Difference between revisions of "SME Server:Documentation:FAQ"

Languages:

English  • Deutsch  • français  • italiano

Frequently Asked Questions

This Section lists frequently asked questions for SME 7, problems you may have installing SME 7 for the first time, or upgrading to later versions

Related information may also me found in Howto's

post-upgrade and reboot

• When is a post-upgrade and reboot required?

There is no way to tell unless the RPM packager tells you otherwise.

The server manager/yum installer has no way of determining whether any configuration files will change if all are re-expanded or to know which binaries have changed (or use libraries which have now changed) and therefore need to be restarted. The only safe option is to reconfigure and restart everything.

Which repositories should be enabled

You should have the following repositories enabled (blue)

CentOS
CentOS - updates
SME Server - addons
SME Server - OS
SME Server - updates.

DO NOT enable SME Server - updates testing which is considered beta, unless

• it is a TEST server NOT a production server or
• you want to be part of a bug-testing group.

Additionally

• SME Server - test is considered alpha and
• SME Server - dev contains automatically built rpms yet to be sorted

	Warning:
	If upgrading from a system prior to 7.1.1 (7.1 update 1) you need to ensure you have the latest smeserver-support and smeserver-yum prior to applying the rest of the updates. The current situation is that you will pull in updates from centos that may be ahead of the distribution.

Client Computers

• Samba trust relationships lost?

This is a possible bug with an upgrade from SME6. After an upgrade, local workstations cannot log in. If you are experiencing this problem, please have a look at this bug for a fix, and provide followup: [[1]]

• Windows XP Clients - Patch to logon to SME domain

This patch can be used when Windows XP clients won't be able to log on to the SME Server domain. The registry patch is located here: http://servername/server-resources/regedit/winxplogon.reg Double click on the winxplogon.reg file and the settings will be added to the Windows Registry.

• How to disable password caching on Windows 95/98/ME/2000 Clients?

This patch can be used if you don't want Windows clients to remember password for shared folders on SME Server. The registry patch is located here: http://servername/server-resources/regedit/win98pwdcache.reg Just double click on the win98pwdcache.reg file and the settings will be added to the Windows Registry.

Note Although the filename seems to indicate that this patch will only work for Windows 98, but it also works in Windows 95, Windows ME and Windows 2000.

• LDAP Directory Gives Errors on Outlook 2002 or Outlook 2003

In Outlook 2002 or 2003 when someone tries to find a contact using the LDAP server, a message stating that "Unavailable critical extension" and then a second message saying "The search could not be completed. MAPI_E_CALL_FAIL" shows up and nothing shows up from the search. The directory works beautifully in Thunderbird 1.5 as well as Outlook 2000, but not 2002 or 2003. More information can be found here:[[2]] [[3]]

Email settings

POP3

• I want to set my SMESERVER to allow POP3 but it's not an option, I only see POP3S.

The SMESERVER is secure by design. POP3 is viewed as inadequate security and removed as an option from a standard installation to encourage unknowing administrators to select the 'best practice' option -a secure connection with either POP3S or IMAPS.

You can still set your SMESERVER to allow POP3 settings by:

config setprop pop3 access public
signal-event email-update

Real-time Blackhole List (RBL)

• How do I enable RBL's?

RBL's are disabled by default to allow maximum accommodation (your ISP may be on a RBL & you may not know it). You can enable RBL's by:

config setprop qpsmtpd DNSBL enabled RHSBL enabled
signal-event email-update

Spam Filters

• I seem to get more spam from a SERVER-ONLY box compared to a SERVER-GATEWAY box.

Some of the spam filter rules cannot work unless the SMESERVER knows the external IP of the box. If you put a SMESERVER in server-only mode behind other firewalls, it will lose some of the anti-spam rules. For example, the rule that blocks attempts where spammers try "HELO a.b.c.d" where a.b.c.d is your external IP address.

Unfortunately, many admins believe that port-forwarding SMTP provides additional security. It doesn't, it limits the SMESERVER's ability to apply some rules.

Firewall/Port Forwarding,Opening,Blocking

• How do I configure the firewall?

The server manager is the GUI front end for the firewall. The firewall is modified automatically in response to changes you make in the configuration, such as enabling/disabling services, marking them public/private, forwarding ports, etc. If you wish to make changes beyond those provided for by the server manager, you can do so by providing custom templates

• How do I allow public access to a service I've added to SME Server 7?

