Archive for » March, 2010 «

Mar
31

User Account Integration between Samba PDC & Zimbra Mail Server on openSUSE/SLES Part 2 (Finish)

This is part 2 of 2 article. Previous article : User Account Integration between Samba PDC & Zimbra Mail Server on openSUSE/SLES Part 1

MANAGING SAMBA DOMAIN WITH ZIMBRA ADMIN

  • Restart samba service with the following command :
service smb restart
  • Login to Zimbra Admin and see that these are 2 new entry on left panel menu : Posix Groups and Samba Domain. If you click on Samba Domain, there should be existing entry, your Samba domain (in my sample : vavai.co.id). Please restart your computer if you found nothing on the Samba Domain menu.
    `

Continue Reading complete article »

Category: OpenSUSE, Server, Zimbra  Tags: , , ,  One Comment
Mar
31

User Account Integration between Samba PDC & Zimbra Mail Server on openSUSE/SLES

Note : This is part one of 2 article. I decided to split the tutorial to make it easier to read (and to write :-) )

This tutorial describes how you can configure Zimbra Mail Server & Collaboration Suite and Samba to act as a primary domain controller (PDC) that uses Zimbra LDAP (Lightweight Directory Access Protocol) as a central password database for authenticating users on Linux and Windows desktops. The integration process will make it easier for administrators to manage Zimbra Mail Server and Samba PDC / Active Directory account because it use same LDAP database. If applied in corporate environments or institutions who have been using Windows Server, this guide can be used to set up Linux servers to replace the Windows Active Directory Server and Microsoft Exchange Server.

The setup described in this document is not the only possible way to make Samba and Zimbra use the same user database for authentication. You may also use Zimbra External Authentication with Samba PDC. External authentication are a little bit easy to be setting up, but we must manage the mailbox profile in Zimbra and it doesn’t seamlessly integrate Zimbra into Samba PDC+OpenLDAP. It is highly recommended to get familiar with Zimbra, Samba, LDAP and PAM, before you start the installation.

This tutorial are based on Zimbra wiki article : UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI 6.0 but has been tune up to works successfully on openSUSE/SLES environment. The original wiki using Ubuntu/RedHat environment which doesn’t automatically fit with openSUSE/SLES configuration.

I’m using Zimbra Mail Server 6.0.5 64 bit with the following configuration :

Domain & Hostname

Domain   : vavai.co.id
Hostname : zcspdc.vavai.co.id

IP Address

IP Address    : 192.168.10.1
Name Server 1 : 192.168.10.1
Name Server 2 : 8.8.8.8  (Google public DNS Server)
Name Server 3 : 208.67.222.222 (OpenDNS public DNS Server)
Router        : 192.168.10.254 (ADSL Modem)

File /etc/hosts

127.0.0.1       localhost
192.168.10.1    zcspdc.vavai.co.id zcspdc

ZIMBRA INSTALLATION

Please use following article to install Zimbra on SLES 11 : Installing Zimbra 6.0.5 64 bit on SUSE Linux Enterprise Server (SLES) 11 64 bit or use this tutorial : Installing Zimbra 6.0.4 on openSUSE 11.1 64 bit for Zimbra+openSUSE version.

ZIMBRA LDAP CONFIGURATION

The following script will automatically configure Zimbra LDAP as below :

  • Add Samba Schema into Zimbra LDAP
  • Add proper index into Zimbra LDAP Schema
  • Add 2 user (zmposix and zmposixroot) as Zimbra LDAP Administrative Account with default password : rahasia
  • Adjust Zimbra LDAP ACL to allow administrative task regarding Samba-Zimbra integration
  • Add Admin Extension Zimbra Posfix Account and Zimbra Samba Extension

Thanks to Peracchi and Lithorus on the following thread on Zimbra Forum for idea and a great script.

To run the automated script, run the following commandon console/terminal :

su
cd /srv
wget -c http://vavai.com/wp-content/uploads/zcs-samba.tar.gz
tar -zxvf zcs-samba.tar.gz
su - zimbra
cd /srv/zcs-samba
./zcs-samba.sh

NOTE : The script will automatically use ‘rahasia’ (Indonesian word means ‘secret’ :-P ) as default password for zmposixroot and zmposix password. Please modify script to use your own password by change the following code on /srv/zcs-samba/zcs-samba.sh  :

# set password for the posix ldap accounts
ZMPOSIX_LDAP_PASSWORD=`/opt/zimbra/openldap/sbin/slappasswd -s rahasia`
ZMPOSIXROOT_LDAP_PASSWORD=`/opt/zimbra/openldap/sbin/slappasswd -s rahasia`
echo "Domain : $DOMAIN"
echo "Hostname : $HOSTNAME"
echo "Zimbra LDAP Password : $ZIMBRA_LDAP_PASSWORD"
echo "LDAP Prefix : $LDAP_PREFIX"
echo "ZMPOSIX_LDAP_PASSWORD : rahasia"

Change ‘rahasia’ on the above line with your own password.

