Zentyal 3.0 Official Documentation
Contents
1. T moe MMOH List of shares Shared directories can be edited using Access control By clicking on Add new you can assign read read write or administration permissions to a user or group If a user is a shared directory administrator he she can read write and delete any user files within that directory Shares invoices Access Control Ada new SEARCH veer reins ncn Group Sales Read and write x lt L 10 pages LHL SUP Adding a new ACL Access Control List You can also create a share for a group using Users and Groups Groups All group members will have access they can write their own files and read all the files in the directory Sharing directory for this group Directory name marketing ADD Creating a shared directory for the group If you want to store deleted files in a special directory called RecycleBin you can check the Enable recycle bin box using File Sharing Recycle bin If you do not want to use this for all shared resources add exceptions using Resources excluded from Recycle Bin Other default settings for this feature such as the directory name can be modified using the file etc zentyal samba conf Recycle Bin default settings Enable recycle bin CHANGE Samba shares Recycle Bin exceptions Add new SEARCH Share invoices 10 Pagel KIKO Recycle bin Using File Sharing gt Antiviru2. 10 7Y Page 1 List of gateways Additionally Zentyal may need a proxy in order to access the Internet for example for software and antivirus updates or for HTTP proxy re direction In order to configure this external proxy go to Network Gateways Here you can specify the address for the Proxy server and also the Proxy port A User and Password can be specified if the proxy requires them 2 http en wikipedia org wiki PPPoE Static route table If all the traffic directed to a network must go through a specific gateway a Static gateway is added For making a manual configuration of a static route you have to use Network gt Static Routes Adding a new static route Network 10 20 30 40 i ee Gat aneway 192 168 1 20 Description Optional Isolated subnetwork ADD CANCEL Static route configuration These routes can be overwritten if the DHCP protocol is in use Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Quality of Service QoS Quality of service configuration in Zentyal Zentyal is able to perform traffic shaping on the traffic flowing through the server allowing a guaranteed or limited rate or assigning a priority to certain types of data connections through the menu Traffic shaping gt Rules You need to install and enable the Traffic Module for this In order to perform traffic shaping at least an internal n
3. Import Export configuration You can not backup if there are unsaved changes in the configuration Import Export Configuration Local Th Backup the Current State Description i second_migration BACKUP Restore Backup from File Backup file Seleccionar archivo No se ha seleccionado ningun archivo Backups list parasea m O amna O aa migration 2012 09 21 01 55 46 2 38 MB gt Z 19 download restore delete Configuration Report GENERATE AND DOWNLOAD REPORT FILE Configuring the backup Once you have entered the Name for the backup chosen the type of backup incremental or full and clicked on Backup you will see a window which will show the progress of the different modules until the message Backup successfully completed is displayed Afterwards if you return to the former window you can see in the bottom of the page a Backups list Using this list you can restore download to a client disk or delete any of the saved copies Additionally you will have data about the creation date and size In the Restore backup from a file section you can send a security copy file that you have previously created for example associated with a former Zentyal server installation in another host and restore it using Restore You will be asked for confirmation simply remember to be careful as the current configuration will be completely overwritten The restoration process 1s similar to
4. We believe that the reason why this happens is simple to adapt an enterprise level server to an SMB environment the components must be well integrated and easy to administer Similarly the ICT service providers that work for SMBs also need server solutions that require low deployment and maintenance time to stay competitive Traditional Linux server distributions don t offer these characteristics Zentyal Linux server for SMBs Zentyal 1 was developed with the aim of bringing Linux closer to SMBs and to allow them to make the most of its potential as a corporate server It is the open source alternative to Microsoft network infrastructure products aimed at SMBs Windows Small Business a WT 1 a nA a Wm 1 nA a wm c 4 5 Server WiNdOWS Server MUCrosoIt EXcnange MUCrosort Forerront and it is based on the popular Ubuntu distribution Zentyal allows IT professionals to manage all network services such as Internet access network security resource sharing network infrastructure or communications in an easy way via one single platform COMMUNICATIONS GATEWAY 6p Q INFRASTRUCTURE gd L d OrPIog ZENTYAL SERVER ZENTYAL SERVER a 1m Oy by S INTERNAL NETWORKS Example of a Zentyal deployment performing different roles During its development the focus has been the usability Zentyal offers a n intuitive interface that includes the most frequently needed features Although there are other some more complex methods used
5. 9 00 27 00 00 00 User example Password eeeeeeeee Confirm Password eeeeeeceece ADD CANCEL Automatic login This configuration might be useful if as usual in LTSP the computers are used randomly by different people For example if you have a computer in a computer class that any person can use you can avoid management of personal passwords Profile configuration You might want to deploy a infrastructure where from a central server you can serve different images and or configurations depending on the network objective that you wish to serve To do this Zentyal offers the possibility to configure profiles Profiles F Add new SEARCH SIS EE eee ee eee v zt it LII classroom3 10 Y Page 1 Configuration profiles Each one of these profiles will have some associated clients that will be defined through the Zentyal objects High level Zentyal abstractions classroom3 gt Clients Clients Add new eranmi CAnLN ES a aS Ss v classroom3_net x f 10 i Page 1 Profile will be applied on these clients Through the configuration form associated with the profile similar to the general configuration you can decide whether for each one of the parameters you want to apply the values defined in the general configuration or other specific values Download and run thin client Once the images are created and the server is configured you can configure the clients to download and run t
6. Al nee ae Lilet cal elon Home inventory Reports os suppor COMPANY FOR TESTS WITH CLIENTS Ee Loc out Cig System TE Connectivity There is an important password weakness alert There is an important monitor ping latency alert Inventory summary xz File Sharing amp Printers 3 servers f File Sharing amp Printers related elements have not triggered any alert O laptops 0 desktops 1 VM or other Q Browsing f The HTTP proxy is browsing the Internet A Communications f Every mail related element is working fine Inventory Device Type Alerts desktop Skim 192 168 1 100 Microsoft Windows XP Professional VMware Inc VMware Virtual Platform E ummy3 not e las va 192 168 1 100 Microsoft Windows XP Professional VMware Inc VMware Virtual Platform D ennywise es na 192 168 1 100 Microsoft Windows XP Professional VMware Inc VMware Virtual Platform kx theory of a dead man 192 168 1 100 Microsoft Windows XP Professional VMware Inc VMware Virtual Platform Ce 2012 Zentyal Remote developed by Zentyal S L Zentyal Remote Dashboard roubleshooting Zentyal Remote offers a quick and proactive way to identify and resolve incidents By combining alerts inventory information monitoring automated diagnostics knowledgebase remote access and technical support it is possible to solve issues before they affect the users work The concept of Zentyal Remote is similar to that of Zentyal server different com
7. File etc acpi Backup Date Fri Sep 21 02 07 21 2012 Y RESTORE CANCEL Restore Files SEARCH e aa an fetc X11 rgb txt Fri Sep 21 02 07 21 2012 f etc X11 xinit Fri Sep 21 02 07 21 2012 L etc X11 xinit xinitre Fri Sep 21 02 07 21 2012 f fetc X11 xinit xserverrc Fri Sep 21 02 07 21 2012 etc X11 xkb Fri Sep 21 02 07 21 2012 f etc acpi events Fri Sep 21 02 07 21 2012 f etc acpi events powerbtn Fri Sep 21 02 07 21 2012 ra etc acpi powerbtn sh Fri Sep 21 02 07 21 2012 f etc adduser conf Fri Sep 21 02 07 21 2012 f M lt 4 F Page 9 of 211 Restore a file Restore services Apart from the files additional data is stored to allow the direct restoration of some services This data includes e Zentyal configuration backup e backup of the registers database of Zentyal In the tab Services Restore both can be restored for a given date The security copy of Zentyal configuration contains the configuration of all the modules that have been enabled at least once all the LDAP data and any other additional files needed by the modules to function properly You have to be careful when restoring Zentyal configuration because all the current configuration and LDAP data will be replaced Nevertheless for the case of configuration not stored in LDAP you have to click Save changes to make this effective Restore Zentyal configuration from backup Backup Date Fri Sep 21 02 07 21 2012 Y CHANGE Restore
8. Mozilla Firefox L 192 168 56 254 webaccess index p oad dialog amp storeid 0000000038a1bb1005e5101aa1bb08002b2a56 Meeting waisend Esae A gl Gy C Recurrence ACancel invitation 4 Appointment Scheduling To user2 test com Subject Location Label None xi Start time 05 10 2011 E 11 00 All Day Event End time 05 10 2011 E 1130 Reminder 15 minutes F Busy Status Busy z Attachments Contacts Categories Private Sending an event invitation The recipient will receive a custom mail with the event specification including a submenu that allows him her to accept or decline the invitation or even propose a new time Accept Tentative Qj Decine F7 Propose New Time 5j useri user1 lt user1 test com gt To user2 user2 lt user2 test com gt Start date Wed 05 10 2011 11 00 End date Wed 05 10 2011 11 30 Location When Wednesday October 05 2011 11 00 Wednesday October 05 2011 11 30 Where KKK EE a a a a a Receiving a mail invitation Whether you accept or decline the event invitation you can notify the sender back and include an explanatory text In case you accept the event it will be automatically added to your personal calendar Shared contacts Another common use case is to share your business contact to have a centralized and organized point to retrieve this information First of all you can create a contact through the New gt Contact menu
9. It is automatically configured depending on the location chosen earlier but you can modify it in case this is incorrect Based on your present physical location your time zone is Europe Madrid If this is not correct you may select from a full list of time zones instead Is this time zone correct lt Go Back gt lt Tab gt moves lt Space gt s ts lt Enter gt activates buttons Time zone The installation progress bar will now appear You must wait for the basic system to install This process can take approximately 20 minutes depending on the server Installing the base system Retrieving python2 7 Installation of the base system Once installation of the base system is completed you can eject the installation CD and restart the server Finish the installation Installation complete Installation is complete so it is time to boot into your new system Make sure to remove the installation media CD ROM floppies so that you boot into the new system rather than restarting the installation lt Go Back gt Cont inue gt lt Tab gt moves lt Space gt selects lt Enter gt activates buttons Restart Now your Zentyal system is installed A graphical interface in a web browser is started and you are able to access the administrative interface The first boot will take an extra time while it configures core Zentyal modules After the first restart the graphical environment was automatically sta
10. NTP Running Restart Status up internal link ok VPN Running Restart MAC address 08 00 27 e2 8d 6a Zentyal Remote Client Not subscribed IP address 192 168 200 252 Tx bytes Rx bytes Users and Groups Running iB 1B Web Server Running Restart 0B 0B ii fi OpenVPN daemons Dashboard Hardware requirements Zentyal runs on standard x86 or x86_64 64 bit hardware However you must ensure that Ubuntu Lucid 10 04 LTS kernel 2 6 32 supports the hardware you are going to use You should be able to check this information directly from the vendor Otherwise you can check Ubuntu Linux Hardware Compatibility List 6 list of servers certified for Ubuntu 10 04 LTS 7 or by searching in Google The Zentyal server hardware requirements depend on the modules you install How many users will use the services and what their usage patterns are Some modules have low resource requirements like Firewall DHCP or DNS Others like Mailfilter or Antivirus need more RAM memory and CPU Proxy and File sharing modules benefit from faster disks due their intensive I O usage A RAID setup gives a higher level of security against hard disk failures and increased speed on read operations If you use Zentyal as a gateway or firewall you will need at least two network cards but if you use it as a standalone server one network card is enough If you have two or more Internet connections use one network card for each router or conne
11. SSL certificates Network Interfaces eth1 me Name ethi Method z Static External WAN IP address 92 168 56 252 Netmask 255 255 255 0 v CHANGE Virtual Interfaces 255 255 255 0 Y Static configuration of the network interface If you use an ADSL router PPPoE 1 a connection method used by some Internet providers you can also configure these types of connections To do this you only have to select PPPoE and introduce the Username and Password supplied by your provider Network Interfaces eth1 Name aii ethl Method PPPoE External WAN CHANGE PPPoE configuration of the network interface If you connect the server to one or more VLAN networks select Trunk 802 11q Once selected using this method you can create as many interfaces associated to the defined tag as you wish and consider them as if they were real interfaces The VLAN network infrastructure allows you to segment the local network to improve performance and security without the need to invest in hardware that would usually be necessary to create each segment Network Interfaces eth1 me Nama eth1 Method Trunk 802 1q Y CHANGE VLAN List VLAN configuration of the network interface The bridged mode consists of associating two physical network interfaces attached to your server that are connected to two different networks For example one card connected to the router
12. example the GET index html HTTP I 1 requests the resource index html using GET and by using the HTTP 1 1 protocol e A line with headers such as Host Cookie Referer or User Agent amongst others For example Host zentyal com informs that a request is made to the domain zentyal com e A blank line e A body with optional format used for example to send data to IAA INTE the server using the POS I method The Host header is used to specify which domain you need to send the HTTP request This allows different domains with different web pages to exist on the same server The domains therefore will be resolved to the same IP address of the server after reading the Host header the server can designate the virtual host or domain to which the request is addressed There are several methods that clients can use to request data although the most common ones are GET and POST GET Requests a resource It is a harmless method as far as the server is concerned and does not cause any changes to the hosted web applications HEAD Requests data from a resource like GET but the response will not include the the body only the header Hence it allows you to obtain metadata from the resource without downloading it POST Sends data to a resource that the server must process through a web form for instance The data is included in the body of the request PUT Sends an item to be stored on a specific resource It is used
13. if you need to call more than one user from an extension you must use queues Asterisk account User account Enabled Y Extension 1000 CHANGE Managing the VoIP per user When editing a group you can enable and disable group s queue A queue is an extension and when a call is made to a queue all the users who belong to this queue will receive the same call Asterisk group queue Group queue Enabled Y Extension 9001 CHANGE Managing the VoIP queues per group Using Zentyal VolP features Call transferring The call transferring feature is quite simple While you are in a conversation press and then dial the extension where you need to transfer the current call You can hang up afterwards as the call will be ringing on the called extension Call parking N Call parking works on the extension 700 Whilst you are in a conversation press to initiate a transfer then dial 700 The extension the call has been parked to will be announced to the called person The caller will listen to call hold music if configured You can hang up now From a different phone or a different user the called person or group will dial the announced extension and the parked user will receive a wake up and the call can start On Zentyal the call parking can hold up to 20 concurrent calls and the maximum time a call can be parked is 300 seconds Voice mail Using the extension 1 you can check your voice mail The user and
14. A 7w 4 val ay N 4 bad sare 4 3 ubuntu E preferences J Thin client running Obviously the users that can login in the thin client will be configured through Zentyal s Directory Service LDAP module Copyright 2004 2012 Zentyal S L ltsp22 192 168 1 22 14 09 J2 PA O H Right Alt Home Company Download Documentation Screenshots Forum Contribute Store Certification authority CA Zentyal uses OpenSSL 4 for the management of the Certification Authority and the life cycle of the issued certificates issued 4 http www openssl org Certification Authority configuration with Zentyal In Zentyal the Certification Authority module is self managed which means that it does not need to be enabled in Module status However you have to initialize the CA to make the functionality of the module available Go to Certification Authority General and you will find the form to create the CA You are required to fill in the Organization Name and Days to expire fields Optionally it is possible to specify the Country code a two letter acronym following the ISO 3166 1 standard 5 City and State Create Certification Authority Certificate Organization Name Country code Optional US City Optional State Optional Days to expire Example Corp Inc Chicago Illinois 3650 CREATE Create the CA certificate When setting the expiration date you have to ta
15. As you can see the form is quite complete you can include several phone numbers email and addresses portrait attached files department role etc Contact Mozilla Firefox 192 168 56 254 Contact Bsae 7 ll 4 xX General Detaits l Name Photo Full Name John Smith Function cTO Company Example File as Smith John zi Phone numbers Email Business 98798799 Email f johnsmith example com Home 98798797 Display Name Smith John johnsmith example com Business Fax 98798791 Webpage Mobile X IM Address Addresses Additional Information Business gt Use this address for mailing Street City State Province ZIP Postal code Attachments Country Region Attachments Contacts Categories Private Creating a new contact Once you have created the contact you can share the folder by nght clicking over the folder and accessing Properties in this submenu you access the tab Permissions and click on the Add button Add the user Everyone access for all Zarafa users and choose the Profile Only read After this just Accept Properties Mozilla Firefox 192 168 56 254 Properties General Permissions Everyone Add Remove r Permissions Profie Only read Create items Folder permissions Read items Folder visible Create subfolders Edit items Delete items None None Own Own All All Ok k Can
16. Ed 10 Page 1 MJ 4 LP i Available printers Clicking on the Access Control button of the printer you can configure the access control list ACL for this printer Adding a new ACL User Group user v Administrator Permissions Print v Access Control jsmith user Print x e 10 Y Page 1 CCC Available printers Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Backup Zentyal configuration Backup Zentyal offers a configuration backup service to ensure the recovery of a server when a disaster occurs for example a hard disk failure or a human error while managing configurations Backups can be made locally saving them on the local hard drive of the Zentyal host After this it is recommended to save them to an external physical system so if the machine suffers a failure you still have access to this data It is also possible to automatically perform the backups using a commertial version of Zentyal Both the Small Business and the Enterprise version include seven configuration backups in the cloud and the cloud Disaster Recovery service Even if you register the Zentyal server for free you will have one cloud configuration backup Using any of this options you will be able to quickly recover your Zentyal configuration from the remote servers in the event of a total system failure To access the backup options go to System
17. Ee oe AR eee cee ee Se Ae enterprise server to ensure ule recovery Process alter a laure OF musnap of your systems protecting you from data loss and downtime Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Directory Service LDAP Zentyal integrates OpenLDAP 3 as a directory service with Samba 4 to implement the domain controller functionality of Windows and also file and printer sharing 3 http www openldap org 4 http en wikipedia org wiki Samba_ software Configuration of an LDAP server with Zentyal LDAP configuration options Going to Users and Groups LDAP Settings you can check the current LDAP configuration and perform some adjustments related to the configuration of PAM authentication on the system In the upper part you can see the LDAP Information LDAP Settings LDAP information Base DN dc zentyal domain dc lan Root DN cn zentyal dc zentyal domain dc lan Password DYuMpiZwMwJEhvpnCeqgO Users DN ou Users dc zentyal domain dc lan Groups DN ou Groups dc zentyal domain dc lan LDAP configuration in Zentyal Base DN Rase af the damain names in this server as auw Va 2 ede ee a eee ee eee Se ee ee Ook SS te y wa e Root DN Domain name of the server root Password The password of other services and applications that want to use this LDAP server If you want to configure a Zentyal server as a slave of this server t
18. MIME types Add new seanen nes v application compress w L application futuresplash 4 application gzip s a L application java vm v olie application x compress w L application x gzip v application x shockwave flash application x shockwave flash2 preview AI AIA ol N application zip audio mpeo osv og 20 pages or2 OLOA MIME type filter As you can see in the image above the column Allow allows you to configure whether the default behaviour will be to deny or to accept a given type 3 http en wikipedia org wiki Mime_type You will find a similar interface to configure allowed file extensions File extensions F Add new exe a U eee On ne HOO Blocking exe files Bandwidth Throttling Zentyal s Proxy allows you to implement a flexible limit to control the bandwidth used by your users while browsing the web This limit is based on the Token Bucket algorithms 4 You have a bucket with a bandwidth reserve and a refilling speed The emptying speed will depend on the user s download If the user uses the connection sensibly the bucket will refill faster than he she empties it so there will be no penalization If the user start to empty the bucket much faster than the refilling rate it will empty and then he she will have to settle with just the refilling speed For each bandwidth throttling rule you configure you have two types of buckets
19. Monitor Last hour bandwidth usage Configure interfaces Configure interfaces Saree 10 v Page 1 KKDE Configuration tabs for the interfaces to monitor Configure interfaces In this tab you can configure the internal interfaces you are going to monitor By default it is enabled for all of them Bandwidth Monitor show help Last hour bandwidth usage Configure interfaces Last hour bandwidth usage External in External out Internal in Internal out 192 168 100 118 8 4 MB 1 7 MB 40 3 KB 23 5 KB A 192 168 100 140 192 168 100 25 55 9 KB 55 0 KB 22 3 KB 15 3 KB ld 192 168 100 17 107 6 KB 264 1 KB 3 5 KB 1 5 KB 192 168 100 16 1 3 KB 2 5 KB 192 168 100 105 48 9 MB 2 6 MB 384 9 KB 122 3 KB d 192 168 100 119 4 8 MB 21 2 MB 45 7 KB 34 2 KB 192 168 100 24 114 8 KB 276 5 KB 5 3 KB 5 5 KB ld 192 168 100 12 3 2 KB 2 7 KB 3 9 KB 192 168 100 144 16 7 MB 807 5 KB 47 0 KB 51 7 KB d Page10f5 L n Tab detailing the badwidth usage in the last hour Last hour bandwidth usage Here you can see a list of the bandwidth usage during the last w w hour for all the clients connected to the monitored interfaces The columns show for each client IP the amount of traffic trasmitted to and from the external network and the internal networks Warning The data in this tab is updated every 10 minutes thus you will not have any available information for the first moments after configuring
20. Page 1 Interfaces on which you can offer DHCP Common options Once you click on the configuration option of one of these interfaces the following form will appear Common options Default gateway Zentyal v Search domain Zentyal domain Y zentyal domain lan Y Primary nameserver local Zentyal DNS Y Secondary nameserver Optional NTP server local Zentyal NTP Y WINS server None v CHANGE DHCP service configuration The following parameters can be set in the Common options tab Default gateway This is the gateway that clents will use to communicate with destinations that are not on your local network such as the Internet Its value can be Zentyal a gateway set Network gt Routers or a Custom IP address Search domain This parameter can be useful in a network where all the hosts are named under the same subdomain Thus when attempting to resolve a domain name unsuccessfully for example host a new attempt would be carried out by adding the search domain at the end host zentyal lan Primary name server It specifies the DNS server that clients will use first when they have to resolve a domain name Its value can be Local Zentyal DNS or the IP address of another DNS server If you select your own Zentyal as the DNS server make sure that the DNS module 5 is enabled Secondary name server DNS server to be used by clients in case primary DNS server is unavailable Its value must be an IP addr
21. Sharing General configuration 2 File Sharing Server Role Domain controller 7 Realm ZENTYAL DOMAIN LAN NetBIOS domain name ZENTYAL DOMAIN NetBIOS computer name zentyal server aescription 7 Zentyal File Server Enable roaming profiles Drive letter HW F CHANGE General configuration of file sharing The domain is set to work within the Windows local network and the NetBIOS name is used to identify the Zentyal server You can use a long description to describe the domain To create a shared directory use File Sharing Shares and click Add new Adding a new share Enabled y Share name i invoices Share path s Directory under Zentyal Y invoices Comment invoices Guest access ADD CANCEL Adding a new share Enabled Leave it checked if this directory needs to be shared Disable to stop sharing Share name The name of the shared directory Share path Directory path to be shared You can create a sub directory within the Zentyal specific directory home samba shares or use an existing file system pathway by selecting Filesystem path Comment A more detailed description of the shared directory simplifies management of shared assets Guest access Enabling this option allows a shared directory to be accessible without authentication Any other access settings will be ignored Add new SEARCH invoices invoices invoices ut xt 5 L
22. a rule to all the traffic going through the proxy Warning Because of some limitation in DansGuardian it s not possible to perform certain mixes of group based rules and object based rules Zentyal s interface will warn you if it detects one of this cases Again similarly to the Firewall once the traffic has matched one of the rules you have to specify a Decision in the case of the Proxy you have three options e Allow all Accepts all the traffic without making any check it still allows the user to have a web cache and the administrator to have an access log e Deny all Denies all the connection attempts to the web e Apply filter profile For each request it will check that the contents don t violate any of the filters defined in the profile we will talk about the available filters in the next section Let s study the following example SEARCH Weekend Any Allow All olr E k OS k 4 All time Object Marketing Apply strict_filter profile amp N D All time Object Developers Allow All x lt N 10 F Page 1 Access rules example Anyone will be able to access without any restriction during the weekends because is the upper most rule At any other time the requests coming from the Marketing object will have to be approved by the filter defined in strict_filter the request coming from the object Developers will access without restrictions The r
23. about this with a Undelivered Mail Returned to Sender message Drop silently Discard the message before it reaches the recipient without notifying the sender or his her server From Virtual domains you can configure the behaviour of the filter for virtual domains of the email server These settings override the previously defined default settings To customise the configuration of a virtual domain of the email click on Add new F Add new SEARCH Spam Learning Learning Antispam threshold ham account spam account sender policy eee ng L v default x als domain lan IO x Page 1 Filter parameters per virtual domain of the mail The parameters that can be overridden are the following Domain Virtual domain you want to customise Those configured in Mail gt Virtual domain are available Use virus spam filtering If enabled the email received in this domain will be filtered in search of viruses or spam Spam threshold You can use the default score for spam or custom value Ham spam learning account If enabled ham domain and spam domain accounts will be created The users can send emails to these accounts and train the filter All the email sent to ham domain will be recorded as not spam the email sent to spam domain will be recorded as spam Once you have added the domain you can add addresses to your whitelist blacklist or force the processing from Antispam policy for senders Copyright 2004 2012 Zenty
24. and another card connected to the local network By using this association you can redirect the network traffic transparently from one card to the other The main advantage here is that client configurations do not need changing when the Zentyal server gateway is deployed Traffic that passes through the server can be managed using content filtering or the intrusion detection system 7 a ste z am 1 1 a1 a rad 1 l a e E You can create this association by changing the intertace with briagea network You can see how by choosing this option for a new Bridged network Then you can choose the group of interfaces you want to associate to this interface Network Interfaces eth2 Name eth2 Method Bridged External WAN Bridge z bri CHANGE Creating a bridge This will create a new virtual interface bridge which will have its own configuration as well as a real interface Network Interfaces i bri Method Static Y IP address 292 168 150 3 Netmask 255 255 255 0 Vv Configuring bridged interfaces In case you need to configure the network interface manually define the gateway to Internet using Network Gateways Normally this is automatic if DHCP or PPPoE is in use but not in other cases For each gateway you can indicate the Name IP address Interface to which it is connected The Weight defines the priority compared with other gateways and whether it is Predetermined by
25. and enabling the module Alerts The monitoring system would be largely unused 1f it was not coupled with a notification system to warn users when uncommon values are produced This ensures that you know when the host is suffering from an unusual load or is close to maximum capacity Monitoring alerts are configured in Events module Go to Maintenance gt Events gt Configure Events here you can see the full list of available alerts the relevant events are grouped in the Monitor event Configure monitor watchers SEARCH Physical memory usage System load File system usage HE HE He 3 NUNN IN CPU usage 10 Page 1 Configuration screen for the monitor observers Clicking on the cell configuration you access the event configuration You can choose any of the monitored metrics and establish thresholds which trigger events Adding a new Threshold Enabled Failure minimum Optional Warning minimum Optional Warning maximum Optional Failure maximum Optional Invert _ Send events Always v Measure instance CPU 0 usage 7Y Type da idle v Data Source 5 not applicable Y ADD CANCEL Configuration screen for event thresholds There are two different thresholds warning and failure this allows the user to filter events based on severity You can use the option reverse to swap the values that are considered right and wrong Other important option is persistent Depe
26. automatically performed will no longer be valid In this case you will have to copy the relevant DNS registers manually Network configuration with Zentyal Through Network gt Interfaces you can access the configuration of each network card detected by the system and you can select between a static configuration manually configured dynamic DHCP configuration VLAN 802 1Q trunk PPoE or bridged In addition you can define each interface to be External if it is connected to an external network such as the Internet In order to apply stricter firewall policies If you don t do this the interface is considered internal connected to a local network When you configure an interface to serve DHCP not only do you configure the IP address but also the DNS servers and gateway This is usual for hosts within the local network or for external interfaces connected to the ADSL routers Network Interfaces etho Ni ome etho Method DHCP External WAN s CHANGE DHCP configuration of the network interface If you decide to configure a static interface you must specify the IP address and the network mask You can also associate one or more Virtual Interface to this real interface to use additional IP addresses These additional addresses are useful to provide a service in more than one IP address or sub network to facilitate the migration from a previous scenario or to have a web server with different domains using
