Topic: Setting up directories etc.

[BeeKeeper]

I am new to using the SME7 server and I am getting problems setting up clients to use use it. On the SME7 server, I have set up a group with 4 users. From a XP Pro computer, I can see the group but always with the same users name of ANDI (one of the users names in the group). I don't seem to be able to set up any directories to use by the four different users and I can't see any other users other than ANDI from any of the XP Pro computers in the network.
On the server, I want to be able to set up a PUBLIC directory that everyone can use and also a directory for each user but I am not sure how to go about it. I must be nearly there as I can see the group but how do I set the rest up.
To most of you this must be easy but I am new to this and can't find a 'basic setup guide for beginers' If I can get everything working with your help, I will write a simple guide but I need to know what I am doing first.
Please help.
Bill

[dsemuk]

Have a look at chapter14 of the user guide (link from the menu on the left).

That will give you have a basic understanding of iBays and how to use them.

Dave

[Tib]

BeeKeeper

When you setup a user it will auto create a personal "home" dir for everyone ... Lets start from the begining.

1. Create all your users ... Home dir's "Ibays" will be created.
2. Create all your groups and assing the required users to them
3. Create all your Ibays and assign the groups to them ... with the required rights.

Everyone in a group will be able to access that Ibay ... ppl who are not in that group will not be able to access the ibay.

If for some reason you want seperate Ibays for each person "other than the home dir"  then you will have to create a group just for that person and assign then to that group and then assign the group to the Ibay.

Now ... for all this to work user name and password must be the same on server as on the client PC ... best way is to run your server as a DC "Domain Controller" and login to the domain ... that way you get all your home dir's "Ibays" as well as being able to run an addon that helps a bit as well.

This addon has just been updated to run with SME7 and works similar to the logon.bat file in windows servers.

http://mirror.contribs.org/smeserver/contribs/jbennett/sme7/loginscript/RPM/

This will only work if you use your server as a DC "Domain Controller"

After setup you will have to re-conect to the domain to get the login script to activate.

If you have problems understanding how it work let me know ... it does have examples though.

If you require more detail about ibays/user setups/permissions just let me know.

Regards,

Tib

[BeeKeeper]

Thanks for your help. I will give your suggestions a try and come back to you if I am still having problems.
Beekeeper

[TheMonk]

Hi Tib

If I want my users to authenticate when accessing an iBay with a browser, will they be given access using their own userid/passwd if I set up my iBays as you have described it?

Or do the have to use the 'userid' (iBay-name) of the iBay and the password for that iBay?  ie. everybody has to know the password.

Regards

Btw. I'm using SME 6.0.1

[Tib]

TheMonk

I think it depends on how you access the ibay ...

If you access using ftp eg: ftp://ibayname:ibaypassword@serverip ... speaks for it's self.

or ftp://ibayname@serverip ... then it will ask for password.

serverip can also be ftp.domainname.com eg: ftp://ibayname@ftp.domainname.com

if you use http://serverip/ibayname ... then I fould I had to use "ibay" name and "ibay" password to access ... but you will have to configure the ibay for it to work with http access ... you have to enable Execution of dynamic content (CGI, PHP, SSI) and I also found you have to make a new dir and have the files in there ... you don't get access to the actual files directory using http access ... unless I'm doing something wrong.

Regards,

Tib

[Tib]

TheMonk

If your talking about windows explorer as the browser then if there in a group they have auto access ... the ibay uses the user name and user password to accept access.

I have never tried to enable a password to make athed users to use a password to access an ibay ... not sure why you would do this as only those ppl have acces to ibay who are in the group.

Regards,

Tib

[TheMonk]

Hi Tib

Thanks for your answers...

Yes, I'm accessing the Bay with MS Internet Explorer as you wrote in your last post.

What I'm trying to achive is setting up an iBay [local network (password required)] that a (smal) group of users can browse by authenticating themselves using their own userid/password.

As you wrote the only way to access this iBay is by using "iBay"-name and "iBay"-password.

... not sure why you would do this as only those ppl have acces to ibay who are in the group

I have created an iBay [local network (no password required)] everybody can browse this iBay! -even pc's not created as user on the SME-server.

Regards
TheMonk

[raem]

TheMonk

> What I'm trying to achive is setting up an iBay ...that a (smal) group of > users can browse by authenticating themselves....

