Diferencia entre revisiones de «GOsa»

De gacq wiki
Saltar a: navegación, buscar
(GOsa installation for Debian Lenny)
(References)
 
(No se muestran 60 ediciones intermedias del mismo usuario)
Línea 1: Línea 1:
= GOsa installation for Debian Lenny =
+
;Guide under development
<pre>
 
apt-get install apache2 libapache2-mod-php5 php5 php5-cli php5-common php5-dev php5-gd  \
 
    php5-imagick php5-imap php5-ldap php5-memcache php5-mhash php5-mysql php5-pgsql    \
 
    php5-recode php5-snmp php5-sqlite mysql-server slapd ldap-utils postfix postfix-ldap\
 
    cyrus-admin-2.2 cyrus-clients-2.2 cyrus-common-2.2 cyrus-doc-2.2 cyrus-imapd-2.2    \
 
    cyrus-pop3d-2.2 cyrus-sasl2-doc openssl phpldapadmin
 
  
apt-get install libsasl2-modules libsasl2-2 libsasl2-modules-ldap sasl2-bin
+
This guide apply for Debian Lenny. See also [[GOsa on CentOS]]
  
apt-get install squirrelmail
+
= Installation =
 +
== Installation using packages ==
 +
=== GOsa 2.5 ===
 +
<pre>
 +
aptitude install gosa gosa-schema
 
</pre>
 
</pre>
 
;Here use aptitude
 
aptitude install -t lenny gosa gosa-schema
 
  
 
<pre>
 
<pre>
Línea 21: Línea 16:
 
</pre>
 
</pre>
  
;vi /etc/php5/apache2/php.ini
+
=== GOsa 2.6 ===
memory_limit = 64M
+
;/etc/apt/sources.list
 +
<pre>
 +
deb http://oss.gonicus.de/pub/gosa/ debian-etch/
 +
</pre>
 +
 
 +
<pre>
 +
aptitude update
 +
aptitude install gosa
 +
</pre>
 +
 
 +
== Installation using subversion repository ==
 +
<pre>
 +
aptitude install subversion
 +
cd /tmp
 +
svn co https://oss.gonicus.de/repositories/gosa/trunk gosa-trunk
 +
mv /tmp/gosa-trunk/gosa-all/gosa /usr/share/
 +
mkdir /etc/ldap/schema/gosa
 +
cp /usr/share/gosa/contrib/openldap/*.schema /etc/ldap/schema/gosa
 +
</pre>
  
/etc/init.d/apache2 restart
+
<pre>
 +
cd /usr/share/gosa
 +
./update-gosa
 +
</pre>
  
= TLS =
+
== Installation from subversion repository ==
  openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/server.pem -keyout /etc/ssl/certs/server.pem
+
;Requisites
 +
<pre>
 +
aptitude install libgtk2.0-common libatk1.0-0 libts-0.0-0 ttf-dejavu-core \
 +
libxfixes3 apache2-utils libxcb-render-util0 liblcms1 libdjvulibre21 libwmf0.2-7 \
 +
  djvulibre-desktop libilmbase6 ttf-dejavu-extra libpixman-1-0 php5 libmagick10 \
 +
openssl-blacklist libgomp1 libcairo2 libfontconfig1 fontconfig-config \
 +
libpango1.0-common apache2-mpm-prefork php5-gd libxcb-render0 libpaper-utils \
 +
hicolor-icon-theme wwwconfig-common libdatrie0 libdirectfb-1.0-0 fontconfig \
 +
smarty libxfont1 librecode0 gettext apache2.2-common libpango1.0-0 gs-common \
 +
libt1-5 libgtk2.0-bin libxft2 mlock libgsf-1-common libxcomposite1 libcroco3 \
 +
smarty-gettext libopenexr6 libice6 libthai0 ssl-cert php5-mhash libc-client2007b \
 +
libatk1.0-data libxpm4 fping libxrender1 libgd2-xpm libgs8 php5-recode libtiff4 \
 +
libfontenc1 psfontmgr libjasper1 ttf-dejavu libjpeg62 php5-imap xfonts-utils \
 +
libfreetype6 libthai-data libcupsimage2 ghostscript librsvg2-2 libsysfs2 \
 +
php5-ldap php5-imagick libsm6 php5-mysql libmhash2 libxdamage1 php5-cli libxi6 \
 +
libapache2-mod-php5 libxcursor1 xfonts-encodings libgraphviz4 libxt6 \
 +
libxinerama1 defoma php5-common libxrandr2 x-ttcidfont-conf libgtk2.0-0 \
 +
libgsf-1-114 gsfonts libpaper1
 +
</pre>
  
