Diferencia entre revisiones de «GOsa»
De gacq wiki
(→GOsa installation for Debian Lenny) |
(→References) |
||
(No se muestran 60 ediciones intermedias del mismo usuario) | |||
Línea 1: | Línea 1: | ||
− | + | ;Guide under development | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | This guide apply for Debian Lenny. See also [[GOsa on CentOS]] | |
− | + | = Installation = | |
+ | == Installation using packages == | ||
+ | === GOsa 2.5 === | ||
+ | <pre> | ||
+ | aptitude install gosa gosa-schema | ||
</pre> | </pre> | ||
− | |||
− | |||
− | |||
<pre> | <pre> | ||
Línea 21: | Línea 16: | ||
</pre> | </pre> | ||
− | ; | + | === GOsa 2.6 === |
− | + | ;/etc/apt/sources.list | |
+ | <pre> | ||
+ | deb http://oss.gonicus.de/pub/gosa/ debian-etch/ | ||
+ | </pre> | ||
+ | |||
+ | <pre> | ||
+ | aptitude update | ||
+ | aptitude install gosa | ||
+ | </pre> | ||
+ | |||
+ | == Installation using subversion repository == | ||
+ | <pre> | ||
+ | aptitude install subversion | ||
+ | cd /tmp | ||
+ | svn co https://oss.gonicus.de/repositories/gosa/trunk gosa-trunk | ||
+ | mv /tmp/gosa-trunk/gosa-all/gosa /usr/share/ | ||
+ | mkdir /etc/ldap/schema/gosa | ||
+ | cp /usr/share/gosa/contrib/openldap/*.schema /etc/ldap/schema/gosa | ||
+ | </pre> | ||
− | + | <pre> | |
+ | cd /usr/share/gosa | ||
+ | ./update-gosa | ||
+ | </pre> | ||
− | = | + | == Installation from subversion repository == |
− | openssl | + | ;Requisites |
+ | <pre> | ||
+ | aptitude install libgtk2.0-common libatk1.0-0 libts-0.0-0 ttf-dejavu-core \ | ||
+ | libxfixes3 apache2-utils libxcb-render-util0 liblcms1 libdjvulibre21 libwmf0.2-7 \ | ||
+ | djvulibre-desktop libilmbase6 ttf-dejavu-extra libpixman-1-0 php5 libmagick10 \ | ||
+ | openssl-blacklist libgomp1 libcairo2 libfontconfig1 fontconfig-config \ | ||
+ | libpango1.0-common apache2-mpm-prefork php5-gd libxcb-render0 libpaper-utils \ | ||
+ | hicolor-icon-theme wwwconfig-common libdatrie0 libdirectfb-1.0-0 fontconfig \ | ||
+ | smarty libxfont1 librecode0 gettext apache2.2-common libpango1.0-0 gs-common \ | ||
+ | libt1-5 libgtk2.0-bin libxft2 mlock libgsf-1-common libxcomposite1 libcroco3 \ | ||
+ | smarty-gettext libopenexr6 libice6 libthai0 ssl-cert php5-mhash libc-client2007b \ | ||
+ | libatk1.0-data libxpm4 fping libxrender1 libgd2-xpm libgs8 php5-recode libtiff4 \ | ||
+ | libfontenc1 psfontmgr libjasper1 ttf-dejavu libjpeg62 php5-imap xfonts-utils \ | ||
+ | libfreetype6 libthai-data libcupsimage2 ghostscript librsvg2-2 libsysfs2 \ | ||
+ | php5-ldap php5-imagick libsm6 php5-mysql libmhash2 libxdamage1 php5-cli libxi6 \ | ||
+ | libapache2-mod-php5 libxcursor1 xfonts-encodings libgraphviz4 libxt6 \ | ||
+ | libxinerama1 defoma php5-common libxrandr2 x-ttcidfont-conf libgtk2.0-0 \ | ||
+ | libgsf-1-114 gsfonts libpaper1 | ||
+ | </pre> | ||
− | = | + | == Encryption == |
− | ;/etc/ldap/slapd.conf | + | <pre> |
+ | openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/server.crt -keyout /etc/ssl/certs/server.key | ||
+ | </pre> | ||
+ | |||
