GOsa
De gacq wiki
Revisión del 13:54 17 sep 2009 de Gacq (discusión | contribuciones) (→Installation using subversion repository)
- Guide under development
This guide apply for Debian Lenny. See also GOsa on CentOS
Contenido
Installation
- Requisites
aptitude install slapd ldap-utils
Installation using packages
aptitude install gosa gosa-schema
cp /usr/share/doc/gosa/contrib/openldap/trust.schema /etc/ldap/schema/ cp /usr/share/doc/gosa/contrib/openldap/samba3.schema.gz /etc/ldap/schema/ gunzip /etc/ldap/schema/samba3.schema.gz
Installation using subversion repository
aptitude install subversion cd /tmp svn co https://oss.gonicus.de/repositories/gosa/trunk gosa-trunk mv /tmp/gosa-trunk/gosa-all /usr/share/gosa mkdir /etc/ldap/schema/gosa cp /usr/share/gosa/contrib/openldap/*.schema /etc/ldap/schema/gosa
cd /usr/share/gosa ./update-gosa
Installation from subversion repository
- Requisites
aptitude install libgtk2.0-common libatk1.0-0 libts-0.0-0 ttf-dejavu-core \ libxfixes3 apache2-utils libxcb-render-util0 liblcms1 libdjvulibre21 libwmf0.2-7 \ djvulibre-desktop libilmbase6 ttf-dejavu-extra libpixman-1-0 php5 libmagick10 \ openssl-blacklist libgomp1 libcairo2 libfontconfig1 fontconfig-config \ libpango1.0-common apache2-mpm-prefork php5-gd libxcb-render0 libpaper-utils \ hicolor-icon-theme wwwconfig-common libdatrie0 libdirectfb-1.0-0 fontconfig \ smarty libxfont1 librecode0 gettext apache2.2-common libpango1.0-0 gs-common \ libt1-5 libgtk2.0-bin libxft2 mlock libgsf-1-common libxcomposite1 libcroco3 \ smarty-gettext libopenexr6 libice6 libthai0 ssl-cert php5-mhash libc-client2007b \ libatk1.0-data libxpm4 fping libxrender1 libgd2-xpm libgs8 php5-recode libtiff4 \ libfontenc1 psfontmgr libjasper1 ttf-dejavu libjpeg62 php5-imap xfonts-utils \ libfreetype6 libthai-data libcupsimage2 ghostscript librsvg2-2 libsysfs2 \ php5-ldap php5-imagick libsm6 php5-mysql libmhash2 libxdamage1 php5-cli libxi6 \ libapache2-mod-php5 libxcursor1 xfonts-encodings libgraphviz4 libxt6 \ libxinerama1 defoma php5-common libxrandr2 x-ttcidfont-conf libgtk2.0-0 \ libgsf-1-114 gsfonts libpaper1
Encryption
openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/server.crt -keyout /etc/ssl/certs/server.key
VirtualHost
a2enmod ssl a2enmod rewrite
/etc/apache2/sites-available/gosa.domain.com.ar
<VirtualHost *:443> ServerName gosa.domain.com.ar ServerAdmin webmaster@gosa.domain.com.ar DocumentRoot /usr/share/gosa/html <Location /> php_admin_flag engine on php_admin_flag register_globals off php_admin_flag allow_call_time_pass_reference on php_admin_flag expose_php off php_admin_flag zend.ze1_compatibility_mode off php_admin_flag register_long_arrays off php_admin_flag magic_quotes_gpc on #include /etc/gosa/gosa.secrets </Location> CustomLog /var/log/apache2/gosa_access.log combined ErrorLog /var/log/apache2/gosa_error.log SSLEngine on SSLCertificateFile /etc/ssl/certs/gosa.domain.com.ar.crt SSLCertificateKeyFile /etc/ssl/certs/gosa.domain.com.ar.key </VirtualHost> <VirtualHost *:80> ServerName gosa.domain.com.ar RewriteEngine on RewriteCond %{HTTP_HOST} ^gosa\.domain\.com\.ar [NC] RewriteRule ^/(.*) https://gosa.domain.com.ar/$1 [L,R] </VirtualHost>
ln -s /etc/apache2/sites-available/gosa.domain.com.ar /etc/apache2/sites-enable/gosa.domain.com.ar /etc/init.d/apache2 restart
Configuration
Mail method=
- Crear servidor con datos de IMAP
- Crear cuenta de cyrus en LDAP
Server -> Services -> Mail Server check
/etc/gosa/gosa.conf
<main default="default" mailQueueScriptPath="/usr/bin/mailq"
Options reference at https://oss.gonicus.de/labs/gosa/wiki/InstallingGOsaSetup
Services
Samba PDC
- Install Samba package and LDAP tools.
