Clear OS - Alcuni promemoria utili - Parte 1 - from A to D

Indirizzi vari servizi

Remote Login - https://192.168.X.X:81/

Indirizzo della webmail: https://192.168.X.X:83/

Installation Trouble shooting

There are thousands of pieces of hardware and related drivers available for use in the PC world. The advantage: consumer choice. The disadvantage: hardware compatibility issues are common. There are several debug screens in the installer that can help when an installation fails. Use the Alt-FX key combination to view:
  • Alt-F1: main install screen
  • Alt-F2: command line (not always available)
  • Alt-F3: general log
  • Alt-F4: driver log
  • Alt-F5: hard disk / CD log

Command line - Console

If you need to drop to a command line when presented with this screen, you can press 'CTRL+ALT+F1' (F1-F6 are command line terminals, F7 is a log for the XWindows environment, and F8 is the graphical user interface for Webconfig).
To get back to Webconfig, press 'CTRL+ALT+F8'.

Command line - Installare gli aggiornamenti da command line

For users who prefer the command line environment over the web-based interface, the yum tool provides a way to search and install modules. The following table summarizes the most commonly used commands; detailed information follows.

Finding a Module

A complete listing of all packages in the apt-get repository can be found by using the following command:
yum clean allClear cache of entries and allows for new, authoritative indexes
yum updatefor updating the latest list of available software packages
apt-get upgra defor installing all the available updates for your current installation
apt-get dist-upgradefor installing updates after a ClarkConnect upgrade
apt-get installfor downloading and installing software packages
apt-cache search search termapt-cache search search term for searching for software packages

You can narrow your search by specifying a search term. For example, if you wanted to find packages relating to the Postfix SMTP mail server, you could issue the following command:
# apt-cache search . | grep postfix

Command line - Adding A User Account From The Command Line

This Howto describes the procedure for adding a user account outside of the ClearOS LDAP system (i.e. in /etc/passwd). The two most common reasons for this requirement:
  • You need an account for running a third party service (daemon)
  • You just want to have an old school user account outside of LDAP

Adding a System Account

If you are installing a third party service (daemon) on your ClearOS system, it is common practice to run the service under a unique account. Fortunately, most Linux distributions reserve a range of user IDs for this purpose. Unfortunately, this range differs across Linux distributions. In ClearOS, user IDs from 1 to 499 are reserved for system accounts. By specifying the -r flag in useradd, the account will automatically be created as a system account. For example:

useradd -r zimbra

You may also want to specify a different home directory with these accounts:

useradd -r -d /var/lib/zimbra zimbra

Don't worry about the following warning message if you see it:
useradd: unknown GID 100

Adding an Old School User Account

In some circumstances, you may want to add an old school user account that will not overlap with LDAP. This is common practice in a ClearOS developer environment, especially if you are developing for the LDAP system! Fortunately, a range of user IDs have been reserved for this purpose. In ClearOS, user IDs from 500 to 999 can be used for an old school user account. By specifying the user ID with the -u flag, you can create an account in this old school range:

useradd -u 500 oldschool

After creating the account, you can set the password with:

passwd oldschool

On ClarkConnect systems that have been upgraded from version 4.x, you should run the following first: rm -f /etc/system/pre5x
Adding user account below 1000 are considered administrative accounts to the Samba file server and may not be valid.

Command line - Creare Utente Administrator

The winadmin account IS the Windows Administrator account. It has the RID=500, which means “Administrator”. This is exactly the account name that should be used.

The winadmin account IS the Windows Administrator account. It has the RID=500, which means “Administrator”. This is exactly the account name that should be used.

OK, I promise the rant is really over now

Since you really press the requirement to create an account called “Administrator” that presumably MUST have administrative rights and privileges in the MS Windows environment, here you go:

1. Edit /etc/samba/smbusers: Comment out this line “root = administrator admin” The edited line should be:

#root = administrator admin

2. Using the Webconfig interface add a user account called “administrator” (case sensitive). In adding this account be sure to add this account as a member of the Domain Admins group.
The account name MUST be in lower case

3. Set the “administrator” account so that its RID is 500, by executing:

pdbedit -r -U 500 administrator

4. Change the winadmin RID so it is NOT 500, by executing:

pdbedit -r -U 2500 winadmin

The winadmin account is NO LONGER an MS Windows Administrator. In addition, if you have a large number of users, the UID 2500 may already be in use and you would need to specify a different number

