Diferencia entre revisiones de «GOsa»
De gacq wiki
(→Authentication) |
(→References) |
||
(No se muestran 16 ediciones intermedias del mismo usuario) | |||
Línea 4: | Línea 4: | ||
= Installation = | = Installation = | ||
+ | == Installation using packages == | ||
+ | === GOsa 2.5 === | ||
+ | <pre> | ||
+ | aptitude install gosa gosa-schema | ||
+ | </pre> | ||
+ | |||
+ | <pre> | ||
+ | cp /usr/share/doc/gosa/contrib/openldap/trust.schema /etc/ldap/schema/ | ||
+ | cp /usr/share/doc/gosa/contrib/openldap/samba3.schema.gz /etc/ldap/schema/ | ||
+ | gunzip /etc/ldap/schema/samba3.schema.gz | ||
+ | </pre> | ||
+ | |||
+ | === GOsa 2.6 === | ||
+ | ;/etc/apt/sources.list | ||
<pre> | <pre> | ||
− | + | deb http://oss.gonicus.de/pub/gosa/ debian-etch/ | |
− | |||
− | |||
</pre> | </pre> | ||
− | |||
− | |||
<pre> | <pre> | ||
− | aptitude install | + | aptitude update |
+ | aptitude install gosa | ||
+ | </pre> | ||
+ | |||
+ | == Installation using subversion repository == | ||
+ | <pre> | ||
+ | aptitude install subversion | ||
+ | cd /tmp | ||
+ | svn co https://oss.gonicus.de/repositories/gosa/trunk gosa-trunk | ||
+ | mv /tmp/gosa-trunk/gosa-all/gosa /usr/share/ | ||
+ | mkdir /etc/ldap/schema/gosa | ||
+ | cp /usr/share/gosa/contrib/openldap/*.schema /etc/ldap/schema/gosa | ||
</pre> | </pre> | ||
− | |||
<pre> | <pre> | ||
− | + | cd /usr/share/gosa | |
+ | ./update-gosa | ||
</pre> | </pre> | ||
Línea 24: | Línea 45: | ||
;Requisites | ;Requisites | ||
<pre> | <pre> | ||
− | aptitude install | + | aptitude install libgtk2.0-common libatk1.0-0 libts-0.0-0 ttf-dejavu-core \ |
− | + | libxfixes3 apache2-utils libxcb-render-util0 liblcms1 libdjvulibre21 libwmf0.2-7 \ | |
− | + | djvulibre-desktop libilmbase6 ttf-dejavu-extra libpixman-1-0 php5 libmagick10 \ | |
− | + | openssl-blacklist libgomp1 libcairo2 libfontconfig1 fontconfig-config \ | |
− | + | libpango1.0-common apache2-mpm-prefork php5-gd libxcb-render0 libpaper-utils \ | |
− | + | hicolor-icon-theme wwwconfig-common libdatrie0 libdirectfb-1.0-0 fontconfig \ | |
− | + | smarty libxfont1 librecode0 gettext apache2.2-common libpango1.0-0 gs-common \ | |
− | + | libt1-5 libgtk2.0-bin libxft2 mlock libgsf-1-common libxcomposite1 libcroco3 \ | |
− | + | smarty-gettext libopenexr6 libice6 libthai0 ssl-cert php5-mhash libc-client2007b \ | |
− | + | libatk1.0-data libxpm4 fping libxrender1 libgd2-xpm libgs8 php5-recode libtiff4 \ | |
− | + | libfontenc1 psfontmgr libjasper1 ttf-dejavu libjpeg62 php5-imap xfonts-utils \ | |
− | + | libfreetype6 libthai-data libcupsimage2 ghostscript librsvg2-2 libsysfs2 \ | |
− | + | php5-ldap php5-imagick libsm6 php5-mysql libmhash2 libxdamage1 php5-cli libxi6 \ | |
− | + | libapache2-mod-php5 libxcursor1 xfonts-encodings libgraphviz4 libxt6 \ | |
− | + | libxinerama1 defoma php5-common libxrandr2 x-ttcidfont-conf libgtk2.0-0 \ | |
− | + | libgsf-1-114 gsfonts libpaper1 | |
− | + | </pre> | |
+ | |||
+ | == Encryption == | ||
+ | <pre> | ||
+ | openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/server.crt -keyout /etc/ssl/certs/server.key | ||
+ | </pre> | ||
+ | |||
+ | == VirtualHost == | ||
+ | <pre> | ||
+ | a2enmod ssl | ||
+ | a2enmod rewrite | ||
