Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - jcanfield

Pages: [1]
1
Installation and Upgrades / Backup Ebox configs to a USB flash drive
« on: November 16, 2009, 05:20:40 am »
Here's a quick HOWTO for backup up your ebox configs to a USB flash drive...

Step 1) Figure out what device to use by inserting your USB drive and issue this command:
Code: [Select]
dmesg
The output should look like this:

Code: [Select]
[ 2872.737494] usb-storage: device found at 3
[ 2872.737495] usb-storage: waiting for device to settle before scanning
[ 2877.725965] usb-storage: device scan complete
[ 2877.726716] scsi 6:0:0:0: Direct-Access     Ut165    USB2FlashStorage 0.00 PQ: 0 ANSI: 2
[ 2877.731153] sd 6:0:0:0: [sdb] 7897088 512-byte hardware sectors (4043 MB)
[ 2877.734889] sd 6:0:0:0: [sdb] Write Protect is off
[ 2877.734892] sd 6:0:0:0: [sdb] Mode Sense: 00 00 00 00
[ 2877.734894] sd 6:0:0:0: [sdb] Assuming drive cache: write through
[ 2877.745687] sd 6:0:0:0: [sdb] 7897088 512-byte hardware sectors (4043 MB)
[ 2877.746436] sd 6:0:0:0: [sdb] Write Protect is off
[ 2877.746438] sd 6:0:0:0: [sdb] Mode Sense: 00 00 00 00
[ 2877.746439] sd 6:0:0:0: [sdb] Assuming drive cache: write through
[ 2877.746441]  sdb: sdb1
[ 2878.303984] sd 6:0:0:0: [sdb] Attached SCSI removable disk
[ 2878.304006] sd 6:0:0:0: Attached scsi generic sg2 type 0

You will notice linux has recognized the device as /dev/sdb and the main partition is /dev/sdb1.

Step 2)  Edit your /etc/fstab and add this line:

Code: [Select]
/dev/sdb1       /var/lib/ebox/conf/backups      vfat    user,auto,exec,rw,umask=000     0       0
Step 3) Mount it

Code: [Select]
mount -a
Step 4) Make sure you can backup manually via System-->Backups


2
For those who are tired of typing in the https:// each time you access the admin page here a quick little trick to do a redirect:

Edit /var/www/index.html

Code: [Select]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Welcome to Ebox</title>
<meta http-equiv="REFRESH" content="0;url=https://<enter your ebox dns name here>"></HEAD>
<BODY>
Please wait while you are being redirected to the eBox administration page...
</BODY>
</HTML>


Ideally, ths should work via the .htaccess file, but I can't figure out how to make it work.  Anyone have any clues?  Here the .htaccess code that should work:

Code: [Select]
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

3
Installation and Upgrades / DHCP-> Advanced: 'next-server' needs work.
« on: January 12, 2009, 04:35:04 am »
I can't input a filename in the 'next-server' (Thin client section) using an ip address.  Ebox assumes I want to upload a file for some reason.

I Created a ticket:

http://trac.ebox-platform.com/ticket/1252

4
Installation and Upgrades / Ebox install HOWTO. (Part 1)
« on: January 06, 2009, 05:01:49 am »
INSTALL EBOX STEP by STEP

Ebox is a fantastic tool once it's up and running.  For some, especially those without much linux experience, installing ebox can be somewhat challenging. As a result, I've decided to write a quick HOWTO covering a typical ebox installation.

Prerequisites:

1 Computer or server (old or new)
2 Network cards (They will be referred to as "eth0" and "eth1")
1 EBOX install CD burned from ISO.
1 Active Internet connection (DHCP or static)
1 CD-ROM drive (Set as default boot device)

Assumptions:

This computer will act as the primary gateway for the local network
eth0 will be the WAN connection (Internet facing connection)
eth1 will be the LAN connection (Local Network) with an IP of 192.168.1.1
Ebox hostname will be DEMONET-SRV
Ebox will provide DHCP to the local network with a range of 192.168.1.100-150
Ebox Windows Domain name will be DEMONET
Ebox domain name will be DEMONET.LAN
EBox will allow all outgoing connections
EBox will provide DNS services for the local network
Administrator username: demoadmin
Administrator password: not2forget
Ebox Password: not2forget
Ebox admin port: 443

Initial Install:

Once you have successfully burned an ebox ISO, you are ready to begin installing.  Assuming you already have a functioning network in place with DHCP services, the easiest way to install is using DHCP from your existing network. No need to unplug that old linksys router...Not yet anyway.

Plug into your existing DHCP network via the WAN (eth0) port on the server. I know this seems backwards since you are on a local network, but it's easier to setup eBox from the outside->in than it is from the inside-> out.

Next, power-on and boot from the CD-ROM.  Select "Install Ubuntu Server" and answer the generic setup options until you are asked to choose a network interface to configure.

