Configuration Files
Zentyal allows you to configure most common aspects on GUI but there is the possibility to configure specific aspects for some services on files under /etc/zentyal.
The basic instructions for the formatting of these .conf files are contained at the beginning of each file:
# Everything after a '#' character is ignored # # All whitespace is ignored # # Config keys are set this way: # # key = value # # They may contain comments at the end: # # key = value # this is ignored
This is the list of the different per module settings that you could find here:
ASTERISK
/etc/zentyal/asterisk.conf
# additional codecs included for SIP phones. ej: g723,g729, asterisk_additional_codecs = # # DTMF mode asterisk_dtmfmode = auto # # extensions range available for phones, if you edit this you # might have to update extensions.conf stub asterisk_phone_min_extn = 4000 asterisk_phone_max_extn = 7999
CAPTIVEPORTAL
/etc/zentyal/captiveportal.conf
# Uncomment the following line to enable # secondary LDAP configuration: #captive_secondary_ldap = yes
COMMON
/etc/zentyal/zentyal.conf
# user [required]. The user under which Zentyal will run. # It should have enough sudo privileges to perform all needed tasks. user = ebox # # egroup [required]. The group under which Zentyal will run. egroup = ebox # # debug mode [required]. yes|no # Note: In order to take effect, after changing this you need to execute: # /etc/init.d/zentyal apache restart debug = yes # # Dump exceptions on interface # This is useful for developers and is only enabled during beta period #dump_exceptions = yes
CORE
/etc/zentyal/core.conf
# Redis server port # If you change this value, you must manually restart the redis server # in two steps: # $ /etc/init.d/zentyal webadmin restart # write down the new configuration # $ restart ebox.redis # restart the daemon redis_port = 6380 # # Ignore system updates in Dashboard widget #widget_ignore_updates = yes # #Custom prefix for rebranding #custom_prefix = zentyal # # Zentyal desktop services # For changes in this configuration to take effect you must run: # $ /etc/init.d/zentyal webadmin restart # write down the new configuration desktop_services_enabled = yes desktop_services_port = 6895
DNS
/etc/zentyal/dns.conf
# Internal networks allowed to do recursive queries # to eBox DNS caching server. Localnetworks are already # allowed and this settings is intended to allow networks # reachable through static routes. # Example: intnets = 192.168.99.0/24,192.168.98.0/24 intnets = # # This key control the automatic reverse zone generation # Set to 'no' to disable it generate_reverse_zones = yes # # This key defines whether you want to sort the results based on the querying IP # Uncomment it to enable it # sortlist = yes
BACKUP
/etc/zentyal/backup.conf
# Enable ebackup menu (yes or no) ebackup_menu_enabled = yes # # Volume size in Mb (default: 25) # If you are backing up to the local file system: choose 600 or # greater in order to have less files volume_size = 25 # # temporal directory (default: /tmp) temp_dir = /tmp # # archive directory (default: /var/cache/zentyal/duplicity) # if you change this after the first run duplicity will have to recreate # it again from the repository. The old one will not be automatically deleted. archive_dir = /var/cache/zentyal/duplicity # # Retrying configuration # This set of values are set when the uploading is done and some # retries are required to complete the backup # It follows a geometric progression: # timeout_n = initial_value * scale_factor ^ (n-1) # For instance, initial_value = 60s, scale_factor = 2, n_tries = 4 # The backup will be tried 4 times after 60s, 120s, 240s before giving up # This value is set in seconds initial_value=60 scale_factor=2 n_tries=4 # # duplicity timeout # default is 5 minutes, but you can uncomment this and set a different value in seconds #duplicity_timeout = 300 # # scheduled backup priority # it should be a positive integer, range 0-19 # 0 is normal priority, a higher number is _less_ priority ebackup_scheduled_priority=10
FIREWALL