+ | </pre> | ||
+ | |||
+ | /etc/apache2/sites-available/gosa.domain.com.ar | ||
+ | <pre> | ||
+ | <VirtualHost *:443> | ||
+ | ServerName gosa.domain.com.ar | ||
+ | ServerAdmin webmaster@gosa.domain.com.ar | ||
+ | |||
+ | DocumentRoot /usr/share/gosa/html | ||
+ | |||
+ | <Location /> | ||
+ | php_admin_flag engine on | ||
+ | php_admin_flag register_globals off | ||
+ | php_admin_flag allow_call_time_pass_reference on | ||
+ | php_admin_flag expose_php off | ||
+ | php_admin_flag zend.ze1_compatibility_mode off | ||
+ | php_admin_flag register_long_arrays off | ||
+ | php_admin_flag magic_quotes_gpc on | ||
+ | #include /etc/gosa/gosa.secrets | ||
+ | </Location> | ||
+ | |||
+ | CustomLog /var/log/apache2/gosa_access.log combined | ||
+ | ErrorLog /var/log/apache2/gosa_error.log | ||
+ | |||
+ | SSLEngine on | ||
+ | SSLCertificateFile /etc/ssl/certs/gosa.domain.com.ar.crt | ||
+ | SSLCertificateKeyFile /etc/ssl/certs/gosa.domain.com.ar.key | ||
+ | </VirtualHost> | ||
+ | |||
+ | <VirtualHost *:80> | ||
+ | ServerName gosa.domain.com.ar | ||
+ | RewriteEngine on | ||
+ | RewriteCond %{HTTP_HOST} ^gosa\.domain\.com\.ar [NC] | ||
+ | RewriteRule ^/(.*) https://gosa.domain.com.ar/$1 [L,R] | ||
+ | </VirtualHost> | ||
+ | </pre> | ||
+ | |||
+ | <pre> | ||
+ | ln -s /etc/apache2/sites-available/gosa.domain.com.ar /etc/apache2/sites-enabled/gosa.domain.com.ar | ||
+ | /etc/init.d/apache2 restart | ||
</pre> | </pre> | ||
+ | |||
+ | == Configuration == | ||
+ | http://hostname/gosa | ||
+ | |||
+ | Mail method= | ||
+ | |||
+ | *Crear servidor con datos de IMAP | ||
+ | *Crear cuenta de cyrus en LDAP | ||
+ | |||
+ | Server -> Services -> Mail Server check | ||
+ | |||
+ | /etc/gosa/gosa.conf | ||
+ | <pre> | ||
+ | <main default="default" | ||
+ | mailQueueScriptPath="/usr/bin/mailq" | ||
+ | </pre> | ||
+ | |||
+ | Options reference at https://oss.gonicus.de/labs/gosa/wiki/InstallingGOsaSetup | ||
= Services = | = Services = | ||
Línea 111: | Línea 200: | ||
=== Authentication === | === Authentication === | ||
+ | ==== libnss-ldap ==== | ||
;Install libnss-ldap package | ;Install libnss-ldap package | ||
<pre> | <pre> | ||
Línea 131: | Línea 221: | ||
* LDAP root account password: CHANGE | * LDAP root account password: CHANGE | ||
+ | ==== nsswitch.conf ==== | ||
;edit /etc/nsswitch.conf with | ;edit /etc/nsswitch.conf with | ||
<pre> | <pre> | ||
Línea 138: | Línea 229: | ||
</pre> | </pre> | ||
+ | ==== PAM ==== | ||
;Install libpam-ldap package | ;Install libpam-ldap package | ||
<pre> | <pre> | ||
Línea 170: | Línea 262: | ||
</pre> | </pre> | ||
− | + | ;Edit /etc/pam.d/common-auth | |
− | + | Comment out | |
+ | <pre> | ||
+ | auth required pam_unix.so nullok_secure | ||
+ | </pre> | ||
+ | |||
+ | and add | ||
<pre> | <pre> | ||
− | + | auth sufficient pam_ldap.so | |
+ | auth required pam_unix.so nullok_secure use_first_pass | ||
</pre> | </pre> | ||
− | ; | + | ;Edit /etc/pam.d/common-password |
+ | Comment out | ||
<pre> | <pre> | ||
− | + | password required pam_unix.so nullok obscure min=4 max=8 md5 | |
− | |||
− | |||
</pre> | </pre> | ||
− | + | and add | |
<pre> | <pre> | ||
− | + | password sufficient pam_ldap.so | |
