of the SME Server to version 6.

notice that your step 4 below will be slightly different. 10/18/2010 . Step 2: You will be given the option of testing the CD --ROM-.media before beginning installation. Step 3: Select the language you would like to use during the installation process.Page 20 of 111 If you are configuring your system with RAID1 support. it would be advisable to read it before proceeding. If you skipped section 5. Step 1: Insert the CD-ROM media.2 RAID1 Support (Disk Mirroring). Choose OK to test the CD media or choose Skip to start the installation.

You must choose Yes to proceed. Step 5: You are informed that all disks will be formatted and any data will be lost. 10/18/2010 .Page 21 of 111 Step 4: Select which model keyboard is attached to your computer.

USB hard drives are considered non-removable drives. The installation process will now automatically proceed to install the necessary packages. 10/18/2010 .Page 22 of 111 Warning: The installation process formats and erases all attached hard drives. Be sure to unplug USB drives. be sure to back them up prior to starting the installation process. The installer ignores all removable drives and uses all non-removable drives that are at least 2Gb in size. Removable drives are USB pen drives and floppy/cd rom drives. Step 6: Select which time zone you are in. If you have multiple hard drives.

At the end of the process. you will be prompted to remove the CD and then to reboot your computer.Page 23 of 111 Step 7: Finishing the installation is automatic and takes only a few minutes. 10/18/2010 .

or NICs) that will be used by your server to communicate with the internal network and the Internet (or external network). ■ operation mode . such as whether to allow your users to use a proxy server. You will be take through the configuration routine just like during installation. detailed explanation of the required information.you must provide information about your internal network so that your server can communicate with other machines on your local network.Page 24 of 111 Warning: The installation (or upgrade) process rewrites the boot sector on your hard drive. CD. If your ISP provided you with a summary of your configuration choices and network information. There are several types of configuration parameters that must be entered into your server: ■ the system password ■ the type of ethernet adapters (network interface cards. Once your system has restarted (so that it is no longer booting from the installation CD). This may cause machines with BIOS boot sector virus detection to not boot unattended.there are several final items to configure. and whether you wish to secure the server console so that it can only be accessed using the administrator's password. As you select a given configuration parameter.you must configure your server so that it can communicate with your ISP either by a dedicated connection or using a dialup connection (only for server and gateway mode). you have set during install.tgz) you are prompted if you wish to restore. Configuring your SME Server Tip: To change configuration settings. Typically.you must select whether your server will operate in server and gateway mode or server-only mode. DVD. ■ configuration for the external network/Internet . Each screen will provide you with a simple. (Note that if you are connecting to the Internet with a dialup connection. you will be presented only with the screens necessary for your given configuration.org. Obviously. USB Disk or Tape drive If you have a DAR backup perform your restore from the server-manager after configuration. This detection should be disabled in your system's BIOS. you will notice that there is a "Keep" option which will allow you to keep the choices you may have made previously. at a later date you can login as admin user to your server console and choose the option to Reconfigure your server. the server software will detect this information automatically.) ■ configuration for the internal (local) network . you only need one ethernet adapter. Restoring a Backup If you have a tar backup (usually smeserver. Note: As you move through the configuration screens. we suggest that you keep it handy while completing the screens in the configuration section of the server console. you are ready to configure your system. ■ miscellaneous information . Enter your media. whether to provide status reporting to Contribs. Make your necessary changes or use the Keep option to preserve the settings you have set previously. when you are 10/18/2010 .

It is extremely important that you choose a good password and keep that password secret. The password will also be examined to determine how strong it is from a security point-of -view. A good password should contain mixed upper. This is the password you will enter to access the web-based server manager. An example might be "IwmSMES!" as in "I want my SME Server!" (Please don't use this example as your password!) Configuring Your System Name and Domain Name As shown below. Warning: You can use any ASCII printable characters in the administrator password. this option can save time. a dictionary word). numbers and punctuation. Anyone who gains access to this password has the power to make any change to your server! After you enter the password once. You will have the option to go back and change to a stronger password or to continue using the weaker password.) 10/18/2010 . many of these choices will not have been made. As this password gives someone total control over your server. the first thing you will be asked to do is to set the system password. you may also need to enter this password to access the server console. you will be asked to type it again to confirm that the password was recorded correctly. but if you later go back to re-configure the system. you should choose a password that cannot be guessed easily. your next step is to enter the primary domain name that will be associated with your SME Server. If it is found to be weak (for instance.and lower-case letters.Page 25 of 111 configuring your system for the first time. yet also be easy to remember. Depending on how you configure the system. (You can later configure other virtual domains that work with the server. you will see an additional screen asking if you really want to use this password. Setting Your Administrator Password As shown in the image below.

You should think carefully about this as changing it later may create additional work. Windows client computers may be mapping drives to your server using its name. (For instance. Those clients would need to remap the drive using the new name. When you do. each server will need a unique name. It connects your computer and the ethernet.) Tip: You should make the system name as unique as possible in case you someday decide to link your server to another server using an IPSEC VPN. Using some type of theme. such as location names. allowing the computer to communicate with other computers and devices on the network.Page 26 of 111 Next you need to provide a name for your server.also called an ethernet card or network interface card (NIC) . a shown in the screen below: 10/18/2010 . may be an effective way to ensure unique names. called an "ethernet driver". A computer needs a special software program.is a special piece of hardware that serves as the interface between a computer and the ethernet network. Configuring Your Local Network Selecting Your Local Ethernet Adapter An ethernet adapter . to use an ethernet adapter. You will first need to select the appropriate driver for the ethernet adapter connected to your local network. Which ethernet driver is required depends on which ethernet adapter is installed on your computer.

the IP addresses assigned to those computers need only be unique with regards to your local network.) As a result. Because your server acts as a gateway and firewall.Page 27 of 111 If you are using a PCI ethernet adapter that appears on our supported list. If you plan to operate in server and gateway mode (explained in greater detail below). directly interacts with the external world. This includes the IP address and the subnet mask on your server's internal interface. Configuring Local Network Parameters Your SME Server needs information about your local network in order to communicate with the other computers on your network. where 'xxxx' and 'yyyy' are specific to your hardware. it is likely that your server will be able to detect your hardware automatically and you will simply be able to choose option 1. If the software fails to detect it correctly. (It doesn't matter if a computer on someone else's local network uses the same IP address. After the appropriate driver is selected. 10/18/2010 . including the internal interface of your server. select "OK" and proceed to the next screen. Because no computer on your local network. these will differ from the IP address and subnet mask on the external interface. because the two machines will not be in direct contact. your server will act as a relay between your local network and the Internet. other than your server. we are able to use special "non-routable IP addresses" for your local network. you can manually select the appropriate driver for your ethernet adapter from a list of drivers or from a list of ethernet adapter models. "Use xxxx (for chipset yyyy)". Warning: If you configure your server in server-gateway mode make sure the IP address for the internal interface and the one for the external interface are in different ranges that do not overlap.

Additionally. Otherwise. there are a number of extra parameters that will need to be configured. If you configure your server to operate in server and gateway mode. you can accept the default setting. you are operating your server in "server-only" mode and there are already servers on your network. This is where you select your server's operation mode. you may find it useful for later troubleshooting to use different network addresses for each site. unless you have a specific need for some other setting. one ethernet adapter (for the local network) and a modem for a dialup connection With server and gateway mode. Even if you are not planning to use a VPN right now. file and print sharing) to your network and also acts as a gateway between your internal network and the outside world. you will be prompted to enter the subnet mask for your local network. your server will require either: 1. If you are adding your server to an existing network. you will need to use the subnet mask used by the local network.Page 28 of 111 If you have no reason to prefer one set of IP addresses over another for your local network. you will need to obtain an unused IP address for your local network. These will be discussed in the next section. it would be safest to use unique network addresses for each location. however. your server provides services (such as e-mail. Operation Mode After configuring your SME Server for your local network. Tip: If you are installing servers at multiple sites within your organization. If. two ethernet adapters (one to communicate with the local network and the other to communicate with the ext 1. The fact that it serves as a "gateway" means it has separate interfaces with each network. 10/18/2010 . Next. web services. and provides security and routing. each server will need to use a different range of IP addresses. Option 1: Server and gateway mode In server and gateway mode. your server will prompt you with default parameters that are probably appropriate in your situation. if you ever want to establish an IPSEC VPN between the servers. you will see the following screen.

In this instance. Warning: Because the server "trusts" the local network to be secure in server-only mode. Under no conditions should it be directly connected to the Internet. but do not wish to publish any services to the external Internet. file and print-sharing) to your network. In this configuration. " Server-only mode . simply leave this configuration screen blank. You would select this mode only if you wish to use the server as a gateway. ■ Additional firewall rules have been configured to drop packets for various services (such as 'ping' requests). The differences are entirely in how your server is seen by the external world. it must be behind a firewall of some type. ■ our mail server is not accessible from outside of the local network. e-mail. you should enter the IP address for the Internet gateway on your local network. If you select Option 3. If you do not have an Internet connection. web services. Your network will resemble the image below: If you have a connection to the Internet by way of another gateway or corporate firewall. your server will provide your local network with web. you can configure your server to provide services (including e-mail. On the next configuration screen. All services are available on the internal network. you do not need your server to provide the gateway role because that role is fulfilled by your firewall. Option 3: Server-only mode Server-only mode is appropriate if you do not wish to use the gateway capabilities of your server.Page 29 of 111 Option 2: Private server and gateway This mode is a variation of option 1 and provides the same functionality with the following differences: ■ our web server is not visible to anyone outside of the local network. your server connects only to the local network and does not connect directly to the outside world (although it may connect indirectly through your firewall or another server).protected network ". file and print-sharing. 10/18/2010 .

dialup connection" (as discussed in the next section). Assigning Your Ethernet Adapters to Network Connection To communicate successfully. Server and Gateway Mode . you must select one of two Internet connection types . Your server will make this 10/18/2010 . Therefore. "Keep current driver". As before. the software will attempt to detect the card. you need to configure the driver for your external ethernet adapter. your server needs to know which ethernet adapter connects it to the internal network and which adapter connects it to the external network/Internet.Dedicated How you configure your server's external interface depends on whether you are using a dedicated connection or a dialup connection.Page 30 of 111 Configuring Server and Gateway Mode If you are configuring your server to operate in server and gateway mode. you will need to manually select the driver. If it correctly identifies the card.a dedicated connection (such as ADSL or cable modem) or a dialup connection (in which case you will be connecting to your ISP via a modem). you can proceed using Option 1. if you configured your server for "server and gateway mode . If it does not. Configuring Your External Ethernet Adapter As you did previously with your local ethernet adapter. The next step after selecting a connection type is to enter the specific parameters representing that connection.dedicated connection" you will be presented with very different configuration screens than if you configured the server for "server and gateway .

Page 31 of 111 designation automatically . This information can help you determine which card is eth0 and which is eth1.the first ethernet adapter (in position "eth0") will normally be assigned to the local. If your test fails at that time. you will see which driver is associated with eth0 and which is associated with eth1. You will later have the opportunity to "Test Internet Access" from the server console. we suggest you leave it in the default configuration while completing the rest of the screens. If you have two cards that use the identical driver you will see a screen such as the one above where the actual driver is not listed. you will be presented with the following screen: Your server must know three additional things to communicate on the Internet: 10/18/2010 . In the event that this assumption is incorrect. return to this screen. Configuring Your External Interface With a dedicated connection in server and gateway mode. If you don't know which ethernet adapter is designated to eth0 and which is designated to eth1. this screen allows you to easily swap that designation. Tip: If you are using two different network interface cards. swap the card assignment and retry the test. internal network and the second ethernet adapter (in position "eth1") will normally be assigned to the external network/Internet.

