Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - jcanfield

Pages: 1 [2] 3 4 ... 6
16
Here what you need to do:

For Logon drive:

Edit: /usr/share/ebox/stubs/samba/smbldap.conf.mas
Code: [Select]
userHomeDrive="H:"

For Logion scripts:

Create a file in /home/samba/netlogon called "logon.bat"
Code: [Select]
REM Set the time
net time \\ebox-srv /set /yes

REM Map Office files to the O: Drive
net use O: /del
net use O: "\\ebox-srv\Office Files"

Currently there are some problems with the way the netlogon directory is shared so edit you smb.conf.mas to the following:

Code: [Select]
[netlogon]           
        comment = Network Logon Service
        path = /home/samba/netlogon/   
        guest ok = yes                 
        locking = no

Now convert the netlogon script to DOS format so clients read it properly

Code: [Select]
# unix2dos /home/samba/netlogon/logon.bat

Restart everything and you should have a working install.  I have been meaning to do a howto on this for a while.

Hope this helps,

-Jim


17
Installation and Upgrades / DHCP-> Advanced: 'next-server' needs work.
« on: January 12, 2009, 04:35:04 am »
I can't input a filename in the 'next-server' (Thin client section) using an ip address.  Ebox assumes I want to upload a file for some reason.

I Created a ticket:

http://trac.ebox-platform.com/ticket/1252

18
Can you give some details about your config?  Versions and and settings on your "File Sharing" screen.

Also run this command on the ebox console and post the output:

Code: [Select]
smbclient -L localhost -U%

19
Installation and Upgrades / Ebox install HOWTO. (Part 1)
« on: January 06, 2009, 05:01:49 am »
INSTALL EBOX STEP by STEP

Ebox is a fantastic tool once it's up and running.  For some, especially those without much linux experience, installing ebox can be somewhat challenging. As a result, I've decided to write a quick HOWTO covering a typical ebox installation.

Prerequisites:

1 Computer or server (old or new)
2 Network cards (They will be referred to as "eth0" and "eth1")
1 EBOX install CD burned from ISO.
1 Active Internet connection (DHCP or static)
1 CD-ROM drive (Set as default boot device)

Assumptions:

This computer will act as the primary gateway for the local network
eth0 will be the WAN connection (Internet facing connection)
eth1 will be the LAN connection (Local Network) with an IP of 192.168.1.1
Ebox hostname will be DEMONET-SRV
Ebox will provide DHCP to the local network with a range of 192.168.1.100-150
Ebox Windows Domain name will be DEMONET
Ebox domain name will be DEMONET.LAN
EBox will allow all outgoing connections
EBox will provide DNS services for the local network
Administrator username: demoadmin
Administrator password: not2forget
Ebox Password: not2forget
Ebox admin port: 443

Initial Install:

Once you have successfully burned an ebox ISO, you are ready to begin installing.  Assuming you already have a functioning network in place with DHCP services, the easiest way to install is using DHCP from your existing network. No need to unplug that old linksys router...Not yet anyway.

Plug into your existing DHCP network via the WAN (eth0) port on the server. I know this seems backwards since you are on a local network, but it's easier to setup eBox from the outside->in than it is from the inside-> out.

Next, power-on and boot from the CD-ROM.  Select "Install Ubuntu Server" and answer the generic setup options until you are asked to choose a network interface to configure.

Choose eth0 -  If your network support dhcps it will automatically configure itself.  If it doesn't, perhaps your cable is actually plugged into eth1.  If this is the case, go ahead and move the cable to your second port.  If it gets an IP be sure to label it eth0 or WAN.  Personally I always label my ports WAN and LAN to avoid confusion later.

Choose a hostname: DEMONET-SRV

Choose your timezone: timezone

Partition your Disks: Choose "entire disk" unless you feel comfortable partitioning. Select LVM support if you plan on adding more disk capacity later.

Please note: This configuration does not provide any type of RAID. I generally use hardware RAID cards so it is transparent to the operating system.

After some time the disk(s) will be formated the system will reboot and ebox will begin to download it's packages.

Create an admin user: demoadmin
Create your ebox password: not2forget
Ebox port: 443

Go get a cup of coffee....when you return ebox should boot up normally with a "demonet-srv login:"

Post Install:

Login using the "demoadmin" username and "not2forget" password.

