Jan 28, 2010

Linux Server setup, start to finish, using Webmin! Please leave a comment.

You can find this how-to and many others, on my webpage, at ...
http://woodel.com/

374 comments:

1 – 200 of 374   Newer›   Newest»
A_Wake said...

Wow
Why hasn’t someone done this sooner. Probably the most complete PDF I have ever downloaded, a must have, Thank you!!! This must have taken months to assemble if not years. Donate people, Donate!

KevinTheComputerGuy said...

Thanks for the nice words everyone. You could say it took ... awhile ... :- )

ComputerDude13 said...

Why not use a paid product like Windows, that has real support. Or even Macintosh, which is full GUI and Linux underneath?

KevinTheComputerGuy said...

Hey ComputerDude, im glad you asked that. Best answer = to each his own. I am a huge Windows fan as well, im posting this answer from a Windows machine. I have done a few $100k+ setups, and you can save yourself (on a project like that) around $5,000 on licensing by going with Linux. And you can usually get away with using slightly older (less expensive) computers, virtual RAIDs, SSH Tunnels, OpenVPN, etc… This can mean getting paid a lot more for the same job.

I don’t weigh in too heavily on which one is more secure. I find Linux boxes are locked down tight, and you have to open them up. And I find Windows to be wide open, and you have too lock them down. Just chose your poison, seal up all the entryways, and your good to go.

Never been a Macintosh fan, but they are getting close. Now that they are Linux under-neath I like it more. But I still find myself launching a terminal window every time I am on one, so why pay the difference. I have to admit they have come a long way, but still not a fan, and still too pricey.

Some of the things I love about Linux is I can backup a programs settings by copying one file, and share those settings with you by showing you the contents of that one file, and you can copy and paste those settings into your system. Whereas in Windows I have to do a bunch of print-screens and right-clicks here, and properties there, and checkboxes here, and such, to edit the settings. It’s just really hard to share that information with others. I find I have to make an entire image of the computer if I want to keep the settings.

But then again Windows is getting better all the time. Choose your poison, and cross your fingers. I feel Windows gets a bad rap because people surf the internet from their Windows servers, and use their server as a desktop. You should never surf the internet from a server. Linux makes that a pain to do, so your less tempted to try.

I use them all, Linux makes me more money. I have never had a Linux box fail that wasn’t a hardware problem. I’ve also built some bullet-proof \ amazing Windows boxes. An extra $10k in your pocket can buy a lot of penguin stickers
:-)

Anonymous said...

There are several great products for Windows and Mac out there, but the first "disadvantage" is their price, not to mention that most of these programs are not as stable and secure as Linux. For a started or novice, a Windows/Mac solution will work ok, but when you need a serious solution, Linux is the way to go.

KevinTheComputerGuy said...

Well said Anonymous, i agree. Once your done playing around and ready to get serious, go visit the penguin. :- )

KevinTheComputerGuy said...

Hey ALL-

I re-formatted the document to be more screen friendly, and did a few updates.

Anonymous said...

I like the new format, great job all the way!

A_Wake said...

I am having problems getting the website passwords to work, I get an error everytime I add the password file, any ideas? Thanks!

KevinTheComputerGuy said...

Hey A_Wake-
Did you make the two changes that read
AllowOverride AuthConfig
In the apache config file (example on or around page 174) and have you rebooted and or restarted apache

If so then its probably the path to your password file. The module won't create folders for you. (only files)
So if you wanted to make a password file of /options/kevins/.webpassword

Then the folders /options/kevin/ would already have to exist before trying to create the password.
Or you will get an error.

It’s probably one of those two things, let me know

A_Wake said...

Thats was it! The second one. THANKS!!!

KevinTheComputerGuy said...

Excellent, glad it worked. Its usually one of those two things.

Anonymous said...

Kevin: Thank you so much for this guide. It has to be one of the very best server guides around. I will be donating shortly. You've done a man's job, my friend.


Mark.

KevinTheComputerGuy said...

Thanks Mark! Thats just awesome. I uploaded a new version today (3.67) I fix some typo's and made the firewall stuff a little easier on the eyes. If its not too late, toss the old one and downlaod the new.
thanks again
-Kevin

A_Wake said...

Hello everyone, I had WakeOnLan working GREAT and it just stopped working??? any ideas???

KevinTheComputerGuy said...

A_Wake, If you have two Network cards, try the longer command on the bottom of page # 407.
Make sure eth"x" is eth_safe. Thanks \ let us know

A_Wake said...

That was IT!!! Page 407. Dont know how i missed that the first time around, thanks again Kevin!!! this howto is the best around!!!

KevinTheComputerGuy said...

Hey guys-

I posted a new version. 3.69
http://woodel.com

-From a connecting client view, Ubuntu's Nautilus windows has like 10 ways of connecting to SAMBA shares, all with different results, so i pasted in a few screen shots in the how-to of how you can connect to them the best. it covers Windows, Ubuntu, and MAC clients.

-The routing part of the how-to forgot to mention you need a static ip for a few of the configuration steps. (fixed)

-Kev

Anonymous said...

Guide 3.71, Page 238 refers to usermin download. However, I only get 404 errors. I also searched Sourceforge and came up empty.

I am going through this guide page by page and installing everything.
Stuck here now!

Mark.

KevinTheComputerGuy said...

Hey Mark
Did you try using the link to my server instead, page 237.

let me know
-Kev

Anonymous said...

Yep. That worked. Thanks. I did notice on the Webmin website that Usermin version 1.5 is available.

Mark.

KevinTheComputerGuy said...

Hey Mark-
Im glad that worked, thanks!
-Kev

Anonymous said...

Kevin, it's Mark again. Hi!
I have a problem with netbios browsing. I have just completed the the samba section of the tutorial; I'm at page 359. Before I started the samba section, I could browse by netbios name to the server. Now, after completing this section, i can only get to the server by IP address. This is on my linux box. On one of my Windows 7 boxes I can get to the server by netbios name. What did we do to destroy my ability on Linux to browse by netbios name?

Thanks,
Mark.

KevinTheComputerGuy said...

Hey Mark
Awesome to hear from you. I have this problem all the time, and it never seems like its the same fix, so this might take some time. Back on page 9, did you choose .diy.lan ?
If yes try using the full computer name of thatcomputersname.diy.lan
Let me know if that works, it could also be as simple as putting all your computers in the same workgroup. (diy.lan)
Seems like everytime i have this mastered, i run into it again. Later on in the how-to we setup an actual DNS server, and that fixes everything. Anyway, let me know, 20 fixes come to mind
-Kev

n6yga said...

Kev--

I changed the samba module to be WORKGROUP because Windows 7 is so damn hard to change the workgroup name. Yes, adding a DNS server will fix all the browsing issues I think. I did not know that the tutorial included a DNS server! Very cool.

Will continue my studies...

Mark.

KevinTheComputerGuy said...

Hey Mark-
Let me know if you choose not to complete the DNS server portion (there are a few scenerios where you wouldnt) and we can revisit this. Its fixable, I run into it all the time.
thanks Mark
-Kev

Anonymous said...

Kevin,

Awesome How-to!! I am very new to Linux, I have just set up my second server and stumbled upon a link in Ubuntu forums to your site. This is great, I am amazed at what Ubuntu servers can do!! I have learned so much. I have just gotten to the end of the basic part, not sure yet if I will go on, we'll see. There is so much more to learn.

Mark F

KevinTheComputerGuy said...

Hey Mark F.
Thats awesome, I too am very impressed by the whole Debian \ Ubuntu Linux family. Amazing stuff!!!
Thanks again, Keep up the good work.
-Kev

Anonymous said...

Hi Kevin,
My name is Mika, and I am having troubles installing Webmin. When running dpkg -i webmin.version.deb I keep getting this error: **dpkg: dependency problems prevent configuration of webmin:
webmin depends on apt-show-versions; however:
Package apt-show-versions is not installed.
dpkg: error processing webmin (--install):**
Any ideas? Great how-to by the way, how long did this take you? more people should take the time to do this. Thanks Kevin. -Mika

KevinTheComputerGuy said...

Hey Mika-
It looks like the error is telling you dont have apt-show-versions installed. so do this command.
apt-get install apt-show-versions.

It may automatically finish the webmin install for you once u do that, or you may have to do this again.
cd /options
dpkg -i webmin_1.510-2_all.deb

if that still doesnt work. run this command
apt-get -f install

A combination of these commands should fix all of that for you. Lets us know.

PS. I can tell you why more people dont do guides like these... this one took me two years :- )
Keep us updated, thanks again.
-Kev

Anonymous said...

Hi Kevin,
Mika here again. That worked like a charm! Thank you so much!! I never could get that to install before, thanks again for your help with all of this. Two years... that is a huge contribution to Linux, wow! Thanks!! -Mika

Anonymous said...

Kevin,
I upgraded my Ubuntu server 8.04, to 10.04. I did the how-to on it first to learn, as I said I learned loads. I am at pg 92 and trying to edit the /etc/modprobe.d/ I find, I do not have the file /aliases. I will skip for now, let me know if you think.

Thanks again,

Mark F

KevinTheComputerGuy said...

Hey Mark F.
Good work. This is a total guess, I am a Debian guy, but maybe Ubuntu has moved away from it. Do you still have a /etc/modprobe.d/blacklists file?
That one is pretty good at blocking IPv6 as well. Let me know if you have that blacklists file, and if editing it stops IPv6, and i will look into if Ubuntu did away with the aliases file in newer versions.
Keep us updated. The how-to is up to verion 3.79 if you dont already have it, its up on http://woodel.com
-Kev

A_Wake said...

I just finished the advanced section. Do it people, its worth it 100 fold. Kevin i hope you get $100 million dollars in donations. I've donated $800 myself. There is nothing like this out on the web. There is not class that can teach you this, there is no book that can teach you this stuff. I hope you make MILLIONS... thank you so much!!!

Anonymous said...

Kevin,

Yes there are five. Blacklist.conf, -ath_pci.conf, -firewire.conf, -framebuffer.conf, and -watchdog.conf. I looked at all five and Ipv6 is not listed in any of them.

BTW it was in 8.04, this 10.04 is the newest release, I'm hoping to use this a couple years, the support was what I considered.....already need the newest release of the How-to, I have 3.77.