The procedure has changed and is now much simpler in SME Server 7. For this example the service you have installed is called 'manta' and 'nnn' is the TCP port number that needs to be opened. Watch your capitalization with the command below:

 config set manta service access public status enabled TCPPort nnn

For UDP services, use UDPPort instead of TCPPort. Note that you can also set restrictions with ~AllowHosts and ~DenyHosts:

 config setprop manta ~AllowHosts 1.2.3.4,10.11.12.0/24 
 config setprop manta ~DenyHosts 16.17.18.18
 

Then, to activate, do:

 signal-event remoteaccess-update
 

Web Applications

• chmod 777

Using 777 is always wrong (despite the fact that many howtos recommend it). 0770 is sufficient, as long as www is a member of the group owning the directory, and is safer.

Use chown www /path/to/dir
and preferably put your app in /opt/app not in an ibay

• Wasn't mod_perl installed in previous versions? How do I install it?

It may have been, but it was not used so it is no longer included. If you do want to install it do the following:

Note The commands on a linux shell are case-sensitive, this means that Capital is not the same as capital.

 yum install mod_perl
 config setprop modPerl status enabled
 signal-event post-upgrade ; signal-event reboot

• The directory structure is visible. How do I disable indexes in ibays?

SME Server 6.0, 6.0.1, and 6.5 all had the following for the ibays/html directory - "Options Indexes Includes". This would indicate that indexes were allowed for html directories. In SME Server 7.0 this is made a parameter and it defaults to enabled to be compatible with SME Server releases before SME Server 7.0 installations.

To disable indexes for an ibay in SME Server 7.0 do the following:

 db accounts setprop //ibayname// Indexes disabled 
 signal-event ibay-modify //ibayname// 

This issue was first reported here: [[4]]

Reset the root and admin password

1. Restart your server and at the beginning of the boot-up use the arrow keys to select the kernel you would like to boot into.

2. Press A , to allow you to append parameters to your grub boot settings.

3. Be careful not to change anything, only add the following after the A (Be sure to put a space before single):

  single

4. Press enter. you will be presented with a prompt.

5. At this prompt type the following two commands (each followed by a return). You will be asked to provide a new password. Reset both your root and your admin password and set them to the same value:

 passwd root
 passwd admin

Reboot your server and everything should be okay now.

Log Messages

• Log message regarding permissions on /var/spool/qpsmtpd/

You may see messages similar to this in your log file:

@400000004326e9472eccc42c 3243 trying to get config for spool_dir @400000004326e9472ed518fc 3243 Permissions on spool_dir /var/spool/qpsmtpd/ are not 0700

They can be safely ignored. Clamav runs under a different user and needs read access to the spool area to avoid copying the file. [[5]]

• I get messages that look like: (pam_unix)[31705]: session opened for user root by (uid=0)

Most likely these messages coming from a package called SYSSTAT. The package was included in the previous versions of SMESERVER but were removed from the final version of V7. If you see the messages, most likely you had a previous version and upgraded. SYSSTAT isn't needed unless you have a contrib package called SME7ADMIN.

You can safely remove the package by:

yum remove sysstat

Please note that these messages may be caused by other cron jobs (tasks that run automatically) or packages authenticating as root.

• I get a message saying that: the RSA server certificate CommonName (CN)`servername.domainname.tld' does NOT match server name!

If you change the servername, you will be prompted to reboot. When you do, the SMESERVER will generate a certificate for the new servername-domainname combination and httpd.conf will now reference that new name. References to other virtual domains and hosts will generate warnings in the log.

• I get: server squid[3145]: WARNING: Disk space over limit: 148412 KB 102400 KB.

Squid, a package on the SMESERVER, is using 148Mb whereas it is configured with the default cache size limit of 100MB. It looks as though this problem is self limiting - squid is reducing its disk usage over time.

Virtual Domains

• When I create a VIRTUAL DOMAIN, I don't see anything listed in the HOSTNAMES AND ADDRESSES panel for that VIRTUAL DOMAIN.

For a virtual domain to be effective (for email or web), it needs to be configured as INTERNET DNS SERVERS (this is the default value). Since the domain resolves via INTERNET DNS SERVERS, no hostnames or addresses are created locally. For more info please visit the Administration Manual section regarding Domains: [[6]]

PHP Web App

• I need to create (or install) a PHP application that needs access to the /tmp directory.

db accounts setprop ibayname PHPBaseDir /tmp/:/home/e-smith/files/ibays/ibayname/
signal-event ibay-modify ibayname

By default if you have PHP code in an IBAY, it can only run in that IBAY. The above commands will allow PHP code in the IBAY to run outside of its installed directory.

Here is a list of all the IBAY specific settings: [[7]]

Known Problems

This section is to be used to document problems that cannot or will not be fixed through development of SME7.

