GOsa

De gacq wiki
Revisión del 11:44 2 sep 2009 de Gacq (discusión | contribuciones) (smbldap-tools)
Saltar a: navegación, buscar
Guide under development

This guide apply for Debian Lenny. See also GOsa on CentOS

Installation

aptitude install apache2 libapache2-mod-php5 php5 php5-cli php5-common php5-dev php5-gd  \
    php5-imagick php5-imap php5-ldap php5-memcache php5-mhash php5-mysql php5-pgsql     \
    php5-recode php5-snmp php5-sqlite mysql-server openssl

Installation using packages

OpenLDAP Server
aptitude install slapd ldap-utils
GOsa
aptitude install gosa gosa-schema

Installation from subversion repository

Requisites
aptitude install apache2-mpm-prefork apache2-utils apache2.2-common defoma \
  djvulibre-desktop fontconfig fontconfig-config fping gettext ghostscript gs-common gsfonts \
  hicolor-icon-theme ldap-utils libapache2-mod-php5 libapr1 libaprutil1 libatk1.0-0 libatk1.0-data \
  libc-client2007b libcairo2 libcroco3 libcrypt-smbhash-perl libcups2 libcupsimage2 libdatrie0 \
  libdb4.2 libdigest-md4-perl libdirectfb-1.0-0 libdjvulibre21 libexpat1 libfontconfig1 \
  libfontenc1 libfreetype6 libgd2-xpm libglib2.0-0 libglib2.0-data libgomp1 libgraphviz4 \
  libgs8 libgsf-1-114 libgsf-1-common libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libice6 \
  libilmbase6 libjasper1 libjpeg62 liblcms1 libltdl3 libmagick10 libmhash2 \
  libmysqlclient15off libopenexr6 libpango1.0-0 libpango1.0-common libpaper-utils libpaper1 \
  libperl5.10 libpixman-1-0 libpng12-0 libpq5 librecode0 librsvg2-2 libsasl2-modules libslp1 \
  libsm6 libsysfs2 libt1-5 libthai-data libthai0 libtiff4 libts-0.0-0 libwmf0.2-7 \
  libxcb-render-util0 libxcb-render0 libxcomposite1 libxcursor1 libxdamage1 libxfixes3 \
  libxfont1 libxft2 libxi6 libxinerama1 libxpm4 libxrandr2 libxrender1 libxt6 mlock \
  mysql-common odbcinst1debian1 php5 php5-cli php5-common php5-gd php5-imagick php5-imap \
  php5-ldap php5-mhash php5-mysql php5-recode psfontmgr psmisc slapd smarty smarty-gettext \
  ttf-dejavu ttf-dejavu-core ttf-dejavu-extra unixodbc wwwconfig-common x-ttcidfont-conf \
  xfonts-encodings xfonts-utils

Services

Samba PDC

Install Samba package and LDAP tools.
aptitude install samba smbldap-tools

slapd.conf

Add new schemas to /etc/ldap/slapd.conf
include         /etc/ldap/schema/samba3.schema
include         /etc/ldap/schema/trust.schema
include         /etc/ldap/schema/gosystem.schema
include         /etc/ldap/schema/gofon.schema
include         /etc/ldap/schema/goto.schema
include         /etc/ldap/schema/gosa-samba3.schema
include         /etc/ldap/schema/gofax.schema
include         /etc/ldap/schema/goserver.schema
include         /etc/ldap/schema/goto-mime.schema
replace
access to attrs=userPassword,shadowLastChange

with

access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,sambaPwdMustChange,sambaPwdLastSet

Filesystem

Create directories
mkdir -p /home/samba/netlogon
mkdir -p /home/samba/profiles
chmod 777 -R /home/samba/profiles

smb.conf

Set LDAP admin password
smbpasswd -w secret

smbldap-tools

Obtain domain SID
net getlocalsid
Copy and edit smbldap-tools configuration files
cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf /etc/smbldap-tools/
cp /usr/share/doc/smbldap-tools/examples/smbldap.conf.gz /etc/smbldap-tools/
gunzip /etc/smbldap-tools/smbldap.conf.gz
chmod 0644 /etc/smbldap-tools/smbldap.conf
chmod 0600 /etc/smbldap-tools/smbldap_bind.conf
Populate domain information to LDAP server
smbldap-populate

Authentication

Install libnss-ldap package
aptitude install libnss-ldap
Configure libnss-ldap
dpkg-reconfigure libnss-ldap

Using this values

  • LDAP server Uniform Resource Identifier: ldap://127.0.0.1
  • Distinguished name of the search base: dc=example,dc=com
  • LDAP version to use: 3
  • Does the LDAP database require login? No
  • Special LDAP privileges for root? Yes
  • Make the configuration file readable/writeable by its owner only? Yes
  • LDAP account for root: cn=admin,dc=example,dc=com
  • LDAP root account password: CHANGE
edit /etc/nsswitch.conf with
passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap
Install libpam-ldap package
aptitude install libpam-ldap
Configure libpam-ldap
dpkg-reconfigure libpam-ldap