Mark F

KevinTheComputerGuy said...

Hey Mark F and A_Wake -

I did a little research. And Ubuntu 9.0.4 and above got rid of aliases. And added dot conf (.conf) to the end of all those files. You can add your own aliases.conf file, and it will respect it at startup. But i would say that isnt needed. In the blacklists.conf just add the line blacklist ipv6 as seen in page # 94 of my latest pdf and reboot and let me know. That should handle it. I wouldnt trouble yourself making an aliases file, seems like too much work for the results. Keep us updated.

*A_Wake, thank you for the donation!!! always too generous!!! thanks again
-kev

The Codfather said...

Hi Kevin
This my 1st attempt at setting up a linux server and found your tutorial brilliant.
However I have an error on start-up of the server.
The line reads :-
starting DHCP server: dhcp3check syslog for dianostics. failed! failed!
How do I fix this please ?

KevinTheComputerGuy said...

Hey Codfather
Thanks!
That isn't actually an error. It installs but doesnt start until you configure it. That is covered later in the how-to, and will take that message away. It's just telling you it didnt start, all is good at this point in the guide.
Keep up the good work.
-Kev

The Codfather said...

Hi again.
Where in the how to is the bit, or how do I make it that when I browse to my site eg.
www.mysite.com i get my home page, as oppossed to typing www.mysite.com/jdoe/.
in other words I want to get my home page from just :- www.mysite.com.
Thanks in advance.

KevinTheComputerGuy said...

Hey Codfather-
Never a problem.
The configuring of the DHCP server is in the advanced section. Page 5 in the HTML version or page 430 in pdf version 3.81

There are a few reasons why you might not do the advanced section, when you get that far, and if you decide to not do it, write me back and I will tell you how to remove the DHCP server, so you won't see that warning anymore. But feel free to ignore it for now, it isn’t an error, its just letting you know it didn’t start.

To answer your website question. If you want your user jdoe to be the default webpage, go to page 219 in the pdf version 3.81. And you can fix it one of two ways. If you’re the only user on the system, change the line that says.
DocumentRoot /mymounts/vraid/users/xhomes
To
DocumentRoot /mymounts/vraid/users/xhomes/jdoe

And #comment out the RedirectMatch line

Or the other way to fix it, is the use the RedirectMatch line to redirect to /jdoe/ instead of /no_auth/

Either way will fix it, if you’re the only user, number one will make more sense.
Keep me updated
-Kev

The Codfather said...

I have reached the advanced part, and have decided to stop there.
Every thing is working great, I just now need to find out how to add cgi, mysql and mysqladmin.
I also have to do the updates, but was leaving that until after you had replied to this post.

KevinTheComputerGuy said...

Codfather-
Congratulations, that’s great!
The command your looking for, to remove the DHCP server is
apt-get remove dhcp3-server

Then reboot, and you should see that warning go away.

Then you can do a
apt-get update
followed by an
apt-get upgrade

And that will update everything except Usermin and Webmin. You can upgrade those by clicking on the Webmin and Usermin Modules while logged into Webmin, and choose Upgrade Webmin
And then
Upgrade Usermin

You should then be all updated. Just remember to not do anything confidential as user jdoe
He is an example of a user who’s home directory is exposed to the internet, as webspace. Only use him for public things such as public webpages.

For confidential stuff, make sure you using a user above the xhomes directory, and only logging in with that user via something encrypted, like webmin or putty. Or Samba internally, like behind your firewall. And using the Upload and Download Module and or File Manager to move those file around.

Keep up the good work, keep us updated.
-Kev

Bob said...

Kevin,
U prob heard this a milion times, AWSOME WORK!

Now on to my problem, I've followed your install
3 times ending at basic setup. I'm very new to this. I have a domain setup example1.net
I've also with the place I registered example1.net at created the nameservers
ns1.example1.net and ns2.example1.net
On 8 other domains I changed the name servers
on them to ns1.example1.net and ns2. they do work
they have been setup for weeks now, so they have propigated.

Like I said I fairly new to this, but I'm not sure hw to add the other 8 domains to webmin, in apache2 I would simply edit the config file.

Did I miss understanding a step? sorry but anything U could advise me on to get these domains up and running would be greatly appricated I'v bendown for far to long, and
really do not want to go back to using ISPConfig3, its way to complicated with no doc's

Thanks Kevinand again AWSOME work on that tutorial/Doc your a credit to your profession and I hope to her much more from you in the future.

P.S. I eventually plan on providing hosting. And now I'm off to reinstll all over again just finished debian 3.0.4 I like graphic desktop, so I'm installing standard sys with desktop enviroment. ALSO I have 1 other system I plan to install and make ns2. I also am considering the advanced setup, but I need to upgrade the EQ. Both systems have 1.7ghz 1gb ram, and two hds one 40gb and one 80gb so space is an issue with reguards to using VMware. anyway any simple quick tutorial thatsays hey dummyre read it aginor hey dummy do thsi would be greatly appricated, and again THANK YOU for what you do!
Bob

KevinTheComputerGuy said...

Hey Bob-
Thank you for the kind words, it never gets old.

I don't exactly understand your question. Your not talking about Bind9 and DNS right? because you haven't done the advanced section.

So i think your question is you want to use this one server to control 8 other servers, is that your question? If so, do the other 8 have Webmin installed on them as well?

Sorry for the confusion, let us know, and thanks again
-Kev

Bob said...

I am makingmy server ns1.example1.net
but I have 7 other domainnames registered
www.example2.com
www.example3.com etc... and I want to turn
ns1.example1.net into a server that will host these other domains. So I registered example1.net and created A records NS1 and NS2 pointing to my IP I thin went to all the other 7 .com's and changed the nameservers to ns1.example1.net and ns2.example1.net

So I want my linux box to be a nameserver to host web donain names. Like if you were looking for a hosting company for woodel.com you could go to my site (Linux box) and I could set it up in webmin to host it, I'm not exactly sure how multi-domains is setup in Webmin can U help? thanks
Bob

Bob said...

Ok Kev - Sry I bugged U, But webin wiki was down, its finally back up, and Ifound the answer I needed, I guess I need to instll Virtulmin - I'm going to give it a shot and hoefully all the configs I did in the basic setup will work am alittle worried about the no_auth and setting up Virtualmin but here goes nuttin hehe thanks again, I'll be watching here pretty much on the hour, thanks again so much!
Bob

Anonymous said...

I think Kevin's guide goes on to use dyndns.com custom DNS. I use it too. Its $35 a year. But worth it to me.
-Steve

KevinTheComputerGuy said...

Hey Steve \ Hey Bob

Steve
Yes, i totally use dyndns.org Custom DNS. Good Stuff! thanks.

Bob
Your never bugging me. I don't have any Virtualmin experience, but it sounds amazing, keep us updated on your experience. Everything Webmin makes is awesome, so i assume we will be hearing good things from you soon.

-Kev

Anonymous said...

Kevin, thanks for this great tutorial/instructions!!!

I have not gotten very far yet but ran into issue when I updated my browser on my Mac to do Webmin - it was working the night before and then after I restarted Mac in morning the update caused loss of security cert. but did not request new info so I could not use File manager even after updating the java console.

After searching I found solution which might be interesting for other Mac users - clear the java cache on computer you are using for Webmin (Mac for me):

/users/users/"your user name"/library/caches/java/cache

(I renamed the old folder to cache_old and created new/empty cache folder on Mac computer - just in case, didn't want to delete anything in case it was needed - I am somewhat of a file hoarder :).

"The mad professor"

PS - love the Pinguin - I am pretty green regarding unix/linux but so far I really like it

KevinTheComputerGuy said...

Hey Mad Professor-
Thanks for your post, thats really good info !
keep up the good work!
-Kevin

Anonymous said...

Oops, just realized - I put users in the path for the java cache files twice - please disregard - the path should only be

/users/"your user name"/library/caches/java/cache

And I got to get going - this server has to be up and running by beginning of semester - wish me luck.

The Mad Prof

KevinTheComputerGuy said...

Hey Mad Professor-
Thanks again, thats some good info.
I feel your pain, I work at a school too. Let me know if you get stuck.
-Kevin

Rosalind said...

Hi Kevin I have been following your tutorial and so far things are going OK.

Ubuntu 10.04 server as guest on VMware on XPPro host.

But couple of thhins seem not to be working.

This is the result of ethtool eth0
> ethtool eth0
Settings for eth0:
Current message level: 0x00000007 (7)
Link detected: yes

and when looking at read user mail I get this

None of the supported mail servers (Exim, Qmail, Postfix and Sendmail) were detected on your system. You will need to adjust the module configuration to set the mail server and possibly mail paths manually.

but if I look in the modules they are there.

Looking forward to your response.

Rosalind

KevinTheComputerGuy said...

Hey Rosalind-
Im glad to see your trying it out first in VMware, that’s smart.

So you can ignore the speed and duplex part of the how-to.You’re using VMware, so there is no physical NIC for Linux to auto negotiate.
It gets it right no matter how your setup, so for anyone using VMware, ignore the speed and duplex section. That’s a good point, I will add
A blurp about that in the next version.

As far as the email, the guide was built using Debian, which has Exim by default, try running this command.
apt-get install exim

and answer all the questions as local email. If it says it already there, try.
apt-get remove exim

Then after it removes it do.
apt-get install exim

that might fix it up I will try it later myself, from Ubuntu, just to make sure it works. There was one time I had to tweak the read user mail module, but hopefully that’s not the case, im 90% sure that install will fix you up. Keep us updated, and keep up the good work. Im a huge VMware fan myself, I used it to make the guide, makes screen shots super easy.
-Kevin

Rosalind said...

Hi Kevin,

Thanks for the quick response.
VMware is making use of an older computer that it doesn't matter if I have to wipe everything. Other than security there is nothing else on it. Basically a test computer.

I ran apt-get install exim but it said Package exim is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
exim4-base
E: Package exim has no installation candidate
I installed exim4-base but still it says not detected on the system.

Rosalind

KevinTheComputerGuy said...

Hey Rosalind-

Try this. Open Webmin, navigate to the module
Servers > Read User Mail

Click on Module Config at the top middle of the screen.Scroll way down, under System Configuration.

Change “Mail Server Installed” to either EXIM or Detect Automatically.