− | + | password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass | |
− | |||
− | |||
− | |||
</pre> | </pre> | ||
+ | |||
+ | === PDC in different network === | ||
+ | ;References | ||
+ | *http://www.linuxquestions.org/linux/answers/Networking/Configure_BIND_DNS_to_Answer_Active_Directory_Queries | ||
+ | |||
+ | |||
== Monitoring == | == Monitoring == | ||
Línea 236: | Línea 336: | ||
;References | ;References | ||
*https://oss.gonicus.de/labs/gosa/wiki/InstallingLdap | *https://oss.gonicus.de/labs/gosa/wiki/InstallingLdap | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
= Amavis = | = Amavis = | ||
Línea 251: | Línea 341: | ||
ln -s /etc/amavis-stats/apache.conf /etc/apache2/conf.d/amavis-stats.conf | ln -s /etc/amavis-stats/apache.conf /etc/apache2/conf.d/amavis-stats.conf | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
= Apache = | = Apache = | ||
Línea 306: | Línea 375: | ||
</pre> | </pre> | ||
− | = | + | = Name Service Cache Daemon (nscd) = |
− | + | <pre> | |
− | + | apt-get install nscd | |
− | + | </pre> | |
− | |||
− | |||
− | |||
+ | = Services = | ||
+ | == IMAP Servers == | ||
+ | ;Sample | ||
+ | URL de conexión | ||
+ | "{server:143/notls}" | ||
+ | Usuario administrador | ||
+ | "cyrus" | ||
+ | URL de conexión Sieve | ||
+ | "{server:2000/notls}" | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
=References= | =References= | ||
Línea 332: | Línea 397: | ||
*[http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusAuthentication Cyrus Authentication - An Overview] | *[http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusAuthentication Cyrus Authentication - An Overview] | ||
*[http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusSaslComponents Cyrus SASL Components] | *[http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusSaslComponents Cyrus SASL Components] | ||
− | *http://www.postfix.org/ | + | *http://www.postfix.org/LDAPREADME.html |
==Email server howtos== | ==Email server howtos== | ||
Línea 356: | Línea 421: | ||
*http://www.improvisa.com/index.php?name=News&file=article&sid=387 | *http://www.improvisa.com/index.php?name=News&file=article&sid=387 | ||
*http://edin.no-ip.com/content/ldap-samba-pdc-pamnss-debian-lenny-howto | *http://edin.no-ip.com/content/ldap-samba-pdc-pamnss-debian-lenny-howto | ||
+ | *http://thegoldenear.org/toolbox/unices/samba-3-pdc-print-server-debian-etch.html | ||
*http://hannibal.solstice.nl/hannibalwiki/doku.php?id=hannibal:start | *http://hannibal.solstice.nl/hannibalwiki/doku.php?id=hannibal:start | ||
*[http://jriosgosa.blogspot.com/ Postfix MTA, Courier IMAP/POP3, Maildrop, Gnarwl, Cyrus SASL and Openssl (2007-rpm)] | *[http://jriosgosa.blogspot.com/ Postfix MTA, Courier IMAP/POP3, Maildrop, Gnarwl, Cyrus SASL and Openssl (2007-rpm)] |
Revisión actual del 08:15 14 abr 2010
- Guide under development
This guide apply for Debian Lenny. See also GOsa on CentOS
Contenido
Installation
Installation using packages
GOsa 2.5
aptitude install gosa gosa-schema
cp /usr/share/doc/gosa/contrib/openldap/trust.schema /etc/ldap/schema/ cp /usr/share/doc/gosa/contrib/openldap/samba3.schema.gz /etc/ldap/schema/ gunzip /etc/ldap/schema/samba3.schema.gz
GOsa 2.6
- /etc/apt/sources.list
