Settings
facileManager has its core settings which can be adjusted and several modules have additional settings specific to the application.
General¶
There are several settings available to set at Settings → General.
The Manage Settings or Super Admin permission is required to change settings.
Authentication¶
There are three types of authentication supported by facileManager:
None
Every user will be automatically logged in as the default super-admin account that was created during the installation process.
Built-in Authentication
Authenticates against the facileManager database using solely the users defined at Admin → Users.
LDAP Authentication
Users are authenticated against a defined LDAP server. Upon success, users are created in the facileManager database using the selected template account for granular permissions within the environment. If no template is selected then user authentication will fail (this is another method of controlling access to facileManager). These users cannot be disabled nor can their passwords be changed within facileManager. The PHP LDAP extensions must be installed before this option is available.
You can reset the authentication method by setting the following in config.inc.php:
define('FM_NO_AUTH', true);
Login Message¶
Define a message to be displayed at login (such as a terms and conditions) and optionally require users to acknowledge the message for authenication to succeed.
Client Registration¶
You can choose to allow clients to automatically register in the database or not during installation.
API Support¶
By enabling API support, users are able to create keypairs to authenticate with through the client scripts. This opens up the ability to make a limited selection of module changes without using the web interface.
SSL¶
You can choose to have facileManager enforce the use of SSL when a user tries to access the web app.
Mailing¶
There are a few things facileManager and its modules may need to send an e-mail about (such as password reset links). These settings allow you to configure the mailing settings to use for your environment and enable/disable mailing altogether.
Proxy Server¶
Set the appropriate configuration if facileManager is behind a proxy server for Internet access.
Date and Time¶
Set your preferred timezone, date format, and time format for facileManager to use throughout all aspects of the app. What you select is how all dates and times will be display including any client configuration files.
Logging Method¶
There are three logging methods supported by facileManager:
Built-in
Events will only be logged in the facileManager database.
syslog
Events will only be logged to syslog.
Built-in + syslog
Events will be logged to facileManager and syslog.
Show Errors¶
Choose whether you want facileManager errors to be displayed as they occur or not. This can be useful if you are having trouble adding or editing objects.
Temporary Directory¶
Periodically facileManager and its modules may need to create temporary files or directories on your webserver. Specify the local path for it to use.
Software Update¶
Choose whether or not facileManager will automatically check for software updates. If you opt in, then you choose the minimum release types to be notified about and the frequency of checks.
SSH Username¶
When servers are configured to receive updates via SSH, this username will be created (if not already present) on your clients and will be used for the client interaction.
SSH Key Pair¶
In order for client configs to be updated via SSH, facileManager needs a 2048-bit passwordless key pair generated. Without this key pair, clients cannot use the SSH update method. Click the 'Generate' button to have facileManager automatically generate the necessary key pair.
Image Branding¶
Add your own image to brand facileManager. This image will be used on the login screen, navigation header, and automated e-mails. You need to manually add it to the document root on the web server and specify the relative URI path.
Enable Maintenance Mode¶
Only users with Super Admin or Module Management privileges are able to authenticate. This is useful during application upgrades.
fmDHCP¶
There are a few settings available at Settings → fmDHCP.
The fmDHCP Manage Settings or Super Admin permission is required to change settings.
Enable dhcpd Checks¶
Default:
disabled
With dhcpd checks enabled, before any server configuration occurs, fmDHCP will parse through the configuration and run dhcpd -t -cf against it. If the configuration has no errors then it will be deployed to the DHCP servers. Otherwise, error messages from the two utilities will be displayed and deployment will stop.
This does require the utility to be installed on the web server and a sudoers entry added allowing the web server user to run it.
sudo apt install dhcpd
sudo yum install dhcpd
Note
The fmDHCP Settings page will show what the sudoers file entry should look like.
fmDNS¶
There are several settings available at Settings → fmDNS.
The fmDNS Manage Settings or Super Admin permission is required to change settings.
Enable named Checks¶
Default:
disabled
With named checks enabled, before any server configuration or zone reload occurs, fmDNS will parse through the configuration and run named-checkconf and/or named-checkzone against it. If the configuration has no errors then it will be deployed to the DNS servers. Otherwise, error messages from the two utilities will be displayed and deployment will stop.
This does require the two utilities to be installed on the web server and a sudoers entry added allowing the web server user to run them.
sudo apt install bind9
sudo yum install bind9
Note
The fmDNS Settings page will show what the sudoers file entry should look like.
Purge Configuration Files¶
Default:
disabled
When enabled, configuration files will be deleted on the DNS servers before building the server config. This can be handy if you want to remove unused files.
Use Defined Keys with rndc¶
Default:
disabled
Use keys defined in named.conf.keys with rndc actions (each server can override this).
Zone Filename Format¶
Default:
db.{ZONENAME}.hosts
The filename structure for the zone files. {ZONENAME} will be replaced with the name of the zone.
Create Reverse Zones Automatically¶
Default:
disabled
While creating A records and choosing to create the associated PTR record, reverse zones can be automatically created if they are missing.
Use DNAME Resource Records for Clones¶
Default:
enabled
When creating cloned zones, use the DNAME resource record rather than a full clone (when available).
Sort Zone Names Hierarchically¶
Default:
disabled
Sort zone names with a hierarchy to group sub-zones together.
For example:
domain.com
bar.domain.com
foo.bar.domain.com
Default DNSSEC Signature Expiry¶
Default:
30
Define the number of days the DNSSEC signatures should be valid for (each zone can override this).
Define URL RR Web Servers¶
Default:
none
This feature will enable the fmDNS URL resource record which allows DNS records to redirect the user to a URL. For example:
foo.bar.com IN URL http://www.foobar.com/some/landing/page.html
List the (public) IP addresses or hostnames the URL RRs should resolve to in order to handle the web redirects (semi-colon or comma delimited).
fmSQLPass¶
There are a few settings available at Settings → fmSQLPass.
The fmSQLPass Manage Settings or Super Admin permission is required to change settings.
Minimum Password Strength¶
Default:
Strong
This setting restricts the new passwords to a minimum strength:
Medium - The password must be at least seven (7) characters long containing letters and numbers.
Strong - The password must be at least eight (8) characters long containing uppercase and lowercase letters, numbers, and special characters ('&', '$', '@', etc.).
Default Username¶
Default:
none
Default database user to login as. This will be overridden if the user is defined at the server level.
Default Password¶
Default:
none
Default database user password to login with. This will be overridden if the password is defined at the server level.
fmWifi¶
There are a few settings available at Settings → fmWifi.
The fmWifi Manage Settings or Super Admin permission is required to change settings.
Include WLAN PSK¶
Default:
disabled
Always include the WLAN PSK even when users are defined.
Use ebtables¶
Default:
enabled
Block clients with ebtables in addition to deny list. The ebtables package is required on the access point (AP) and the AP must be configured as a bridge.
This option is recommended for Raspbian systems.
Note
The ACL functionality of hostapd (macaddr_acl) does not seem to work with Raspbian. Therefore, the use of ebtables is recommended to deny clients.