Apply it, reboot, and let us know
Thanks again
-Kevin

Rosalind said...

Hi Kevin,

It was set to detect automatically, so I changed it to Exim, still the same. Changed it back to auto and still the same.

Rosalind

KevinTheComputerGuy said...

Hey Rosalind-
I setup a Ubuntu box for you, and i think i have it figured out. Set the module back to auto.

Then do
apt-get install exim4

That should fix it. When you do commands like install exim4-common and exim4-base, it only grabs those single packages, but when you do apt-get install exim4, then it goes and gets the entire thing.

I tested it, and it working now.
Try it and lets us know.
-Kev

Rosalind said...

Hi Kevin,

Thanks, that works!
Hopefully I learn more by it not working straight away. Now back to the tutorial as well as trying to configure a drupal multi-site installation.

Rosalind

KevinTheComputerGuy said...

Hey Rosalind-
Awesome! glad it helped.

Yes, you will run into a few issues because its Ubuntu, not Debian. But they are just speed bumps, not road blocks. Since your using VMware, you should also follow it in Debian, and master both.

keep up the good work
-Kevin

Jon said...

Kevin,

You're the man...I've already learned so much just from delving into the first half of your guide. It's really quite exciting.

I've followed step-by-step, and I've encountered a minor problem. Page 308 shows a screenshot of the Samba file share list. In the security column, your screenshot shows "Read/Write for all known users". Mine shows Read Only for all known users". It seems like file permissions are absolutely critical, so I want to make sure I have this part done correctly. I started again at the beginning of the Samba section, and restarted Samba, but I'm still getting the same result. Any ideas?

KevinTheComputerGuy said...

Jon-
Thanks man!
Go to http://woodel.com and download the newest pdf (ver 3.83)

I think we are looking at different versions because my page numbers dont line up with your question.

If i had to guess whats causing that though, i would say it one of the two places where we set the "defaults" permissions for all shares. But if we get on the same page numbers I can totally look closer.

thanks again \ let me know if that was it and or the new page number where you see a difference between yours and mine.

-Kevin

Rosalind said...

Hi Kevin,

This time I am having problems with ftp.
I have made the necessary changes to vsftpd.conf and created the new user "uploadman" but when I type in ftp://192.168.1.16 I get ftp folder error Windows cannot access this folder. Make sure you typed in the folder name correctly and that you have permission to access the folder.
Details
A connection with the server could not be established.
If I http the same then I get the index which shows my drupal folder. is there a conflict?

Rosalind

KevinTheComputerGuy said...

Hey Rosalind-
I think you were the one using VMware right?
If so, you have to choose “bridged networking” for the VM NIC.(that’s a VMware setting, not a Linux setting)

I get the impression by that IP address that your using bridge, but I’m just double checking.
Also, did you reboot yet? That error sounds like vsftp isn’t listening yet, most common reason is the service isn’t running. After you make those changes to the vsftpd.conf file you have to reboot (or restart vsftpd, but rebooting is easier for now)

If you are already bridged and already restarted, let me know if you can ping the Linux vm from another computer on your network. (Using VMware you get to cheat a little bit because you can talk to it without the networking working, as that player view is local to your VMware box)

Also, what client are you using? Windows Explorer? (Not to be confused with Internet Explorer) FileZilla? WSFTP? … etc…
Some clients don’t handle the anonymous part correctly and want you to type ftp://username@192.168.....
In your case ftp://uploadman@192.168........

If all that still fails post the contents of your vsftpd.conf file (this is easy to copy and paste from the Webmin File Manager edit view)

And also let me know the path to your user uploadmans home directory, this will tell me if you missed a huge step.

Anyway, try all that and let me know. Keep up the good work
-Kev

Rosalind said...

Hi Kevin,

Yes it is a bridged network and I can ping it from the computer I am using to remote access which is a Windows7 machine and the client is Windows Explorer. I also have cuteftp but not managed to access it with that either.

/home/uploadman/ but wondering whether it is in the right place because http://192.168.1.16 takes me to /home/rosalind/drupal/ which is set in one of my other configuration files.

Thanks for your times...Rosalind

Having problems sending the file because of the size!!

Rosalind said...

# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Run standalone with IPv6?
# Like the listen parameter, except vsftpd will listen on an IPv6 socket
# instead of an IPv4 one. This parameter and the listen parameter are mutually
# exclusive.
#listen_ipv6=YES
#
# Allow anonymous FTP? (Disabled by default)
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
file_open_mode=0755
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in your local time zone. The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#

Rosalind said...

# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20= YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to youngros FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Debian customization
#
# Some of vsftpd's settings don't fit the Debian filesystem layout by
# default. These settings are more Debian-friendly.
#
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
listen_port=21

KevinTheComputerGuy said...

Hey Rosalind-

(Sorry, I didn’t know it would break up the posts like that)

From what I could see it looks like you enabled ssl and ftps (towards the bottom). You can’t used ftps or sftp with Windows Explorer. And that is outside of my how-to, because we use Usermin for secure transfers.

See if you can make your vsftpd.conf file match mine, and reboot.

Otherwise you would have to search for a ftps or sftp how-to if you wanted to stick with that. I recommend Webmin and Usermin, because it’s web-based, no client configuration or certs to worry about (above and beyond exception the ssl cert, and or buying a signed one)

Keep us updated, sorry again about the way it broke up your long post like that.

*It also my assumption when you write me that you are following my guide exactly as its written, and have a question about it. Questions outside the guide would be better posted to a wiki or forum, like debianwiki or ubuntuforums.org

-Kev

Rosalind said...

Hi Kevin,

I don't know where those comments came from they were on the file when I opened it up as I hadn't manually added them...so a bit confused about that...commenting them out hasn't made any difference.
Maybe back to the drawing board and download Debian and compare the two...the only part I can't follow is the section on configuring a second hard drive as I only have the one installed and don't have a spare!!

Thanks Rosalind

Bob said...

@ Rosalind, asking Kevin that Drupal question is like taking your Ford to a Toyota dealer. He can't possibly know the billions of possible ways you have your Linux system setup. He can only answer guide related questions. What I did was follow the guide all the way through, stoping before page 5, and then I customized it. And its working out great ! I have rebuilt 5 servers using this same guide. There isnt really anything he leaves unfinished. He has a Drupal solution using Webmin and Usermin instead. Just follow it exactly before you customize it.

KevinTheComputerGuy said...

Hey Rosalind-
I setup a new Ubuntu server box and installed VSFTPD. And it didn’t have any of that SSL stuff.
A clean rebuild might be a good idea, seems you have something editing your config files without your knowledge.
That’s scary and should be located or wiped out.
No worries on the second hard drive, as long as you can visualize it, shouldn’t be a problem. You can even mimic the folder structure if you wanted to, even though /mymounts wont really be mounts, as long as you can visualize it.
-kev

Hey Bob-
Thanks, and even though you are completely right, all these questions make me smarter, so I do welcome them. Thanks again for your help, just FYI, im totally going to steal that Toyota \ Ford analogy :- )

Rosalind said...

Hi Kevin,

I have done a new install using Debian this time and so far so good. Couple of things, although i can access Webmin using my IP address I can't by name, not a huge issue though although previously worked on the ubuntu install.

I registered for a dynamic hostname and configured the router and that worked great, it was live..but this morning it is timing out on me although worked once...is this a bandwidth issue..we are on adsl and waiting for an upgrade...no fibre optic yet though.

Many thanks Rosalind

KevinTheComputerGuy said...

Hey Rosalind-
Awesome, good work!

A quick fix to the name problem is add a hosts entry to your windows boxes.
Edit the file
c:\windows\system32\drivers\etc\hosts

(it’s a hidden file, so you will have to search for hidden, and read only, so you will have to change that for the edits, then you can change it back)

Add a line like this

192.168.2.111 frank

And this will force your windows computer to know the computer named frank has ip address 192.168.2.111

Just use the name, leave off the diy.lan part so it knows your local to your network.

An enterprise solution to this would be to setup a DNS server, but is overkill for a small network.

There are also some hints on page 96, 97, 98 of the pdf guide,(make sure you have version 3.83)

Those changes may help the name respond. But basically Linux and Windows name resolutions work completely different.

On your dyndns name not working anymore, did you tell your router to update the IP if it changes.
If your router doesn’t support that, let me know, and I will send you a link to some software you can install that will do it, but yes, its best to do it form the router, and shouldn’t be a bandwidth issue at all.

Keep up the good work, let me know if that hosts file computername stuff makes sense, but try pages 96,97, and 98 if static.
-Kev

Lenny said...

hi kevin
im up to the part just after logging into the server using putty for the first time, however when i paste the command and answer y to the "do you want to continue prompt" it just says "abort".
any help you could provide would be very much appreciated.

lenny

KevinTheComputerGuy said...

Hey Lenny-
What command are you pasting in? Can you paste it here?

Thanks
-Kev

Lenny said...

i pasted in
apt-get install apache2 vsftpd quota bind9 perl libnet-ssleay-perl openssl

libauthen-pam-perl libpam-runtime rssh libio-pty-perl libmd5-perl

etherwake ethtool ntpdate libio-socket-ssl-perl

i was however able to install them by installing each application individually (as serparate apt-get install commands). any ideas why the full command didn't work (for future reference)?

thanks
-lenny

KevinTheComputerGuy said...

Hey Lenny -
Great job !

No, I have never seen that happen. Its one of the features I like most, sorry its not working for you, I can't think of a reason why it wouldn't work.

keep up the good work
-Kev

Joe C. said...

I hope you make a Billion dollars! great job all the way Kev
.Joe

The Codfther said...

@ lenny
The reason for this is a space missing after "libauthen-pam-perl".
What I have done is to make a notepad entry of the 2 lines.
I then paste the first line, add a space after it, then copy and paste the 2nd line at the space.

Another thing that crops up is the second part of the webmin install won't copy and paste correctly.

dpkg –i webmin_1.510-2_all.deb

comes out as

dpkg .i webmin_1.510-2_all.deb.
I just edit it and all is fine.

KevinTheComputerGuy said...

Nice work Codfather, thanks again!
-Kev

OnDigit said...

This is really great tutorial, I can't thank you enough for making this.