27. available global and per client Each client will consume their personal buckets and everyone included in the object will consume the global bucket Tip This type of algorithms are useful to allow medium size downloads if they are not sustained over the time For example in an education context you can allow to download PDFs this will consume part of the bucket but will download at maximum speed If an user tries to download using P2P he she will consume the bucket very quick SEARCH Maximum Maximum unlimited Maximum download eerie wD download rate size per client rate per client Developers Unlimited Unlimited 50 MB 30 KB s 10 F Page 1 Bandwidth Throttling 4 http en wikipedia org wiki Token_bucket Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Captive Portal Zentyal implements a Captive Portal service which allows you to limit the access to the network from the internal interfaces Configuring a captive portal with Zentyal Through the Captive Portal menu you can access the Zentyal s captive portal configuration Captive Porta show help ons Settings Excepti General Settings Group All users Y Only users in this group will be allowed to login Expiration time seconds 60 HTTP port HTTPS port 4443 CHANGE Bandwidth Settings Limit bandwidth usage Bandwidth quota 700 MB Maximum bandwidt
28. configure the authentication of the VoIP phones go to VolP Phones Phones Adding a new phone Enabled Ext ion xtension 4500 Password Voicemail 4501 Email notified Optional xample mail org Description Optional John s office phone ADD CANCEL Adding a VoIP phone Enabled Whether this phone configuration is enabled Extension Extension to dial to reach this phone Password Needed to authenticate the phone against Zentyal it will have to be configured in the phone itself as well Voicemail The device available through this extension will store the voicemail for this phone Email notified This email address will receive the voicemail messages as an attachment Description Description of the specific phone You can access the conference configuration through VolP Meetings Here you can configure multiple conference rooms These rooms extension should fit in the 8001 8999 range and optionally have an access password an administration password and a description These extensions can be accessed from any server by dialling extension domain tld List of Meetings Add new SEARCH a v 8200 main room Mra v 8250 i second meeting room ee Page 1 List of meetings When you edit a user you will be able to enable and disable this user s VoIP account and change his her extension Take into account that an extension can only be assigned to one user and no more
29. contains the following parameters Adding a new gateway Enabled Name gatewayl IP address 59 gt 168 100 253 Weight Default ADD CANCEL Adding a Gateway Enabled Indicates whether this gateway is effectively working or if it is disabled Name Name used to identify the Gateway IP Address IP Address of the gateway This address has to be directly accessible from the host Zentyal is installed on this means without other routers in the middle Weight The heavier the weight more traffic will be sent using this gateway if you have traffic balancing enabled For example if the first gateway has a weight of 7 and the second one has a weight of 3 7 bandwidth units will go through the first one per each 3 bandwidth units that go through the second one in other words 70 of the traffic will use the first gateway and the remaining 30 will use the other one Default If this option is enabled this will be the default gateway If you have configured interfaces as DHCP or PPPoE 2 you can not add a gateway explicitly for these because they are automatically managed Nevertheless you can still enable or disable them by editing the Weight or choosing whether one of them is the Default but it is not possible to edit any other attributes Gateways List Add new SEARCH Bt eet cfc Brera Bawls eaa acd dhcp gw eth0O 192 168 1 1 eth0 lt N v dhcp gw eth3 192 168 1 1 eth3 1 x x
30. control for the management of updates Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Zentyal Remote Client About Zentyal Remote Zentyal Remote is a solution that provides automatic maintenance of servers as well as real time monitoring and centralised management of multiple Zentyal installations It offers features such as quality assured software updates alerts and reports on server performance network inventory security audits disaster recovery advanced security updates network monitoring and remote centralised and secure management of groups of servers as well as the remote access and inventory for desktop 1 If you don t have a Zentyal server commercial edition you can still register your community server This entitles you to store one remote configuration backup create zentyal me subdomain for your server and to see your Zentyal server name in the web browser tab In the following pages you will learn how to register your server to Zentyal Remote with a community server and you will see the additional functionality that a registered server offers Please remember that Zentyal servers in production environments should always have commercial editions to guarantee maximum security and system uptime 2 1 http www zentyal com services 2 http www zentyal com which edition is for me Registering Zentyal server to Zentyal Remote To registe
31. even in prestigious institutions such as NASA Zentyal development is funded by Zentyal S L Zentyal is full featured Linux server that can be used for free without technical support or updates or fully supported for a reasonable monthly fee The commercial editions are aimed at two clearly different type of customers On one hand Small Business Edition is aimed at small businesses with less than 25 users and with one single server or very simple IT infrastructure On the other hand Enterprise Edition is aimed at small and medium businesses with more than 25 users and more complex IT infrastructure The commercial editions come with the following services and tools Full technical support by Zentyal Support Team Official support guaranteed by Ubuntu Canonical Software and security updates Remote monitoring and management platform of servers and desktops Disaster recovery e Proxy HTTPS e Multiple server administrators Zentyal S L also offers the following cloud based services that can be integrated in the commercial editions of the Zentyal server or used independently e Cloud based email solution e Cloud based corporate file sharing solution COMMUNICATIONS GATEWAY 6p GATEWAY INFRASTRUCTURE Ei INFRASTRUCTURE OFFICE 1 Professional network infrastructure at an affordable monthly cost GATEWAY 6p INFRASTRUCTURE CH OFFICE 3 COMMUNICATIONS OFFICE en L in ty by S OFFICE 2 In case that
32. for example by WebDAV 4 a set of HTTP protocol methods which allow collaboration between users when editing and managing files DELETE Deletes the specified resource Also used by WebDAV TRACE Informs the server that it must return the header sent by the client This is useful to see whether the request has been modified on its way to the server for example by an HTTP Proxy The server response has the same structure as the client request except for the first line The first line contains lt status code gt lt text reason gt avwa a w arna vy LALALA WO a naw arna vy szsaenw ww LY arava al Sd AA nad v vu wrur a a Ana ewervvtvr 9 which is the response code and textual explanation of it The most common response codes are 200 OK The request has been processed correctly 403 Forbidden The client does not have permission to access the requested resource 404 Not Found The requested resource was not found 500 Internal Server Error Server error has occurred preventing the correct processing of the request Client Server GET HTTP 1 1 User Agent Safari 528 16 Accept application xml application xhtml xml text html Accept Language en us Accept Encoding gzip deflate Connection keep alive Host ebox platform com HTTP 1 1 200 OK Date Fri 27 Feb 2009 16 41 14 GMT Server Apache 2 2 9 Ubuntu Content Length 6015 Last Modified Fri 27 Feb 2009 16 40 44 GMT Content Type text html ch
33. in Traffic between internal networks and from internal networks to Internet Additionally each installed module adds a series of rules in sections Traffic from internal networks to Zentyal and Traffic from external networks to Zentyal normally allowing traffic from internal networks and denying from the external networks This is made implicit but it simplifies the firewall management by allowing the service Only the parameter Decision needs to be changed and you do not need to create a new rule Note that these rules are added during the installation process of a module only and they are not automatically modified during future changes Finally there is an additional field Description used to add a descriptive comment about the rule policy within the global policy of the firewall Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Routing Zentyal uses the Linux kernel subsystem for the routing configured using the tool iproute2 1 1 http www policyrouting org iproute2 doc html Configuring routing with Zentyal Gateway The gateway is the default router for the connections associated with a destination that is not in the local network This means if the system does not have static routes defined or if none of these match with the desired transmission the gateway will be used by default To configure a gateway in Zentyal go to Network gt Gateways which
34. in the multirouter 2 scenario you must not forget to create a rule to ensure the connections to the provider always use the same gateway 1 http en wikipedia org wiki PPPoE Network diagnosis To check that the network has been configured correctly you can use the tools available in Network Tools Ping is a tool that uses the ICMP network diagnosis protocol to observe whether a particular remote host is reachable by means of a simple echo request Network Diagnostic Tools Ping Host www zentyal org PING Traceroute Host TRACE Domain Name Resolution Domain name z LOOKUP Wake On LAN MAC address WAKE Output Network diagnosis tools ping You can also use the traceroute tool that is used to determine the route taken by packages across different networks until they reach a given remote host Traceroute Host wikipedia org TRACE Domain Name Resolution Domain name LOOKUP l Wake On LAN MAC address WAKE Output Tool traceroute Also you can use the domain name resolution tool which is used to verify the correct functioning of the name service Domain Name Resolution Domain name zentyal org LOOKUP Wake On LAN MAC address WAKE Output Domain name resolution The last tool is Wake On Lan which allows you to activate a host using its MAC address if this feature is enabled in the target Copyright 2004 2012 Zentyal S L Home Company Download Docu
35. mail from the servers is discarded or not hindering the spamming process These servers are optimised to send as many emails as possible in minimal time For this messages are auto generated and sent without caring if they are received When you have a grey list system the emails considered as potential spam are rejected and the mail server is asked to send the email again If the server is actually a spammer server it nrahahlw daecn t have the necececary tanle ta manage thic reanect and at pavveviy uUuVVoL LUV wiw LAWAAI y wvtbd Ww LLIGUE w UMLLO LLA UAIL aU therefore the email will never reach the recipient On the contrary if the email was legitimate the sending server will simply re send mail 1 Zentyal uses postgrey http postgrey schweikert ch as a postfix policy manager The Zentyal strategy is to pretend to be out of service When a new server sends an email Zentyal responds J am temporarily out of service during the first 300 seconds 2 If the sending server complies with the request it will re send the email after this time and Zentyal will mark it as a valid server Zentyal does not include email sent from internal networks on the gray list or from objects with an allowed email relay policy or from addresses that are in the antispam whitelist 2 Actually the mail server responds Greylisted i e moved to the grey list and pending to allow or disallow the mailing once the configured time has
36. one the one that will be used to access the Internet during the installation The installer will try to auto configure it using DHCP If you only have one interface you will not see this question Configure the network Your system has multiple network interfaces Choose the one to use as the primary network interface during the installation If possible the first connected network interface found has been selected Primary network interface etho lt Go Back gt Intel Corporation 82540EM Gigabit Ethernet Controller ethi Intel Corporation 82540EM Gigabit Ethernet Controller eth2 Intel Corporation 82540EM Gigabit Ethernet Controller lt Tab gt moves lt Space gt selects lt Enter gt activates buttons 0 0202020222222222 Select primary network interface Now choose a name for your server this name is important for host identification within the network The DNS service will automatically register this name Samba will also use this domain name as you will see later Please enter the hostname for this system The hostname is a single word that identifies your system to the network If you don t know what your hostname should be consult your network administrator If you are setting up your own home network you can make something up here Hostname lt Go Back gt lt Cont inue gt lt Tab gt moves lt Space gt s ts lt Enter gt activates buttons Hostname Next the installer will ask you
37. passed The Grey list can be configured via Mail Grey list with the following values Greylist configuration Enabled Y Greylist duration seconds Retry window hours Entries time to live days CHANGE Grey list configuration Enabled Click to enable greylisting Grey list duration seconds Seconds the sending server must wait before re sending the email Retry window hours Time in hours in which the sending server can send mail If the server receives any mail during this time this server will go to the grey list In a grey list the server can send all the emails it wishes with no time restrictions Entry time to live days Days the data of the evaluated servers will be stored in the grey list After the configured days when the server sends email again it must go through the greylisting process described above Content filtering system The mail content filtering is processed by the antivirus and spam detectors To carry out this task Zentyal uses an interface between the MTA and these applications Therefore the amavisd new 3 application is used to ensure that the email is not spam and it does not contain viruses In addition amavisd carries out the following checks e File extension and black and white lists e Mail filtering of emails with malformed headers 3 Amavisd new http www ijs si software amavisd Antivirus Zentyal uses the ClamAV 4 antivirus an antivirus toolkit
38. pe a v addresses in the Fixed addresses section To fill this section you need an object which members are pairs of host IP addresses 32 and MAC addresses You can create this object from Network gt Objects or directly in the quick menu offered in the DHCP interface An address assigned in this way can not be part of any range You can add an optional Description for the allocation as well You can se DHCP clients with dynamic allocations static allocations will not be shown thanks to a widget that will appear in the Dashboard 192 168 200 20 08 00 27 c4 63 b9 cliente VirtualBox Client with dynamic allocation enabled 5 See Domain Name System DNS section for details 6 See Time synchronization service NTP section for details 7 http en wikipedia org wiki Windows_Internet_Name_Service 8 See File sharing and authentication service section for details Dynamic DNS options The dynamic DNS options will allow to assign domain names to DHCP clients through the integration of DHCP and DNS modules Thanks to this it is easier to recognize machines located in the network they can be recognized by an unique domain name instead of an IP address that might change Dynamic DNS Options Enabled Dynamic domain zentyal domain lan Y Static domain Same as Dynamic Domain Y CHANGE Configuration of dynamic DNS updates To use this option you must go to the tab Dynamic DNS options and to enable
39. preloaded with all the Snort rulesets installed on your system A typical set of rules is enabled by default You can save CPU time disabling those rules you are not interested in for example those related to services not available in your network If you have extra hardware resources you can also enable additional rules SEARCH attack responses v f backdoor v f bad traffic v f chat community bot v f community dos v f community exploit v f community ftp v f community game f community icmp f i0 Page 1of8 IDS rules IDS Alerts So far the basic operation of the IDS module has been described This is not very useful by itself because you will not be notified when the system detects intrusions and security attacks against the network As you are going to see thanks to the Zentyal logs and events system this notification can be made simpler and more efficient The IDS module is integrated with the Zentyal logs module so 1f the latter is enabled you can query the different IDS alerts using the usual wnennadiea Ciamilaelse WIA man nan fai ewes AN arrant far ANT anf thana alarta PlVYUCCUUIYS OJUIially yUU tall CULLIIP ULE dll OVOLIL LUI daily Ul ULOSU AICLLS to notify the systems administrator For additional information see the Logs chapter Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Zentyal Office This section explains some of the se
40. previously revoked or expired certificate Issue a New Certificate Common Name t ire Days to expire 3650 Subject Alternative Names Optional ISSUE Current Certificate List Name State Date Actions Cc hosti example com Valid 2022 09 10 18 42 00 eo 0 webserver example com Valid 2022 09 10 18 42 00 Z et Revoke Download Key s and Certificate l Renew or reissue Certificate list page r o The package with the keys contains also a PKCS12 file with the private key and the certificate and it can be installed directly into other programs such as web browsers mail clients etc If you renew a certificate the current certificate will be revoked and a new one with the new expiration date will be issued And if you renew the CA all certificates will be renewed with the new CA trying to keep the old expiration date If this is not possible because it is after the date of expiry of the CA then the date of expiration is set as the one of the CA Renew a certificate Common Name webserver example com Expiration Date 2022 09 10 18 42 00 Subject Alternative Names t ire Days to expire 3000 RENEW CANCEL Renew a certificate If you revoke a certificate you will not be able to use it anymore as this action is permanent and it can not be undone Optionally you can select the reason of the certificate revocation unspecified reason non specified keyCompromise the private key has been compromis
41. thin clients AutoLogin As you will see in the section AutoLogin this option will allow login depending on the network MAC in the thin client Guest Login Here you can decide whether limited login will be possible without a personal account Sound The thin client will be able to reproduce sound if this option is enabled Keyboard layout Mapping between keys and characters to apply Time server Server to update the time in the clients by default it will be the same as used for the images Shutdown time In some cases you might want to switch off at a specific time a room of thin clients this option allows you to specify the time FAT Client RAM Threshold MB The clients that were provided a fat client image but do not reach this RAM threshold will behave like thin clients The ITCP cerver acenciated with the thin client madule af Zentval Limi Ge ASUA Setanta Le eR SE oN Ay counts on many more advanced configuration options In case you want to use one of the options not mentioned here the interface gives you the option to add it as a name value pair in the lower part of the form Other options 7 7 http manpages ubuntu com manpages precise man5 Its conf 5 html Configuration of automatic login If this option has been enable as mentioned in the previous section it is possible for a thin client to login directly depending on its MAC address Adding a new user and pass Enabled Client MAC
42. threshold The filter will learn that email is spam if the score is above this value You should not set a low value since it may cause false positives The value must be greater than the spam threshold Autolearn ham threshold Filter will learn if the email is ham if the score is below this value You should not set a high value since it may cause false negatives The value must be less than 0 From Sender Policy you can configure senders whose emails are always accepted whitelist always marked as spam blacklist or always processed by the antispam filter process If a sender is not listed here the default behaviour will be process From Train Bayesian spam filter you can train the Bayesian filter by sending it a mailbox in Mbox 7 format containing only spam or ham You can find many sample files from the Internet to train the Bayesian filter but usually you get more accurate results if you use email received from the sites you need to protect The more trained the filter is the better results you get when testing if a message is junk or not 7 Mbox and maildir are email storage formats independent of the the used email client For Mbox all the emails are stored in a single file whilst maildir organises emails into separate files within a directory SMTP mail filter From Mail filter gt SMTP mail filter you can configure the behaviour of the described filters when Zentyal receives mail by SMTP From General you can
43. to carry out all kinds of advanced configurations Zentyal incorporates independent applications into fully integrated functions automating most tasks This is designed to save systems management time Given that 42 of security issues and 80 of service outages in companies are due to human error in the configuration and administration of these systems 2 Zentyal is a solution that is not only easier to manage but also more secure and reliable To sum up besides offering significant savings Zentyal improves security and availability of network services within the companies The Zentyal development began in 2004 under the name of eBox Platform and it has grown to become a widely used and highly recognised solution The platform integrates over 30 open source systems and network management tools into a single technology Zentyal has been included in Ubuntu since 2007 and since 2012 the commercial editions are officially supported by Canonical the company behind the development of Ubuntu currently Zentyal is downloaded over 1 000 times every day and has an active community of thousands of members There are tens of thousands of active Zentyal installations mainly in America and Europe although its use is extended to virtually every country on earth The US Germany Spain Brazil and Russia are the countries with most installations Zentyal is mainly used in SMBs but also in other environments such as schools governments hospitals and
44. to find the image within the server In case Zentyal is used as a thin client server choose image Architecture You can also choose if you want to use thin or fat client 10 To do this you must have created the mentioned image previously as well as have carried out the rest of the configurations that will be explained in the Thin client service LTSP 10 Detailed information regarding the differences between thin and fat clients https help ubuntu com community UbuntuLTS P FatClients Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Thin client service LTSP Configuration of a thin client server with Zentyal Creation of thin client images To start with you have to create the images that will be sent through the network to your thin clients In the context of thin clients you must take into consideration that the applications will be run on the operating system of the server expect for the local applications or fat clients that will be mentioned later in this chapter Therefore you must install a desktop environment and all the other applications that you wish to use on the thin clients Once the necessary applications environments are installed you can start building the image by going to Thin clients tab Create thin client images Here you choose the hardware architecture compatible with the client hardware if you wish the clients to act as thin or fat cl
45. understand the context of Zentyal as well as the installation process and walks you through the first steps required to use the system The following four chapters introduce you to the four typical installation profiles Zentyal as a network infrastructure server as a server giving access to the Internet or Gateway as an office server or as a communications server This differentiation into four functional groups is only made to facilitate the most typical Zentyal deployments It is also possible to deploy any combination of Zentyal server functionality Finally the last chapter describes the tools and services available to carry out and simplify the maintenance of a Zentyal server ensuring its smooth running optimising its deployment resolving incidents and recovering the system in case of a disaster Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Installation Generally speaking Zentyal is meant to be installed exclusively on one real or virtual machine However this does not prevent you from installing other applications that are not managed through the Zentyal interface These applications must be manually installed and configured Zentyal runs on top of Ubuntu l server edition always on LTS Long Term Support 2 versions LTS has longer support periods five years instead of three You can install Zentyal in two different ways e using the Zentyal inst
46. wiki Asterisk_ PBX VoIP server configuration with Zentyal Zentyal VoIP module allows you to easily manage an Asterisk server with the users that already exist on the system s LDAP server and to configure the most common features VoIP provider OF E Ter ZENTYAL Basic diagram of how VoIP works As usual the module must be enabled first Go to Module Status and calact the ValP checkhay The leare and arniine chanld he enahled OWINNL UI V UII CILIN UUA ALI WU lVv UII y vupyv YLLVUUIY U YLIGavIVU beforehand VoIP R General configuration Enable demo extensions f Enable outgoing calls VoIP domain z zentyal zentyal domair CHANGE SIP provider Recipient of incoming calls CHANGE NAT configuration Zentyal is behind NAT No CHANGE Local networks Add new VoIP configuration window in Zentyal To change the general configuration go to VoIP General Once there the following general parameters should be configured Enable demo extensions Enables the extensions 4 and 6 If you call to the extension 4 you will be able to hear the waiting musing Using the extension 6 you will have an echo test to give you an estimation of the latency in your calls Enable outgoing calls This enables outgoing calls through a SIP provider to call regular phones To call through the SIP provider add an additional zero before the number to call For instance to call Zentyal offi
47. 0200 View Results 0 Remove 2012 Zentyal Remote developed by Zentyal S L Group task management Remote management and inventory The possibility to remotely access servers and desktops is critical to provide remote support to end users This remote access is carried out in a secure way through web avoiding plenty of trips and it is the key to provide quality service at a competitive price Moreover the issues can be scaled to the Zentyal Support team that with the support of Canonical can diagnose and find solution to the reported issues Finally the hardware and software inventory of the equipments helps to document and manage the available network resources Zentyal Remote test user neve J settincs Ee Loco TEST GROUP Device Type IP Operating System Model dummy1 fo nad 192 168 1 100 Microsoft Windows XP Professional VMware Inc VMware Virtual Platform dummy2 fs va 192 168 1 100 Microsoft Windows XP Professional VMware Inc VMware Virtual Platform dummy3 not assigned few 192 168 1100 Microsoft Windows XP Professional VMware Inc VMware Virtual Platform 2012 Zentyal Remote developed by Zentyal S L Inventory management Free trials Zentyal Remote is included in all the commercial Zentyal server editions To try it all you need to do is to get 30 day free trial through the Zentyal website 1 http www zentyal com Copyright 2004 2012 Zentyal S L Home Company Download Do
48. 1 2 3 x gt 3 0 Zentyal Release Candidates Zentyal Release Candidates are published from July to September during the three months stabilization period There are as many release candidates as the Development Team deems necessary to stabilize the new code and bug fixes introduced before publishing the next stable version Release candidates always have the version number of the next stable release and the rc suffix to indicate that the version is a release candidate A suffix of rcl would be used for the first release candidate rc2 for the second release candidate rc3 for the third release candidate and so on 3 0 rcl 3 0 rc2 Stable Zentyal versions Stable Zentyal versions are published once a year in September Stable releases always have even major numbers 1 0 1 2 1 4 2 0 2 2 3 0 The first version number changes every time the base system Ubuntu LTS version is upgraded For example the versions 1 0 1 2 and 1 4 were based on Ubuntu 8 04 LTS 2 0 and 2 2 were based on Ubuntu 10 04 LTS and the 3 0 will be based on Ubuntu 12 04 LTS Timetable e June Zentyal development is frozen Three months stabilization period starts The necessary release candidate versions are published during this period e September Stable Zentyal version is published e October June Zentyal development continues The necessary beta versions are published during this period Support policy The Zentyal D
49. 100 Sharing Share This Printer Make Brother Select Another Make Manufacturer Prenar rarer OTTER TG Tay Model Brother HL 5150D Foomatic jet4 en 7 Brother HL 5150D Foomatic Postscript en Brother HL 5150D Foomatic pximono en Brother H HL ERINO ARAE A menart Brother HL 5170DN pemeerr re ny ten Brother HL 5170DN Foomatic lj5gray en Brother HL 5170DN Foomatic ljet4 en Brother HL 5170DN Foomatic Postscript en Brother HL 5170DN Foomatic nximono en d Or Provide a PPD File Examinar _Add Printer Manufacturer and model Finally you will have the option to modify the general settings General Printout Mode Nommal 17 Media Source Printer default v Page Size a ooo r Double Sided Printing of m General settings Once you have completed the wizard your printer will be configured You can check which printing jobs are pending or on progress through Jobs Manage jobs within the CUPS interface You can perform many other actions such as print a test page For more information about printer management with CUPS it is recommended to read the official documentation 3 3 http www cups org documentation php Once the printer has been added through CUPS Zentyal can export it by using Samba You can see the list of available printers at the bottom of Printer Sharing Printer permissions SEARCH cH i n E O Brother Laser B amp W Headquarters x
50. 9100 Examples http hostname 631 ipp http hostname 631 ipp portl ipp hostname ipp ipp hostname ipp portl N lpd hostname queue socket hostname socket hostname 9100 See Network Printers for the correct URI to use with your printer Connection parameters In the next step you can specify the printer s name that will be used to identify it later on together with other additional descriptions of its features and placement These descriptions can be any character string and their value will be only informational On the other hand the name can not include spaces nor special characters Add Printer Name Srother May contain any printable characters except and space Description Laser 35w l al Human readable description such as HP LaserJet with Duplexer Location Room 2 Human readable location such as Lab 1 Connection socket 192 168 1 10 9100 Sharing Share This Printer a continue Name and description Later you must set the manufacturer model and which printer driver to use Once you have selected the manufacturer a list of available models will appear with different drivers for each model on the right separated by a slash You also have the option to upload a PPD file provided by the manufacturer if your printer model does not appear on the list Add Printer Name Brother Description Laser B amp W Location Room 2 Connection socket 192 168 1 10 9
51. Bs and ITC About 99 of companies in the world are small and medium businesses SMBs They generate more than half of the global GPD SMBs constantly look for ways to reduce costs and increase productivity especially in times of crisis like the one we are currently facing However they often operate under very limited budgets and limited workforces These circumstances make it extremely challenging to offer suitable solutions that bring important benefits at the same time keeping investments and operational costs within budget Technology vendors have traditionally shown little interest in developing solutions that adapt to the needs of SMBs In general enterprise solutions available on the market have been developed for large corporations and therefore their implementation requires considerable investments of time and resources as well as a high level of expertise In the server market this has meant that until now SMBs have had few solutions to choose from and in addition the available solutions have usually been over sized Considering the real needs of SMBs too complex to manage and with high licensing costs In this context it seems reasonable to consider Linux as a more attractive SMB server alternative since technically it has shown very high quality and functionality and the acquisition price is unbeatable However the presence of Linux in SMB environments is symbolic and the growth is relatively small How is this possible
