Configuration Cookbook - Linux File/Print/Web/Mail Server - RedHat Linux 7.1 Revised: 06/03/01 Jerry Winegarden jbw@duke.edu This document assumes that you have already installed Red Hat Linux 7.1 according to the cookbook instructions: AAAserver_install_v71.txt This configuration cookbook expects to copy from floppies called: icb_server.tar.gz more_stuff.tar var_spool_lpd.tar These tarchives and/or floppies are collections of important configuration files pre-made to save you time and trouble. The instructions will tell you how and where to copy them and describe any further modifications. Also included are a few software packages which you will need to install. These tarchives can be obtained from: http://www-jerry.oit.duke.edu, or, more specifically: http://www-jerry.oit.duke.edu/linux/HOWTO/config_floppies/ -------------------------------------------------------------------------- ************************************************************************** -------------------------------------------------------------------------- 0) Log in at console as root. -------------------------------------------------------------------------- 1) mkdir /icb; chown icb /icb; chgrp icb /icb (Note: user icb's home directory, /home/icb, could be used instead of /icb. If so, make the appropriate changes in the instructions below, or create a symbolic link from /icb to /home/icb: ln -s /home/icb /icb) -------------------------------------------------------------------------- 2) make a download directory for icb: cd /icb; mkdir downloads chown icb downloads; chgrp icb downloads -------------------------------------------------------------------------- 3) copy icb_server configuration floppy to /icb: cd /icb; dd if=/dev/fd0 of=/icb/icb_server.tar (if you get error message: end_request: I/O error,...Device not configured it's most likely because you either don't have a floppy in the drive or you've got the wrong floppy in the drive. Check it out.) -------------------------------------------------------------------------- 4) unpack icb_server tar archive: cd /icb; tar xvf icb_server.tar This will create directory: /icb/icb_server with 2 subdirectories: etc, var -------------------------------------------------------------------------- Explanation: The following configuration files will need to be copied from /icb/icb_server/etc to /etc and /icb/icb_server/www to /var/www. ************************************************************************** -------------------------------------------------------------------------- (Cookbook re-starts here) -------------------------------------------------------------------------- (Copying from /icb/icb_server directory) cd /icb/icb_server/etc cp hosts* /etc (y to replace) hosts, hosts.allow, hosts.deny cp motd /etc motd=Message of the Day cp printcap* /etc printing configuration file cp resolv* /etc resolv.conf=nameserver list cp sendmail* /etc email service config files cd httpd/conf (pwd should show: /icb/etc/httpd/conf) cp httpd.conf /etc/httpd/conf apache web server config file cd ../../mail (/icb/etc/mail) cp * /etc/mail more email system config files cd ../sysconfig (/icb/etc/mail) cp network /etc/sysconfig a networking config file cd network-scripts cp * /etc/sysconfig/network-scripts most networking config files cd ../samba (/icb/samba) cp * /etc/samba samba smb file service (Micro$oft) config files cd ../xinetd.d (/icb/xinetd.d) cp * /etc/xinetd.d xinet.d directory contains startup config files for network services started up dynamically on demand via xinetd daemon instead of being started up individually at system boot up. cd /icb/icb_server/var/www/html cp * /var/www/html web server documents location (home page, ...) (in /home/httpd/html on <= RH 6.2) -------------------------------------------------------------------------- 5) copy more_stuff floppy to /icb: dd if=/dev/fd0 of=/icb/more_stuff.tar.gz -------------------------------------------------------------------------- 6) unpack /icb/more_stuff.tar: cd /icb; mkdir more_stuff; chown icb more_stuff cd more_stuff (or cd /icb/more_stuff) tar xvzf ../more_stuff.tar.gz -------------------------------------------------------------------------- 7) read the diskette named: "var_spool_lpd.tar" and read it: dd if=/dev/fd0 of=/icb/var_spool_lpd.tar 8) unpack the archive: cd /var/spool; tar xvf var_spool_lpd.tar -------------------------------------------------------------------------- -------------------------------------------------------------------------- 9) obtain and install webmin system administration tool: A) check if ethernet connection working: /sbin/ifconfig Look to see if eth0 has an inet addr: 192.168.1.221 If it does NOT, then: ifdown eth0 ifup eth0 -------------------------------------------------------------------------- Check again: /sbin/ifconfig Look again to see if eth0 has an inet addr: 192.168.1.221 -------------------------------------------------------------------------- Now check to see if you can connect to machines on your LAN: /bin/ping 192.168.1.1 (your ICB router) CTRL-C will abort this ping command (it will run forever otherwise!) (note: if you don't have /bin/ping, then you most likely did NOT install the iputils package. You should do so as soon as possible. -------------------------------------------------------------------------- Now check to see if you can connect to machines outside your LAN: /bin/ping 152.3.202.250 (after a few replies, CTRL-C will abort this ping command -------------------------------------------------------------------------- Now check to see if name service if name service is working for this machine: /bin/ping www.duke.edu CTRL-C will abort this ping command -------------------------------------------------------------------------- -------------------------------------------------------------------------- B) make sure you have a downloads directory: ls /icb ls /icb/downloads If you get an error message that /icb/downloads "file does not exist" then do the following to create it: cd /icb; mkdir downloads; chown icb