
Configuration Files

From Zentyal Linux Small Business Server
Jump to: navigation, search

Zentyal allows you to configure most common aspects on GUI but there is the possibility to configure specific aspects for some services on files under /etc/zentyal.

The basic instructions for the formatting of these .conf files are contained at the beginning of each file:

# Everything after a '#' character is ignored
# All whitespace is ignored
# Config keys are set this way:
# key = value
# They may contain comments at the end:
# key = value # this is ignored

This is the list of the different per module settings that you could find here:



# additional codecs included for SIP phones. ej: g723,g729,
asterisk_additional_codecs =
# DTMF mode
asterisk_dtmfmode = auto
# extensions range available for phones, if you edit this you
# might have to update extensions.conf stub
asterisk_phone_min_extn = 4000
asterisk_phone_max_extn = 7999



# Uncomment the following line to enable
# secondary LDAP configuration:
#captive_secondary_ldap = yes



# user [required]. The user under which Zentyal will run.
# It should have enough sudo privileges to perform all needed tasks.
user = ebox
# egroup [required]. The group under which Zentyal will run.
egroup = ebox
# debug mode [required]. yes|no
# Note: In order to take effect, after changing this you need to execute:
# /etc/init.d/zentyal apache restart
debug = yes
# Dump exceptions on interface
# This is useful for developers and is only enabled during beta period
#dump_exceptions = yes



# Redis server port
# If you change this value, you must manually restart the redis server
# in two steps:
# $ /etc/init.d/zentyal webadmin restart # write down the new configuration
# $ restart ebox.redis # restart the daemon
redis_port = 6380
# Ignore system updates in Dashboard widget
#widget_ignore_updates = yes
#Custom prefix for rebranding
#custom_prefix = zentyal
# Zentyal desktop services
# For changes in this configuration to take effect you must run:
# $ /etc/init.d/zentyal webadmin restart # write down the new configuration
desktop_services_enabled = yes
desktop_services_port = 6895



# Internal networks allowed to do recursive queries
# to eBox DNS caching server. Localnetworks are already
# allowed and this settings is intended to allow networks
# reachable through static routes.
# Example: intnets =,
intnets =
# This key control the automatic reverse zone generation
# Set to 'no' to disable it
generate_reverse_zones = yes
# This key defines whether you want to sort the results based on the querying IP
# Uncomment it to enable it
# sortlist = yes



# Enable ebackup menu (yes or no)
ebackup_menu_enabled = yes
# Volume size in Mb (default: 25)
# If you are backing up to the local file system: choose 600 or
# greater in order to have less files
volume_size = 25
# temporal directory (default: /tmp)
temp_dir = /tmp
# archive directory (default: /var/cache/zentyal/duplicity)
# if you change this after the first run duplicity will have to recreate
# it again from the repository. The old one will not be automatically deleted.
archive_dir = /var/cache/zentyal/duplicity
# Retrying configuration
# This set of values are set when the uploading is done and some
# retries are required to complete the backup
# It follows a geometric progression:
# timeout_n = initial_value * scale_factor ^ (n-1)
# For instance, initial_value = 60s, scale_factor = 2, n_tries = 4
# The backup will be tried 4 times after 60s, 120s, 240s before giving up
# This value is set in seconds
# duplicity timeout
# default is 5 minutes, but you can uncomment this and set a different value in seconds
#duplicity_timeout = 300
# scheduled backup priority
# it should be a positive integer, range 0-19
# 0 is normal priority, a higher number is _less_ priority



# Limit of logged packets per minute.
iptables_log_limit = 50
# Burst
iptables_log_burst = 10
# Logs all the drops
iptables_log_drops = yes
# Extra iptables modules to load
# Each module should be sperated by a comma, you can include module parameters
iptables_modules = nf_conntrack_ftp, nf_nat_ftp, nf_conntrack_h323, nf_nat_h323, nf_conntrack_pptp, nf_nat_pptp, nf_conntrack_sip, nf_nat_sip
# Enable source NAT, if your router does NAT you can disable it
nat_enabled = yes
# Uncomment the following to show the Rules added by Zentyal services
#show_service_rules = yes



# Set the IPS inline firewall rules position
# It is set 'behind' (default), then only accepted input or forwarded traffic
# will be analysed.
# It is set 'front', all input and forwarded traffic will be analysed. Although,
# this second option is more secure, it is high CPU consuming in those
# networks with high network traffic.
# If you modify this setting, then you must run the following commands
# to take effect (Order is important).
# $ sudo service zentyal ips restart
# $ sudo service zentyal firewall restart
# (Disable and enable IPS module is safer to avoid be locked out)
# ips_fw_position = front|behind



# interfaces to ignore in the interface
# (default: sit,tun,tap,lo,irda,ppp,virbr,vboxnet, vnet)
ifaces_to_ignore = sit,tun,tap,lo,irda,ppp,virbr,vboxnet,vnet
# If you want to define a custom mtu for any interface
# you can use mtu_<interface> = <MTU>. Example:
#mtu_eth0 = 1400