52. CDW rarard AUUIIS Aa HCW JNVY I CLtVIU XMPP Protocol Priority 0 Lower value is greater priority Weight Lanm 0 indicates no weighting and a greater value more chances to be selected with equal priority Target port 5222 Target z 7 This domain Y betelgeuse Y If you select the Custom it should be a Fully Qualified Domain Name Adding a service record Service name xme o Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Time synchronization service NTP Zentyal integrates ntpd 2 as its NTP server NTP uses UDP port 123 2 http www eecis udel edu mills ntp html ntpd html Configuring an NTP server with Zentyal Zentyal uses the NTP server to both synchronise its own clock and offer this service on the network so it is important to enable it Once you have enabled the module you can check in System gt General that it is running and that manually adjusting the time is disabled You still need to configure your time zone Time zone Europe v Madrid v Time zone You will probably have to restart some services after changing the time zone CHANGE Date and time 12 9 2012 17 4 45 A change in the date or time will cause all Zentyal services to be restarted NTP module installed and enabled If you access to NTP you can enable or disable the service and choose the external servers that you want to
53. ELP 3 SETTINGS Es Loco Zentyal Remote ODD CLIENT SERVERS Reports Web Traffic HTTP Proxy GB Last month Last year Web traffic and the amount of network traffic saved by the LUTTD annha Top Domains E The total traffic going through the HTTP proxy Tan Rincked Namaine Pep wreenee womans U File Sharing Top Size Shares N Top Virus Shares Printers Printer usage 1 Printer jobs by user More categories 2010 Jan 2010 Mar 2010 May 2010 Jul 2010 Feb 2010 Apr 2010 Jun 2010 Aug 2012 Zentyal Remote developed by Zentyal S L Server report On the other hand Zentyal Remote helps to carry out software and security updates remotely on a group of servers Thus one can increase the system security and at the same time reduce the maintenance costs However the group tasks jobs are not limited to updates but can be extended to any area of the Zentyal server from modification of firewall rules to users and groups management and to add file sharing rules This feature is specially useful when managing a large number of servers with similar characteristics Zentyal Remote aG e e ee eee ae te ZENTYAL Job instances sF Add Edit avai able jobs ff Search Arguments Launched date Mir caus Zentyal Common account neve J SETTINGS Ea Loc o report host status Zentyal Fri 14 Sep 2012 16 16 38 0200 addFirewallRule a amy 22 0 0 0 0 0 0 0 0 Thu 2 Aug 2012 19 55 19
54. HANGE Configure user s corner port The user can access the User corner using the URL https lt Zentyal_ip gt lt usercorner_port gt Once the user enters his her name and password he she can perform changes in his personal configuration User s corner offers the following functionality e Change the current password e Configure the voice mail for the user e Configure an external personal account to retrieve the mail and synchronise it with the content of the mail server in Zentyal Password management Password New password eeeeeeeee CHANGE Change the current password in user s corner Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store File sharing and authentication service Zentyal uses Samba 4 to implement SMB CIFS and manage the domain Kerberos 5 for the authentication services 4 http en wikipedia org wiki Samba_ software 5 http en wikipedia org wiki Kerberos Configuring a file server with Zentyal The file sharing services are active when the file sharing module is active even if the Domain Controller function is not File sharing is integrated with users and groups Each user has a personal directory and each group can be assigned a shared directory The user s personal directory is automatically shared and can only be accessed by the user To configure the general settings of the file sharing service go to File
55. Home Company Download Documentation Screenshots Forum Contribute Store Zentyal 3 0 Official Documentation Introduction to Zentyal e Presentation o SMBs and ITC o Zentyal Linux server for SMBs Installation o Zentyal installer o Initial configuration o Hardware requirements e First steps with Zentyal o Administrative web interface of Zentyal o Network configuration with Zentyal e Software updates o Management of Zentyal components o System Updates o Automatic updates e Zentyal Remote Client o About Zentyal Remote o Registering Zentyal server to Zentyal Remote o Configuration backup in Zentyal Remote o Other services along with your registration Zentyal Infrastructure Zentyal Infrastructure High level Zentyal abstractions o Network objects o Network services Domain Name System DNS o DNS cache server configuration with Zentyal o Transparent DNS Proxy o DNS Forwarders o Configuration of an authoritative DNS server with Zentyal Time synchronization service NTP o Configuring an NTP server with Zentyal Network configuration service DHCP o DHCP server configuration with Zentyal Thin client service LTSP o Configuration of a thin client server with Zentyal Download and run thin client Certification authority CA o Certification Authority configuration with Zentyal Virtual private network VPN service with OpenVPN o Configuration of a OpenVPN server with Zentyal Virtual private network VPN service wi
56. OpenVPN has the following advantages Authentication using public key infrastructure SSL based encryption technology Clients available for Windows Mac OS and Linux Easier to install configure and maintain than IPSec another open source VPN alternative e Allows to use network applications transparently 2 http openvpn net Configuration of a OpenVPN server with Zentyal Zentyal can be configured to support remote clients Sometimes known as road warriors This means a Zentyal server acting as a gateway and VPN server with multiple local area networks LAN behind it allows external clients the road warriors to connect to the local network via the VPN service s Manager Zentyal and remote VPN clients The goal is to connect the data server with other 2 remote clients sales person and CEO and also the remote clients to each other First you need to create a Certification Authority and individual certificates for the two remote clients You can do this through Certification Authority General Note that you also need a certificate for the VPN server However Zentyal will create this certificate automatically when you create a new VPN server In this scenario Zentyal acts as a Certification Authority Current Certificate List Client hostl example com Valid webserver example com Valid Zentyal Valid vpn myvpn Valid myuser Valid Revoke ba Download Key s and Certificate t Renew or rei
57. PLOAD LIMITED TO 50 a ETHO KB s ZENTYAL SERVER ETH2 Sa FTP DOWNLOAD LIMITED TO 20 KB s gt INTERNAL NETWORK CLIENT Example of traffic shaping rules and their associated interface You can add rules for each network interface in order to give Priority 0 highest priority 7 lowest priority Guaranteed rate or Limited rate These rules apply to traffic bound to a Service a Source and or a Destination of each connection Traffic Shaping Rules for internal interfaces download Add new SEARCH nn ios eS eres L Any Any 7 ethi FTP 0 Kbit s 50 Kbit s Mra a ee Page 1 Rules for external interfaces upload F Add new SEARCH Enabled Interface Service Source Destination Priority Guaranteed Rate Limited Rate Action L Any Any 7 eth0 SSH 90 Kbit s 0 Kbit s x lt f 10 Page 1 Traffic shaping rules Additionally it is possible to install the component Layer 7 Filter which allows you to configure a more complex analysis of the traffic shaping based on identifying the last level protocols by their content rather than the port As you can see when you install this component you can use this filter by choosing Application based service or Application based service group as Service The rules based on this type of filtering are more effective than the ones that just check the port given that you may have servers configured to provide the service on non def
58. Peia System Settings Network Settings Adding a new interface Enabled T NAT ef 71 84 18 09 F8 18 ADD CANCEL MAC Address VM network settings Device Settings It contains the list of storage drives associated with the machine You can associate CDs or DVDs providing the path to an ISO image and also hard drives For the hard drives you can also provide a image file of either KVM or VirtualBox or just specify the size in megabytes and an identifier name and Zentyal will create the new empty disk By unchecking the checkbox Enabled you can temporally disconnect any of the drives without deleting them Device Settings Add new SEARCH Sk CD DVD home administrator Downloads slitaz 4 0 iso x lt L 10 7 Page 1 KKC Device settings Virtual machine maintenance In the Dashboard you have a widget that contains the list of virtual machines and their current state running or not and a button that allows you to Stop or Start them if you want to Virtual Machines slitazLinux Running E Stop Widget in your Dashboard In the Virtual Machines section you can see from left to right the following actions you can execute over a machine Highlighting the action buttons and status indicator Besides the delete and edit buttons you can carry out the following actions View Console It will open a pop up window where you ca
59. TP server configuration through the menu FTP FTP Server General configuration settings Anonymous access i Disabled i Personal directories ene Force SSL Y CHANGE FTP Server Configuration The FTP service provided by Zentyal is very easy to configure and it allows the provision of remote access to a public directory and or personal directories of the system users The default path of the public directory is srv ftp while all users have personal directories located within home user In Anonymous access you can choose between three possible configurations for the public directory Disabled No access is granted to anonymous users Read only Users can access the directory with an FTP client but users are only allowed to list the files and download them This configuration is appropriate when making content globally available for download Read and write Users can access the directory with a FTP client and anyone can add modify download and delete files from this directory This configuration is not recommended unless you are very confident of what you are doing Another configuration parameter Personal directories allows each Zentyal user access to their personal directory In this case you can also activate Restrict to Personal directories which will prevent users to navigate the entire file system only accessing the files and directories under home user Using the SSL Support option you can force
60. U TEI LI aAativil ryg lw The administrator user will be able to manage all the permissions of the Zarafa platform Enable access The protocols offered here will depend on your specific configuration you can set the protocols that will be available for this user Shared store only This option is used when you have an account that is really a shared resource and nobody logins using it for example a calendar shared between several people Auto accept meeting requests Add the requests to our calendar without confirming with the user the user will be notified of this event via email Until now mail users were authenticated by the name of their email account for example bob home lan Zarafa web interface or its gateways expects users to be identified by their username as bob in the previous example Configuration for delivery through SMTP does not change Zarafa basic use cases Once you have configured your Zarafa server and have authorized users you can access it through the configured Virtual Host amp Zarafa Please logon Name jsmith Passer Language Last used language T WebAccess Zarafa login screen After login in you can see the main Zarafa page showing the email interface and different tabs to access the Calendars Contacts Tasks and Notes Zarafa Webaccess eyNew X P amp Q GaAdvanced Find Restore Items X Reply X Reply All Forward GASearch jRules jSend Receive Folder list In
61. ain Services 3 0 1 Groupware Zarafa 3 0 HTTP Proxy Cache and Filter 3 0 IPsec 3 0 Intrusion Detection System 3 0 J Jabber Instant Messaging 3 0 Layer 7 Filter 3 0 J Mail Filter 3 0 Mail Service 3 0 PPTP 3 0 J Printer Sharing Service 3 0 J RADIUS 3 0 Thin Clients 3 0 Traffic Shaping 3 0 i UPS Management 3 0 J User Corner 3 0 Virtualization Manager 3 0 VoIP 3 0 Web Mail Service 3 0 E INSTALL l tS UPDATE LIST i 7a SELECT ALL DEseLecT ALL Management of Zentyal components When entering this section you will see the advanced view of the package manager that you might have seen already during the installation process This view has three tabs each one for the actions of Installing Updating and Deleting Zentyal components On this view there is an option to change to basic mode on which you can install package collections depending on the role of the server you are setting up Getting back to the advanced view let s see the available action in detail Component installation Tab is visible when you enter in the component management section There are three columns here one for the component name another for the version currently available in the repositories and a third to select the component In the lower part of the table you can view the buttons to Install Update list Select all and Deselect all To install the required components simply select them and click on
62. al S L Home Company Download Documentation Screenshots Forum Contribute Store Webmail service Zentyal integrates Roundcube to implement a webmail service 1 Roundcube is developed with the latest web technologies offering a far superior user experience compared to traditional webmail clients 1 http roundcube net Configuring a webmail in Zentyal The webmail service is enabled in the same way as any other Zentyal service However the e mail module must be configured to use either IMAP IMAPS or both and the webserver module must be enabled Without this configuration webmail will refuse to work The e mail configuration in Zentyal is explained in depth in the Electronic Mail Service SMTP POP3 IMAP4 section and the webserver module is explained in the Web publication service HTTP section Webmail options You can access the settings by clicking in the Webmail section in the left menu Here you can establish the title that will be used by webmail to identify itself This title will be shown on the login screen and in the HTML page titles Webmail General configuration Name Zentyal webmail Virtual host Disabled Y Virtual host where the webmail will be installed This will disable the default webmail url CHANGE General Webmail settings Login to webmail To be able to log into the webmail interface HTTP traffic must be allowed by the firewall from the source address used The webmai
63. al com which edition is for me 6 https remote zentyal com doc Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Zentyal Infrastructure This section explains several of the services used to manage the infrastructure of your local network and to optimise internal traffic We will study Zentyal s high level abstractions the objects and services that will be used in most of the other modules name domain management time synchronisation automatic network configuration deployment of thin clients the management of a certification authority and the different types of virtual private networks you can deploy and installing virtual machines Defining abstractions will help you manage the entities that will be used by the other modules creating a coherent and robust context Domain Name System or DNS provides access to services and hosts using names instead of IP addresses these are easier to memorise The Network Time Protocol or NTP keeps the system time synchronised on the different computers within a network The DHCP service is widely used to automatically configure different network parameters on computers such as IP address DNS servers or the gateway which is used to access to the Internet The Thin Client module LTSP allows you to reuse old hardware creating a centralized management infrastructure where a lot of low end terminals are powered by a few higher
64. all of them In addition if an HTTP proxy is required for Internet access you can also configure this in this section This proxy will be used by Zentyal for connections such as updates and the installation of packages or the update of the anti virus data files Gateways List Add new SEARCH Enabiea name iradcress intertace weint Detauit Action s v dhcp gw ethoO 192 168 1 1 etho 1 10 F Page 1 Configuration of gateways To allow the system to resolve domain names you must indicate the address of one or several name servers in Network gt DNS Domain Name Server Resolver List Add new SEARCH ponu none sor eee ee 127 0 0 1 NIIN 87 216 1 65 87 216 1 66 e Configuration of DNS servers If the Internet connection assigns a dynamic IP address and you need a domain name to re direct you need a provider of dynamic DNS By using Zentyal you can configure some of the most popular providers of dynamic DNS To do this you must select Network DynDNS where you can choose the Service provider Username Password and Hostname which needs updating when the public address changes Finally select Enable dynamic DNS Enable Dynamic DNS s Service DynDNS Y CHANGE Configuration of Dynamic DNS Zentyal connects to a provider to obtain a public IP address avoiding any translation of the network address NAT between the server and Internet If you are using this feature
65. aller recommended option e using an existing Ubuntu Server Edition installation In the second case the official Zentyal repositories must be added and installation continued by installing the modules you are interested in leak However in the first case the installation and deployment process is easier as all dependencies reside on a single CD or USB Another benefit of using the CD or USB is to have a graphical environment that allows the use of a web interface from the server itself Ubuntu s official documentation includes a brief introduction to installing and configuring Zentyal 4 1 Ubuntu is a Linux distribution developed by Canonical and the community focused on laptops PCs and servers http www ubuntu com 2 For a detailed description about the publication of Ubuntu versions it is recommended you consult the Ubuntu guide https wiki ubuntu com Releases 3 For more information about installing from the repository please go to http trac zentyal org wiki Document Documentation InstallationGuide 4 https help ubuntu com 12 04 serverguide zentyal html Zentyal installer The Zentyal installer is based on the Ubuntu Server installer Those already familiar with this installer will also find the installation process very similar To start with you choose the installation language in this example English is chosen Amharic Arabic Asturianu BenapycKkaa BbaArapcKu Bengali Bosanski Catala e t
66. alues Name IP Address and Netmask The MAC address is optional you can only use it on members that represent a single host This value will be applied when the MAC address is accessible Objects gt Sales Adding a new member Name Marketing IP address CIDR 7Y 192 168 200 0 24 T MAC address Optional ADD CANCEL Add a new member The members of one object can overlap with members of other objects TL ian in wr Aa anal ta antah liah anahiitunaws Renate Last wran Lawra ta IUIS IS very uselul W CSstaVilsti alVIUdly XIOUPS VUL YUU Have WwW consider them when using the rest of the modules to obtain the wanted configuration and to avoid conflicts In other configuration sections of Zentyal where you can use network objects like DHCP or Firewall a quick embedded menu will be offered so you can create and configure the network objects without explicitly accessing this menu section Network services Network services is a way to represent the protocols TCP UDP ICMP etc and the ports used by an application or a group of related applications The purpose of the services is similar to that of the objects objects simplify reference to a group of IP addresses with a recognisable name Services allows identification of a group of ports by the name of the services the ports have been allocated to When browsing for example the most usual port is the HTTP port 80 TCP But in addition you also have to use the HTTPS
67. and services You can define the traffic balancing of your gateways when accessing resources on the Internet configuring the protocols associated with each gateway wan failover safety politics and bandwidth restrictions for some types of traffic like P2P Using RADIUS you can authenticate the users in your network is specially useful if you want to avoid the security problems associated with symmetric password on wireless networks Another needed service in most of the deployments is the HTTP Proxy This service allows you to speed up your Internet connection storing a web cache and establishing advanced access politics The Captive Portal with bandwidth monitoring allows you to give access to a set of users redirecting all the web traffic to your registration webpage It sports real time reports of connected users and their consumed traffic Thanks to the IDS module you can stablish heuristics to automatically detect a diverse group of security threats in both internal and external networks Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Firewall Zentyal uses the Linux kernel subsystem called Netfilter 2 in the firewall module Functionality includes filtering package marking and connection redirection capabilities 2 http www netfilter org Firewall configuration with Zentyal Zentyal s security model is based on delivering the maximum possible
68. arset UTF 8 lt IDOCTYPE html PUBLIC W3C DTD XHTML 1 0 Strict EN http www w3 org TR xhtmll DTD xhtmll strict dtd gt lt html xmins http www w3 org 1999 xhtmI dir Itr lang en US gt Request schema and HTTP response By default HTTP uses the TCP port 80 and HTTPS uses the TCP port 443 HTTPS is the HTTP protocol sent via SSL TLS connection to guarantee encrypted communication and authentication of the server LHe Apate 9 li ir servel iS WEC IMOSt WIUCLY USCU ULI UIC TILCLIICL hosting more than 54 of all web pages Zentyal uses Apache for its HTTP server module and for its administrative interface 1 http en wikipedia org wiki W orld_Wide_Web 2 http en wikipedia org wiki HTTP 3 http en wikipedia org wiki URL 4 http en wikipedia org wiki WebDAV 5 http httpd apache org HTTP server configuration with Zentyal You can access to the HTTP server configuration through the Web Server menu Web Server as General configuration settings Listeni rt istening po 80 Listening SSL port i Disabled Y Enable per user public_html CHANGE Virtual hosts Add new SEARCH Disabled www example org Ls F Pagel CJL L Configuration of Web server module In the General Configuration you can modify the following parameters Listening port HTTP port by default port 80 the default port of the HTTP protocol SSL listening port HTTPS port by default port 443 the default
69. ashboard that the VPN server is running OpenVPN daemons v Server myvpn Service Enabled Daemon status Running Local address All external interfaces Port 1194 UDP VPN subnet 192 168 160 0 255 255 255 0 VPN network interface tapo VPN interface a 192 168 160 1 24 Widget of the VPN server After this you must advertise networks i e routes between the VPN networks and between other networks known by your server These networks will be accessible by authorised VPN clients To do this you have to enable the objects you have defined see High level Zentyal abstractions in the most common case all internal networks You can configure the advertised networks for this VPN server through the interface of Advertised networks List of Advertised Networks Add new SEARCH neen wr Fc openVPN eth1 192 168 56 0 24 x nd openVPN eth2 192 168 200 0 24 i0 F Page 1 Advertised networks of your VPN server Once you have done this it is time to configure the clients The easiest way to configure a VPN client is by using the Zentyal bundles installation packages that include the VPN configuration file specific to each user and optionally an installation program These are available in the table at VPN gt Servers by clicking the icon in the column Download client bundle You can create bundles for Windows Mac OS and Linux clients When you create abundle select those certificates that will be used by the cl
70. at this info could be also browsed and edited from the Groupware module x Zarata Enable shared rosted Autocratically add all the users of this server as contacts of your list To create a Jabber XMPP user account go to Users Add User if you want to create a new user account or to Users gt Edit User if you just want to enable the Jabber account for an existing user Jabber account User account Enabled Y Administration rights CHANGE Setting up a Jabber account As you can see a section called Jabber account will appear where you can select whether the account is enabled or disabled Moreover you can specify whether the user will have administrator privileges Administrator privileges allow you to see which users are connected to the server send them messages set the message displayed when connecting MOTD Message Of The Day and send a notice to all connected users broadcast Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Voice over IP service Zentyal uses Asterisk 6 to implement the VoIP module Asterisk is a software only application that works on any commodity server providing the features of a PBX Private Branch eXchange to connect multiple phones using a VoIP provider or the analog telephone network It also offers services such as voice mail conferences interactive voice responses and so on 6 http en wikipedia org
71. ations e Electronic Mail Service SMTP POP3 IMAP4 o SMTP POP3 IMAP4 server configuration with Zentyal Mail filter o Mail filter schema in Zentyal Webmail service o Configuring a webmail in Zentyal Groupware service o Configuration of a groupware server Zarafa with Zentyal o Zarafa basic use cases Instant Messaging Service Jabber X MPP o Configuring a Jabber XMPP server with Zentyal Voice over IP service o VolP server configuration with Zentyal o Using Zentyal VoIP features Zentyal Maintenance Zentyal Maintenance Logs o Zentyal log queries o Configuration of Zentyal logs o Log Audit for Zentyal administrators Events and alerts o Events and alerts configuration in Zentyal Uninterruptible power supply o UPS Configuration with Zentyal Monitoring o Monitoring in Zentyal o Metrics o Bandwidth Monitoring o Alerts Automatic Maintenance with Zentyal Remote o Zentyal Remote o Troubleshooting n Maintananra A1VICALLIILOLIALICLL o Remote management and inventory o Free trials Advanced Zentyal Management e Importing configuration data Advanced Service Customisation Development environment of new modules Release policy o Zentyal Release Cycle o Support policy e Bug management policy o Patches and security updates Technical support o Community support o Commercial support Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Presentation SM
72. ault ports This will be unnoticed if you do not analyze the traffic itself It is expected that this type of analysis usually means a heavier processing load for the Zentyal server Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Network authentication service RADIUS Zentyal integrates the FreeRADIUS 2 server the most popular in Linux environments 2 http freeradius org Configuring a RADIUS server with Zentyal To configure the RADIUS server in Zentyal you need first to check in Module status if Users and Groups is enabled because RADIUS depends on this You can create a group from the menu Users and Groups Groups and add users to the system from the Users and Groups Users menu While you are editing a group you can choose the users that belong to it The configuration options for users and groups are explained in detail in chapter Directory Service LDAP Once you have added groups and users to your system you need to enable the module in Module status by checking the RADIUS box RADIUS General configuration Group allowed to authenticate All users Y CHANGE RADIUS Clients Te Add new SEARCH a ee ap1 wifi 192 168 101 254 32 aiii amp v ap2 wifi 192 168 101 253 32 TER amp io oi Page 1 General configuration of RADIUS To configure the service go to RADIUS in the left menu Here you can define if All u
73. b interface of Zentyal both through its own graphical environment included in the installer and from anywhere on the internal network using the address https ip_address where ip_address is the IP address or the hostname on which Zentyal is installed Because access is through HTTPS the first time it is accessed the browser will ask you whether you trust the site You simply accept the self generated certificate Warning Some older versions of Internet Explorer may have problems accessing the interface Use the latest version available of your web browser Tip For convenience when using virtualized environments you should configure a host only network interface in your virtualization solution so you can access Zentyal s interface full screen using your native browser See the example of Appendix B Advanced network scenarios Scenario 1 The first screen asks for the username and password The user created during the installation and any other user of the admin group can authenticate as administrator P Username administrator N J Password zentyal Created by Zentyal S L Login Once authenticated you will see the administrative interface this is divided in three main parts Left side menu Contains links to all the services that can be configured by using Zentyal separated into categories When you select a service in this menu a sub menu might appear to configure a_ particular requirement in the
74. box All folders From Received 3 amp Inbox John Smith Calendar Contacts Deleted Items Drafts 3 Inbox eS Journal BI Junk E mail Pee mT PETTITT Open shared folders I Inbox 2 Calendar Contacts D Tasks oa Notes 0 items 0 new you are logged on as John Smith settings log out Zarafa main page Zarafa also sports a renew version of their interface WebApp on as John Smith Settings owt mC 0 Mail K Inbox K 4 Pa 10f1 gt N fa i Zarafa g My Mail Search in Inbox Pp Show all folders From Subject Received Size vi 3 amp Inbox John Smith There are no items to show in this view 1 Deleted Items Drafts Junk E mail E Outbox Q RSS Feeds Bs Sent Items a Public Folders B Favorites P Public Folders Open Shared Mails WebApp version of the Zarafa Shared calendars Suppose a very common use case where you want to schedule an event between several users for example a meeting To do this you should go to the Calendar tab and create an event simply by double clicking in the desired date and time As you can see there are many parameters you can configure like duration reminders attached files schedule etc During the event configuration or editing it later you can invite other users from the Invite attendees tab You only need to fill his her mail address and click on Send Meeting
75. cel 4 Sharing a contact with other Zarafa users After this you can access with other user and click on the Open shared folders link that you can see in the main Zarafa webpage In the pop up window fill in the Name with the email address of the user that has shared the contacts and in Folder type choose Contacts A new folder will appear in you main window where you can see the shared contacts For more information about Zarafa see the User Manual 7 For administrators that require a deeper understanding of the application reading of the Administration Manual 8 is recommended 6 http www zarafa com wiki index php Z Push_Mobile_Compatibility_List 7 http doc zarafa com trunk User_Manual en US html jndex html 8 http doc zarafa com trunk Administrator_Manual en US html index html Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Instant Messaging Service Jabber XMPP Zentyal uses Jabber XMPP as its IM protocol and jabberd2 3 XMPP server integrating network users with Jabber accounts 3 http www ejabberd im Configuring a Jabber XMPP server with Zentyal To configure the Jabber XMPP server in Zentyal first check the Module Status and that the Users and Groups module is enabled Jabber depends on this Then mark the Jabber checkbox to enable the Jabber XMPP Zentyal module To configure the service go to Jabber in th
76. ces 34 976733506 or 0034976733506 dial 00034976733506 VoIP domain This is the domain assigned to the user addresses For example a user user with an extension 1122 can be called at user domain tld or at 1122 domain tld In the S P provider section enter the credentials supplied by the SIP provider so that Zentyal can route calls through it Name The identifier of the provider in Zentyal User name The user name used to log into the provider service Password The password to log into the provider service Server The provider server Recipient of incoming calls The internal extension that will receive the incoming calls to the provider account The NAT configuration section defines the network location of your Zentyal host If it has a public IP address the default option Zentyal is behind NAT No is correct If it has a private IP address you must provide Asterisk with your Internet public IP address If you have a fixed public address select Fixed P address and enter it if the IP is dynamic you must configure the dynamic DNS service Dynamic DNS available in Network Dynamic DNS or configure it manually and enter the domain name in Dynamic hostname In the Local networks section you can add the local networks to which Zentyal has direct access without NAT like VPN or network segments not configured from Zentyal like a wireless network This is required due to SIP behaviour in NAT environments To