downloads; cd /icb/downloads -------------------------------------------------------------------------- -------------------------------------------------------------------------- C) lynx http://www.webmin.com (download webmin rpm package) (use up and down arrows to move through choices in web page; hit to select or "take action"; TAB key also moves between links and buttons. Selected choice will be highlighted in red, rest of text is white or blue. ==>Webmin ==>webmin-0.85.rpm ==> D (Download) downloads webmin-0.85.rpm to /icb/downloads (current home directory) - file is about 3.5 MB (3500 KB). ==> Save to Disk Enter a filename: ==>webmin-0.85.rpm (the default choice) accept it by hitting ==>q to quit lynx ==>y are you sure you want to quit? yes -------------------------------------------------------------------------- -------------------------------------------------------------------------- D) ls should see: webmin-0.85.rpm if it's not there, try to download it again -------------------------------------------------------------------------- -------------------------------------------------------------------------- E) rpm -Uvh webmin* install with Update switch the webmin-0.85.rpm Operating system is Redhat Linux 7.1 webmin ########################################## Webmin install complete. You can now login to http://ourserver:10000:/ as root with your root password. -------------------------------------------------------------------------- -------------------------------------------------------------------------- F) rpm -qa | grep webmin show if webmin is installed successfully -------------------------------------------------------------------------- -------------------------------------------------------------------------- G) lynx http://localhost:10000 (test webmin installation) Login to Webmin You must enter a username and password to login to the Webmin server on localhost. Username: ==> root Password: ==> yourrootpassword ==>Login Clear [ ] Remember login permanently? Enter the root username and password to log into Webmin. Move to "Login" and hit to take the action = "login" -------------------------------------------------------------------------- The first time in you might get: localhost cookie: sid=10570003217 Allow? (Y/N/Always/neVer) ==> A (A for Always or Y for Yes will work) -------------------------------------------------------------------------- If successful login to Webmin, you will see: Webmin 0.85 on ourserver (Redhat Linux 7.1) Webmin 0.85 on ourserver (Redhat Linux 7.1) Home Page Feedback.. Version 0.85 on ourserver (Redhat Linux 7.1) ------------------------------------------------------------ Webmin System Servers Hardware Others Webmin Actions Log Webmin Configuration Webmin Servers Index Webmin Users ------------------------------------------------------------ Logout You can exit Webmin now: ==> q (to quit), ==> y (are you sure?) ------------------------------------------------------------------------- ************************************************************************** ------------------------------------------------------------------------- Now, a couple of files still might need to be edited, but most are now configured. Files that need to be edited will be mentioned below. -------------------------------------------------------------------------- ************************************************************************** -------------------------------------------------------------------------- Useful Linux commands: Access alternate "virtual console windows": CTRL-ALT-F# where #=1-6 (F1,F2,...,F6) You will get another system prompt, login: The other window is still active until you log out of it. To log out of a session: CTRL-D (control-D = "end of file" = "log out" Abort a task: CTRL-C Abort current task or command -------------------------------------------------------------------------- ************************************************************************** -------------------------------------------------------------------------- A linux server can provide many different services. This cookbook is intended to explain in set-by-step detail how, after installing Red Hat Linux 7.1 according to the instructions of the Cookbook for Installing Red Hat Linux 7.1 Server, to configure the machine to provide four important services: file, print, web, mail. Configuration details for each of these services will be presented in a separate section. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Section I: File Service -------------------------------------------------------------------------- There are 4 kinds of file service that can be provided by this linux server to three different types of client machines. The three different types of machines: PC's running Microsoft Windows (95/98/ME/NT/W2K), Apple Macintoshes running MacOS, and Unix computers (including Linux). The four kinds of file service are: Microsoft Networking (SMB through Network Neighborhood), Novell Netware, Appleshare, and (Unix) Network File System (NFS) (which UNIX and Linux systems support). This document will explain how to configure this system for SMB (Microsoft Networking) through the Samba package and NFS. When time allows, a description of how to configure Appleshare will be added and eventually a Novell Netware service configuration how to will be added to this document. --------------------------------------------------------------------------- Installation presumptions: required packages to be installed: samba (both packages), NFS (bind, etc), portmapper. If the Linux server INSTALLATION cookbook is followed, these and any other necessary packages will have been installed. --------------------------------------------------------------------------- *************************************************************************** --------------------------------------------------------------------------- SMB Samba file service configuration: --------------------------------------------------------------------------- 0) Check to see if samba package is installed: rpm -qa | grep samba 1) Note: this cookbook assumes that you have already copied the samba smb.conf file from /icb/icb_server/etc/samba to /etc/samba. If not, do so now. (see following instructions:) From /icb directory, copy the samba configuration file to the /etc directory: (Note: if /etc/samba directory does NOT exist, then create it now with command: cd /etc; mkdir samba. ls /etc or ls /etc | more will list the full contents of the /etc directory. Look to see if the directory /etc/samba exists.) cp /icb/icb_server/etc/samba/smb.conf /etc/samba Overwrite? y --------------------------------------------------------------------------- --------------------------------------------------------------------------- There are two ways to administer samba Windows file/print service. 