Koozali.org: home of the SME Server

[Anounce] smeserver-trixbox-fws-beta2

Offline Daniel B.

  • *
  • 1,700
  • +0/-0
    • Firewall Services, la sécurité des réseaux
[Anounce] smeserver-trixbox-fws-beta2
« Reply #45 on: February 14, 2007, 10:04:58 AM »
Well, I don't know for now where this error comes from. I think it's a parameter in php.ini which prevent the connexion to the online repo. As I'm very busy for the moment I cant search for this but I'll try to solve that issue.
Cheers, Daniel
C'est la fin du monde !!! :lol:

iam

[Anounce] smeserver-trixbox-fws-beta2
« Reply #46 on: February 15, 2007, 08:25:27 AM »
Hello!

You were absolutely right.

parametre allow_url_fopen in php.ini file was Off
it should be On

So
vi  /etc/e-smith/db/configuration/defaults/php/AllowUrlFopen
and change it to On

After that modules appear to be downloadable but I've discovered another problem ....

Please wait while module actions are performed
Downloading announcement Error(s) downloading announcement:
Error opening /opt/asterisk/html/admin/modules/_cache/announcement-0.7.0.tgz for writing


I've checked permissions on a native TB2.0.. there were some differences...

So running the next command solved the situation
 chmod -R  a+rw  /opt/asterisk/html/admin/modules/*

I understand that permissions demand more precisely work but anyway it helps....

Sincerely
Kirill

Offline Daniel B.

  • *
  • 1,700
  • +0/-0
    • Firewall Services, la sécurité des réseaux
[Anounce] smeserver-trixbox-fws-beta2
« Reply #47 on: February 15, 2007, 10:34:29 AM »
Well, I don't know what are the impacts on the security if we set allow_url_fopen to on. I think we are more exposed to cross scripting attacks, so set it at your own risks. For the permissions, I think it can also be dangerous to give write permissions for everyone. I don't understand why you have to set others to have access, because apache runs under www, and www should be in the group asterisk. The default permissions on the directory /opt/asterisk/html/admin/modules/* are asterisk:asterisk 770 so ww should be able to write. can you verify that www is in the group asterisk (cat /etc/group| grep asterisk should return one line like this asterisk:x:455:www)

Cheers, Daniel
C'est la fin du monde !!! :lol:

iam

[Anounce] smeserver-trixbox-fws-beta2
« Reply #48 on: February 15, 2007, 01:10:32 PM »
Its test server at the moment certainly...
By the way what do you think about using smeserver-trixbox addon in production environment&?  Any success stories?

[root@gate ~]# cat /etc/group| grep asteris
asterisk:x:454:www
[root@gate ~]#

Offline Daniel B.

  • *
  • 1,700
  • +0/-0
    • Firewall Services, la sécurité des réseaux
[Anounce] smeserver-trixbox-fws-beta2
« Reply #49 on: February 16, 2007, 09:34:42 AM »
Well, I'm using smeserver-trixbox on a prod environnement, and I'm planning to install it on 3 others production servers. But I only use the base, so I'm not sure everything is ok (maint, meetme, xpl, a2biling). For the base, I'm quit happy with it, even if I don't use it extensivly (up to 4 users, one pstn line, one sip line). But there's still some problems, I've just see that sonferences do not work anymore with the last release (it was working on previous) so I need to find out the problem. In fact, I would recommend anyone who'd like to use it in production to test everything they need before the installation. If all the features you need are working, then, no problems.
C'est la fin du monde !!! :lol:

iam

[Anounce] smeserver-trixbox-fws-beta2
« Reply #50 on: February 16, 2007, 12:53:09 PM »
Thank you for reply. I am thinking about 15 -20 employee office and the most important question is if e-mail correspondense with anti-spam and anti-virus checking will affect quality of voice service  ... (Or may be another services make harm for voice)

Do you use prioritisation of processes like 'nice --19 ' command or may be some other  stuff?

Kirill

Offline Daniel B.

