Diff for "ebox_setup"

Differences between revisions 5 and 9 (spanning 4 versions)
Revision 5 as of 2010-08-27 09:00:23
Size: 1992
Editor: static-213-115-88-58
Comment:
Revision 9 as of 2011-11-13 05:58:30
Size: 2094
Editor: c83-254-148-65
Comment: correct misspellings
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
== Ställa in EBOX == == Setup the EBOX ==
Line 4: Line 4:
Before we can use our ebox server and connect other services to it we have to make som setup on the ebox to get it to work Before we can use our ebox server and connect other services to it, we have to do some setup on the ebox to get it to work.
Line 8: Line 8:
Make shoure that the iptables is off ore acceting connections on port 389 from the addres on where you what to put your service Make sure that iptables is off or accepting connections on port 389 from the address on which you want to put your service:
Line 10: Line 10:
    {{{iptables -L}}} {{{
 iptables -L
}}}
Line 17: Line 19:
We have to make shoure that our ldao server is responding on all interfaces so that we can connect to it from an other server. We have to make sure that our ldap server is responding on all interfaces so that we can connect to it from another server.
{{{
Line 20: Line 22:

Should look like this		 }}}
Should look like this:
{{{
Line 24: Line 26:
}}}
Line 27: Line 30:
'''Linux Login PAM'''
Line 28: Line 32:
'''Linux Loggin PAM''' In order for the Ubuntu user to be able to login later, we must change the login skel to /bin/bash
{{{
    sudo nano /etc/ebox/80samba.conf
}}}
And change so that it looks like:
{{{
    login_shell = /bin/bash
}}}
this will change the login skel for a new user. But for an existing user ("matte") you must run:
{{{
    smbldap-userinfo matte
}}}
Don't change anything other than the login skel or the user account can break
Line 30: Line 46:
In order that our ubuntu user should be able to loggin later we must change the login skel to /bin/bash '''LDAP Admin Information'''
Line 32: Line 48:
    sudo nano /etc/ebox/80samba.conf
    
And chnage so that is looks like		 Sometimes when you connect other services to the ebox ldap you have to enter the ldap admin account. And to get the admin account and password do the following;
Line 36: Line 50:
    login_shell = /bin/bash

this will change the login skel for new user. But for old user you must run

    smbldap-userinfo matte
    
Dont change anything other then the login skel ore the user can break

'''LDAP Admin uppgifter'''

Somtimes when you connect other services to the ebox ldap you have to enter the ldap admin acount. And to get the admin account and password out do this.

get root 		get root:
{{{
Line 50: Line 53:

Get all of the ldap tree		 }}}
Get all of the ldap tree:
{{{
Line 54: Line 57:

Search in the output for this entery
    		 }}}
Search in the output for this entry:
{{{
Line 63: Line 66:
}}}
Line 67: Line 70:
No get the password 

 		Now get the password:
{{{
Line 71: Line 73:

And ther you have you admin account and password for the ldap server.		 }}}
And there you have your admin account and password for the ldap server.
Line 76: Line 78:
Test if you have connection to the ebox from an external server Test if you have connection to the ebox from an external server:
{{{
Line 79: Line 81:

You should get		 }}}
You should get:
{{{
Line 84: Line 86:
}}}
Line 85: Line 88:
Time to get some services to the ebox server Time to get some services to the ebox server.

Setup the EBOX

Before we can use our ebox server and connect other services to it, we have to do some setup on the ebox to get it to work.

IPTABLES

Make sure that iptables is off or accepting connections on port 389 from the address on which you want to put your service: 

    iptables -L

SLAPD

We have to make sure that our ldap server is responding on all interfaces so that we can connect to it from another server. 

    sudo nano /etc/default/slapd

Should look like this: 

    SLAPD_SERVICES="ldap://0.0.0.0 ldapi://%2fvar%2frun%2fslapd%2fldapi/????x-mod=0$

Linux Login PAM

In order for the Ubuntu user to be able to login later, we must change the login skel to /bin/bash 

    sudo nano /etc/ebox/80samba.conf

And change so that it looks like: 

    login_shell = /bin/bash

this will change the login skel for a new user. But for an existing user ("matte") you must run: 

    smbldap-userinfo matte

Don't change anything other than the login skel or the user account can break

LDAP Admin Information

Sometimes when you connect other services to the ebox ldap you have to enter the ldap admin account. And to get the admin account and password do the following;

get root: 

    sudo su

Get all of the ldap tree: 

    ldapsearch -x -b"dc=kalle,dc=se"

Search in the output for this entry: 

    # ebox, kalle.se
    dn: cn=ebox,dc=kalle,dc=se
    objectClass: organizationalRole
    objectClass: simpleSecurityObject
    description: eBox admin account
    cn: ebox

So my admin user is "cn=ebox,dc=kalle,dc=se"

Now get the password: 

    less /etc/ldap.secret

And there you have your admin account and password for the ldap server.

TEST

Test if you have connection to the ebox from an external server: 

    telnet ebox-ip 389

You should get: 

    Connected to localhost.
    Escape character is '^]'.

Time to get some services to the ebox server.

ebox_setup (last edited 2011-11-13 05:58:30 by c83-254-148-65)