Backup/Restore

• Using a combination of hardware and software compression for tape backup causes errors

You should use only one of software or hardware compression. Doing both may exercise bugs, and won't reduce the size of data on the tape - it is more likely to increase it. [[8]]

• Backup to desktop 4GB limit

As in previous versions of SME Server, the backup to desktop function has a limit of 4GB. It's not fixable until we know where the limit or limits are. All these components are involved in transferring the backup file, and at least one of them is truncating at 4GB: tar, perl, mod_proxy, apache, TCP stack, browser at desktop end. See this bug listing for details Bugzilla:701

Hardware

• Problem with NIC card.

If your NIC card isn't working, replace it with a different one.

• Losing too many ticks

A kernel bug with Athlon64 processors may cause the system to run slowly, possibly fixed with a later kernel

• VGA problem with VIA EPIA board

Once the installer loads the VGA display loses sync and it is impossible to read what is being displayed. There is a workaround, see this bug report for details: Bugzilla:236

• Intergrated NIC problem with VIA EPIA board

Disabling onboard lan and inserting pci network card works. Issues associated with this network card relate to a beta version of SME, upstream fix from Centos could not be confirmed from reporter. Bugzilla:333

• Slow Disk Format

Installing 2 discs as Primary and Secondary on the same IDE channel may cause slow formatting and is not a very good idea because:
1-May hamper system performance.
2-Does not provide system redundancy if you loose the IDE channel.

• Why does my clock run too fast in SME Server under VMware?

If you are testing SME Server on VMware, you may notice the clock doen't keep time accurately. See this bug report for details and a possible fix. [[9]]

• D-Link DFE 530TXS rev. A1 Ethernet adaptor not recognized (a.k.a. DL10050, Sundance)

Redhat doesn't support this ethernet adapter, so unfortunatly it won't work with SME7. See the Redhat Bugzilla entry below for more information. [[10]] [[11]]

• Boot failure after install if you have enabled hardware raid

There sometimes seem to be conflicts with the SME Server automatic software raid setup in combination with hardware raid. Disabling the hardware raid in your motherboard or controller card's bios is the suggested fix. See these bug reports for details: [[12]] [[13]]

• Realtek 8169 Ethernet is not recommended

The driver included in ~CentOS 4.1 is out of date and has problems. See this bug listing for details, and please update the bug if you have a solution (i. e. updated drivers): [[14]]

• 3com 905 (Cyclone) Ethernet is not recommended

This card is not detected

• These motherboards may need a bios update

2001 CUSI-M motherboard
Tyan S2850G2N with AMD Opteron 160, BIOS update >= 112
Boards using a Dual Pentium Pro are unlikely to work

• Booting in SMP mode results in kernel panic with certain hardware

The combination of a 2MB Cache P4 3.0GHZ CPU, and a Giga-byte GA-81848P775-G (Intel 848P chipset) motherboard produces this problem. Other simialar hardware may be affected. If you encounter this problem, see this bug report for a workaround. [[15]]

• Legacy ~MegaRAID driver is no longer included

Certain raid cards that worked under SME Server 6, do not work under SME Server 7. Adapters with the following PCI vendor ID and device ID pairs are not supported by the megaraid_mbox driver: vendor, device = 0x101E, 0x9010; 0x101E, 0x9060; 0x8086, 0x1960. The lspci -n command can be used to display the IDs for adapters installed in a particular machine. Products with these IDs are known by (but not limited to) the following model names: Broadcom 5820, Dell PERC (dual-channel fast/wide SCSI) RAID controller, Dell PERC2/SC (single-channel Ultra SCSI) RAID controller, Dell PERC2/DC (dual-channel Ultra SCSI) RAID controller, Dell CERC (four-channel ATA/100) RAID controller, DRAC 1, ~MegaRAID 428, ~MegaRAID 466, ~MegaRAID Express 500, HP NetRAID 3Si and 1M. Both Dell and LSI Logic have indicated that they no longer support these models in the 2.6 kernel. As a result, these adapters are no longer supported in Red Hat Enterprise Linux 4 Update 1, upon which SME Server 7 is based. See this bug listing for details, there is an unsupported workaround if needed: [[16]]

• aic7xxx driver hangs on installation boot

On some Compaq Proliant servers (specifically an ML370 G2), & possibly others, the aic7xxx driver will hang if there is nothing connected to the adaptor or if it is not terminated correctly. On most Proliants you can tell the BIOS to not allocate an IRQ to the device which effectively disables it; the ML370 G2 uses an AIC-7899 chip on the motherboard. This problem also exists in the ~CentOS 4.3 base. SME 6.0 loads fine which would seem to indicate that the newer driver in ~CentOS 4.3 can't handle the older system (this Proliant is probably 5 years old). Bugzilla:373

• older systems stop at reboot

This may be an issue from the older P2 and early P3 era BIOS'es but the problem may also occur on some newer chipsets, that don't follow the "specs" for power saving features. Also, this problem seems to be more prevalent in multi-CPU machines. Only a kernel change could provide a real fix to this issue. For some motherboards, there may be a workaround by adding appropriate text to the grub config. The addition of the noapic and acpi=off to etc/grub.conf might solve the problem of reboots failing.