Essentially. Tip: What is PPPoE? PPPoE is the Point-to-Point Protocol over Ethernet . Configuring Dynamic DNS If you choose either of the DHCP options or PPPoE. If your ISP is providing you with a dynamic IP address. select Option 2. choose Option 3. Assuming you have this information on hand. your server will automatically be given its external interface configuration parameters. and the gateway IP address of the device that your server should connect to in order to communicate with the Internet. 10/18/2010 . you would need to know this information and enter it into the server console. It identifies the computer that your server should contact in order to exchange information with the rest of the Internet. Successive screens will prompt you to enter each parameter. Many ISPs that provide ADSL connections use PPPoE as the method of connecting their customers to the Internet over ADSL. 2 or 3 depending upon how you will be connecting to your ISP. ■ a subnet mask (also called a netmask) which looks like an IP address and allows other computers to infer your network address from your IP address. If you plan to use a Dynamic DNS service. it is an implementation of the popular PPP protocol used for dialup connections . However. you will be presented with an additional screen where you can choose which dynamic DNS service you wish to use. If you are using ADSL and need PPP over Ethernet. This is the IP address of the router on your server's external network. affordable way to ensure continuity of service when your IP address changes. When you first connect to your ISP. most ISPs are capable of automatically assigning these configuration parameters to your server using a DHCP server or PPPoE . Please read the next section on dynamic DNS for more information about dynamic DNS. Otherwise. It is a simple. If you have a static IP address and your ISP does not offer DHCP or PPPoE. Note that some ISPs require you to enter their domain name as well as your user name. then your ISP will give you the static IP address. you can go ahead and select Option 4. If you have a static IP address and your ISP is configuring your server using DHCP or PPPoE. the ISP will configure this through DHCP or PPPoE and your server will be re-configured automatically whenever your IP address changes. Normally. You will then be asked for the user name and password you use to connect to your ISP. select Option 1.only configured to run over an Ethernet connection.Page 32 of 111 ■ its own unique IP address so that Internet data packets can reach it. subnet mask (or netmask). There are some very good reasons to use a dynamic DNS service if you have a dynamically assigned IP address. select Option 1. ■ the IP address of the external gateway for your server.

com . but with some particular modems or ISDN cards. if you wish to use this service select custom and write your own script. On the other hand. but doing so would require some customization of the server.) Once the service is selected. We are aware of at least one case in which a failed modem link at the ISP resulted in several thousand connection attempts over a couple of days . the script for "dyndns.Commercial service" doesn't work.org. if you have a separate phone line or unlimited time with your ISP. Configuring the Server for Server and Gateway Mode .) Please read Appendix B on dynamic DNS for more information about whether a dynamic DNS is right for you.com.Page 33 of 111 The server is pre-configured to operate with four dynamic DNS organizations: yi. and tzo. dyndns. such as the serial port your modem is connected to *2 ■ modem or ISDN initialization screen . dyndns.org. you might want to have long connection times or a continuous connection. you may wish to minimize the time you are online.com.most users can simply leave this blank. If you are in a small office and wish to share your phone line between your computer and phone or fax. Warning: If you are using a dial-on-demand link to your ISP. This is also true if your ISP charges a fee on a per-minute basis. If your telephone carrier charges you per-call or per-minute fees. As shown in the screen below.and a hefty phone bill. additional information may need to be entered here ■ the dialup access phone number ■ username ■ password ■ connection policy This last item may be of special interest. successive screens will ask you for the following information: ■ information regarding the modem or ISDN connection with your ISP. Note that the dynamic DNS service may place restrictions on which domain name you can use for your company. we suggest that you contact your ISP and ask whether it is willing to assume responsibility if a failure at their end results in a large phone bill. the subsequent two screens will prompt you to enter your account name and the password for your account. 10/18/2010 . please be aware that you can incur very steep phone charges due to dialup connection attempts to the ISP. (You can elect to use a different service. you can configure what type of policy you wish to have in place during typical work hours.Dialup Access If you select dialup access. (These two parameters would be given to you by the service. NB.

The difference is there because it is assumed that people reading a web page may take longer to go on to another web page. these settings would give your users the fastest response time as the connection would always be online. On the other hand. which would allow you to restrict your system from connecting on weekends or during off-hours. This reduces the risk of error and simplifies the process of configuring your network. Your SME Server can be configured to provide DHCP service to your internal network. These specify how long the server should wait before disconnecting the dialup connection. you can then configure the policy for time outside of office hours and additionally for the weekend. Medium or Long. Assuming that your ISP is okay with this arrangement and you can afford to do so financially. Choice HTTP Timeout Other Timeout Short 3 minutes 30 seconds Medium 10 minutes 5 minutes Long 20 minutes 10 minutes Note that there is also the option for a Continuous dial-up connection. Configuring Your DHCP Server You now will be prompted regarding DHCP service. There are two separate timeout values configured by each choice. You may also be able to visually identify which port your modem uses. the server will probably have disconnected and will need to redial and connect. but only doing so through the use of a dial-up connection and a modem or ISDN adapter. The connection policy defines several choices including Short. The other is a more general timeout for any other types of packets. when they want to then go to another web page. However. Notice that you do have the choice of never. setting the Long connection time will result in users experiencing fewer delays while waiting for the server to reconnect. One value is the length of time since the last HTTP (web) packet went through the server. If your office only shares a single phone line. The down side to this is that if someone is reading a long page on the web site or steps away from their computer for a brief moment. #2 Your modem documentation may indicate which serial port is used by the modem. The DHCP server can automatically configure the other computers on your internal network with such parameters as non-routable IP address. subnet mask and gateway IP address. The timeout values are shown in the table below. whereas users connecting to another service (such as ssh or POP3 to an external server) probably will be more active than someone using a web browser. the phone line will used for a larger amount of time. One example of this use might be to set a Continuous connection policy during work hours and then some variable policy during off-hours and the weekend.Page 34 of 111 After configuring this policy for "work" hours. 10/18/2010 . the Short option minimizes the amount of connection time and frees up the phone line for later use. Choosing this option is basically equivalent to creating a permanent or dedicated connection.

you will be given a login prompt. you need to tell it what range of IP addresses it can safely distribute. this section is pre-configured with defaults that are appropriate in most situations. Configuring the DHCP Address Range Before the DHCP server is able to assign IP addresses to the computers on your network. the opening screen of the SME Server server console will appear: Tip: If you set the server console mode to "login". You should not do this if there is an existing DHCP server on your network as there should typically be only one DHCP server per network. Client IP Addresses are handed out at the high end of the range. you can simply accept the defaults for these screens. you will see the server console screen above. 10/18/2010 . If you have fewer than 180 machines on your local network and no reason to prefer one range of IP addresses over another.Page 35 of 111 We recommend configuring your server to use DHCP to configure all of your network clients. As above. After you enter the user name "admin" and your system password. The Server Console When installation is complete and if you set server console mode to "auto".

Option 2: Configure this server Allows you to view and modify the configuration information you entered during the original installation (ethernet cards. DHCP. etc. The server console provides you with basic. direct access to your server.Page 36 of 111 Note: Any time that you login to your system as the "admin" user you will see the server console. DNS.). IP address information. From the server console you can get the following information and perform the following tasks: Option 1: Check status of this server Provides you with uptime information about your server. Option 3: Test internet access Allows you to test your Internet access. 10/18/2010 . domain names. This is true even when connecting to the server remotely using a tool such as ssh (discussed later in the chapter on Remote Access).

shutdown or reconfigure you server Allows you to smoothly reboot. Option 5: Manage disk redundancy Allows you to manage and view the current RAID status. For more information see the Raid howto 10/18/2010 .Page 37 of 111 Option 4: Reboot. reconfigure or shut down your server.

10/18/2010 . Access server manager with text-mode browser.org/ Note that for security reasons some regular features of lynx are disabled when you are browsing from the server console (such as the ability to specify an external URL). Type 'q' (for 'quit') to exit the text-based browser. Using the Text-based Browser For Option 4.Page 38 of 111 Option 6: Access server manager Provides you with a means to access the web-based server manager using a text-based browser. This option merely allows you to perform these functions directly from the server console.browser. left arrow to go back. right arrow to follow a link. This is the same interface to which you can connect from another system using a normal graphical browser. Lynx has a wide range of other commands which you can learn about through the online help available at http://lynx.up and down to move through the page. Navigation is primarily with the arrow keys . the server uses a text-based browser called lynx to allow you to access the web-based server manager from the server console.

If you connect in remotely as the "admin" user and see the server console. You should always ensure that you log out from the root account when you are finished and before you switch back to the server console. you can access the Linux operating system underlying the SME Server software by logging in as the user "root".org for support. 10/18/2010 . you will not be able to switch to a login prompt in that window.Page 39 of 111 Accessing the Linux Root Prompt If you are an expert user and would like to do advanced modifications to the configuration of your server. (You can. you may be interested in trying a file management tool called Midnight Commander. Press the function key "F1" for help and "F10" to quit. press Alt-F1. Be aware that this ability to switch between the server console and a login prompt is only available when you have physical access to the server. however. Simply type mc at the command prompt. It allows you to perform many file operations through a menu-driven interface. Note that this is the same password as that used by the "admin" user account. To switch back. you can press Alt-F2 to switch to another screen with a login prompt. The password for the "root" user is whatever password is currently set for the administrator of the server. open up another remote connection to your server and login as the "root" user. Option 7: View support and licensing information Displays the GNU General Public License (the license governing the distribution and use of SME Server software) and information on how to contact Contribs.) Note that remote administrative access is disabled by default and must be specifically enabled through the Remote Access panel of the server manager. Note: If you are not familiar with working from the Linux prompt. Option 8: Perform backup to USB device Attach a USB Device and follow the prompts. If your server is displaying the server console and not a login prompt.

you can now access the server manager over the web and create your employees' user accounts. If your computers and applications came with manuals. operating systems and software applications.Page 40 of 111 To restore this type of USB Backup. Step 3: Once e-mail accounts are created. This chapter helps you configure software and hardware supplied by other companies and for that reason is not as specific as the rest of this guide. we recommend you configure your desktop computers in the following order: Step 1: First. they might be useful supplements to this chapter. Technical problems encountered in networking your desktop computers and applications are best resolved with the vendors who support them for you. Step 2: With TCP/IP up and running on one of your computers. configure one of your desktop computers to work with TCP/IP (using the information in this chapter). perform a clean install and when prompted if you wish to restore attach the USB Drive. The next chapter. web browsing and LDAP (using the information in this chapter). Given the wide range of computers. you can ensure that all the computers on your network are configured for TCP/IP. we cannot accurately explain the process of configuring each of them. 10/18/2010 . explains this simple process. e-mail. SME_Server:Documentation:Administration_Manual:Chapter10 Configuring the Computers on Your Network What Order to do Things For efficiency. Don't have the Drive attached during the install or the drive will be formatted !! Note: The console backup to USB device is an independent method not related to the server-manager backup options.

client configuration occurs in the "Properties" dialog box associated with the TCP/IP protocol for your ethernet adapter. On a Windows 95/98 system. disable non. In Apple. go to the "Control Panel" and select "Network". As an example. Configuring Your Desktop Operating System The dialog box where you configure your desktop differs from operating system to operating system and version to version. select "DHCP server". in Microsoft Windows 95 or 98. you may need to add one before you can configure its properties with the following information. Turn "off" other networking protocols (e. etc.) In Windows. Note: We strongly recommend that you configure all clients machines using DHCP rather than manually using static IP addresses. the window will look like the image below.Unless an application relies on a nonTCP/IP TCP/IP protocol. you will find it much easier to work in an environment where addresses are automatically assigned. To get there.g. disable all other protocols protocols. open TCP/IP Control Panel. Should you ever need to change network settings or troubleshoot your network later.Page 41 of 111 Warning: This chapter demonstrates only one of the many possible ways to configure your client computers and is provided here as an example. 10/18/2010 . In Apple. If a TCP/IP protocol is not yet associated with your ethernet adapter. enable DHCP service See section below Item What to enter In Windows you add a TCP/IP protocol. enable "Obtain an IP address service automatically". Description All your computers must communicate enable TCP/IP on the network using the TCP/IP protocol protocol. NetBeui.

For a more detailed explanation of DHCP. you may want to use a static IP address for a particular client machine. The negative side of this approach is that you cannot easily change or alter network settings without having to go in and modify the information on the client machine. gateway IP address and DNS IP address(es). To do so.Page 42 of 111 Automatic DHCP Service Your server provides a DHCP server that assigns each of the computers on your network an IP address. The typical approach is to manually enter this IP address into the network properties of the specific machine. Note: In some rare cases. consult the section in the|Chapter 5 called "Configuring Your DHCP Server". it is possible to provide this static IP address directly through DHCP rather than manually configuring the client computer. However. Warning: 10/18/2010 . Next you will go to the Hostnames and addresses web panel of the server manager and enter the information there. subnet mask. you will first need to determine the Ethernet address of the client computer (usually through the network properties).

enter the IP address for address here: the default is "192.168. What to enter You must assign a different.the default used in the server console is "192. firewall or network router). he default subnet mask (or netmask) is Manually enter this number.168. However. the running in server-only mode. you must manually enter the following information into your TCP/IP properties: Item IP address subnet mask (or netmask) gateway IP address Description Manually enter this information (see paragraph below). if your computers do not support DHCP. To avoid duplication.g.1.1. If you are your network's gateway (e.255.1". unique IP address to computers not accepting DHCP (see note below). You also allocated a block of IP addresses for manual assignment.2 through 192.Page 43 of 111 Only One DHCP Server It is imperative that no other DHCP server is on your network. It is even possible to assign a static IP address through the Hostnames and addresses web panel of the server manager that will be distributed through your DHCP server. If you have a firewall other than your Manually enter this information. 10/18/2010 . and reboot each computer. Leave DHCP enabled. IP addresses of your domain name servers It is critical that every computer on your network has a unique IP address and that you don't assign two computers the same address. enter the IP address for the device interfacing with your external network. your server is your local network's gateway.64 will have been set aside for manual entry.1. Enter its IP or. If you accepted the defaults pre-configured into the server console.168. In enabling DHCP service in the server console. "255. use only those IP addresses when manually assigning IP addresses to your computers.1". in the case of server-only mode. netmasks.255. IP addresses 192. Enter the IP address for the server If you are running in server and gateway mode. we strongly recommend that you perform all your client configuration using DHCP. you should remove that DHCP server from your network. you designated a range of IP addresses for DHCP assignment. you may need to enter additional DNS servers here. Manual entry for computers not using DHCP service As noted above. New IP addresses.0". Normally you would just add the IP address for your server .168. If a former DHCP server configured your computers. gateway IP addresses and DNS addresses will be assigned automatically by the server DHCP server. server that restricts internal queries to Internet DNS servers.1.