77. ch recipients contain an account that belongs to any of its virtual mail domains Mail can be received from any client that is able to connect to the server Relay occurs when the mail server receives a message which recipients do not belong to any of its managed virtual mail domains thus requiring forwarding of the message to other servers Mail relay is restricted otherwise spammers could use the server to send spam all over the Internet Zentyal allows mail relay in two cases 1 Authenticated users 2 A source address that belongs to a network object which has a allowed relay policy enabled General configuration Accessing Mail gt General gt Mail server options gt Options you can configure the general settings for the mail service TLS for SMTP server This forces the clients to connect to the mail server using TLS encryption thus avoiding eavesdropping Require authentication This setting enables the use of authentication A user must provide an e mail address and a password to identify once authenticated the user can relay mail through the server An account alias can not be used to authenticate Mail server Options Smarthost to send mail Optional Smarthost authentication None v Server mailname FQDN hostname Y Postmaster address Local root account Y Maximum mailbox size allowed Unlimited size Y Maximum message size accepted Pon Unlimited size Y Expiration period for
78. chain can have the effect of ignoring a more specific one that is located later in the list this is why the order of rules is important You can also apply a logical not to the rule evaluation using Inverse match in order to define more advanced policies Adding a new rule Decision ACCEPT Y Source Source object Y DMZ Inverse match Service SSH Inverse match Description y Ontional Allow SSH connections from the DM ADD CANCEL Creating a new rule in the firewall For example if you want to register the connections to a service first you use the rule that will register the connection and then the rule that will accept it If these two rules are in inverse order nothing will be registered because the first rule has already accepted the connection Following the same logic if you want to restrict the access to the Internet first restrict the desired sites or clients and then allow access to the rest swapping the location of the rules will give complete access to every client By default the decision is always to deny connections and you have to add explicit rules to allow them There are a series of rules which are automatically added during installation to define an initial version of firewall policies allow all the outgoing connections to external networks to the Internet from the Zentyal server in Traffic from Zentyal to external networks and also allow all the connections from internal to external networks
79. configure the general behaviour of all incoming mail SMTP Mail Filter Antivirus enabled Antispam enabled Service s port 10024 Notify of non spam problematic messages Disabled v CHANGE General parameters for the SMTP filter Enabled Check to enable SMTP filter Antivirus enabled Check to ensure the filter searches for viruses Antispam enabled Check to ensure the filter searches for spam Service s port Port to be used by the SMTP filter Notify of non spam problematic messages You can send notifications to a mailbox when you receive problematic emails that aren t spam for example emails infected by a virus From Filter policies you can configure how the filter must act with different types of emails Virus policy a Drop silently v Spam policy ai Pass v Banned files policy 3 Notify mail sender account Y Bad header policy PN Pass v CHANGE SMTP filter policies You can perform following actions with problematic emails Pass Do nothing let the email reach its recipient Nevertheless in some cases like viruses the mail server will add a warning to the email subject Notify mail server account Discard the message before it reaches the recipient notifying the original sender account Notify sender server Discard the message before it reaches the recipient notifying the server of the sender account it s very common that the server notifies its user in turn
80. ct them to one network card keeping them in the same subnet VLAN is also an option Also it is always recommended that a UPS is deployed along with the server For further information see nut chapter For a general purpose server with normal usage patterns these are the recommended minimum requirements Network Zentyal Profile Users CPU Memory Disk cards Gateway lt 50 P4or 2G 80G 2 or more equivalent 50 or Xeon Dual 4G 160G 2 or more more core or equivalent Infrastructure lt 100 P4or 1G 80G 1 equivalent 100 P4or 2G 160G 1 or equivalent more Office lt 100 P4or 1G 250G 1 equivalent 100 Xeon Dual 2G 500G 1 or core or more equivalent Communications lt 100 Xeon Dual 4G 250G 1 core or equivalent 100 Xeon Dual 8G 500G 1 or core or more equivalent Hardware requirements table When combining more than one profile you should think in terms of higher requirements If you are deploying Zentyal in an environment with more than 100 users a more detailed analysis should be done including usage patterns benchmarking and considering high availability strategies 6 http www ubuntu com certification catalog 7 http www ubuntu com certification release 10 04 20LTS servers Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store First steps with Zentyal Administrative web interface of Zentyal Once you have installed Zentyal you can access to the administrative we
81. cumentation Screenshots Forum Contribute Store Importing configuration data Although Zentyal UI interface greatly eases the system administrator work some configuration tasks through the interface can be tedious if you have to perform them repeatedly For example adding 100 new user accounts or enabling an e mail account for all 100 users These tasks can be automated easily through the Application Programming Interface API which is provided by Zentyal You only need a basic knowledge of Perl 1 and to know the public methods exposed by the Zentyal modules you want to use In fact Zentyal web interface uses the same programming interface 1 Perl is a high level general purpose interpreted dynamic programming language http www perl org An example on how to create a small utility is shown below using the Zentyal API to automatically add an arbitrary number of users defined in a Comma Separated Values CSV file usr bin perl use strict use warnings use KBox use EBox UsersAndGroups User EBox init my users open my SUSERS users while my Sline lt SUSERS gt chomp line my SuSser my username Sgivenname Ssurname Spassword lt Suser gt user Susername Suser gt givenname Sgivenname Suser gt surname Ssurname Suser gt password Spassword push users Suser close TU ER foreach my Suser Qusers EBox UsersAndGroups U
82. d in Electronic Mail Service SMTP POP3 IMAP4 In this scenario you assign any number of the existing virtual domains to the groupware module and from that moment on the mail of those domains will be stored in Zarafa and not in the server you were using previously The mail sent to the other virtual domains will continue to be stored in the same way This groupware module integrates with the existing mail module so that the users can consider themselves associated with a quota and use a Zarafa account You can access the configuration in Groupware gt General where the following parameters can be set 9 Groupware Zarafa General configuration settings Enable Outlook Access Enable Instant Messaging integration _ Enable Spell Checking Enable Active Sync Enable Single Sign On Kerberos 2 Virtual host r Disabled Y CHANGE Zarafa gateways configuration settings Enable POP3 gateway Enable POP3S gateway Enable IMAP gateway Enable IMAPS gateway Enable iCAL gateway _ Enable iCAL SSL gateway CHANGE Quota configuration settings Maximum mailbox size re z Unlimited size Y Warn user over 80 quota Stop user sending mails over 5 95 quota CHANGE Configuration of groupware Zarafa Enable Outlook access In case you want to integrate the Zarafa platform and all its groupware services calendars tasks contacts with a Microsoft Outlook client you will need to enable this opti
83. deleted mails Never v Expiration period for spam mails Never es Period for polling external mail accounts 3 minutes CHANGE Mail retrieval services POP3 service enabled Secure POP3S service enabled x amp amp IMAP service enabled Secure IMAPS service enabled lt q Retrieve mail for external accounts Manage Sieve scripts CHANGE General Mail configuration Smarthost to send mail If this option is set Zentyal will not send its messages directly but each received e mail will be forwarded to the smarthost without keeping a copy In this case Zentyal is an intermediary between the user who sends the e mail and the server that actually sends the message Here you can set the domain name or IP address of the smarthost You could also specify a port appending the text port_number after the address The default port is the standard SMTP port 25 Smarthost authentication This sets whether the smarthost requires authentication using a user and password pair or not Server mailname This sets the visible mail name of the system it will be used by the mail server as the local address of the system Postmaster address The postmaster address by default is an alias of the root user but it could be set to any account either belonging to any of the managed virtual mail domains or not This account is intended to be a standard way to reach the administrator of the mail server Automat
84. development framework to create web interfaces and also benefit from the integration with the rest of the modules and the common features from the vast Zentyal library Zentyal design is completely object oriented and it takes advantage of the Model View Controller MVC design pattern 2 so the developer only needs to define those features required by the data model The remaining parts are generated automatically by Zentyal To simplify the process further a development tool called zmoddev 3 is provided to ease the development of new modules auto generating templates depending on the parameters provided by the user This will save time however its explanation and development is beyond the scope of this course 2 An explanation about Model View Controller design pattern http en wikipedia org wiki Model_View_Controller 3 zmoddev SVN repository access svn svn zentyal org zenty al trunk extra zmoddev Zentyal is designed to be installed on a dedicated machine This recommendation is also extended to the developing scheme Developing on the same host is highly discouraged The recommended option is to deploy a virtual system to develop as Appendix A Test environment with VirtualBox explains in depth Release policy Zentyal server development follows time based release cycle a stable Zentyal release is published once a year in September The Zentyal Development Team has opted for time based release cycle most importantly b
85. dget There you are able to see the server edition and the rest of the purchased services if any in this widget Configuration backup in Zentyal Remote One of the features of Zentyal Remote is automatic configuration backup of your Zentyal server stored in the cloud If you register your community server then you can save one configuration backup remotely If you have a commercial edition Small Business or Enterprise Subscription you can save up to seven different configuration backups The configuration backup is made on a daily basis if there is any change in Zentyal server configuration You can do this from System gt Import Export configuration and then clicking on the tab Remote You can make manual configuration backups if you want to make sure there is a backup of your last configuration changes Import Export Configuration Remotely Loca Remote Back up the current configuration state Name N me backupexample Description 5 j P Backup in Remote Remote configuration backup You can restore download or delete the configuration backups that are stored in Zentyal Remote Other services along with your registration Hostname in browser tab Notice the Zentyal servers by their name in the web browser tab This is useful if you manage several Zentyal servers from the same browser Hostname added to dynamic domain zentyal me A zentyal me subdomain for your server with multigateway suppor
86. ditional packages will be installed This selection is not definitive and later you can install and uninstall any of the Zentyal modules via the software management tools Confirm packages to install ar ace oo Certification Network Network Network Firewall DHCP DNS Service Authority Objects Services Configuration Service gt G a g z NTP Service Users and FTP VPN Service Web Server Network Monitor Groups Infrastructure Suite Cloud Client CANCEL oK Extra dependencies The system will begin the installation process of required modules and you will be shown a progress bar as well as some slides offering a brief introduction to core Zentyal functions and the commercial packages Installing Zentyal Remote Remote monitoring and management platform for servers and desktops e Resolve incidents quickly and before they amp A affect your users 4 ican e Easy and automated maintenance soon an 8 e Provide remote support for both servers o oe ccvccccce peon prid desktonc 3 20 re BN A ARGS Inventory of network devices and sor Zentyal Remote Ask for a free trial at www zentyal com Installing packages Current operation Unpacking openvpn from openvpn_2 2 1 8ubuntul_amd64 deb 67 of 196 actions done Installation and additional information Once the installation process has been completed the configuration wizard will configure the new modules and t
87. dule status and check the logs box To obtain reports from the existing logs you can go to the Maintenance gt Logs gt Query logs section via the Zentyal menu You can obtain a Full report of all log domains Moreover some of them provide an interesting Summarised Report giving you an overview of the service during a time period Query Logs SEARCH Firewall a mmen ammasso rot O aan y f VoIP Configuration changes Administrator sessions Events Mail SMTP filter POP3 proxy VPN HE IE HE 3E E HE aE aE HE RE it Printers i Page 1 of 2 Query log screen In the Full report you have a list of all registered actions for the selected domain The information provided depends on each domain For example for the OpenVPN domain you can see the connections to a VPN server of a client with a specific certificate or for example for the HTTP Proxy you can see the pages denied to a specific client Therefore you can create a customised query which allows you to filter by time period or other values that depend on the type of domain You can store these queries as events so that you will be notified when a match occurs Furthermore if the query doesn t have an upper time limit the results will automatically refresh with new data port port TCP 443 LOG 2012 09 22 eee ethi 192 168 56 1 192 168 56 252 51790 eu tee ethi 192 168 56 1 192 168 56 252 TCP 51787 443 LOG 18 57 55 ee 0922
88. e SSH 2 7 10 v Paget oja Exceptions to the captive portal List of Users The Current users tab contains a list of the users which are currently registered in the captive portal Current users SEARCH ee a client 192 168 200 20 o S e L 10 Page 1 CIKI gt Lp Extend bandwidth quota Kick user Current users The following information for each user is available User Name of the registered user IP address IP address of the user Bandwidth use Optional If the Bandwidth Monitor module is enabled this field will show the bandwidth use in MB of the user for the configured period From this list it is also possible to kick the users or Extend Bandwidth Quota their credit Kicking the user will instantly close the user s session leaving him without Internet access Extending the quota will add the default quota to his her current credit Using the captive portal When a user connected to Zentyal through a captive interface tries to access any web page using his her browser he she will be automatically redirected to the Captive Portal asking for authentication Captive portal fr YT Username Password zentyal Created by eBox Technologies Captive Portal authentication webpage After a successful login a pop up window will be shown to the user This window keeps the user session open so it should be kept open until the user disconnects from the Capt
89. e access to the list of all the files and directories contained in the remote backup and the dates of the different versions you can restore If the path to restore is a directory all its contents will be restored including sub directories gt gt gt gt D gt gt D gt 4 4 The file will be restored with its contents on the selected date 1f the file is not present in the backup that day The version found in the former backups will be restored If there is no copy of the file in any of the versions you will be notified with an error message Warning The files shown in the interface are the ones that are present in the last backup The files that are stored in former copies but not in the last one are not shown but they can be restored using the command line You can use this method with small files For big files the process is time consuming and you can not use the Zentyal web interface while the operation is being made You have to be especially careful with the type of file you are restoring Normally it will be safe to restore data files that are not being used by applications at the current time These data files are located in the directory home samba On the other hand restoring system file of directories like lib var or usr while the system is running can be very dangerous Don t do this unless you are really sure of what you are doing Editing file restore operation
90. e foocorp com When a user tries to access the host example as it is not present among its known hosts the name resolution will fail then the user s operating system will automatically provide example foocorp com resulting in successful name resolution In Network gt Tools you have a tool for Domain Name Resolution which by using dig shows the details of a DNS query to the server you have set in Network gt DNS Domain Name Resolution Domain name www zentyal com LOOKUP Wake On LAN MAC address WAKE Output Domain name resolution using the DNS local cache Tranecnarant ANG Dravv III I IJP UI GII LIIN J I I WAY Zentyal s transparent DNS Proxy gives you a way to force the use of your DNS server without having to change the clients configuration When this option is enabled all the DNS requests that are routed through your server are redirected to Zentyal s internal DNS server The clients have to use Zentyal as its gateway to make sure the requests will be forwarded To have this option available the firewall module must be enabled DNS Settings Enable transparent DNS cache CHANGE Transparent DNS proxy DNS Forwarders The redirectors or forwarders are DNS servers that your server will query First your server will search in the local cache among the registered domains and previously cached queries in case there is no answer it will query the redirectors For example the first time you
91. e left hand menu and set the following parameters General configuration settings Jabber domain jabber zentyal domain SSL support Force SSL T Connect to other servers Enable MUC Multi User Chat service Enable STUN service Enable SOCKSS proxy service Enable VCard information wt Enable shared roster TE CHANGE General Jabber Configuration Jabber Domain Used for specifying the domain name of the server User accounts will be user domain SSL Support It specifies whether the communications authentication and chat messages with the server are encrypted or plain text You can disable it make it mandatory or leave it as optional If you set it as optional this setting will be selected from the Jabber client Connect to other servers If you want to allow your users to contact other users on external servers or the other way around check this box Otherwise if you want a private server for your internal network leave it unchecked Enable MUC Multi User Chat Enables conference rooms chat with more than two users Enable STUN service Service that implements a set of methods to stablish connections between clients that are located behind a NAT for example video conferences using Jingle Enable SOCKS5 proxy service Proxy service for TCP connection can allow the clients behind a NAT to send files Enable VCard information Manage the contact information using the VCard form
92. e main virtual domain for the user from Users and Groups gt Users Edit Users gt Create mail account You can create aliases if you want to set more than a single e mail address for a user Regardless of whether aliases have been used the e mail messages are kept just once in a mailbox However it is not possible to use the alias to authenticate you always have to use the real account Create mail account Account name x jsmith Domain name k zentyal domain lan VY CREATE Mail settings for a user Note that you can decide whether an e mail account should be created by default when a new user is added to Zentyal You can change this behaviour in Users and Groups gt Default User Template gt Mail Account Likewise you can set up aliases for user groups Messages received by these aliases are sent to every user of the group with an e mail account Group aliases are created through Users and Groups Groups Create alias mail account to group The group aliases are only available when at least one user of the group has an e mail account You can define an alias to an external account as well that is mail accounts associated to domains not managed by your server The mail sent to that alias will be forwarded to the external account These kind of aliases are set on a virtual domain basis and do not require an e mail account They can be set in Mail gt Virtual Domains gt External accounts aliases Copyrigh
93. e of the server This will used as the Kerberos authentication realm for your users Host domain name zentyal domain lan SKIP NEXT Local domain for the server The last wizard will allow you to register your server In case you already have registered you just need to enter your credentials If you still don t have registered the server you can do it now using this form Both ways the form will request a name for your server This is the name that will identify your Zentyal server in the Zentyal Remote interface Initial configuration wizard SKIP FINISH Register your Zentyal Register this server server for FREE and get Server name zentyal these benefits Your Zentyal account Configuration backup in the cloud e zentyal me subdomain for your server Register with an existing account And much more coming soon Create a Zentyal account Email Password Required fields REGISTER SKIP FINISH Register your server Once you have answered these questions you will continue to configure all the installed modules Saving changes Saving changes in modules Current operation Enabling users module 13 of 35 operations performed Saving changes The installer will inform you when the installation is finished Installation finished Congratulations X g Your Zentyal installation has successfully finished Now you can go to the dashboard and start using your bra
94. e synchronous written communication in the organisation It is becoming increasingly important to use a system to help coordinate the daily work of employees within an organisation For this Zentyal integrates a groupware tool which allows users to share information such as calendars tasks addresses and so forth Finally you will see an introduction to voice over IP or VoIP this service offers each user an extension to easily make calls or participate in conferences Additionally through an external provider Zentyal can be configured to connect to the traditional telephone network and make phone calls to any country in the world at significantly reduced rates Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Electronic Mail Service SMTP POP3 IMAP4 Zentyal uses Postfix 6 as a MTA For the MDA POP3 IMAP it uses Dovecot 7 Both come with support for secure communication over SSL To fetch mail from external accounts Zentyal uses Fetchmail 8 6 Postfix The Postfix Home Page http www postfix org 7 Dovecot Secure IMAP and POP3 Server http www dovecotorg 8 http fetchmail berlios de SMTP POP3 IMAP4 server configuration with Zentyal Receiving and relaying mail To understand the mail system configuration the difference between receiving mail and relaying mail must be clear Reception occurs when the server accepts a mail message whi
95. e that will trigger the event as it occurs For the log monitor first you need to select which domains you want to use to generate events For every domain you can add filtering rules that depend on the domain Some examples are denied HTTP requests by the proxy DHCP leases for a given IP cancelled printer jobs and so on You can also create an event filter from an existing log query by clicking on the Save as an event button through Maintenance Logs gt Query Logs Full Report To control the selection of channels for event notification select the event dispatchers in the Configure dispatchers tab SEARCH N N N o mmia a nr o j n RSS RSS file Alerts xt Zentyal Remote Zentyal Remote kod f Y Log Log file None L Jabber Jabber Account zt Mail Mail Account xt f 10 7Y Page 1 Configure dispatchers page In a similar way to enable events you need to mark the Enabled box Except for the log watcher which writes its output to varNo g zentyal zentyal log all the other dispatchers require more configuration Mail You need to set the recipient s email address usually the Zentyal administrator You can also set the subject of the messages Jabber You need to set the Jabber server address and port that will be used to send the messages You also need to set the username and password of the user that will send the messages and the Jabber address of the administrator who will rece
96. e useful for human use or more frequently to be consumed by software It is extensively used in several anti spam applications SPF or DKIM Adding a new TXT record Host name p N This domain v zentyal v TXT data v spfi all ADD CANCEL Adding a text record To create a text record go to the field TXT records of the domain You can choose whether this record is associated with a specific hostname or the domain and its contents It is possible to associate more than one text record to each domain or hostname The service records provide information about the services available in your domain and which hosts are providing them You can access the list of Service records through the field Services of the domain list In each service record you can configure the Service name and its Protocol You can identify the host that will provide the service with the fields Target and Target port To provide better availability and or balance the load you can define more than one record per service in which case the fields Priority and Weight will define the server to access each time The less priority the more likely to be chosen When two machines have the same priority level the weight will be used to determine which machine will receive more workload The XMPP protocol used mainly for instant messaging uses these DNS records extensively Kerberos also needs them for distributed user authentication in different services Addina mfsias
97. ecause it makes easier for both users and for developers to make long term decisions regarding the development deployment and maintenance of the server and helps the Development Team to deliver well tested high quality software It 1s important to notice that all Zentyal releases are based on the Ubuntu LTS versions Each Zentyal release is based on the Ubuntu LTS version that is available at the moment the release is launched Zentyal Release Cycle There are three types of Zentyal server releases the Zentyal Development Team will publish during the Zentyal Release Cycle Beta versions Release Candidates and Stable versions The stable versions will be supported for three years after which they reach their end of life date and become unsupported Zentyal Beta versions Zentyal Beta versions are unstable software releases that are published from September to June These beta versions introduce new features that are not yet fully tested for bugs As the Zentyal Development Team follows the Release early release often guideline there might be an important number of beta versions published during this time period Beta releases always have odd major numbers 1 1 1 3 1 5 2 1 2 3 As Beta versions will eventually become stable releases this means that 2 1 series followed this pattern 2 1 1 2 1 2 2 1 3 2 1 10 2 1 11 21 X gt 2 2 The 2 3 series will follow this pattern 2 3 1 2 3 2 2 3 3 2 3 10 2 3 1
98. ed CACompromise the private key for the certification authority has been compromised affilliationChanged the issued certificate has changed its affiliation to another certification authority from other organization Superseded the certificate has been renewed and it is now replaced by a new one cessationOfOperation the certification authority has ceased its operations certificateHold certified suspended removeFromCRL currently unimplemented it provides delta CRLs support that is lists of certificates whose revoked status has changed Revoke a Certificate Common Name webserver example com Expiration Date 2022 09 10 18 42 00 Subject Alternative Names Reason z 3 cessationOfOperation VY a a ae REVOKE CANCEL Revoke a certificate When a certificate expires all the modules are notified The expiration date of each certificate is automatically checked once a day and every time you access the certificate list page 5 http en wikipedia org wiki ISO_3166 1 6 For more information about subject alternative names visit http www openssl org docs apps x509v3_config html Subject_Alternative_Name Services Certificates On Certification Authority Services Certificates you can find the list of Zentyal modules using certificates for their operation Each module generates its own self signed certificates but you can replace them with others issued by your CA You can generate a certificate for each service by d
99. efine a whitelist in the domain list below this options Domain filter settings Block not listed domains and URLs If this is enabled any domain or URL which is neither present neither in the Domains and Block sites specified only as IP CHANGE Domains and URL rules Add new SEARCH i facebook com Deny f p E o A d Page 1 Domains and URLs Finally at the bottom you have the list of rules where you can specify which domains you want to accept or deny To use the Domain categories you need in first place to load a categorized domain list You can load this list from HTTP Proxy Categorized list SEARCH shallalist shallalist Download 2 L 10 Page 1 KKO Categorized list Once you have configured the list you can choose which category will be denied from Domain Categories Editing category Category socialnet List File shallalist File Present Decision Deny All Y CHANGE CANCEL Domain categories social SEARCH Category List File File Present 10 7 Page 1 4 4 gt Ll Blocking access to social networks Using the two left tabs you can select which types of contents or files will be accepted by this profile either using MIME types or file extensions The MIME 3 types are a format identifier for Internet for example application pdf Settings Domains and URLs Domain categories MIME types File extensions
100. efining its Common Name If a previous certificate with the name does not exist the CA will create it automatically Services Certificates SEARCH Groupware Zarafa Gateway Server Zentyal f s z o Mail Mail SMTP server Zentyal j f Mail Mail POP IMAP server Zentyal v f Web Server Web Server Zentyal v Pa Zentyal Webadmin Zentyal Administration Web Server Zentyal f Y Page 1 Services Certificates Once enabled you need to restart the service to force the module to use the new certificate This also applies if you renew a certificate for a module As mentioned before to use the secure version of multiple protocols web email etc it is important that the name that appears in the Common name of the certificate matches with the name requested by _ a on 4 Cad 4 ere the client For example it the Common name ot your web certiticate 1s hostl example com and the client types in https Avww example com the browser will show a security alert and the certificate is not considered valid Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Virtual private network VPN service with OpenVPN Zentyal integrates OpenVPN 2 PPTP and IPsec to configure and manage virtual private networks In this section you will see how to configure OpenVPN the default VPN protocol in Zentyal In the following section you will find out how to configure PPTP and IPsec
101. egistries not associated with any of the services but rather with the Zentyal s administrative panel itself This feature is specially useful for servers managed by more that one person since you have a stored log of the successive configuration changes and executed actions for each user with their associated timestamps By default this feature is disabled If you want to enable it you just have to go to Maintenance gt Logs gt Configure logs and enable the audit domain as explained in the former section Current configuration SEARCH audit v one week f Events v one week f VPN x one week f Firewall v one week f samba v one week f printers v one week f mail v one week f mailfilter v one week f asterisk v one week f an v Danana 1 au g rayt tz Setting up audit log Once you have saved these changes go to Maintenance Logs Query logs to see the following two tables e Configuration changes Here you can see the module section type of event and current and former changes if applicable for all the configuration changes made after the audit log was enabled e Administrator sessions It contains the information related with all the administration login attempts successful or not session log outs and expired sessions for the different users with their associated IP addresses a e e 2012 09 22 19 10 04 administrator 192 168 56 1 Login 2012 09 22 19 10 02 administrator 192 168 56 1 Logout Query admi
102. end servers The growing importance of ensuring the authenticity integrity and nrivacv af cammunicatians hac increased interest in the denlawment af i ems wx YVR SY VAAALALAUUEARWUUEUIYEEDYD LIAU AEE Eww LLILUUVILIUVULU Ada ULawy SEY Et BABEL VE certification authorities These facilitate access to various services in a safe way Certificates allow configuration of SSL or TLS to securely access most services and provided certificates for user authentication By using VPN Virtual Private Network it is possible to interconnect different private subnets via the Internet in a completely safe way A typical example of this feature is the communication between two or more offices of the same company or organisation You can also use VPN to allow users to connect remotely and securely to the corporate network In addition to the openvpn protocol Zentyal offers you the PSec and PPTP protocols to ensure compatibility with third party devices and windows boxes where you do not want to install additional software Sometimes your deployment requires a few applications that can t be ported to Linux environments given their characteristics or age The Virtual Machines module offers you a way to integrate virtualized services in a simple elegant and transparent way to the final user Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store High level Zentyal abstractions Networ
