PhpWiki - SME Server Announce v5.0

SME Server 5.0

Release notes - Aug 22, 2001 The Network Server Solutions Group of Mitel Networks is pleased to announce the availability of SME Server V5.

This release includes many package updates, and some new features.

This release is also available as a bundled solution with network-delivered services, SME Server V5 with ServiceLink. For more information see http://www.e-smith.com/solutions/

General

The server-software product name has changed from "e-smith Server and Gateway" to "SME Server V5"
Existing e-smith version 4 servers can be upgraded to SME Server V5

Documentation

The user manual is available in the Documentation directory of the CD image in Adobe Portable Document Format (PDF) and Windows HTML help file (CHM) formats
The manual is also available online at http://www.e-smith.org/docs/manual/

Installation

The user is required to accept the license conditions before installing the software. This license is also available in the LICENSE file on the CDROM

Console

A new mode "Private server and gateway" has been added which allows the administrator to disable external access to HTTP, SMTP, IDENT. In this mode the server also does not respond to external ICMP ECHO requests
The "Server-only, no Internet access" option has been removed as it was redundant. This mode can be selected by choosing "Server-only" mode and then specifying a null (empty) gateway address
The Hard drive optimization screen has been removed because of reliability problems. This feature is also disabled automatically on upgrades

Server manager

The appearance of the manager is changed to reflect the new product name and new corporate identity
The web manager is now accessible via SSL from all local networks
The manager may now be accessed using the URLs "https://www/server-manager/" or "http://www/server-manager/"
The user password panel may now be accessed using the URLs "https://www/user-password/" or "http://www/user-password/"
The URLs used for these features used in previous releases ("http://www/e-smith-manager" and "http://www/e-smith-password") are still supported. The https variants of these URLs are now also supported

Blades

A new blades subsystem has been added to allow simplified installation and upgrade of software

View log files

A new web panel has been added to allow all system log files to be viewed and searched

Backup and restore

A "Verify desktop backup file" option has been added. This feature provides a list of all files contained in a desktop backup file
The desktop backup option now uses the gzipped tar format, resulting in significantly smaller backup files. Restoring from the previous format is supported
The restore from desktop backup file option executes more quickly and requires less free space on the server

Remote access

The Administrative command line access over Telnet option has been removed from the manager panel. This option can still be configured in the configuration database, but is not recommended and will be removed in future releases

IP Masquerading

The quake and IPSEC masquerade modules are no longer loaded by default. Masquerading of these protocols through the gateway will require command line configuration changes

Third party package updates

This release is based on RedHat 7.1 and includes all relevant updates
Linux kernel 2.2.19-7.0.8 is installed. This kernel was released by RedHat, inc. as the latest update for RedHat 7.0 and has been chosen for its reliability, security and known hardware compatibility
The webmail packages has been upgraded to imp-2.2.6 and horde-1.2.6
Openssh has been upgraded to openssh-2.9

For a detailed list of package changes, please see the CHANGES file

Detailed package changes - Aug 22, 2001

General

The Copyright: and Vendor: tags of all e-smith-xxxx RPMS is set to "Mitel Networks Corporation"
All e-smith-xxxx RPMS which are licensed under the GPL are marked as such in the License: tag of the RPMS, and include the GPL "COPYING" file

New packages e-smith-support

Contains manager title bar image and support details

e-smith-viewlogfiles

Adds a new panel which allows viewing of log files

e-smith-qmail

Basic qmail configuration split from e-smith-email

e-smith-manager

Server manager configuration split from e-smith-base

e-smith-blades

New blades infrastructure for web-based module installs and upgrades

e-smith-daemontools

Basic daemontools configuration split from e-smith-base

Updated packages e-smith-LPRng

Cosmetic changes to web panel
Fix to printer-delete script - print spools for deleted printers are now correctly deleted

e-smith-backup

Addition of "Verify Desktop Backup" feature
Text changes and branding changes of web panel
Change desktop backup file format to gzipped tar, rather than uuencoded
Previous format still supported for restore and verify
Removed use of redundant temporary file when doing desktop restore or verify