we'll explain how this can be set using the webbased server manager. your computer will be connected to the server and to the Internet.Page 44 of 111 After configuring the TCP/IP parameters. select "System". most Windows systems need to be rebooted after the TCP/IP configuration has been changed. here users do not need accounts on individual PC's but authenticate against the Server. In the field for "Workgroup". we'll explain how this can be set using the web-based server manager. then "Computer Name". you may need to reboot your desktop computer to implement the configuration changes. go to the "Control Panel". type your "workgroup". (In a subsequent chapter. and click on change. Enter your servers "workgroup" value in the domain field and 'Connect'. MS Windows workgroup configuration If you are using a Microsoft operating system. Enter 10/18/2010 . (In a subsequent chapter. MS Windows Domain configuration SME Server can be configured to be the "Workgroup and Domain Controller" for your network. you must ensure that your workgroup is the same as the workgroup name of your server.) Go to the Control Panel.and "Computer Name" and click Change. select "System" --"Network"-.) Once the settings take effect.) Connecting to a Domain To connect a windows XP client to your domain. (For example.

bat REM To set the time when clients logon to the domain: net time \\servername /set /yes REM To map a home directory to drive h: net use h: /home /persistent:no net use j: \\servername\ibay1 /persistent:no net use p: \\servername\ibay2 /persistent:no if exist Z: net use Z: /del /yes and reset file to dos format unix2dos /home/e-smith/files/samba/netlogon/netlogon.168.168.99 during initial configuration you gain access with---https://192. Setting up network drives If you are using SME Server as a domain controller and the workstations have joined the domain you can automate drive mapping and syncronise the PC time with the netlogon. (*) Admin or any user in the 'Domain Admins' group can join the domain.yourdomain. --- Note: For security reasons.1.1. The server-manager can be accessed via a web browser from any client connected to the same local network using a variety of URL formats: ■ https://www. you are only able to access the server-manager through a web browser on the local network.Page 45 of 111 the username of admin(*) with the servers admin password when asked.99/server-manager or https://nemo/server-manager. and you should get back the response 'Connected to workgroup'.bat file On-going Administration using the server-manager The server-manager is your SME Server control panel for administrative tasks.xxx/server-manager ■ https://ip-of-your-server/server-manager ■ https://name-of-your-server/server-manager If you had chosen the server name "nemo" and ip-adress 192.bat file pico -w /home/e-smith/files/samba/netlogon/netlogon.bat Chapter 13 has an alternative method for admin to edit the netlogon. Remote access is only possible using remote access tools such as ssh and PPTP or by allowing access to IP ranges set in Security > Remote Access 10/18/2010 .

The account name must contain only lower-case letters and numbers and should start with a lower-case letter (not a number). There are some basic rules built into the server as to what constitutes a valid account name. Fred's email address would be "ffrog@tofu-dog. you'll be asked to enter your user name (which is always "admin") and the password you created during the installation process. It will look like the screen shown above.com". User account names are limited to twelve characters to maintain consistency with various versions of Windows. Longer names can be created for email through the >Pseudonyms panel. if you have an employee named Fred Frog.lastname" and "firstname_lastname" are automatically created for each account. 10/18/2010 . Assuming your domain name is tofu-dog. Security. The links are grouped together under four headings: Collaboration. Administration. pseudonyms of "firstname. we'll explain each of the administrative functions. Enter that information and click "OK" to be taken to the server-manager. Collaboration Users User accounts should be set up for each person in your organization. For your information. So. Configuration and Miscellaneous. A user account includes separate. password-protected email and file storage areas. In the next five chapters. Fred's file directory on the server would also be named "ffrog". If this is the first time you are setting up user accounts for your organization. you will need to establish what your naming convention will be. Fred's user account would be "ffrog".Page 46 of 111 When you arrive at the correct URL. Let's assume you've decided that the account name should consist of first initial and last name.com.

User accounts are locked out and cannot be used until you set the initial password for each account . user accounts appear in red until the password is changed. but the email will be delivered to the external email address. the person's name.the account name (the part of the email address that comes before "@"). address. but want the messages forwarded to another external email address. you can create the user account but set the email delivery option in the user account to 'Forward to address below' and enter the external address. You can. select "Click here" and fill in the requested information . the user will not be able to access services on your server. the administrator has not yet changed the password for user "Sally Salmon"). If you haven't already created any accounts. 10/18/2010 . modify the information for each user as you create the account. (In the example shown here. you will see a list of your current accounts. As a convenience. department. you can easily modify or remove a user account (by clicking on "modify" or "remove" next to the user name) or set the user's password. the defaults that you entered in the "Directory" section of the server-manager appear each time you create a new account.Page 47 of 111 In the "User Accounts" section of the server-manager. company and phone number. Note: If you want someone to have an email address at your company. If you leave the user account locked out. if necessary. From the list of user accounts. As a reminder of this.

if a user account is set to forward email to an external email address. Educating your users on the necessity of strong passwords is the best option. As noted above. when a user forgets his password. To make the change.Far too many systems out there have weak passwords and they will be broken into. The user will no longer be able to retrieve email or connect to any files or other resources on the server. you will need to modify the properties for that user account. All they can do is set a new password for the user. If that fails. Therefore. which was the setting in previous versions of SME. To prevent this. the account will be locked out. but still keep their files or email address active until the information can be examined. The staff at The Pagan Vegan would visit the URL www. email will still be received for that user name. the old password and the new password (to ensure accuracy. When an account is disabled. Be careful to use the exact capitalization. Note: Password strength checking is too strong. simply reset it in the server. the screen asks for the new password twice). your users can set their own passwords by accessing the user-password URL which is only accessible from Local Networks. To disable any user account on your server. For instance.xxx/user-password .xxx/user-password (where "www. you need to reset the password using the link on the User Accounts servermanager panel. a user would enter his or her account name (the characters before "@"). They do this through their web browsers by visiting the URL www.Page 48 of 111 Disabling User Accounts There may be times when you do not wish to delete a user account but instead merely want to disable it. here is how you change the password strength checking from 'strong' to 'normal'. you may want to immediately remove their access to the server. when an employee leaves the company. Note that changing the password for a user in the server-manager overrides any previous password entered by your user. but the user will be unable to retrieve the email. Changing User Passwords Once they have an active account.manager. As soon as you click the link.xxx" is the web server name you entered into the server console). config setprop passwordstrength Users normal config setprop passwordstrength Ibays normal 10/18/2010 . To re-enable the user account. How do I change it? First a warning .yourdomain.yourdomain. Note: There is no way for the administrator to recover a forgotten password for a user. the email will be forwarded to that external address.yourdomain. just click on the Lock Account link on the User Accounts server-manager panel.

and it allows the system administrator to associate groups of users with a single information bay (ibay). You enter the group name (as with account names. Finally. they work in the same department or are collaborating on a project. If you fail to do so. followed by a brief description. Creating a new group is a simple three-step process. you are required to assign at least one user to that group. but strongly discouraged. to disable password strength checking by setting to 'none' Groups This screen allows you to create. 10/18/2010 .Page 49 of 111 It is also possible. the group will not be created and you will receive an error message. which are simply lists of people with a shared interest . check the boxes next to the names of the users who should be associated with that group.for example. these should begin with a lower-case letter and consist only of lower-case letters and numbers). remove or change user groups. The user group function serves two purposes in the SME Server: it permits email to be sent conveniently to a group of users. Warning: When you create a group.

He will receive a permission-denied error. just log out) and login again. The domain always has three groups created. there is no size limit on the files a user may store on the server nor the amount of email that can be received. Now he should be able to go through Windows Explorer and access the "salesinfo" i-bay without any problem. He must log out of Windows (he does not need to shut down or reboot. the actual disk space they are using and the quotas. if any. you may do so on the " Quotas " panel in the server-manager. However. suppose you create a new group "sales" and assign user "ffrog" (Fred Frog) to that group. 10/18/2010 . Quotas By default. the user must log out and log back in for those changes to take effect. Fred Frog is still logged into a Windows PC and now tries to connect to the new i-bay through Windows Explorer. if you wish to limit the disk space a particular user account can use. You then create a new i-bay called "salesinfo" that only the "sales" group can access.kellys-korner-xp.Page 50 of 111 After you add (or remove) a user account from a group. As shown in the image below. So if you create a group called "admins" and give it a description of "Domain Admins" then anyone you assign to this group will be a domain admin and also a local admin on ANY box that has joined the domain. assigned as follows: Group Description Domain Admins Domain Users Domain Guests Domain Rights admin shared (everyone) nobody If you create a group and name it whatever you want but put one of the above for the description then the newly created group will replace the above mapping. set for that user account. he or she will still have their old group membership information. You can also create a less privileged group "Power Users" see http://www. For instance. you will see a list of user accounts. Setting admin rights If you are using SME Server as a domain controller and the windows workstations have joined the domain then by adding users to special groups you are able to change the rights a users has on that workstation.com/xp_groups. Until the user does so.htm for the rights granted to the different groups.

but also all files that they may put into any of the i-bays.when a user's disk usage hits this limit. There are two quotas that can be applied to each user account: ■ Limit with grace period . Note that if the user account exceeds the "Limit with grace period" for seven consecutive days. 10/18/2010 . Warning: Email for the user account is not lost! It is held in the delivery queue and will be delivered to the user when their disk usage drops back below their absolute limit (or the "limit with grace period" if they were locked out due to seven days above that limit). the user will no longer be able to save files to the server or receive email. the account will be treated as if it exceeded the absolute limit and will no longer be able to save files or receive email.when a user's disk usage exceeds this limit. This includes not just their home directory. an email warning message will be sent to the user account each night until the disk usage is brought back under the limit.Page 51 of 111 Warning: Note that the quotas apply to all files that a user stores on the server. ■ Absolute limit .

the server creates two separate pseudonyms using the first and last names of the user. your server creates a special pseudonym called "everyone" that includes all user accounts on the system.lastname" and "firstname_lastname". Note: The special pseudonyms of "everyone". As you add and remove members to the group. Pseudonyms Any user who has an account on your SME Server will be able to receive email sent to that user ID. "postmaster" and "mailer-daemon" will only be visible after you have either added a user account to the system or have added a custom pseudonym. when you create a group account. but will not be visible on the Pseudonyms web panel.Page 52 of 111 By selecting " Modify " you are able to set a quota (in Megabytes) for a particular user account. your server automatically updates the email alias. These two pseudonyms are in the form of "firstname.frog@mycompany. Until that time. that group account name functions as an email alias.xxx". If you wish to modify or remove any of these pseudonyms. when you create the user account "ffrog" for a user with the name Fred Frog. for example. so that messages addressed to the group ID will be sent to all members of the group. Additionally. you create a group called "sales". In addition to user and group accounts. if you have a user named Fred Frog with the user account "ffrog". for each user account. For instance. If. Likewise. messages to "sales@mycompany. or create new ones. he will also be able to receive email sent to "fred. Two other pseudonyms. 10/18/2010 . as shown below. these three pseudonyms are there. his primary email address will be "ffrog@mycompany. Hence. your server also automatically creates several pseudonyms .xxx" will be distributed automatically to all members of that group.xxx" and "fred_frog@mycompany. "postmaster" and "mailer-daemon" are created pointing to the "admin" user. For instance.xxx". Note that you do not have to set both limits for a user account and can choose to set only one of the limits. If you set a limit and later wish to disable the quota for a given user account. you can use the web panel found under the "Collaboration" section of the server-manager. all you need to do is set the limit to "0".

a pseudonym for webmaster is being set to point to ffrog. Pseudonyms can be linked to existing user or group accounts. there are some restrictions on the text content of the names.Page 53 of 111 As noted on the screen below. In the example shown. 10/18/2010 .

Page 54 of 111 Practical usage guidelines An SME Server has only one name set. a pseudonym or an ibay. eg create your domains eg domain1. domain2. So the user account "sales" will receive email for sales@domain1 sales@domain2 sales@domain3 sales@domain4 The problem with this is that you cannot have different people using the same user account name to collect email. You can even setup different groups to allow only different users to access each ibay to update web content etc. The golden rule is never allocate unique user names to end users accounts as these will no longer be available for globalname@domain type email address usage. then that user will apply to all domains automatically. 10/18/2010 . Using the pseudonyms panel is the only way that SME Server can distribute email for the same user "name@different-domain" names. whether it be a user. domain3. a group. domain4 and configure those domains to use different ibays for the web content. but you need to use it in conjunction with the correct underlying naming concepts. meaning only one occurrence of a name can be in the system. Therefore whenever you create a user account and you have multiple domains.

johnm etc) create user accounts user5. as user account names or group names or pseudonym names (on its own) or ibay names. Summary eg For user1 for domain1 The user account will be user1 (eg johnb) and the person uses that name (& corresponding password) to login to the server or to webmail. As the user account user1 has been created on the server. info or accounts for any other purpose ie. that's the compromise to be accepted if using sme this way. Alternative configuration of users 10/18/2010 . johnb2. user4 as needed for users who want to use the email address "sales". Obviously the name before the @domain is different to their login username. user7. as users often have different "position related" pseudonyms anyway eg manager@domain1 forwards to user1. user8 as needed for users who want to use the email address "info". This is not usually a problem as you simply don't tell user1 that any other hosted domain addresses will work for that name. but keep in mind they will use the login name user5 etc rather than info create user accounts user9. in the pseudonyms field type the whole pseudonym name as sales@domain1 Note do not use sales. user6. then you will need to do that manually yourself before issuing the login details to the user. then that will also work as a valid email address ie user1@domain1 will deliver email to user1. user11. user10.Page 55 of 111 create user accounts user1. eg login to webmail as the end user eg user1 (for domain1) and setup the profile for that user to show the return email address of sales@domain1 login to webmail as the end user eg user2 (for domain2) and setup the profile for that user to show the return email address of sales@domain2 Do the same for all other webmail accounts that will be issued configuring the profile and return address as applicable. johnw. The email address for the user will be the same as the pseudonym ie sales@domain1 and that is the address the user should publish and use as the return email address. but keep in mind they will use the login name user1 rather than sales (the login names could be johnb. but note also that email "inadvertantly" sent to user1@domain2 or user1@domain3 or user1@domain4 will also be sent to user1. user3. If you don't configure webmail profiles manually then they will have the default return address of loginusername@domain1 (or the main domain name of the server if different). If your want your end users to use webmail then they login in using the URL https://domain1/webmail https://domain2/webmail https://domain3/webmail https://domain4/webmail If you want webmail to be configured for the correct domain for the correct end user the first time they use it. user12 as needed for users who want to use the email address "accounts". but keep in mind they will use the login name user9 etc rather than accounts create pseudonyms eg sales@domain1 which forwards to user1 sales@domain2 which forwards to user2 sales@domain3 which forwards to user3 sales@domain4 which forwards to user4 info@domain1 which forwards to user5 info@domain2 which forwards to user6 info@domain3 which forwards to user7 info@domain4 which forwards to user8 accounts@domain1 which forwards to user9 accounts@domain2 which forwards to user10 accounts@domain3 which forwards to user11 accounts@domain4 which forwards to user12 ie. user2. It is quite common in practise.