deb http://oss.gonicus.de/pub/gosa/ debian-etch/
aptitude update aptitude install gosa
Installation using subversion repository
aptitude install subversion cd /tmp svn co https://oss.gonicus.de/repositories/gosa/trunk gosa-trunk mv /tmp/gosa-trunk/gosa-all/gosa /usr/share/ mkdir /etc/ldap/schema/gosa cp /usr/share/gosa/contrib/openldap/*.schema /etc/ldap/schema/gosa
cd /usr/share/gosa ./update-gosa
Installation from subversion repository
- Requisites
aptitude install libgtk2.0-common libatk1.0-0 libts-0.0-0 ttf-dejavu-core \ libxfixes3 apache2-utils libxcb-render-util0 liblcms1 libdjvulibre21 libwmf0.2-7 \ djvulibre-desktop libilmbase6 ttf-dejavu-extra libpixman-1-0 php5 libmagick10 \ openssl-blacklist libgomp1 libcairo2 libfontconfig1 fontconfig-config \ libpango1.0-common apache2-mpm-prefork php5-gd libxcb-render0 libpaper-utils \ hicolor-icon-theme wwwconfig-common libdatrie0 libdirectfb-1.0-0 fontconfig \ smarty libxfont1 librecode0 gettext apache2.2-common libpango1.0-0 gs-common \ libt1-5 libgtk2.0-bin libxft2 mlock libgsf-1-common libxcomposite1 libcroco3 \ smarty-gettext libopenexr6 libice6 libthai0 ssl-cert php5-mhash libc-client2007b \ libatk1.0-data libxpm4 fping libxrender1 libgd2-xpm libgs8 php5-recode libtiff4 \ libfontenc1 psfontmgr libjasper1 ttf-dejavu libjpeg62 php5-imap xfonts-utils \ libfreetype6 libthai-data libcupsimage2 ghostscript librsvg2-2 libsysfs2 \ php5-ldap php5-imagick libsm6 php5-mysql libmhash2 libxdamage1 php5-cli libxi6 \ libapache2-mod-php5 libxcursor1 xfonts-encodings libgraphviz4 libxt6 \ libxinerama1 defoma php5-common libxrandr2 x-ttcidfont-conf libgtk2.0-0 \ libgsf-1-114 gsfonts libpaper1
Encryption
openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/server.crt -keyout /etc/ssl/certs/server.key
VirtualHost
a2enmod ssl a2enmod rewrite
/etc/apache2/sites-available/gosa.domain.com.ar
<VirtualHost *:443> ServerName gosa.domain.com.ar ServerAdmin webmaster@gosa.domain.com.ar DocumentRoot /usr/share/gosa/html <Location /> php_admin_flag engine on php_admin_flag register_globals off php_admin_flag allow_call_time_pass_reference on php_admin_flag expose_php off php_admin_flag zend.ze1_compatibility_mode off php_admin_flag register_long_arrays off php_admin_flag magic_quotes_gpc on #include /etc/gosa/gosa.secrets </Location> CustomLog /var/log/apache2/gosa_access.log combined ErrorLog /var/log/apache2/gosa_error.log SSLEngine on SSLCertificateFile /etc/ssl/certs/gosa.domain.com.ar.crt SSLCertificateKeyFile /etc/ssl/certs/gosa.domain.com.ar.key </VirtualHost> <VirtualHost *:80> ServerName gosa.domain.com.ar RewriteEngine on RewriteCond %{HTTP_HOST} ^gosa\.domain\.com\.ar [NC] RewriteRule ^/(.*) https://gosa.domain.com.ar/$1 [L,R] </VirtualHost>
ln -s /etc/apache2/sites-available/gosa.domain.com.ar /etc/apache2/sites-enabled/gosa.domain.com.ar /etc/init.d/apache2 restart
Configuration
Mail method=
- Crear servidor con datos de IMAP
- Crear cuenta de cyrus en LDAP
Server -> Services -> Mail Server check
/etc/gosa/gosa.conf
<main default="default" mailQueueScriptPath="/usr/bin/mailq"
Options reference at https://oss.gonicus.de/labs/gosa/wiki/InstallingGOsaSetup
Services
Samba PDC
- Install Samba package and LDAP tools.