aptitude install samba smbldap-tools
slapd.conf
- Add new schemas to /etc/ldap/slapd.conf
include /etc/ldap/schema/samba3.schema include /etc/ldap/schema/trust.schema include /etc/ldap/schema/gosystem.schema include /etc/ldap/schema/gofon.schema include /etc/ldap/schema/goto.schema include /etc/ldap/schema/gosa-samba3.schema include /etc/ldap/schema/gofax.schema include /etc/ldap/schema/goserver.schema include /etc/ldap/schema/goto-mime.schema
- replace
access to attrs=userPassword,shadowLastChange
with
access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,sambaPwdMustChange,sambaPwdLastSet
Filesystem
- Create directories
mkdir -p /home/samba/netlogon mkdir -p /home/samba/profiles chmod 777 -R /home/samba/profiles
smb.conf
- Set LDAP admin password
smbpasswd -w secret
smbldap-tools
- Obtain domain SID
net getlocalsid
- Copy and edit smbldap-tools configuration files
cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf /etc/smbldap-tools/ cp /usr/share/doc/smbldap-tools/examples/smbldap.conf.gz /etc/smbldap-tools/ gunzip /etc/smbldap-tools/smbldap.conf.gz chmod 0644 /etc/smbldap-tools/smbldap.conf chmod 0600 /etc/smbldap-tools/smbldap_bind.conf
- Populate domain information to LDAP server
smbldap-populate
Authentication
libnss-ldap
- Install libnss-ldap package
aptitude install libnss-ldap
- Configure libnss-ldap
dpkg-reconfigure libnss-ldap
Using this values
- LDAP server Uniform Resource Identifier: ldap://127.0.0.1
- Distinguished name of the search base: dc=example,dc=com
- LDAP version to use: 3
- Does the LDAP database require login? No
- Special LDAP privileges for root? Yes
- Make the configuration file readable/writeable by its owner only? Yes
- LDAP account for root: cn=admin,dc=example,dc=com
- LDAP root account password: CHANGE
nsswitch.conf
- edit /etc/nsswitch.conf with
passwd: compat ldap group: compat ldap shadow: compat ldap
PAM
- Install libpam-ldap package
aptitude install libpam-ldap
- Configure libpam-ldap
dpkg-reconfigure libpam-ldap
Using this values
- LDAP server Uniform Resource Identifier: ldap://127.0.0.1
- Distinguished name of the search base: dc=example,dc=com
- LDAP version to use: 3
- Make local root Database admin. Yes
- Does the LDAP database require login? No
- LDAP account for root: cn=admin,dc=example,dc=com
- LDAP root account password: CHANGE
- Local crypt to use when changing passwords. MD5
- Edit /etc/pam.d/common-account
Comment out
account required pam_unix.so
and add
account sufficient pam_ldap.so account required pam_unix.so try_first_pass
- Edit /etc/pam.d/common-auth
Comment out
auth required pam_unix.so nullok_secure
and add
auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure use_first_pass
- Edit /etc/pam.d/common-password
Comment out
password required pam_unix.so nullok obscure min=4 max=8 md5
and add
password sufficient pam_ldap.so password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass
PDC in different network
- References
Mail server
- Postfix
aptitude install postfix postfix-ldap
- Cyrus
aptitude install cyrus-admin-2.2 cyrus-clients-2.2 cyrus-common-2.2 cyrus-doc-2.2 \ cyrus-imapd-2.2 cyrus-pop3d-2.2 cyrus-sasl2-doc libsasl2-modules libsasl2-2 \ libsasl2-modules-ldap sasl2-bin
- Other packages
aptitude install amavisd-new spamassassin clamav postgrey aptitude install zoo unzip bzip2 unzoo mc nmap iftop htop aptitude install phpldapadmin aptitude install squirrelmail aptitude install mailman