• How should I setup my hard-drives?

We've never recommend anything other than a single disk install or multiple disks of the same type. Anything else and you are following an unrecommended setup and you will need to navigate for yourself.

Installation (not hardware related) & Initial Configuration

• Why is there a delay after verifying administrator password?

There is a delay (2-5 seconds) after verifying administrator password. This is because the password is actually set and checked at this point. Everything else we wait until the script is done to perform any actions. [[17]]

• Use /server-manager, not /e-smith-manager

In previous versions, both aliases worked, but in SME Server 7 you must use /server-manager to access the server manager. [[18]]

• Why can the system not be named 'mail', 'ftp' or 'www'?

If you choose one of these for the hostmane of your server, the atalk (Appletalk) service will have errors and fail. See these bug listings for details: [[19]] [[https://sourceforge.net/tracker/?func=detail&atid=615772&aid=1264588&group_id=96750

• Why is there no option to create reinstallation disk?

There is no option to create a reinstallion disk during installation or later from the Administration section of the server-manager. This is intentional, since it required too much effort to keep it up-to-date as kernels change. The CD contains a rescue mode, which is a better environment for fixing problems, and a reinstall followed by a restore of the configuration works well without us supporting another method. Additionally, the kernel has grown too large for a floppy plus initrd. Even Redhat installs no longer offer to create a boot floppy at install time. More details can be found in Bugzilla:792.

• 4 disk install - md1 is raid1 and md2 is raid5

Even if you have 4 (or more) disks, which are supported by your motherboard and ~CentOS, md1 is always set up as a 4 disk raid1. This is, because you can't boot off a raid-5. md1 is the boot partition and must either be non-raid or raid-1. md2 will be set up as a 4 disk raid5 as expected. More information can be found in Bugzilla:759.

• Anaconda crash from rescue mode when starting network interfaces

There is a problem with the installer and as networking is not essential for a rescue function it won't be fixed any time soon. Bugzilla:712

TroubleShooting

A list of common issues or messages people run into.

Outlook/Outlook Express give error 10060/0x800CCC90

Most likely OUTLOOK (EXPRESS) isn't configured correctly.

-open OUTLOOK
-click TOOLS > ACCOUNTS
-click CHANGE (on the right-hand side)
-find INCOMING MAIL SERVER & OUTGOING MAIL SERVER (on right-hand side)
-type: mail.yourdomain.tld (in both places)
-click MORE SETTINGS (on bottom-right)
-click OUTGOING SERVER tab (at the top)
-checkmark "MY OUTGOING SERVER REQUIRES AUTHENTICATION"
-bullet "USE SAME SETTINGS AS INCOMING MAIL SERVER"
-click ADVANCED tab (at the top)
-find OUTGOING SERVER
-checkmark "THIS SERVER REQUIRES A SECURE CONNECTION" (under outgoing server)
-change 25 to 465
-click OK > NEXT > FINISHED
-you're finished, your email should work now

Outlook test message doesn't come through

You clicked the TEST ACCOUNT SETTINGS in OUTLOOK didn't you? This is a bug in OUTLOOK. The test message sends a test email with 'no Date header'. As the name suggests, this means a message without any date. Since the server doesn't accept mail with 'no Date header' (because it's required) the message is rejected. To test, send an actual message from OUTLOOK.

If you want, you can try THUNDERBIRD. It's like OUTLOOK but made by a different company. It's completely free and works very well at home and at the office.

I can't receive/send email from my application (ACT!, vTiger, etc)

Most likely, this is a bug the application you're using and not a problem with the SMESERVER. The application sends an email with 'no Date header'. As the name suggests, this means a message without any date. Since the server doesn't accept mail with 'no Date header' (because it's required) the message is rejected.

As a workaround you can disable the check for the 'Date header'. To disable this check on the internal interface:

mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local
cd /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local
echo "# 17check_basicheaders disabled by custom template" > \
17check_basicheaders
signal-event email-update

To disable this check for the external interface:

mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0
cd /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0
echo "# 17check_basicheaders disabled by custom template" > \
17check_basicheaders
signal-event email-update