e-smith-base

Added "Private server and gateway" which disables external access to HTTP, SMTP, IDENT and ICMP ECHO
Removed "server-only - No Internet access" option as this can be achieved by choosing server-only without specifying a gateway address
Update masq code so that "masq stop" in serveronly mode sets the input policy to "ACCEPT". This allows PPTP termination in server-only mode
Changed default Samba server string, and allow it to be modified using the ServerString property of the smb service
Separated calculation and output of hosts allow in smb.conf
Templated /etc/sysctl.conf, and enable ip forwarding
Added restart-masq action to bootstrap-console-save event
Added conf-modules action to post-install event
Removed hdparm option from console and disable it on upgrades
Use /etc/rc6.d and /etc/rc7.d rather than /etc/rc.d/rcx.d directories
Added conf-masq action to post-install and post-upgrade, so that script exists when it is required
Delay restart of web server until after HTML is displayed, when creating, modifying or deleting a virtual domain. Do this by removing restart-httpd-full from the event direcetories, and running the action after the text is displayed by showInitial(). Add some text to inform the user that the web server is being restarted
Change e-smith-common to allow access from from all locations
Deny access to PHP files if Dynamic Content is not enabled for a particular i-bay
Reserve server-manager, user-password and server-manual URL names
Fix e-smith-manager permissions so that only "admin" can access
Fix Samba permissions on Primary so that setgid is preserved
Add script to post-upgrade action to fix permissions on Primary i-bay
Move masq script from S82 to S06, so that it runs before network interfaces are brought up (by networks, diald, or pppoe)
Removed remnants of telnet PermitRootLogin from remoteaccess panel
Telnet access as root is now disabled, and can only be set directly in the configuration database
Add script which ensures correct initialization of smbpasswd file
Warn when accounts entries don't match the expected type
Fix code in init-accounts which checks 'type' for expected system accounts
Mark existing /etc/passwd accounts as "existing", not "system"
Changes to panels and console to use a trailing slash (/) on all urls as part of marketing/branding standards
Fix setup of new account entries in smbpasswd file
Change default "os level" if DomainMaster is set, using OsLevel property of the smb service if that is set, otherwise use 65
Lists of valid users are generated in /etc/e-smith/pam for use by various services
Do not chown files to the group user of an i-bay when modifying an i-bay with wr-group-rd-group permission.

e-smith-boot-image

Updated for V5 boot image

e-smith-devtools

Add a list of directories to omit from filelists in e-smith RPMs
Fix specifications for permissions and ownership of admin and admin/home

e-smith-dynamicdns-*

Rebuilt using latest e-smith-devtools

e-smith-email

Security fixes in the invocation of fetchmail and permission of fetchmail configuration files
Execute fetchmail as a user with restricted privileges, i.e. as qmailr
Change qmail start file from qmail.init to qmail

e-smith-flexbackup

Rebuilt using latest e-smith-devtools

e-smith-horde

Concurrency fix
Factor out code for initialising horde tables - this is now done by placing symlink to SQL script into /etc/e-smith/sql/init/

e-smith-hosts

New default for LocalDomainPrefix is march-networks.
Panel reworked to split into aliases for this server, local and remote hosts
New properties for /home/e-smith/hosts entries
Hosts entries now stored as fully qualified domain names in all instances
Hosts entries can be nominated as static, so can't be modified in the panel
Static DHCP template checks that both IP address and MACAddress are set

e-smith-imp

Addition of support for an alternative path to be used for the sendmail program used to inject email

e-smith-ipmasq

Don't load ip_masq_quake by default
Don't load ip_masq_ipsec by default
Accept IKE packets if doing ipsec masquerading

e-smith-ldap

Use perl module API to add/delete/search ldap data, rather than external programs
Schema changes in order to allow use of openldap version 2
Run LDAP daemon as user ldap
Use much stronger LDAP password
After changing LDAP settings, defer restarting of web server until after generation of result page HTML