aptitude install samba smbldap-tools
slapd.conf
- Add new schemas to /etc/ldap/slapd.conf
include /etc/ldap/schema/samba3.schema include /etc/ldap/schema/trust.schema include /etc/ldap/schema/gosystem.schema include /etc/ldap/schema/gofon.schema include /etc/ldap/schema/goto.schema include /etc/ldap/schema/gosa-samba3.schema include /etc/ldap/schema/gofax.schema include /etc/ldap/schema/goserver.schema include /etc/ldap/schema/goto-mime.schema
- replace
access to attrs=userPassword,shadowLastChange
with
access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,sambaPwdMustChange,sambaPwdLastSet
Filesystem
- Create directories
mkdir -p /home/samba/netlogon mkdir -p /home/samba/profiles chmod 777 -R /home/samba/profiles
smb.conf
- Set LDAP admin password
smbpasswd -w secret
smbldap-tools
- Obtain domain SID
net getlocalsid
- Copy and edit smbldap-tools configuration files
cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf /etc/smbldap-tools/ cp /usr/share/doc/smbldap-tools/examples/smbldap.conf.gz /etc/smbldap-tools/ gunzip /etc/smbldap-tools/smbldap.conf.gz chmod 0644 /etc/smbldap-tools/smbldap.conf chmod 0600 /etc/smbldap-tools/smbldap_bind.conf
- Populate domain information to LDAP server
smbldap-populate
Authentication
libnss-ldap
- Install libnss-ldap package
aptitude install libnss-ldap
- Configure libnss-ldap
dpkg-reconfigure libnss-ldap
Using this values
- LDAP server Uniform Resource Identifier: ldap://127.0.0.1
- Distinguished name of the search base: dc=example,dc=com
- LDAP version to use: 3
- Does the LDAP database require login? No
- Special LDAP privileges for root? Yes
- Make the configuration file readable/writeable by its owner only? Yes
- LDAP account for root: cn=admin,dc=example,dc=com
- LDAP root account password: CHANGE
nsswitch.conf
- edit /etc/nsswitch.conf with
passwd: compat ldap group: compat ldap shadow: compat ldap
PAM
- Install libpam-ldap package
aptitude install libpam-ldap
- Configure libpam-ldap
dpkg-reconfigure libpam-ldap
Using this values
- LDAP server Uniform Resource Identifier: ldap://127.0.0.1
- Distinguished name of the search base: dc=example,dc=com
- LDAP version to use: 3
- Make local root Database admin. Yes
- Does the LDAP database require login? No
- LDAP account for root: cn=admin,dc=example,dc=com
- LDAP root account password: CHANGE
- Local crypt to use when changing passwords. MD5
- Edit /etc/pam.d/common-account
Comment out
account required pam_unix.so
and add
account sufficient pam_ldap.so account required pam_unix.so try_first_pass
- Edit /etc/pam.d/common-auth
Comment out
auth required pam_unix.so nullok_secure
and add
auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure use_first_pass
- Edit /etc/pam.d/common-password
Comment out
password required pam_unix.so nullok obscure min=4 max=8 md5
and add
password sufficient pam_ldap.so password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass
PDC in different network
