Topic: Help with setting up of 2 SME servers

[tib38]

Hello,

I'm trying to setup 2 SME servers.

One will be the Internet gateway/e-mail server and the second is the file server (server only mode).

My question is what is the best way to setup dual servers.

For obvious reasons I would like to keep things seperate.

I would like the file server to be the internal domain server but people to get ther mail of the e-mail server.

Can someone please help me with this setup.

Regards,
Tibor.

[Boris]

Hello,
I'm trying to setup 2 SME servers.
For obvious reasons I would like to keep things seperate.

It’s not that obvious as SME DESIGNED for situations like this (Server-Gateway mode) and can handle all those tasks safely and reliably. Samba (file sharing and domain functions) are bound to LAN interface only and therefore behind firewall. Single accounts database for logins and e-mail simplifies management and reduce human errors in account management.
It is perfectly safe to use single server-gateway for all the task you require.

[tib38]

Hi Boris,

I know SME can do eveything on one box ... the reason I want to setup 2 servers ... or should I say 3 servers is so they do different tasks.

I want server 1 to to do the e-mail/gatway role ... server 2 to only do the file server & Domain controller (logins etc) role and the 3rd server to run all the different applications on it and printer server (This will be a windows server).

And all this is so if one server dies 50 odd ppl don't just sit there without anything to do.

All 3 server will have raid etc and all the things to help not have downtime. But there is never a fail proof system.

I just need some guidence to what way would be best to setup the sme servers so as server 2 is the domain controller and server 1 is the e-mail/web/gatway etc.

EG: server 1 setup as server/gateway .... server 2 setup as server only mode or should i do something diff there.

I'm only going to get one stab at this and I would really like to implement the linux servers here.

Someone must have the same setup somewhere who can help.

I havn't got much linux knowlege so any help is appreciated.



Tib

[shanen]

If you must have 3 servers, then this is how you could do it without having manage multiple instances of user accounts. You didn't specify what MS Server you are using.

Srv1 - SME in server/gateway mode with AV and Spam filtering. No user accounts. Delegate mail to windows box.

Srv2 - SME in server only mode. There is a how to here somewhere that will allow SME to be a member of a windows domain so you don't have to have local user accounts. Here you can create your information store.

Srv3 - Windows box with all user accounts and exchange. Logon script with mapped drives to Srv2. Print server.

If you have an old box lying around, I would test Srv2 now as it won't involve any down time.

Does anybody else have any ideas?

[tib38]

Hello Shanen,

The windows machine will run Windows 2000 server on it but I didn't really want it to be the domain controller or run exchange on it ... I want to go away from spending too much money on software that SME can do just as well for us.

I would prefer server 2 to be the internal domain controller and have all the user accounts on that one.

As for the e-mails ... I wanted to keep that on a seperate server ... the e-mails will be kept on the server it's self and not downloaded ... setup will be IMAP not POP3 ... everyone will have a cirtain amount of space allocated and will have to clear out there e-mails on occation. I have some ppl here with over 500 meg pst files.

Server 3 will only run programs like Streamserve, Zetafax, Banking programs etc as well as the main printer server ... so it doesn't require any user profiles setup.

I've played arround a little with it just yesterday ... I setup svr1 as the e-mail/gateway and svr2 as server only but I had the user accounts on both machines ... I pointed svr2 to svr1 in regards to Gateway IP address as well as firewall server.
I told svr2 that svr1 was the e-mail server and to get mail off there but I think I'm still missing something ... the link is still not there.

Going to go play a bit more now ...

Any help is greatly appreciated.

Tib

[Boris]

Syncing user accounts between srv2 and srv1 for e-mail is not trivial (depends on the number of accounts and frequency of changes), that is why I suggested single server solution. If e-mail filtered, forwarded by srv1 to srv2 and then handled by srv2 you will need single account database. Windows server can join srv2 domain and have no local users.
SME is not ready yet for LDAP or DOMAIN authentication “out of the box”. Attempts use domain authentication work only for file sharing (samba) and missing e-mail part.
Synchronizing accounts manually or via script and cron may not satisfy your requirements.

[shanen]

Boris has a very good point and you need to seriously consider your options because you could be spending considerable time managing user accounts.

Here is another way to make it work.
On srv1 delegate mail to srv2 (email settings in server-manager)
Srv1 will accept all mail for your domain then forward to srv2. No user accounts. Just an email toaster and gateway for web access.
Srv2 will only accept mail for valid users or Pseudonyms so this is where you manage user accounts.

[Henk]

Boris has a very good point and you need to seriously consider your options because you could be spending considerable time managing user accounts.

Knuddi published a NIS:

'When you have multiple servers in your network you always have the problem that the users have to be added, removed and have their password changed on all servers. The solution to that is NIS. I have created a Howto based on the way I have done my own internal system.'

You can find the howto on Knuddi's site of course: http://sme.swerts-knudsen.dk/

[shanen]

tib38
Looks like you are going to have fun testing what works for you.
Let us know how you go

[tib38]

Hello ppl,

I have just re-laoded the servers and am going to setup Knuddi's NIS setup and then load on the extra addons I require. I found this yesterday looking through Knuddi's site ... I see someone else found it as well.

Knuddi has some really good how to's.

It looks like I'm going to be able to achieve what I'm after.

I'll let you all know how I went and what I did once all is setup.

I'm going to setup the NIS right now.

Should have everything done by tuesday ... I have lots of other things to do as well. Only get to spend 2-3 hrs on the servers/day testing.

Regards
Tib

[Boris]

NIS authentication is one step closer to your goal.
Other things to consider is home directory, mail directory locations, ibay/file/folder ownership etc...
Let us know of results.