+ | == VirtualHost == | ||
+ | <pre> | ||
+ | a2enmod ssl | ||
+ | a2enmod rewrite | ||
+ | </pre> | ||
+ | |||
+ | /etc/apache2/sites-available/gosa.domain.com.ar | ||
+ | <pre> | ||
+ | <VirtualHost *:443> | ||
+ | ServerName gosa.domain.com.ar | ||
+ | ServerAdmin webmaster@gosa.domain.com.ar | ||
+ | |||
+ | DocumentRoot /usr/share/gosa/html | ||
+ | |||
+ | <Location /> | ||
+ | php_admin_flag engine on | ||
+ | php_admin_flag register_globals off | ||
+ | php_admin_flag allow_call_time_pass_reference on | ||
+ | php_admin_flag expose_php off | ||
+ | php_admin_flag zend.ze1_compatibility_mode off | ||
+ | php_admin_flag register_long_arrays off | ||
+ | php_admin_flag magic_quotes_gpc on | ||
+ | #include /etc/gosa/gosa.secrets | ||
+ | </Location> | ||
+ | |||
+ | CustomLog /var/log/apache2/gosa_access.log combined | ||
+ | ErrorLog /var/log/apache2/gosa_error.log | ||
+ | |||
+ | SSLEngine on | ||
+ | SSLCertificateFile /etc/ssl/certs/gosa.domain.com.ar.crt | ||
+ | SSLCertificateKeyFile /etc/ssl/certs/gosa.domain.com.ar.key | ||
+ | </VirtualHost> | ||
+ | |||
+ | <VirtualHost *:80> | ||
+ | ServerName gosa.domain.com.ar | ||
+ | RewriteEngine on | ||
+ | RewriteCond %{HTTP_HOST} ^gosa\.domain\.com\.ar [NC] | ||
+ | RewriteRule ^/(.*) https://gosa.domain.com.ar/$1 [L,R] | ||
+ | </VirtualHost> | ||
+ | </pre> | ||
+ | |||
+ | <pre> | ||
+ | ln -s /etc/apache2/sites-available/gosa.domain.com.ar /etc/apache2/sites-enabled/gosa.domain.com.ar | ||
+ | /etc/init.d/apache2 restart | ||
+ | </pre> | ||
+ | |||
+ | == Configuration == | ||
+ | http://hostname/gosa | ||
+ | |||
+ | Mail method= | ||
+ | |||
+ | *Crear servidor con datos de IMAP | ||
+ | *Crear cuenta de cyrus en LDAP | ||
+ | |||
+ | Server -> Services -> Mail Server check | ||
+ | |||
+ | /etc/gosa/gosa.conf | ||
+ | <pre> | ||
+ | <main default="default" | ||
+ | mailQueueScriptPath="/usr/bin/mailq" | ||
+ | </pre> | ||
+ | |||
+ | Options reference at https://oss.gonicus.de/labs/gosa/wiki/InstallingGOsaSetup | ||
+ | |||
+ | = Services = | ||
+ | == Samba PDC == | ||
+ | ;Install Samba package and LDAP tools. | ||
+ | <pre> | ||
+ | aptitude install samba smbldap-tools | ||
+ | </pre> | ||
+ | |||
+ | === slapd.conf === | ||
+ | ;Add new schemas to /etc/ldap/slapd.conf | ||
<pre> | <pre> | ||
− | |||
include /etc/ldap/schema/samba3.schema | include /etc/ldap/schema/samba3.schema | ||
include /etc/ldap/schema/trust.schema | include /etc/ldap/schema/trust.schema | ||
Línea 38: | Línea 147: | ||
include /etc/ldap/schema/gofon.schema | include /etc/ldap/schema/gofon.schema | ||
include /etc/ldap/schema/goto.schema | include /etc/ldap/schema/goto.schema | ||
− | include /etc/ldap/schema/gosa | + | include /etc/ldap/schema/gosa-samba3.schema |
include /etc/ldap/schema/gofax.schema | include /etc/ldap/schema/gofax.schema | ||
include /etc/ldap/schema/goserver.schema | include /etc/ldap/schema/goserver.schema | ||
Línea 44: | Línea 153: | ||
</pre> | </pre> | ||
− | = | + | ;replace |
+ | <pre> | ||
+ | access to attrs=userPassword,shadowLastChange | ||