5. It may also be necessary to grant the “administrator” account appropriate rights and privileges as follows:
net rpc rights grant "DOMAINNAME\Admininstrator" SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege -Uadministrator%"password"

Command line - Installare Software da command line

A complete listing of all packages in the yum repository can be found by using the following command:

yum list

By piping the results of the search into a grep filter, you can easily find what you are looking for. For example, if you wanted to find packages relating to the Postfix SMTP mail server, you could issue the following command:

yum list | grep postfix

The response would include all packages containing the search string 'postfix'.
Some users will prefer to use yum via command line to install and manage packages. The following example would install the Protocol Filter module:

yum install app-protocol-filter

Command Line - Resetting A Lost Root Password

If you no longer know the root password for your ClearOS system, you can follow the following steps to reset it. For security reasons this procedure cannot be carried out remotely; it must be done from the console (keyboard and monitor) while physically at the server.

Boot Into Maintenance (Single-User) Mode

First, you need to boot your system into maintenance (single user) mode:
  • At the boot splash screen, press any key to stop the countdown timer.
  • Select Linux with the version of the Linux kernel that you wish to boot
  • Type a to modify the boot procedure.
  • Make sure that the cursor is at the end of the line and press the Spacebar and then type single. Press Enter to exit edit mode and begin booting up your system.
  • Once the operating system has loaded you will be at a prompt similar to the following:

  • Type the command passwd and press Enter. You will see the following:

Changing password for user root
New UNIX password:
Make sure that you set a strong password - i.e. it should not be based solely on a dictionary word and should contain numbers or other valid non-alpha characters.
  • You will then be asked to re-enter the password to confirm it and will subsequently receive a confirmation that the root password has been reset.
  • Now type in the command reboot and press Enter to restart your ClearOS system.

Dominio - Clearos as Replicate

Standalone ClearOS servers can also act as replicates. For ClearOS 5.2 you can change the way that Webconfig references the LDAP server by setting the following parameter in command line:

vi /etc/cleardirectory/config


mode = master
In future versions, control over this item will be accessible in the Webconfig interface.

Dominio - LDAP

The following settings can be configured in Webconfig:
  • The Domain Name should be set to your primary Internet domain, for example
  • The Publish Policy is useful if you need to access the LDAP directory from an external system

Primary Domain Controller / PDC

When configured as a primary domain controller, the following parameters must be specified:

Windows Domain - the domain name, for example: Toronto.

Logon Script - the script to execute when a user logs into the domain. You can upload this script to the netlogon directory by connecting to your ClearOS system as the Windows administrator (winadmin).

Roaming Profiles - the state of roaming profile support for all users.

Logon Drive - the drive letter used for the user's network drive on the ClearOS system. This drive maps to the /home/username directory on the ClearOS file system.

Webconfig uses the LDAP Directory transparently for many functions. For the most part, adding users, creating groups, setting passwords or changing information about the server will modify the directory in all the ways you need it to without needing to manually enter records.
Modifying data in your LDAP directory by hand can break functionality of ClearOS and make it unsupportable!
For these examples we will use the following data:
  • Hostname: localhost
  • Base DN: dc=clearos,dc=lan
  • Bind DN: cn=manager,cn=internal,dc=clearos,dc=lan
  • Bind Password: gbGKD86gEWXLYNRm

A simple search will reveal our entire LDAP directory.

ldapsearch -h localhost -b "dc=clearos,dc=lan" \
-D "cn=manager,cn=internal,dc=clearos,dc=lan" \
-s sub "objectclass=*" -x -w gbGKD86gEWXLYNRm

You can also limit the results to include only specific information. For example, the following show all the groups on the system:

ldapsearch -h localhost -b "dc=clearos,dc=lan" \
-D "cn=manager,cn=internal,dc=clearos,dc=lan" \
-s sub "objectclass=GroupOfNames" -x -w gbGKD86gEWXLYNRm

Dominio - Windows 7 modifica Registro

Windows 7 systems can be joined to a ClearOS Domain Controller by changing two registry settings:

  DWORD  DomainCompatibilityMode = 1
  DWORD  DNSNameResolutionRequired = 0

After making the registry change, a reboot is required. Just after you have joined the Windows 7 system to the domain, you will see the following warning message:

Changing the Primary Domain DNS name of this computer to "" failed.
The name will remain "MYDOM".  The error was:

The specified domain either does not exist or could not be contacted