1) "by hand" or 2) using webmin: (lynx http://localhost:10000) --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- To view/change which directories/printers are shared to MS Windows machines: --------------------------------------------------------------------------- --------------------------------------------------------------------------- BY HAND: Edit the file /etc/samba/smb.conf to meet your needs. The pre-configured version from from the icb_server.tar files provides for sharing "home" directories, sharing a "tmp" (read-write) directory, sharing a "public" (read-write) directory and a "programs" (read-only) directory. Several examples of other type directory shares are included in comment form in smb.conf. If you want to enable an example (modifying it, of course), then remove the # from every line in the example "stanza" you want to make active. By default, password encryption is off, and the share is "user mode". This means that to access resources (directories and printers) from a PC with Microsoft Windows networking client, you must log onto Microsoft Networking as the user account name on the icb-server (ourserver) with the same password. For example, User: teacher1, password: youknowwhat means you should have a Linux user (see /etc/passwd file) named teacher1 with youknowhatisthe password. You should also have an smbpasswd file entry for teacher1, with the same password. Note: you can change which directories are shared and password access by editing /etc/samba/smb.conf. However, until you know what you want, the default smb.conf file copied from /icb/icb_server/etc should be quite adequate. --------------------------------------------------------------------------- --------------------------------------------------------------------------- BY WEBMIN: (Recommended method) ==>lynx http://localhost:10000 (Username: root, Password: yyyyyy) ==>Servers ==>Samba Windows File Sharing You will see the following: Samba Share Manager (p1 of 2) Webmin Index Module Config S a m b a S h a r e M a n a g e r ------------------------------------------------------------ Share Name Path Security home All Home Directories Read/write to all known users printers All Printers Printable to everyone tmp /tmp Read/write to everyone public /home/public Read/write to everyone Programs /home/programs Read only to everyone Create a new file share Create a new printer share Create a new copy View All Connections ------------------------------------------------------------ Global Configuration Unix Networking Windows Networking --press space for next page -- Arrow keys: Up and Down to move. Right to follow a link; Left to go back. H)elp O)ptions P)rint G)o M)ain screen Q)quit /=search [delete]=history list next page: Samba Share Manager (p2 of 2) Authentication Windows to Unix Printing Miscellaneous Options File Share Defaults Printer Share Defaults SWAT ------------------------------------------------------------ Start Samba Servers The Samba servers do not appear to be running on your system. This means that the shares listed above will not be accessible to other computers. ------------------------------------------------------------ <- Return to index _______________________________________________________________________ ----------------------------------------------------------------------- The above list of shared directories is probably good to begin with. When you know what changes you want to make, come hear and make the change. However, to Start the Samba servers, go back to the first Webmin menu and go to System options to change what processes start at system boot up. ==> <- (hit the LEFT arrow to go back a window) Use up-arrow to go back up through list until: ==>System ==>Bootup and Shutdown Now, tab or down-arrow down list to: ==> smb No Starts and the Samba smbd and nmbd daemons used to provide SMB network services. ---------------------------------------------------------------------- You get the following page: Edit Action (p1 of 9) Webmin Index Module Index E d i t A c t i o n ------------------------------------------------------------ Action Details Name smb Action Script #!/bin/sh # # chkconfig: - 91 35 # description: Starts and stops the Samba smbd and nmbd daemons \ # used to provide SMB network services. ------------------------------------------------------------------------- # Source function library. if [ -f /etc/init.d/functions ] ; then . /etc/init.d/functions elif [ -f /etc/rc.d/init.d/functions ] ; then . /etc/rc.d/init.d/functions else ... ------------------------------------------------------------------ Use TAB to jump down over the text of the "Action Script", down to Start at boot time? ( ) Yes (*) No Started now? No ^^^^^^^ With "Yes" highlighted (in Red), ==> hit , to move the "*" from "No" over to "Yes" ------------------------------------------------------------------- Move down to: ==> Save ------------------------------------------------------------------- <- (Left arrow to go back to this page) Move down to: ==> Start Now ==> -------------------------------------------------------------------- Executing /etc/rc.d/init.d/smb start .. Starting SMB services: [ OK ] Starting NMB services: [ OK ] You have successfully started up