Sunday, September 7, 2008

SME Server install

Just so you don't think I'm dead or something :-)

I installed SME server on that same box that eBox choked.

Even though SME suggests a minumum of 256 meg, it installed and so far is running fine on just 128. Now, I'm not using it for much more than DNS and a firewall at the moment, so I won't be suprised if it keels over when I add a few services, so far so good!

Here's some notes I made during the install. Kind of stream of consciousness stuff - hope it's at least somewhat understandable.

It has no config questions at all, not even partitioning, without passing options to kernel! Come to think of it - no questions about hostname or primary eth or anything!

I found out later (yeah I know RTFM!) that it does automatic software RAID. If you have two drives it does RAID 1, three drives RAID 5 and four or more drives RAID 6 - all on it's own. That seems to be kind of indicative of the way SME is done. It has a number of nice touches like that which are really neat if it's what you want, but a bit disconcerting if you want to do it all yourself.

Turns out that all the configuration happens *after* the install is complete and it runs a config stage.

First question on reboot was do you wish to restore from backup? Cool idea - hope it only happens on unconfigured box :-P

Second question is admin password. It didn't like my choice (which surprised me - it's over 8 characters and contains a mix of letters numbers and punctuation!) I tried a bunch of variations, and it didn't like any of them, including a really ugly sucker. There's got to be a bug there! Made a note to check on later. Oddly, it doesn't ask for an administrators username, just the password.

Again, after the fact I found out why. If you log in as 'admin' it puts you straight into an 'admin' console with predefined choices for reconfiguring, viewing system info etc etc. You have to log in as 'root' to get a real shell. Both users are set up with the same password.

Third question was server and gateway, private server and gateway or server only. Private means no WAN side services.

Dedicated network or dialup - cool option for those of us rural types that understand high speed networks aren't universal!

The next question was which eth card is which. In my case it correctly indicated that both cards (although different models) use the same driver. Good info, but then it gives you nothing to determine which card it thinks is which. It doesn't identify by model or MAC which is eth0. The options were labelled 'Normal' or 'Reversed' with eth0 marked as the local interface, I took a guess eth0 was the on board NIC and got lucky.

Next question is dchp or pppoe or static - has account name as identifier option for dhcp, or MAC address.

Next question is dyndns provider if desired - cool! Prompted for details including password. In my case it's not working :-( It's probably because it's 'WAN' interface is behind the modem we reconfigured as a NAT router. As a result the WAN IP is still a private network IP, and DynDNS probably rejects those. I didn't see anyway to tell it to use an alternate script or whatever to determine the proper IP address using the provided web interface or admin console. It's probably easy enough to change directly in the /etc config info - I'll just have to go looking.

Next question is dhcp on lan yes or no and range of numbers to provide.

Next question is specified DNS server or not, with the note that you shouldn't use your ISP's DNS server as it's not required. It made me wonder if SME server has the updates for the DNS issues that were big news last month. Another note to go look for stuff....

Save config and it 'activates changes' which looks like changing run-levels.

Noticed 'activating Smolt weekly checkin' - Google shows
Smolt is developed to collect hardware profiles from end users in a opt-in method.

Now I know how SME server has such good user stats. I bet if I read the install manual I'd get the 'opt in' option somehow too :-)

On the whole, it's really a predetermined design, the admin just fills in the blanks.

I had to finally read the manual to get to the web interface. Turns out the default apache page is just an 'under construction' banner, while the management page is at hostname/server-manager/

Not sure if that's an attempt at security thru obscurity...

I also noted the hardware requirements mentioned there are minimum 400Mhz and 256 meg of ram, recommended 1.5Ghz and 512Meg. It's running OK with just 128 so far though!

As it stands, I've configured static IP address thru DHCP (fixed leases) and set host names for all the devices on my LAN. It's a straight forward operation using the web interface, but a little clunky since there's no easy way to get the MAC address from the interface to plug back into the interface. IPCop has a nice option to turn a regular DHCP lease into a fixed lease which means you don't have to resort to cut and paste between an ssh session and the web interface.

I've had a couple of small issues, most of them self inflicted. One of my ethernet cables has a broken lock tab, so it was on the edge of connecting or not connecting depending on how it felt - even though it looked fine.

I also found out that running downloading a couple files via bittorrent seems to completely saturate my (fairly anemic) upstream. It got so bad that DNS wasn't resolving before the PCs gave up trying, so it looked like everything was down, when in fact it was just really really slow. I had some really simple traffic shaping set up on the IPCop box - looks like I'll have to see about adding that to SME as well. I see there's a plugin for it available in the contrib section which is promising.

One other frustration has been the modem as gateway. It works, but that interface is clunky and confusing. I haven't quite decided what to do about that yet.

SME server is certainly a solid solution for a small LAN - especially if you want to leave it in the hands of say a 'Windows Power User'. It's been designed to be easy to use, while retaining some powerful features.

All in all, this blog really hasn't worked out as intended - I figured I'd have the time to get this setup way way down the road from where it's at now. With a busy fall looming, don't expect me to get back to daily entries soon, but I am carrying on, even if it doesn't seem like it.

Before I go on to hardware that eBox and Ubuntu will run well on, I'm going to at least fix DynDNS, install Dan's Guardian or similar and some traffic shaping on the SME server and see how that plays out.

1 comment:

  1. Well SME is indeed very nice, easy to configure, and very reliable too, from my experience.

    About the password problem you have to use a minimum of 8 characters using at least one small letter, capital letter, number, and special character (ie '_').

    Also its configuration is different from the standard linux distribution. It stores its settings in a combination of mysql databases and file templates - meaning if you do manual change to a config file it will be lost on the first server upgrade. To get the hang of it you really need to browse the manual or the forums.