It is such a rich and important feature that we've devoted Chapter 14 (http://wiki. but you only tell the end user about their domain eg john@domain1 john2@domain1 john3@domain2 johnb@domain1 johnb2@domain2 johnb3@domain3 etc but john@domain2 and john@domain3 etc will still work. johnb. The following backup methods are restored from the server manager. There is no need to configure pseudonyms in that case. and the user account name and login name will be the same.0 Information Bays The i-bay (information bay) feature of the SME Server is a simple. You will still need to configure Webmail profiles manually for each domain that is different to the default domain. johnws etc. similar to what ISP's do anyway. The ultimate answer to having separately administered domains and identical user names at different domains. 10/18/2010 . Any email sent to any of the addresses will automatically be received by the end user account. Administration Backup or restore You can easily back up the contents of your SME Server using one of three methods. john3. SME_Server:Documentation:Administration_Manual:Chapter6#Option_8:_Perform_backup_to_USB_d When prompted if you wish to restore from a backup during a new install. john1. There are posts in the contribs. Note: The console backup to USB device is an independent method not related to these options. is to host only one domain on each SME Server ie have a different server for every domain. it is the console backup it is refering to. then the only other way you could setup users is to have only one occurrence of a user name in the system eg john. They are controlled through the web panel shown below.contribs. john2. johnb2.Page 56 of 111 If the above method is not acceptable/desirable. johnb1. See this thread for details http://forums.php?topic=30953. Every username will be a valid (email address) for every domain hosted on your server.org/SME_Server:Documentation:Administration_Manual:Chapter14) entirely to dealing with Information Bays. very flexible and powerful way for you to share information with others. johnw.org forums explaining how to do this and forward/delegate email for different domains from one gateway server to other server-only boxes on the same LAN using the same Internet connection.org/index.contribs.

The web panel shows you the size of the backup file so that you can verify whether sufficient space exists on your desktop machine. Please be aware that there is a 2GB limit on backup to desktop. if you are planning to do a restore. use backup to workstation to perform large backups to locally attached USB disks or network shares. To desktop Backup to desktop The first type of backup allows you to save a snapshot of your server configuration onto your desktop computer. When you choose Backup to desktop.Page 57 of 111 You have seven actions you can perform. each of which is described in the following sections. Therefore. as well as the configuration parameters entered using the server console and the server manager.4 Ideally you should restore on a freshly installed server. you should first re-install the SME Server software and then perform the "Restore from backup" when prompted. This will save all user accounts. user directories. CD or DVD 10/18/2010 . Restore from desktop Restore from Desktop was removed in version 7. ensure you have copied the backup file to to an attached USB disk. a browser window will appear that will allow you to name the file and select the location on your desktop where the file will be saved. i-bay contents and web content.

For more details see bugzilla:4850.Page 58 of 111 To Tape Warning: Be aware that you must use a supported tape drive and that a tape must be inserted in the drive for the backup to work.cifs) page comma's should be avoided. you will not be able to restore from tape using the server manager. If you have not done this.net/man/8/mount. the system will read the files from tape and overwrite any currently existing files. After you press the Perform button. Warning: Note that this restore procedure only restores user data and configuration information. but users have also noticed that leading spaces and exclamation marks should not be used. If you experienced a serious system crash. This is normally the user admin. you should first re-install the SME Server software and then perform a restore from tape. Restore from tape If you are performing regular backups.die. Note: Reminder e-mail messages for tape backups are automatically sent to the e-mail address that is configured to receive administrative notices. 10/18/2010 . To Workstation or USB Drive Backup to workstation provides for daily full or incremental backup on LAN workstation (via nfs or cifs) or local usb disk. and full or selective restore with use of dar program. you must have first checked off Enable Tape Backup and scheduled nightly backups. If you wish to activate this option. You must reboot your system after the restore for the changes to take effect. you can also restore user data and configuration settings by using the Restore from tape option.cifs (http://linux. According to the man mount. check the box next to Enable Tape Backup and then specify the time at which you wish the backup to occur and the time at which reminder notices should be sent. Note that in order to restore data from tape. Configure tape backup The second type of backup involves configuring your system to perform a daily full system backup to a tape drive using a software package called flexbackup . It does not restore system files. Note: When using a CIFS mount you need to be aware of limitations in the characters you can choose in your password. but you can change this in the server manager.

e. The third function is selective restore of any saved file or directory.Page 59 of 111 The main features of backup with dar aside use of session timeout are: Incremental backup. and restore your system at any state it was during this period of time. 10/18/2010 . Not only you can restore a lost file at it's last state. you select the log file that you want to view and press the "View Log File" button. Restore from workstation This option allows you to restore a complete backup. one month. three days. Dar permits to manage selective restore and e-smithbackup with dar panels tries to keep this function as simple as possible to use. you will see the entire log file. And restoring a safe system more than one day old can be needed. Selective restore is not an easy thing to manage by hand. For changes to standard usage and fuller explanations see Backup_with_dar For help with USB Disk preparation see USBDisks Configure workstation backup Configure your backup destination and optoins to suit your situation.g. and providing this in a simple way with panels is useful. This means that you can backup and restore data for the period of time you want : one day.. This should ideally only be performed on a clean install.. View log files This panel allows you to view the system log files on you server. This probably has no utility to do full restore of the system as it was one month ago.. exactly as it was for any of the saved days in your sets. but restoring a file lost by a user two or three weeks ago can be useful. Verify workstation backup This option allows you to verify that the backup was completed successfully. but also say : make restore of the most recent version of the file before this given date. The second function is keeping more than one set of backup (a set is full backup data and all data of next daily incremental backups) with automatic rotation. As shown in the image below. Without any filter options. you can do only nightly full backups but keep three sets of backup for security reason (as being able to restore the system as it was 72h ago). 100 days. You have the option of restricting the file to a date range.. one week. Selective file restore from workstation This option allows you to restore a single file.

there are now a number of reports available that can help you analyze your system's performance. if you were interested in messages relating to DHCP. Be aware that the filter is case-sensitive. If you enter any text in the " Filter Pattern " box.Page 60 of 111 You will probably find the log file of most interest to be messages where most of the system services write log messages. if you pop up the menu. While the default setting provides basic statistics. As an example. you will see a range of other options. 10/18/2010 . If you further add a highlight pattern of DHCPACK. Mail log file analysis If you are using your SME Server to send and receive e-mail. that text will be shown in bold. the messages relating to DHCP acknowledgements will appear in bold. only lines of the log file containing that text will be displayed. Both options can be used together. If you enter any text in the " Highlight Pattern " box. If you suspect that there is a problem with the delivery of your e-mail. you could examine the log file messages with a filter pattern of DHCP. The information can also help you decide how best to optimize your system. This will show you all DHCP-related messages. you can use these reports to see how your system is operating.

Page 61 of 111 Reboot or shutdown If you need to shut down or reboot your server. There is a similar function in the server console as well. using this screen will ensure that the shutdown sequence occurs gracefully. 10/18/2010 . Note that this screen initiates the shutdown or reboot immediately after you click the "Perform" button. preserving all configuration and information on your server.

Additionally. you have the ability to access your computer network securely from a remote computer. Each of these remote access methods is described below. All of these operations are configured from the screen shown below in the server manager.Page 62 of 111 Security Remote Access If you're an advanced user. 10/18/2010 . the SME Server provides several different ways to access the underlying operating system. either from a computer on your internal network or from a computer outside your site on the Internet.

Page 63 of 111 10/18/2010 .

Entering 2 would only allow two users to connect at any given time. Microsoft's PPTP implementation is widely used in the Windows world to provide remote access across the Internet. 10/18/2010 . if you have five users who from time to time use PPTP to connect remotely. a laptop or a home computer) that has access to the Internet. you entered 0. you can also access the information stored on your server. on the other hand. if you have a slow connection to the Internet and do not want all of those PPTP clients to connect at the same time. If a third user tried to connect. he or she would receive an error message and would not be able to connect until one of the other users disconnected. If you have a remote Windows system (for instance. you can enter a lower number here. Alternatively. If you wish to enable VPN access.Page 64 of 111 PPTP (VPN) The Point-to-Point Tunnelling Protocol (PPTP) is used to create client-to-server Virtual Private Networks (VPNs) and was developed by the PPTP Forum. an industry group which included Microsoft and several other companies. PPTP allows users to connect to their corporate networks across the Internet. A VPN is a private network of computers that uses the public Internet to connect some nodes. no PPTP connections would be allowed. you must decide how many individual PPTP clients you will allow to connect to your server simultaneously. If. The simplest method is to enter the total number of remote PPTP clients in your organization. and enter that number here. entering 5 here would allow all of them to connect at any time. For instance.

and require an inbound VPN connection to support external users. After it is installed (a reboot of your Windows system may be needed). you will need both TCP port 1723 and the GRE protocol to be forwarded.microsoft. 10/18/2010 . If you are unable to establish a PPTP connection to your server.com/ and download the appropriate update. the page may appear differently depending upon the version of Windows you are using. When you then open up your Network Neighborhood window. Forwarding PPTP inbound is frequently unreliable due to the way PPTP works. rather than the 40-bit encryption provided in earlier versions of Microsoft's PPTP software. Not all allow inbound connections. Note that with Microsoft's ActiveUpdate process. if you are not presented with the choice for this update. the increased number of users is not updated until existing users have logged off. The simple. you should see your server workgroup listed there. However most PPTP passthrough routers only allow outbound connections. You may need to install the 40-bit encryption update first. the protocol must be installed on each remote Windows client. To connect using PPTP. For a more detailed description of the PPTP protcol see http://en. Typically. Once you're finished. you will want to look or search for Virtual Private Networking or a Dial Up Networking 128-bit encryption update . and then install the 128-bit encryption update. you can create new connections through the Dial-Up Networking panel by entering the external IP address of the server you wish to connect to. reliable solution is to remove the router and let the SME Server handle the link directly. you should visit http://windowsupdate. Note: After changing the number of pptp clients allowed. it is most likely already installed in your system.org/wiki/Point-topoint_tunneling_protocol Warning: To protect your network. If you are using an external router or gateway to your server. you should be able to initiate a PPTP connection by double-clicking the appropriate icon in the Dial-Up Networking window. this is done through the Network Control Panel (you may need to have your original Windows installation CD available). the SME Server enforces the use of 128-bit encryption for PPTP connections. Note: PPTP uses TCP port 1723 and the Generic Routing Encapsulation (GRE) protocol.wikipedia. Due to the dynamic nature of Microsoft's web site. In most cases.Page 65 of 111 Before the server is ready to accept PPTP connections each user that is to be allowed access is to be granted 'VPN Client Access' in the Users panel of the /server-manager.

Many people do not realize that many programs such as telnet and ftp transmit your password in plain.SSH1 and SSH2 .ssh.255. clients. ■ Allow ssh using standard passwords .Change the port the ssh client connects to the server.com/. encrypted way to login to a remote machine across a network or to copy files from a local machine to a server. you should be able to connect to your server simply by launching the ssh client on your remote system and ensuring that it is pointed to the external domain name or IP address for your server. To allow a single computer (or network of computers behind a firewall) add it's IP and the netmask.If you choose Yes (the default).102. The server provides the ssh client programs as well as an ssh server daemon and supports both the SSH1 and SSH2 protocols. you have additional configuration options: ■ Allow administrative command line access over ssh . The user would then have full access to the underlying operating system. visit http://www. In addition to UNIX and Linux systems. you should next be prompted for your user name. you will be in the server console. (See the section below. 223. The ssh protocol was originally invented by SSH Communications Security which sells commercial ssh servers. This can be useful if someone is providing remote support for your system.openssh. Note: 10/18/2010 . we strongly encourage you to use ssh. Once ssh is enabled. ssh and its companion program scp provide a secure way to login or copy files. This may be a concern from a security point of view. included with the SME Server. choose a random free port eg.com/.This allows someone to connect to your server and login as "root" with the administrative password.255.19. unencrypted text across your network or the Internet. After you enter admin and your administrative password. In the default configuration. users will be able to connect to the server using a standard user name and password. The protocol itself has two versions .Page 66 of 111 Remote Management To allow access to the /server-manager from remote networks add allowed IP addresses to the Remote Management section.24 255. A more secure way to allow ssh access is called RSA Authentication and involves the copying of an ssh key from the client to the server. From here you can change the server configuration. 822 This provides some protection from attacks on the usual port of 22. ssh client software is now also available for Windows and Macintosh systems. For more information about OpenSSH. visit http://www. In most cases we recommend setting this to No. and other related products.) If you do not have any reason to allow remote access. in that someone wishing to break into your system could connect to your ssh server and repeatedly enter user names and passwords in an attempt to find a valid combination. For more information about SSH Communications Security and its commercial products. is a free version of the ssh tools and protocol.both of which are supported by most clients and servers today. See the User Manual for details ■ TCP Port for secure shell access .255 SSH If you need to connect directly to your server and login from a remote system belonging to you. If you do enable ssh access. access the server manager through a text browser or perform other server console tasks. SSH (secure shell) provides a secure. we suggest you set this to No access. OpenSSH.