=OpenLDAP setup=
+
== Encryption ==
;/etc/ldap/slapd.conf
+
<pre>
 +
openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/server.crt -keyout /etc/ssl/certs/server.key
 +
</pre>
 +
 
 +
== VirtualHost ==
 +
<pre>
 +
a2enmod ssl
 +
a2enmod rewrite
 +
</pre>
 +
 
 +
/etc/apache2/sites-available/gosa.domain.com.ar
 +
<pre>
 +
<VirtualHost *:443>
 +
        ServerName gosa.domain.com.ar
 +
        ServerAdmin webmaster@gosa.domain.com.ar
 +
 
 +
        DocumentRoot /usr/share/gosa/html
 +
 
 +
        <Location />
 +
                php_admin_flag engine on
 +
                php_admin_flag register_globals off
 +
                php_admin_flag allow_call_time_pass_reference on
 +
                php_admin_flag expose_php off
 +
                php_admin_flag zend.ze1_compatibility_mode off
 +
                php_admin_flag register_long_arrays off
 +
                php_admin_flag magic_quotes_gpc on
 +
                #include /etc/gosa/gosa.secrets
 +
        </Location>
 +
 
 +
        CustomLog /var/log/apache2/gosa_access.log combined
 +
        ErrorLog /var/log/apache2/gosa_error.log
 +
 
 +
        SSLEngine on
 +
        SSLCertificateFile    /etc/ssl/certs/gosa.domain.com.ar.crt
 +
        SSLCertificateKeyFile /etc/ssl/certs/gosa.domain.com.ar.key
 +
</VirtualHost>
 +
 
 +
<VirtualHost *:80>
 +
        ServerName gosa.domain.com.ar
 +
        RewriteEngine on
 +
        RewriteCond %{HTTP_HOST}  ^gosa\.domain\.com\.ar [NC]
 +
        RewriteRule ^/(.*)        https://gosa.domain.com.ar/$1 [L,R]
 +
</VirtualHost>
 +
</pre>
 +
 
 +
<pre>
 +
ln -s /etc/apache2/sites-available/gosa.domain.com.ar /etc/apache2/sites-enabled/gosa.domain.com.ar
 +
/etc/init.d/apache2 restart
 +
</pre>
 +
 
 +
== Configuration ==
 +
http://hostname/gosa
 +
 
 +
Mail method=
 +
 
 +
*Crear servidor con datos de IMAP
 +
*Crear cuenta de cyrus en LDAP
 +
 
 +
Server -> Services -> Mail Server check
 +
 
 +
/etc/gosa/gosa.conf
 +
<pre>
 +
        <main default="default"
 +
                mailQueueScriptPath="/usr/bin/mailq"
 +
</pre>
 +
 
 +
Options reference at https://oss.gonicus.de/labs/gosa/wiki/InstallingGOsaSetup
 +
 
 +
= Services =
 +
== Samba PDC ==
 +
;Install Samba package and LDAP tools.
 +
<pre>
 +
aptitude install samba smbldap-tools
 +
</pre>
 +
 
 +
=== slapd.conf ===
 +
;Add new schemas to /etc/ldap/slapd.conf
 
<pre>
 
<pre>
allow bind_v2 (?)
 