103. equest not matching with any of this rules will be denied Filter profiles You can filter web pages with Zentyal depending on their contents You can define several filter profiles from HTTP Proxy Filter Profiles SEARCH a ee ee ee filter_marketing xt f k filter_developers it L k filters_management xt L k 10 7Y Page 1 Filter profiles for the different objects or user groups If you go to the Configuration of one of this profiles you can specify different criteria to adjust the content filters In the first tab you can find the Threshold and the antivirus filters To have the antivirus checkbox available you need to have the antivirus module installed and enabled Settings Content filter threshold Threshold z Strict v This specifies how strict the content filter is CHANGE Filter virus Use antivirus CHANGE Filter configuration This two filters are dynamic which means that they will analyse any web page to find inappropriate content or viruses The threshold can be adjusted to be more or less strict this will influence the number of Inappropriate words it will tolerate before rejecting a web page In the next tab Domains and URLs you can statically decide which domains will be allowed in this profile You can Block sites specified only as IP to avoid bypassing the proxy by just typing IP addresses and you can also decide to Block not listed domains and URLs if you want to d
104. equests size Kb 21 09 2010 02 00 1 1 1 0 0 Oo 0 21 09 2010 03 00 4 4 4 0 0 0 0 15 10 2010 15 00 287 262 1598 25 25 0 0 15 10 2010 16 00 z 5 0 0 5 4 0 o 15 10 2010 17 00 1 0 0 1 1 0 0 All All 298 267 1603 31 30 o 0 HD e WILLY Summarised report screen Configuration of Zentyal logs Once you have seen how to check the logs it is also important to know that you can configure them in the Maintenance gt Logs Configure logs section from Zentyal menu Current configuration 7 audit one week NN Events v one week VPN L ne nili e m Firewall E v one week samba 4 one week Pee v ee mail 4 one sii L LS 4 one week asterisk KA one week 10 v paei MULOJ Loe configuration screen Oo The values you can configure for each installed domain are Enabled If this option is not enabled no logs are written for this domain Purge logs older than This option establishes the maximum time during which the logs will be saved All the values that are older than the specified time will be discarded In addition you can also force the instant removal of all the logs before a certain time period You can do this by clicking on the Purge in the Force log purge section This allows selection of different intervals ranging from one hour to 90 days Log Audit for Zentyal administrators In addition to the logs available for the different Zentyal services there are two other log r
105. especially designed to scan email attachments in a MTA ClamAV uses a database updater that allows the programmed updates and digital signatures to be updated via thefreshclam program Furthermore the antivirus is capable of native scanning of a number of file formats such as Zip BinHex PDF and so on 4 Clam Antivirus http www clamav net In Antivirus you can check if the system s antivirus is installed and updated Antivirus Database Update Status Status Last update successful Date Fri Sep 21 20 29 07 2012 Signatures 1302178 Antivirus message You can update it from Software Management as you will see in Software updates It is optional to install the antivirus module but if you do install it you can see that it integrates several other Zentyal modules This integration increases the security of the configuration options of different services such as the SMTP filter HTTP proxy or file sharing Antispam The antispam filter gives each email aspam score and if the email reaches the spam threshold it is considered junk mail If not it is considered as legitimate email The latter kind of email is often called ham The spam scanner uses the following techniques to assign scores e Blacklists published via DNS DNSBL e URI blacklists that trac antispam websites e Filters based on the message checksum checking emails that are identical but with some few changes e Bayesian filter a statistical algor
106. ess of a DNS server NTP server NTP server that clients will use to synchronise their system clock It can be None Local Zentyal NTP or the IP address of another NTP server If you select your own Zentyal server as the NTP server make sure that the NTP module 6 is enabled WINS server WINS server Windows Internet Name Service 7 that clients will use to resolve names on a NetBIOS network It can be None Local Zentyal or another Custom If you select your own Zentyal server as the WINS server make sure that the File Sharing module 8 is enabled Under these options you can see the dynamic ranges of addresses and static allocations For the DHCP service to work properly you should at least have a range of addresses to distribute or static allocations otherwise the DHCP server will not allocate IP addresses even when listening on all network interfaces Ranges Add new SEARCH range 192 168 200 20 192 168 200 40 1p F Page 1 Configuring DHCP ranges Address ranges and static addresses available for assignment from a certain interface are determined by the static address assigned to that interface Any available IP address of the subnet can be used in ranges or static allocations In order to add a range in the Range section you have to introduce a name to identify the range and the values you want to assign within the range listed above You can perform static assignment of IP addresses to specific physical
107. eth1 192 168 56 1 192 168 56 252 TCP 51787 443 LOG 18 57 54 ae ethi 192 168 56 1 192 168 56 252 TCP 51787 443 DROP 18 57 54 ea ethi 192 168 56 1 192 168 56 252 TCP 51788 443 LOG 18 57 54 siete ethi 192 168 56 1 192 168 56 252 TCP 51789 443 LOG 18 57 54 peri etho 192 168 1 131 255 255 255 255 UDP 17500 17500 DROP precio etho 192 168 1 131 192 168 1 255 UDP 17500 17500 DROP Full report screen The Summarised reports allow you to select the time period of the report which may be one hour one day a week or a month The information you obtain is one or more graphics together with a summary table with total values of different data types In the image you can see for example daily request statistics and daily HTTP Proxy traffic HTTP proxy traffic report Report options Report time period Waral T Access requests 300 E Requests E Accepted requests WH Filtered requests E Denied requests 250 200 150 100 0 Mon Sep 20 2010 Sun Sep 26 2010 Sat Oct 02 2010 Fri Oct 08 2010 Wed Oct 13 2010 Tue Oct 19 2010 18 00 13 00 8 00 3 00 22 00 16 00 Traffic size 2000 Gl Denied traffic size Kb E Accepted traffic size Kb HM Filtered traffic size Kb 1500 1000 500 Sun Sep 26 2010 Sat Oct 02 2010 Fri Oct 08 2010 Wed Oct 13 2010 Tue Oct 19 2010 18 00 13 00 8 00 3 00 22 00 16 00 Web traffic details Coo a Accepted Denied User requests Accepted traffic Denied traffic requests size Kb r
108. etwork interface and an external interface is required The first step to configure this module is accessing Traffic Shaping Interface Rates and configuring the upload and download ratios associated with each one of the external interfaces depending on their bandwidth Traffic Shaping SEARCH a ethO 16384 Kb s 16384 Kb s f eth3 16384 Kb s 16384 Kb s f 10 7Y Page 1 Upload and download rates for the external interfaces Once you have configured the rates you can stablish the shaping rules accessing Traffic Shaping Rules where you can see two different types of rules Rules for Internal Networks and Rules for External Networks If the external network interface is shaped from the point of view of the user vou are limiting Zentval output traffic to the Internet If however you shape an internal network interface then the Zentyal output to internal networks is limited The maximum output and input rates are given by the configuration in Traffic Shaping Interface Rates As you can see shaping input traffic is not possible directly because input traffic is not predictable nor controllable most of the time There are specific techniques taken from various protocols used to handle the incoming traffic TCP by artificially adjusting the window size for the data flow in the TCP connection as well as controlling the rate of acknowledgements ACK segments being returned to the sender INTERNAL NET EXTERNAL NET WEB U
109. evelopment Team offers three years of support for the stable Zentyal versions This means that since the publication of a stable Zentyal version support for all security issues as well as commercial support and subscription services will be granted for this version during the next three years After this time period the stable version reaches its end of life date and becomes unsupported Bug management policy Each open source software project has its own bug management policy As mentioned previously the stable Zentyal versions are supported for three years during which support for all security issues is granted In addition to security issues other modifications might be added to fix several bugs at once The latest Zentyal version always includes all the bug fixes The project management tool Trac 4 is used by the Zentyal Development Team to manage bugs and other tasks It lets users open tickets to report problems and it is open to all users Once the ticket is created by a user its state can be tracked by the user through the web or e mail You may reach Zentyal Trac at http trac zentyal org 4 Trac is an enhanced Viki and issue tracking system for software development projects http trac edgewall org It is highly recommendable to report a bug when you are fairly sure that your problem is really a bug and not just an expected result of the program under determined circumstances To report a bug check first in the T
110. ffer cache Amount of memory that is cached for input output operations Memory used Amount of memory that is not included in any of the above Physical memory usage 333 79 MB 286 1 MB 190 73 MB 143 05 MB 95 37 MB 47 68 MB ____s _ ee 05 32 20 PM 342 2 MB 05 20 40 PM 05 43 20 PM 06 00 00 PM 06 16 40 PM D J3 43 E free MM page cache J buffer cache J used Memory usage graphic File system usage This graphic displays the used and free space of every mount point File system usage 05 10 00 HB used in free in File system usage graphic Temperature This graphic allows you to view the system temperature in Celsius degrees by using the ACPI system 1 In order to enable this metric the server must have this system installed and the kernel must support it 1 Advanced Configuration and Power Interface ACPI is an open standard to configure devices focused on operating systems and power management http www acpi info Temperature for sensor 0 16 36 40 16 53 20 17 10 00 E temperature Temperature sensor diagram graphic Bandwidth Monitoring Besides the monitoring module there is also a Bandwidth Monitoring module which monitors the network flow Using this module you can study the network use for each client connected to Zentyal s internal networks Once you have installed and enabled the module you can access it nd we T7 a 774 a through Network gt bandwidth
111. for the administrator account This user will have administration privileges and in addition the same user will be used to access the Zentyal interface Select a username for the new account Your first name is a reasonable choice The username should start with a lower case letter which can be followed by any combination of numbers and more lower case letters Username for your account administration lt Go Back gt lt Cont inue gt lt Tab gt moves lt Space gt s ts lt Enter gt activates buttons System username In the next step you are asked for the user password It is important to note that the user defined earlier can access using the same password both system via SSH or local login and the Zentyal web interface Therefore you must be really careful to choose a secure password more than 12 characters including letters numbers and symbols A good password will contain a mixture of letters numbers and punctuation and should be changed at regular intervals Choose a password for the new user KORO AK lt Go Back gt lt Cont inue gt lt Tab gt Password Here insert the password again to verify it Please enter the same user password again to verify you have typed it correctly Re enter password to verify PEEEEEEEEK lt Go Back gt lt Cont inue gt lt Tab gt moves lt Space gt selects lt Enter gt Confirm password In the next step you are asked for your time zone
112. from Configure widgets located in the upper part of the Dashboard Common name Address Connected since client1 192 168 45 145 39015 Fri Mar 27 14 46 04 2009 Widget with connected clients 3 For additional information about file sharing go to section File sharing and authentication service Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Virtual private network VPN service with PPTP Zentyal integrates pptpd 2 as its PPTP server This service uses the port 1723 of the TCP protocol and the GRE encapsulation protocol 2 http poptop sourceforge net Configuring a PPTP server in Zentyal To configure your PPTP server in Zentyal go to VPN gt PPTP In the General configuration tab define the subnet used for the VPN This subnet has to be different to any other internal network you are using in your local network or another VPN You can also define the Primary Nameserver and Secondary Nameserver In the same way you can configure the Primary WINS and Secondary WINS servers PPTP General configuration VPN Network Address 192 168 210 0 M oe Pri rimay Nameserver 192 168 0 1 Secondary Nameserver m Optional 192 168 0 2 Pri WINS a ere 192 168 0 1 Secondary WINS Optional CHANGE General configuration Given the limitations of the PPTP server it is not currently possible to integrate the LDAP users managed through Users and Groups
113. h usage for defined period 0 means no limit Period o CHANGE Captive Interfaces SEARCH K l G N Captive portal configuration Group If you define a group only users belonging to it will be allowed to access through the captive portal By default access is allowed to all registered users HTTP portand HTTPS port You can find the web redirection service under HT TP port and the registration portal in HT TPS port Zentyal will automatically redirect the web requests to the registration portal located in https ip_address https_port Captive interfaces Here you can find a list of all the internal network interfaces The captive portal will limit the access to the interfaces that are checked in this list You can also see a form that allows you to limit the bandwidth to a given amount over a given time interval To use this option you have to have the module Bandwidth Monitor installed and enabled If you have enabled a limit after enabling the captive limit over one of the interfaces the Bandwidth Monitor will also be enabled over the same interface You can see the configuration and reports going to Network gt Bandwidth Monitor Exceptions You can set up exceptions to the captive portal so that certain Objects or Services will be able to access the external network without having to pass through the log in forms Exceptions Add new SEARCH A Object DMZ 2 L Servic
114. haring service For the management of printers and their access permissions Zentyal integrates Samba as described in the Configuring a file server with Zentyal section As a printing system in coordination with Samba Zentyal integrates CUPS 1 Common Unix Printing System 1 http en wikipedia org wiki Common_Unix_Printing System Printer server configuration with Zentyal In order to share a printer in your network and allowing or denying users and groups access you need to have access to a printer from a host running Zentyal This can be done through direct connection parallel port USB or through the local network Besides that you will need to know the following information the manufacturer the model and the driver a printer uses in order to obtain good results during operation First it is worth noting that the configuration and maintenance of printers is not through the Zentyal interface but from the CUPS interface If you manage the Zentyal server locally then you do not need to do anything special but if you want to give access to other machines on the network you must explicitly allow access to the network interface by default CUPS will not listen to it for security reasons Select CUPS Interfaces SEARCH etho ethi v eth2 v 17 Page 1 Printer management The CUPS management port is by default 631 and you can access the management interface by using the HTTPS protocol via the network interface on which y
115. hat s what you have to configure in the client s browser The cache size controls the amount of space in the disk you are going to use to temporarily store web content It s configured using Cache Size You need a good estimation of the amount and type of traffic you are going to receive to optimize this parameter HTTP Proxy General Settings Transparent Proxy Enable Single Sign On Kerberos Ad Blocking Port 3128 Cache fil i MB ache files size MB 100 CHANGE Cache Exemptions Add new Transparent Proxy Exemptions Add new SEARCH Domain Name Address Skip Transparent Proxy Action www domain com A x f l Page 1 HTTP Proxy It s possible to configure which domains are not going to be stored in the cache For example if you have local web servers you will not improve the access storing a cache and you will waste memory that could be used for storing remote elements If a domain is in the cache exemption list the data will be retrieved delivered directly to the browser You can define this domains in Cache exemptions Also you may want to server some web pages directly from the original server for the privacy of your users or just because they don t operate correctly behind a proxy For these cases you can use the Transparent Proxy Exemptions The feature Enable Single Sign On Kerberos will allow you to automatically validate the user using the Kerberos ticket created at sessi
116. hem In the first place you need to make sure that the DHCP module will notify when the images are available This can be done with Zentyal s own DHCP module Thin client Next server Zentyal LTSP Y Host Optional Architecture 7 64 bits Y Fat Client CHANGE DHCP configuration Thin client Once the DHCP is configured you will need to make sure that you clients have Network boot as the first boot option generally this is configured through the BIOS of the computer To boot over the network your DHCP server will redirect it to the TFTP server that has the image MAC 08 00 27 6B 03 C3 UUID 56424f58 0000 0000 0000 0800276b03c3 Searching for server Me 192 168 200 21 DHCP 192 168 200 254 Gateway 192 168 200 254 Loading 192 168 200 254 7 l1tsp amd647pxelinux 0 tPXE entry point found we hope at 9F00 0680 via plan A NDI code segment at SFOO len OBZ20 NDI data segment at 9E00 len 1000 setting cached packet 01 O02 03 y IP address seems to be COA8C815 192 168 200 21 ip 192 168 200 21 192 168 200 254 192 168 200 254 255 255 255 0 BOOT IF 01 08 00 27 6b 03 c3 SYSUU ID 56424f 58 O000 0000 0000 0800276b03c3 FTP prefix ltsp amd64 rying to load pxelinux cfg default Pag El ctrl Derecho Client booting an image over the network Wlhan tha land finichaa wan hava wanr thin chant minnina VV LIU UL IVAU LIIIIOLIeD y vu Havut J VUL ULLI ULILLIL LUISE Ubuntu Thin Client Oracle VM VirtualBox Pe va
117. hen you are asked some questions First of all you are asked for information regarding your network configuration Then you need to define each network interface as internal or external in other words whether it will be used to connect to an external network such as Internet or to a local network Strict firewall policies will be applied to all the traffic coming in through external network interfaces Initial configuration wizard SKIP NEXT Network interfaces Gs o Configure interface types External interfaces connect to networks that are not under your control typically the Internet traffic coming from external networks is not trusted by default thus you will not be able to connect to Zentyal administration page through them eth0 Internal External eth1 Internal External eth2 Internal External SKIP NEXT Initial configuration of network interfaces Next you have to choose the local domain associated with our server if you have configured the external interface s using DHCP it may be filled automatically As said before our hostname will be automatically added as a host of this domain The authentication domain for the users will also take this name You can configure additional domains but this is the only one that will come pre configured to provide all the information that our LAN clients need for the network authentication protocol Kerberos Users and Groups Select the domain nam
118. his is the password that will be used Users DN Domain name of the users directory Groups DN Domain name of the groups directory In the lower part you can establish some PAM settings PAM settings Enable PAM y Default login shell bash v CHANGE PAM Settings in Zentyal Enabling PAM you will allow the users managed by Zentyal to also act as normal system users making possible to start sessions in the server for example SSH and SFTP In this section you also specify the default command interpreter for your users This option is initially configured as nologin blocking the users from starting sessions Changing this options will not modify the existing users in the system and will only be applied to the users created after the change Creating users and groups You can create users by going to Users and Groups Users menu and filling the following information Add User Username jsmith First name John Last st name smith Comment Optional Sales manager Password eeeeeeeee Retype password Group Sales Y ADD ADD AND EDIT Adding a user to Zentyal User name Name of the user on the system it will be the name used in the authentication processes Name Name of the user Surname Surname of the user Comment Additional information about the user Password Password that will be used in the authentication processes This information will have to be typed tw
119. ically generated acre 11 i 11 1 11 nourication mails will typically use postmaster as reply aaaress Maximum mailbox size allowed Using this option you could indicate a maximum size in MB for any user s mailboxes All mail that exceeds the limit will be rejected and the sender will receive a notification This setting could be overridden for any user in the Users and Groups gt Users page Maximum message size accepted It indicates if necessary the maximum message size accepted by the smarthost in MB This is enforced regardless of any user mailbox size limit Expiration period for deleted mails If you enable this option those mail messages that are in the users trash folder will be deleted when their dates exceeds the established limit Expiration period for soam mails This option applies in the same way as the previous option but refers to the users spam folder In addition to this Zentyal can be configured to relay mail without authentication from some network addresses To do this you can add relay policies for Zentyal network objects through Mail gt General gt Relay policy for network objects The policies are based on the source mail client IP address If relay is allowed by an object then each object member can relay e mails through Zentyal Add new SEARCH DMZ v x Relay policy for network objects Warning Be careful when using an Open Relay policy 1 e forwarding e mail f
120. ice to avoid typing errors Group Is possible to add the user to a group during the creation process From Users and Groups Users you can obtain a list of the users edit or delete them Users SEARCH dwalker David Walker yt jsmith John Smith yt mjones Martha Jones tt 10 7Y Page 1 List of users in Zentyal While editing a user you can change all the details except the user name and the information that is associated with the installed Zentyal modules These contain some specific configuration details assigned to users You can also modify the list of groups that contain this user Administration of user jsmith First name John Last name Smith Comment Optional Sales manager User quota MB 100 Password Retype password CHANGE User groups Other groups Sales Developers Management Marketing 4 Editing a user Editing a user you can e Create an account for the jabber server e Create an account for the filesharing or PDC with a personalised quota e Create an e mail account for the user and alias for it e Assign a telephone extension for the user e Enable or disable the user account for Zarafa and check if it has administrator rights You can create a group from the Users and groups gt Groups menu A group will be identified by its name and can also contain a description Add Group fernaun nama WI VUP IIIC Developers Comment developers and system tional
121. idgets 28 Community Business Dashboard Time Wed Sep 19 13 28 59 CEST 2012 Register for Free Small Business Edition eae Hostname ieentral Documentation Enterprise Edition Forum ified Traini System X Core version 3 0 Report a bug Official Manual om Software 2 security updates Your Zentyal Server Account x interne z System load 0 14 0 11 0 11 Savername D Software Management Uptime Haz Connection status Not registered Register now Dashboard configuration One of the important widgets in the Dashboard displays the status of all modules installed on Zentyal Module Status Network Firewall Certification Authority DHCP Running Running Not created Disabled A DNS Running Kestart Events Running Restart FTP Running Restart Logs Running Restart Monitoring Running Restart NTP Running Restart VPN Running Restart Zentyal Remote Client Not subscribed Users and Groups Running Web Server Running Restart Widget showing status of the modules The image shows the status of a service and the action you can carry out for this service The different statuses are Running The service is running and listening to client connections You can restart a service using Restart Running unmanaged If you haven t enabled the module yet it will be running with the default configuration set by the distribution Stopped The service is stopped either because the administrato
122. ients 6 and finally click on Create image Image Creation Architecture F 64 bits Y Fat Image CREATE IMAGE Creating thin client image After this you are informed that Zentyal will proceed with the creation of the image You can follow the progress through a widget available in the Dashboard Status Building image No users connected Widget with the status of the new image Once the process has finished you can see the list of available images by returning to the Thin clients tab Create thin client images Image Creation Architecture 32 bits Fat Imaae eee CREATE IMAGE Available Images SEARCH farsitctre ratzmce tact appieaions acon xt y 64 bits io Y Pagei ES G ee Update Image List of available images As you can see it is possible to update the image This will allow to update the core of the operating system or the local applications within the image Through this menu you can also configure those applications that will be considered as local applications 64 bits Local Applications Local Applications Applications PP firefox libreoffice Enter the applications separated by spaces INSTALL APPLICATION Applications that will be run locally The local applications will allow to run some applications in the thin client hardware This can be useful option if the applications are creating too much load for the server or network traffic As you can see i
123. ients and set the external IP addresses to which the VPN clients must connect As you can see the image below you have one main VPN server and up to two secondary servers depending on the Connection strategy you will try establishing connection in order or trying a random one Moreover if the selected system is Windows you can also add an OpenVPN installer The Zentyal administrator will download the configuration bundles to the clients using the most appropriate method Download Client Bundle Client s e p Linux v Client s certificate myuser v Add OpenvVPN s installer to bundle Connection strategy Random Y S dd erver address 20 20 20 20 Additional server address optional Optional Second additional server address optional Optional DOWNLOAD Download client bundle A bundle includes the configuration file and the necessary files to start a VPN connection You now have access to the data server from both remote clients If you want to use the local Zentyal DNS service through the private network you need to configure these clients to use Zentyal as name server Otherwise it will not be possible to access services by the hosts in the LAN by name but only by IP address Also to browse shared files from the VPN 3 you must explicitly allow the broadcast of traffic from the Samba server You can see the users currently connected to the VPN service in the Zentyal Dashboard You need to add this widget
124. in System gt General General configuration Change administrator password User name Current password New passwor d Confirm Password CHANGE Language selection English CHANGE Time zone CHANGE Date and time 19 9 2012 14 2 Administration interface TCP port 443 CHANGE Hostname and Domain CHANGE General configuration Password You can change the password of a user It is necessary to introduce his her Username Current password New password and to confirm the password again in the Change password section Language You can change the interface language using Select a language Time Zone You can specify city and country to adjust your time zone offset Date and Time You can specify the date and time for the server as long as you are not synchronizing automatically with an external NTP server Administrative interface port By default it is the HTTPS port 443 but if you want to use it for the web server you must change it to another port and specify it in the URL when you access https ip_address port Hostname It is possible to change the hostname or the hostname for example zentyal home lan The hostname is helpful because the server can be identified from other hosts in the same network Warning You have to be careful if you intend to change the machine host name or local domain after the installation because the authentication configuration Kerberos that was
125. in order to be processed For example the arrow Internal Networks which goes from LAN 2 to Internet means that one of the LAN hosts is the source and the host in the Internet is the destination but the connection will be processed by Zentyal which is the gateway for that host Zentyal provides a simple way to define the rules that will compose the firewall policy The definition of these rules uses the high level concepts as defined in Network services section to specify which protocols and ports to apply the rules and in Network objects section to specify to which IP addresses source or destination are included in rule definitions Configure Rules Add new SEARCH pemen sours sevice tection t Any Desktop Services x t Any FTP rA t Any Kerberos x f r Any LDAP a t Any Servidor Web HFA t Any NTP HFA Any DNS rA a Any DHCP x al Any TFTP SN a t Any SSH x a IO Page 1 of 2 List of package filtering rules from internal networks to Zentyal Normally each rule has a Source and a Destination which can be Any an IP address or an Object in case more than one IP address or MAC address needs to be specified In some sections the Source or Destination are omitted because their values are already known for example Zentyal will always be the Destination in the Traffic from internal networks to Zentyal section and always the Source in Traffic from Zentyal to external networks Additionallv each rule is alwavs a
126. ina Cymraeg Dansk Deutsch Dzongkha EXANULKO Esperanto Espanol Eesti Euskara Suomi Francais Language Gaeilge Galego Gujarati 1p faba Hindi Hrvatski Magyar Bahasa Indonesia Italiano Aza doboymo Kasak Khmer ost 0 Kurdi Lietuvi kai Latviski HaAKEAOHCKN Malayalam Marathi Nepali Selection of the language Wolof HZ jal te hye SERS Nederlands Norsk bokmal Norsk nynorsk Punjabi Gurmukhi Polski Portugu s do Brasil Portugu s Romana PyccKul Samegillii Sloven ina Sloven ina Shqip Cpncku Svenska Tamil Thai Tagalog Turkce YkKPalHcbKa Ti ng vi t You can install Zentyal by using the default mode which deletes all disk contents and creates the partitions required by Zentyal by using LVM 5 or you can choose the expert mode which allows customised partitioning Most users should choose the default option unless they are installing on a server with RAID software or they want to create special partitioning according to specific requirements zentyal en hd Fi Help Fe Language Install Zentyal INSTALL centya 3 0 d heck dis elete all disk Lexpert mode Installer start In the next step choose the language for your system interface To set the language you are asked for your country in this example the United States is chosen Select your location The selected location will be used to set your time zone and also for example to help select the system l
127. ion ryp Any ESP Authentication Any v ESP DH Group oy ESP Keylife 3600 Enable PFS Authentication configuration Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Virtualization Manager Zentyal offers easy management of virtual machines by integrating the KVM 1 solution 1 http en wikipedia org wiki Kernel based_Virtual_Machine Creating virtual machines with Zentyal Through the Virtual Machines menu you can access the list of currently available machines as well as add new ones or delete the existing ones You also have other maintenance options that will be described in detail in the next section When you create a machine you have to click in Add new and then fill the following parameters Name Just for identification purposes it will also be used to pick the file system path where you will store the data associated with this machine but essentially you can enter any alphanumeric label and decide whether you want to Autostart If this option is enabled Zentyal will be in charge of starting or stopping the machine along with the rest of the services otherwise Zentyal will just create the machine the first time you configure it and save changes The system administrator will be in charge of performing these actions manually when he she considers necessary Adding a new virtual machine Name slitazLinux Auto
