Topic: SME Server and NeoRouter Client

[edmundjc]

I'm still somewhat green with Linux servers, and have been giving SME Server a try. So far I'm real impressed with it, and the final puzzle piece for it is Neorouter functionality. I don't need it to run the nrserver, but I do need it to join an existing NR network.

I am able to install and join a network no problem, but I think because SME Server likes to manage all startup scripts differently, both the nrclientcmd startup script and the nrtap adapter are removed from startup when it restarts, or the standard startup scripts (the one(s) that nrclientcmd manipulates) are not even touched on boot.

In rc.local I was able to add a line like nrclientcmd -d [domain] -u [user] -p [pass], but because the nrtap is not brought up automatically, it just hangs on reboot. It seems like rc.local still operates like it does on any other distro, so is there something I can add ahead of the nrclientcmd in rc.local that might bring the nrtap adapter back up? Or is there any other way that nrtap can be brought up ahead of this in SME Server?

If I can get the Neorouter client working on SME Server I will be a very happy camper.

Thanks!

[edmundjc]

Ok, so I'm able to start the NeoRouter service on boot by adding the following to /etc/rc.local:
/etc/rc.d/init.d/nrservice.sh start
Thanks to KevinZ at the NeoRouter forums for this help.

However, because NeoRouter wasn't present when the system was installed, it is not considered a 'Local Network'.  Therefore, I am unable to get to network shares, configuration, etc.  It appears the 'nrtap' adapter may be completely ignored.  I've messed around with the 'Remote Access' and 'Local Network' settings as much as I know how, to no avail.

My ifconfig reads the following (I've omitted lo):

eth0      Link encap:Ethernet  HWaddr 00:0C:29:D8:20:15
          inet addr:10.0.0.8  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:129910 errors:0 dropped:0 overruns:0 frame:0
          TX packets:129821 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:14020895 (13.3 MiB)  TX bytes:11596825 (11.0 MiB)

nrtap     Link encap:Ethernet  HWaddr 72:FC:D7:B6:3F:DD
          inet addr:10.0.2.28  Bcast:10.0.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1300  Metric:1
          RX packets:7442 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:1584307 (1.5 MiB)  TX bytes:84 (84.0 b)

Is there something I'm missing?

[Jáder]

You're missing the "Local Networks" menu option on server-manager.
Try to add you nr network (10.0.2.0) over there.
Use the IP of nrtap (10.0.2.28) as gateway.

Good luck.

Jáder

[edmundjc]

It makes sense to add the network to 'Local Networks', but I've tried that to no avail.  Using the address of nrtap as the router does not work, because SME complains that it's not accessible via the local networks.  So I've used a couple different addresses as 'router', but with no change in behavior.

Whenever I try to access the server via the nr network, the iptables log fills with entries like '... denylog: IN=nrtap OUT= MAC=00  SRC=10.0.2.23 DST=10.0.2.255 ...'

[Stefano]

my suggestion is to take a look at openvpn contrib to see how it works.. you may find some useful info and fragments/templates that you can adapt to nrtap interface

about starting automagically the service..

Code: [Select]

cd /etc/rc7.d
ln -s /etc/rc.d/init.d/nrservice.sh SXXnrservice [XX should be choosen so the service is started BEFORE masq]
config set nrservice service status enabled

HTH

[edmundjc]

Thanks for the help on the service startup.  I now have nrservice starting ahead of masq.

The simple solution for allowing access was to change the subnet mask to 255.255.252.0.  This allowed access to ssh, the web config, and I'm sure several other services via the NR network.

However the one that remains (and it's the most critical) is Samba.  I've changed the 'interfaces =' to read 'interfaces = 127.0.0.1 10.0.0.8/255.255.252.0 10.0.2.28/255.255.252.0', and restarting samba makes it work.  However, as you can expect the change is temporary, as the smb.conf is rewritten.

Is there a way to permanently add an entry to the interfaces of smb.conf?

[Stefano]

you must use a custom template

search the forums, the wiki and the dev's manual, you'll find the way..

[edmundjc]

Fantastic.  Thanks, everyone.  I now have everything exactly the way I want it.

[janet]

edmundjc

There is a Template Tutorial Howto that has the basics. Refer to Development Guide/Manual for more detailed information.

Please share here what you did to achieve success, for the benefit of future readers & users.
Please post your custom template details & content & commands used etc. Thanks.

[edmundjc]

Please post your custom template details & content & commands used etc. Thanks.

So what I have so far is everything is mostly working.  My original test install works perfectly, and apparently it must have something to do with something I did while muddling around early on, because I cannot reproduce it on the production server.

My documentation so far:

Code: [Select]

Installing NeoRouter on SME Server 8

When setting up SME Server, make sure the server IP address is something that can be subnetted within reach of the NeoRouter subnet, and adjust its subnet to include the physical network and the NeoRouter network extents.
For instance:
if the physical network is
10.0.0.x/24
and NeoRouter's network is
10.0.2.x/24
Set the server's physical network to
10.0.0.x/22
(SME Configuration may require longform subnet mask?)