 
include        /etc/ldap/schema/samba3.schema
 
include        /etc/ldap/schema/samba3.schema
 
include        /etc/ldap/schema/trust.schema
 
include        /etc/ldap/schema/trust.schema
Línea 38: Línea 147:
 
include        /etc/ldap/schema/gofon.schema
 
include        /etc/ldap/schema/gofon.schema
 
include        /etc/ldap/schema/goto.schema
 
include        /etc/ldap/schema/goto.schema
include        /etc/ldap/schema/gosa+samba3.schema
+
include        /etc/ldap/schema/gosa-samba3.schema
 
include        /etc/ldap/schema/gofax.schema
 
include        /etc/ldap/schema/gofax.schema
 
include        /etc/ldap/schema/goserver.schema
 
include        /etc/ldap/schema/goserver.schema
Línea 44: Línea 153:
 
</pre>
 
</pre>
  
= Postfix =
+
;replace
 +
<pre>
 +
access to attrs=userPassword,shadowLastChange
 +
</pre>
 +
 
 +
with
 +
<pre>
 +
access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,sambaPwdMustChange,sambaPwdLastSet
 +
</pre>
 +
 
 +
=== Filesystem ===
 +
;Create directories
 +
<pre>
 +
mkdir -p /home/samba/netlogon
 +
mkdir -p /home/samba/profiles
 +
chmod 777 -R /home/samba/profiles
 +
</pre>
 +
 
 +
=== smb.conf ===
 +
 
 +
 
 +
;Set LDAP admin password
 +
<pre>
 +
smbpasswd -w secret
 +
</pre>
 +
 
 +
=== smbldap-tools ===
 +
;Obtain domain SID
 +
<pre>
 +
net getlocalsid
 +
</pre>
 +
 
 +
;Copy and edit smbldap-tools configuration files
 +
<pre>
 +
cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf /etc/smbldap-tools/
 +
cp /usr/share/doc/smbldap-tools/examples/smbldap.conf.gz /etc/smbldap-tools/
 +
gunzip /etc/smbldap-tools/smbldap.conf.gz
 +
chmod 0644 /etc/smbldap-tools/smbldap.conf
 +
chmod 0600 /etc/smbldap-tools/smbldap_bind.conf
 +
</pre>
 +
 
 +
;Populate domain information to LDAP server
 +
<pre>
 +
smbldap-populate
 +
</pre>
 +
 
 +
=== Authentication ===
 +
==== libnss-ldap ====
 +
;Install libnss-ldap package
 +
<pre>
 +
aptitude install libnss-ldap
 +
</pre>
  
= SASL =
+
;Configure libnss-ldap
;vi /etc/default/saslauthd
 
 
<pre>
 
<pre>
START=yes
+
dpkg-reconfigure libnss-ldap
MECHANISMS="ldap"
 
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
 
 
</pre>
 
</pre>
  
 +
Using this values
 +
* LDAP server Uniform Resource Identifier: ldap://127.0.0.1
 +
* Distinguished name of the search base: dc=example,dc=com
 +
* LDAP version to use: 3
 +
* Does the LDAP database require login? No
 +
* Special LDAP privileges for root? Yes
 +
* Make the configuration file readable/writeable by its owner only? Yes
 +
* LDAP account for root: cn=admin,dc=example,dc=com
 +
* LDAP root account password: CHANGE
 +
 +
==== nsswitch.conf ====
 +
;edit /etc/nsswitch.conf with
 
<pre>
 
<pre>
rm -r /var/run/saslauthd/
+
passwd:        compat ldap
mkdir -p /var/spool/postfix/var/run/saslauthd
+
group:          compat ldap
ln -s /var/spool/postfix/var/run/saslauthd /var/run
+
shadow:        compat ldap
chgrp sasl /var/spool/postfix/var/run/saslauthd
 
adduser postfix sasl
 
 
</pre>
 
</pre>
  
;saslauthd.conf
+
==== PAM ====
 +
;Install libpam-ldap package
 
<pre>
 
<pre>
ldap_servers: ldap://127.0.0.1/
+
aptitude install libpam-ldap
ldap_version: 3
 