+ | </pre> | ||
+ | |||
+ | with | ||
+ | <pre> | ||
+ | access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,sambaPwdMustChange,sambaPwdLastSet | ||
+ | </pre> | ||
+ | |||
+ | === Filesystem === | ||
+ | ;Create directories | ||
+ | <pre> | ||
+ | mkdir -p /home/samba/netlogon | ||
+ | mkdir -p /home/samba/profiles | ||
+ | chmod 777 -R /home/samba/profiles | ||
+ | </pre> | ||
+ | |||
+ | === smb.conf === | ||
+ | |||
+ | |||
+ | ;Set LDAP admin password | ||
+ | <pre> | ||
+ | smbpasswd -w secret | ||
+ | </pre> | ||
+ | |||
+ | === smbldap-tools === | ||
+ | ;Obtain domain SID | ||
+ | <pre> | ||
+ | net getlocalsid | ||
+ | </pre> | ||
+ | |||
+ | ;Copy and edit smbldap-tools configuration files | ||
+ | <pre> | ||
+ | cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf /etc/smbldap-tools/ | ||
+ | cp /usr/share/doc/smbldap-tools/examples/smbldap.conf.gz /etc/smbldap-tools/ | ||
+ | gunzip /etc/smbldap-tools/smbldap.conf.gz | ||
+ | chmod 0644 /etc/smbldap-tools/smbldap.conf | ||
+ | chmod 0600 /etc/smbldap-tools/smbldap_bind.conf | ||
+ | </pre> | ||
+ | |||
+ | ;Populate domain information to LDAP server | ||
+ | <pre> | ||
+ | smbldap-populate | ||
+ | </pre> | ||
+ | |||
+ | === Authentication === | ||
+ | ==== libnss-ldap ==== | ||
+ | ;Install libnss-ldap package | ||
+ | <pre> | ||
+ | aptitude install libnss-ldap | ||
+ | </pre> | ||
− | + | ;Configure libnss-ldap | |
− | ; | ||
<pre> | <pre> | ||
− | + | dpkg-reconfigure libnss-ldap | |
− | |||
− | |||
</pre> | </pre> | ||
+ | Using this values | ||
+ | * LDAP server Uniform Resource Identifier: ldap://127.0.0.1 | ||
+ | * Distinguished name of the search base: dc=example,dc=com | ||
+ | * LDAP version to use: 3 | ||
+ | * Does the LDAP database require login? No | ||
+ | * Special LDAP privileges for root? Yes | ||
+ | * Make the configuration file readable/writeable by its owner only? Yes | ||
+ | * LDAP account for root: cn=admin,dc=example,dc=com | ||
+ | * LDAP root account password: CHANGE | ||
+ | |||
+ | ==== nsswitch.conf ==== | ||
+ | ;edit /etc/nsswitch.conf with | ||
<pre> | <pre> | ||
− | + | passwd: compat ldap | |
− | + | group: compat ldap | |
− | + | shadow: compat ldap | |
− | |||
− | |||
</pre> | </pre> | ||
− | ; | + | ==== PAM ==== |
+ | ;Install libpam-ldap package | ||
<pre> | <pre> | ||
− | + | aptitude install libpam-ldap | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</pre> | </pre> | ||
− | + | ;Configure libpam-ldap | |
− | |||
<pre> | <pre> | ||
− | + | dpkg-reconfigure libpam-ldap | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</pre> | </pre> | ||
− | ;/etc/ | + | Using this values |
+ | * LDAP server Uniform Resource Identifier: ldap://127.0.0.1 | ||
+ | * Distinguished name of the search base: dc=example,dc=com | ||
+ | * LDAP version to use: 3 | ||
+ | * Make local root Database admin. Yes | ||
+ | * Does the LDAP database require login? No | ||
+ | * LDAP account for root: cn=admin,dc=example,dc=com | ||
+ | * LDAP root account password: CHANGE | ||