e-smith-lib

Fixed db_get_prop to return empty list if no $prop or $val
Remove legacy accounts db checking code from cgi.pm
Restrict read permission on config dbs to root user only
Take precaution that processes which cannot read a config db cannot write a replacement one
Choose much stronger LDAP/MySQL password
Remove duplicated pcitable - we now use only the kudzu supplied one
Add esmith::util::computeHostsAllowSpec()
Add esmith::util::computeNetmaskFromBits()
Add esmith::util::getLicenses()
Add optional $access parameter to esmith::util::computeLocalAccessSpec()
Add l10N glue
Add esmith::event perl module
Add signal-event program, a wrapper for esmith::event::event_signal function
Expand each template in a unique perl namespace, as a precaution against leftover variable values
Make '$confref' available to all templates, for use in, e.g. db_getxxx() function calls
Include "use esmith::db" implicitly in all templates
Change semantics of serviceControl() so that "enable" and "enabled" are interpreted equally, as are "disable" and "disabled". This allows the calling code to be simpler

e-smith-lilo

/etc/lilo.conf is now templated

e-smith-mod_ssl

Added support for "user-account" and "server-manager" URLs
Don't attempt to generate a certificate in post-{install,upgrade}

e-smith-mysql

Add mysql.init and mysql-preload scripts to facilitate auto initialisation of mysql databases by packages
Fix uninitialised variable problem in masq fragment
Fix concurrency problems

e-smith-named

Split localDomains calculation out of 60domains, and into 01localDomains
Templates updated to handle new hosts database format
Commented out harmful useradd in %pre section of spec - done in actions

e-smith-netatalk

The Appletalk share name of an i-bay is changed from the description text of the i-bay to the i-bay name. This is consistent Samba and avoids problems with long descriptions

e-smith-netlogon

Eliminate an undefined variable error at post-install time

e-smith-ntp

Minor layout changes in panel
Concurrency fixes

e-smith-obtuse-smtpd

Removed links from deprecated post-restore event

e-smith-openssh

Template fragments and action for /root/.ssh/config
Latest openssh RPM doesn't have reload action, so now using restart. This does not affect running connections
Check "access" property of sshd service in filters
Explicitly disable ChallengeResponseAuthentication and

KbdInteractiveAuthentication
Added SSH protocol V2 HostKey lines for ssh_host_rsa_key/ssh_host_dsa_key
Enabled sftp subsystem with correct path to sftp-server
Added links to /usr/libexec and /usr/local/libexec to enable

sftp for more client systems under protocol V1
Added MaxStartups configuration

e-smith-packetfilter

Fixed multicast filter match
Added Stealth property to masq service, defaulting to "no". If set to "yes", external ICMP echo packets are ignored
Set rp_filter to 0 for 'default' and 'all' interfaces, explicitly set it to 1 for eth0, eth1

e-smith-php

Load PHP modules late, not first. This corrects a compatibility problem with RedHat 7.1 RPMS

e-smith-pptpd

Don't check for /var/lock/subsys/pptpd - pptp is managed by init and this lock file will not always be created
Only advertise WINS address if configured as Samba Domain Master
Fixed problem in dhcpd.conf template with non C class addresses

e-smith-proftpd

Removed links from deprecated post-restore event
Make use of /etc/e-smith/pam/accounts.deny as template for /etc/ftpusers

e-smith-proxy

Add template fragments to make sure that webdav protocols are not requested via an upstream cache
Break template-begin for squid.conf into fragments
Change acl name of localhost into localsrc, and change all references to it
Add acl of localdst for all local destinations. In future we should point client browsers directly at local web servers
Set "nobody@your.domain.name" as the password when squid does anonymous ftp
Set "admin@your.domain.name" as the email address for contact about any cache issues.

e-smith-qmailanalog

Minor grammatical changes to panel
Now handles multilog files instead of older cyclog files
Adds qmail-qstat and qmail-qread to reports

e-smith-reinstall-floppy

Place current /etc/motd on floppy, not a static string
Pass lilo AddressMode down to floppy, defaulting to linear

e-smith-release

Changed build process so that GPL2.tgz is used to contain the standard COPYING file, and we don't need to roll a new tarball for each release
Add Obsoletes: header to force removal of redhat-release and redhat-logos
Generate and use /etc/e-smith-release

e-smith-rp-pppoe

Remove template-begin and template-end fragments of pppoe.conf
Add 30boot containing 'BOOT=yes' for latest rp-pppoe

e-smith-telnet

Rebuilt with new e-smith-devtools

e-smith-wu-imap

Rebuilt with new e-smith-devtools

Back to the Documentation