ldap_timeout: 10
 
ldap_time_limit: 10
 
ldap_cache_ttl: 30
 
ldap_cache_mem: 32768
 
ldap_scope: sub
 
ldap_search_base: ou=people,dc=cafelug,dc=org,dc=ar
 
ldap_auth_method: bind
 
ldap_bind_dn: cn=System Administrator,ou=people,dc=cafelug,dc=org,dc=ar
 
ldap_password: ldappasswd
 
ldap_filter: uid=%U
 
ldap_password_attr: sambaLMPassword
 
 
</pre>
 
</pre>
  
=Cyrus IMAP=
+
;Configure libpam-ldap
vi /etc/imapd.conf
 
 
<pre>
 
<pre>
admins: cyrus
+
dpkg-reconfigure libpam-ldap
allowanonymouslogin: no
 
allowplaintext: yes
 
altnamespace: no
 
autocreatequota: 0
 
configdirectory: /var/lib/cyrus
 
defaultdomain: gnucleo.net
 
defaultpartition: default
 
hashimapspool: true
 
idlemethod: poll
 
idlesocket: /var/run/cyrus/socket/idle
 
lmtp_downcase_rcpt: yes
 
lmtpsocket: /var/run/cyrus/socket/lmtp
 
newsspool: /var/spool/news
 
notifysocket: /var/run/cyrus/socket/notify
 
partition-default: /var/spool/cyrus/mail
 
partition-news: /var/spool/cyrus/news
 
popminpoll: 1
 
sasl_auto_transition: no
 
sasl_mech_list: PLAIN LOGIN
 
sasl_pwcheck_method: saslauthd
 
sievedir: /var/spool/sieve
 
sieveusehomedir: false
 
syslog_prefix: cyrus
 
tls_ca_path: /etc/ssl/certs
 
tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
 
tls_session_timeout: 1440
 
umask: 077
 
unixhierarchysep: yes
 
virtdomains: userid
 
 
</pre>
 
</pre>
  
;/etc/postfix/virtualaliases.cf
+
Using this values
 +
* LDAP server Uniform Resource Identifier: ldap://127.0.0.1
 +
* Distinguished name of the search base: dc=example,dc=com
 +
* LDAP version to use: 3
 +
* Make local root Database admin. Yes
 +
* Does the LDAP database require login? No
 +
* LDAP account for root: cn=admin,dc=example,dc=com
 +
* LDAP root account password: CHANGE
 +
* Local crypt to use when changing passwords. MD5
 +
 
 +
;Edit /etc/pam.d/common-account
 +
Comment out
 
<pre>
 
<pre>
server_host = 127.0.0.1
+
account required pam_unix.so
server_port = 389
 
bind        = yes
 
bind_dn    = cn=admin,dc=gacq,dc=com,dc=ar
 
bind_pw    = passwd
 
timeout = 5
 
search_base = dc=gacq,dc=com,dc=ar
 
query_filter = (|(mail=%s)(gosaMailAlternateAddress=%s))
 
result_attribute = gosaMailForwardingAddress,uid
 
 
</pre>
 
</pre>
  
;/etc/postfix/sasl/smtpd.conf (VALIDAR)
+
and add
 
<pre>
 
<pre>
pwcheck_method: saslauthd
+
account sufficient pam_ldap.so
mech_list: plain login
+
account required pam_unix.so try_first_pass
allow_plaintext: true
 