+ | * Local crypt to use when changing passwords. MD5 | ||
+ | |||
+ | ;Edit /etc/pam.d/common-account | ||
+ | Comment out | ||
<pre> | <pre> | ||
− | + | account required pam_unix.so | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</pre> | </pre> | ||
− | + | and add | |
<pre> | <pre> | ||
− | + | account sufficient pam_ldap.so | |
− | + | account required pam_unix.so try_first_pass | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</pre> | </pre> | ||
+ | ;Edit /etc/pam.d/common-auth | ||
+ | Comment out | ||
+ | <pre> | ||
+ | auth required pam_unix.so nullok_secure | ||
+ | </pre> | ||
+ | |||
+ | and add | ||
+ | <pre> | ||
+ | auth sufficient pam_ldap.so | ||
+ | auth required pam_unix.so nullok_secure use_first_pass | ||
+ | </pre> | ||
+ | |||
+ | ;Edit /etc/pam.d/common-password | ||
+ | Comment out | ||
+ | <pre> | ||
+ | password required pam_unix.so nullok obscure min=4 max=8 md5 | ||
+ | </pre> | ||
+ | |||
+ | and add | ||
+ | <pre> | ||
+ | password sufficient pam_ldap.so | ||
+ | password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass | ||
+ | </pre> | ||
+ | |||
+ | === PDC in different network === | ||
+ | ;References | ||
+ | *http://www.linuxquestions.org/linux/answers/Networking/Configure_BIND_DNS_to_Answer_Active_Directory_Queries | ||
+ | |||
+ | |||
+ | |||
+ | == Monitoring == | ||
+ | <pre> | ||
+ | aptitude install amavis-stats mailgraph awstats munin-node smokeping | ||
+ | aptitude install sarg webalizer | ||
+ | </pre> | ||
+ | |||
+ | = Configuration files = | ||
+ | == Leave as provided in tar file == | ||
+ | */etc/postfix/master.cf | ||
+ | */etc/default/saslauthd | ||
+ | */etc/amavis/conf.d/15-content_filter_mode | ||
+ | */etc/logrotate.d/squid | ||
+ | |||
+ | == Edit and change to your values == | ||
+ | */etc/postfix/main.cf | ||
+ | */etc/postfix/virtualaliases.cf | ||
+ | */etc/imapd.conf | ||
+ | */etc/cyrus.conf | ||
+ | */etc/saslauthd.conf | ||
+ | */etc/smokeping/config.d/Targets | ||
+ | |||
+ | */etc/awstats/awstats.postfix.conf | ||
+ | |||
+ | ;ver | ||
+ | */etc/webalizer/webalizer.conf | ||
+ | */etc/squid/sarg.conf | ||
+ | |||
+ | == OpenLDAP == | ||
+ | === /etc/ldap/slapd.conf === | ||
+ | add these includes: | ||
+ | <pre> | ||
+ | include /etc/ldap/schema/samba3.schema | ||
+ | include /etc/ldap/schema/trust.schema | ||
+ | include /etc/ldap/schema/gosystem.schema | ||
+ | include /etc/ldap/schema/gofon.schema | ||
+ | include /etc/ldap/schema/goto.schema | ||
+ | include /etc/ldap/schema/gosa+samba3.schema | ||
+ | include /etc/ldap/schema/gofax.schema | ||
+ | include /etc/ldap/schema/goserver.schema | ||
+ | include /etc/ldap/schema/goto-mime.schema | ||
+ | </pre> | ||
+ | |||
+ | ;References | ||
+ | *https://oss.gonicus.de/labs/gosa/wiki/InstallingLdap | ||
+ | |||
+ | = Amavis = | ||
+ | adduser clamav amavis | ||
+ | ln -s /etc/amavis-stats/apache.conf /etc/apache2/conf.d/amavis-stats.conf | ||
+ | |||
+ | |||
+ | |||
+ | = Apache = | ||
+ | |||
+ | == LDAP Auth == | ||
+ | ;enable modules | ||
