Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »


  • Working DNS server
  • Working  active directory server

Domain = kopano.local 

kopano server =  mail.kopano.local


Add kopano server to the  domain

To add  the kopano-server in a domain we use the tool 'PowerBroker Identity Services' 

$ sudo wget
$ sudo chmod +x

Start the tool.

$ sudo ./
$ sudo domainjoin-cli join kopano.LOCAL administrator
Joining to AD Domain:   kopano.LOCAL
With Computer DNS Name: mail.kopano.LOCAL
administrator@kopano.LOCAL's password:
Your system has been configured to authenticate to Active Directory for the first time.  It is recommended that you restart your system to ensure that all applications recognize the new settings.

Create a keytab file for the kopano server

Create a user in the active directory for the kopano server in this example it is 'mail'.   

Create a Keytab file for the kopano server with the user 'mail' 

$ sudo ktpass -princ HTTP/mail.kopano.local@kopano.LOCAL -mapuser mail@kopano.LOCAL -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -pass <Password> -out c:/mail.keytab

Install mpm-prefork mod-auth-kerb

$ sudo apt-get install apache2-mpm-prefork libapache2-mod-auth-kerb


Creatte a directory in /etc/apache2/keytab and move the mail.keytab 

$ sudo mkdir -p /etc/apache2/keytab
$ sudo mv /shared/mail.keytab /etc/apache2/keytab/


kopano Settings

To enable the sso change the following  setting in the server.cfg

server_hostname = mail.kopano.local
local_admin_users = root www-data
enable_sso = yes


To enable the sso in Webapp  change the following in the config.php in the Webapp directory



Apache2 settings

Add the following to the vhost file of webapp for sso to work.  

<directory /usr/share/kopano-webapp/>
        AuthType                Kerberos
        AuthName                "Login"
        KrbServiceName          HTTP/mail.kopano.local@kopano.LOCAL
        KrbVerifyKDC            on
        KrbMethodNegotiate      on
        KrbMethodK5Passwd       on
        KrbAuthRealms           kopano.LOCAL
        Krb5KeyTab              /etc/apache2/keytab/mail.keytab
        require                 valid-user



  • No labels