##############
 
# Esta siguiente linea no es necesaria, pero evita que aparezcan errores de tipo:
 
# Mar 29 18:59:12 calculin postfix/smtpd[14647]: auxpropfunc error invalid parameter supplied
 
# Mar 29 18:59:12 calculin postfix/smtpd[14647]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb
 
# en /var/log/auth.log
 
ldapdb_uri: ldap://localhost
 
##############
 
 
</pre>
 
</pre>
  
 +
;Edit /etc/pam.d/common-auth
 +
Comment out
 +
<pre>
 +
auth required pam_unix.so nullok_secure
 +
</pre>
 +
 +
and add
 +
<pre>
 +
auth sufficient pam_ldap.so
 +
auth required pam_unix.so nullok_secure use_first_pass
 +
</pre>
 +
 +
;Edit /etc/pam.d/common-password
 +
Comment out
 +
<pre>
 +
password required pam_unix.so nullok obscure min=4 max=8 md5
 +
</pre>
 +
 +
and add
 +
<pre>
 +
password sufficient pam_ldap.so
 +
password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass
 +
</pre>
 +
 +
=== PDC in different network ===
 +
;References
 +
*http://www.linuxquestions.org/linux/answers/Networking/Configure_BIND_DNS_to_Answer_Active_Directory_Queries
 +
 +
 +
 +
== Monitoring ==
 +
<pre>
 +
aptitude install amavis-stats mailgraph awstats munin-node smokeping
 +
aptitude install sarg webalizer
 +
</pre>
 +
 +
= Configuration files =
 +
== Leave as provided in tar file ==
 +
*/etc/postfix/master.cf
 +
*/etc/default/saslauthd
 +
*/etc/amavis/conf.d/15-content_filter_mode
 +
*/etc/logrotate.d/squid
 +
 +
== Edit and change to your values ==
 +
*/etc/postfix/main.cf
 +
*/etc/postfix/virtualaliases.cf
 +
*/etc/imapd.conf
 +
*/etc/cyrus.conf
 +
*/etc/saslauthd.conf
 +
*/etc/smokeping/config.d/Targets
 +
 +
*/etc/awstats/awstats.postfix.conf
 +
 +
;ver
 +
*/etc/webalizer/webalizer.conf
 +
*/etc/squid/sarg.conf
 +
 +
== OpenLDAP ==
 +
=== /etc/ldap/slapd.conf ===
 +
add these includes:
 +
<pre>
 +
include        /etc/ldap/schema/samba3.schema
 +
include        /etc/ldap/schema/trust.schema
 +
include        /etc/ldap/schema/gosystem.schema
 +
include        /etc/ldap/schema/gofon.schema
 +
include        /etc/ldap/schema/goto.schema
 +
include        /etc/ldap/schema/gosa+samba3.schema
 +
include        /etc/ldap/schema/gofax.schema
 +
include        /etc/ldap/schema/goserver.schema
 +
include        /etc/ldap/schema/goto-mime.schema
 +
</pre>
 +
 +
;References
 +
*https://oss.gonicus.de/labs/gosa/wiki/InstallingLdap
 +
 +
= Amavis =
 +
adduser clamav amavis
 +
ln -s /etc/amavis-stats/apache.conf /etc/apache2/conf.d/amavis-stats.conf
 +
 +
 +
 +
= Apache =
 +
 +
== LDAP Auth ==
 +
;enable modules
 +
ldap
 +
authnz_ldap
 +
 +
= Mailman =
 +
mailman
  
 
=Restart processes=
 
=Restart processes=
Línea 148: Línea 359:
 
/etc/init.d/cyrus2.2 restart
 
/etc/init.d/cyrus2.2 restart
 
/etc/init.d/postfix restart
 
/etc/init.d/postfix restart
 +
/etc/init.d/amavis-new start
 +
/etc/init.d/mailman start
 
</pre>
 
</pre>
 +
  
 
=SquirrelMail=
 
=SquirrelMail=
Línea 161: Línea 375:
 
</pre>
 
</pre>
  
=Gosa config=
+
= Name Service Cache Daemon (nscd)  =
http://hostname/gosa
+
<pre>
 +
apt-get install nscd
 +
</pre>
  
Mail method=
+
= Services =
 +
== IMAP Servers ==
 +
;Sample
 +
URL de conexión
 +
"{server:143/notls}"
 +
Usuario administrador
 +
"cyrus"
 +
URL de conexión Sieve
 +
"{server:2000/notls}"
  
*Crear servidor con datos de IMAP
 
*Crear cuenta de cyrus en LDAP
 
  
  
=Packages=
 
*[https://oss.gonicus.de/labs/gosa/ GOsa]
 
  
 
=References=
 
=References=
Línea 177: Línea 397:
 
*[http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusAuthentication Cyrus Authentication - An Overview]
 