+ | ldap | ||
+ | authnz_ldap | ||
+ | |||
+ | = Mailman = | ||
+ | mailman | ||
=Restart processes= | =Restart processes= | ||
Línea 148: | Línea 359: | ||
/etc/init.d/cyrus2.2 restart | /etc/init.d/cyrus2.2 restart | ||
/etc/init.d/postfix restart | /etc/init.d/postfix restart | ||
+ | /etc/init.d/amavis-new start | ||
+ | /etc/init.d/mailman start | ||
</pre> | </pre> | ||
+ | |||
=SquirrelMail= | =SquirrelMail= | ||
Línea 161: | Línea 375: | ||
</pre> | </pre> | ||
− | = | + | = Name Service Cache Daemon (nscd) = |
− | + | <pre> | |
+ | apt-get install nscd | ||
+ | </pre> | ||
− | + | = Services = | |
+ | == IMAP Servers == | ||
+ | ;Sample | ||
+ | URL de conexión | ||
+ | "{server:143/notls}" | ||
+ | Usuario administrador | ||
+ | "cyrus" | ||
+ | URL de conexión Sieve | ||
+ | "{server:2000/notls}" | ||
− | |||
− | |||
− | |||
− | |||
=References= | =References= | ||
Línea 177: | Línea 397: | ||
*[http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusAuthentication Cyrus Authentication - An Overview] | *[http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusAuthentication Cyrus Authentication - An Overview] | ||
*[http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusSaslComponents Cyrus SASL Components] | *[http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusSaslComponents Cyrus SASL Components] | ||
− | *http://www.postfix.org/ | + | *http://www.postfix.org/LDAPREADME.html |
==Email server howtos== | ==Email server howtos== | ||
Línea 198: | Línea 418: | ||
*[http://workaround.org/articles/ispmail-etch/ OpenLDAP + Postfix + dovecot (2007-apt)] | *[http://workaround.org/articles/ispmail-etch/ OpenLDAP + Postfix + dovecot (2007-apt)] | ||
− | == | + | ==General== |
+ | *http://www.improvisa.com/index.php?name=News&file=article&sid=387 | ||
+ | *http://edin.no-ip.com/content/ldap-samba-pdc-pamnss-debian-lenny-howto | ||
+ | *http://thegoldenear.org/toolbox/unices/samba-3-pdc-print-server-debian-etch.html | ||
+ | *http://hannibal.solstice.nl/hannibalwiki/doku.php?id=hannibal:start | ||
*[http://jriosgosa.blogspot.com/ Postfix MTA, Courier IMAP/POP3, Maildrop, Gnarwl, Cyrus SASL and Openssl (2007-rpm)] | *[http://jriosgosa.blogspot.com/ Postfix MTA, Courier IMAP/POP3, Maildrop, Gnarwl, Cyrus SASL and Openssl (2007-rpm)] | ||
*http://lena.franken.de/ldap/installing_gosa_debian_sarge.html | *http://lena.franken.de/ldap/installing_gosa_debian_sarge.html |
Revisión actual del 08:15 14 abr 2010
- Guide under development
This guide apply for Debian Lenny. See also GOsa on CentOS
Contenido
Installation
Installation using packages
GOsa 2.5
aptitude install gosa gosa-schema
cp /usr/share/doc/gosa/contrib/openldap/trust.schema /etc/ldap/schema/ cp /usr/share/doc/gosa/contrib/openldap/samba3.schema.gz /etc/ldap/schema/ gunzip /etc/ldap/schema/samba3.schema.gz
GOsa 2.6
- /etc/apt/sources.list
deb http://oss.gonicus.de/pub/gosa/ debian-etch/
aptitude update aptitude install gosa
Installation using subversion repository