/etc/zentyal/firewall.conf
# Limit of logged packets per minute. iptables_log_limit = 50 # # Burst iptables_log_burst = 10 # # Logs all the drops iptables_log_drops = yes # # Extra iptables modules to load # Each module should be sperated by a comma, you can include module parameters iptables_modules = nf_conntrack_ftp, nf_nat_ftp, nf_conntrack_h323, nf_nat_h323, nf_conntrack_pptp, nf_nat_pptp, nf_conntrack_sip, nf_nat_sip # # Enable source NAT, if your router does NAT you can disable it nat_enabled = yes # # Uncomment the following to show the Rules added by Zentyal services #show_service_rules = yes
IPS
/etc/zentyal/ips.conf
# Set the IPS inline firewall rules position # It is set 'behind' (default), then only accepted input or forwarded traffic # will be analysed. # It is set 'front', all input and forwarded traffic will be analysed. Although, # this second option is more secure, it is high CPU consuming in those # networks with high network traffic. # If you modify this setting, then you must run the following commands # to take effect (Order is important). # $ sudo service zentyal ips restart # $ sudo service zentyal firewall restart # (Disable and enable IPS module is safer to avoid be locked out) # ips_fw_position = front|behind
NETWORK
/etc/zentyal/network.conf
# interfaces to ignore in the interface # (default: sit,tun,tap,lo,irda,ppp,virbr,vboxnet, vnet) ifaces_to_ignore = sit,tun,tap,lo,irda,ppp,virbr,vboxnet,vnet # # If you want to define a custom mtu for any interface # you can use mtu_<interface> = <MTU>. Example: #mtu_eth0 = 1400
OPENVPN
/etc/zentyal/openvpn.conf
# insecure_rip_conf [required]. If set to yes it will enable backwards # compatibility with eBox openVPN which used an insecure ripd configuration. # Do not enable it unless you are sure of what you are doing insecure_rip_conf = no # # Use mssfix to fix MTU discovery problems in some networks with UDP connections # It applies to all VPN clients # Enable it only if you are sure what you're doing # mss_fix = 1300
REMOTESERVICES
/etc/zentyal/remoteservices.conf
# Public DNS server ebox_services_nameserver = ns.cloud.zentyal.com # # Public API rs_api = api.cloud.zentyal.com # # Verify Cloud servers # Values: yes | no rs_verify_servers = yes # # If set to a 'yes' value, the Zentyal QA updates have priority and # other packages sources have the lowest priority and they will not # be used. # If you change this value, you must run the following command: # sudo /usr/share/zentyal-software/rewrite-conf # (Default: yes) qa_updates_exclusive_source = yes # # If set to a 'yes' value if the Zentyal QA updates are used, they will # be automatic to ensure you have always a system updated from a # trusted source. # (Default: yes) qa_updates_always_automatic = yes # # If set to a 'yes' value, the monitoring stats will be sent using the VPN # This method is more secure, but tends to have service interruptions # If you change this value, run /etc/init.d/zentyal monitor restart to get # these changes taken # (Default: no) monitoring_inside_vpn = no
SAMBA
/etc/zentyal/samba.conf
# -- s4sync settings -- s4sync_debug = yes # # -- File server -- # Choose the file server to use. The new 'ntvfs' included # in samba4 or the old 's3fs' from samba3. Printers and # vfs plugins such recycle bin, audit or antivirus will not # work if you choose 'ntvfs'. # values: ntvfs | s3fs samba_fs = s3fs # # -- Recycle Bin settings -- # Name of the recycle bin directory # If a full path like /tmp/foo is entered, # the same Recycle Bin will be used for all the shares repository = RecycleBin # # Permissions of the recycle bin directory directory_mode = 0700 # # Keep directory structure keeptree = Yes # # Keep copies if a file is deleted more than once versions = Yes # Specifies whether a file's access date should be updated # when the file is moved to the repository. #touch = Yes # # Files that are smaller than the number of bytes # specified by this parameter will not be put into # the repository. #minsize = 0 # # Files that are larger than the number of bytes # specified by this parameter will not be put into # the Recycle Bin. (0 = disabled) maxsize = 0 # # List of files that should not be stored when deleted, # but deleted in the regular way. #exclude = *.tmp|*.temp # # When files from these directories are deleted, # they are not put into the recycle bin but are deleted # in the regular way. excludedir = /tmp|/var/tmp # # Specifies a list of paths # (wildcards such as * and ? are supported) # for which no versioning should be used. # Only useful when versions is enabled. #noversions = *.foo|*.bar # # -- End of Recycle Bin settings -- # # -- antivirus settings -- # # Whether sockets, devices and fifo's (all not scanned for viruses) should be visible to the user show_special_files = True # # Whether files that are not visible (.scanned: files, .failed: files and .virus: files) # should be deleted if the user tries to remove the directory. If false, the user will # get the "directory is not empty" error. rm_hidden_files_on_rmdir = True # # If false, all non-scanned files are visible in directory listings. If such files are found in a # directory listing the scanning daemon is notified that scanning is required. Access to non-scanned # files is still denied (see allow_nonscanned_files). hide_nonscanned_files = False # # If non-scanned files are hidden (if scannedonly:hide_nonscanned_files = True), a fake 0 byte file # is shown. The filename is the original filename with the message as suffix. scanning_message = is being scanned for viruses # # If a non-scanned file is opened, the vfs module will wait recheck_tries_open times for # recheck_time_open milliseconds for the scanning daemon to create a .scanned: file. For # small files that are scanned by the daemon within the time (tries * time) the behavior # will be just like on-access scanning. recheck_time_open = 50 # # See recheck_time_open. recheck_tries_open = 100 # # If a non-scanned file is in a directory listing the vfs module notifies the daemon (once # for all files that need scanning in that directory), and waits recheck_tries_readdir times # for recheck_time_readdir milliseconds. Only used when hide_nonscanned_files is false. recheck_time_readdir = 50 # # See recheck_time_readdir. recheck_tries_readdir = 20 # # Allow access to non-scanned files. The daemon is notified, however, and special files such # as .scanned: files. .virus: files and .failed: files are not listed. allow_nonscanned_files = False # # Number of threads used to scan files scanning_threads = 4 # # -- End of antivirus settings -- # # Listen on external interfaces listen_external = no # # Show in the UI the textbox to choose the site where # the server should be added when joining a domain show_site_box = no # # Uncomment this if you want to set ACLs manually and avoid # Zentyal to overwrite them #unmanaged_acls = yes # # Uncomment this if you want to sync also users with a disabled account #sync_disabled_users = yes # # Disable full audit logging # Allowed values = [yes|no] # Default value = no # If you want to disable full audit, then uncomment next option #disable_fullaudit = yes # # This is a temporary workaround for these Samba 4 bugs: # https://bugzilla.samba.org/show_bug.cgi?id=9866 # https://bugzilla.samba.org/show_bug.cgi?id=9867 # Uncomment this if you have guest shares enabled and want to join # Windows Vista computers to the domain. Please note that completely # anonymous share access will not work if you don't provide any valid # domain credentials, but at least you will be able to join. #join_vista_with_guest_shares = yes # # Uncomment this if you want to skip setting the home directory of the # users while saving changes #unmanaged_home_directory = yes
/etc/zentyal/s4sync-groups.ignore List of Samba Groups that won't be imported into LDAP
/etc/zentyal/sids-to-hide.regex List of SID's (in regular expressions) that will be hidden
SQUID
/etc/zentyal/squid.conf