*[http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusAuthentication Cyrus Authentication - An Overview]
 
*[http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusSaslComponents Cyrus SASL Components]
 
*[http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusSaslComponents Cyrus SASL Components]
*http://www.postfix.org/LDAP_README.html
+
*http://www.postfix.org/LDAPREADME.html
  
 
==Email server howtos==
 
==Email server howtos==
Línea 198: Línea 418:
 
*[http://workaround.org/articles/ispmail-etch/ OpenLDAP + Postfix + dovecot (2007-apt)]
 
*[http://workaround.org/articles/ispmail-etch/ OpenLDAP + Postfix + dovecot (2007-apt)]
  
==Gosa==
+
==General==
 +
*http://www.improvisa.com/index.php?name=News&file=article&sid=387
 +
*http://edin.no-ip.com/content/ldap-samba-pdc-pamnss-debian-lenny-howto
 +
*http://thegoldenear.org/toolbox/unices/samba-3-pdc-print-server-debian-etch.html
 +
*http://hannibal.solstice.nl/hannibalwiki/doku.php?id=hannibal:start
 
*[http://jriosgosa.blogspot.com/ Postfix MTA, Courier IMAP/POP3, Maildrop, Gnarwl, Cyrus SASL and Openssl (2007-rpm)]
 
*[http://jriosgosa.blogspot.com/ Postfix MTA, Courier IMAP/POP3, Maildrop, Gnarwl, Cyrus SASL and Openssl (2007-rpm)]
 
*http://lena.franken.de/ldap/installing_gosa_debian_sarge.html
 
*http://lena.franken.de/ldap/installing_gosa_debian_sarge.html

Revisión actual del 08:15 14 abr 2010

Guide under development

This guide apply for Debian Lenny. See also GOsa on CentOS

Installation

Installation using packages

GOsa 2.5

aptitude install gosa gosa-schema
cp /usr/share/doc/gosa/contrib/openldap/trust.schema /etc/ldap/schema/
cp /usr/share/doc/gosa/contrib/openldap/samba3.schema.gz /etc/ldap/schema/
gunzip /etc/ldap/schema/samba3.schema.gz

GOsa 2.6

/etc/apt/sources.list
deb http://oss.gonicus.de/pub/gosa/ debian-etch/
aptitude update
aptitude install gosa

Installation using subversion repository

aptitude install subversion
cd /tmp
svn co https://oss.gonicus.de/repositories/gosa/trunk gosa-trunk
mv /tmp/gosa-trunk/gosa-all/gosa /usr/share/
mkdir /etc/ldap/schema/gosa
cp /usr/share/gosa/contrib/openldap/*.schema /etc/ldap/schema/gosa
cd /usr/share/gosa
./update-gosa

Installation from subversion repository

Requisites
aptitude install libgtk2.0-common libatk1.0-0 libts-0.0-0 ttf-dejavu-core \
libxfixes3 apache2-utils libxcb-render-util0 liblcms1 libdjvulibre21 libwmf0.2-7 \
 djvulibre-desktop libilmbase6 ttf-dejavu-extra libpixman-1-0 php5 libmagick10 \
openssl-blacklist libgomp1 libcairo2 libfontconfig1 fontconfig-config \
libpango1.0-common apache2-mpm-prefork php5-gd libxcb-render0 libpaper-utils \
hicolor-icon-theme wwwconfig-common libdatrie0 libdirectfb-1.0-0 fontconfig \
smarty libxfont1 librecode0 gettext apache2.2-common libpango1.0-0 gs-common \
libt1-5 libgtk2.0-bin libxft2 mlock libgsf-1-common libxcomposite1 libcroco3 \
smarty-gettext libopenexr6 libice6 libthai0 ssl-cert php5-mhash libc-client2007b \
libatk1.0-data libxpm4 fping libxrender1 libgd2-xpm libgs8 php5-recode libtiff4 \
libfontenc1 psfontmgr libjasper1 ttf-dejavu libjpeg62 php5-imap xfonts-utils \
libfreetype6 libthai-data libcupsimage2 ghostscript librsvg2-2 libsysfs2 \
php5-ldap php5-imagick libsm6 php5-mysql libmhash2 libxdamage1 php5-cli libxi6 \
libapache2-mod-php5 libxcursor1 xfonts-encodings libgraphviz4 libxt6 \
libxinerama1 defoma php5-common libxrandr2 x-ttcidfont-conf libgtk2.0-0 \
libgsf-1-114 gsfonts libpaper1

