Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

HideElements
metastrue
commentstrue
breadcrumbtrue
childpagestrue
watchtrue
sharetrue
favoritetrue
likestrue




Table of Contents

Prerequisite:

  • Working DNS server
  • Working  active directory server

Domain = kopano.local 

kopano server =  mail.kopano.local

Installation

Add kopano server to the  domain

To add  the kopano-server in a domain we use the tool 'PowerBroker Identity Services' 

Code Block
languagebash
themeMidnight
$ sudo wget http://download.beyondtrust.com/PBISO/8.2.1/linux.deb.x64/pbis-open-8.2.1.2979.linux.x86_64.deb.sh
$ sudo chmod +x pbis-open-8.2.1.2979.linux.x86_64.deb.sh

Start the tool.

Code Block
languagebash
themeMidnight
$ sudo ./pbis-open-8.2.1.2979.linux.x86_64.deb.sh
Code Block
languagebash
themeMidnight
$ sudo domainjoin-cli join kopano.LOCAL administrator
 
Joining to AD Domain:   kopano.LOCAL
With Computer DNS Name: mail.kopano.LOCAL
administrator@kopano.LOCAL's password:
...
Your system has been configured to authenticate to Active Directory for the first time.  It is recommended that you restart your system to ensure that all applications recognize the new settings.
SUCCESS

Create a keytab file for the kopano server

Create a user in the active directory for the kopano server in this example it is 'mail'.   

Create a Keytab file for the kopano server with the user 'mail' 

Code Block
languagevb
themeMidnight
$ sudo ktpass -princ HTTP/mail.kopano.local@kopano.LOCAL -mapuser mail@kopano.LOCAL -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -pass <Password> -out c:/mail.keytab

Install mpm-prefork mod-auth-kerb


Code Block
languagebash
themeMidnight
$ sudo apt-get install apache2-mpm-prefork libapache2-mod-auth-kerb

 

Creatte a directory in /etc/apache2/keytab and move the mail.keytab 


Code Block
themeMidnight
$ sudo mkdir -p /etc/apache2/keytab
$ sudo mv /shared/mail.keytab /etc/apache2/keytab/


Settings 

kopano Settings

To enable the sso change the following  setting in the server.cfg

Code Block
languagephp
themeMidnight
server_hostname = mail.kopano.local
local_admin_users = root www-data
enable_sso = yes

 

To enable the sso in Webapp  change the following in the config.php in the Webapp directory

 

Code Block
languagephp
themeMidnight
define("LOGINNAME_STRIP_DOMAIN", true);

Apache2 settings

Add the following to the vhost file of webapp for sso to work.  

Code Block
themeMidnight
<directory /usr/share/kopano-webapp/>
        AuthType                Kerberos
        AuthName                "Login"
        KrbServiceName          HTTP/mail.kopano.local@kopano.LOCAL
        KrbVerifyKDC            on
        KrbMethodNegotiate      on
        KrbMethodK5Passwd       on
        KrbAuthRealms           kopano.LOCAL
        Krb5KeyTab              /etc/apache2/keytab/mail.keytab
        require                 valid-user
</directory>