For example. However. Telnet Telnet has traditionally been one of the tools used to login remotely to other systems across a network or the Internet. FTP user account access: Private FTP access allows only people on your internal network to write files to your server. The setting you choose here will override all other FTP settings on your server . Note that the client is free for evaluation. you provided it with sufficient information to deduce its own local network. Two different lists of known clients can be found online at http://www. ■ SSH clients A number of different free software programs provide ssh clients for use in a Windows.org/. you will be asked to enter those network IDs and the subnet mask for each network here.html and http://www. dramatically reducing the security of your server. Because ssh usage has increased to an acceptable level. FTP access limits: This allows you to set an overall site-wide policy for FTP access. or "file transfer protocol".com/windows. If your company only has one network that is being serviced by the server. Public FTP access allows users both inside and outside your local network to read or write files on your server. Several are extensions of existing telnet programs that include ssh functionality. FTP Another way to upload or download files to and from your server is to enable a protocol called FTP. If. You have two options that you can set here.Page 67 of 111 By default. only machines connected to the local network can access the mail server on your server to send mail. Note that one of the choices here allows you to completely disable any use of FTP. For example.html. Note that allowing liberal FTP access to your server does reduce your security. such access will be forbidden. This screen enables you to set your policy for FTP.com/products/ssh/download. Some advanced users may wish to extend privileges to more than one network of computers. only two user names can be used to login remotely to the server: admin (to access the server console) and root (to use the Linux shell). for example. A commercial ssh client is available from SSH Communications Security at: http://www.freessh. Macintosh or Linux environment. provided they have an account and password. you want to be able to update your web site from home using FTP. you would choose the "Public" setting. If you would like your server to identify one or more additional networks for those privileges. If you give another user the ability to login remotely to the server. Regular users are not permitted to login to the server itself. When you configured your server. Machines on the network are automatically identified by the server as being eligible for these privileges and access. telnet access has been removed from the SME Server Local networks Your SME Server provides services to machines on the local network and it gives machines on that network special privileges and access. all user names and passwords are transmitted without any kind of encryption. if you choose "Disable public FTP access" here and then later configure an i-bay to allow public FTP access from the Internet.ssh. you do not need to add any information here. 10/18/2010 .openssh. academic and certain non-commercial uses. We strongly recommend you leave this as Private unless you have a specific reason to do so. you will need to access the underlying Linux operating system and manually change the user's shell. when you use telnet.

the instructions for configuring the client machines on that additional network may be different than the instructions outlined in the chapter in this user guide. 10/18/2010 .org and visit the forums.Page 68 of 111 Note: Depending on the architecture of your network infrastructure. If you have questions regarding adding another network. you may wish to contact Contribs. Port forwarding Your SME Server provides the ability to forward its ports to other machines.

If you wish to use an alternate SMTP server. 10/18/2010 . The server's HTTP proxy works to reduce overall uplink usage by caching recently-visited pages. and this server is your gateway to it. Proxy settings Your SME Server has a transparent HTTP and SMTP proxy. or without fully understanding the implications of your actions. It is transparent to web browsers using this server as their gateway. Doing so will permit incoming traffic to directly access a private host on your LAN. Do not use this feature lightly. disable this proxy. Warning: Misuse of this feature can seriously compromise the security of your network. The server's transparent SMTP proxy works to reduce virus traffic from infected client hosts by forcing all outgoing SMTP traffic through this server.Page 69 of 111 You can use the panel shown above to modify your firewall rules so as to open a specific port (or range of ports) on this server and forward it to another port on another host.

10/18/2010 . you can use "http://www/" to view your starter web site. since it will overwrite your index. This will create a basic home page that you can visit by entering your domain name for your site. you should not use this section.xxx. there is typically a delay of one or more days before your ISP publishes your domain address records. http://www.htm file. On your local network. If you do not have a customized web site and wish to create your starter home page. Note that.yourdomain. simply fill out the appropriate fields. in your web browser.Page 70 of 111 Miscellaneous Support and licensing This Panel displays a copy of the license under which SME Server is released. Create Starter Web Site If you already have a customized web site. as previously explained.

Page 71 of 111 10/18/2010 .

Online manual In the top right corner of the server-manager there is a 'Question mark' This is a link that will list the online Doumentation Available. The html directory for your web site can be accessed using Windows file sharing. Note: These links are under development and may not be ready yet. Ensure you are logged onto your network using the admin name and password and then use file sharing to go to the server. you can replace or revise your starter web page by replacing or revising the files in the html directory on your server.bat file). Other Administration Notes Accessing administrative areas of your server via Windows file sharing: To access administrative areas of your server using Windows file sharing. the 10/18/2010 . you must be logged into your network as "admin" with the server system password. Select the "primary" share and then select the "html" directory.Page 72 of 111 At any point in the future. Note that you must be connected to the Internet to read the online user guide. This applies particularly to the NETLOGON share (where you e netlogon.

(including standard time zones. There are worldwide time zones with multiple selections for countries with multiple time zones. This ensures that regional variations in time zones and daylight savings time are accurately reflected. Set date and time Accessing this section allows you to set the system date and time either manually or using a network time server. Pull-down menus for month and time zone ensure accurate entry.Page 73 of 111 Primary share (where the main web site is stored) and any i-bays that are writable only by the user admin. The server manager will reset the time automatically during daylight savings time. <math>Insert formula here</math> Configuration Software Installer Panel The Software installer Panel allows you to configure and install updates to SME Server. You can install additional software from enabled repositories by setting 'Manage individual packages' to enabled. 10/18/2010 . states/provinces and even cities).

add the domain name or IP address of the time server in the space provided and click "Save NTP Settings". This screen in the server manager allows you to configure your server to connect regularly to a time server and synchronize the clock on the server with the time provided by the time server.ntp.org Tip: 10/18/2010 . visit http://www. If you do so.Page 74 of 111 Instead of setting the time manually. For more information about using or becoming a network time server. the network time synchronization will no longer function. Using a time server is optional but doing so can greatly increase the accuracy of your system. Many organizations around the world provide Internet time servers for free. you can use a network time server. you should NOT set the time or date manually.pool. simply check the box for "Enable NTP Service". Warning: After you start using a network time server. To do this. A time server is a device on the Internet that keeps accurate time and is able to communicate the time to other computers over the Internet using the Network Time Protocol (NTP) .

This screen allows you to enter the name of the Windows workgroup the server should appear in. Also in this section. you can specify whether the server should be the domain master for your Windows workgroup. Workgroup If you are using a computer on a local network and you wish to access the server via Windows file sharing. Most sites should choose "Yes" unless you are adding an server to an existing network which already has a domain master. After doing that. Warning: 10/18/2010 .Page 75 of 111 In order to make sure the network time server is set to your timezone. In order that you may later connect multiple locations using IPSEC VPNs. If you wish you can change the workgroup name to correspond with an existing workgroup. You should also enter the Windows server name. we suggest that you use a different name for each server. it is important that you are logged onto the same workgroup as your SME Server. you should go through this screen once and manually set the time to be correct and with the correct timezone. go back to this panel and set the server to use a network time server. Macintosh users need only enter a server name or accept the defaults.

Page 76 of 111 If you have a Windows NT server or Windows 2000 server on your network that is functioning as a network server. you will need to connect to the share or map a drive to it. but advanced users can. if they wish. As the "admin" user. Directory Your SME Server provides an easy mechanism for creating a company directory.bat file we provide by default does very little. Be aware that the NETLOGON share will not be visible in Network Neighborhood or other similar tools.bat. your directory will be automatically updated with the new information. 10/18/2010 . you should most likely answer "no" because that other server will act as the domain master. As the NETLOGON share is only writable by the "admin" user. The netlogon. connecting to the share and then modifying the script using a Windows text editor. by using the specific path: \\ servername \NETLOGON\ The sample file contains a few examples of setting the system time for each machine and also for mapping a common drive for all Windows client. you modify the netlogon. Each time you create or delete an e-mail account. This batch file is executed by Windows clients that have been configured to "Logon to domain".bat script by logging on to a Windows system as "admin". modify this script to set environment variables for their clients or provide automatic drive mappings. If you do configure your system to be the domain master. a special Windows share called NETLOGON is created with a DOS batch file called netlogon.

unless you have some reason to do otherwise. company. with no spaces).) 10/18/2010 . Each time you create an e-mail account. you can change the information for each user.the user's department. the fields will contain the information entered here as the default. Enter that information where requested. city and phone number. you will see an additional screen that will ask for the hostname or IP address and the network printer name. If you wish. The printer can be either locally attached to a parallel or USB port on your server or can be a network printer. you can use the default setting. you specify the default directory information for new accounts . street address. raw. "the printer down the hall") and the location of the printer . for example. If you choose "Network printer". At any time in the future. For the network printer name. you can change the default information and have the new information apply to all new users or to all existing users as well. (raw is the name used by most network printers for their main print queues. as long as it starts with a lower-case letter and consists only of lower-case letters and numbers.whether it's on the network or directly connected to your server through a parallel or USB port. Choosing "update with new defaults" is a convenient one-click method of revising your directory when. your company has moved to a new address. All the server needs is some basic information: the printer name (which can be anything you want. Printers Your SME Server enables all users on your network to easily share a printer.Page 77 of 111 In this section of the server manager. The field to do this is located near the bottom of the screen. a brief description (for example.

you can visit Red Hat's Hardware Compatibility List (http://hardware. These printers cannot be used on the server. this screen in the server manager allows you to view these default settings. For this reason. Note also that the server printing system does not perform any filtering and passes the print requests directly from the client computers to the printer in the "raw" or "pass-through" machines. Either the user will have to logout and log back in as a valid user or the tturtle account will need to be created on the server. as well as to control how those names resolve both for systems on your local network and also for systems on the larger Internet.xxx". This host table is consulted as part of the name resolution process. Hostnames and addresses When you installed your SME Server. As a final item. you should be aware that in order to use the printers available through your server a user must be logged in to their client system with a user name and password that is valid on the server. they will be taken to wherever "www" has been set to point to. Note that many modern network printers can be configured automatically. IP address and Ethernet address in the Hostnames and addresses panel. As seen in the image below. For instance.redhat.Page 78 of 111 Note: For maximum flexibility in making changes later. when someone tries to connect to "www. However. That name and several other "standard" names are automatically configured in your system's host table during the installation process. If you are concerned about whether your printer will work with your server. the SME Server does not have a list of "supported printers".org. The "Hostnames and address" web panel allows you to modify this table and specify different host "names" for each domain on your system. Most printers are supported as long as the appropriate driver is installed in the operating system on your client computers. For instance. the user will not be able to print to the printers managed by the server.mycompany. enter their hostname.com/hcl/) or explore the information found at LinuxPrinting. if a user is logged in as tturtle on their Windows desktop and that user account does not exist on the server. there are some newer printers that only have a Windows driver available and rely heavily on that operating system to perform their print functions. you were asked to provide a name for your system. This allows you to have one central location listing IP addresses and allowing you to make changes. we suggest that you enter the hostname for a network printer here and enter the IP address of the printer through the Hostnames and addresses panel of the server manager. and also to modify the configuration. To do so. 10/18/2010 .

Suppose. such as on your ISP's web servers.. for example. your company's web site was hosted at some other location." link next to "www".xxx" to point to your ISP's server.Page 79 of 111 Using the Hostnames Panel Throughout the screens linked to from the Hostnames panel. you will find the text "Publish globally?" with a checkbox next to it. The image below shows the screen in which you would perform the task: 10/18/2010 . you would modify the entry here by clicking the "Modify.mycompany.. If you wanted "www.

just type in 10/18/2010 . Note that if your system is configured with any virtual domains. you will have the choice of the domain in which you want to create the hostname. and enter the remote IP address. All you do here is enter the hostname and. In the form. Creating New Hostnames Creating new hostnames simply involves selecting one of the links at the top of the Hostnames and addresses panel and filling out the appropriate fields.xxx" to point to your server. you can create a hostname in a domain that points to another computer on your local network. for instance. you might want to point a hostname such as "www" to a remote system. While "www" is created by default. This allows you. you simply enter the hostname. you can create other names such as "home". At a basic level. Local hosts: This screen is a bit more complicated because you have more options.mycompany. choose the domain for the hostname.com" pointing to one IP address and "www.mycompany. Remote hosts: As mentioned in the example earlier. you might want to set up "intranet. To do this. "research". The hostnames you can create on this panel fall into three categories: Additional names for your server: For instance. choose the domain. or any other appropriate name. to have "www.xxx" pointing to a completely separate IP address.Page 80 of 111 You would first change the location to "Remote" and then enter the IP address of your ISP's server in the field marked "Global IP".tofu-dog. if appropriate.