Encryption

openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/server.crt -keyout /etc/ssl/certs/server.key

VirtualHost

a2enmod ssl
a2enmod rewrite

/etc/apache2/sites-available/gosa.domain.com.ar

<VirtualHost *:443>
        ServerName gosa.domain.com.ar
        ServerAdmin webmaster@gosa.domain.com.ar

        DocumentRoot /usr/share/gosa/html

        <Location />
                php_admin_flag engine on
                php_admin_flag register_globals off
                php_admin_flag allow_call_time_pass_reference on
                php_admin_flag expose_php off
                php_admin_flag zend.ze1_compatibility_mode off
                php_admin_flag register_long_arrays off
                php_admin_flag magic_quotes_gpc on
                #include /etc/gosa/gosa.secrets
        </Location>

        CustomLog /var/log/apache2/gosa_access.log combined
        ErrorLog /var/log/apache2/gosa_error.log

        SSLEngine on
        SSLCertificateFile    /etc/ssl/certs/gosa.domain.com.ar.crt
        SSLCertificateKeyFile /etc/ssl/certs/gosa.domain.com.ar.key
</VirtualHost>

<VirtualHost *:80>
        ServerName gosa.domain.com.ar
        RewriteEngine on
        RewriteCond %{HTTP_HOST}   ^gosa\.domain\.com\.ar [NC]
        RewriteRule ^/(.*)         https://gosa.domain.com.ar/$1 [L,R]
</VirtualHost>
ln -s /etc/apache2/sites-available/gosa.domain.com.ar /etc/apache2/sites-enabled/gosa.domain.com.ar
/etc/init.d/apache2 restart

Configuration

http://hostname/gosa

Mail method=

  • Crear servidor con datos de IMAP
  • Crear cuenta de cyrus en LDAP

Server -> Services -> Mail Server check

/etc/gosa/gosa.conf

        <main default="default"
                mailQueueScriptPath="/usr/bin/mailq"

Options reference at https://oss.gonicus.de/labs/gosa/wiki/InstallingGOsaSetup

Services

Samba PDC

Install Samba package and LDAP tools.
aptitude install samba smbldap-tools

slapd.conf

Add new schemas to /etc/ldap/slapd.conf
include         /etc/ldap/schema/samba3.schema
include         /etc/ldap/schema/trust.schema
include         /etc/ldap/schema/gosystem.schema
include         /etc/ldap/schema/gofon.schema
include         /etc/ldap/schema/goto.schema
include         /etc/ldap/schema/gosa-samba3.schema
include         /etc/ldap/schema/gofax.schema
include         /etc/ldap/schema/goserver.schema
include         /etc/ldap/schema/goto-mime.schema
replace
access to attrs=userPassword,shadowLastChange

with

access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,sambaPwdMustChange,sambaPwdLastSet

Filesystem

Create directories
mkdir -p /home/samba/netlogon
mkdir -p /home/samba/profiles
chmod 777 -R /home/samba/profiles

smb.conf

Set LDAP admin password
smbpasswd -w secret

smbldap-tools

Obtain domain SID
net getlocalsid
Copy and edit smbldap-tools configuration files
cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf /etc/smbldap-tools/
cp /usr/share/doc/smbldap-tools/examples/smbldap.conf.gz /etc/smbldap-tools/
gunzip /etc/smbldap-tools/smbldap.conf.gz
chmod 0644 /etc/smbldap-tools/smbldap.conf
chmod 0600 /etc/smbldap-tools/smbldap_bind.conf
Populate domain information to LDAP server
smbldap-populate