# cache_mem [required]. Amount of memory to be used by squid (in MB) cache_mem = 128 # # maximum_object_size [required]. Maximum object size to be cached (in MB) maximum_object_size = 300 # # max_fd if this value set the maximum number of file descriptors wil be # increased if needed at squid's start. If not set it will not be changed. #max_fd= 167140 # group = proxy # ## Performance tuning ## # do not change if you really know what are you doing # DansGuardian parameters maxchildren = 120 minchildren = 8 minsparechildren = 4 preforkchildren = 6 maxsparechildren = 32 maxagechildren = 500 # # load url lists from categorized lists, since they use a url_regex ACL type # you can disable them in low-memory systems load_url_lists = yes # # TAG: Authentication mode # key: auth_mode # This key controls the authentication mode for squid. When set to internal, # squid autheticate against the Zentyal internal LDAP, when set to external_ad, # squid authenticate users against an external Active Directory. # values: # - internal # - external_ad (only for enterprise edition) auth_mode = internal # # key: auth_ad_skip_system_groups # When using external active directory auth dont allow ACLs # with groups that has the attribute 'isSystemCriticalObject' set (almost all built-in) auth_ad_skip_system_groups = no # # key: auth_ad_acl_ttl # TTL in seconds for ACL cached results. auth_ad_acl_ttl = 3600
TRAFFICSHAPING
/etc/zentyal/trafficshaping.conf - configuration file for zentyal-trafficshaping
# R2Q value for guaranteed valid values range. The values are # calculated as follows: # # Maximum: 60000 * r2q * 8 / 1000 # Minimum: MTU * r2q * 8 / 1000 # # More info at: http://www.docum.org/docum.org/faq/cache/31.html r2q = 5
USERCORNER
/etc/zentyal/usercorner.conf - configuration file for zentyal-usercorner
# user corner redis server port redis_port_usercorner = 6381
USERS
/etc/zentyal/users.conf
# supported paswords formats: sha1, md5, lm, nt, digest (base64) and realm (hex) # whether to create user homes or not mk_home = yes # # default mode for home directory (umask mode) dir_umask = 0077 # # enable quota support enable_quota = yes # # synchronization frequency with LDAP slaves slave_time = 5
VIRT
/etc/zentyal/virt.conf
# VNC keymap: uncomment this to force a keymap for VNC sessions # otherwise it will be autodetected using the $LANG variable # Valid keymap names can be found under /usr/share/qemu/keymaps/* #vnc_keymap = en-us # # Uncomment this to use always IDE disks instead of SCSI ones # this key only applies to virtual machine with system operative set to 'Other' #use_ide_disks = yes # # View Console size # You can customize the width and height of the built-in VNC console # that appears on the Zentyal interface # Default size: 800x600 view_console_width = 800 view_console_height = 600 # # System user who will run the virtualbox machines vm_user = ebox # # Starting VNC port (they will be assigned sequentially) first_vnc_port = 5900 # # Maximum number of virtual machines, this also affect the number of ports # reserved for VNC connection vm_max = 32 # # If you want to customize the VNC passwords instead of having # the default autogenerated ones you just need to edit the # /var/lib/zentyal/conf/vnc-passwd file, which has the following # syntax: # # <machine1>:<pass1> # <machine2>:<pass2> # ... # # Example: # # winxp:3uDwdDPzY # ubuntu-desktop:VKtKzejl7 # # After editing it, make sure you set the proper permissions: # # chown ebox:ebox /var/lib/zentyal/conf/vnc-passwd # chmod 600 /var/lib/zentyal/conf/vnc-passwd
ZARAFA
/etc/zentyal/zarafa.conf
# where to store mail attachments: database | files zarafa_attachment_storage = files # # path where to store attachments if set to files zarafa_attachment_path = /var/lib/zarafa # # allow users send mail from other address different than their: no | yes zarafa_always_send_delegates = no # # use zarafa-indexer zarafa_indexer = no # # manage zarafa-licensed (needs zarafa-licensed package installed) zarafa_licensed = no # # enable hosted zarafa # note: this is not compatible with sso zarafa_enable_hosted_zarafa = no