128. ist of modifiable parameters Some of the most used will be ups delay shutdown Time delay after sending the shutdown signal to the server when the UPS shuts down itself or battery charge low battery threshold to send the shutdown signal to the server Example of variables available for the UPS Variables de SAI BUSCAR e battery charge 100 battery charge warning 50 battery date 2001 09 25 battery mfr date 2006 11 25 battery runtime 7725 battery temperature 29 2 battery type PbAc battery voltage 27 4 battery voltage nominal 24 0 device mfr AmericanPowerConversion 10 v Pagina 1 de 5 4 4 gt Ch UPS Variables The variables are read only parameters for example battery charge or battery temperature Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Monitoring Monitoring in Zentyal The monitor module allows the administrator to view the status of system resources from the Zentyal server This information is essential to assist with both troubleshooting and advanced planning of resources in order to avoid problems Monitoring is displayed using graphics which give a quick overview of resource usage trends You can see the graphical monitor by viewing the menuselection Monitor module Placing the cursor somewhere over the line on the graphic you are interested in the exact value for a given instant can be determined Yo
129. ithm that learns from its past mistakes when classifying an email as spam or ham e Static rules e Other 5 Zentyal uses Spamassassin 6 as spam detector 5 You can find a long list of antispam techniques at http en wikipedia org wiki Anti spam_techniques_ e mail 6 The Powerful 1 Open Source Spam Filter http spamassassin apache org The general configuration of the filter is done from Mail filter Antispam Antispam Antispam configuration Spam threshold 5 Spam subject tag ptional Q o Use Bayesian classifier Auto whitelist K Auto learn f Autolearn spam threshold 14 Autolearn ham threshold 1 CHANGE Sender policy F Add new Train bayesian spam filter Mailbox Seleccionar archivo No se ha seleccionado ningun archivo Mailbox contains spam Y TRAIN Antispam configuration Spam threshold Mail will be considered spam if the score is above this value Spam subject tag Tag to add to the mail subject in case it is spam Use Bayesian classifier If marked Bayesian filter will be used Otherwise it will be ignored Auto whitelist Considers the account history of the sending server when giving the score to the message if the sender has sent plenty of ham emails it is highly probable that the next email will be ham and not spam Auto learn If marked the filter will learn from the received messages which score passes the auto learn thresholds Autolearn spam
130. ive Portal Tip Most browsers will automatically block the pop up you have to always allow pop ups from Zentyal amp amp beeps 192 168 156 101 4443 zentyal Popup fr bed zentyal Keep this window open white using your Internet connection Logout Session window Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Intrusion Detection System IDS Zentyal integrates Snort 2 one of the most popular IDS available for both Windows and Linux systems 2 http www snort org Configuring an IDS with Zentyal Configuration of the Intrusion Detection System in Zentyal is very easy You only have to enable or disable a number of elements First you have to specify which network interfaces you need IDS to listen on After this you can choose different groups of rules that will matched to the captured packets in order to obtain alerts in case of positive results You can access both configuration options through the DS menu In this section on the nterfaces tab a table with all the configured network interfaces will appear All of them are disabled by default due to the increased network latency and CPU consumption caused by the inspection of the traffic However you can enable any of them by clicking on the checkbox SEARCH etho s NIN ethi N eth2 Network interface configuration for IDS In the Rules tab you have a table
131. ive the notifications From this page you can also create a new Jabber account with these new parameters in case they do not exist RSS You can select the policy for authorised readers as well as the feed link The public feed can be made private or authorised by source IP address or object Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Uninterruptible power supply UPS Configuration with Zentyal If you want to configure an UPS with Zentyal you will have to connect it to your server Install and enable the UPS Management module and go to Maintenance UPS Attached UPSs Attached UPSs Add new SEARCH reine emo oe rene es Main_UPS RS8000 APC Back UPS RS USB Autodetect EJ VA Ge oe HOW List of configured UPS You have to fill the following parameters to configure a new UPS hardware Adding a new UPS UPS label Mainups si The label to identify this UPS in case you define more than one page tor RS8000 o Optional UPS description j APC v Back UPS RS USB USB v usbhid ups Y Additional information Driver The manufacturer of your UPS Port Autodetect Y Serial number Optional ADD CANCEL Adding a new UPS UPS label Label to name this UPS Description Description associated to this UPS Driver Driver that will manage the data read and write in our UPS you have to enter the manufacturer i
132. k objects Network objects represent network elements or a group of them They allow you to simplify and consequently make it easier to manage network configuration network objects allow you to give an easily recognisable name to elements or a group of them This means you can apply the same configuration to all elements For example instead of defining the same firewall rule for each IP address of a subnetwork you could simply define it for the network object that contains the addresses SERVER 192 168 1 23 32 MAC 00 FA BA DA 00 01 OBJECT INTERNAL_NET1 MEMBER 192 168 200 0 24 SALES DEPARTMENT OBJECT MEMBER 192 168 200 0 24 MEMBER 192 168 1 23 32 00 FA BA DA 00 01 Representation of network objects An object consists of any number of members Each member consists of a network range or a specific host Management of Network objects with Zentyal To start working with the Zentyal objects go to Network gt Objects section Initially you will see an empty list with the name of all the objects and a series of actions you can carry out on each of them You can create edit and delete objects that will be used later by other modules Objects List Add new SEARCH DMZ it o ke Guests xt 7 i IT it 7 Sales xt 7 b 10 Y Page 1 Network objects Each one of these objects consists of a series of members that can be modified at any time The members must have at least the following v
133. ke into account that at the moment of expiration all certificates issued by this CA will be v revoked stopping all services depending on those certificates Once the CA has been initialised you will be able to issue certificates The required data are the Common Name of the certificate and the Days to expire This last field is limited by the fact that no certificate can be valid for a longer time than the CA In case you are using the certificate for a service such as a web server or mail server the Common Name of the certificate should match the domain name of that server For example if you are using the domain name zentyal home lan to access the web administrative interface in Zentyal you will need a certificate with the same Common Name In case you are setting a user certificate the Common Name will usually be the user s email address Optionally you could set Subject Alternative Names 6 for the certificate These are useful when setting common names to a certificate a domain name or an IP address for a HTTP virtual host or an email address when signing email messages Once the certificate is issued it will appear in the list of certificates and it will be available for the administrator and for the rest of modules Through the certificate list you can perform several actions on the certificates e Download the public key private key and the certificate e Renew the certificate Revoke the certificate e Reissue a
134. kup Zentyal will not perform any scheduled incremental copy Backup process starts at This field is used to set the time a backup copy is started for both the full and the incremental backup It is a good idea to set it to a time frame where no other activities are being performed in the network because it can consume a lot of upstream bandwidth Keep previous full copies This value is used to limit the total number of copies that can be stored You can limit by number or by age If you limit by number only the set number of copies plus the last complete copy will be stored If you limit by age you will only save full copies that are newer than the indicated period When a full copy is deleted all the incremental copies associated with it are also deleted Configuration of the directories and files that are saved From the Includes and Excludes tab you can configure the specific data you want to backup The default configuration will perform a copy of all the file system except the files and directories explicitly excluded In case you are using the method File system the destination directory and all its contents will be excluded as well You can set path exclusions and exclusions that match a regular expression Exclusions by regular expression will exclude any path which matches the expression Any excluded directory will also exclude all its contents In order to further refine the backup contents you can also define i
135. l login screen is available at hitp Zentyal s address webmail using the browser Then the user has to enter his her e mail address and password Only the real e mail addresses are accepted for login not aliases roundcube Free webmail for the masses Welcome to Zentyal webmail Login Webmail login flied mail E address Book al_ Settings ED Logout roundcube Free webmail for the masses Folders Subject From Date ooon Th Size Ae example jsmith zentyal domain lan Today 18 40 1 KB Z Drafts E sent E Trash Junk 1 tev 0 Select i mAH fk _ Threads Show preview pane Messages 1 to 1 of 1 Example of a mail received using webmail SIEVE filters The webmail software also includes an interface to manage SIEVE filters This feature is only available if the ManageSIEVE protocol is enabled in the e mail service Check out Sieve scripts and ManageSieve protocol section for more information Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Groupware service Zentyal integrates Zarafa 1 as a complete solution for groupware environment aiming to offer an alternative to Microsoft Exchange 1 http www zarafa com Configuration of a groupware server Zarafa with Zentyal General configuration In order to use Zarafa you must start with a mail server configured as explaine
136. ll them using the web interface through the software module 5 If you have a commercial server subscription 6 quality assured software updates will be automatically applied to your Zentyal server to guarantee your installation with maximum security and uptime 5 Software updates section shows this module in depth 6 http www zentyal com services subscriptions Technical support Open source software projects usually provide technical support to the users through different methods Zentyal is not an exception You must distinguish between two kinds of support the support provided to and by the community which is free and the commercial support provided by companies that charge a fee for their services Community support Community support is provided mainly on the Internet There are many occasions in which the community is able to support itself That is the users help each other The community members are an important even fundamental providers of information for the product development Users contribute by discovering hidden bugs and help developers to improve the product so it becomes more attractive to more users This voluntary support logically does not offer any guarantees If a user asks a question it is possible that no reply is given depending on the question format timing or any other circumstances Zentyal community support channels is centered on the forum 7 although mailing lists 8 and IRC cha
137. lm concept similar to that of domain In the service records SRV you can find information about the hosts and ports required for user authentication Again if you decide to remove this domain it would be useful to replicate this information in the new domain You can have simultaneously all the domains you want this will not cause any problem for the previously mentioned authorization methods To configure a new domain display the form by clicking on Add new You can configure the Domain name from here Domains Adding a new domain Domain example com ADD CANCEL Adding a new domain You will see that within the domain you can configure different names in the first place the IP Addresses of the domain A typical case is to add all Zentyal IP addresses to the local network interfaces as IP addresses of the domain Once the domain has been created you can define as many names Type A as required within the table Hostnames For each one of these names Zentyal will automatically configure reverse resolution Moreover for each name you can define as many Alias as necessary Again you can associate more than one IP address to your hostname eer c that can help the clients to balance between diiferent servers tor example two replicated LDAP servers with the same information Adding a new host name Host name betelgeuse ADD CANCEL Adding a host Normally the names point to the host where the service is running a
138. logs database Backup Date Fri Sep 21 02 07 21 2012 Y CHANGE Restoring services Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Zentyal Unified Communications In this section you will see the different communication services integrated in Zentyal which enable centralised management of an organisation s communications and allow users to work with all them using the same password To start with the e mail service is described It allows quick and easy integration with the user s e mail clients offering also spam and viruses prevention Since email became popular it has suffered from unwanted mail sent in bulk This type of mail is often used to deceive the recipient in order to obtain money fraudulently or simply unwanted advertising You will also see how to filter incoming and outgoing e mail within your network and to avoid both the reception of unwanted emails and block outgoing mail from any potentially compromised computer of your network The corporate instant messaging service based on Jabber XMPP 1s also described This module provides an internal IM service without having to rely on external companies or an Internet connection and ensures that conversations will be kept confidential preventing data being passed through third parties This service provides conference rooms It allows through the use of any of the many available clients to hav
139. mentation Screenshots Forum Contribute Store Software updates Like any other software system Zentyal server requires periodic updates either to add new features or to fix defects or system failures Zentyal distributes its software as packages and it uses Ubuntu s standard tool APT 1 However in order to ease this task a web interface is provided to simplify the process 2 1 Advanced Packaging Tool APT is a system for the management of software packages created by the Debian Project which greatly simplifies the installation and removal of programs on Linux http wiki debian org Apt 2 For amore extensive explanation on how to install software packages in Ubuntu please read the chapter on package management in Ubuntu s official documentation https help ubuntu com 12 04 serverguide C package management html The web interface allows checking for new available versions of Zentyal components and installing them in a simple way It also allows you to update the software supporting Zentyal mainly to correct potential security flaws Management of Zentyal components The management of Zentyal components allows you to install update and delete Zentyal modules To manage Zentyal components you must access Software Management gt Zentyal components Install Search fcomponent tatta sea Antivirus 3 0 Backup 3 0 J Bandwidth Monitor 3 0 Captive Portal 3 0 File Sharing and Dom
140. n access to the terminal of the virtual machine using the VNC protocol Start Stop It allows you to start or stop the machine depending on its current state In case the machine is in Pause state the start button will resume execution Pause Continue From here you can pause the execution of the machine while it is running without losing the running state Once the machine is pause you can click the same button to resume execution At the top left you can also see an indicator that be either red yellow or green depending whether the machine is stopped paused or running View Console slitazLinux Connected unencrypted to QEMU slitazLinux Dx A Be Thursday 13 September 04 My Documents Documentation Example window showing the console window of a machine Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Zentyal Gateway This chapter focuses on the functionality of Zentyal as a gateway Offering more reliable and secure networks bandwidth management and clear definition of connection and content policies One of the main chapters is dedicated to the firewall module which allows you to define connection management rules for both the incoming and outgoing traffic To simplify the firewall configuration you will categorize the types of traffic depending on their origin and destination and you will also use your defined objects
141. n the following section to make this work it is necessary to enable the Local applications in the General configuration tab 6 https help ubuntu com community UbuntuLTSP FatClients In the context of LTSP you can find a series of differences between thin clients and fat clients The most important differences are e Fat clients use ther own RAM and CPU to run processes e In fat clients the home directories will be mounted locally in thin clients they are accessed remotely e In fat clients the desktop environment is installed and run locally General server configuration Once you have the thin client image s prepared you have to carry out the general server configuration General Options Limit one session per user Network Compression Local applications Local devices AutoLogin Guest Login Sound Keyboard Layout English v Time Server Optional f e Shutdown Time None Y Fat Client RAM Threshold MB a ien reshold MB 500 CHANGE Other Options Add new General configuration of thin client server Limit to one session per user Prevent the same user having multiple open sessions simultaneously Network compression Send the network traffic compressed useful to reduce the network load at the expense of higher computing load Local applications Allow applications that will be run on thin clients Local devices Allow the use of local appliances such as USB memories from
142. n the left field and model in the next one In the last field you can see the associated driver Port UPS using serial ports can not be auto detected so you will need to specify the port If you are using USB UPS Autodetect should be enough Serial number In case you have several UPS attached to your server s USB you can stablish specific configuration differentiated by the serial number If you go to Configuration of your UPS you can edit the configurations and browse the avaiable variables Warning Depending on the model of your UPS different configuration parameters will be published However they usually have a similar set of parameters and names Example of available configurations for our UPS Editando Configuracion Configuraci n ups delay start Descripcion Interval to wait before re starting the load seconds Valor 30 CAMBIAR CANCELAR Configuraciones de SAI BUSCAR ere er er battery charge low Remaining battery level when UPS switches to LB percent battery runtime low Remaining battery runtime when UPS switches to LB seconds 120 5 input sensitivity Input power sensitivity high L input transfer high High voltage transfer point V 252 2 input transfer low Low voltage transfer point V 208 L ups delay shutdown Interval to wait after shutdown with delay command seconds 20 L 10 paginas MOLOLA Available configuration parameters If you go to UPS settings you will see a l
143. nclusions when the path matches an inclusion before it matches with an exclusion it will be included in the backup The order of application of inclusions and exclusions can be changed using the arrow icons The default list of excluded directories is mnt dev media sys tmp var cache and proc It is a bad idea to include any of these directories because they may cause the backup process to fail A full copy of a Zentyal server with all its modules but without user data will be around 300MB Includes and Excludes Add new SEARCH Exclude path var tmp x lt f y Exclude path var cache 7 Exclude path var spool x lt f Exclude path tmp o f Exclude path media x lt f Exclude path mnt amp Exclude path sys x lt f Exclude path proc Va Exclude path dev x Inclusion and Exclusion list Checking the status of the backups You can check the backups status in the Remote Backup Status section Within this table you can see the type of backup full or incremental and the execution date Remote Backup Status SEARCH Incremental Fri Sep 21 02 07 21 2012 Full Fri Sep 21 02 06 34 2012 Page 1 Available backup list Restore files There are two ways of restoring a file Depending on the file size or the directory you want to restore It is possible to restore files directly from Zentyal server s control panel In the System gt Backup Restore files section you hav
144. nd the aliases to the services hosted For example the host amy example com has the aliases smtp example com and mail example com for mail services and the host rick example com has the aliases www example com and store example com among others for web services Tip When you add hosts or host s alias to a domain the domain name itself it s implicit So you will add www not www domain example Domains gt zentyal domain lan betelgeuse Alias F Add new SEARCH www x lt 10 F Page 1 Adding a new alias Additionally you can define the mail servers responsible for receiving messages for each domain In Mail exchangers you will choose a server from the list defined at Names or an external list Using Priority you can set the server that will attempt to receive messages from other servers If the preferred server fails the next one in the list will be queried Adding a new Mail exchanger record Host name This domain Y betelgeuse Y Preference 10 ADD CANCEL Adding a new mail exchanger It is also possible to set NS records for each domain or subdomain using the table Name servers Adding a new name server record Host name 7 This domain Y betelgeuse Y ADD CANCEL Name servers SEARCH zentyal x lt Adding a new name server T h etext records are DNS registers that will offer additional information about a domain or a hostname using plain text This information could b
145. nd new Zentyal server GO TO THE DASHBOARD A Initial configuration is finished Just click the button and access the Dashboard your Zentyal server is now ready zentyal Community Edition b E Q Dashboard Se Time Wed Sep 19 12 19 10 CEST 2012 Saney Suainese aoe Register for Free Small Business Edition Documentation Enterprise Edition Module Status Hostname zentyal Forum Certified Training Report a bug Official Manual System v Core version 3 0 i Software 2 security updates Your Zentyal Server Account Maintenance y System load 0 32 0 50 0 48 Server name None Software Management Uptime ob Connection status Not registered Register Registration ii inom 0 Server edition None Register for Free Technical support Disabled Enable Network Interfaces Firewall j v etho Security Updates Disabled Enable Status up external link ok Configuration Disabled backup DHCP MAC address 08 00 27 7b 9c e3 DHCP leases DNS IP address 192 168 1 138 No entries in this list Certification 2 Tx bytes Rx bytes VPN 0B 0B Network Running NTP 1 B 1 B Firewall Running v eth1 airi Authority Not created Users and Groups X Status up internal link ok DHCP Disabled FTP MAC address 08 00 27 da a7 ca DNS Running Restart Web Server IP address 192 168 56 252 i Restart Tibii EEEN Events Running Restar 1B 1B FTP Running Restart 0B 0B Logs Running Restart 1B 1B Monitoring Running Restart v eth2
146. nding on the metric you can also set other parameters for instance you can receive alerts for the free space in hard disk metric or the short term load in system load metric and so on Each measure has a metric that is described as follows System load The values must be set in average number of runnable tasks in the run queue CPU usage The values must be set in jiffies or units of scheduling Physical memory usage The values must be set in bytes File system The values must be set in bytes Temperature The values must be set in degrees Once you have configured and enabled the event at least one observer must also be configured The observer configuration is the same as the configuration of any other event Check the Events and alerts chapter for more information Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Automatic Maintenance with Zentyal Remote Zentyal Remote Zentyal Remote is a remote monitoring and management platform offered to the users of the commercial Zentyal server editions and it is specially designed to ease the tasks of system administrators and managed service providers This platform allows to centralize the IT infrastructure maintenance and troubleshooting of any business or a group of businesses as well as to access remotely in a secure way to both servers and desktops test user HELP SETTINGS Zentyal Remote
147. ne the email quota i e the maximum mailbox size each user can have The user will receive a notification email when the specified percentage in the first limit is exceeded and if the second limit is exceeded the user will not be allowed to continue sending emails until they have freed up some space When a user reaches the maximum quota emails sent to this user will be rejected You can configure the mail domains that will be managed by Zarafa going to Groupware Virtual Mail Domains List of Domains SEARCH 4 zentyal domain lan f 20 F Page 1 Configuration of a Zarafa account As mentioned earlier besides an email account each user should have a Zarafa account Furthermore the quota defined in the mail module for each user will be applied to Zarafa this can be unlimited globally defined or specifically set per user 4 http doc zarafa com 7 1 User_Manual en US html _configure_outlook html _installation_of_the_outlook_client 5 https store zentyal com User configuration Accessing the configuration of your users you can modify the following Zarafa parameters Zarafa account User account Enabled Y Administration rights _ Enable POP3 access y Enable IMAP access w Shared store only Auto accept meeting requests __ Zarafa takes quota settings from mail account settings CHANGE Per user Zarafa parameters User account Whether this user has Zarafa access enabled or not Adminictratinn rinhte AA
148. need to be queried from internal networks that are not directly configured in Zentyal Although this case is quite rare it may occur in networks with routes to internal segments or VPN networks Zentyal allows configuration of the DNS server to accept queries from these subnets by a configuration file You can add these networks to the file etc zentyal 80dns conf with the option intnets Internal networks allowed to do recursive queries to Zentyal DNS caching server Localnetworks are alre allowed and this settings is intended to allow netwo reachable through static routes Example intnets 192 168 99 0 724 192 168 98 0 724 intnets 5 Si Ss a ss 4 gt After restarting the DNS module the changes will be applied Zentyal s DNS cache server will query root DNS servers directly to find out which authoritative server will solve each DNS request Then it will store the data locally during the time period set in the TTL field This feature reduces the time required to start every network connection giving the users a sensation of speed and reducing the overall Internet traffic The search domain is basically a string that is added to a search in case a user defined string is unresolvable The search domain is set on the clients but it can be provided automatically by DHCP so that when the clients receive the initial network configuration they can also receive the search domain For example your search domain could b
149. networks to Zentyal example allow access to the file server from the local network e Traffic between internal networks and from internal networks to the Internet example restrict access to Internet or to specific addresses to some internal clients and restrict communication between internal networks e Traffic from Zentyal to external networks example allow to download files using HTTP from the server itself e Traffic from external networks to Zentyal example allow the mail server to receive messages from the Internet e Traffic from external networks to internal networks example allow access to a internal server from the Internet You have to take into account that the last two types of rules could compromise the security of Zentyal and the network so you must be very careful when modifying them EXTERNAL NETWORKS TO ZENTYAL INTERNAL NETWORKS TO ZENTYAL A X gt gt LAN INTERNAL NETWORKS TRAFFIC COMING OUT FROM ZENTYAL TRAFFIC COMING OUT FROM ZENTYAL lt ___ _ ZENTYAL INTERNAL NETWORKS EXTERNAL NETWORKS TO INTERNAL LAN 2 Schema illustrating the different traffic flows in the firewall Studying the image above you can determine which section you will need depending on the type of traffic you want to control in the firewall The arrows only signal the source and destination naturally all the traffic must go though Zentyal s firewall
150. nistration logs Since there are some actions in Zentyal that take effect instantly like restarting a server and some others that are not applied until you save the changes like most of the configuration changes the audit log treats them in a different way The instant actions will be logged permanently until the registry is purged and the ones pending to save will be displayed in the save changes interface itself offering the system administrator a summary of all the modifications since the last save point or in case you want to discard changes the actions will be removed from the log Save changes 2012 09 22 Certification Certification The action issueCertificate vpn 19 05 24 Authority Authority vpnserver has been executed 2012 09 22 VPN List of A new server sri has been added SAVE DISCARD CHANGES Logs saving changes Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Events and alerts Events and alerts configuration in Zentyal The events module is a convenient service that allows you to receive notifications of certain events and alerts that occur on your Zentyal server Zentyal allows you to receive these alerts and events via the following dispatchers Mail 1 Jabber Logs RSS 1 The mail module needs to be installed and configured Electronic Mail Service SMTP POP3 IMAP4 Before enabling any event you have to make sure that
151. nnels 9 are also available 7 http forum zentyal org 8 http lists zentyal org 9 irc freenode net server Zentyal English and Zentyal es Spanish channels All this information is available with further documentation in the community section of Zentyal web site http www zentyal org Commercial support The commercial support allows the user access to obtain support as a professional service Unlike community support the commercial support offered by Zentyal Development Team or Authorized Zentyal Partners offers several guarantees e Maximum response time depending on the service package the response time will be different e Support from well trained professionals backed by the Zentyal Development Team e Additional features which add value to the product and are not available to the community In addition to this commercial support ensures no time is wasted trying to find out what hardware you should purchase what modules you should install how to make the initial configuration how to integrate Zentyal with existing systems etc These advantages are pretty clear for companies whose business relies on this software Copyright 2004 2012 Zentyal S L
152. o add to the list of servers known by SSH If you do not perform this operation the backup will not work because the connection with the server will fail Host or destination For remote methods you have to enter the remote server name or its IP address with the following format other NOSe POre Cxisring directory In case you are using File system you only need the local directory path User User name to authenticate in the remote host Password Password to authenticate in the remote host Encryption You can cypher the data in the backup using a symmetric key that will be entered in the form Full Backup Frequency This parameter is used to determine the frequency for complete backups to be performed The values are Only the first time Daily Weekly Twice a month and Monthly If Weekly Twice a month or Monthly is selected you will see a selection option to choose the exact day of the week or month to perform the backup If Only the first time is selected then it is mandatory to set a frequency for incremental backups Incremental Backup Frequency This value sets the frequency of the incremental copy or disables it If the incremental copy is enabled you can choose a Daily or Weekly frequency In the latter case you have to decide the day of the week either way you have to take into account the chosen frequency which has to be greater than the full backup The days that you have scheduled a full bac
153. ocale Normally this should be the country where you live This is a shortlist of locations based on the language you selected Choose other if your location is not listed Country territory or area Antigua and Barbuda Australia Botswana Canada Hong Kong India Ireland New Zealand Nigeria Philippines Singapore South Africa United eee Zambia zimbabwe other lt Go Back gt lt Tab gt moves lt Space gt selects lt Enter gt activates buttons Geographical location You can use automatic detection for setting the keyboard a few questions are asked to ensure the model you are using is correct Otherwise you can select the model manually by choosing No Configure the keyboard You can try to have your keyboard layout detected by pressing a series of keys If you do not want to do this you will be able to select your keyboard layout froma list Detect keyboard layout lt Go Back gt lt Y es gt lt Tab gt moves lt Space gt selects lt Enter gt activates buttons 0202020202222222 Keyboard configuration 1 Configure the keyboard The layout of keyboards varies per country with some countries having multiple common layouts Please select the country of origin for the keyboard of this computer Country of origin for the keyboard Azerbaijani Bambara Belarusian Belgian Bengali Bosnian Braille Bulgarian Burmese Catalan Chinese Croatian Czech Danish Dhivehi Du