Note: The "Ethernet address" field when creating a hostname pointing to a local host is only used for reserving IP addresses through DHCP as mentioned in the next section. click on the link to create a new hostname for a local host. An example would be if one of your DNS servers changed its IP address. you might have another intranet web server within your company that you want to always have the same IP address. you have to keep track somewhere of the fact that you have assigned a specific IP address to that machine.mycompany. Where this gets complicated is when you want "research. The challenge is that your local IP addresses are only accessible inside your network. One method of assigning that address is to manually configure the client machine to have a static IP address. For instance. the Ethernet address along with the desired IP address into the web panel. Rather than configuring the machine manually. Additionally. you can reserve an IP address from the DHCP server for that specific machine. Add the hostname of the target system. you have one location to keep track of all assigned static address. through the DHCP server you will provide network settings. Windows NT/2000 users can type the command ipconfig /all . Reserving IP Addresses Through DHCP Another task you can perform through this panel is to reserve an IP address for a given system based on its Ethernet address. If you wish to change those settings.xxx" to be accessible both inside and outside your local network. Windows 95/98 users can run the command winipcfg . you must first determine the Ethernet address of your client system. First. To reserve an IP address. Linux/UNIX users can type ifconfig. you might want "research" to point to a computer system inside your network. You would then enter both IP addresses in this screen in the "Local IP" and "Global IP" fields. This has the same result as manually configuring a static IP address. you must manually go and configure that machine. 10/18/2010 . For instance. For that reason. the change can be simply done on your server. your SME Server will be able to receive e-mail and host a web site for that domain. The negative aspect of doing this is that if you later want to change the network settings for that machine. Second. All DHCP clients will then receive those updated changes when they renew their DHCPprovided addresses. the target computer system will need to have two network interface cards . but offers two benefits. From this point on specified IP address will only be provided to a client system with the matching Ethernet address.one connected to the internal network and one connected to the external network. Once you have determined the client's Ethernet address.Page 81 of 111 the hostname and enter the IP address in the "Local IP" field. Domains When you create a domain using this section of the server manager.

Note: When you are entering the name for the domain. In most cases the DNS for the server is not handled by the server but by some Internet DNS servers. You then tell the server where to find the content for that domain .com". So. This is the full name of the domain. including any extensions like ".domainname. You cannot point a domain to a subdirectory that you simply create inside of the primary web site file area. the default is to pass DNS requests for anything but the primary domain to the Internet DNS servers.tofu-bird. but without any prefixes like "www" or "ftp". For instance. Public DNS Records Once you have created a domain. but not by entering "tofu-bird" or "www.com". Clicking the arrow in the "Content" field will show you a list of your current i-bays and allow you to make a selection.it can be the same as your primary web site. you should supply the fully-qualified domain name . You need to use an i-bay instead.com". This feature allows you to host multiple web sites from a single server. Be aware that you can point the domain to either the primary web site or to one of the ibays . fill in the domain name and a description of the site. your server will be automatically configured to answer to web requests for www. 10/18/2010 . you can create a virtual domain by entering "tofu-bird. or you can create a new set of web pages and store them in one of your i-bays.xxx and will accept e-mail for your virtual domain as well.Page 82 of 111 To create a domain.

Page 83 of 111 The primary domain is resolved locally as we generate (fairly) complete DNS records for that domain. There is a comprehensive email howto with alternative and advanced suggestions. You need to be careful here as the external world view will not match the internal world view. In order for users on the Internet to successfully connect to your machine using the domain. See Appendix B.contribs. but the dns cache will forward them to the chosen DNS servers. you w need to work with your ISP or whoever controls the DNS entries for your domain to have the appropriat DNS entries pointed to the IP address of your server. why duplicate the work to enter it locally? Note that in all cases the server will act as a DNS cache/proxy/forwarder and so all domains will actually _technically_ be "resolve locally". E-mail As shown below._ for more information. 10/18/2010 . there is one more step that occur. The new settings are there to allow for various configurations: ■ Simple setup where the SME Server is a gateway. This is a conscious decision to run a splithorizon/internal fake root where the Internet and Intranet have different DNS records. but DNS is handled by Internet DNS servers ■ Moderately complex setup where the SME Server DNS should take preference over the Internet DNS records. the only DNS records seen will be the ones entered on the SME Server. Warning: While the server is prepared to offer web and e-mail services for this domain. However. That's why it is not the default. ■ Complex setup where some domains are handled by internal/corporate DNS servers and we want to choose those in preference to the Internet DNS servers. If you set a domain to "Resolve locally". DNS (http://wiki. since you need to set up the Internet DNS servers with the correct information anyway. For instance.org/SME_Server:Documentation:Administration_Manual:Appendix#Appendix_B. your ISP will need to configure an M record for the domain in order for you to receive inbound e-mail to that domain. including all local hostnames. this section of the server manager allows you to specify the protocol used to retrieve e-mail from your ISP and configure other settings regarding the retrieval of e-mail.

Page 84 of 111 10/18/2010 .

Note: Even with POP and IMAP configured for public access. use webmail to read and send their mail. Users who are travelling should either: a. The latter allows access from anywhere on the Internet. users outside your local network are not able to send e-mail using your server as their SMTP host. 10/18/2010 . use the STMP server of their local ISP. or a. use PPTP to connect to your internal network.Page 85 of 111 E-mail Access ■ POP and IMAP server access: The options are "Private" and "Secure Public". ■ Enable/Disable Webmail: With this option you can enable or disable the webmail component of your server. More information can be found in the Chapter on Webmail. Allowing this would open your server to abuse by spammers as a mail relay. The former allows access only from your local network. a.

Page 86 of 111 E-mail Filtering Extra types of email attachments can be blocked with the instructions at Virus_blocking_tutorial 10/18/2010 .

This secondary mail server will provide temporary e-mail storage when your server is not connected to the Internet. ■ If you arranged "multidrop" mail service from your ISP.Page 87 of 111 E-mail Retrieval Your choice of e-mail retrieval mode will depend on the arrangements you made with your Internet service provider: ■ If you have a dedicated connection. set E-mail retrieval mode to "Standard". you will need to specify the user account and password assigned by your ISP for this POP 10/18/2010 . Further down the screen. ■ If you arranged "ETRN" support with your ISP. This secondary mail server will receive all e-mail for your domain and store it in a single POP mailbox. choose that setting and then scroll down to the field that asks for the IP address or hostname of your ISP's secondary mail server. choose "multidrop" and then scroll down to the field that asks for the IP address or hostname of your ISP's secondary mail server.

Page 88 of 111 mailbox. Your server will periodically fetch this mail and distribute it to individual POP mailboxes on the server. (Note that due to problems receiving mail for mailing lists, we strongly encourage people to NOT use multi-drop e-mail.) If you want to forward e-mail to another mail server for processing, enter the mail server IP address in the box marked Delegate mail server . A common use for this is if your server is receiving inbound e-mail from the Internet, but you would like to pass that mail to a different mail server on your internal network. Note: Delegate mail server implies that all mail which is accepted is passed on to the delegate mail server (IOW, that other guy is the mail server, I'm not, so I expect him to do everything, eg spam filtering) If you intend to have an external mail server handle mail for your domain, just send the mail directly to that mail server, via the MX record for your domain. If you have a dialup connection, the server allows you to control how frequently it fetches e-mail from your ISP. This is particularly useful in situations where you incur phone or Internet charges each time your system contacts your ISP. The default settings are every 15 minutes during standard office hours and every hour outside normal office hours on weekdays or on weekends. The fields allow you to customize those settings. Finally, if you have "multidrop" mail service you need to select the sort method used by the server to decide which user each message should be delivered to. Your server has a default method for this (it examines various headers such as "To" and "Resent-To") which works in most circumstances but is not suitable for certain purposes such as mailing list messages. Some ISPs add a header to each e-mail message which can help your server determine the correct recipient. If your ISP does not add a header to multidrop e-mail, select the "Default" sort method and ignore the "select sort header" field. If your ISP does add a header to multidrop e-mail, then select "Specify below" and enter the header tag provided by your ISP. Because you will experience problems with mailing-lists when using multi-drop e-mail, we strongly recommend that you work with your ISP to have a special header added to each message. The "Default" sort method should be only used as a last resort.
E-mail Delivery

This screen presents you with additional options for controlling how your system handles e-mail.

10/18/2010

Page 89 of 111

■ Forwarding address for administrative notices: The default address for administrative notices (i.e. undeliverable mail, backup notifications and other status/error messages) is "admin". If you'd like those messages to be sent elsewhere, enter the address here. Note, This option has been moved to the Collaboration > User panel.

Note: Be aware that all messages sent to postmaster, root or mailer-daemon at your domain are sent to either admin or the address that you enter in this field.

■ E-mail to unknown users: This field allows you to choose whether incoming messages to unknown users are bounced back to the sender or forwarded to the system administrator. Some users prefer the latter setting because it allows them to catch and reroute e-mail that was incorrectly addressed.

Note: If you choose to have messages forwarded to the system administrator, they will be sent to either "admin" or the e-mail address specified in the forwarding address field mentioned above.

10/18/2010

Page 90 of 111 ■ Internet provider's SMTP server: Normally the server will send outgoing messages directly to their intended destination. If, however, you have an unreliable connection or are using a residential Internet service, it may be advisable to route e-mail via your provider's SMTP server. In that case, you should enter the SMTP server's hostname or IP address here. In fact, if you have a temporary dial-up connection to the Internet, you may find that you need to use your ISP's mail server in order to deliver mail to some locations. As a reaction to the huge volume of unsolicited commercial e-mail ("spam"), many Internet sites are refusing direct SMTP connections from IP addresses that are known to be temporary dial-up accounts. For this reason, you may need to use your ISP's mail server since it will have a permanent connection to the Internet. Review Configuration This section of the server manager summarizes how your server is configured. This is the data that you entered during the installation process and possibly changed later through the server console or the server manager. As you can see from the screen below, this is essentially a report that you can print out for your records. You do not have the ability to make changes from this screen.

10/18/2010

Page 91 of 111 Information Bays (i-bays) Information bays. users who connect to the i-bay via FTP or HTTP will be prompted to supply that particular i-bay's username and password. Similarly. i-bays are a powerful. ■ password protection: the administrator can specify whether a password is required to access an i-bay from the Internet and what that password will be. The user name is always the name of the i-bay 10/18/2010 . The network administrator can define several characteristics for each new i-bay they create: ■ write access: the administrator can control access to the i-bay by associating the i-bay with a group. The administrator can specify whether the entire group can write to the i-bay or whether the administrator alone has the power to save files to the i-bay. ■ user access via file-sharing or FTP: The administrator can also control who has the ability to save a file into or modify the contents of the files in the i-bay (write access) and who has the ability to view the contents of the i-bay (read access). Note: If you select Password Required. are a unique feature built into your SME Server. In addition. simple. whether on the local network or on the Internet). All groups previously created in the groups section of the server manager will appear in the drop-down menu under "group" in this section. the administrator can control whether group members only can read the contents of the i-bay or whether the contents can be read by anyone. two default groups will always appear "administrator" and "everyone" (meaning all users. flexible mechanism for creating distinct information-sharing sites. or i-bays.

users will not be able to access the i-bay until the administrator sets the password.Page 92 of 111 and the password is whatever the administrator assigns to that i-bay . Finally. The i-bay name should also start with a lower-case letter. the name of each i-bay and a description of its contents. while 3associates. It can be used for such things as a company download site. When someone connects to the i-bay using FTP. the name may be up to 12 characters long *4 and may contain only lowercase letters. Note that you can have as many subdirectories as you wish underneath either html or files but you cannot create additional directories at the top level of the i-bay. In this section. #4This 12-character restriction ensures that the i-bay can be shared correctly to all Windows machines. i-bay accounts are locked out by default. In other words. This can be very powerful and useful. they will see the files in this directory. if the i-bay requires a password. Generally. or a document sharing site for a specific customer. The files directory is for all files that you want people to access through FTP or regular file sharing. users connecting to the i-bay through Windows or Macintosh file sharing will see only the contents of the files directory. However. a company-wide file sharing server. you can delete an i-bay (which will delete all contents of the i-bay directory) and. sales and client3. it will display the web page associated with that i-bay. CGI scripts are tools used in advanced web site creation and are not discussed here. ■ html: When an i-bay is accessed using a web browser (via http). files and cgi-bin. If a password is required. files and cgi-bin. Note that. For example. It must be unique. i-bay Directories Each i-bay has three directories . Note: When you create an i-bay. an i-bay cannot use the same name as an existing user or group account. any i-bay that requires a password will appear in red until that password has been changed from "default" (the i-bay for Samson's Farms in the following image is an example of this). images and documents that you would like to be accessible through the web . The "Information bays" section of the server manager shows all current i-bays. if the ibay settings are later changed to allow public access through web or anonymous ftp. The items they were used to seeing before will now be found in the files directory. Each directory is briefly outlined below: ■ cgi-bin: This directory is set aside to hold "CGI scripts" used for that i-bay's web pages.not the individual user's password. each associated with a specific i-bay. johnson. This means you can have different web sites running on your server. 10/18/2010 . numbers.html. Note: If an i-bay is set for no public access via web or anonymous ftp. as with user accounts. the user will enter the html directory and the web browser will automatically open the index file (usually index.prj8 are all valid names. as you will see in the upcoming examples. primary and public. users will then see the top-level directory of the i-bay with the three subdirectories of html. which are in use by the system and cannot be used for an i-bay name. you can think of the html directory as the place to put all files.htm) in that ibay. i-bays are simple to create and manage. you can set it here. Note that there are two special names.html or index. ■ files: This directory holds files that can be accessed either locally only or publicly. John Smith and Bus-Partner are not. periods and underscores. As with your user account directory.