I have been using Ubuntu for a couple of years now, from ubuntu 7 to 9.2 now they have released ubuntu 10.4. Problem with all previous versions are, if I update the system and reboot then I will find X gone wrong again, GTK is not loading and this and that.

Being a person who is not very good in networking and have little linux exp., my only option is buy a new HardDrive, setup ubuntu there and copy the data and get the work started. Now I am fed-up with this, so looking for something stable.

1. Is Debian is the way to go, which has less updates and Rock solid operating system, as Ubuntu also based on debian or ubuntu

2. After reading your tutorial I don't think it's required, but Can I install server in graphical Interface, will you recommend that?

I think it's easy for copy and paste data connecting and using backup hard-disk, if anything go wrong.

3. Solid or Stable Linux Distro as per your suggestion?

Please reply.

KevinTheComputerGuy said...

OnDigit-
Thanks!

I am a die hard Debian fan. Ubuntu is amazing, but to answer your question i usually do Debian for servers, Windows for desktops, and Ubuntu for laptops.

My thoughts = never install the desktop gui on your servers, ever, that is what Webmin is for. And then eventually, months down the road, when everything is up and running smooth, learn the command-line.

And if you need a desktop gui, expect problems, thats just the name of the game. You want all your data on the server, you want your server to be bullet proof, and expect to rebuild \ reformat your desktops and laptops every couple years.

But once you get all your data on the server, rebuilding your desktops becomes alot less painless.

Just wanted to make sure you know you dont have to buy a new hard-drive everytime you run into a problem. You can re-format the original one using the install CD (just making sure you knew that)

Anyway, read through my guide all the way through, before doing it, and see if its something that will work for your needs.

Another good rule of thumb is everytime you run "sudo" ask yourself... do i "really" need to do this. I can assure you less sudo equals more up time :- )

Keep up the good work, your not doing anything wrong, there just isnt such a thing stable GUI with admin rights, unless you never run anything as a sudo or an admin, and that is a hard discipline to follow, but worth it.

For now focus on getting your server bullet proof, and treat your desktops as if you know they are going to break someday.
-Kev

OnDigit said...

Hello Kevin,

Thanks for your prompt reply.

I am surely working on as I have downloaded Debian ( switching to Debian now) and I am sure with your guide, I am able to setup it.

Regarding reformat means, format Hard-drive to make it clean, which purge all data, right? or you are referring something else. I buy new Hard-drive because I need the data crashed harddisk have. Hope it will clear my point.

I really appreciate your time taken for reply for my post, hope I will able to setup a bullet proof server.

Thanks
Jinendra

KevinTheComputerGuy said...

OnDigit-

I see what you were saying now. Just worried you were buying a new hard-drive everytime your upgrade(s) crashed.

Keep up the good work.
-Kevin

Anonymous said...

Hi Kevin,

Its seems to be one of the best howto for the newbee. I am planning to setup Ubuntu server - LDAP, PDS, Samba, Squid and file server for our organisation, with help of your 'howto'.

Why don't you use forum ? that would help you to respond and users to find already discussed issues... and finally create a knowledge base. that my suggestion only.

Really great work for the society.

Arun

KevinTheComputerGuy said...

Arun-
Thanks!

Yes i am pretty active on http://ubuntuforums.org

I swing by when i can and offer help. Their forum fills all my needs. People looking for step by step can come here, people looking for self help can go there, i do feel its the best of both worlds, and what was kinda of missing in the community.

But you are right, i have just grown to like the seperation.

thanks again
-Kev

Anonymous said...

Dear Kevin,
can you please also add the setup of openldap, as this is central point for all the applcation / servers / software to authenticate.
regards
Arun

Seewolf said...

Kevin,

Your tutorial has been great, I am a total newbie at linux and have been having a blast setting up my server with your instructions. I just ran into the first problem that I haven't been able to resolve with the forums or your guide.

When I go to "read user mail" I am getting this error:

postfix: fatal: open /etc/postfix/main.cf: No such file or directory

I am assumed that I missed something on install but haven't been able to figure out what.

I am also missing the "System Logs" tab. I went to try to install the module from Webmin but it is still not showing up. Any help is appreciated!

Thanks,
Mike

KevinTheComputerGuy said...

Arun-
I will glady accept "request" like yours for $5,000 donations per each request.

I use SMB (samba) pass thru auth for all my server to client needs, or SSH for Linux to Linux.

thanks
-Kevin

KevinTheComputerGuy said...

Seewolf-

Thanks! thats awesome.

Are you using the same Debian and Webmin versions from my website?

thanks \ let us know, and keep up the good work.
-Kev

Seewolf said...

Kev,

I am using ubuntu Server (10.04) and the most recent version of Webmin.

When I go through the File Manager, I don't see main.cf in the postfix file. I pasted a main.cf file in the folder that I found on one of the forums just to see what happened and I got past that error but got another that was identical but replaced main.cf with another file that seems to be missing. At that point, I figured I better just pull my new main.cf file out again and ask for help before I really screwed something up.

It is worth noting here that when I got to the part of the tutorial that added packages:
apt-get install apache2 vsftpd quota bind9 perl libnet-ssleay-perl openssl libauthen-pam-perl
libpam-runtime rssh libio-pty-perl libmd5-perl etherwake ethtool ntpdate libio-socket-ssl-perl

I had some errors. I suspect that this is the root of my problem. When I got to the section on Apache, I had to go back and install it as it was not already there. At first I was just playing around with the tutorial and didn't think much of it. Now that I have an actual working server, I wish I had been more careful at that point.

Regarding the system log, I have tried to add it through Webmin but it still doesn't show up.

Thanks in advance for your help!

Mike

KevinTheComputerGuy said...

That’s all due to differences between Debian and Ubuntu. For a more step by step approach, atleast for your first time, try Debian with all my same versions.

Or if you wanted to keep your current install, these will probably do the trick.
For your mail problem, do this:

Open Webmin, navigate to the module
Servers > Read User Mail
Click on Module Config at the top middle of the screen.
Scroll way down, under System Configuration.
Change “Mail Server Installed” to either EXIM or Detect Automatically.
Apply it,
Then open up Putty or SSH2 and do

apt-get install exim4

(there is no space in that word, exim4, all one word)

Reboot your server, then try the mail.

For your system logs problem, Ubuntu must have changed the default location of their log files. Webmin will probably catch up in a couple months and that problem will just go away. Keep checking for Webmi updates. In the mean time, just use the filemanager to read your log files. I do this anyway, that way I can see the entire contents of the each log file. Just use the filemanager to read the log files in /var/log. They are just text files anyway.

Then eventually Webmin will catch up. Ubuntu has moved away from Webmin, so if you LOVE webmin like I do, you may want to switch your server to Debian, and use Ubuntu for your laptops and desktops.

I’ve already seen people talking about Ubuntu has change the way you start and stop services, so if you run into that, like with SAMBA, just reboot your server, that will stop and start all services when needed.

Anyway, try the mail fix and let us know.

Also im not talking bad about Ubuntu. Just maybe go Debian on your servers until you have mastered command lines and or identified the changes in each build. Although I am a die hard Debian \ Webmin fan for servers.

Keep us updated.
-Kev

Seewolf said...

Kev,

That did it. Thanks!

I also turned Postfix off in my bootup/shutdown. There doesn't seem to be any reason for that to be running. Let me know if I need it and I will turn it back on.

I will be happy to keep you updated as I proceed. I am going to try to finish with Ubuntu but have poked around a little and see why you like Debian. I may use this as a learning experience and start all over with Debian.

Mike

KevinTheComputerGuy said...

Seewolf-
Awesome!

I think i would have turned it off too.
Great work.

-Kev

Anonymous said...

Hi...excellent tutorial. I just keep having a problem with adding a second hard drive. I keep getting a

"Failed to save mount : '/dev/hdb1' is already assigned to be mounted".



So should I just undo everything regarding the second hard drive and start that section over from scratch? This is a brand new hard drive.

Thanks...

KevinTheComputerGuy said...

Anonymous-

Thanks!

Are you using Debian or Ubuntu?

For a more step by step approach use Debian. Take a look at the "Disks and Network Filesystems module" and see if you see any other refrences to /dev/hdb1.

Also post the contents of /etc/fstab

And i will take a look.

-Kev

Anonymous said...

Hi Kev

I am using Debian, and Webmin 1.520 on a Compaq d220 MT desktop with 1 GB ram and 2.80 Ghz speed. The server is up and running headless.

The first hard drive is a 20 GB. The second hard drive is a 500 GB. The second hard drive in the Disk and Network Filesystems module is listed as
/mymounts/d2p1 Linux Native Filesystem (ext3) IDE device B partition 1 (In Use?) No
(Saved) Yes

Under Disks and File Systems...the only things listed with a /dev
are a /dev , /dev/shm , /dev/pts. There is no /dev/hdb1 listed.

Under Disks and File systems there is no /etc/fstab listed.

I got a permission denied while under root on the ssh window and putty when I posted the commands /etc/fstab.


login as: root
root@192.168.1.105's password:
deb32server1:~# /dev/hdb1
-bash: /dev/hdb1: Permission denied
ast login: Sat Sep 18 07:30:19 2010 from 192.168.1.3
deb32server1:~# /dev/hdb1
-bash: /dev/hdb1: Permission denied

I am clearly missing something...

Thanks

KevinTheComputerGuy said...

Hey Anonymous –
I think I see what’s going on here. It looks like while in the Disk and Network Filesystems module, during the creation of the mount point for /mymounts/d2p1/

You clicked “save”, instead of “save and mount at boot”

Go back to the Disk and Network Filesystems module, click on your entry for "/mymounts/d2p1" , and uncheck the "save" and choose "mount”. Eventually you want to choose “save and mount at boot”, with save de-selected. But for now, for trouble shooting, uncheck everything that says save, and choose mount. If that works, reboot, then go back in and choose save and mount at boot.

Also, just some info. You don’t ever change directory into a device “/dev/xxxx1” . The hint there is /dev/ means device. You only change directories into folders and mount points. So never type “/dev/hdb1” to get to your drive, always type “/mymounts/d2p1” when command line refrencing the second drive.