the smbd service. (Note: both smbd and nmbd must be started. nmbd is for broadcasting your system's existence to the rest of the "Network Neighborhood") ==>q (quit webmin), ==> y (are you sure?) --------------------------------------------------------------------------- --------------------------------------------------------------------------- Start/Stop/Restart Samba file/print services --------------------------------------------------------------------------- Note: To start samba services, you must make sure that both smb and nmbd processes start up. nmbd broadcasts the existence of icb-server (or ourserver) in Network Neighborhood. Turn smbd services on: --------------------------------------------------------------------------- BY HAND: ps ax | grep smb (lists if running or not) ps ax | grep nmb (lists if running or not) /etc/rc.d/init.d/smb start|stop|restart|status will start both smbd and nmbd (Choice of actions: start, stop, restart, or show status of anything started in /etc/rc.d/init.d: ls /etc/rc.d/init.d will show what is started there) --------------------------------------------------------------------------- BY WEBMIN: (recommended) lynx http://localhost:10000 Username: root Password: youknowwhat ==>Login ==> System ==> Boot up and Shutdown Action Start at boot? Description anacron Yes Run cron jobs that were left out due to downtime.... apmd Yes apmd is used for monitoring battery status and logging it via... Move down to smb. ==> will open up smb start up configuration. ------------------------------------------------------------------------- ************************************************************************* ------------------------------------------------------------------------- Changing which daemon processes are started up automatically at boot time ------------------------------------------------------------------------- Processes scheduled to start or stop can be listed BY HAND: chkconfig --list | more (chkconfig can also be used to make changes) BY WEBMIN: ==>lynx http://localhost:10000 ==>System ==>Bootup and Shutdown Move up and down list, to change startup status of service selected. ------------------------------------------------------------------------- Note: if a daemon service needs to start up with some parameters, use webmin to edit the shell script used to start up the process, adding the parameters to the command line inside that shell script The process startup shell scripts are referred to as "Action Script" by Webmin. Use the arrow keys to move on down through the lines of the Action Script. After the line "# start daemon", you will see the line: "daemon /usr/sbin/programname" (e.g. daemon /usr/sbin/lpd) This command starts that process. If parameters need to be added to the startup, merely add them to the end of this "daemon ..." line. ------------------------------------------------------------------------- Using webmin, to change a process from starting (Yes) to NOT starting (No), do the following: ==> apmd Turn if OFF Move all the way down through the Action Script down to: Start at boot time? ==>(*)Yes ( )No Now, move cursor to ( )No (down arrow). Now, hit to Select (*)No instead. (It will no longer start at boot time) Now, move down to ==> Save and hit , Hit LEFT ARROW (goes back to SAVE/Start Now screen) ==> Stop Now and hit . "Executing /etc/rc.d/init.d/apmd stop .. Shutting down APM daemon: [ OK ]" ------------------------------------------------------------------------- ------------------------------------------------------------------------- Daemons to turn off: apmd, gpm, pcmcia, rhnsd, xfs (Change "Start at boot time?" to "No", and select "Stop Now") ------------------------------------------------------------------------- Daemons to start at boot time: anacron, atd, crond, httpd, identd, keytable, kudzu, linuxconf, lpd, mysqld, netfs, network, random, rawdevices, sendmail, smb (smbd and nmbd), sshd, syslog, webmin, xinetd, /etc/rc/rc.local --------------------------------------------------------------------------- *************************************************************************** --------------------------------------------------------------------------- NFS file service (to other Linux/Unix boxes) This service is optional (it can be used to install Linux to other computers) -------------------------------------------------------------------------- The one file to configure: /etc/exports This file lists which directories are exported to other machines. An NFS "exported" directory is one that is shared up to other machines on the network that have the NFS client software, which every Linux or Unix box on the LAN have. (There is a product called PC-NFS, by the way, but it is not normally done.) If a directory is exported, then it is eligible to be mounted on a remote machine (which has NFS client, and which is in the allowed list of machines, if some export restrictions have been applied), as if that directory were actually on the remote machine. To mount such a remote file system, you use any available directory ("mount point") - e.g. /mnt/foo1 (cd /mnt; mkdir foo1 makes a mount point); use the mount command with the -t nfs (t="type") to mount the remote directory: mount -t nfs servermachinenameornumber:/exporteddirectory /mnt/foo1 The /etc/exports file looks like: /usr/local /var /mnt/cdrom (ro) ro = "Read Only", rw = "Read Write" Notice that you can share a CD this way. Note: since your LAN is behind your icb firewall, it is probably OK to run NFS. If you were directly accessible from the Internet, it is best to NOT run NFS except when you need to. To start NFS: /etc/rc.d/init.d/nfs start --------------------------------------------------------------------------- *************************************************************************** --------------------------------------------------------------------------- Web service - apache httpd -------------------------------------------------------------------------- Assuming that the Apache web server package, httpd, is installed. There