Choose eth0 -  If your network support dhcps it will automatically configure itself.  If it doesn't, perhaps your cable is actually plugged into eth1.  If this is the case, go ahead and move the cable to your second port.  If it gets an IP be sure to label it eth0 or WAN.  Personally I always label my ports WAN and LAN to avoid confusion later.

Choose a hostname: DEMONET-SRV

Choose your timezone: timezone

Partition your Disks: Choose "entire disk" unless you feel comfortable partitioning. Select LVM support if you plan on adding more disk capacity later.

Please note: This configuration does not provide any type of RAID. I generally use hardware RAID cards so it is transparent to the operating system.

After some time the disk(s) will be formated the system will reboot and ebox will begin to download it's packages.

Create an admin user: demoadmin
Create your ebox password: not2forget
Ebox port: 443

Go get a cup of coffee....when you return ebox should boot up normally with a "demonet-srv login:"

Post Install:

Login using the "demoadmin" username and "not2forget" password.

Now verify your eth0 ip address:

Code: [Select]
#ifconfig
demoadmin@demonet-srv:~$ ifconfig

eth0    Link encap:Ethernet  HWaddr 00:30:48:b0:a1:20
          inet addr:192.168.1.81  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::230:48ff:feb0:a120/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:86 errors:0 dropped:0 overruns:0 frame:0
          TX packets:146 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:13536 (13.2 KB)  TX bytes:19600 (19.1 KB)
          Base address:0x4000 Memory:d0a00000-d0a20000

In this case the IP of the new ebox is 192.168.1.81

Setup LAN IP address:

Next, from a DIFFERENT computer log into the new ebox via the web interface:

https://192.168.1.81

If all you get is "It works!" then you do not have the https://.  Also, you will get certificate errors or warnings depending on your browser, ignore them or "add an exception" if you need to.

Login using the Ebox password: net2forget

Choose Network-> Interfaces from the Admin menu and select eth1 (LAN):

Name: LAN
Method: Static
External: unchecked
IP Address: 192.168.1.1 (Don't worry if you are behind a router with the same IP, it won't matter at this point...nothing is plugged into the port)
Netmask: 255.255.255.0

Select "Change"

Select "Save"

Select "Save changes" in red. (Click the green arrow on any file change requests)

Finally,select "Summary" from the menu and you should be able to verify you LAN interface with the 192.168.1.1 IP address.

Setup NTP

Select Module status->ntp"checked"
System->Date/Time->Time synchronization with NTP servers-> Enabled

Setup DNS

DNS->Add new

Domain: demonet.lan

Active DNS:

Module status->Domain Name System "checked"

Setup DHCP

DHCP->MenuSelect: eth1

Common Options:

Default gateway: eBox
Search doamin: eBox's domain:demonet.lan
Primary nameserver: local eBox DNS

Select "Change"

Under "Ranges" select "Add new"

Name: Workstations
From: 192.168.1.100
To: 192.168.1.150

Select "Add"

Activate DHCP:

Module status>dhcp server "checked"


Setup users and groups:

Groups-> Add group

Group Name: Staff
Comment: Demo Staff

Select "Change"

Users--> Add user

User name: test
Full name: Joe test
Comment: test
Password: not2forget
Group: Staff

Select "Create"

Activate users and groups and file sharing

Module Status->Users and Groups "checked"

Setup Windows File sharing

File Sharing-> General Settings

Working Mode: PDC
Domain Name: DEMONET
Netbios name: DEMONET-SRV
Description:  Demo Server
Quota limit: 0
Roaming Profiles: Disabled

Select "Change"

Activate File Sharing:

Module status->File Sharing "checked"

Select the RED save changes to apply all the changes you made above.

Select "Save Configuration"



That completes the local services, we are now ready to let this server stand on it's own!

WAN Setup:

IMPORTANT: Begin by removing the eth0 cable used to configure your eBox on the local network.

Next, plug in a cross-over cable or a small switch connected to the LAN (eth1) port of your eBox to a local network desktop or laptop. This device should not be connected to any other networks other than the new ebox network (via eth1) at this point.

If configured properly your laptop/desktop will automatically get an IP address from the new ebox server (Most likely 192.168.1.150).