This is necessary so that by default, SME Server trusts inbound connections from the NeoRouter adapter once it's installed.

At the command line.

From the CLI:

wget http://download.neorouter.com/Downloads/NRFree/Update_2.1.0.4265/Linux/CentOS/nrclient-2.1.0.4265-free-centos-x86_64.rpm

yum install nrclient-2.1.0.4265-free-centos-x86_64.rpm

nrclientcmd
enter domain, user, and password, then quit

cd /etc/rc7.d

ln -s /etc/rc.d/init.d/nrservice.sh S**nrservice
[Enter 30 for the **, or a unique number before the masq service.  The number may need adjusting on your installation.]

config set nrservice service status enabled

cd /etc/e-smith/templates/etc/smb.conf

nano 11bindInterfacesOnly
[the number may not be 11 in your install]
Change the variable to 'no'.

reboot
So I don't know if I'm missing something in the web interface or somewhere else to allow samba/ssh/etc. over the NeoRouter network.
My Local Network is 192.168.0.0/255.255.224.0.  The physical network is 192.168.16.0, and the NeoRouter network is 192.168.18.0.

If I allow ssh from anywhere, I can connect via the NR interface, so I know there's communication there.

Once I have this working predictably, I'll be sure to post what I've learned.

[edmundjc]

The method in my previous post appears to work.  After a few days of use (I hadn't changed anything setup-wise) and at least one full restart of my entire physical network, everything works as planned.  I hesitated to post this success, because I wasn't sure it was stable, but after giving it a week of good use, it appears to be working quite well.

Anyways, plenty of modification would probably be in order to use this in any situation other than just a file server, but it works great for me.

SME Server is pretty fantastic, and I'll be contributing some funds soon.

Thanks, folks!

[johnp]

Code: [Select]

cd /etc/e-smith/templates/etc/smb.conf

nano 11bindInterfacesOnly
[the number may not be 11 in your install]
Change the variable to 'no'.


This fragement should have been duplicated in /etc/e-smith/templates-custom/etc/smb.conf
then modified and expanded, this is the proper sme way from what I understand.

[janet]

edmundjc

The recommended SME way to do this (as johnp says), is to create a custom template & modify that. These changes then get applied to the conf files.
A custom template fragment of identical name as the main template fragment will override the main fragment, so the custom template changes prevail.
This keeps the standard templates unchanged & allows you to revert to an unmodified installation when & if needed, eg when troubleshooting &/or at version upgrade time, which can be done quite simply by deleting or moving the custom templates & their fragments & doing a post upgrade & reboot.
Using custom templates & fragments also allows you to easily see what changes you have made to your server over time, ie in a year or two you may forget which .conf files have been altered, but you can easily review the custom template directory tree to see all modifications you have made over time.
This is exactly the scenario you appear to describe between setting up your test server & then moving to your production server, ie you lost track of the changes & tweaks you were making to get it working as required.
Using custom templates is an easy concept to grasp & I highly recommend & advise you to look more deeply at the method, ie as described in the Template Tutorial here http://wiki.contribs.org/Template_Tutorial
& the Developers Guide (refer main Wiki page).

Code: [Select]

[the fragment number may not be 11xxxxxxx in your install so look for & use the correct named fragment]

mkdir -p /etc/e-smith/templates-custom/etc/
cp /etc/e-smith/templates/etc/smb.conf/11bindInterfacesOnly /etc/e-smith/templates-custom/etc/
cd /etc/e-smith/templates-custom/etc/smb.conf
nano -w 11bindInterfacesOnly
 Change the variable to
bind interfaces only = no
 & save the file

signal-event post-upgrade
signal-event reboot


[edmundjc]

The recommended SME way to do this (as johnp says), is to create a custom template & modify that. These changes then get applied to the conf files.

Thank you very much for the reply.  Apparently, my email notifications are not working, otherwise I would have noticed this some time before.
This worked perfectly with a quick tweak.  That is, the folder to copy the 11bindInterfacesOnly file to should be /etc/e-smith/templates-custom/etc/smb.conf
I've updated the steps as follows:

Code: [Select]

[the fragment number may not be 11xxxxxxx in your install so look for & use the correct named fragment]

mkdir -p /etc/e-smith/templates-custom/etc/
mkdir -p /etc/e-smith/templates-custom/etc/smb.conf
cp /etc/e-smith/templates/etc/smb.conf/11bindInterfacesOnly /etc/e-smith/templates-custom/etc/smb.conf
cd /etc/e-smith/templates-custom/etc/smb.conf
nano -w 11bindInterfacesOnly
 Change the variable to
bind interfaces only = no
 & save the file

signal-event post-upgrade
signal-event reboot

Thanks for the help!