# insecure_rip_conf [required]. If set to yes it will enable backwards
# compatibility with eBox openVPN which used an insecure ripd configuration.
# Do not enable it unless you are sure of what you are doing
insecure_rip_conf = no
# Use mssfix to fix MTU discovery problems in some networks with UDP connections
# It applies to all VPN clients
# Enable it only if you are sure what you're doing
# mss_fix = 1300



# Public DNS server
ebox_services_nameserver = ns.cloud.zentyal.com
# Public API
rs_api = api.cloud.zentyal.com
# Verify Cloud servers
# Values: yes | no
rs_verify_servers = yes
# If set to a 'yes' value, the Zentyal QA updates have priority and
# other packages sources have the lowest priority and they will not
# be used.
# If you change this value, you must run the following command:
# sudo /usr/share/zentyal-software/rewrite-conf
# (Default: yes)
qa_updates_exclusive_source = yes
# If set to a 'yes' value if the Zentyal QA updates are used, they will
# be automatic to ensure you have always a system updated from a
# trusted source.
# (Default: yes)
qa_updates_always_automatic = yes
# If set to a 'yes' value, the monitoring stats will be sent using the VPN
# This method is more secure, but tends to have service interruptions
# If you change this value, run /etc/init.d/zentyal monitor restart to get
# these changes taken
# (Default: no)
monitoring_inside_vpn = no



# -- s4sync settings --
s4sync_debug = yes
# -- File server --
# Choose the file server to use. The new 'ntvfs' included
# in samba4 or the old 's3fs' from samba3. Printers and
# vfs plugins such recycle bin, audit or antivirus will not
# work if you choose 'ntvfs'.
# values: ntvfs | s3fs
samba_fs = s3fs
# -- Recycle Bin settings --
# Name of the recycle bin directory
# If a full path like /tmp/foo is entered,
# the same Recycle Bin will be used for all the shares
repository = RecycleBin
# Permissions of the recycle bin directory
directory_mode = 0700
# Keep directory structure
keeptree = Yes
# Keep copies if a file is deleted more than once
versions = Yes
# Specifies whether a file's access date should be updated
# when the file is moved to the repository.
#touch = Yes
# Files that are smaller than the number of bytes
# specified by this parameter will not be put into
# the repository.
#minsize = 0
# Files that are larger than the number of bytes
# specified by this parameter will not be put into
# the Recycle Bin. (0 = disabled)
maxsize = 0
# List of files that should not be stored when deleted,
# but deleted in the regular way.
#exclude = *.tmp|*.temp
# When files from these directories are deleted,
# they are not put into the recycle bin but are deleted
# in the regular way.
excludedir = /tmp|/var/tmp
# Specifies a list of paths
# (wildcards such as * and ? are supported)
# for which no versioning should be used.
# Only useful when versions is enabled.
#noversions = *.foo|*.bar
# -- End of Recycle Bin settings --
# -- antivirus settings --
# Whether sockets, devices and fifo's (all not scanned for viruses) should be visible to the user
show_special_files = True
# Whether files that are not visible (.scanned: files, .failed: files and .virus: files)
# should be deleted if the user tries to remove the directory. If false, the user will
# get the "directory is not empty" error.
rm_hidden_files_on_rmdir = True
# If false, all non-scanned files are visible in directory listings. If such files are found in a
# directory listing the scanning daemon is notified that scanning is required. Access to non-scanned
# files is still denied (see allow_nonscanned_files).
hide_nonscanned_files = False
# If non-scanned files are hidden (if scannedonly:hide_nonscanned_files = True), a fake 0 byte file
# is shown. The filename is the original filename with the message as suffix.
scanning_message = is being scanned for viruses
# If a non-scanned file is opened, the vfs module will wait recheck_tries_open times for
# recheck_time_open milliseconds for the scanning daemon to create a .scanned: file. For
# small files that are scanned by the daemon within the time (tries * time) the behavior
# will be just like on-access scanning.
recheck_time_open = 50
# See recheck_time_open.
recheck_tries_open = 100
# If a non-scanned file is in a directory listing the vfs module notifies the daemon (once
# for all files that need scanning in that directory), and waits recheck_tries_readdir times
# for recheck_time_readdir milliseconds. Only used when hide_nonscanned_files is false.
recheck_time_readdir = 50
# See recheck_time_readdir.
recheck_tries_readdir = 20
# Allow access to non-scanned files. The daemon is notified, however, and special files such
# as .scanned: files. .virus: files and .failed: files are not listed.
allow_nonscanned_files = False
# Number of threads used to scan files
scanning_threads = 4
# -- End of antivirus settings --
# Listen on external interfaces
listen_external = no
# Show in the UI the textbox to choose the site where
# the server should be added when joining a domain
show_site_box = no
# Uncomment this if you want to set ACLs manually and avoid
# Zentyal to overwrite them
#unmanaged_acls = yes
# Uncomment this if you want to sync also users with a disabled account
#sync_disabled_users = yes
# Disable full audit logging
# Allowed values = [yes|no]
# Default value = no
# If you want to disable full audit, then uncomment next option
#disable_fullaudit = yes
# This is a temporary workaround for these Samba 4 bugs:
# https://bugzilla.samba.org/show_bug.cgi?id=9866
# https://bugzilla.samba.org/show_bug.cgi?id=9867
# Uncomment this if you have guest shares enabled and want to join
# Windows Vista computers to the domain. Please note that completely
# anonymous share access will not work if you don't provide any valid
# domain credentials, but at least you will be able to join.
#join_vista_with_guest_shares = yes
# Uncomment this if you want to skip setting the home directory of the
# users while saving changes
#unmanaged_home_directory = yes