Now access the ebox server (from the client device) https://192.168.1.1

Select Network-> Interfaces>Tab:eth0

**ENTER YOUR ISP IP INFO HERE**

Name: WAN
Method: Static (Your ISP may be DHCP, but ebox works best with static addresses...DHCP will work though)
IP adress: 10.10.10.1
Netmask: 255.255.255.0
External: "Checked"

Setup a gateway:

Select Network-> Gateways

Select "Add new"

IP address (ISP provided): 10.10.10.2
Interface: eth0
Default: "checked"

Select "Change"

Setup Firewall:

This will allow all outgoing connections to the Internet. (eBox is secure by default, it is up to you how much access you want to give....for this example we will "allow all" outgoing connections)

Activate Firewall:

Module status->Firewall "checked"

Select Firewall->Packet Filter->Filtering rules for internal networks->Configure Rules

Select "Add new"

Decision: Accept
Source: Any
Destination: Any
Service: Any
Description: Allow all outgoing

Select "add"


Go Live

You can now safely remove your old Internet firerwall/gateway and plug you ISP ethernet into your eBox WAN port (eth0).  If you everything is correct, you should be able to access the internet and see you new server on the network.

I hope this helps.

-Jim

5
Installation and Upgrades / Serial port access for your ebox server
« on: December 14, 2008, 10:42:53 pm »
If you are like me, your ebox server is headless in a closet or a rack somewhere.  Generally you can access you server via ssh but sometimes networking is messed up and you can't access via IP.  Instead of hooking up a monitor and keyboard, you might want to access the old fashioned way - SERIAL!

Ubuntu switched to upstart so you have to create a file in event.d like so:

Code: [Select]
# /etc/event.d/ttyS0

start on runlevel 2
start on runlevel 3
start on runlevel 4
start on runlevel 5

stop on runlevel 0

respawn
exec /sbin/getty 9600 ttyS0
Assuming your serial port is is ttyS0...and you have a null modem cable, you can now access an ebox console for troubleshooting.  This works great for me since I always have my laptop handy.


6
Installation and Upgrades / Untangle...wtf?
« on: November 10, 2008, 05:58:28 am »
Tonight I stumbled onto something I found a bit troublesome....it pissed me off actually.  Untangle is actually bidding for google adds directly marketing against ebox.  Sure it's all business, but honestly, I thought we were playing on the same team here.

7
Installation and Upgrades / Add-On: FreeRadius request.
« on: December 28, 2007, 10:02:33 pm »
FreeRadius reconfigured to the LDAP backend would be great.  This will allow radius authentication to the user database as well as allow for mare advanced EBOX features such as 802.1x authentication.

http://vuksan.com/linux/dot1x/802-1x-LDAP.html

 

8
I don't see much documentation on this, so I though I would write a quick HOWTO to join a linux box (ubuntu in the case) to an ebox samba domain. This is intended to be a rough draft, please feel free to add to it, perhaps we can find a more appropriate place like the wiki soon.

SERVER (EBOX):

1.  Create a user with admin rights (Ex: admin)....remember the password! :)
2.  Enable Samba as PDC
3.   Gather the following info:

      Base dn:  dc=ebox
      Admin dn: cn=admin,dc=ebox
      Admin Pass: ebox2611130574  (This may vary...verify in /etc/ldap/slapd.conf)
      Domain Name:  EBOX (Whatever you set it  to when you setup Samba as PDC)
      Ebox Server IP/hostname:  192.168.1.1  (If you setup dns a hostname.domain would be better but an IP will work)

Client (DESKTOP-PC):

1.  Install samba, ldap, etc...see ubuntu instructions: 
     https://help.ubuntu.com/community/LDAPClientAuthentication

2.  copy your old smb.conf to a safe place
Code: [Select]
cp /etc/samba/smb.conf{,.orig}
3.  Edit smb.conf.  Erase everything and add the following:

Code: [Select]
[global]
        unix charset = LOCALE
        workgroup = EBOX
        security = DOMAIN
        log level = 1
        syslog = 0
        log file = /var/log/samba/%m
        max log size = 50
        smb ports = 137 138 139 445
        name resolve order = wins bcast hosts
        printcap name = CUPS
        wins server = 192.168.1.1
        ldap admin dn = cn=admin,dc=ebox
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Idmap
        ldap machine suffix = ou=Users
        ldap suffix = dc=ebox
        ldap user suffix = ou=Users
        idmap backend = ldap:ldap://192.168.1.1
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind trusted domains only = Yes
        printing = cups
        print command =
        lpq command = %p
        lprm command =

4. Test your new config.
Code: [Select]
#testparm
...you should see
Code: [Select]
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER

5.  Restart Samba.
Code: [Select]
/etc/init.d/samba restart

6.  Join the domain
Code: [Select]
net join -U admin
Password:  [admin password]
You should then see.
Code: [Select]
Joined domain EBOX

7.  That's it...welcome to the EBOX domain!

 

9
Installation and Upgrades / Big thanks!!
« on: December 18, 2007, 12:26:53 am »
I just wanted to take a moment and tell the Warp guys know how much I appreciate your work.  Adding this forum will be a great help to many I'm sure.  I've been watching e-box evolve for quite some time...it's fantastic!  I'll try to do my part and help here on the forums. 

Thanks again,

Jim

Pages: [1]