aptitude install subversion cd /tmp svn co https://oss.gonicus.de/repositories/gosa/trunk gosa-trunk mv /tmp/gosa-trunk/gosa-all/gosa /usr/share/ mkdir /etc/ldap/schema/gosa cp /usr/share/gosa/contrib/openldap/*.schema /etc/ldap/schema/gosa
cd /usr/share/gosa ./update-gosa
Installation from subversion repository
- Requisites
aptitude install libgtk2.0-common libatk1.0-0 libts-0.0-0 ttf-dejavu-core \ libxfixes3 apache2-utils libxcb-render-util0 liblcms1 libdjvulibre21 libwmf0.2-7 \ djvulibre-desktop libilmbase6 ttf-dejavu-extra libpixman-1-0 php5 libmagick10 \ openssl-blacklist libgomp1 libcairo2 libfontconfig1 fontconfig-config \ libpango1.0-common apache2-mpm-prefork php5-gd libxcb-render0 libpaper-utils \ hicolor-icon-theme wwwconfig-common libdatrie0 libdirectfb-1.0-0 fontconfig \ smarty libxfont1 librecode0 gettext apache2.2-common libpango1.0-0 gs-common \ libt1-5 libgtk2.0-bin libxft2 mlock libgsf-1-common libxcomposite1 libcroco3 \ smarty-gettext libopenexr6 libice6 libthai0 ssl-cert php5-mhash libc-client2007b \ libatk1.0-data libxpm4 fping libxrender1 libgd2-xpm libgs8 php5-recode libtiff4 \ libfontenc1 psfontmgr libjasper1 ttf-dejavu libjpeg62 php5-imap xfonts-utils \ libfreetype6 libthai-data libcupsimage2 ghostscript librsvg2-2 libsysfs2 \ php5-ldap php5-imagick libsm6 php5-mysql libmhash2 libxdamage1 php5-cli libxi6 \ libapache2-mod-php5 libxcursor1 xfonts-encodings libgraphviz4 libxt6 \ libxinerama1 defoma php5-common libxrandr2 x-ttcidfont-conf libgtk2.0-0 \ libgsf-1-114 gsfonts libpaper1
Encryption
openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/server.crt -keyout /etc/ssl/certs/server.key
VirtualHost
a2enmod ssl a2enmod rewrite
/etc/apache2/sites-available/gosa.domain.com.ar
<VirtualHost *:443> ServerName gosa.domain.com.ar ServerAdmin webmaster@gosa.domain.com.ar DocumentRoot /usr/share/gosa/html <Location /> php_admin_flag engine on php_admin_flag register_globals off php_admin_flag allow_call_time_pass_reference on php_admin_flag expose_php off php_admin_flag zend.ze1_compatibility_mode off php_admin_flag register_long_arrays off php_admin_flag magic_quotes_gpc on #include /etc/gosa/gosa.secrets </Location> CustomLog /var/log/apache2/gosa_access.log combined ErrorLog /var/log/apache2/gosa_error.log SSLEngine on SSLCertificateFile /etc/ssl/certs/gosa.domain.com.ar.crt SSLCertificateKeyFile /etc/ssl/certs/gosa.domain.com.ar.key </VirtualHost> <VirtualHost *:80> ServerName gosa.domain.com.ar RewriteEngine on RewriteCond %{HTTP_HOST} ^gosa\.domain\.com\.ar [NC] RewriteRule ^/(.*) https://gosa.domain.com.ar/$1 [L,R] </VirtualHost>
ln -s /etc/apache2/sites-available/gosa.domain.com.ar /etc/apache2/sites-enabled/gosa.domain.com.ar /etc/init.d/apache2 restart
Configuration
Mail method=
- Crear servidor con datos de IMAP
- Crear cuenta de cyrus en LDAP
Server -> Services -> Mail Server check
/etc/gosa/gosa.conf
<main default="default" mailQueueScriptPath="/usr/bin/mailq"
Options reference at https://oss.gonicus.de/labs/gosa/wiki/InstallingGOsaSetup
Services
Samba PDC
- Install Samba package and LDAP tools.