/etc/zentyal/s4sync-groups.ignore List of Samba Groups that won't be imported into LDAP

/etc/zentyal/sids-to-hide.regex List of SID's (in regular expressions) that will be hidden



# cache_mem [required]. Amount of memory to be used by squid (in MB)
cache_mem = 128
# maximum_object_size [required]. Maximum object size to be cached (in MB)
maximum_object_size = 300
# max_fd if this value set the maximum number of file descriptors wil be
# increased if needed at squid's start. If not set it will not be changed.
#max_fd= 167140
group = proxy
## Performance tuning ##
# do not change if you really know what are you doing
# DansGuardian parameters
maxchildren = 120
minchildren = 8
minsparechildren = 4
preforkchildren = 6
maxsparechildren = 32
maxagechildren = 500
# load url lists from categorized lists, since they use a url_regex ACL type
# you can disable them in low-memory systems
load_url_lists = yes
# TAG: Authentication mode
# key: auth_mode
# This key controls the authentication mode for squid. When set to internal,
# squid autheticate against the Zentyal internal LDAP, when set to external_ad,
# squid authenticate users against an external Active Directory.
# values:
# - internal
# - external_ad (only for enterprise edition)
auth_mode = internal
# key: auth_ad_skip_system_groups
# When using external active directory auth dont allow ACLs
# with groups that has the attribute 'isSystemCriticalObject' set (almost all built-in)
auth_ad_skip_system_groups = no
# key: auth_ad_acl_ttl
# TTL in seconds for ACL cached results.
auth_ad_acl_ttl = 3600


/etc/zentyal/trafficshaping.conf - configuration file for zentyal-trafficshaping

# R2Q value for guaranteed valid values range. The values are
# calculated as follows:
# Maximum: 60000 * r2q * 8 / 1000
# Minimum: MTU * r2q * 8 / 1000
# More info at: http://www.docum.org/docum.org/faq/cache/31.html
r2q = 5


/etc/zentyal/usercorner.conf - configuration file for zentyal-usercorner

# user corner redis server port
redis_port_usercorner = 6381



# supported paswords formats: sha1, md5, lm, nt, digest (base64) and realm (hex)
# whether to create user homes or not
mk_home = yes
# default mode for home directory (umask mode)
dir_umask = 0077
# enable quota support
enable_quota = yes
# synchronization frequency with LDAP slaves
slave_time = 5



# VNC keymap: uncomment this to force a keymap for VNC sessions
# otherwise it will be autodetected using the $LANG variable
# Valid keymap names can be found under /usr/share/qemu/keymaps/*
#vnc_keymap = en-us
# Uncomment this to use always IDE disks instead of SCSI ones
# this key only applies to virtual machine with system operative set to 'Other'
#use_ide_disks = yes
# View Console size
# You can customize the width and height of the built-in VNC console
# that appears on the Zentyal interface
# Default size: 800x600
view_console_width = 800
view_console_height = 600
# System user who will run the virtualbox machines
vm_user = ebox
# Starting VNC port (they will be assigned sequentially)
first_vnc_port = 5900
# Maximum number of virtual machines, this also affect the number of ports
# reserved for VNC connection
vm_max = 32
# If you want to customize the VNC passwords instead of having
# the default autogenerated ones you just need to edit the
# /var/lib/zentyal/conf/vnc-passwd file, which has the following
# syntax:
# <machine1>:<pass1>
# <machine2>:<pass2>
# ...
# Example:
# winxp:3uDwdDPzY
# ubuntu-desktop:VKtKzejl7
# After editing it, make sure you set the proper permissions:
# chown ebox:ebox /var/lib/zentyal/conf/vnc-passwd
# chmod 600 /var/lib/zentyal/conf/vnc-passwd



# where to store mail attachments: database | files
zarafa_attachment_storage = files
# path where to store attachments if set to files
zarafa_attachment_path = /var/lib/zarafa
# allow users send mail from other address different than their: no | yes
zarafa_always_send_delegates = no
# use zarafa-indexer
zarafa_indexer = no
# manage zarafa-licensed (needs zarafa-licensed package installed)
zarafa_licensed = no
# enable hosted zarafa
# note: this is not compatible with sso
zarafa_enable_hosted_zarafa = no


Personal tools


Zentyal Wiki

Zentyal Doc