SAMBA INSTALLATION

  • Open YAST | Network Service | Samba Server. YAST will automatically added Samba package if you never install it.
  • On the first wizard, fill in the workgroup/domain name. I’m using vavai.co.id as my domain name as shown on top of the tutorial. Click Next.
  • On Samba Server Type, Choose Primary Domain Controller (PDC) and then click Next
  • On start-up, choose Service Start During Boot so Samba will automatically be activated during boot. Don’t forget to open your Firewall port
  • Move to LDAP Setting tab.
  • Click on Use LDAP Password Back-End option
  • Change LDAP Server URL from default entry ldap://127.0.0.1 to be ldap://192.168.10.1 (remember my IP address configuration above). Use same address to  IdMap Back-End
  • Change Search Base DN to Zimbra LDAP DN, mine are dc=vavai,dc=co,dc=id
  • Fill in Administrator DN and the password: uid=zmposixroot,cn=appaccts,cn=zimbra). Click Test Connection to test the connection between Zimbra and Samba machine.
  • Click Advanced Setting | Expert LDAP Setting
  • Change user suffix to be ou=people
  • Change group suffix to be ou=groups
  • Change Machine suffix to be ou=machines
  • Click OK to close Expert LDAP Setting windows
  • Click OK to close Samba Server wizard. Fill in password for Samba root /Administrator password. To prevent any confused setting, I’m using same password between zmposixroot, zmposix and Samba root password :-P

SAMBA CONFIGURATION

  • Open /etc/samba/smb.conf with your preferred text editor (vi, gedit, kate or kwrite)
  • Give it a # (comment mark) on the following line (if you do not use dhcp on your Samba configuration) :
include = /etc/samba/dhcp.conf
  • Save the configuration

LDAP CLIENT CONFIGURATION

  • Click YAST | Network Services | LDAP Client
  • Click Use LDAP on User Authentication
  • Change Address to use Zimbra IP (192.168.10.1)
  • Fill in LDAP Base DN (dc=vavai,dc=co,dc=id)
  • Leave others as is
  • Click Advanced Configuration
  • Change Password Change Protocol to MD5
  • Leave Group Member Attribute = Member setting
  • Click on Administration Setting tab
  • Fill in uid=zmposixroot,cn=appaccts,cn=zimbra on Administrator DN text box. Leave  Append Base DN setting unchecked
  • Leave Create Default Configuration Objects setting unchecked
  • Click OK
  • Click OK

NSS-LDAP & PAM-LDAP CONFIGURATION

  • Open file /etc/ldap.conf with your preferred text editor and change the following line (remove # mark)
host 192.168.10.1
base dc=vavai,dc=co,dc=id
binddn uid=zmposix,cn=appaccts,cn=zimbra
bindpw rahasia
rootbinddn uid=zmposixroot,cn=appaccts,cn=zimbra
port 389
bind_policy soft
nss_reconnect_tries 2
uri ldap://192.168.10.1/
ssl start_tls
tls_cacertdir /opt/zimbra/conf/ca
tls_checkpeer no
pam_password md5
nss_base_passwd         ou=people,dc=vavai,dc=co,dc=id?one
nss_base_shadow         ou=people,dc=vavai,dc=co,dc=id?one
nss_base_group          ou=groups,dc=vavai,dc=co,dc=id?one
nss_base_hosts          ou=machines,dc=vavai,dc=co,dc=id?one
  • Save the configuration
  • Edit /etc/nsswitch.conf and change the following line :
passwd: compat
group: compat

with

passwd: files ldap
group: files ldap
  • Edit /etc/pam.d/common-account and change the configuration as below :
account sufficient pam_unix.so
account sufficient pam_ldap.so
  • Edit /etc/pam.d/common-auth and change the configuration as below :
auth sufficient pam_ldap.so
auth sufficient pam_unix.so
  • Edit /etc/pam.d/common-password and change the configuration as below :
password sufficient pam_unix.so
password sufficient pam_ldap.so
  • Edit /etc/pam.d/common-session and change the configuration as below :
session sufficient pam_unix.so
session sufficient pam_ldap.so

Tutorial will be continue to part 2 of User Account Integration between Samba PDC & Zimbra Mail Server on openSUSE / SLES.

Category: Headline, OpenSUSE, Server, Zimbra  Tags: , , , , , ,  4 Comments
Mar
30

How To : Samba PDC+OpenLDAP on openSUSE/SLES Part 2 (Finish)

Previous tutorial : Samba PDC+OpenLDAP on openSUSE/SLES Part 1, Setting LDAP Server

SETTING LDAP CLIENT

  1. Click YAST | Network Services | LDAP Client
  2. Click Use LDAP pada User Authentication
  3. Fill in Address with server IP or by using 127.0.0.1 as default address
  4. Mark  LDAP TLS/SSL option checked if you choose to use TLS/SSL on previous tutorial, or vice versa, leave it unchecked if you choose to not use TLS on previous tutorial 
  5. Fill in LDAP Base DN (dc=namadomain, dc=tld, ex : dc=vavai,dc=co,dc=id). You may also get the LDAP Base DN by clicking  Fetch DN button
  6. Leave others option as is
    `
  7. Click Advanced Configuration
  8. Change Password Change Protocol to MD5
  9. Leave option Group Member Attribute = Member unchanged
    `

  10. Click Administration Setting
  11. Fill in cn=Administrator on Administrator DN. Don’t forget to give a check on Append Base DN option
  12. Mark a check on Create Default Configuration Objects option
    `
  13. Click OK
  14. Click OK

Continue Reading complete article »

Category: OpenSUSE, Server  Tags: , , , ,  9 Comments
« Previous Entries

Switch to our mobile site