is not much configuration to do at this point. There is one change to make to the httpd configuration file: /etc/httpd/conf/httpd.conf Using an editor such as joe, change the "ServerName" line from ServerName localhost to ServerName yoursitename.org or yoursitename.dnydns.org depending on whether you have defined your site name in the correct man. -------------------------------------------------------------------------- (You should have previously copied a pre-configured copy of the httpd configuration file to /etc/httpd/conf: cd /icb/icb_server; cp httpd/conf/httpd.conf.icb-server /etc/httpd/conf cd /etc/httpd/conf; cp httpd.conf httpd.conf.orig -------------------------------------------------------------------------- -------------------------------------------------------------------------- 6) edit the file httpd.conf.icb-server with vi or joe editor, changing: cd /etc/httpd/conf joe httpd.conf or vi httpd.conf (your choice of editors) -------------------------------------------------------------------------- Make the following changes: ServerAdmin jbw@duke.edu --> ServerAdmin yourname@youraddress ServerName 152.16.72.33 --> ServerName yoursystemnameorexternalnumber (See internal comments in this file about these 2 changes) For example: ServerAdmin icb@yourserverregisteredname.dyndns.org or ServerAdmin icb@yourorganizationregisteredname.org Also, example: ServerName yourserver_external_ip_number (if it has a STATIC number) or ServerName yourserverregisteredname.dyndns.org or ServerName yourserverregisteredname.org -------------------------------------------------------------------------- -------------------------------------------------------------------------- 7) Web pages served up are in: /var/www/html The default home page is: /var/www/html/index.html Create subdirectories under this directory and replace index.html with your site's "home page", which links to the rest of the pages. You can use ftp and cp to copy your site's web pages from other web servers to subdirectories in /var/www/html. -------------------------------------------------------------------------- -------------------------------------------------------------------------- 8) start apache web server manually: /etc/rc.d/init.d/httpd start It should start up successfully. (Or use webmin to start it up). If you make a change in /etc/httpd/conf/httpd.conf, you must RESTART httpd in order to make the changes active: /etc/rc.d/init.d/httpd restart -------------------------------------------------------------------------- -------------------------------------------------------------------------- 9) make sure apache web server is running: ps ax | grep http If web server is running, you should see several lines with process name: httpd If httpd is NOT running, then check out the system error log: tail /var/log/messages or tail -n 100 /var/log/messages | more Also, if you try to start httpd by hand (/etc/rc.d/init.d/httpd start) and it FAILS, then check out the error message. It will most likely say something about "missing file" or whatever. This most likely refers to a problem in the /etc/httpd/conf/httpd.conf file, which you must fix in order to allow httpd to start. -------------------------------------------------------------------------- -------------------------------------------------------------------------- 10) Make sure that this server's ethernet connection is working: ifconfig (or /sbin/ifconfig) a) Look at the eth0 stanza. IP address should be: 192.168.1.221 System start up should have displayed the message: ETH0 Startup [OK] (not [FAILED]) b) ping 152.3.202.250 ( CTRL-C will abort the command after it displays replies from this machine if successful) ping www.duke.edu ( CTRL-C will abort this command after it displays several replies from www.duke.edu if successful. This tests if DNS is working.) c) lynx http://www.duke.edu (or your favorite Web page: http://www-jerry.oit.duke.edu :-) ************************************************************************** -------------------------------------------------------------------------- Mail Service Configuration -------------------------------------------------------------------------- Assumes that sendmail, sendmail.cf, imap packages are installed. To list if those packages are installed: rpm -qa | grep sendmail rpm -qa | imap -------------------------------------------------------------------------- -------------------------------------------------------------------------- Mail configuration changes: -------------------------------------------------------------------------- A. edit sendmail configuration file: joe /etc/sendmail.cf Change the line: Dj ==> Djyourpreferredemailsystemname.org For example: Djcopcdurhamnc.dyndns.org or Djronaldhousedurham.org Note: NO space between the Dj command and the system name Also, do NOT use: Dj$w.yourpreferredsystemname.org - leave out the $w part. (save, then exit) B. edit the /etc/mail/access file: cd /etc/mail; cp access access.bak; cp access.db access.db.bak joe access Check for the following line (add it if it doesn't exist): 192.168.1.0 RELAY or you should see a line for each IP number on your LAN: 192.168.1.2 RELAY 192.168.1.3 RELAY ... 