Also, just some info. /etc/fstab is a file I wanted you to send me. The filename is “fstab” and its in the “/etc/” directory. Using your File Manager module, you can see the contents of the fstab file, and paste it in here for me.
Although I think the stuff I recommended above will fix you up, and you probably won’t need to send me that file if it’s working.
Keep up the good work.
-Kev

Dave said...

Kevin...Your doing the whole world a favor here Bro! We thank you!!

Anonymous said...

Kev

"uncheck everything that says save, and choose mount. If that works, reboot, then go back in and choose save and mount at boot."

It worked! Thanks again!


/mymounts/d2p1 Linux Native Filesystem (ext3) IDE device B partition 1 5% (In Use) Yes (Saved?) Yes

KevinTheComputerGuy said...

Anonymous-

Sweet!!!

-Kev

KevinTheComputerGuy said...

Dave-

Thanks man !!!

*BTW, that never gets old :- )

thanks again
-Kev

Anonymous said...

Kev

I am using Debian with Webmin 1.520 and the server is up and running headless. I have also set the workgroup to "workgroup".
But when I try to access the samba shares from a linux machine I get the message "Unable to mount location - Failed to receive share list from server".
Have I missed something ?

KevinTheComputerGuy said...

Anonymous-
Are you using the computername, or the IP to connect. if your using the name, try the IP.

If that doesn’t help, run this command, and see if it finds any errors for you.

cd /etc
cd /samba
testparm –s

(that’s the word testparm, then a space, then a dash, then the letter s)

That command will find most problems in your smb.conf file.

If that doesn’t find any errors, try smb browsing to the server.

Open a folder, then at the top, choose “go” then choose “location” And in the address bar type smb://the-ip-address-of-your-server

See pages 363 and 364 in my pdf, at http://woodel.com (version 3.84)
If that doesn’t work, make sure there are not any firewalls running. Make sure you are on the same network.

Compare your smb.conf to others you see from google searches.

Using Webmin’s File Manager, You can play around with the local file \ folder permissions on the root of the shared folder. Set them to 755 for trouble-shooting. (careful you’re not exposing confidential data)

And if all else fails, re-read pages 293 – 380 of my pdf, and follow it exactly and see if it works with my same configs. That way we can eliminate that from the trouble-shooting.
-Kevin

Lee said...

Great writeup. It's been perfect to get me started.

With Ubuntu 10.04 I am having problems with Samba automatically creating the directory for pub4roomies. With the individual users things went exactly as described but for some reason it will not do the same for groups. Any ideas what I may be missing?

Lee said...

Update,
Auto create works fine with path
mymounts/d2p1/users/nshares/pub4house

and utterly fails with path
mymounts/d2p1/nshares/pub4house

group permission conflicts perhaps?

Here's a tip for Ubuntu users to stop/start Samba via Webmin. Under Samba module config, change entry for "Command to start|stop Samba servers" to 'service smbd start|stop'

KevinTheComputerGuy said...

Hey Lee-

Thanks!

These paths are differnet, is that a typo?

Working one =
mymounts/d2p1/users/nshares/pub4house

Non-working one =
mymounts/d2p1/nshares/pub4house

For you group problem, did you do the steps on page 368? also the group needs to be created after page 368, not before.

keep up the good work, lets us know

-Kev

Lee said...

Not a typo. The path used for the group pub4roomies on page 373 omits 'users' compared to the path for the other samba shares. Once I added 'users' to the path and it worked fine. Now what I am after is why the addition of the 'users' directory should even matter. Permissions for both 'd2p1' and 'users' are the same, 770. What is keeping samba/webmin from creating anything above 'users'?

KevinTheComputerGuy said...

Im not 100% understanding your question. But i have a guess. Your have to let Samba create that folder, and it sounds like that folder already exsist.

Sorry if im not grasping the question, but most of the time its because that folder already exs
ists. Try letting Samba create it.

-Kev

Lee said...

In each case my starting directory structure is
mymounts/d2p1/users/nshares/[misc users]

Samba automatically creates pub4house fine if I use: mymounts/d2p1/users/nshares/pub4house

However samba refuses to create pub4house if I use: mymounts/d2p1/nshares/pub4house

It will not create a group share with the path nshares/pub4house anywhere except below 'users'. Is there an issue with using the same directory name at two different levels?

KevinTheComputerGuy said...

Hey Lee-
I’m sorry, I’m still not 1000% sure I’m grasping the question. Let me know if we are on the same page.

I can’t figure out if you’re telling me that the…

1. The guide is only working for user rights, and not group rights.

2. The guide works for both user and group rights, but only in the folder structure I have chosen.

3. You don’t know about numbers one and two because Samba won’t even create the share if you don’t choose my same folder structure as me. So at this point you’re not concerned about user or group rights, because you can't create the share unless you follow my same folder structure.

If you’re saying number 3 (which is what I think you’re asking) it won’t even create the share. Then the four most common reasons I can think of are you are not letting Samba create the folder, the folder above it isn’t 755, or you haven’t setup group synchronization yet, or you haven’t created the group yet using webmin (special things happen when you use webmin to create your users and groups, because of our synchronization setting, so make sure your doing that). So if you’re sure you setup group synchronization in samba, and your sure the group exists, and your sure you used webmin to create this group, then using the FileManager, delete the folder /mymounts/d2p1/nshares (if you can do this without losing data) then using the FileManager re-create the folder nshares, then double check it has 755 permissions (this is the default, so it should) Then using Samba, create the share “pub4house” but make sure this folder doesn’t exists yet, so that your 100% sure your letting Samba create the folder “pub4house” (and make sure the checkbox is checked to create that folder before hitting ok) again, this folder “pub4house” shouldn’t exist, let samba create it for you.

If you’re saying numbers 1 or 2, you have missed something, or there is some difference in Ubuntu 10 that I’m not aware of. Which is totally possible.

Let us know, and make sure your mount isn’t too deep. If your mounting d2p1 any deep than the /mymounts/d2p1/ then it will have a fit.

-Kevin

Anonymous said...

Kevin

Thanks for your prompt reply. I have carefully redone the the samba install and all is now well.
I can access all shares on windows XP, but am having a problem mounting the public share using fstab. I have tried several variations but cannot get it to mount with read/write access.
Do you have an fstab entry that works ?

KevinTheComputerGuy said...

Hey Anonymous-

You could do a line like this in your fstab:

#Start Samba mount code at startup
\\192.168.2.241\pub4house /mnt/samba241 smbfs user=public,passwd=public 0 0
#End Samba mount code at startup

just make sure the "/mnt/samba241" folder exists on the computer your doing this too.

But caution, the guide doest have you do it this way for a few reasons.
One- it’s not very convenient, you much better off using the gui file chooser, and saving the share as a bookmark. Examples one pages 363 and 364 (version 3.84 of the pdf). Once you have done the steps on those two pages, you can save it as a bookmark.

Two- it’s not very secure. The guide would be 6,000 pages if I had to explain why it’s a bad idea to put passwords in files in plain text. There are scenarios where this is safe, especially on your home network. but just keep in mind, in the default configuration, ssh, ftp, sftp can “read” all files. So if you put an important password in there, you just shot a hole in your defense plan.

Again, there are scenerios where you will need to do what you’re doing, just keep in mind without system harding, that password can be seen, and if your computer is ever stolen, or someone has access to boot it off a cd, your done, your compromised.

You’re probably at home, and you have mentioned it’s your public share, so I am really wasting your time with this rant. Just want you to know we skipped 5,000 pages on not doing what you’re about to do. Now, do I do it??? You bet :- )

Just be careful, the gui way with a bookmark \ password prompt is 100% safe. Fstab is not.

Keep up the good work
-Kev

Anonymous said...

Kevin

Thanks. Am convinced and am now using a bookmark.

Ta

KevinTheComputerGuy said...

Excellent !
Pass through is even better, guide talks about it.

Good work!
-Kev

Lee said...

Kevin,

Thanks for the help on Samba. The key thing I was missing was that Samba will only create the last directory in the given path. Once I created 'nshares' manually all worked well. Thank you!

KevinTheComputerGuy said...

Hey Lee-

Your welcome.

Thats some good info, thanks for letting us know.

-Kev

Anonymous said...

Kevin,
Thanks for the awesome guide, it helped me out a lot.
I used your guide to set up a samba file server only. I just have a question about the personal shares. Once I log into a users share I can't log into another users share without logging off of windows and logging back in. Is this how it is supposed to work? If so, is there anyway to change that?

I ask because my classroom is set up as a workgroup. There is only one user account on each computer. I have 6 classes that all come in and use the same windows user account. I would like to set up a file server where each student had a personal folder to save their work.

Thanks again for your help.
SRD

KevinTheComputerGuy said...

Hey SRD-

Thanks !

That is how it is suppose to work, you can’t authenticate to the same server as two different users.

There are a couple work arounds. One you can drop to a command prompt and run:
net use /d *

This does almost the same thing as logging off, without actually logging off. But it isn’t rock solid, sometime you have to run it twice, and sometimes it just won’t let go, but will work most of the time.

Another work around is windows doesn’t realize that the “ \\computername\share “ and “ \\IPaddress\share\ “ are the same computer.
So you can trick it that way, auth as one user to the \\computername and auth as one user to the \\IPaddress

Another work around that fits in nicely with the net use /d * command is to map a drive letter. When mapping the drive letter, there is a checkbox to “connect using different credentials”

Also make sure your students are typing the full path to their shares, to keep it from connecting to the root of the share.

example: \\ipaddress\kelwood

not just \\ipaddress\ then clicking on kelwood, because it will auth to the root of the file share first.

These work arounds work, but you’re better off having your students create themselves an admin account on the school computers that matches their username and password to the share. Then log off of windows and log back in as that account they just created. Now they will pass-thru those credentials to their personal shares, and won’t be prompted, but will only see their own personal share (which is what you are after) most classrooms are setup to forget changes when the computer is rebooted. But most will let you log off and login without losing anything.

That’s what I would go. To recap, example = you make student Kevin Elwood and account on your server of username : kelwood password: swordfish
When Kevin comes into class, he makes himself a windows account of username: kelwood password : swordfish. Logs off of windows, and logs back in as username kelwood.

Now he pass thru authenticates to anything kelwood has access to.
-Kev

Seewolf said...