Using this values

  • LDAP server Uniform Resource Identifier: ldap://127.0.0.1
  • Distinguished name of the search base: dc=example,dc=com
  • LDAP version to use: 3
  • Make local root Database admin. Yes
  • Does the LDAP database require login? No
  • LDAP account for root: cn=admin,dc=example,dc=com
  • LDAP root account password: CHANGE
  • Local crypt to use when changing passwords. MD5

Mail server

Postfix
aptitude install postfix postfix-ldap
Cyrus
aptitude install cyrus-admin-2.2 cyrus-clients-2.2 cyrus-common-2.2 cyrus-doc-2.2 \
    cyrus-imapd-2.2 cyrus-pop3d-2.2 cyrus-sasl2-doc libsasl2-modules libsasl2-2 \
    libsasl2-modules-ldap sasl2-bin 
Other packages
aptitude install amavisd-new spamassassin clamav postgrey
aptitude install zoo unzip bzip2 unzoo mc nmap iftop htop
aptitude install phpldapadmin
aptitude install squirrelmail 
aptitude install mailman

Monitoring

aptitude install amavis-stats mailgraph awstats munin-node smokeping
aptitude install sarg webalizer

Configuration files

Leave as provided in tar file

  • /etc/postfix/master.cf
  • /etc/default/saslauthd
  • /etc/amavis/conf.d/15-content_filter_mode
  • /etc/logrotate.d/squid

Edit and change to your values

  • /etc/postfix/main.cf
  • /etc/postfix/virtualaliases.cf
  • /etc/imapd.conf
  • /etc/cyrus.conf
  • /etc/saslauthd.conf
  • /etc/smokeping/config.d/Targets
  • /etc/awstats/awstats.postfix.conf
ver
  • /etc/webalizer/webalizer.conf
  • /etc/squid/sarg.conf

OpenLDAP

/etc/ldap/slapd.conf

add these includes:

include         /etc/ldap/schema/samba3.schema
include         /etc/ldap/schema/trust.schema
include         /etc/ldap/schema/gosystem.schema
include         /etc/ldap/schema/gofon.schema
include         /etc/ldap/schema/goto.schema
include         /etc/ldap/schema/gosa+samba3.schema
include         /etc/ldap/schema/gofax.schema
include         /etc/ldap/schema/goserver.schema
include         /etc/ldap/schema/goto-mime.schema
References

TLS

openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/server.crt -keyout /etc/ssl/certs/server.key

GOsa

cp /usr/share/doc/gosa/contrib/openldap/trust.schema /etc/ldap/schema/
cp /usr/share/doc/gosa/contrib/openldap/samba3.schema.gz /etc/ldap/schema/
gunzip /etc/ldap/schema/samba3.schema.gz

Amavis

adduser clamav amavis
ln -s /etc/amavis-stats/apache.conf /etc/apache2/conf.d/amavis-stats.conf

SASL

rm -r /var/run/saslauthd/
mkdir -p /var/spool/postfix/var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run
chgrp sasl /var/spool/postfix/var/run/saslauthd
adduser postfix sasl
/etc/postfix/sasl/smtpd.conf (VALIDAR)
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
##############
# Esta siguiente linea no es necesaria, pero evita que aparezcan errores de tipo:
# Mar 29 18:59:12 calculin postfix/smtpd[14647]: auxpropfunc error invalid parameter supplied
# Mar 29 18:59:12 calculin postfix/smtpd[14647]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb
# en /var/log/auth.log
ldapdb_uri: ldap://localhost
##############

Apache

LDAP Auth

enable modules
ldap
authnz_ldap

Mailman

mailman

Restart processes

/etc/init.d/saslauthd start
/etc/init.d/slapd restart
/etc/init.d/cyrus2.2 restart
/etc/init.d/postfix restart
/etc/init.d/amavis-new start
/etc/init.d/mailman start


SquirrelMail

cambiar los separadores de "." a "/"

squirrelmail-configure
*3.  Folder Defaults
**3.  Trash Folder                  : INBOX/Trash
**4.  Sent Folder                   : INBOX/Sent
**5.  Drafts Folder                 : INBOX/Drafts

Gosa config

http://hostname/gosa

Mail method=

  • Crear servidor con datos de IMAP
  • Crear cuenta de cyrus en LDAP


Server -> Services -> Mail Server check

/etc/gosa/gosa.conf

        <main default="default"
                mailQueueScriptPath="/usr/bin/mailq"

Options reference at https://oss.gonicus.de/labs/gosa/wiki/InstallingGOsaSetup

Packages

References

Documentation

Email server howtos

Cyrus


Courier

Others

General