192.168.1.200 RELAY (save, then exit) Note: /etc/mail/access is a text file; allowing any machine on your local LAN to send mail out through it (let this machine be an smtp relay agent for any machine with IP number 192.168.1.x, which is every machine on your LAN Note: this file already has the line: 127.0.0.1 RELAY (or localhost RELAY) This allows this machine to send out its own mail (127.0.0.1 = localhost = this_machine) C. IF you make a change in /etc/mail/access, you must re-make the mail smtp relay access database: cd /etc/mail; cp access.db access.db.bak makemap hash /etc/mail/access.db < /etc/mail/access D. edit imap, pop files in /etc/xinetd.d to enable them (remove the "disable yes" line if it is there) cd /etc/xinetd.d joe imap delete line: disable yes likewise, for ipop2, ipop3, imaps, pop3s (Note: imaps, pop3s are ssh secure versions) E. restart sendmail: /etc/rc.d/init.d/sendmail restart F. Check to see if the imap, imaps, ipop2, ipop3, pop3s are enabled in xinetd.d: chkconfig --list (see end of list) NOTE: be sure that your firewall (icb) box (NOT this server), has IP port 25 forwarded to this server: (Check for 2 lines added to near bottom of file on icb router, /etc/rc.d/rc.firewall) ipmasqadm portfw -a -P tcp -L $extip 25 -R $mailserverip 25 ipmasqadm portfw -a -P udp -L $extip 25 -R $mailserverip 25 (where extip is defined as the "external" IP number for eth1 or ppp0, mailserverip: export mailserverip = 192.168.1.201 or .221 whichever you have assigned to this mail server box) (Note: this will allow mail to be sent/received by this server and you can use email pop or imap clients such as eudora, outlook, outlook express, Netscape communicator to read mail from their mailboxes on this server. It will NOT allow you to use such imap or pop clients to read mail in mailboxes on this server if you are sitting out in the world somewhere. Ports 143 (imap), 110 (pop3), 220 (imap3) can be portforwarded on the icb firewall (add lines to end of /etc/rc.d/rc.firewall, but lines must be added to /etc/mail/access to allow those outside remote systems to send mail through this system (RELAY). If such a machine has a statically assigned (permanent) IP number, then it can be added. If, however, such an outside PC receives it's IP number from a dhcp server, then it cannot (unless you allow all the IP numbers from that ISP access, which would open you up to allowing relaying from ALL Mindspring or AOL users, which you do NOT want to do (TRUST ME!)). To be able to read/send email through mailboxes on this server machine from machines in the outside world (outside your building), or even from local machines that don't have eudora or outlook or Netscape communicator configured for that person, there is an alternative package to install: horde.org's imp web mail client. Instructions for installing horde imp are provided below. -------------------------------------------------------------------------- Static IP number, registered domain name? If NOT, then you will need to register a domain name with dyndns.org: (http://www.dyndns.org; register a name: foo, so your domain name will be: foo.dyndns.org), then (obtain and install, then) start up as a daemon at system bootup the perl script: ddclient. --------------------------------------------------------------------------- *************************************************************************** --------------------------------------------------------------------------- Print Service Configuration 1) Make sure the package LPRng is installed (newer version of lpr service): rpm -qa | grep LPRng --------------------------------------------------------------------------- 2) Make sure the package rhs-printfilters is installed: rpm -qa | grep rhs-printfilters --------------------------------------------------------------------------- 3) Check out /etc/printcap. If you have network printers, you can add them, much like the Apple Laserwriter lines in /icb/icb_server/etc/printcap. Also, if you have a parallel printer connected (e.g. HP Deskjet or Laserjet), then it is known as /dev/lp0. You can edit /etc/printcap to add whatever aliases you want for printers. Or, use webmin to add printers. The version of printcap that you copied from the /icb/icb_server/etc directory has entries for three printers: Apple Laserwriter 16/600PS (postscript files; network printer), Apple Laserwriter 16/600PS (text files; network printer), HP Laserjet 6P (parallel port connection) If you have an Apple Laserwriter network printer, you will have to edit /etc/printcap and change the IP number of the two Apple Laserwriter entries to the number you have assigned to your printer. You will have to use printtool or webmin to add more printers. --------------------------------------------------------------------------- 4) Copy tar file from floppy called: "var_spool_lpd.tar" cd /icb; dd if=/dev/fd0 of=/icb/var_spool_lpd.tar --------------------------------------------------------------------------- 5) unpack this tar file to /var/spool/lpd: cd /var/spool/lpd; tar xvf /icb/var_spool_lpd.tar --------------------------------------------------------------------------- 6) To test if printers are working: lpr -Plp0 /etc/hosts prints the text file /etc/hosts to the printer on /dev/lp0, which is the parallel printer. lpq -Plp0 shows print queue contents. There are a couple of other lp queue commands: lprm, lpstat. --------------------------------------------------------------------------- *************************************************************************** --------------------------------------------------------------------------- Configuring Web Mail client - horde/imp --------------------------------------------------------------------------- --------------------------------------------------------------------------- *************************************************************************** --------------------------------------------------------------------------- Other Configuration Tasks --------------------------------------------------------------------------- Install Web System Administration Tool - webmin --------------------------------------------------------------------------- 1) obtain copy of Webmin system administration tool: a) cd /icb; mkdir downloads; cd downloads b) use lynx or ftp to download webmin package in rpm format i) lynx http://www-jerry.oit.duke.edu/linux/uploads/webmin-0.84.rpm or ii) lynx http://www.webmin.com ==> Webmin (hit to follow link to Webmin) (Note: use Arrow keys to move up and down, to follow a link, selected link is highlighted when text color is RED instead of blue.) Arrow down to: format (==>webmin-0.84.rpm 3382 KB) ==> webmin-0.84.rpm (hit to follow link to this package (in rpm format) ==> D (download) Wait while it downloads (3.3 MB or so) ==> Save to disk ( to cause this action) Enter a filename: webmin-0.84.rpm ==> (saves it