Kev,

One other thing I forgot to mention. This is a nuisance more than anything else, but I am concerned it may be an indication of a bigger issue. I cannot access my server through the server name within my LAN. If I use the https://192.168.2.xxx address, it works just fine but when I try https://deb32server1, it times out.

I went back through the tutorial and double checked /etc/hosts, etc/hostname and /etc/resolv.conf - all looks good here.

Any ideas here are appreciated too!

Thanks again!
Mike

Anonymous said...

Thanks for the response kev.

I was considering creating all the students a user account but I wanted to be able to easily move a student to a different computer. Sometimes I have to shuffle them around when they can't behave. I think the easiest thing would be to just have them log off of windows at the end of class.

I have a couple other questions.

In your guide it looks like you get a user/pass prompt as soon as you try to access the server. On mine I don't get a user/pass prompt until I try to open a users folder. Did I miss a setting? I skipped through a lot of your guide because I only set up the samba server. I read the entire guide a few times but didn't notice anything that I might have overlooked.

My other question is if I want to be able to access all users folders from my account, do I have to add myself to each users group? I need to be able to access their folders to grade their work.

Thanks again for your help!
SRD

Anonymous said...

Oops, I think you already answered my first question in your previous post.

Thanks
SRD

KevinTheComputerGuy said...

Hey Seewolf-

Glad to hear from you

1: The public share uses 755 permissions, not 700.

Download the latest pdf (version 3.84) and double check pages 311, 313,336, 340, 341, 342, 343. Sound like its defaults might be set to 700, not 755.

Also make sure they are typing the full path to the share, as not auth to the root of the share.

Do this \\ipaddress\public not \\ipaddress

2: The steps are the same for port 80 and 10000. Did you do anything in the webmin config about limiting the source addresses? That’s the only thing that comes to mind. If you have ipadress:80 working, then you know what you’re doing.

3: Vmware, I wouldn’t proceed with VMware on that box, you won’t be able to do much with it. If you ever need to do VMware stuff and you get a beefy computer, check ESXi from VMware. It’s a free OS, loads up linux all ready configured for you to do VM’s. But you need a 64 bit machine with a ton of ram. I would stay away from VMware until you get a beefier setup. And maybe try ESXi when you do.

4: I have never heard of Gallery 2
Thanks for the kind words !!

5: For the name resolving problem, edit the hosts file located at c:\windows\system32\drivers\etc\hosts (file may be hidden \ read only)

Add a line at the end that says:
192.168.2.1 debserv32x1

Reboot and now it will resolve that name locally, independent of a DNS server. Then https://debserver32x1:10000 will start working internally again.

keep up the good work.
-Kevin

KevinTheComputerGuy said...

Hey SRD-

I got a little mixed up in all the anonymous replies, did your question get answered?

-Kevin

KevinTheComputerGuy said...

Seewolf-

Dont forget the ":10000" at the end, always.

https://deb32server1:10000

https://your-domain-name.com:10000

-Kev

SRD said...

Kev
Sorry for the confusion.

How would I set it up to where I can access all of the students folders with my account but keep them from accessing each others folders? I would need access to each students folder to grade their work.

Thanks,
SRD

KevinTheComputerGuy said...

Hey SRD-

Short answer, add yourself to their group.

Long answer, make sure you setup group synchronization (see page 367 in the pdf version 3.84 http://woodel.com )

Make a group called ShareAdmins, and add yourself to that group.

Make sure you are using webmin to create that group.

Make sure each user’s folder has 770 permissions. (3 x’s on top, 3 x’s in the middle, no x’s on bottom)

Where you see the name “mygroup1” on page 378, replace that with “ShareAdmins” on every users folder.

Make sure each user’s folder has the “files inherit group” check box (see page 378)

That will create a folder permission of 2770 (which is the magic behind it all)

*note, all this only affects newly uploaded files, so if there are existing files in those directories, you would have to use the drop down arrow when applying the 770 permissions and choose apply to this folder and all files, and all sub folder if folders exist.

The drop down I’m talking about is in the filemanager module, and is visible on page 378, under “apply changes to”

let me know if that all make sense :- )
-Kev

SRD said...

Kev

Ah ok, I understand.
I can't thank you enough, Your the man!

SRD

Seewolf said...

Kev,

As usual, excellent advice and direction. I have now:

Removed VMWare - I'm not really sure when I would have used it anyway
Added the line so I can get to my server through my windows machine using the server name instead of the IP address
Got the "public" share up and running (I went back and completely redid this one and now it works)

Something also seemed to shake loose access to the other ports too. I can now access Usermin remotely.

Now I have a question on an issue that is a pretty low priority, but I find curious. When I go to "http://www.mydomain.com" the address in the server bar immediately switches to "http://myi.pa.dd.ress". I don't usually see this happen on most websites. What do I need to do to keep the domain name address in the address bar of the visitors browser? Like I said, small issue but if you have a quick explanation, I would love to hear it.

Keep up the great work!

Mike

KevinTheComputerGuy said...

Seewolf-

Great job! Congratz

On your web-browsing issue coming back as the ip address, I have never seen that. So this is a complete guess, I could be sending you down the wrong trouble-shooting path.

But it sounds like an issue with your dns account. Whoever you bought your domain name from, login and make sure the option “wildcard” is set to not (not use), and that the option “cloak” is set to yes.

If neither of those work, click on the “contact us” link in the support page of your domain registar, and send them an email telling them whats happening, and see if they made a goof on their end.

Also if you did the local DNS server portion of the how-to, or the router portion, email me your website, and I will see if it happens on my side of the world to (email it)

Good luck, I may be wasting your time, Ive never heard of that problem before. But my guess is DNS.

If you did do the local DNS part of the how-to, send me all the related configuration files, zipped, via email.

-Kev

Seewolf said...

Kev,

I have figured out that it is only on computers within my LAN that change my domain to my IP. I tried it from another computer outside yesterday and my domain name remained in the address bar, so I am OK with that.

I have since created a new problem for myself. When I went back to uninstall VMWare, I seem to have gotten a little aggressive and removed some other packages. The problem I am running into now is that I don't seem to have PHP support from the server.

I am trying to install a photo sharing system on the server and the install is web based in a .php file. The problem I am having is that when I go there in my browser (IE or FF) it is trying to download the file as phtml instead of opening it in the browser.

Do you have any suggestions on how to go back and re-install all the packages that I seem to have removed unintentionally when I removed VMWare?

As always, thanks for the direction and patience!

Mike

KevinTheComputerGuy said...

Seewolf-

I probably can't be much help here, i don't deal with PHP much ever.

If you removed vmware via putty or ssh then you can keep pressing the up arrow on your keyboard and it will show you past commands that your ran.

Keep pressing up until you see what you did, and then maybe the answer will be doing the reverse.

Also check your logs, and search for the keyword "remove" or "removing" and see if anything jumps out at you.

Sorry, i just never got into PHP at all so i dont really know.

good luck
-Kevin

Seewolf said...

Thanks Kev,

I am sure I will find it - just time and effort. The payoff is actually figuring it out!

Have a great weekend!

Mike

KevinTheComputerGuy said...

True, True.

Good luck

-Kev

Monte Milanuk said...

Kevin,

Nice site, very helpful!

I understand your earlier reasons for not including a TOC for the document... but honestly, given the size that its grown to (600+ pages according to the PDF) it really does need one if only to make things easier to reference when a person comes back to it trying to find how to do a given task if they didn't start with your guide or if it was something they skipped on the first pass but now want to try out.

Thanks for all the effort,

Monte

KevinTheComputerGuy said...

memilanuk-

Thanks !

Have you tried the search feature in the pdf?

-Kev

Anonymous said...

Kevin

Thank you for the site.

Webmin seems to be working except for file manager which does not populate with the tree. Only get a large black square even tho its transferring from 198.xxx.xxx.x.xxx. Have updated modules as per PDF.

Your thoughts?

Dan

KevinTheComputerGuy said...

Hey Dan-

Thanks!

Did you install Java into your browser?
http://java.com

keep up the good work.
-Kev

Anonymous said...

Yes Java is installed and up to date. It seems File Manager in Webmin is the only module not working. When the server is booted the Damon Monitor (monit) is not starting saying its not configured. Would that have any effect.

Thanks again

Dan

Anonymous said...

Problem solved. Reinstalled Java

I should have known.

Thanks

Dan

KevinTheComputerGuy said...

Dan-

Awesome! good work

No, Monit is something you configure later in the optional advanced section. Its just letting you know its not configured to start, which is correct for where your at in the guide.

-Kev

lightsword said...

Hi Kevin,

I have a question related to Ubuntu that I'm hoping you or someone else would be able to answer.

I’m trying to assign a static IP to eth0 on my Ubuntu Server. Its running Maverick Meercat 10.10 desktop edition, and a local DHCP server seems to be auto starting, and it assigns the eth0 a different IP even though I’ve configured it to be a static IP. If I restart the port by using ifdown eth0 it goes back to the default IP, but it autostarts after reboot with a different IP. I’ve tried disabling any of the DHCP services that autostart, but that doesn’t seem to work, and the pkill command kills that instance, but a new one replaces it instantly. I'm also using LogmeinHamachi and its set to dynamically get its own DHCP settings on its own virtual adapter ham0. Is it possible that Hamachi is starting the DHCP program when it starts at boot? Any suggestions on how to find & kill the DHCP client that’s overwriting my settings?

I'm following along with the latest edition of the guide, and so far its been fantastic! I'll definitely be pointing anyone who I know is starting a server to your resources. They are phenomenal and I've really benefited from your knowledge.

Thanks!
Chris

KevinTheComputerGuy said...

Chris-

Thanks !

Email me your /etc/network/interfaces file and i will take a look.

Ubuntu has a network manager program in it that gets in the way, and app-armor, but lets start with interfaces file.

Im not talking bad about Ubuntu, i do love me some Ubuntu for sure, but they sure are making some questionable changes.

I use Ubuntu everyday, but im starting to tell people to stay back a revision. If 10 is out, go 9. If 11 is out go 10. They arent afraid to make big changes thats for sure.

-Kevin

lightsword said...

Hi Kevin,
I sent you a copy of my interfaces file. Thank you so much for all your help!

Darryl said...

Kevin,

Thanks for the terrific tutorial, it has renewed my interest in Linux and given me the confidence to finally set up my home media server.