  • *
  • 1,700
  • +0/-0
    • Firewall Services, la sécurité des réseaux
[Anounce] smeserver-trixbox-fws-beta2
« Reply #51 on: February 16, 2007, 01:31:41 PM »
No, I don't use any process prioritisation, because with the actual cpus (I have cheap celeron on all my servers), asterisk doesn't take too much cpu. But you can easily have quality problem because of bandwidth usage, you should estimate how many communications you will have at the same time, and estimate the needed bandwith (it also depends on the codec you use, but if you use ulaw/alaw, count 70-80 kbps per call)
C'est la fin du monde !!! :lol:

iam

[Anounce] smeserver-trixbox-fws-beta2
« Reply #52 on: February 16, 2007, 04:54:19 PM »
Sorry ...

To switch AllowUrlFopen to On

instead of editing vi /etc/e-smith/db/configuration/defaults/php/AllowUrlFopen

the next command should be issued..

config setprop php AllowUrlFopen On

Offline svangool

  • ****
  • 73
  • +0/-0
[Anounce] smeserver-trixbox-fws-beta2
« Reply #53 on: February 22, 2007, 04:00:01 PM »
Update on my Trixbox installation (after changing /etc/asterisk/res_mysql.conf, see earlier):
    - Got extensions analog + sip softphone working
    - Got sip inbound working (Budgetphone)
    - Got sip outbound working (Voipbuster)
    - Phonebook and phonebook CID lookup do not seem to work
    - Flash Operator Panel doesn't show all the defined extensions, trunks etc.
    - Module updates don't work (solved, see earlier)
    - Pressing the red bar keeps it moving forever the first time
    - asterisk -r from command line, allways comes back with: previous reload not finished (after 15 minutes)
    - /etc/init.d/asterisk -restart: immediate configuration update
    - So, somehow the webpanel configuration update doesn't work (which caused a lot of puzzling before I understood why my settings were not working)
......

Offline svangool

  • ****
  • 73
  • +0/-0
[Anounce] smeserver-trixbox-fws-beta2
« Reply #54 on: February 22, 2007, 11:37:47 PM »
To IAM:

After the "setprop" don't forget to mention to:
    - expand-template /etc/php.ini
    - /etc/init.d/httpd restart (will give an error, but ignore)
    - Close Freepbx and re-open and clear cache (ctrl-F5 with explorer)


And yes, the rights thing is a mess. I used your line of code and had to manually create a _cache directory. Then (after the update) I moved all the tars one dir up and untarred them manually again, which resulted in a full update.

After that I changed the "setprop" to "Off" again and followed above steps again to resecure everything.

VIP-Ire, are you planning on solving this?
I do appreciate a lot the work you already did.
......

iam

ciscophone xml services
« Reply #55 on: February 23, 2007, 05:01:49 PM »
Hello everybody!

There is question appears again during testing of sme-trixbox addon...

Yesterday I've got cisco 7970 for tests and tried to check if xmlservices works well. It appears that cisco and xmlservices aliases doesn't added to apache httpd.conf by any reasons.

I dont know how to work with sme server precisely since I first installed it in late december but to open xmlservices and cisco dirs for tests of ciscophones  I've done the next:

vi /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/90e-smithAccess30cisco

{
my $externalSSLAccess = '';
my $validFrom = db_get_prop($confref, "httpd-admin", "ValidFrom") || 'none';

$validFrom =~ s/,/ /g;
$validFrom =~ s:/255.255.255.255::g;

unless ($validFrom eq 'none')
{
$externalSSLAccess = $validFrom;
}

$OUT .= <<HERE;
#-----------------------------------------------------------------------------
# IAM generated xmlservices and cisco directory
#-----------------------------------------------------------------------------

Alias /cisco /opt/asterisk/html/cisco
<Directory /opt/asterisk/html/cisco>
AddType application/x-httpd-php .php
AllowOverride None
Options +Indexes
order deny,allow
deny from all
allow from $localAccess $externalSSLAccess
AuthName "SME Server Manager"
AuthType Basic
AuthExternal pwauth
require user admin
</Directory>