Authentication

libnss-ldap

Install libnss-ldap package
aptitude install libnss-ldap
Configure libnss-ldap
dpkg-reconfigure libnss-ldap

Using this values

  • LDAP server Uniform Resource Identifier: ldap://127.0.0.1
  • Distinguished name of the search base: dc=example,dc=com
  • LDAP version to use: 3
  • Does the LDAP database require login? No
  • Special LDAP privileges for root? Yes
  • Make the configuration file readable/writeable by its owner only? Yes
  • LDAP account for root: cn=admin,dc=example,dc=com
  • LDAP root account password: CHANGE

nsswitch.conf

edit /etc/nsswitch.conf with
passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap

PAM

Install libpam-ldap package
aptitude install libpam-ldap
Configure libpam-ldap
dpkg-reconfigure libpam-ldap

Using this values

  • LDAP server Uniform Resource Identifier: ldap://127.0.0.1
  • Distinguished name of the search base: dc=example,dc=com
  • LDAP version to use: 3
  • Make local root Database admin. Yes
  • Does the LDAP database require login? No
  • LDAP account for root: cn=admin,dc=example,dc=com
  • LDAP root account password: CHANGE
  • Local crypt to use when changing passwords. MD5
Edit /etc/pam.d/common-account

Comment out

account required pam_unix.so

and add

account sufficient pam_ldap.so
account required pam_unix.so try_first_pass
Edit /etc/pam.d/common-auth

Comment out

auth required pam_unix.so nullok_secure

and add

auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass
Edit /etc/pam.d/common-password

Comment out

password required pam_unix.so nullok obscure min=4 max=8 md5

and add

password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass

PDC in different network

References


Monitoring

aptitude install amavis-stats mailgraph awstats munin-node smokeping
aptitude install sarg webalizer

Configuration files

Leave as provided in tar file

  • /etc/postfix/master.cf
  • /etc/default/saslauthd
  • /etc/amavis/conf.d/15-content_filter_mode
  • /etc/logrotate.d/squid

Edit and change to your values

  • /etc/postfix/main.cf
  • /etc/postfix/virtualaliases.cf
  • /etc/imapd.conf
  • /etc/cyrus.conf
  • /etc/saslauthd.conf
  • /etc/smokeping/config.d/Targets
  • /etc/awstats/awstats.postfix.conf
ver
  • /etc/webalizer/webalizer.conf
  • /etc/squid/sarg.conf

OpenLDAP

/etc/ldap/slapd.conf

add these includes:

include         /etc/ldap/schema/samba3.schema
include         /etc/ldap/schema/trust.schema
include         /etc/ldap/schema/gosystem.schema
include         /etc/ldap/schema/gofon.schema
include         /etc/ldap/schema/goto.schema
include         /etc/ldap/schema/gosa+samba3.schema
include         /etc/ldap/schema/gofax.schema
include         /etc/ldap/schema/goserver.schema
include         /etc/ldap/schema/goto-mime.schema
References

Amavis

adduser clamav amavis
ln -s /etc/amavis-stats/apache.conf /etc/apache2/conf.d/amavis-stats.conf


Apache

LDAP Auth

enable modules
ldap
authnz_ldap

Mailman

mailman

Restart processes

/etc/init.d/saslauthd start
/etc/init.d/slapd restart
/etc/init.d/cyrus2.2 restart
/etc/init.d/postfix restart
/etc/init.d/amavis-new start
/etc/init.d/mailman start


SquirrelMail

cambiar los separadores de "." a "/"

squirrelmail-configure
*3.  Folder Defaults
**3.  Trash Folder                  : INBOX/Trash
**4.  Sent Folder                   : INBOX/Sent
**5.  Drafts Folder                 : INBOX/Drafts

Name Service Cache Daemon (nscd)

apt-get install nscd

Services

IMAP Servers

Sample
URL de conexión
"{server:143/notls}"
Usuario administrador
"cyrus"
URL de conexión Sieve
"{server:2000/notls}"



References

Documentation

Email server howtos

Cyrus


Courier

Others

General