aptitude install samba smbldap-tools
slapd.conf
- Add new schemas to /etc/ldap/slapd.conf
include /etc/ldap/schema/samba3.schema include /etc/ldap/schema/trust.schema include /etc/ldap/schema/gosystem.schema include /etc/ldap/schema/gofon.schema include /etc/ldap/schema/goto.schema include /etc/ldap/schema/gosa-samba3.schema include /etc/ldap/schema/gofax.schema include /etc/ldap/schema/goserver.schema include /etc/ldap/schema/goto-mime.schema
- replace
access to attrs=userPassword,shadowLastChange
with
access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,sambaPwdMustChange,sambaPwdLastSet
Filesystem
- Create directories
mkdir -p /home/samba/netlogon mkdir -p /home/samba/profiles chmod 777 -R /home/samba/profiles
smb.conf
- Set LDAP admin password
smbpasswd -w secret
smbldap-tools
- Obtain domain SID
net getlocalsid
- Copy and edit smbldap-tools configuration files
cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf /etc/smbldap-tools/ cp /usr/share/doc/smbldap-tools/examples/smbldap.conf.gz /etc/smbldap-tools/ gunzip /etc/smbldap-tools/smbldap.conf.gz chmod 0644 /etc/smbldap-tools/smbldap.conf chmod 0600 /etc/smbldap-tools/smbldap_bind.conf
- Populate domain information to LDAP server
smbldap-populate
Authentication
libnss-ldap
- Install libnss-ldap package
aptitude install libnss-ldap
- Configure libnss-ldap
dpkg-reconfigure libnss-ldap
Using this values
- LDAP server Uniform Resource Identifier: ldap://127.0.0.1
- Distinguished name of the search base: dc=example,dc=com
- LDAP version to use: 3
- Does the LDAP database require login? No
- Special LDAP privileges for root? Yes
- Make the configuration file readable/writeable by its owner only? Yes
- LDAP account for root: cn=admin,dc=example,dc=com
- LDAP root account password: CHANGE
nsswitch.conf
- edit /etc/nsswitch.conf with
passwd: compat ldap group: compat ldap shadow: compat ldap
PAM
- Install libpam-ldap package
aptitude install libpam-ldap
- Configure libpam-ldap
dpkg-reconfigure libpam-ldap
Using this values
- LDAP server Uniform Resource Identifier: ldap://127.0.0.1
- Distinguished name of the search base: dc=example,dc=com
- LDAP version to use: 3
- Make local root Database admin. Yes
- Does the LDAP database require login? No
- LDAP account for root: cn=admin,dc=example,dc=com
- LDAP root account password: CHANGE
- Local crypt to use when changing passwords. MD5
- Edit /etc/pam.d/common-account
Comment out
account required pam_unix.so
and add
account sufficient pam_ldap.so account required pam_unix.so try_first_pass
- Edit /etc/pam.d/common-auth
Comment out
auth required pam_unix.so nullok_secure
and add
auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure use_first_pass
- Edit /etc/pam.d/common-password
Comment out
password required pam_unix.so nullok obscure min=4 max=8 md5
and add
password sufficient pam_ldap.so password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass
PDC in different network