depending on whether or not a password is required: ftp:// ibayname @ftp. Assuming you are entitled to access this i-bay. If the i-bay requires a password. the URL for Samson's Farms i-bay is "www. you will need to enter the i-bay password as well. 10/18/2010 . not the i-bay name. simply navigate to the server over your network browser (in Windows.yourdomain. You can only access an i-bay in this way if you are on the local network. to demonstrate their capabilities. This will be in one of the following forms. you use your FTP client to connect to your server and use the i-bay name as the login id. enter "www. You will now be able to upload files from your FTP client to the appropriate directories. you will need to enter a FTP URL. You will be presented with the form shown in the image below. ■ Note that users accessing the i-bay via FTP in this manner are not able to upload files to the i-bay.com/samfarms". domainname ftp:// ibayname : password @ftp. If you are using a command-line or graphical FTP client. That user account must be a member of the group that has been given write permission for the i-bay (configured on the i-bay screen).Page 93 of 111 Accessing the i-bays You can access the contents of an i-bay using a web browser. For example. They can only download files from the i-bay to their client. you will see the index. ■ accessing an i-bay using a web browser (via http): To view an i-bay using a browser. or FTP. If you are using a web browser. Creating an i-bay No matter how you are going to use an i-bay. ■ accessing an i-bay via the FTP server: To access the i-bay using FTP. we will take a look at some examples of i-bays that have been created by our hypothetical catering and event-planning company.xxx/i-bayname". Windows file sharing / AppleTalk..tofudog.. this would be via "Network Neighborhood") and select the i-bay you want to enter from those appearing. In the next few sections. the process of creating an i-bay starts by clicking on the "Click here" link at the top of the Information Bays panel in the server manager. domainname Warning: Be aware that FTP transmits all passwords in the clear without encryption and can therefore be a security risk. ■ It is possible to upload files using FTP. The Pagan Vegan. but to do so you must login to the server with a valid user name./. we suggest you consider the scp "secure copy" command associated with ssh as an alternative to FTP.html page in the html directory in the Samson's Farms i-bay./ibays/ibayname"). If a password is required to see the contents of the ibay. If you are concerned about security. a password dialog box will appear before the contents of the i-bay are served to the web browser. you will usually be prompted for the login username and password. ■ accessing an i-bay via Windows file sharing and ~AppleTalk: To access the i-bay using Windows file sharing or AppleTalk. You would then change to the i-bay directory (using the ftp command "cd .

ftp access for individual ibays will not be allowed. The group ownership plays a role in the next setting for user access. If the i-bay is just to be used by a small group of users. 10/18/2010 . if public access is enabled. If you choose to "Disable public FTP access" there.tofu-dog. ■ Brief description: This text will appear in various administrative screens and can be a useful reminder of the i-bay content. ■ User access: You need to decide who will be able to add and modify content in the i-bay and who will be able to read the content. The i-bay name will be what users will enter in the URL after the hostname to access the i-bay from the web. You also can choose whether or not you wish to require a password. If you want others to be able to access the i-bay via web or anonymous ftp. Note that the ftp access described below can be overridden by the FTP access limits setting on the Remote access panel of the server manager. For instance. you can choose to allow access to just the local network or the wider Internet. you can leave public access set to the default of None .com/intranet/'. ■ Information bay name: This is the short name of the i-bay (subject to the 12-character length restriction mentioned earlier). ■ Group: Ownership of the i-bay content is assigned to an existing group. even though you will appear to be able to enable it from the i-bay configuration screen. an i-bay named 'intranet' can be accessed by the Pagan Vegan staff at 'http://www. ■ Public access: Here you set what type of public access you wish to have for the i-bay.Page 94 of 111 You now need to fill out the form providing the information and making the choices described below.

a few items to be aware of when modifying i-bays: ■ If an i-bay is set for no public access via web or anonymous ftp. users can access the i-bay through their web browser or ftp by using the i-bay name and i-bay password. fill-inthe-blanks process. users connecting to the i-bay through Windows or Macintosh file sharing will see only the contents of the files directory. For instance. Creating each web site is a straightforward. you can easily change the description. all Macintosh users will be disconnected from the i-bay and will need to reconnect. so make sure you have backed up the i-bay data before you remove it. (The good news is that simply changing the public access setting back to "None" will return i-bay file sharing access to its previous configuration. Outside of those concerns. If you wish to change these settings at any later point. public access will not be available until you set the i-bay password from the main information bay panel in the server manager. However. if the ibay settings are later changed to allow public access through web or anonymous ftp. The company finds it reduces the risk of miscommunication and improves its image and reputation. you can modify the i-bay as often as you wish. Modifying an i-bay At any point in time you can modify the attributes of an i-bay (except for its name) by clicking on the " Modify " link next to the i-bay name on the "Information bays" panel of the server manager. There are. 10/18/2010 .) ■ After an i-bay is modified. The items they were used to seeing before will now be found in the files directory. rather than their own user name and password.Page 95 of 111 Note: If you choose one of the modes of Public access via web or anonymous ftp that requires a password. you can click on Modify next to the i-bay name in the information bays panel of the server manager. you will need to remove the i-bay and create it again. (Note that this will delete the contents of the i-bay. Once done filling out the form. and access methods. for security reasons you must first choose enabled here to allow such scripts to be executed. Once you do so.) An i-bay Used as a Customer Site: The Miles Gabriel Art Exposition "The Pagan Vegan" (TPV) has found that customers like having access to a customized web page which summarizes all of the information pertaining to their particular event.html" files in the i-bay's html directory are based on a template that TPV uses for each customer. however. However. All Macintosh users will receive an alert stating that they will be disconnected in 5 minutes. ■ Execution of CGI scripts: If you want to use CGI scripts to add functionality to your web site. users connecting through file sharing will then see the top-level directory of the i-bay with the three subdirectories of html. This may disrupt Windows shortcuts and configuration settings. The ". files and cgi-bin. you can execute those scripts from the cgi-bin directory of your i-bay. click the Create button and the server manager will create your i-bay. group ownership. If you wish to change the actual name of the i-bay.

Page 96 of 111 TPV has chosen a naming convention for i-bays that customers can easily remember .first initial. only the site administrator can save files into this i-bay. a password is required to enter the site.) 10/18/2010 . last name. (TPV created individual passwords and securely provided them to their customers. Because it contains important customer information. To prevent others from accessing the customer's i-bay.

Page 97 of 111 Miles Gabriel has contacted The Pagan Vegan to cater an art exposition. You will see the files located in the files directory and can then open them or copy them to your system. Gabriel has access to a summary of his event information. if the i-bay settings are later changed to allow public access through web or anonymous ftp. users connecting to the i-bay through Windows or Macintosh file sharing will simply see the contents of the files directory. Note: This is only true if the i-bay has been set to allow public access via web or anonymous ftp. All employees can read and write files to this directory. TPV uses an i-bay for a company-wide network drive to hold documents to which all employees should have access. He can check at any time to ensure the arrangements are correct. The i-bay is accessed via Windows file sharing. ~AppleTalk or FTP. The Pagan Vegan has created an ibay specifically for Mr.com/mgabriel . To access using file sharing. Mr. However.tofu-dog. simply access the server over the network (via Network Neighborhood) and open the appropriate i-bay . users will then see 10/18/2010 . Gabriel accesses the site with the URL www. As you can see. For example. Gabriel's account called "mgabriel". at midnight tonight he can access his i-bay to show his spouse the design used for his invitations! An i-bay Used as a Shared Network Drive Having a shared network drive can be very helpful as a way of storing and sharing documents company-wide. If an i-bay is set for no public access via web or anonymous ftp. Mr.

they will then see the list of documents provided there: 10/18/2010 . As an example. they double-click on "E-smith-server" as shown in: They will then see a list of i-bays accessible through Windows file sharing. When they click on one of them called "sharedfiles". files and cgi-bin.Page 98 of 111 the top-level directory of the i-bay with the three subdirectories of html. when the staff of The Pagan Vegan goes into their Network Neighborhood. The items they were used to seeing before will now be found in the files directory. they see the three folders inside of the i-bay: When they go inside of files.

The company has found this to be a good way for employees to express themselves and share information. The Pagan Vegan has several files in this directory for company use. An i-bay Used as an Intranet: The Pagan Vegan "Vegemite" The Pagan Vegan has created an i-bay for its company newsletter / intranet. Providing a centralized location for company documents (such as expense report templates) ensures that everyone always has access to these documents and uses the most up-to-date version. 10/18/2010 .Page 99 of 111 As you can see in this example.

employees are given full access to the contents of the intranet so anyone on staff can revise it. as a result. To access the intranet.com/intranet/filename. the newsletter is very casual. The intranet is. of course. No password is required.tofu-dog. viewable only from the internal network.Page 100 of 111 In keeping with TPV's culture. and. 10/18/2010 .htm. The company has a high degree of trust in its employees. TPV employees use their web browsers to access the URL www. A more typical company might want the intranet to be created by a particular staff member and "checked in" by the administrator (write access "administrator only").

Starting with just a blank document. TPV has created an i-bay for Samson's called "samfarms". The files were created as typical word processing documents. it took only about an hour to create the main page and the other pages that make up this newsletter. saved into ". Samson's and TPV use an i -bay to improve the ordering and delivery process. An i-bay Used to Expedite Processes: Samson's Farms Samson's Organic Farms delivers fresh produce to The Pagan Vegan every week. Anyone on TPV's local network can write to it. 10/18/2010 .html" format and then transferred into the html directory of the "intranet" i-bay using Windows file sharing.Page 101 of 111 This particular newsletter was created using a desktop office application called StarOffice (similar to Microsoft Office). It is accessible to the external Internet but password-protected so that only staff at TPV and Samson's Farms can read it.

the chef reviews his assistant's order (as shown in the image below) using a web browser and makes any last minute adjustments. ■ The chef accesses the samfarms i-bay. 10/18/2010 . ■ The day before delivery. reviews what produce will be available. He saves it in ". ■ The chef's assistant then reviews the menus. The assistant enters TPV's order directly onto the order sheet in the samfarms i-bay using an HTML editor. and plans menus.html" format and e-mails it to The Pagan Vegan's administrator. ■ Upon receiving the e-mail. Samson updates his online order sheet to include only produce that will be ripe and ready for the next delivery date.Page 102 of 111 Here's how the process works: ■ Each week. checks against existing inventory and determines what should be ordered. TPV's administrator saves the file directly into the html directory of the "samfarms" i-bay. Mr.

table-setting rentals. Samson's shipping staff accesses the i-bay over the Internet. To accomplish this. Often customers want several days to review it all. TPV has only a limited number of catalogues for loan. catalogues from various vendors for event stationary.Page 103 of 111 ■ On the day of delivery.menu options. they need to review a great deal of information . TPV created a download i-bay. so it decided to provide customers with access to this information online. 10/18/2010 . and fills it. where customers can download the catalogue files themselves and view the contents on their desktop machines. prints out TPV's order from the samfarms i-bay. etc. called "menus". An i-bay Used as Your Customer Download Site When customers hire The Pagan Vegan to plan events.

Page 104 of 111 TPV set the i-bay for Administrator-only write access. viewable over the entire Internet.tofu-dog. with no password required. A customer accesses the site using the FTP client in their web browser to login as the i-bay user name by entering the URL ftp://menus@ftp.com . This is what the customer sees: 10/18/2010 .

are suitable for larger networks. Introduction to the Ethernet Local Area Network (LAN) A local area network (LAN) is the system of wires and other hardware that connects the computers within your office and allows them to communicate with one another. procure and install the appropriate ethernet adapters.) reach the appropriate computers on your network. Each computer on your network is connected to the hub using an ethernet network cable. it only requires one ethernet adapter. An server with a dedicated Internet connection requires two ethernet adapters. and cannot be used as a public DNS server for anyone outside your location. you MUST: ■ Register your domain name with a Registrar ■ Configure your host names on a publicly accessible DNS Server Note: you can avoid 'Registering' your domain name if you use #Dynamic DNS Services Imagine the following scenario: Root_DNS | Registrar | / DNS Server | / / Other_DNS | | / / Internet---Other_ISP---Remote_User | 10/18/2010 . by design. Allowing a third party. A router ensures that Internet data packets (e. and provide a good way to upgrade your network gradually. Switching 10/100 MB hubs can operate at either speed. a common component of an ethernet. Different hubs operate at different speeds: slower hubs. faster hubs. hub and cables. e-mail. SME Manual Appendix The following Appendix pages are included for your information. A browser window allows the customer to select a destination directory for the file on his or her local hard drive. DNS DNS or the Domain Name Service is a distributed system of servers designed to translate human-readable names into computer routable IP addresses. An ethernet LAN is the most common type. also called an ethernet card or network interface card (NIC). Appendix B. such as a systems integrator or networking company. the full name of the file appears.g. the customer simply clicks on the file name. web page information. An ethernet adapter. The hub. DNS Basics SME. operating at 10 MB/sec. Appendix A. etc. operating at 100 MB/sec. To download a particular file. Routing is one of the functions performed by the server in server and gateway mode.Page 105 of 111 When the cursor is placed over a file name. are suitable for small networks. It can help you select. Ethernet refers both to a kind of connection and to a protocol for how Internet data packets travel around your network. connects each computer to the ethernet LAN. There are also various how-to guides available in bookstores if you are committed to installing it on your own. If your server connects to your ISP using a modem or ISDN adapter. serves as a point of interface between computers on the network. to install your ethernet can be a good idea. one connects it to your LAN and the other connects it to the external network that leads to your ISP. If you want your SME server to be available to users outside your office using a name instead of your IP address. does not respond to DNS queries from outside your local network.

