GOsa
De gacq wiki
- Guide under development
This guide apply for Debian Lenny. See also GOsa on CentOS
Contenido
Installation
aptitude install apache2 libapache2-mod-php5 php5 php5-cli php5-common php5-dev php5-gd \ php5-imagick php5-imap php5-ldap php5-memcache php5-mhash php5-mysql php5-pgsql \ php5-recode php5-snmp php5-sqlite mysql-server openssl
Installation using packages
- OpenLDAP Server
aptitude install slapd ldap-utils
- GOsa
aptitude install gosa gosa-schema
Installation from subversion repository
- Requisites
aptitude install apache2-mpm-prefork apache2-utils apache2.2-common defoma \ djvulibre-desktop fontconfig fontconfig-config fping gettext ghostscript gs-common gsfonts \ hicolor-icon-theme ldap-utils libapache2-mod-php5 libapr1 libaprutil1 libatk1.0-0 libatk1.0-data \ libc-client2007b libcairo2 libcroco3 libcrypt-smbhash-perl libcups2 libcupsimage2 libdatrie0 \ libdb4.2 libdigest-md4-perl libdirectfb-1.0-0 libdjvulibre21 libexpat1 libfontconfig1 \ libfontenc1 libfreetype6 libgd2-xpm libglib2.0-0 libglib2.0-data libgomp1 libgraphviz4 \ libgs8 libgsf-1-114 libgsf-1-common libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libice6 \ libilmbase6 libjasper1 libjpeg62 liblcms1 libltdl3 libmagick10 libmhash2 \ libmysqlclient15off libopenexr6 libpango1.0-0 libpango1.0-common libpaper-utils libpaper1 \ libperl5.10 libpixman-1-0 libpng12-0 libpq5 librecode0 librsvg2-2 libsasl2-modules libslp1 \ libsm6 libsysfs2 libt1-5 libthai-data libthai0 libtiff4 libts-0.0-0 libwmf0.2-7 \ libxcb-render-util0 libxcb-render0 libxcomposite1 libxcursor1 libxdamage1 libxfixes3 \ libxfont1 libxft2 libxi6 libxinerama1 libxpm4 libxrandr2 libxrender1 libxt6 mlock \ mysql-common odbcinst1debian1 php5 php5-cli php5-common php5-gd php5-imagick php5-imap \ php5-ldap php5-mhash php5-mysql php5-recode psfontmgr psmisc slapd smarty smarty-gettext \ ttf-dejavu ttf-dejavu-core ttf-dejavu-extra unixodbc wwwconfig-common x-ttcidfont-conf \ xfonts-encodings xfonts-utils
Services
Samba PDC
- Install Samba package and LDAP tools.
aptitude install samba smbldap-tools
slapd.conf
- Add new schemas to /etc/ldap/slapd.conf
include /etc/ldap/schema/samba3.schema include /etc/ldap/schema/trust.schema include /etc/ldap/schema/gosystem.schema include /etc/ldap/schema/gofon.schema include /etc/ldap/schema/goto.schema include /etc/ldap/schema/gosa-samba3.schema include /etc/ldap/schema/gofax.schema include /etc/ldap/schema/goserver.schema include /etc/ldap/schema/goto-mime.schema
- replace
access to attrs=userPassword,shadowLastChange
with
access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,sambaPwdMustChange,sambaPwdLastSet
Filesystem
- Create directories
mkdir -p /home/samba/netlogon mkdir -p /home/samba/profiles chmod 777 -R /home/samba/profiles
smb.conf
- Set LDAP admin password
smbpasswd -w secret
smbldap-tools
- Obtain domain SID
net getlocalsid
- Copy and edit smbldap-tools configuration files
cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf /etc/smbldap-tools/ cp /usr/share/doc/smbldap-tools/examples/smbldap.conf.gz /etc/smbldap-tools/ gunzip /etc/smbldap-tools/smbldap.conf.gz chmod 0644 /etc/smbldap-tools/smbldap.conf chmod 0600 /etc/smbldap-tools/smbldap_bind.conf