under that name in the current working directory, which is /icb/downloads. ==> q (quit lynx) ==> y (are you sure you want to quit?) -------------------------------------------------------------------------- 2) Install webmin from /icb/downloads: cd /icb/downloads; rpm -Uvh webmin* ---------------------------------------------------------------------------- Note: SYSTEM MANAGEMENT software options Several system management tasks can now be accomplished by: A) Webmin. Access via any web browser (e.g. lynx) as follows: lynx http://localhost:10000 (Note: you are NOT running a webserver on your machine) (Note: localhost is the local network name for this machine, port 10000 is the special IP port for webmin system administration) B) /usr/sbin/linuxconf C) "by hand" (logged in as root, or logged in as icb and "su" command to "become" superuser/root user) There is always a way to do things by hand on a Linux system in case your favorite tool isn't available or it seems to not work. The tools are there for your convenience, but there is always a way to get the job done. i) most linux configuration files are in text format (somewhere in the /etc directory) and can be changed via a simple editor such as "joe" or "vi". ii) user accounts can be added/deleted via: useradd (or adduser), userdel (or deluser) (or even editing the /etc/passwd file...) iii) passwords can be changed via: passwd iv) services can be started/stopped by: /etc/rc.d/init.d/ start|stop|restart|status v) listing of running processes on system: ps aux | more (or ps ax | more) vi) stopping (killing) processes (see iv above for 1 method) kill -9 where is the "Process ID" number which is shown in the ps aux listing of processes (found in about the 2nd column). e.g.: kill -9 4833 (kill -9 4833 4835 13513 to kill more than one) vii) chkconfig can be used to turn on/off service daemons during system boot: chkconfig --list | more viii) error logs can be examined: tail -n 100 /var/log/messages | more (looks at last 100 lines) tail /var/log/maillog tail -n 100 /var/log/secure | more ix) shutdown (halt or restart) system: (/usr/sbin/)shutdown -h | -r now This should not be necessary very often at all to shutdown. Individual service daemon processes can be started, stopped, or restarted without having to restart the whole system. ---------------------------------------------------------------------------- 3) Test webmin: ==> lynx http://localhost:10000 Username for 'Webmin Server' at server 'localhost:10000': ==> root Password: ==> ---------------------------------------------------------------------------- Note concerning lynx web browser usage: Text only browser, no mouse. Use arrow keys or TAB key to move up and down within a text page, or from one link or BUTTON to the next. Press to go to that link ("HIT" that button) (another web page, or performs a particular task (runs a CGI program) in the case of webmin system admin tool)). To quit lynx: q To go back to a previous page, use the LEFT arrow key. ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- -------------------------------------------------------------------------- ---------------------------------------------------------------------------- **************************************************************************** ---------------------------------------------------------------------------- Enable/Disable which service daemons start up at system boot time ---------------------------------------------------------------------------- 1) Turn on/off/configure service daemons using webmin: Process is described above. lynx http://localhost:10000 username: root password: xxxxxxxx ==>System ==>Bootup ...... ---------------------------------------------------------------------------- **************************************************************************** ---------------------------------------------------------------------------- Re-boot system ---------------------------------------------------------------------------- shutdown -r now (-r = "Reboot", "now" is the time = "no delay", -h = "Halt" (shutdown and stop) When it comes back up, login as user root (superuser). Login: ==>root Password: ==> youknowwhat The system (bash shell command prompt): [root@ourserver /root]# (System or root user prompt #) [icb@ourserver icb]$ (Non-system or root user prompt $) ---------------------------------------------------------------------------- **************************************************************************** ---------------------------------------------------------------------------- Add Users ---------------------------------------------------------------------------- 1) Connect via webmin (or use command: useradd theusername; passwd ...) 2) specify username, password, home directory (/home/username is the default home dir). 3) check /etc/passwd file when done: more /etc/passwd The users you add will appear near the end of the file (they will be appended). File looks like: ---------------------------------------------------------------------------- Contents of /etc/passwd ---------------------------------------------------------------------------- root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin: daemon:x:2:2:daemon:/sbin: ... icb:x:500:500:ICB Server Admin:/home/icb:/bin/bash foo:x:501:501:user with name foo:/home/foo:/bin/bash ":" separates "fields" in this file. Field 1: user name Field 2: password (kept in shadow password file) - no passwords here Field 3: UID (User ID number) Field 4: GID (Group ID number) 3) check /etc/passwd file when done: more /etc/passwd The users you add will appear near the end of the file (they will be appended). File looks like: root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin: daemon:x:2:2:daemon:/sbin: ... icb:x:500:500:ICB Server Admin:/home/icb:/bin/bash foo:x:501:501:user with name foo:/home/foo:/bin/bash ":" separates "fields" in this file. Field 1: user name Field 2: password (kept in shadow password file) - no passwords here Field 3: UID (User ID number) Field 4: GID (Group ID number) 