Now verify your eth0 ip address:

Code: [Select]
#ifconfig
demoadmin@demonet-srv:~$ ifconfig

eth0    Link encap:Ethernet  HWaddr 00:30:48:b0:a1:20
          inet addr:192.168.1.81  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::230:48ff:feb0:a120/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:86 errors:0 dropped:0 overruns:0 frame:0
          TX packets:146 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:13536 (13.2 KB)  TX bytes:19600 (19.1 KB)
          Base address:0x4000 Memory:d0a00000-d0a20000

In this case the IP of the new ebox is 192.168.1.81

Setup LAN IP address:

Next, from a DIFFERENT computer log into the new ebox via the web interface:

https://192.168.1.81

If all you get is "It works!" then you do not have the https://.  Also, you will get certificate errors or warnings depending on your browser, ignore them or "add an exception" if you need to.

Login using the Ebox password: net2forget

Choose Network-> Interfaces from the Admin menu and select eth1 (LAN):

Name: LAN
Method: Static
External: unchecked
IP Address: 192.168.1.1 (Don't worry if you are behind a router with the same IP, it won't matter at this point...nothing is plugged into the port)
Netmask: 255.255.255.0

Select "Change"

Select "Save"

Select "Save changes" in red. (Click the green arrow on any file change requests)

Finally,select "Summary" from the menu and you should be able to verify you LAN interface with the 192.168.1.1 IP address.

Setup NTP

Select Module status->ntp"checked"
System->Date/Time->Time synchronization with NTP servers-> Enabled

Setup DNS

DNS->Add new

Domain: demonet.lan

Active DNS:

Module status->Domain Name System "checked"

Setup DHCP

DHCP->MenuSelect: eth1

Common Options:

Default gateway: eBox
Search doamin: eBox's domain:demonet.lan
Primary nameserver: local eBox DNS

Select "Change"

Under "Ranges" select "Add new"

Name: Workstations
From: 192.168.1.100
To: 192.168.1.150

Select "Add"

Activate DHCP:

Module status>dhcp server "checked"


Setup users and groups:

Groups-> Add group

Group Name: Staff
Comment: Demo Staff

Select "Change"

Users--> Add user

User name: test
Full name: Joe test
Comment: test
Password: not2forget
Group: Staff

Select "Create"

Activate users and groups and file sharing

Module Status->Users and Groups "checked"

Setup Windows File sharing

File Sharing-> General Settings

Working Mode: PDC
Domain Name: DEMONET
Netbios name: DEMONET-SRV
Description:  Demo Server
Quota limit: 0
Roaming Profiles: Disabled

Select "Change"

Activate File Sharing:

Module status->File Sharing "checked"

Select the RED save changes to apply all the changes you made above.

Select "Save Configuration"



That completes the local services, we are now ready to let this server stand on it's own!

WAN Setup:

IMPORTANT: Begin by removing the eth0 cable used to configure your eBox on the local network.

Next, plug in a cross-over cable or a small switch connected to the LAN (eth1) port of your eBox to a local network desktop or laptop. This device should not be connected to any other networks other than the new ebox network (via eth1) at this point.

If configured properly your laptop/desktop will automatically get an IP address from the new ebox server (Most likely 192.168.1.150).

Now access the ebox server (from the client device) https://192.168.1.1

Select Network-> Interfaces>Tab:eth0

**ENTER YOUR ISP IP INFO HERE**

Name: WAN
Method: Static (Your ISP may be DHCP, but ebox works best with static addresses...DHCP will work though)
IP adress: 10.10.10.1
Netmask: 255.255.255.0
External: "Checked"

Setup a gateway:

Select Network-> Gateways

Select "Add new"

IP address (ISP provided): 10.10.10.2
Interface: eth0
Default: "checked"

Select "Change"

Setup Firewall:

This will allow all outgoing connections to the Internet. (eBox is secure by default, it is up to you how much access you want to give....for this example we will "allow all" outgoing connections)

Activate Firewall:

Module status->Firewall "checked"

Select Firewall->Packet Filter->Filtering rules for internal networks->Configure Rules

Select "Add new"

Decision: Accept
Source: Any
Destination: Any
Service: Any
Description: Allow all outgoing

Select "add"


Go Live

You can now safely remove your old Internet firerwall/gateway and plug you ISP ethernet into your eBox WAN port (eth0).  If you everything is correct, you should be able to access the internet and see you new server on the network.

I hope this helps.

-Jim

20
Installation and Upgrades / Serial port access for your ebox server
« on: December 14, 2008, 10:42:53 pm »
If you are like me, your ebox server is headless in a closet or a rack somewhere.  Generally you can access you server via ssh but sometimes networking is messed up and you can't access via IP.  Instead of hooking up a monitor and keyboard, you might want to access the old fashioned way - SERIAL!

Ubuntu switched to upstart so you have to create a file in event.d like so:

Code: [Select]
# /etc/event.d/ttyS0

start on runlevel 2
start on runlevel 3
start on runlevel 4
start on runlevel 5

stop on runlevel 0

respawn
exec /sbin/getty 9600 ttyS0
Assuming your serial port is is ttyS0...and you have a null modem cable, you can now access an ebox console for troubleshooting.  This works great for me since I always have my laptop handy.