154. on Instant Filter System Messaging a Jea gt a i a A Ale t PPTP Printer RADIUS Thin Clients Traffic UPS Sharing Shaping Management Service User Corner Users and Groups 2 2 G Virtualization VoIP Web Mail Manager Service 4 SKIP INSTALL INSTALL Zentyal profiles Zentyal profiles available for installation Zentyal Gateway Zentyal will act as a gateway of the local network offering secure and controlled access to Internet Zentyal Infrastructure Zentyal manages the infrastructure of the local network with basic services such as DHCP DNS NTP and so on Zentyal Office Zentyal can act as server for shared resources of the local network files printers calendars contacts user profiles and groups Zentyal Unified Communications Zentyal can act as a communications center for the company handling e mail instant messaging and VoIP You can select any number of profiles to assign multiple roles to your Zentyal Server We can also install a manual set of services just clicking on their icons without having to comply with any specific profile Another possibility is to install a profile and then manually add the required extra packages We are going to develop the Infrastructure profile in this example The wizards you will see during the installation depend on the packages you have selected to install in this step Once you have finished the selection only the necessary ad
155. on and also to install the Zarafa plug in in the Outlook client 4 Free version support three clients but you can buy additional licenses 5 Enable Instant Messaging integration If you have the Jabber module installed and enabled you will be able to use the chat windows integrated in Zarafa s web interface Enable spell checking Enable this option to check your spelling while you type an e mail using the Zentyal web interface Enable ActiveSync Enable the support for ActiveSync mobile devices for synchronizing email contacts calendars and tasks For more information see the list of supported devices 6 Enable Single Sign On Kerberos Use Kerberos to automatically authenticate the user similar to the equivalent option for GSSAPI mail Virtual host The default installation allows access to the Zarafa web interface at http p_address webaccess and http ip_address webapp for the new interface you can also use the web server virtual domains to choose your own URL To provide users with POP3 POP3 on SSL IMAP or IMAP on SSL access to their mailboxes select the corresponding Zarafa Gateways Keep in mind that if any of these services is already enabled in the mail moadule it can nat he enahled here Alen the Zarafa Gatawawve can AYU AL VAL MUL YY SLIGAUVISUE LIVNI L ALOU UL 4a UUINH WVULY wruyv weal only authenticate users with a Zarafa account and not users with only an email account Finally you can defi
156. on Outgoing Mail Submission protocol xt POP Transparent proxy POP Transparent proxy at f POP3 POP3 protocol xt f PPTP PPTP VPN kad i SMTP Outgoing Mail SMTP protocol wt rA VoIP Zentyal VoIP system x Wa gt pI a7 Page 1 of 3 Network services Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Domain Name System DNS DNS configuration is vital to the functioning of the local network authentication implemented with Kerberos since the Zentyal 3 0 version the network clients query the local domain their SRV and TXT records to find servers with ticket authentication As mentioned before this domain is preconfigured to resolve Kerberos services since the installation For additional information regarding directory services check Directory Service LDAP BIND 4 is thede facto DNS server on the Internet originally developed at the University of California Berkeley and currently maintained by the nternet Systems Consortium BIND version 9 rewritten from scratch to support the latest features of the DNS protocol is used by Zentyal s DNS module 4 http www isc org software bind DNS cache server configuration with Zentyal Zentyal s DNS module always works as a DNS cache server for networks marked as internal so if you only want your server to perform cache DNS queries simply enable the module Sometimes this DNS cache server might
157. on log in You can find more details of this authentication scheme at File sharing and authentication service Warning If you are going to use automatic authentication with Kerberos you have to enter the domain name of the server in the client s browser configuration never the IP address The HTTP Proxy is able to remove the advertisement from the web pages as well This will save bandwidth and remove distractions or even security threats To use this feature you only have to enable Ad Blocking Access Rules Once you have decided your general configuration for the proxy you have to define the access rules By default you will find a rule in HTTP Proxy Access Rules which allows all access Similarly to the Firewall the implicit rule is to deny and the upper rule will have preference if several can apply to a given traffic Adding a new rule Ti iod a ata From To Days of the week M Mr MVwMnWMrvoamds a Source J Network Object Y Marketing Decision z Apply Filter Profile Y strict_filter Y ADD CANCEL New access rule in the proxy Using the Time Period you can define in which moment the rule will apply days of the week and hours The default is all times The Source is a really flexible parameter it allows you to configure if this rule will apply to an Object or to the members of a specific Group remember that group access rules are only available if you are using a Non Transparent Proxy You can also apply
158. on to access the external subnet the local subnet behind Zentyal that will be accessible through the VPN tunnel the remote IP address you will contact in the other end of the tunnel and the local subnetwork you will have available in the other end If you want to configure a tunnel between two networks using IPsec both ends must have a static IP address Currently Zentyal supports PSK authentication only preshared key which you can configure under PSK preshared key IPsec Connections test_connection General Local IP Address 10 1 1 254 Zentyal public IP address Local Subnet 10 10 10 0 z 24 7 Local subnet available through the tunnel Remote Address IP Address Y 10 2 2 254 Remote Subnet 10 20 20 0 a 24 Y Remote subnet available through the tunnel PSK Shared Secret Pre shared key for the IPsec connection CHANGE General configuration In the Authentication tab you will configure the specific parameters of the tunnel authentication This parameters determine the behaviour of the IPsec protocol and have to be identical in both ends of the tunnel To learn more about the meaning of each one of the options check IPsec specific documentation IPsec Connections gt test_connection General Authentication Phase 1 IKE Encryption IKE Authentication IKE Keylife 28800 Phase 2 ESP Encrypt
159. onfigure the drive letter to which the personal user directory will be linked after authenticating against the domain If you want to configure your Zentyal server as an Additional Domain Controller of an existing Active Directory you will have to go to General Settings tab of the File Sharing menu Here you will choose the Additional Domain Controller option the FQDN name of the controller you want to join the IP address of the DNS server that e e mann nnwan tha Aamann nnd Fanless mnanaa nmn nad nnn nA amanda d ta Idllapes UIC UOMA aU Lildlly USUUAIIEC alld PdaSSWUILU HCCUCU LU join i General settings Shares Recycle Bin Antivirus Server Role am x Additional domain controller Y Realm ZENTYAL DOMAIN LAN Domain controller FQDN controller zentyal dom in DNS IP a ee Administrator account admini Ean Administrator password ecccccccce NetBIOS domain name ZENTYAL DOMAIN NetBIOS computer name zentyal d iption Server description Feya File Server Enable roaming profiles Drive letter Zentyal as an Additional Domain Controller Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store File Transfer Protocol FTP Zentyal uses vsftpd 5 very secure FTP to provide this service 5 http vsftpd beasts org FTP server configuration with Zentyal You can access the F
160. ou have enabled CUPS to listen to localhost can be used if you are operating directly on the Zentyal host https zentyal_address 63 admin For convenience if you are using the Zentyal interface you can access CUPS directly through the CUPS web interface link For the authentication use the same username and password with which you use to access the Zentyal interface Once you have logged onto the CUPS administration interface you can add a new printer through Printers Add printer The first step of the wizard used to add a new printer is select the type of printer This method depends on the printer model and how it is connected to your network CUPS also provides a feature for the automatic discovery of printers Therefore in most cases it is possible that your printer is automatically detected thus making the configuration easier Add Printer Local Printers SCSI Printer Discovered Network Printers Other Network Printers Internet Printing Protocol http Internet Printing Protocol ipp Backend Error Handl AppSocket HP JetDirect LPD LPR Host or Printer Continue Add printer Depending on the method you have selected you might need to one the connection parameters For example for a network S E denar daara wa aatal Tia ala Try sAd aaa te ee a aaa a aaa Se as NIN N pooter yOu MUSt CstaDUsN We Ir aaaress and We port as snown mn We image Add Printer Connection socket 192 168 1 10
161. password will be the extension assigned by Zentyal when creating the user Changing the password inmediatly is recommended you can do that from the User Corner The application listening in this extension allows you to change the welcome message hear the stored messages and delete them This extension is only accessible by the users of your server it will not accept incoming calls from other servers for security reasons Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Zentyal Maintenance Zentyal server is not just meant to configure network services but it also offers a number of features to ease general server management and maintenance This section will explain the tools such as service logs included in Zentyal server that help to find out what has happened in your network and when receive notifications for certain events or incidents or carry out server monitoring The available remote support tools are also described Besides these maintenance tools integrated in Zentyal server the commercial editions offer a series of services that help to automate the server maintenance and management These services are available through the remote monitoring and management platform called Zentyal Remote Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Logs Zentyal log queries Zentyal provides an infrast
162. ponents are integrated in simple way and Linux knowledge is not required to use the tool and therefor it is easier and faster to provide remote support to multiple installations or customers simultaneously test user neve Hf settincs Es LOG OUT Zentyal Remote Ey ODD CLIENT DUMMY1 Zentyal interface How to fix Ci x Make sure the Zentyal apache module is running by executing this command sudo etc init d zentyal apache restart If itis not able to start send a support request gt Consequences E I need help You cannot use the Zentyal server administration interface Open support ticket in the Support Platform Monitoring graphs System load 0 200 0 190 0 180 0 170 0 160 0 150 0 140 16 35 00 B short term T mid termi ong term 2012 Zentyal Remote developed by Zentyal S L Problem fix e Maintenance Zentyal Remote generates reports of the system and user activity making it easier to maintain For example it is possible the determine whether a slowdown in the Internet connection is due to misconfiguration of the routers failure of the IP provider increased demand from the users or massive download of inappropriate content by specific users and who they are It is also possible to analyze the time your users spend on browsing Facebook or other similar pages and to decide whether you will apply more restrictive browsing policies to all users by groups or to specific users only test user H
163. port 443 TCP and the alternative port 8080 TCP Again it is not necessary to apply a rule that affects the browsing of each one of the ports but the service that represents browsing and contain these three ports Another example is the file sharing in Windows networks where the server listens to the ports 137 TCP 138 TCP 139 TCP and 445 TCP oe IN a i Pi N 443 TCP y 80 TCP 8080 TCP aa Se WEB SERVICE Example of a service composed of different ports Management of Network services with Zentyal To manage services with Zentyal go to Network gt Services menu where you will find a list of available services created by all the installed modules and those that were added later You can see the Name Description and access the Configuration Furthermore each service has a series of members each one contains Protocol Source port and Destination port values You can introduce the value Any in all of the fields to specify for example the services for which the source port is different to the destination port TCP UDP ESP GRE or ICMP protocols are supported You can also use a TCP UDP value to avoid having to add the same port twice when both protocols are used by a service for example DNS List of services Add new SEARCH ae re Groupware Groupware Service Zarafa wt HTTP HyperText Transport Protocol Eo f IPsec IPsec VPN it f Incoming Mail POP IMAP and SIEVE protocols i i Mail Submissi
164. port an external certificate usually you maintain this configuration Authorize the client by the common name Requires that the common name of the client certificate will start with the selected string of characters to authorize the connection TUN interface By default a TAP type interface is used more similar to a bridge of Layer 2 You can also use a TUN type interface more similar to a IP node of Layer 3 Network Address Translation NAT It is recommended to enable this translation if the Zentyal server that accepts the VPN connections is not a default gateway of the internal networks to which you can access from the VPN Like this the clients of these internal networks respond to Zentyal s VPN instead of the gateway If Zentyal server is both the VPN server and the gateway most common case this option is indifferent Redirect gateway If this option is not checked the external client will access through the VPN to the established networks but will use his her local connection to access to Internet and or rest of the reachable networks By checking this option you can achieve that all the traffic of the client will go through the VPN The VPN can also indicate name servers search domain and WINS servers to overwrite those of the client This is specially useful in the case you have redirected the gateway After having created the VPN server you must enable the service and save the changes Later you must check in D
165. port of the HTTPS protocol You must enable the certificate for this service and change the Zentyal administrative interface port to another port if you want to use the port 443 Enable the public_html per user If the users have a subdirectory called public_html in their personal directory this option allows them to access it via the URL http lt zentyal gt lt user gt Virtual servers or Virtual hosts is where you can define different domains associated to certain web pages When you use this option to define a new domain if the DNS module is installed then the top level domain will be created If a subdomain does not already exist then it will be added This domain or subdomain creates a pointer to the address of the first internal interface configured with a static address although you can modify the domain later if necessary Besides being able to enable and disable each domain of the HTTP server if SSL has already been configured you can fix HTTPS connections to a domain or even force all the connections to work over HTTPS The DocumentRoot or root directory for each page is in the srv www lt domain gt directory In addition it is possible to apply a customised Apache configuration to each Virtual host by adding a file to the etc apache2 sites available user ebox lt domain gt directory Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Printers s
166. query www google com Zentyal s DNS server will query redirectors and store the request in cache if the domain google com is not registered to your server Forwarders Add new SEARCH 100 100 100 100 x a 36 F Page 1 DNS Forwarders In case forwarders are not configured Zentyal s DNS server will use the DNS root servers 5 to solve queries that are not stored 5 http en wikipedia org wiki Root_name_server Configuration of an authoritative DNS server with Zentyal Te aA diecinw ta MANTO anala Tamnteral anm nanat Be nea sth amtatixra MANTO dil aUULUOllL LO DINS Callie ACHLYA Call dl aS dil aAULLIUIILAULVOe VINDS server for a list of configured domains As an authoritative server it will respond to queries about these domains coming both from internal and from external networks so that not only local clients but anyone can resolve these configured domains Cache servers only respond to queries from internal networks The configuration of this module is done through the DNS menu where you can add as many domains and subdomains as required Domains Add new SEARCH eenen Raza Porman natina sn e Pome Ss aen Addresses Servers records foobar com xt 7t yt it yt pe x x zenya wt wt 7t it it it x domain lan io F Page 1 List of domains See the local domain set during the installation or later through the DNS wizard One of the TXT records of this domain contains a Kerberos authentication rea
167. r has stopped it or because a problem has occurred You can restart the service by clicking on Restart Disabled The module has been explicitly disabled by the administrator Configuration of the module status Zentyal uses a modular design in which each module manages a different service To configure each of these services you must enable the corresponding module from Module Status All those functions that have been selected during the installation will be enabled automatically Module Status Configuration C Network v Firewall Network v DHCP DNS L Events v Logs A Monitoring v NTP L VPN v Users and Groups DNS NTP L Web Server v FTP Users and Groups v Configuration of the status module Each module may have dependencies on others modules in order to work For instance DHCP module needs to have the network module enabled so that it can serve IP addresses through the configured network interfaces The dependencies are shown in the Depends column and until these are enabled you can t enable the module Tip It s important to remember that a module will not work until it is activated Similarly you can do several changes in a module configuration and they will not apply until you click on Save Changes This behaviour is expected and allows you to carefully double check all the configurations before applying them The first time you enable a module you are asked to accept the set of actions that will be carried ou
168. r your Zentyal server to Zentyal Remote you must first install the Zentyal Remote Client component This is installed by default if you used Zentyal installer In addition to this Internet connection should be available You can register your server during installation or later from the Registration Server Registration menu By default you will see the form to enter the credentials of an existing account If we want to create a new account we can go to the installation wizard by clicking on the register a free account underneath the register button Register your Zentyal Server Registration Email Address Password Server Name zentyal REGISTER Introduce Small Business or Enterprise credentials or register a FREE account Server name None Server edition None Registe External server name Dynamic DNS Not using Zentyal Dynamic DNS service Renovation date None Enter the credentials for the existing account Registration Email Address You must set the user name or the email address you use to sign in the Zentyal Remote Web site Password The same password you use to sign in the Zentyal Remote Web site Zentyal name A unique name for this server that will be used within the Zentyal Remote This name is displayed in the control panel and it must be a valid domain name Each server should have a different name if two servers use the same name for connecting Remote only one will be able to connect The Se
169. rac if the bug was reported already If not report the bug via the Zentyal web interface if the crash appears there or manually via the Zentyal bug tracker If the bug was reported already you can still help by confirming that you have reproduced it and giving additional details about the issue It is absolutely necessary to include detailed steps to reproduce the issue so that the Zentyal Development Team can fix it If you are reporting manually include at least the var log zentyal zentyal log file or any other useful information you think it s related with your issue Screenshots are also welcome if you think they will help to see the problem Finally it is even better if you can provide a solution to the issue This could be done by modifying the application itself through a patch or by following some steps to avoid the problem temporarily workaround Patches and security updates A patch is a modification in the source code used to fix a bug or add a new feature to that software In open source projects community members are able to send patches to the project maintainers and if the patches are considered suitable then they will be merged into the application Developers themselves often publish official patches too for example fixing a known vulnerability But typically projects like Zentyal release a new version of the package including the official patch You can check out the available community updates and insta
170. rom everywhere your mail server will probably become a spam source Finally the mail server can be configured to use a content filter for messages 10 To do so the filter server must receive the message from a specific port and send the result back to another port where the mail server is bound to listen to the response You can choose a custom mailfilter or use Zentyal as a mail filter through Mail gt General gt Mail filter options If the mailfilter module is installed and enabled it will be used by default 10 This topic is deeply explained in the Mail filter section Filter in use none F Custom filter s mail forward port 10025 Custom filter s IP address 127 0 0 1 Custom filter s Port 10024 CHANGE Mailfilter options E mail account creation through virtual domains To set up an e mail account a virtual domain and a user are required You can create as many virtual domains as you want from Mail Virtual Domains They provide the domain name for e mail accounts of Zentyal users Moreover it is possible to set aliases for a virtual domain so that sending an e mail to a particular virtual domain or to any of its aliases becomes transparent List of Domains Add new SEARCH D mme a a setane O aaen wt wt it OJP zentyal domain lan i al Page 1 Virtual mail domains In order to set up e mail accounts you have to follow the same rules used when configuring filesharing You can select th
171. rted from now on you must authenticate before it begins Zentyal Mozilla Firefox File Edit View History Bookmarks Tools Help localhost Most Visitedy zentyal com zentyal org Documentation Forum Online Store XJ zentyal Lan Eo A 8 Zentyal Mozilla Firefox J far 11 39 E oj Graphical environment with administrative interface To start configuring Zentyal profiles or modules you must insert the username and password indicated during the installation process Any user you add later to the sudo group can access the Zentyal interface and has sudo privileges in the system 5 LVM is the logical volume manager in Linux you can find an introduction to LVM management in http www howtoforge com linux_lvm When you access the web interface for the first time a configuration wizard will start To start with you can choose the functionality for your system To simplify this selection in the upper part of the interface you will find the pre designed server profiles Choose Zentyal packages to install Server roles Gateway Infrastructure Office Communications More info More info More info More info Modules E w Ea S Antivirus Backup Bandwidth Captive Monitor Portal a FT File Sharing Groupware HTTP Proxy and Domain Zarafa Cache and Services Filter D y ba e I sA A Intrusion Jabber Layer 7 Mail Filter Mail Service Monitor Detecti
172. ructure that allows its modules to log all types of events that may be useful for the administrator These logs are available through the Zentyal interface Logs are stored in a database so making queries reports and updates is easier and more efficient The database manager used is MySQL You can also configure different dispatchers for the events so that the administrator can be notified in different ways Email Jabber or RSS 1 1 RSS Really Simple Syndication is an XML format used mainly to publish frequently updated works http www rssboard org rss specification Zentyal offers logs for the following services e OpenVPN Virtual private network VPN service with OpenVPN e SMTP Filter Mail filter e Printers Printers sharing service e Firewall Firewall e DHCP Network configuration service DHCP e Email Electronic Mail Service SMTP POP3 IMAP4 e HTTP Proxy HTTP Proxy Service e Shared files File sharing and authentication service e IDS Intrusion Detection System IDS You can also receive notifications of the following events e Specific values in the logs e Zentyal health status e Service status Events of the RAID subsystem per software Free disk space Problems with the outgoing Internet routers Completion of a full data backup To start with to be able to work with the logs just like with any other Zentyal module you must make sure that the module has been enabled To enable the module go to Mo
173. rver name field will be used as the title of the administration webpage of this Zentyal server so you can quickly check which hosts you are using if you have several interfaces open at the same time in your browser Additionally this hostname will be added to the dynamic domain zentyal me thus using the address lt yourzentyal gt zentyal me you can connect both to the administration page and the SSH console as long as you have allowed this type of connections in your Firewall After you have entered your data click on the Registration button The registration will take around a minute to complete It will save changes along this process thus it is recommended to register your server without changes to apply During the registration process a VPN connection between the server and Zentyal Remote may be established if you have Remote Access Support thus the VPN 3 module will be enabled 3 For more information about VPN see the Virtual private network VPN service with OpenVPN section If the registration process went fine then you will be able to see a widget on the dashboard with the following info Your Zentyal Server Account gt 4 Server name zentyal6 Connection status Connected External server Simo zentyal6 zentyal me Server edition Community Technical support Disabled E Security Updates Disabled E Configuration backup Configuration backup enabled Your Zentyal server account Wi
174. rvices offered by Zentyal as an office server In particular its ability to manage network users in a centralised way the sharing of files and printers automatized sign on on different services web applications and backups for the user data Directory services allow you to manage user permissions within an organisation in a centralised way Meaning that users can authenticate into the network securely Also you can define a hierarchical structure controlling the access to the organisation s resources Finally thanks to the master slave architecture integrated within Zentyal centralised user management can be applied to large organisations with multiple network locations File sharing and establishing access control for users and groups is one of the most important features of an office server and it greatly eases access to workgroup documents in an intuitive way Security policy allows the protection of critical files within an organisation Moreover many businesses use Web applications installed on an HTTP server spanning different domain names allowing HTTPS connections Sharing printers using user and group permissions is also a very important service in any organisation since this allows you to optimise the resources usage and availability Finally the backups tools for both Zentyal configuration and user s date is without any doubt a critical and indispensable tool in any tthe Me aie ee Se de ers ee MI A ee ee Se te ee ee
175. s virus scanning of shared resources can be enabled and disabled Exceptions can also be defined where virus scanning is not required To use this feature the Zentyal antivirus module must be installed and enabled Antivirus default settings Enable virus scanning CHANGE Samba shares antivirus exceptions Add new Antivirus scanning shared folders P s oe T aurs cee Bee oe amp UPN 2 cee ea Bee PO 2 eee Fw ce 2 4 eI Lontiguring a Vomain Controuer wIitn Zentyal Zentyal can act as a Domain Controller either as the original Controller for this domain or as an Additional Controller of an existing Active Directory domain File Sharing Server Role Domain controller i Realm ZENTYAL DOMAIN LAN NetBIOS domain name ZENTYAL DOMAIN NetBIOS computer name zentyal Server description Tanai Fae SEREF Enable roaming profiles Drive letter RESE CHANGE Authentication server If the Roaming Profiles option is enabled the server will not only authenticate users but will also store their profiles These profiles contain all the user information including Windows preferences Outlook email accounts and the Documents folder When a user logs in the user profile will be retrieved from the domain controller Therefore the user will have access to their work environment on multiple computers Before enabling this option you must consider that the user information can be several gigabytes in size You can also c
176. security with the default configuration trying at the same time to minimise the effort when adding a new service When Zentyal is configured as a firewall it is normally installed between the internal network and the router connected to the Internet The network interface which connects the host with the router has to be marked as External in Network gt Interfaces therefore the firewall can establish stricter policies for connections initiated outside your network Network Interfaces etho Name etho Method DHCP v External WAN s CHANGE External interface The default policy for external interfaces is to deny any new connections On the other hand for internal interfaces Zentyal denies all the connection attempts except the ones that are targeted to services defined by the installed modules The modules add rules to the firewall to allow these connections These rules can be modified later by the system administrator An exception to this are the connections to the LDAP server which add a rule but it is configured to deny the connection for security reasons The default configuration for connections to hosts outside the network and connections from the server itself is allow all Definition of firewall policies can be made from Firewall Packet filtering Five different sections are available for configuration depending on the work flow of the traffic you are addressing e Traffic from internal
177. selected service Top menu Contains actions save the changes made in the contents to ensure the changes are effective and log out 5zentyal Main content The content that occupies the central part consists of one or more forms or tables with information about service configuration that are selected through the left side menu and its sub menus Sometimes in the top you can see a bar with tabs each tab represents a different subsection within the section you have aAnRnAAaAA Dashboard Module Status System Network Maintenance Software Management Registration Firewall DHCP DNS Certification Authority VPN NTP Side menu Top menu AaALLOSSCU uery Logs Configure Logs Query Logs SEARCH a a a E S rized report E Firewall EJ L Configuration changes x Administrator sessions L aa G J 2 VPN E3 L KKDE 10 v Page 1 Contents of a form Dashboard Dashboard is the initial interface screen It contains a series of widgets that can be configured You can reorganise the widgets at all times by clicking on their titles and dragging them By clicking on Configure Widgets the interface changes allowing you to remove and add new widgets To add a new widget you need to search for it using the top menu and drag it to the central section To remove a widget click on the X in the upper right corner of the window Configure W
178. ser gt create Suser 0 a Save the file with the name bulkusers and grant it execution permission using the following command chmod x bulkusers Before running the script you must have a file called users in the same directory The appearance of this file should be as follows Jtoo JOM POO fOOrPassword Joar Jack Bar Jbarpassword Finally you must be in the directory where the files are placed and run sudo bulkusers This section has shown a small example of task automation using the Zentyal API but the possibilities are almost unlimited Advanced Service Customisation This section discusses two options for system customisation for users with special requirements e Tailor service configuration files managed by Zentyal e Perform actions in the process of saving changes in configuration When a module is responsible for automatically setting up a service it tries to cover the most common configuration options However there are cases where there are so many configuration settings that it would be impossible for Zentyal to control them all In addition to this one of the main goals of Zentyal is simplicity However there are users who want to adjust some of those unhandled parameters to adapt Zentyal to their requirements One of the possibilities of doing this is by editing the configuration files that handle the service directly Before deciding to modify a configuration file manually you m