My Linux experience is limited to Ubuntu so far and for this project I began with server 10.10. I've come to the conclusion that I should probably use the previous version, would you agree? If so, which version do you believe to be best? Or perhaps Debian?

Thanks again for the great work!

KevinTheComputerGuy said...

Hey Darryl-

Thanks!

I would use Debian for servers and Ubuntu for GUI laptops and GUI desktops.

Im not talking bad about Ubuntu. What they are doing is important, and sometimes i find Ubuntu is the only one that will load on the newer hardware.

-Kev

Darryl said...

Thanks Kevin, I really appreciate the input. I guess I'll give Debian a shot. Take Care.


Darryl

Anonymous said...

Very impressive tut Kev. It shines with the quality and pride you have put into this. I'm in a holding pattern on page 107 (3.84) in the .pdf until I'm sure what I'm suppose to be changing in the resolv.comf file. There was already this:

domain my.isp.com
search my.isp.com
nameserver "router address"

Am I to add:

search diy.lan
nameserver "router address"

under what's already there??

KevinTheComputerGuy said...

Hey Robert-
Thanks !

You would be erasing everything in that file and replacing it. You can use the file manger to make a copy of that file, (copy \ paste) name the pasted file resolv.conf.original

Then if you have problems, just delete mine and rename resolve.conf.original back to just resolv.conf

You only need to do that step if you have switched your server from dhcp to static, so it knows to do dns lookups through the router instead of directly querying the internet.

good luck, keep up the good work.
-Kevin

Anonymous said...

Thanks Kevin. Yeah, I switched to static (1st server setup I've ever done, so staying with the tutorial exactly). I also went back and reread pg's 53 - 57 and was thinking that went along with DHCP. I'll be continuing the tut now. Thanks again Kevin.

Anonymous said...

Hi Kevin,

Thanks for an excellent walk through. It's made sense of a lot I had going around in my head and I havd successfully set up my server.

I am hosting my own site and those of my daughters, so at home I am king lol!

Will you be finishing the pdf document any time soon?

Again thanks for a great job.

Tony

KevinTheComputerGuy said...

Thats awesome Tony! keep up the good work.

I just updated the website to version 3.85, so it will take me a couple months to get the pdf ready. Im 50% done, its just i have two full times jobs, and this is one of my most busy months. If you email me, i will email you back when its ready.

Thanks again
-Kevin

Anonymous said...

Hi Kevin, I had a recent bout with 'cranium rectumitis'. I clicked on the 'server1' link to download what I thought would be the .pdf for the updated manual. I 'didn't' check the filesize before clicking on download and overwrote the file I had. Anyways, I had finally gotten all the way thru to pg 293 (Samba). Without going thru Samba, I figured I would go ahead and setup file access for a couple of friends of mine where we can store and download files. I haven't been able to get it where they can get thru. I've gotten the free DynDNS account and from reading their setup, I was suppose to use the 'external' IP address. I have a (Time Warner) cable modem with a D-Link DI-604 router connected from it and from there to my Windows box, and the web/file server box I'm building from your instructions here. I've researched where I'm suppose to put this external IP until my head hurts. I'm believing it's got something to do with the hosts, hostname, & interfaces files, but when I change anything, the server gets lost(?). Could you direct me down the right path? Thanks

KevinTheComputerGuy said...

Hey Robert-

I can email you the outdated pdf if you email me, im still working on the new one. Or just use the website ( http://woodel.com ) its always the most updated.

Stay away from that interaces file, and the other files you mentioned, your missing some of the key concepts here, i would re-read the top half of page 3, most importantly the part this picture is talking about.

http://woodel.com/page3_files/p3_image085.jpg

Your external IP is the ip address of your router, you have to then go into your routers web interfaces, and add the port forwards you need as seen in the picture above.

You dont really need to enter that external ip address anywhere in your linux box config files, so if you find yourself doing that, know thats a step in the wrong direction.

external IP = your router
You then setup port forwards to send that traffice internally to your linux box ip address example = 192.168.2.1 or 192.168.2.111 depending on how far you have gotten in the guide.

good luck, keep up the good work.

-Kev

Anonymous said...

Thanks Kevin. I went back in and got everything set back right. I also added the nameservers (dyndns) that you referenced (pg 1 on the web) with that readme file on DynDNS.com (Internet Guide). I'll try this setup again and see if my "tester" can get thru. Port Forwarding and all that's been done on the D-Link. Time Warner says no ports are blocked on their cable modem. Thanks again.

KevinTheComputerGuy said...

Robert-
Awesome, sounds like your almost there.

If you get fed up with ftp and its quarks, here is an sftp how to, its really "ssh file transfers" behind the scenes, super secure, and works great thru firewalls (port 22)

http://woodel.com/domore/

Only downside is your users need a client to connect, filezilla client is a good one.

http://filezilla-project.org/download.php

-kev

Anonymous said...

Thanks Kevin. I'll take a look at the sftp how-to also. We've all used 'zilla and smartftp, so that won't be a problem. But we are trying to get some better upload/download speeds. The files we're loading and downloading will end up being fairly large, 500mb upwards of 2gb. Anyways, I appreciate your help. If it's the D-Link that appears to be blocking them getting to the server, then I'll try connecting the Linux box straight up to the cable modem and see what that gets me. Of course then I'll have to go in and set the new IP numbers. I've had to do the same for my windows box a couple of times. Then I put the D-Link back in and everything works. Weird stuff sometimes. Thanks again.

Anonymous said...

Hi Kev. Just want to let you know we finally have liftoff!! I had it right to begin thanks to your tutorial. Since I've got the 'digital phone' with Time Warner (along with the internet and cable tv), their cable/phone/modem has to be reset from their end due to the modem having a battery backup. Unplugging the power cord from this type of modem will NOT reset it for any reason. This is due to it having a battery backup. The reset is done because their system, when it's activated, detects the first device that's connected to it. And since at the time I had it installed (the modem) I only had the windows box hooked up. Since the reset, everything's fine and the Linux box is now online! Thank you for the tutorial and all the help you supply on here in addition. I'll finish the rest of the tut now and get this box set up a little tighter. Thanks again Kev...

KevinTheComputerGuy said...

Robert-

Rock on! thanks for the kind words.

*PS the PDF is ready, http://woodel.com

-Kev

Anonymous said...

WOW this tutorial is absolutely brilliant and a am not even finished with it yet. the only thing that could be better is if there was a webmin module for bind configuration.

P.S. i would donate if i had any money.

KevinTheComputerGuy said...

Ellisgeek-

Thanks!!

*note, There is a Bind9 module, its under the Servers module once you install bind9.

Thanks again
-Kev

Anonymous said...

Kevin,

Excellent work. Have set up two Ubuntu servers and because I have learned so much from you, I have ventured into more distros, thanks.

Question for you, I want to move my server to another PC, set it up exactly the same. How can I mount my d2p1 in the new box and not format it? Is it possible to mkdir "mymounts", install drive then mount with those "shortcuts" you show but do noy use in the tutorial? Thanks loads.

Thanks,
Mark F

KevinTheComputerGuy said...

Hey Mark.

Thanks!

Is d2p1 just a data drive? If so, yes.
On the new server run this
mkdir /mymounts/d2p1

then navigate to Webmin disk and network file systems module, and mount it as ext3 (or 4 or 2, whatever) in the local /mymounts/d2p1 folder.

No formatting is needed.

-Kev

Anonymous said...

Kevin,

Thanks to you too!

d2p1 has user and public folders that hold the data, intend to put users on new system just as it was, same names and p/w's. BTW, I have a d3p1 that is a backup of d2p1, (can't bring myself to use raid yet!) If I have to I'll do it up from scrach seeing as I have 2 exact HD's, I have two other Ubuntu desktops I could mount 1 drive and copy the folders over.

Thanks,

Mark F

Anonymous said...

had an issue doing an install today, went searching for some answers and ran across this, you are simply amazing, i am trying to use your woodel guide as well, have not gone through very much of it yet. but am running across this issue,

root@rd-debian-server:~# apt-get install libmd5-perl etherwake ntpdate libio-socket-ssl-perl
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package libmd5-perl

i am trying to learn a bit more so hanging in the debian irc room, and somene posted this to help me, RD: This package was replaced by the Digest::MD5 module (Debian bug #539019) and is not available post-Lenny.

tried on a different install to get a different version of perl but still had no luck getting webmin running, any ideas?

also have been told not to mess around with webmin, i guess is no longer supported? am still going to be using your tutorial, seems i will have lots to learn using it, thank you for putting it together

and thanks for your help

RD

KevinTheComputerGuy said...

Hey RD-

Thanks!

Are you using debain version 5.x?

Try the 5.03 link on my website, the second one, pointing to my server. You can update it when your all done with the guide.

To my knowledge Debian supports webmin, Ubuntu doesnt.

-Kev

Anonymous said...

wow you are quick, have been using Debian 6.0 up till today it all worked fine, have done many installs so far experimenting with a little here and there. will try to do another install tomorow without doing any upgrading till after i have webmin installed.

RD

KevinTheComputerGuy said...

RD-

Thanks again :- )

Yes use the 5.03 link from my site (from my server) much better experience.

-Kev

Anonymous said...

ok, will try the 5.03, does that mean i should not do the get update then in the beginning steps ?

KevinTheComputerGuy said...

You can do "apt-get update" but hold of until you have webmin working before you do the "apt-get upgrade"
-Kev

CMS Application said...

very interesting, learned a lot!.

KevinTheComputerGuy said...

CMS Application-

Thanks! thats awesome!!

-Kevin

Anonymous said...

What a great write up. Had to run through it 3 times before I got it running as a router. Ubuntu caused problems with the nics, but using Debian solved those issues and of course your most detailed setup.

Thanks for all your hard work.

KevinTheComputerGuy said...

Anonymous-

Thanks! thats awesome to hear. Making it thru page 5 is something to be very proud of, great work.

-Kev

Karl said...

Hi Kev,
Thanks for the comment, me Anonymous, actually me Karl.
I found this link I don't know if you have seen it at all.
http://versia.com/2009/11/19/nas-debian-lenny-raid1-encrypted/#grub
I know it's not the quite the same thing but you might find something useful in it.

Karl said...