- References
Monitoring
aptitude install amavis-stats mailgraph awstats munin-node smokeping aptitude install sarg webalizer
Configuration files
Leave as provided in tar file
- /etc/postfix/master.cf
- /etc/default/saslauthd
- /etc/amavis/conf.d/15-content_filter_mode
- /etc/logrotate.d/squid
Edit and change to your values
- /etc/postfix/main.cf
- /etc/postfix/virtualaliases.cf
- /etc/imapd.conf
- /etc/cyrus.conf
- /etc/saslauthd.conf
- /etc/smokeping/config.d/Targets
- /etc/awstats/awstats.postfix.conf
- ver
- /etc/webalizer/webalizer.conf
- /etc/squid/sarg.conf
OpenLDAP
/etc/ldap/slapd.conf
add these includes:
include /etc/ldap/schema/samba3.schema include /etc/ldap/schema/trust.schema include /etc/ldap/schema/gosystem.schema include /etc/ldap/schema/gofon.schema include /etc/ldap/schema/goto.schema include /etc/ldap/schema/gosa+samba3.schema include /etc/ldap/schema/gofax.schema include /etc/ldap/schema/goserver.schema include /etc/ldap/schema/goto-mime.schema
- References
Amavis
adduser clamav amavis ln -s /etc/amavis-stats/apache.conf /etc/apache2/conf.d/amavis-stats.conf
Apache
LDAP Auth
- enable modules
ldap authnz_ldap
Mailman
mailman
Restart processes
/etc/init.d/saslauthd start /etc/init.d/slapd restart /etc/init.d/cyrus2.2 restart /etc/init.d/postfix restart /etc/init.d/amavis-new start /etc/init.d/mailman start
SquirrelMail
cambiar los separadores de "." a "/"
squirrelmail-configure
*3. Folder Defaults **3. Trash Folder : INBOX/Trash **4. Sent Folder : INBOX/Sent **5. Drafts Folder : INBOX/Drafts
Name Service Cache Daemon (nscd)
apt-get install nscd
Services
IMAP Servers
- Sample
URL de conexión "{server:143/notls}" Usuario administrador "cyrus" URL de conexión Sieve "{server:2000/notls}"
References
Documentation
Email server howtos
Cyrus
- openldap/postfix/cyrus/samba (2004-Sarge
- OpenLDAP + Postfix + Cyrus (2007-apt)
- OpenLDAP + Postfix + cyrus (2006-apt)
- Postfix/Cyrus/OpenLDAP (2006-Debian
- Postfix-SASL-Cyrus-MySQL-Amavis-Postgrey-SpamAssassin-ClamAV-Squirrelmail-Mailman-Mailgraph-OMA (2006-Etch)
- serveur_de_mail
Courier
- HowTo: Debian+OpenSSL+Bind9+Postfix+OpenLDAP+Courier
- http://diariolinux.com/2008/02/22/howto-debianopensslbind9postfixopenldapcourier-i/
Others
- OpenLDAP + Postfix + Dovecot + JammSASL + SquirrelMail (2004-rpm)
- OpenLDAP + Samba
- OpenLDAP + Postfix + dovecot (2007-apt)
General
- http://www.improvisa.com/index.php?name=News&file=article&sid=387
- http://edin.no-ip.com/content/ldap-samba-pdc-pamnss-debian-lenny-howto
- http://thegoldenear.org/toolbox/unices/samba-3-pdc-print-server-debian-etch.html
- http://hannibal.solstice.nl/hannibalwiki/doku.php?id=hannibal:start
- Postfix MTA, Courier IMAP/POP3, Maildrop, Gnarwl, Cyrus SASL and Openssl (2007-rpm)
- http://lena.franken.de/ldap/installing_gosa_debian_sarge.html
- http://koshrf.fercusoft.com/koshrf/
- http://www.nisled.org/wiki/index.php/Servidor_de_Arquivo_com_Ubuntu-Server