3) check /etc/passwd file when done: more /etc/passwd The users you add will appear near the end of the file (they will be appended). File looks like: root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin: daemon:x:2:2:daemon:/sbin: ... icb:x:500:500:ICB Server Admin:/home/icb:/bin/bash foo:x:501:501:user with name foo:/home/foo:/bin/bash ":" separates "fields" in this file. Field 1: user name Field 2: password (kept in shadow password file) - no passwords here Field 3: UID (User ID number) Field 4: GID (Group ID number) - by default - every user in their own group Field 5: User's Full name (optional free text) Field 6: Home Directory (by default: /home/username) Field 7: Default shell (or program) to run or allowed to run (/bin/false = can't run anything ("in jail") /bin/bash is the default bash shell ---------------------------------------------------------------------------- **************************************************************************** ---------------------------------------------------------------------------- Check List of Active Processes ---------------------------------------------------------------------------- List system processes: ps aux | more You should see something like: PID TTY STAT TIME COMMAND 1 ? S 0:05 init [3] 2 ? SW 0:00 [kflushd] 3 ? SW 0:01 [kupdate] 4 ? SW 0:00 [kpiod] 5 ? SW 0:00 [kswapd] 6 ? SW< 0:00 [mdrecoveryd] 45 ? SW 0:00 [khubd] 309 ? S 0:00 syslogd -m 0 319 ? SW 0:00 [klogd] 334 ? SW 0:00 [portmap] 350 ? SW 0:00 [lockd] 351 ? SW 0:00 [rpciod] 361 ? SW 0:00 [rpc.statd] 430 ? S 0:00 [identd] 433 ? S 0:00 [identd] 434 ? S 0:00 [identd] 436 ? S 0:00 [identd] 437 ? S 0:00 [identd] 449 ? S 0:00 /usr/sbin/atd 480 ? SW 0:00 [xinetd] 495 ? S 0:00 /usr/sbin/sshd 516 ? SW 0:00 [lpd] 734 ? S 0:00 crond 767 tty1 SW 0:00 [login] 768 tty2 SW 0:00 [mingetty] 769 tty3 SW 0:00 [login] 770 tty4 SW 0:00 [mingetty] 771 tty5 SW 0:00 [mingetty] 772 tty6 SW 0:00 [mingetty] 775 tty1 S 0:00 -bash 6546 tty3 S 0:00 -bash 6644 ? S 0:00 perl /usr/libexec/webmin/miniserv.pl ... 15567 ? S 0:01 /usr/sbin/httpd -D HAVE_DAV -D HAVE_PERL ... 15570 ? S 0:00 /usr/sbin/httpd -D HAVE_DAV -D HAVE_PERL ... 15571 ? S 0:00 /usr/sbin/httpd -D HAVE_DAV -D HAVE_PERL ... 15572 ? S 0:00 /usr/sbin/httpd -D HAVE_DAV -D HAVE_PERL ... 15573 ? S 0:00 /usr/sbin/httpd -D HAVE_DAV -D HAVE_PERL ... 15574 ? S 0:00 /usr/sbin/httpd -D HAVE_DAV -D HAVE_PERL ... 15575 ? S 0:00 /usr/sbin/httpd -D HAVE_DAV -D HAVE_PERL ... 15576 ? S 0:00 /usr/sbin/httpd -D HAVE_DAV -D HAVE_PERL ... 15577 ? S 0:00 /usr/sbin/httpd -D HAVE_DAV -D HAVE_PERL ... 15609 ? S 0:00 sendmail: accepting connections 15781 ? S 0:00 smbd -D 15791 ? S 0:00 nmbd -D 15841 ? S 0:00 sh /usr/bin/safe_mysqld --user=mysql --log=... 15870 ? S 0:00 /usr/libexe/mysqld --basedir=/usr --datadir=... 15872 ? S 0:00 /usr/libexe/mysqld --basedir=/usr --datadir=... 15873 ? S 0:00 /usr/libexe/mysqld --basedir=/usr --datadir=... 16321 tty1 R 0:00 ps ax 15322 tty1 S 0:00 more Make sure you have a line for: sshd, sendmail, smbd, nmbd Several lines for: httpd (/usr/sbin/httpd), and identd ------------------------------------------------------------------------- Note: Trouble reading e-mail via imap with Netscape Communicator (or other e-mail client program on a MS Windows PC on your LAN)? If the process information table shows identd as: ... "[identd]" and NOT "... identd -e -o", and if you cannot read email via imap or pop client (e.g. Netscape Communicator) on a Windows PC on your LAN (can't seem to connect to mailbox server, 192.168.1.221), then try restarting identd: /etc/rc.d/init.d/identd restart Magically, ps ax should show identd with identd -e -o, and imap mail service should work (you should be able to read mail with Netscape Communicator from your mailbox on 192.168.1.221). ------------------------------------------------------------------------- Note: a process can be killed by: kill -9 pid where pid is from the first column of the ps ax (or ps aux) command output. (e.g. kill -9 15873) ------------------------------------------------------------------------- Other things to check: IP number, hostname, /etc/hosts, /etc/hosts.deny, /etc/hosts.allow, route, xinetd-enabled services: 1) /sbin/ifconfig eth0 Link encap:Ethernet HWaddr 00:10:5A:13:60:5D inet addr:192.168.1.221 Bcast:192.168.1.255 Mask... UP BROADCAST RUNNING... ... Interrupt:9 Base address:0x5000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING ... ... eth0's ip address for "ourserver" should be: 192.168.1.221 2) /bin/hostname ourserver 3) cat /etc/hosts 127.0.0.1 localhost.localdomain localhost 192.168.1.221 icb-server ourserver 192.168.1.1 icb ourrouter 3) cat /etc/hosts.deny ALL: ALL 4) cat /etc/hosts.allow ALL: 127.0.0.1, localhost, LOCAL, 192.168., 152.3., 152.16., .duke.edu 5) /sbin/route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo0 default icb 0.0.0.0 UG 0 0 0 eth0 6) list xinetd services enabled: chkconfig --list ... webmin 0:off 1:off 2:on 3:on 4:off 5:on 6:off xinetd based services: linuxconf-web: off swat: off telnet: on wu-ftpd: on imap: on imaps: on ipop2: on ipop3: on pop3s: on imap, imaps, ipop2, ipop3, pop3s needed for mail service 7) Show disk space usage: Filesystem 1k-blocks Used Available Use% Mounted on /dev/hda1 249871 48044 188927 21% / /dev/hda2 861132 36 817352 1% /home /dev/hda3 809556 294588 473844 39% /usr /dev/hda7 398250 14196 363493 4% /var If a file system is too full (98%...) then check on freeing up space. /var might grow (spool, web pages). /home might grow (home directories) ---------------------------------------------------------------------------- **************************************************************************** ---------------------------------------------------------------------------- Install/Configure Horde/IMP Web Mail Client package (read e-mail from any web browser, anywhere in the world, not just from a computer on your LAN). ---------------------------------------------------------------------------- Please see document: AAA_horde_imp_webmail_install_configure.txt