com' asks the Registrar for the DNS_Server that will answer queries about 'mysmeserver..c. Other_DNS server then ■ ■ ■ ■ asks the Root_DNS servers for the Registrar in charge of 'mysmeserver. his DNS server ■ asks the Root_DNS servers where d.com (assuming a default SME installation with DHCP and therefore DNS provided by the SME server): ■ If mysmeserver.a.b. Some ISP's provide DNS hosting but not Registration as part of the connectivity package. ■ If mysmeserver.arpa'.b. ■ asks the Registrar where to get more info about d. Some Registrars provide DNS hosting as part of the registration.arpa is registered. find out if your Registrar provides DNS hosting services. if you think about it).d).inaddr. Sometimes you will need 3 separate vendors for these separate services.com.in-addr.com is configured to use Internet DNS Servers. and if so. This is probably but not necessarily Your_ISPs_DNS. for you to host a public web server at your own location you need: ■ An ISP to provide connectivity ■ A DNS Registrar where you can 'register' your domain name and publish the addresses of your DNS servers.b. ■ A DNS service provider who will respond to queries about your domain Some ISP's provide registration and DNS hosting capabilities as part of the connectivity package.c. They'll provide you with a web address where you can configure your DNS.b.in-addr. 10/18/2010 . If Local_User tries to open http://mysmeserver. it checks the local cache first. his computer asks Other_DNS how to find 'mysmeserver.. If.com is configured for Local resolution.a.d ■ SME has domain name mysmeserver. Basically.com' saves the answer in its local cache for the amount of time specified by the administrator of the DNS record at DNS_Server.c.b. on the other hand. ■ asks the host indicated by the Registrar (probably Your_ISPs_DNS) what name belongs to 'd. the SME proceeds just as the first example from Root_DNS to Registrar to DNS_Server to local cache (actually.) So.c. the SME server returns the data that has been configured locally. If you have already registered your domain name. how to configure them. The return value is almost always a generic filler based on your IP address unless you contact your ISP and ask them to change the PTR data for your IP address.com'.arpa. Remote_User asks for information about your IP address (a.com' asks the DNS_Server for the IP address of 'mysmeserver. PTR records are managed by the organization that controls the IP address (which makes sense.Page 106 of 111 Your_ISP---Your_ISPs_DNS | SME | Local_User Let's assume that ■ SME has IP Address a.c.a.com ■ Remote_User is configured to use Other_DNS for DNS lookups If Remote_User tries to browse to http://mysmeserver.

A DNS lookup for a PTR record looks just like a DNS lookup for a domain name at this point . you'll need to find a 3rd party vendor to do this.mycity. the PTR record for a.Root_DNS.b. The SPF entries are added to your external DNS records. Many receiving mail servers now require sending mail servers to have properly configured SPF records for the domain(s) being sent from. If neither your Registrar nor your ISP provides DNS hosting.in-addr. Ask them. itself is looked up. For example. PTR records are constructed by reversing your IP address and appending the special suffix 'in-addr. except that the return value will be a host name instead of an IP address. PTR Records PTR Records (or Pointer records.com then before trying to send email directly from your SME to the Internet at large you want to make sure that nslookup dsl-a-b-c-d. your ISP might. or Reverse DNS records) are used by internet hosts to convert an IP address into a name . The PTR record for your SME Server only becomes important if you plan to deliver email directly from your SME to recipient email servers (without using your ISP's mail server as a relay). but it has to work both ways.Page 107 of 111 If they do NOT provide DNS hosting services. 10/18/2010 . http://www.arpa.a.arpa (the reverse lookup for your IP) returns dsl-a-b-cd.myispsname.openspf.a.microsoft. if the nslookup d. It doesn't necessarily need to match your configured domain name.com/mscorp/safety/content/technologies/senderid/wizard/default.c. Failure to have SPF records can result in mail being rejected by mail servers eg Hotmail servers will reject mail that comes from mail servers without SPF records. Look for tech support pages for the provider. it's where you start the process going for Hotmail if you still have problems after having configured SPF records. They are not configured on the sme server. PTR records are only rarely used for their original purpose of verifying the identity of a particular computer this is now done with SSL certificates and Trust Authorities. With very few exceptions all PTR records are registered to the ISP that controls the IP block in question.b. configure your DNS on their servers. SPF Records SPF (Sender Policy Framework) records are added to the DNS zone record for domain names. See http://www. so frequently the ONLY way to change your PTR records is to contact your ISP and request that they be changed.in-addr.aspx Different providers have different mail acceptance policies. Some email providers will not accept your email if the name returned by the 'reverse lookup' of your IP address does not in its turn result in your IP address when it. See #DNS_Service_Providers below. If so.b.c.d is d. Registrar.c. try to find a Registrar who provides free DNS services. DNS_Server.myispsname. sometimes for identity verification.d and not an error or some other address.sometimes for information only. If you have not yet registered your domain name. Here is additional information re getting your mail through to Hotmail servers.b.c. For example. then edit the Registrar page to point to the DNS servers indicated by your ISP.arpa'.com returns your a.mycity.org/ Here is a test site at Microsoft/Hotmail where you can check if SPF records are configured for your domain.

0. Contribs.html Dynamic DNS Services If your IP address is assigned dynamically. During these times. of which two are free services and two are commercial services: yi.contribs.php/topic.php/topic.40009. For this reason. we accept no liability for any breach of service on their part.org/index.php/topic. However. we have preprogrammed the server to work with these services (including pre-installing their client software). A dynamic DNS service can be a great solution when used with a dedicated connection.) Note: Dynamic DNS services are not perfect. If your IP address is assigned dynamically and you intend to receive all your e-mail directly (rather than having it stored at an ISP and retrieving it via POP or IMAP).org has tested the functionality of these services with our software. you should implement multidrop e-mail as your e-mail solution as this will ensure that no e-mail is misdirected to another IP address (See Some important notes on Service list D (multidrop mail) in|Chapter 3.contribs. would require some customized configuration on your part. tzo. and your web site and other services would be unavailable for several days until the change was processed. You can easily enable the usage of a dynamic DNS service by selecting it on your server console.0.org/index. This means that the risk of misdirected information is much greater with a dialup connection. but you decide not to use a dynamic DNS service. A dynamic DNS service provides you with an automated way to notify them whenever your IP address changes so that they can immediately publish new DNS records for your domain.org has tested four dynamic DNS services. there is a delay in informing the dynamic DNS service of the change. With a typical dialup connection.html http://forums.org/index.html http://forums.html http://forums. In pre-configuring the server for this particular service.0.contribs.com (commercial) and dyndns. your IP address changes much more frequently (possibly every time your server connects) and. If you have arranged dynamic IP address assignment from your ISP and you wish to use one of these services.34664.msn. however. you would have to contact your ISP to have them change your DNS records.42373.contribs. For simplicity.html http://forums. we in no way interfere with nor prevent you from using another dynamic DNS service if you wish. your e-mail may be undeliverable.com/eform.php/topic.org (free). we recommend and support the use of dynamic DNS services only for dedicated connections.0. Contribs.contribs. They merely point hostnames to IP addresses. you may find it helpful to use a dynamic DNS service. dyndns.live.Page 108 of 111 http://postmaster.org/index.org/index.com (commercial).21631.php/topic. Without dynamic DNS.com/ Here's where you submit your (detailed) request to Hotmail https://support.org (free). To do so. If your system receives an IP address via DHCP or PPPoE. and enable that particular function in the server console. because the server only connects intermittently.aspx?productKey=edfsmsbl&ct=eformts&scrx=1 References: http://forums. it will automatically update the dynamic DNS service 10/18/2010 . A failure on the part of your dynamic DNS service can result in your network becoming temporarily unreachable from the Internet.0. all you need to do is visit the appropriate web site to sign up for service.31726.

The SME Server is open source software. ■ Dynamic DNS client included in SME 7.dyndns. rather than over the Internet.yi.com $19. This slightly reduces the network performance for the first visitor to that web page. Contribs.or mid-level computer.org http://www. due to the IP masquerading capability of the server. reading from the hard drive of the computer may not be faster than over the Internet. when an employee visits a web page. Networked applications such as web browsers will work perfectly without proxying.org $free ■ EasyDNS http://www. reading from the hard drive will be faster than reading from the Internet.org/ $free ■ dyndns. Using the proxy server can benefit the organization if you have a slow Internet connection and you've installed your server software on a fast computer. we recommend you refer to the manual or contact the vendor for that product.com $free ■ FreeDNS http://freedns. In general.org encourages users to freely share copies of our software. Proxy Servers The server comes with a proxy server called Squid which can proxy the web (HTTP). Appendix D.Page 109 of 111 each time it comes online. the web proxy server will store that web page. but with the server it is optional.dyndns. Subsequent visitors to that web page will read it from your proxy server's hard drive.95USD per year Appendix C. FTP and Gopher protocols. so this benefit only applies if your users tend to visit the same sites repeatedly. For example.zoneedit. There is not much you can do about this. when your server disconnects from the Internet. DNS Service Providers Here is a brief list of vendors who provide DNS service hosting.com http://www. The inclusion of a vendor here does not constitute endorsement by the SME developers.com $$$ (for 'Custom DNS' services) ■ Other providers (dynamic DNS client not included in SME): ■ Zoneedit http://www. but you should be aware of this fact if there is any chance your system will be offline for a long period of time. that a proxy server benefits the second and subsequent visitors to a site but not the first visitor. It also offers no benefit to your organization if employees at your site do not tend to visit the same web pages. Technical Support If you are having difficulty configuring another vendor's hardware or software. allowing other users to access it directly from that hard drive. Proxy servers temporarily store information from the Internet on the hard drive of the server.org $free ■ tzo. we recommend that proxying be disabled in your network applications.afraid.tzo. A proxy server is generally not appropriate if you have a fast Internet connection and you've installed your server software on a lower.com http://www. but can enhance the performance for subsequent visitors. with most dynamic DNS services your server does not indicate that it is offline in any way to the dynamic DNS service. 10/18/2010 . However. Remember.x: ■ yi. though.com $$$ ■ dyndns. In this case. with most dynamic DNS services this other system will now start receiving your e-mail and web page requests until your server comes back online and updates the service with your new IP address. If your system is offline for a period of time. it is possible that someone else will be assigned your IP address by your ISP.easydns. In this case.org http://www. If this occurs. Many gateway systems require the use of proxy servers.

com . can be found on our development web site . and register it.org/. "tofu-dog. lists all the international standards published by ISO and provides a quick reference for looking up the topic of an ISO standard.contribs.org". Digital modem line. If you don't have a domain name. There are also links there to other web sites relating to the server. ETRN ETRN is a command used for dialup solutions in order to retrieve e-mail temporarily stored at your ISP Gateway IP Address A gateway is the device on your network that forwards packets to and from the Internet.com" or "contribs. Domain Name This refers to the unique name attached to your organization on the Internet. your ISP can help you select one. ISO 1. ADSL Asymmetric Digital Subscriber Line. Relevant link: www. Refers to the software and protocols involved in translating domain names to IP addresses. Glossary Below are some useful terms and their definitions. 10/18/2010 .Page 110 of 111 Developers may wish to note that additional documentation. ADSL is a technology to transmit digital information at high bandwidths across existing copper phone lines. Download speeds are typically much faster than upload speeds (hence the term "asymmetric"). The gateway IP address is the IP address for that device. including HOWTO documents and a FAQ.standardsglossary. For example. Your server provides DNS lookup services for your local network.http://wiki. extranets. shared directories and other resources ISDN Integrated Services Digital Network. A mechanism for creating intranets. Single channel ISDN provides speeds of 56K to 64K. Provides higher speeds than K56/V90. International Organization for Standardization. Dual channel ISDN provides speeds of 110K to 128K. Relevant link: www. ensure it is available.ISO Home Page 2.iso. i-bay Information Bay.ISO Standards Glossary. ISO followed by a number is used to identify one of the published ISO standards. These servers do not need to be configured into your server as the DNS server that is provided with your server will correctly resolve all local and Internet names. DNS Domain Name Service. and your ISP typically also provides you with the IP addresses of DNS servers.org .

contribs. or to copy files from a local machine to a server VPN Virtual Private Network (see PPTP) Retrieved from "http://wiki. A file containing a complete release of SME Server that is downloaded and burned to CD. ■ Content is available under GNU Free Documentation License 1.Page 111 of 111 3.2. encrypted way to log in to a remote machine across a network. at 11:43. 10/18/2010 . A secure.org/SME_Server:Documentation:Administration_Manual:Booklet" ■ This page was last modified on 9 May 2008. The CD is then used to install the SME Server Operating System ISP Internet Service Provider LDAP Lightweight Directory Access Protocol PPTP Point-to-Point Tunneling Protocol (see VPN) RAID1 Disk mirroring SCSI Small Computer Systems Interface SME Small and Medium Enterprise SSH Secure shell.

You're Reading a Free Preview

Descarregar
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->