21
Installation and Upgrades / Re: Untangle...wtf?
« on: November 10, 2008, 02:31:32 pm »
Thanks Isaac,

Apparently, I'm a bit late noticing this.

I agree with your boss 100%. Several weeks ago I did a preliminary evaluation of untangle as a possible replacement for numerous Sonicwall devices I have in service.  I never considered untangle as a replacement for my ebox servers...ebox does too many other things.

Untangle has obviously lost their way.  Sadly, this happens for too often.

Keep up the fantastic work eboxers!


22
Installation and Upgrades / Untangle...wtf?
« on: November 10, 2008, 05:58:28 am »
Tonight I stumbled onto something I found a bit troublesome....it pissed me off actually.  Untangle is actually bidding for google adds directly marketing against ebox.  Sure it's all business, but honestly, I thought we were playing on the same team here.

23
Installation and Upgrades / Re: openvpn speeds
« on: October 17, 2008, 03:13:15 pm »
Sounds like it could be a CPU issue, openVPN can chew up the resources, especially on older CPU's.  What do you have for processing at each end?

24
Installation and Upgrades / Re: Manually add samba users
« on: September 26, 2008, 03:16:15 pm »
Javi,

Wouldn't smbldap-useradd and smbldap-userdelete work just as well, if not easier for individual adds and deletes from the command line?

25
Installation and Upgrades / Re: General remarks and some help needed
« on: September 26, 2008, 01:25:19 am »
Gorden,

Sorry to hear things aren't working out.  Ebox is still in it's infancy, but very usable as long as you know what things can go wrong.  I have installed a handful of ebox machines at customers sites and they are working wonderfully...but are still "small issues"  Without knowing specifics of your configurations, it's hard to say why things are not going well.

My recommendations:

Tackle one issue are a time, and make sure you know the underlying technologies...vpn for example.

Post some specifics and diagrams of your network, the ebox developers are usually very quick to help out. 

Introduce yourself on IRC (#ebox on freenode).  It a great way to get help when you need it most.

Hope this helps,

Jim

26
Installation and Upgrades / Re: NT4 as BDC to Ebox PDC
« on: September 25, 2008, 02:27:18 am »
Short answer...No.   But you can configure samba to act as a BDC to a samba domain.  With any luck, Ebox will support a BDC option ...unfortunately, this not yet implemented.  You would have to manually edit your smb.conf.mas file  to make ebox a BDC.  Also, I'm not sure how making the BDC ldap server a "slave" will work with an running ebox config.

See this link:

http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html

Regards,

-Jim

27
dmeireles,

Those are actually some of the biggest issues you will see, especially on a ubuntu machine, Redhat handles ldap auth much better with a very simple authconfig interface.  In my experience, you must either change the device groups or add the user locally to the Linux workstation. Concerning your road warrior issue, I've been working on that...You can log in using cached credentials [1] and log in when away from the ldap domain.

[1] https://help.ubuntu.com/community/PamCcredsHowto

Please post any progress you make on this issue back to the forums, this is one apple that needs polishing.

-jim



28
Installation and Upgrades / Re: Windows 2003 AD accounts migrate to Ebox
« on: September 19, 2008, 03:44:26 am »
The domain's SID will change anyway, and you're going to have to re-associate all the machines to the domain (unless they are Win98,NT workstations), so don't get too bored about the password thing, 'cas that will be your minor problem...  :-[

I'm sure we are getting into unexplored waters here, but technically, you can change the SID of a SAMBA domain to replace an existing domain.

Code: [Select]
net setlocalsid
You would also have to batch import all your machines.  This is interesting and perhaps someday we could find the time to create a set of tools/scripts to migrate an existing windows domain.  It would be quite useful.

29
Installation and Upgrades / Re: Windows 2003 AD accounts migrate to Ebox
« on: September 13, 2008, 11:08:18 pm »

I tried export list via AD OU that only can list out user accounts but can't list out password. Is we need assign password again for 1,100 user accounts?


I didn't consider that part...looks like you might have to assign temporary passwords and flag each account [1] so they are required to change at first log-in.  I realize this probably isn't ideal, but it's easier than recreating all the user accounts. 

[1]man smbldap-usermod

30
Installation and Upgrades / Re: Windows 2003 AD accounts migrate to Ebox
« on: September 09, 2008, 06:04:01 am »
You can right click the "Users" folder in AD and 'export list...'.  Using this list you can format it and import via the ebox user import script [1]

[1] http://trac.ebox-platform.com/wiki/Document/HowTo/ImportUsersInBulk


Pages: 1 [2] 3 4 ... 6