179. sers or only the users that belong to a specific group will be able to access the service All the NAS devices that are going to send authentication requests to Zentyal must be specified in RADIUS clients For each one you can define Enabled Whether the NAS is enabled Client Name for this client similar idea to the host name IP Address The IP address or range of IP addresses from where it is allowed to send requests to the RADIUS server Shared password Password to authenticate and cypher the communications between the RADIUS server and the NAS This password must be known for both sides Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store HTTP Proxy Service Zentyal uses Squid 1 as HTTP proxy along with Dansguardian 2 for the content control 1 http www squid cache org 2 http www dansguardian org HTTP Proxy configuration in Zentyal To configure the HTTP Proxy you will go to HTTP Proxy gt General Settings You can define whether you want the proxy to work in Transparent mode to transparently enforce politics or if it will have to be configured manually in the browsers In the last case using Port you can stablish in which port the proxy is going to accept the incoming connections The default port is TCP 3128 other typical ports are 8000 and 8080 Zentyal s proxy only accepts incoming connections from the internal networks so t
180. small and medium businesses want to count on support from a local IT provider to deploy a Zentyal based system they can contact Authorized Zentyal Partners These partners are local IT support and service providers consultants or managed service providers that offer consultancy deployment support and or outsourcing of infrastructure and network services of their customers To find the closest Zentyal Partner or to learn how to become a partner please visit the Partner section at zentyal com 3 Zentyal S L offers to the Authorized Zentyal Partners a series of tools and services that help atreducing the maintenance costs of IT infrastructure of their customers and offering managed services with high added value e Support platform e Remote monitoring and management platform of servers and desktops Training and certification of technical and sales staff Managed services portfolio Sales materials Lead generation program Discounts 1 http www zentyal com 2 http enise inteco es enise2009 images stories Ponencias T25 marcos 20polanco pdf 3 http www zentyal com partners This documentation describes the main technical features of Zentyal helping you to understand the way you can configure different network services with Zentyal and become productive when managing SMB ICT infrastructure with Linux based systems The documentation is divided into six chapters plus some appendices This first introductory chapters helps to
181. so it will be in the tab PPTP Users where you will define the list of users and its associated passwords that will be able to connect to the VPN PPIP server Additionally you can statically assign the same IP address to a user inside the VPN subnet using the configuration field IP Address PPTP Users F Add new SEARCH SEARCH se example iii 192 168 210 50 32 Co Gra L 10 Page 1 K Ko PPTP Users As usual before being able to connect to your PPTP server you have to check that the current rules of the firewall allow the connection to the PPTP server which includes the 1723 TCP port and the GRE protocol Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Virtual Private Network VPN Service with IPsec Zentyal integrates OpenSwan 2 as its IPsec solution This service uses the ports 500 and 4500 of UDP and the ESP protocol 2 http www openswan org Configuring an IPsec tunnel in Zentyal To configure IPsec in Zentyal go to VPN IPsec Here you can define all the tunnels and Psec connections you need You can enable or disable each one of them and add an explanatory text IPsec Connections Add new SEARCH a T reme l cennou l comment aeon v xt lt I test_connection 19 F Page 1 IPsec connections Inside Configuration and the General tab you will define the Zentyal s IP address that you will use in each connecti
182. solvconf name server information handler 1 63ubuntui6 J libss 1 0 0 SSL shared libraries 1 0 1 4ubuntu5 5 libss 1 0 0 SSL shared libraries 1 0 1 4ubuntu5 5 iJ Q gnupg GNU privacy guard a free PGP replacement 1 4 11 3ubuntu2 1 oe gnupg GNU privacy guard a free PGP replacement 1 4 11 3ubuntu2 1 Update all packages UPGRADE UPDATE LIST System Updates For each update you can determine whether it is a security update using the information icon If it is a security update the details about the security flaw included in the package changelog will be displayed by clicking on the icon If you want to perform an update select the packages on which to perform the action and press the appropriate button As a shortcut the button Update all packages can be used Status messages will be displayed during the update operation Automatic updates Automatic updates allow Zentyal server to automatically install any updates available This feature can be enabled by accessing the page Software Management gt Settings Automatic software updates Perform automatic security updates Disabled Y CHANGE Settings Automatic operations start time 02 gt 13 Y CHANGE Automatic updates management On that page you can also choose the time of the day during which these updates will be performed It s not advisable to use this option t the administrator needs to Keep a higher level of security and
183. ssociated with a Service in order to O da dy O cy O da O da O cs cs O s O da O da gt gt gt gt gt Dm D gt D gt v 14 14 v AEE EE g Se eer Sep Re oy WR Se ee ee a a e specify the protocol and the ports or range of ports The services with source ports are used for rules related to outgoing traffic of internal services for example an internal HTTP server While the services with destination ports are used for rules related to incoming traffic to internal services or from outgoing traffic to external services Is important to note that there is a set of generic labels that are very useful for the firewall like Any to select any protocol or port or Any TCP Any UDP to select any TCP or UDP protocol respectively The more relevant parameter is the Decision to take on new connection Zentyal allows this parameter to use three different decisions types e Accept the connection e Deny the connection ignoring incoming packets and telling the source that the connection can not be established e Register the connection event and continue evaluating the rest of the rules This way using Maintenance Logs gt Log query gt Firewall you can check which connections were attempted The rules are inserted into a table where they are evaluated from top to bottom Once a rule accepts a connection the rest are ignored A generic rule at the beginning of the
184. ssue 2022 09 10 18 42 00 2022 09 10 18 42 00 2022 09 10 18 42 00 2022 09 10 18 42 00 2022 09 10 00 23 50 Server certificate blue underline and client certificate black underline Once you have the certificates then configure the Zentyal VPN server by selecting Create a new server The only value you need to enter to create a new server is the name Zentyal ensures the task of creating a VPN server is easy and it sets the necessary values automatically List of servers Add new SEARCH myvpn wt 00000 ke fe fe fe fe 9 v 9 v v Erates name comnooranon Adverse netons pewnien stent vurate scion v xt xt Qf New VPN server created The following configuration parameters are added automatically and can be changed if necessary port protocol certificate Zentyal will create one automatically using the VPN server name and network address The VPN network addresses are assigned both to the server and the clients If you need to change the network address you must make sure that there is no conflict with a local network In addition you will automatically be notified of local network detail i e the 10 Page 1 networks connected directly to the network interfaces of the host through the private network As you can see the VPN server will be listening on all external interfaces Therefore you must set at least one of your interfaces as external at Network Interfaces In this scenario only t
185. start ADD CANCEL Creating a new virtual Macnine After this you have a configuration row associated with your new machine SEARCH slitazLinux Le amp f Io F Page 1 M View Console Start M Stop II Pause Ib Resume Virtual machine registered in the table The next step will be configuring your new virtual machine through the Settings column where you will find the following tabs System Settings It allows you to define the architecture 32 or 64 bits You can also define the size of the RAM memory allocated for this machine in megabytes By default this value is 512 or half the available memory if you have less than 1GB in the real host i l f 7 Virtual Machines gt slitazLinux System Settings System Settings Operating System ps wep i686 compatible v Base Memory 512 CHANGE System configuration for the virtual machine Network Settings It contains the list of network interfaces of the virtual machine which can be configured as NAT only Internet access in bridged mode with one of the host system interfaces or forming an isolated internal network which name you have to define so other virtual machines will be able to connect If you uncheck the Enabled checkbox you can temporally disable any of the configured network interfaces As you can see below it is possible to modify also the MAC address associated to this interface Virtual Machines gt slitazLinux
186. synchronize to By default the list has already three preconfigured servers chosen from the NTP project gt 2 NTP ane General Settings te ee ibh ee maniamas CHaVIC SYNCITUINIZGUUTIT WILI CALCIIIial SCrve rs v CHANGE NTP Servers Add new aan a 0 pool ntp org e L 1 pool ntp org GJ L 2 pool ntp org e L a Page 1 4 4 gt Lm NTP configuration and external servers Once Zentyal is synchronised you can offer your clock timing using the NTP service generally through DHCP As always you must not forget to check the firewall rules as NTP is usually enabled only for internal networks 3 http www pool ntp org en Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Network configuration service DHCP Zentyal uses SC DHCP Software 4 to configure the DHCP service which is the de facto standard on Linux systems This service uses the UDP transport protocol port 68 on the client and port 67 on the server 4 https www isc org software dhcp DHCP server configuration with Zentyal The DHCP service needs to be deployed on an interface configured with a static IP address This interface should also be internal From the menu DHCP you can find a list of interfaces on which you can offer the service DHCP Interfaces SEARCH snag teres contgraton ton x it s eth2 NIIN a eth1 at 10 7Y
187. t and with up to 3 aliases Zentyal Remote access Once our server is registered you may access to the Zentyal Remote site 4 and log in with the account we have registered and we may see the following welcome page test user HELP These alerts req Odd client dummy 1 E Network service The antivirus module is stopped when it should be running Odd client dummy 1 Cig Administration interface status Check whether administration interface status is up or down Even client dummy2 Cig Network service The IDS module is stopped when it should be running Even client dummy2 Cig Automatic configuration backup The automatic configuration backup has failed Even client dummy2 Cig Backup Backup failed with the following error message Another backup process is running wait until it finishes and try again Page 1 of 2 Next Summary I all subsystems working properly M Company Systems Connectivity Browsing Communications Even client Cig Odd client Expired client me ee a a CC Baa eB Institut Torrevicens 2012 Zentyal Remote developed by Zentyal S L Panel web de Zentyal Remote 4 https remote zentyal com Please note that registering your server gives you access only to a limited set of Zentyal Remote features For information about the features included in the Small Business and Enterprise Editions check out the Zentyal website 5 or Zentyal Remote documentation 6 5 http www zenty
188. t 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Mail filter Mail filter schema in Zentyal Zentyal offers a powerful and flexible mail filter to defend your network and users from these threats Unix Socket Anti Virus Scanner ClamAV TCP 10025 TCP 25 To robert example com From alicia foo com Mail Server PostFix Hello Robert SMTP Filter Amavis TCP 783 GreyList Anti Spam scanner SpamAssasin TCP 10024 TCP 60000 Greylist Manager PostGrey Mail filter schema in Zentyal In the figure you can see the different steps an e mail passes through before being tagged as valid or not First the email server sends it to the greylisting policies manager and if considered as potential spam the system requests that the email is forwarded to the source server If the email passes through this filter it will move to the mail filter This will use a Statistical filter to check a series of email features to discover whether it contains virus or is junk mail If the email passes through all the filters it is considered valid and it is sent to the recipient or stored on the server s mailbox In this section the details of each filter and how to configure them in Zentyal will be explained step by step Grey list The grey lists 1 exploit the expected performance of mail servers dedicated to spam The behaviour is matched and all
189. t and the configuration files that will be overwritten After you have accepted all the actions and listed files you must save changes in order to apply the configuration Configure module dhcp Actions to perform by Zentyal Action Disable dhcpd init script Reason Files to modify by Zentyal File etc dhcp dhcpd conf Reason File etc apparmor d local usr sbin dhcpd Reason ACCEPT Confirmation to enable a module Applying the configuration changes An important feature to consider when working with Zentyal is the way configuration changes are applied when made through the interface Initially changes must be accepted in the form Then to make these changes effective and apply them permanently you must click on Save Changes in the top menu This button will change to red if there are any unsaved changes Failure to follow this procedure will result in the loss of all changes made during the session once you end it An exception to this rule is the users and groups management here the changes are applied directly Save Changes Warning If you change the network interface configurations firewall or administrative interface port you might loose the connection If this is the case you should change the URL in the browser or reconfigure through the local GUI f anaral canfiaiiratian VUI CIULE CVIII i6ui CALIVI I There are several parameters in the general configuration of Zentyal that can be modified
190. tch Dzongkha English Cameroon English Ghana English Nigeria English South Africa ae UK lt Go Back gt lt Tab gt moves lt Space gt selects lt Enter gt activates buttons 0 0202020222222222 Keyboard configuration 2 Configure the keyboarc Please select the layout matching the keyboard for this machine Keyboard layout English English US Cherokee English US English Colemak English US English Dvorak alternative international no dead keys English US English Dvorak international with dead keys English US English Dvorak English US English Macintosh English US English US alternative international English US English US international with dead keys English US English US with euro on 5 Ene lich fli Enelich felaceie Nunanal i LII LLII English English English English English English English vuo US US US US US US US lt GO Back gt LII LLII English English English English English Russian KL LGADZOLL VYUI An international AltGr dead keys layout toggle on multiply divide key left handed Dvorak programmer Dvorak right handed Dvorak US phonetic Serbo Croatian US lt Tab gt moves lt Space gt selects lt Enter gt activates buttons 0 0202020202222222 Keyboard configuration 3 If you have multiple network adapters the installer will ask you for your primary
191. template to etc zentyal stubs inside the directory with the name of the module This way if you want for example to modify the template file usr share zentyal stubs dnsmamed conf options mas you will create the directory etc zentyal stubs dns copy the template inside and modify this copy sudo mkdir ete zentyal stubs dns sudo cp usr share zentyal stubs dns named conf options F Another advantage of copying the templates to etc zentyal stubs is that you can keep control of the modifications that you have done over the original templates and you will always be able to check these differences using the diff tool For example for the former case diff etc zentyal stubs dns named conf options mas us 4 b It is possible that you need to perform certain additional actions while Zentyal is saving changes instead of customising configuration files For example when Zentyal saves changes related to the firewall the first thing the firewall module does is to remove all existing rules and then add the ones configured in Zentyal If you manually add a custom iptables rule that is not covered by Zentyal interface it will disappear when saving firewall module changes To prevent that Zentyal lets you run scripts while the saving changes process is being performed There are six points during the process when you may execute these scripts also known as hooks Two of them are general and the remaining four are per mod
192. th PPTP o Configuring a PPTP server in Zentyal Virtual Private Network VPN Service with IPsec o Configuring an IPsec tunnel in Zentyal Virtualization Manager o Creating virtual machines with Zentyal o Virtual machine maintenance Zentyal Gateway e Zentyal Gateway e Firewall o Firewall configuration with Zentyal e Routing o Configuring routing with Zentyal e Quality of Service QoS o Quality of service configuration in Zentyal e Network authentication service RADIUS o Configuring a RADIUS server with Zentyal HTTP Proxy Service o HTTP Proxy configuration in Zentyal o Access Rules o Filter profiles o Bandwidth Throttling Captive Portal o Configuring a captive portal with Zentyal o Exceptions o List of Users o Using the captive portal e Intrusion Detection System IDS o Configuring an IDS with Zentyal o IDS Alerts Zentyal Office e Zentyal Office e Directory Service LDAP o Configuration of an LDAP server with Zentyal o User s corner File sharing and authentication service o Configuring a file server with Zentyal o Configuring a Domain Controller with Zentyal File Transfer Protocol FTP o FTP server configuration with Zentyal Web publication service HTTP o Introduction to HTTP o HTTP server configuration with Zentyal Printers sharing service o Printer server configuration with Zentyal e Backup o Zentyal configuration Backup Zentval Unified Communications yr mr em et ete e Zentyal Unified Communic
193. that when installing Zentyal or any of the required modules they are also installed This guarantees the correct operation of the server Similarly these programs may have dependencies too Usually the update of a dependency is not important enough to create a new Zentyal package with new dependencies but it may be useful to install it in order to use its improvements or its patches to fix security flaws To see the system updates you must go to Software Management System Updates Here you can see if your system is already updated or otherwise a list of packages that can be upgraded is displayed If you install packages on the server without using the web interface this data may be outdated Therefore every night a process is executed to search for available updates for the system A search can be forced by clicking on the button Update list on the lower part of the page a a linux generic Complete Generic Linux kernel 3 2 0 30 32 linux generic Complete Generic Linux kernel 3 2 0 30 32 linux firmware Firmware for Linux kernel drivers 1 79 1 linux firmware Firmware for Linux kernel drivers 1 79 1 linux image generic Generic Linux kernel image 3 2 0 30 32 linux image generic Generic Linux kernel image 3 2 0 30 32 CE gpgv GNU privacy guard signature verification tool 1 4 11 3ubuntu2 1 Q gpav GNU privacy guard signature verification tool 1 4 11 3ubuntu2 1 resolvconf name server information handler 1 63ubuntui6 re
194. the Install button You will then be taken to a page with a complete list of the packages to be installed Installing packages Confirm packages to install Captive HTTP Proxy Portal Cache and Filter CANCEL OK Confirm the installation The Update list button synchronises the list of packets with the repositories Component update The following tag Update shows between brackets the number of available updates Apart from this feature this section is organised in a similar way to the installation view with only some minor differences An additional column indicates the version currently installed and in the bottom of the table you can see a button which can be clicked to select packages to upgrade As with the installation of components you will see a confirmation screen showing the packages to be updated Component deletion The last tag Delete shows a table with the installed packages and their versions In a similar way as with the previous view you can select packages to uninstall and then to complete the action click the Delete button in the lower left part of the table to complete the action Before performing the action just like in previous examples Zentyal will ask for confirmation before deleting the selected packages and their dependencies System Updates The system updates section performs the updating of third party software used by Zentyal These programs are referenced as dependencies ensuring
195. the copy after showing the progress the user will be notified with a success message if there is no error Data backup configuration in a Zentyal server You can access the data backup menu going to System gt Backup First of all you have to decide whether you are going to store your backups locally or remotely In the latter case you need to specify which protocol is going to be used to connect the remote server General Configuration Method eaten RSYNC v Host or destination server zentyal test org If the selected method is file system only set the target directory User saministrator Password eeeeeeeeee Encryption Symmetric Key eeeeeesee Full Backup Frequency Weekly v on Monday i Incremental Backup Frequency Daily v Backup process starts at 02 00 Keep previous full copies maximum number Y 5 CHANGE i Data backup configuration Method The different supported methods are FTP Rsync SCP and File system Take into account that depending on the method you choose you will have to provide more or less information All the methods except File system use remote servers If you select FTP Rsync or SCP you will have to enter the associated authorisation to connect with the server and the remote server s address Warning When using SCP you have to run sudo ssh user server and accept the server fingerprint in order t
196. the events module is enabled Go to Module status and check the events module Unlike the Logs module where all services are enabled by default except the firewall you need to enable the events that might be of interest to you To enable an event you have to click on the menu entry Maintenance gt Events gt Configure Events and mark the Enabled box SEARCH os conmwnten Aton State Check if Zentyal is currently up or down None Monitor Notify when a certain value has reached a certain threshold t f Free v storage Check if any disk partition has no storage space left yt f space x Gervirs Chark if anv 7entval cervirs ic nat rninnina when it ic enahled Nane J ESTE an wren n uy eey SR IR a A ry FRPP re a aa row me RAID Check if any event has happened in RAID subsystem None L WAN Check if gateways are connected or disconnected None Failover Notify when a logger VPN POP3 proxy Administrator sessions Log Mail Configuration changes Samba quarantine Samba access xt observer Samba virus SMTP filter Firewall VoIP Printers has logged something v Backup Notify the result of scheduled backups None 10 Y Page 1 Configure events page There are some events that need further configuration to work properly This is true for the log and free storage space monitoring The configuration of the free storage monitoring is straightforward The only required parameter is the free space percentage valu
197. the feature the DNS module must be enabled as well You must have both Dynamic domain and Static domain both will be added automatically to the DNS configuration The dynamic domain will host the names of those machines which IP addresses belong to the range and the name associated is the one sent by the DHCP client usually the host name If none is sent the pattern dhcp lt offered IP address gt lt dynamic domain gt will be used If there are any conflicts with a static allocation the established static address will be overwritten manually As to the static domain the host name will follow this pattern lt name gt lt static domain gt The name will be the one registered in the object used in the static allocation Advanced options Lease times Default d time ault leased time 1800 seconds Maxi leased time aximum lease ime 7200 seconds CHANGE Thin client Next server None Y CHANGE Advanced DHCP options The dynamic address allocation has a time limit After expiry of that time a renewal must be requested configurable in the Advanced options tab This time varies from 1800 seconds to 7200 This limitation also applies to the static allocation Zentyal supports remote boot for thin clients through DHCP In the Advanced options tab you can configure a thin client that will be published through DHCP If Zentyal is not used as a thin client server in Host select the remote host and in File route select the route
198. the secure connection make it optional or disable it If it is disabled you will not be able to access securely if it is optional the decision will depend on the client support and if it is forced you will not accept clients that do not support it As usual before enabling this service you must check that the neccesary firewall ports are open Warning You will need to enable PAM to allow your LDAP users to access the FTP server Copyright 2004 2012 Zentyal S L Home Company Download Documentation Screenshots Forum Contribute Store Web publication service HTTP Introduction to HTTP The Web 1 is one of the most common services on the Internet to the extent that it has become the public face of the Internet for most users This service is based on web page transfer using the HTTP protocol HTTP Hypertext Transfer Protocol 2 is a request and response protocol The client also known as the User Agent makes a request to access a resource on a HTTP server The server with the requested resource processes it and gives a response with the resource this can be an HTML web page image or any other file that is generated dynamically based on a series of request parameters These resources are identified by using URLs Uniform Resource Locators 3 identifiers usually know as web site addresses A client request follows this format e Initial line with lt method gt lt URL gt lt HTTP version gt For
199. u can choose the time scale of the graphics to view an hour a day month or year To do this simply click on the tab you are interested in Monitorin g show help System load 05 40 40 PM 05 43 20 PM 06 00 00 PM E short term mid term long term Tabs with the different monitoring reports Metrics System load The system load attempts to measure the rate of pending work over the completed work This metric is defined as the number of runnable tasks in the run queue and is provided by many operating systems as a one five or fifteen minutes average System load NSN 0 230 05 43 20 PM 06 00 00 PM 06 16 40 PM 00 th 150 0 050 2 000 05 26 40 PM E short term mid term E long term System load graphic CPU usage This graphic shows detailed information of the CPU usage For multi core or multi cpu machines you will see one graphic for each core These graphics represent the amount of time that the CPU spends in each of its states running user code system code inactive input output wait and so on The time is not a percentage but scheduling units known as jiffies In most Linux systems this value is 100 per second but this may differ CPU O usage 05 27 40 PM 92 6 CPU usage graphic Memory usage This graphic displays the memory usage The following variables are monitored Free memory Amount of memory not used Page cache Amount of memory that is cached in a disk swap Bu
200. ule Before saving changes I n etc zentyal pre save directory all scripts with running ad ee eee oe se daa ee Maa aa aa ee a Bee al a a Se ee A PeHiMisslOns dre run DELOTS starung We save cnanges process After saving changes Scripts with running permissions in etc zentyal post save directory are executed when the process is finished Before saving module configuration W ritin g etc zentyal hooks lt module gt presetconf file being lt module gt the module name you want to tailor the hook is executed prior to overwriting the module configuration It is the ideal time to modify configuration templates from a module After saving module configuration etc zentyal hooks lt module gt postsetconf file is executed after saving lt module gt configuration Before restarting the service etc zentyal hooks lt module gt preservice is executed This script could be useful to load Apache modules for instance After restarting the service etc zentyal hooks lt module gt postservice is executed In the firewall case all the extra rules must be added here These options have great potential and allow highly customisable Zentyal operations offering better integration with the rest of the systems Development environment of new modules Zentyal is designed with extensibility in mind and it is relatively simple to create new Zentyal modules Anyone with Perl language knowledge may take advantage of the Zentyal
201. ust understand how Zentyal works internally The Zentyal modules once enabled overwrite the original system configuration files for the services they manage Modules do this through templates that essentially contain the basic structure of a typical configuration file for the service However some of the parts are parametrised through variables The values of these variables are assigned before overwriting the file and are taken from the configuration previously set using the Zentyal web interface file conf mas Configuration file template listen lt Skey_1 gt key_1 value_1 key_2 value_2 Using Configuration parameters Sdns gt domains file conf Configuration file eBox Models listen value_1 How the configuration template system works Therefore if you want to make your changes persistent and prevent them from being overwritten every time Zentyal saves changes you must edit templates instead of system configuration files These templates are in usr share zentyal stubs and their names are the original configuration file names plus the mas extension w a Take into account that these changes will persist even if you modify the Zentyal configuration they will not apply anymore if you update the module containing the template When you reinstall a package the mas files will be overwritten If you want these changes to be effective even when you update the module you have to copy the
202. value ADD AND EDIT ADD Adding a group to Zentyal Going to Users and groups Groups you can see all the existing groups edit or delete them While you are editing a group you can choose the users that belong to the group and also the information associated with the modules in Zentyal that have some specific configuration associated with user groups Groups gt Developers Administration of group Developers Comment CHANGE Users in group Users not in group dwalker jsmith mjones Editing a group Among other things with users groups is possible to e Have a directory shared between the members of the group e Create an alias for a mail address that will forward to all the users of a group e Assign access permissions of different groupware applications to the users of a group User s corner User editable data The user s data can only be modified by the Zentyal administrator which can be inefficient when the number of users to be managed 3 becomes too big Admunistration tasks like changing the password ot a user can be very time consuming For this reason you need the User s corner This corner is a Zentyal service designed to allow the users to change their own data This functionality has to be enabled like the rest of the modules The user s corner is listening on another port different to other processes to enhance the system security User Corner General configuration Port or 3888 C
203. wo interfaces are required one internal for LAN and one external for Internet If you want the VPN clients to connect between themselves by using their VPN addresses you must enable the option Allow connections among clients In most of the cases you can leave the rest of the configuration options with their default values Server configuration Server port UDP Y port 1194 VPN address 192 168 160 0 24 Y Server certificate vpn myvpn v Client authorization by common name disabled v TUN interface Network Address Translation sf Allow client to client connections Allow Zentyal to Zentyal tunnels Zentyal to Zentyal tunnel password Optional Interface to listen on y All network interfaces Y Redirect gateway First nameserver Optional Secod nameserver Optional Search domain Optional WINS server Optional CHANGE VPN server configuration In case more advanced configuration is necessary VPN address Indicates the virtual subnet where the VPN server will be located and the clients it has You must take care that this network does not overlap with any other and for the purposes of firewall it is an internal network By default 92 168 160 1 24 the clients will get addresses 2 3 etc server certificate Certificate that will show the server to its clients The Zentyal CA issues by default a certificate for the server with the name vpn lt yourvpnname gt Unless you want to im
Download Pdf Manuals
Related Search