Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

 

Prerequisite:

  • Working DNS server
  • Working  active directory server

Domain = kopano.local 

kopano server =  mail.kopano.local

Installation

Add kopano server to the  domain

To add  the kopano-server in a domain we use the tool 'PowerBroker Identity Services' 

$ sudo wget http://download.beyondtrust.com/PBISO/8.2.1/linux.deb.x64/pbis-open-8.2.1.2979.linux.x86_64.deb.sh
$ sudo chmod +x pbis-open-8.2.1.2979.linux.x86_64.deb.sh

Start the tool.

$ sudo ./pbis-open-8.2.1.2979.linux.x86_64.deb.sh
$ sudo domainjoin-cli join kopano.LOCAL administrator
 
Joining to AD Domain:   kopano.LOCAL
With Computer DNS Name: mail.kopano.LOCAL
administrator@kopano.LOCAL's password:
...
Your system has been configured to authenticate to Active Directory for the first time.  It is recommended that you restart your system to ensure that all applications recognize the new settings.
SUCCESS

Create a keytab file for the kopano server

Create a user in the active directory for the kopano server in this example it is 'mail'.   

Create a Keytab file for the kopano server with the user 'mail' 

On a DC run

C:\Windows\system32> ktpass -princ HTTP/mail.kopano.local@kopano.LOCAL -mapuser mail@kopano.LOCAL -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -pass <Password> -out c:\mail.keytab

Install mpm-prefork mod-auth-kerb


$ sudo apt-get install apache2-mpm-prefork libapache2-mod-auth-kerb

 

Creatte a directory in /etc/apache2/keytab and move the mail.keytab 


$ sudo mkdir -p /etc/apache2/keytab
$ sudo mv /shared/mail.keytab /etc/apache2/keytab/


Settings 

kopano Settings

To enable the sso change the following  setting in the server.cfg

server_hostname = mail.kopano.local
local_admin_users = root www-data
enable_sso = yes

 

To enable the sso in Webapp  change the following in the config.php in the Webapp directory

 

define("LOGINNAME_STRIP_DOMAIN", true);

Apache2 settings

Add the following to the vhost file of webapp for sso to work.  

<directory /usr/share/kopano-webapp/>
        AuthType                Kerberos
        AuthName                "Login"
        KrbServiceName          HTTP/mail.kopano.local@kopano.LOCAL
        KrbVerifyKDC            on
        KrbMethodNegotiate      on
        KrbMethodK5Passwd       on
        KrbAuthRealms           kopano.LOCAL
        Krb5KeyTab              /etc/apache2/keytab/mail.keytab
        require                 valid-user
</directory>

 

 


  • No labels