This is achieved by making those users members of a group, and then giving ownership of the ibay to that group, ie write=group read=group, see the setting choices in the ibay configuration.

In this case (local file sharing) do not set the ibay to require a password.
Those users will need to logon to sme server at Windows start up, or when browsing (using Windows Explorer) to the ibay.
Only those users who are members of the group will be able to access the ibay.

The password setting choice only applies to Internet web browsing access anyway and not for local file sharing access, where you would login with user=ibayname & password =ibaypassword.
If you read the field names in the ibay server manager setup screen you will see when each of the choices is applicable or not applicable.

This is well covered in the manual so I suggest you read the chapter on ibays more carefully again.

[judgej]

TheMonk

> What I'm trying to achive is setting up an iBay ...that a (smal) group of > users can browse by authenticating themselves....

This is achieved by making those users members of a group, and then giving ownership of the ibay to that group, ie write=group read=group, see the setting choices in the ibay configuration.

In this case (local file sharing) do not set the ibay to require a password.
...

I don't think this is what he is trying to achieve. I think he wants to apply user-level authentication to the HTTP part of the e-bay.

From my knowledge of SME 6.x only (I don't know if SME 7 has changed in this area) it is simply not possible to do that through the admin pages.

Authentication can be added to an i-bay (the HTTP part) using .htaccess and .htpasswd files, but those passwords would be hard-coded into those files - they would not automatically pick up the current user password, or allow authentication against a group of users.

Applying a password to an i-bay http access means all users accessing that i-bay would need to share that password. You could not be able to simply add and remove users from that group without creating a new password and sharing it will all the current users with permission to use that i-bay through their browser.

Incidently, this is a common requirement, especially where access to an i-bay through WEBDAV is required. For example, users sharing an i-bay over the Web to hold their i-cal calendar files. Being able to restrict access to that i-bay (perhaps even allowing read-only access to everyone, but write access only to individuals able to update their calendars), and the ability to ensure people log on as themselves, is  very useful. I tend to customise templates to support this, and will be doing so again when I install my first SME7 today

Protecting an i-bay on the Web with a single, shared, password is fine if the password is changed regularly, but is very limiting. Allowing access to an i-bay over the Web using the built-in SME user authentication out of the box, would be very cool.

-- JJ

[raem]

TheMonk & judgej


> ...I'm accessing the Bay with MS Internet Explorer...

Sorry I misread this as Windows Explorer.
Although what I said above is correct, disregard it as it's not applicable to your situation.

As judgej says, you will need to setup seperate .htaccess files & password lists although the better & more secure way to do this is by using appropriate custom templates. If your situation requires it, then this is not difficult to do, but needs to be seperately maintained if your users and/or their passwords change.

See this howto, which I have been told works OK on sme7

http://mirror.contribs.org/smeserver//contribs/rmitchell/smeserver/howto/htaccess%20configuration%20with%20custom%20templates%20HOWTO%20for%20sme%20server.htm

[raem]

judgej

> Allowing access to an i-bay over the Web using the built-in SME user
> authentication out of the box, would be very cool.

Yes it would be good.
Webmail authenticates against the sme users, so the same/similar techniques could be used to authenticate ibay logins. It just needs someone clever and willing enough to write the code, to get Apache (I think) to function this way.

[judgej]

judgej

> Allowing access to an i-bay over the Web using the built-in SME user
> authentication out of the box, would be very cool.

Yes it would be good.
Webmail authenticates against the sme users, so the same/similar techniques could be used to authenticate ibay logins. It just needs someone clever and willing enough to write the code, to get Apache (I think) to function this way.

Yep

There has always been a bit of a blocker in that LDAP in SME (7.x - not sure) does not provide any kind of authentication services, i.e. there are no password details in the LDAP installation. If there were, all sorts of possibilities would come with it, such as web applications authenticating against SME users (i.e. at the application level, and not just the OS level). Not sure how webmail does it though...?

Another thing I'm looking at, is using the NIS contribution on SME to allow it to authenticate users on external boxes. From what I can make out, it may then be possible to point an e-bay at the NIS authentication service simply through .htaccess (http://www.math.tu-clausthal.de/~matsa/linux/apache-nis/)

Not tried it yet (got a blocker trying to install SME7 today) but it may be worth looking at as a solution.

-- JJ