Monitoring
aptitude install amavis-stats mailgraph awstats munin-node smokeping aptitude install sarg webalizer
Configuration files
Leave as provided in tar file
- /etc/postfix/master.cf
- /etc/default/saslauthd
- /etc/amavis/conf.d/15-content_filter_mode
- /etc/logrotate.d/squid
Edit and change to your values
- /etc/postfix/main.cf
- /etc/postfix/virtualaliases.cf
- /etc/imapd.conf
- /etc/cyrus.conf
- /etc/saslauthd.conf
- /etc/smokeping/config.d/Targets
- /etc/awstats/awstats.postfix.conf
- ver
- /etc/webalizer/webalizer.conf
- /etc/squid/sarg.conf
OpenLDAP
/etc/ldap/slapd.conf
add these includes:
include /etc/ldap/schema/samba3.schema include /etc/ldap/schema/trust.schema include /etc/ldap/schema/gosystem.schema include /etc/ldap/schema/gofon.schema include /etc/ldap/schema/goto.schema include /etc/ldap/schema/gosa+samba3.schema include /etc/ldap/schema/gofax.schema include /etc/ldap/schema/goserver.schema include /etc/ldap/schema/goto-mime.schema
- References
Amavis
adduser clamav amavis ln -s /etc/amavis-stats/apache.conf /etc/apache2/conf.d/amavis-stats.conf
SASL
rm -r /var/run/saslauthd/ mkdir -p /var/spool/postfix/var/run/saslauthd ln -s /var/spool/postfix/var/run/saslauthd /var/run chgrp sasl /var/spool/postfix/var/run/saslauthd adduser postfix sasl
- /etc/postfix/sasl/smtpd.conf (VALIDAR)
pwcheck_method: saslauthd mech_list: plain login allow_plaintext: true ############## # Esta siguiente linea no es necesaria, pero evita que aparezcan errores de tipo: # Mar 29 18:59:12 calculin postfix/smtpd[14647]: auxpropfunc error invalid parameter supplied # Mar 29 18:59:12 calculin postfix/smtpd[14647]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb # en /var/log/auth.log ldapdb_uri: ldap://localhost ##############
Apache
LDAP Auth
- enable modules
ldap authnz_ldap
Mailman
mailman
Restart processes
/etc/init.d/saslauthd start /etc/init.d/slapd restart /etc/init.d/cyrus2.2 restart /etc/init.d/postfix restart /etc/init.d/amavis-new start /etc/init.d/mailman start
SquirrelMail
cambiar los separadores de "." a "/"
squirrelmail-configure
*3. Folder Defaults **3. Trash Folder : INBOX/Trash **4. Sent Folder : INBOX/Sent **5. Drafts Folder : INBOX/Drafts
Name Service Cache Daemon (nscd)
apt-get install nscd
References
Documentation
Email server howtos
Cyrus
- openldap/postfix/cyrus/samba (2004-Sarge
- OpenLDAP + Postfix + Cyrus (2007-apt)
- OpenLDAP + Postfix + cyrus (2006-apt)
- Postfix/Cyrus/OpenLDAP (2006-Debian
- Postfix-SASL-Cyrus-MySQL-Amavis-Postgrey-SpamAssassin-ClamAV-Squirrelmail-Mailman-Mailgraph-OMA (2006-Etch)
- serveur_de_mail
Courier
- HowTo: Debian+OpenSSL+Bind9+Postfix+OpenLDAP+Courier
- http://diariolinux.com/2008/02/22/howto-debianopensslbind9postfixopenldapcourier-i/
Others
- OpenLDAP + Postfix + Dovecot + JammSASL + SquirrelMail (2004-rpm)
- OpenLDAP + Samba
- OpenLDAP + Postfix + dovecot (2007-apt)
General
- http://www.improvisa.com/index.php?name=News&file=article&sid=387
- http://edin.no-ip.com/content/ldap-samba-pdc-pamnss-debian-lenny-howto
- http://thegoldenear.org/toolbox/unices/samba-3-pdc-print-server-debian-etch.html
- http://hannibal.solstice.nl/hannibalwiki/doku.php?id=hannibal:start
- Postfix MTA, Courier IMAP/POP3, Maildrop, Gnarwl, Cyrus SASL and Openssl (2007-rpm)
- http://lena.franken.de/ldap/installing_gosa_debian_sarge.html
- http://koshrf.fercusoft.com/koshrf/
- http://www.nisled.org/wiki/index.php/Servidor_de_Arquivo_com_Ubuntu-Server