Alias /xmlservices /opt/asterisk/html/xmlservices
<Directory /opt/asterisk/html/xmlservices>
AddType application/x-httpd-php .php
AllowOverride None
Options +Indexes
order deny,allow
deny from all
allow from $localAccess $externalSSLAccess
AuthName "SME Server Manager"
AuthType Basic
AuthExternal pwauth
require user admin
</Directory>

#-----------------------------------------------------------------------------
#End of  IAM generated xmlservices and cisco directory
#-----------------------------------------------------------------------------
HERE
}


Sincerely
Kirill

iam

[Anounce] smeserver-trixbox-fws-beta2
« Reply #56 on: February 23, 2007, 05:10:35 PM »
Sorry

Password authentication should be removed ...

So something like that:

Alias /xmlservices /opt/asterisk/html/xmlservices
<Directory /opt/asterisk/html/xmlservices>
AddType application/x-httpd-php .php
AllowOverride None
Options +Indexes
order deny,allow
deny from all
allow from $localAccess
</Directory>

May be some more options should be added or removed ... or there is another better way to provide xmlservices to ciscophones, but it is guru's call... :)

iam

System recordings .... permissions problem
« Reply #57 on: February 28, 2007, 09:50:46 PM »
Trying to use system recordings module in FreePBX. When trying to save recording in a step 2 'Name' an error occurs:

mv: cannot move `/tmp/501-ivrrecording.wav' to `/var/lib/asterisk/sounds/custom/Rec_Test.wav': Operation not permitted

When /tmp/501-ivrrecording.wav created it becoms read-only permission for group (asterisk) so apache can not move it as it runs as www...

Cant find right way to solve this problem ... Any ideas?

Sincerely
Kirill

iam

[Anounce] smeserver-trixbox-fws-beta2
« Reply #58 on: February 28, 2007, 10:26:28 PM »
There is one more question.

Dialed 666 but didn't heard fax answer.  Asterisk says that app_rxfax is missed. Does this function absent by design or just waited its hour to be added?

If someone needs it quickly:

wget http://yum.trixbox.org/centos/4/RPMS/asterfax-1.0-free.i386.rpm
wget http://yum.trixbox.org/centos/4/RPMS/ghostscript-8.15.1-7.i386.rpm
wget http://yum.trixbox.org/centos/4/RPMS/ghostscript-fonts-5.50-13.1.noarch.rpm
wget wget http://yum.trixbox.org/centos/4/RPMS/jre-1_5_0_07-linux-i586.rpm

yum localinstall ./*.rpm --enablerepo=base

/usr/lib/asterisk/modules/app_rxfax.so Could be copied from stanalone Trixbox with same asterisk ver. to not to deal with whole asterisk package.

Sincerely
Kirill

Offline svangool

  • ****
  • 73
  • +0/-0
[Anounce] smeserver-trixbox-fws-beta2
« Reply #59 on: March 19, 2007, 10:40:03 PM »
There is a security problem with older asterisk versions.

I took the opportunity to update trixbox 2.0 by updating both freepbx to 2.2.1 and asterisk to 1.2.16 (the latest versions) and it works on SME 7.1.2 (as far as I tested).

Following steps after backing up your conf-files (/etc/zaptel.conf, /etc/amportal.conf and /etc/asterisk/*.*):

preparation:
Code: [Select]
yum install gcc (oh, oh, do not forget to remove this when finished)
yum install openssl-devel

freepbx 2.2.1:
Code: [Select]
cd /usr/src
wget http://downloads.sourceforge.net/amportal/freepbx-2.2.1-withmodules.tar.gz (indeed, gives you the latest modules!)
tar xzf freepbx-2.2.1-withmodules.tar.gz
cd freepbx-2.2.1
./install_amp


asterisk 1.2.16:
follow http://nerdvittles.com/index.php?p=171 but replace kernel references with 2.6.9-42.0.10 (for SME 7.1.2)

If you are ready:
Code: [Select]
yum remove gcc

That is all!
......