- Populate domain information to LDAP server
smbldap-populate
Authentication
libnss-ldap
- Install libnss-ldap package
aptitude install libnss-ldap
- Configure libnss-ldap
dpkg-reconfigure libnss-ldap
Using this values
- LDAP server Uniform Resource Identifier: ldap://127.0.0.1
- Distinguished name of the search base: dc=example,dc=com
- LDAP version to use: 3
- Does the LDAP database require login? No
- Special LDAP privileges for root? Yes
- Make the configuration file readable/writeable by its owner only? Yes
- LDAP account for root: cn=admin,dc=example,dc=com
- LDAP root account password: CHANGE
nsswitch.conf
- edit /etc/nsswitch.conf with
passwd: compat ldap group: compat ldap shadow: compat ldap
PAM
- Install libpam-ldap package
aptitude install libpam-ldap
- Configure libpam-ldap
dpkg-reconfigure libpam-ldap
Using this values
- LDAP server Uniform Resource Identifier: ldap://127.0.0.1
- Distinguished name of the search base: dc=example,dc=com
- LDAP version to use: 3
- Make local root Database admin. Yes
- Does the LDAP database require login? No
- LDAP account for root: cn=admin,dc=example,dc=com
- LDAP root account password: CHANGE
- Local crypt to use when changing passwords. MD5
- Edit /etc/pam.d/common-account
Comment out
account required pam_unix.so
and add
account sufficient pam_ldap.so account required pam_unix.so try_first_pass
- Edit /etc/pam.d/common-auth
Comment out
auth required pam_unix.so nullok_secure
and add
auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure use_first_pass
- Edit /etc/pam.d/common-password
Comment out
password required pam_unix.so nullok obscure min=4 max=8 md5
and add
password sufficient pam_ldap.so password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass
PDC in different network
- References
Mail server
- Postfix
aptitude install postfix postfix-ldap
- Cyrus
aptitude install cyrus-admin-2.2 cyrus-clients-2.2 cyrus-common-2.2 cyrus-doc-2.2 \ cyrus-imapd-2.2 cyrus-pop3d-2.2 cyrus-sasl2-doc libsasl2-modules libsasl2-2 \ libsasl2-modules-ldap sasl2-bin
- Other packages
aptitude install amavisd-new spamassassin clamav postgrey aptitude install zoo unzip bzip2 unzoo mc nmap iftop htop aptitude install phpldapadmin aptitude install squirrelmail aptitude install mailman
Monitoring
aptitude install amavis-stats mailgraph awstats munin-node smokeping aptitude install sarg webalizer
Configuration files
Leave as provided in tar file
- /etc/postfix/master.cf
- /etc/default/saslauthd
- /etc/amavis/conf.d/15-content_filter_mode
- /etc/logrotate.d/squid
Edit and change to your values
- /etc/postfix/main.cf
- /etc/postfix/virtualaliases.cf
- /etc/imapd.conf
- /etc/cyrus.conf
- /etc/saslauthd.conf
- /etc/smokeping/config.d/Targets
- /etc/awstats/awstats.postfix.conf
- ver
- /etc/webalizer/webalizer.conf
- /etc/squid/sarg.conf
OpenLDAP
/etc/ldap/slapd.conf
add these includes:
include /etc/ldap/schema/samba3.schema include /etc/ldap/schema/trust.schema include /etc/ldap/schema/gosystem.schema include /etc/ldap/schema/gofon.schema include /etc/ldap/schema/goto.schema include /etc/ldap/schema/gosa+samba3.schema include /etc/ldap/schema/gofax.schema include /etc/ldap/schema/goserver.schema include /etc/ldap/schema/goto-mime.schema