Well my joy of getting my server running was short lived. It was running fine with my laptop being able to access msn and getting excellent video with my wife. This lasted about an hour and then I had to go out and shut down my laptop. My server was left untouched.
Upon my return after firing up my laptop I had NO internet connection, but was able to connect to my server. My server had been running while out and it is powered through a UPS. It had not been rebooted or touched since initial setup and the great link I had.

I have checked and rechecked all the files and directories and they all seem to be as I left them. I re-read your document and followed it to the letter but to no avail. It seems that no matter what I do I just cannot access the internet through my laptop. I connected another PC to the network and the same there, no Internet.
The server can access the internet with no problem.
I wonder if you have any ideas as to what the problem might be as I am at my wits end here.

Karl

KevinTheComputerGuy said...

Hey Karl-
Check and make sure /etc/resolv.conf isnt getting overwritten \ changed on the server. This will interfere with the dhcp server.

You can also try giving your laptop a static ip and static dns, to trouble-shoot if the dhcp server isnt handing out the right info.

also if ipv4 packet forwarding isnt enabled in /etc/sysctl.conf, you will see this problem.

Best of luck
-Kev

Karl said...

Hi Kev.

Well you hit the nail on the head with your first thought, the /etc/resolv.conf nameserver is being changed to 127.0.0.1. when I reboot. Presumably when I disconnected my laptop that happened to.

KevinTheComputerGuy said...

Karl-
Thats why they call me "the hammer"
j\k :- )

127.0.0.1 is right if its on the server, thats not right if its on the laptop.

Check pages 597 and 598 on my pdf to see if you have dns stuff right.

*also try a static ip and static dns on your laptop to see if we are on the right path.

-Kev

KevinTheComputerGuy said...

Karl-

Your last message didnt show up, maybe it was too long. Sorry, i cant think of anything because it was working at one point.

You could try starting over, and using Debian 5.03 from my server, ubuntu us pretty quick to make changes and may have changed something.

best of luck

-Kev

Karl said...

Thanks Kev I will do that. This will take a few days as I am fairly busy right now. I will let you know how things progress.
What I would ideally like is to just install the necessary scripts first, that would enable the routing part to work. Once that is done then I can do the rest of the server.
Both eth0 and eth1 do work and I can go in on either port with no problems. It's just passing the information between the ports is the problem.
I can use putty and nano to do the configuration of the files. Or just use nano on the server itself, either way I am okay.

KevinTheComputerGuy said...

Karl-

Sounds alot like ipv4 packet forwarding isnt enabled in /etc/sysctl.conf, or maybe you missed the part where bind9 is installed. (apt-get install bind9)

Best of luck on your rebuild, please note my guide assumes you follow it step-by-step, starting at page 1, if you jump around in the document its likely you will miss something needed later.

keep up the good work
-Kev

Karl said...

Hi Kev,

I downloaded Debian 5.03 from your server and installed it as your first pages, no problem. I then did the following;
-----on server-----------

aptitude install dhcp3-server ssh

nano /etc/dhcp3/dhcpd.conf

/etc/init.d/dhcp3-server start

nano /etc/sysctl.conf

nano /etc/network/interfaces

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

then;
------on workstation------

ping 74.125.93.106

ping www.google.com

All worked according to plan. Next I issued the command;

shutdown -r now

On reboot it would not route, just as before. What I did next was to;
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
This made everything all good again. So now what I need to figure out is how to make that permanent and then I can get back to your instructions and finish this project. It sure has been a STEEP learning curve for me so far.

KevinTheComputerGuy said...

Karl-
You not following the guide step by step.

I never mention nano, aptitude, or iptables scripts. Please follow all 600 pages line by line if your going to ask me for help.

Those scipts your running are temporary.

follow each and every page \ sentence \ word

Karl said...

Kev,
You are right, I have not followed your guide as per your instructions. The reason is I was not sure why I could not make the server route after following your instructions at least twice. Obviously I have made mistakes somewhere along the line, after all it is heavy reading. Also there are some parts in there that I do not want, like adding additional drives.
So to cut a long story short, I have now proved to myself that my hardware is okay, as it is new. I now intend to go back through the guide page for page and install all that I need.
I just informed you of what I was doing and why.
Now I can start at the beginning with a better understanding of what I am doing.

Jeffer said...

Kev,

Great How-To. Wish I found it sooner. I already had a Squid server running on my Ubuntu 10.04 box when I was looking for some help on setting up Samba.

FYI, I was unable to Webmin into the box with Internet Explorer while using the proxy. Once I turned it off, all was good.

KevinTheComputerGuy said...

Jeffer-

Thanks! Glad you like you it.
-Kev

Kevin said...

Hi Kevin,
Firstly, as a namesake, gotta say you are awesome.

Secondly, I have used your guide to great success on linux servers I have setup previously.

Thirdly, I now have a problem with setting up a debian router as a guest on VMware. The problem is this, I can't seem to be able to connect to either NIC properly. When I use the bridge option, it cannot connect, while custom virtual bridge does connect but does not allow for packets to be forwarded. The DHCP is working for the eth_safe but no internet connection to eth_bad, gives me a connection time out, under custom virtual bridge. Also, while in this state, it does not allow for browsing on the host, win 7.

What is going wrong, as I followed your guide to the letter?

KevinTheComputerGuy said...

Thanks Kevin, that’s awesome.

To my knowledge you can’t do that part in a VM.

It “may” be possible to put multiple physical NICs in your host, and hardlink them to the VM somehow, but all of this is a guess and still probably wouldn’t work.

And even if you got it to work, it wouldn’t be very portable.

You would be best off using on old spare PC, with two NICs. It doesn’t have to be powerful, I setup a few 700Mhz ones that can handle everything you throw at it, as a router.

Good luck, thanks again, keep up the good work
-Kevin

Kevin said...

Hi,
I will dual boot for the time being. I spent the day tinkering and no dice, cant seem to get it to work. If I do, will give a shout.

Thanks for guide again, and if possible, think you could add a small section on Radius configuration. Would help with authentication for sharing a connection.

Still awesome work.

KevinTheComputerGuy said...

Hey Kevin-

Thanks again, and good luck.

Not sure what you mean by Radius, in this setup you’re acting as an actual router, not ICS or DUN. But if you still have a need for something like that, ubuntuforums.org would probably be a good start.

Thanks again
-Kevin

Anonymous said...

Hi Kevin,

Nice Work! verynice.
I'm having a problem. My two nic are not forwarding. Can help me?
I have eth0 is working fine, computers are getting IP from the DHCP Server, eth4 is getting it IP from the ISP. MTU 1500 for both, Full-Duplex, I can ping google from LinuxBox, I've uncomment net.ipv4.ip_forward=1. I've set the FireWall as you said and nothing.

but there is one part that i didn't understand. I was using eth1 for the sec nic and it was not working. the i ran ifconfig -a there it was as eth4. Is it normal that Linux use another name for you nic? or dosen't matter?

Whe i try to navigate to Google.com nothing. I only have internatl network. Please help :(

KevinTheComputerGuy said...

Hey Anonymous, thanks!!!!

Also, I can tell from your wording you read the guide carefully.

You have covered most of my questions already, If I had to guess I would say it’s either a DNS issue or a firewall issue.
To test and see if it’s a DNS issue, from a internal computer that isn’t working, see if you can ping Googles ip address (74.125.224.146) instead of its name. If you can ping its IP and not its name, then we know it’s a DNS issue.

The firewall can also cause what you are experiencing. Look over your firewall rules, and make sure you have (at least 3 at the top most)unlimited access for LO (loopback) and Eth_Safe, And the one entry for eth_bad. Also make sure you have the 2 forwarding rules below it. And make sure they all say “Accept” in green letters to the left of the rule (via webmin) And make sure you told it to perform NAT on the right interface number.

The eth4 isn’t a problem you “have to” fix, as long as mentaly your treating them as eth_bad and eth_safe, but it does mean there was some problem during setup, or the nic was moved around after setup.

If it’s always coming up as eth4, and you can see it from ifconfig "without" the –a, then you don’t have a problem worth fixing. If you can’t see it without the –a, then there is either a big problem, or your file /etc/network/interface needs adjusting for the number 4 (eth4)

Good luck, thanks for reading it so thoroughly, it’s easy to see you have an understanding of it.

-Kev

Anonymous said...

Hi Kevin,

I did all the steps mentioned in your documentation. However, ran into a problem.

When I try to connect from my office to "ssh2 login" i get the following dialog message:

MindTerm - Alert
Error connecting to xxx.xxx.xxx.xxx, reason:
-> Connection refused: connect

What could be the problem?

I just want a shell to work with on so the next thing i tried with setting up "shell in a box". I got that installed and running successfully but then it said "cannot open connection" and in the java console logs i get the following message:

"Thank you for using MindTerm...
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead."

Anonymous said...

I would like to add a note that ssh2 login works fine from local machine. This problem arises only from office.

KevinTheComputerGuy said...

Hey Anonymous-
Does Putty work from your office? This is a good way to trouble-shoot if its a router\firewall issue, and if port forwarding isnt setup right.

If Putty doesnt work, then your probably jumping ahead of yourself, later in the guide you will learn about port forwarding from WAN to LAN.

If Putty does work, then try a newer browser, like Chrome.

Also, make sure your computer at the office has the newest java installed (http://java.com)

good luck
-Kev

Anonymous said...

PuTTY also does not work and gives the same error message.

Anonymous said...

BTW just like to give additional information:

1. Router has a static external IP
2. 3 machines on LAN (1 Win7 & 2 CentOS)
3. Webmin works for both Linux machines(from office). I dont need the Win7 for anything.
4. Everything works inside LAN just fine.

KevinTheComputerGuy said...

If Webmin works, that means you understand port forwarding. Did you maybe change the default port for ssh? If so, then you need to edit the ssh2 module config with the new port number

In your trouble-shooting, get Putty working first, then move on to the ssh2 module once putty is working.

Keep up the good work.
-Kev

Anonymous said...

What I have done is redirected traffic from my public static IP to my CentOS machine for port 443. My office network wont allow traffic on
https://:10000

Does the ssh port continue to run on 22 while telling my router to redirect requests on its public static IP to my ?

«Oldest ‹Older   1 – 200 of 374   Newer› Newest»