- References
Monitoring
aptitude install amavis-stats mailgraph awstats munin-node smokeping aptitude install sarg webalizer
Configuration files
Leave as provided in tar file
- /etc/postfix/master.cf
- /etc/default/saslauthd
- /etc/amavis/conf.d/15-content_filter_mode
- /etc/logrotate.d/squid
Edit and change to your values
- /etc/postfix/main.cf
- /etc/postfix/virtualaliases.cf
- /etc/imapd.conf
- /etc/cyrus.conf
- /etc/saslauthd.conf
- /etc/smokeping/config.d/Targets
- /etc/awstats/awstats.postfix.conf
- ver
- /etc/webalizer/webalizer.conf
- /etc/squid/sarg.conf
OpenLDAP
/etc/ldap/slapd.conf
add these includes:
include /etc/ldap/schema/samba3.schema include /etc/ldap/schema/trust.schema include /etc/ldap/schema/gosystem.schema include /etc/ldap/schema/gofon.schema include /etc/ldap/schema/goto.schema include /etc/ldap/schema/gosa+samba3.schema include /etc/ldap/schema/gofax.schema include /etc/ldap/schema/goserver.schema include /etc/ldap/schema/goto-mime.schema
- References
Amavis
adduser clamav amavis ln -s /etc/amavis-stats/apache.conf /etc/apache2/conf.d/amavis-stats.conf
Apache
LDAP Auth
- enable modules
ldap authnz_ldap
Mailman
mailman
Restart processes
/etc/init.d/saslauthd start /etc/init.d/slapd restart /etc/init.d/cyrus2.2 restart /etc/init.d/postfix restart /etc/init.d/amavis-new start /etc/init.d/mailman start
SquirrelMail
cambiar los separadores de "." a "/"
squirrelmail-configure
*3. Folder Defaults **3. Trash Folder : INBOX/Trash **4. Sent Folder : INBOX/Sent **5. Drafts Folder : INBOX/Drafts
Name Service Cache Daemon (nscd)
apt-get install nscd
Services
IMAP Servers
- Sample
URL de conexión "{server:143/notls}" Usuario administrador "cyrus" URL de conexión Sieve "{server:2000/notls}"
References
Documentation
Email server howtos
Cyrus
- openldap/postfix/cyrus/samba (2004-Sarge
- OpenLDAP + Postfix + Cyrus (2007-apt)
- OpenLDAP + Postfix + cyrus (2006-apt)
- Postfix/Cyrus/OpenLDAP (2006-Debian
- Postfix-SASL-Cyrus-MySQL-Amavis-Postgrey-SpamAssassin-ClamAV-Squirrelmail-Mailman-Mailgraph-OMA (2006-Etch)
- serveur_de_mail
Courier
- HowTo: Debian+OpenSSL+Bind9+Postfix+OpenLDAP+Courier
- http://diariolinux.com/2008/02/22/howto-debianopensslbind9postfixopenldapcourier-i/
Others
- OpenLDAP + Postfix + Dovecot + JammSASL + SquirrelMail (2004-rpm)
- OpenLDAP + Samba
- OpenLDAP + Postfix + dovecot (2007-apt)
General
- http://www.improvisa.com/index.php?name=News&file=article&sid=387
- http://edin.no-ip.com/content/ldap-samba-pdc-pamnss-debian-lenny-howto
- http://thegoldenear.org/toolbox/unices/samba-3-pdc-print-server-debian-etch.html
- http://hannibal.solstice.nl/hannibalwiki/doku.php?id=hannibal:start
- Postfix MTA, Courier IMAP/POP3, Maildrop, Gnarwl, Cyrus SASL and Openssl (2007-rpm)
- http://lena.franken.de/ldap/installing_gosa_debian_sarge.html
- http://koshrf.fercusoft.com/koshrf/
- http://www.nisled.org/wiki/index.php/Servidor_de_Arquivo_com_Ubuntu-Server