- References
TLS
openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/server.crt -keyout /etc/ssl/certs/server.key
GOsa
cp /usr/share/doc/gosa/contrib/openldap/trust.schema /etc/ldap/schema/ cp /usr/share/doc/gosa/contrib/openldap/samba3.schema.gz /etc/ldap/schema/ gunzip /etc/ldap/schema/samba3.schema.gz
Amavis
adduser clamav amavis ln -s /etc/amavis-stats/apache.conf /etc/apache2/conf.d/amavis-stats.conf
SASL
rm -r /var/run/saslauthd/ mkdir -p /var/spool/postfix/var/run/saslauthd ln -s /var/spool/postfix/var/run/saslauthd /var/run chgrp sasl /var/spool/postfix/var/run/saslauthd adduser postfix sasl
- /etc/postfix/sasl/smtpd.conf (VALIDAR)
pwcheck_method: saslauthd mech_list: plain login allow_plaintext: true ############## # Esta siguiente linea no es necesaria, pero evita que aparezcan errores de tipo: # Mar 29 18:59:12 calculin postfix/smtpd[14647]: auxpropfunc error invalid parameter supplied # Mar 29 18:59:12 calculin postfix/smtpd[14647]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb # en /var/log/auth.log ldapdb_uri: ldap://localhost ##############
Apache
LDAP Auth
- enable modules
ldap authnz_ldap
Mailman
mailman
Restart processes
/etc/init.d/saslauthd start /etc/init.d/slapd restart /etc/init.d/cyrus2.2 restart /etc/init.d/postfix restart /etc/init.d/amavis-new start /etc/init.d/mailman start
SquirrelMail
cambiar los separadores de "." a "/"
squirrelmail-configure
*3. Folder Defaults **3. Trash Folder : INBOX/Trash **4. Sent Folder : INBOX/Sent **5. Drafts Folder : INBOX/Drafts
Gosa config
Mail method=
- Crear servidor con datos de IMAP
- Crear cuenta de cyrus en LDAP
Server -> Services -> Mail Server check
/etc/gosa/gosa.conf
<main default="default" mailQueueScriptPath="/usr/bin/mailq"
Options reference at https://oss.gonicus.de/labs/gosa/wiki/InstallingGOsaSetup
Name Service Cache Daemon (nscd)
apt-get install nscd
References
Documentation
Email server howtos
Cyrus
- openldap/postfix/cyrus/samba (2004-Sarge
- OpenLDAP + Postfix + Cyrus (2007-apt)
- OpenLDAP + Postfix + cyrus (2006-apt)
- Postfix/Cyrus/OpenLDAP (2006-Debian
- Postfix-SASL-Cyrus-MySQL-Amavis-Postgrey-SpamAssassin-ClamAV-Squirrelmail-Mailman-Mailgraph-OMA (2006-Etch)
- serveur_de_mail
Courier
- HowTo: Debian+OpenSSL+Bind9+Postfix+OpenLDAP+Courier
- http://diariolinux.com/2008/02/22/howto-debianopensslbind9postfixopenldapcourier-i/
Others
- OpenLDAP + Postfix + Dovecot + JammSASL + SquirrelMail (2004-rpm)
- OpenLDAP + Samba
- OpenLDAP + Postfix + dovecot (2007-apt)
General
- http://www.improvisa.com/index.php?name=News&file=article&sid=387
- http://edin.no-ip.com/content/ldap-samba-pdc-pamnss-debian-lenny-howto
- http://hannibal.solstice.nl/hannibalwiki/doku.php?id=hannibal:start
- Postfix MTA, Courier IMAP/POP3, Maildrop, Gnarwl, Cyrus SASL and Openssl (2007-rpm)
- http://lena.franken.de/ldap/installing_gosa_debian_sarge.html
- http://koshrf.fercusoft.com/koshrf/
- http://www.nisled.org/wiki/index.php/Servidor_de_Arquivo_com_Ubuntu-Server