Sunday, August 17, 2014

Domain Controller with SAMBA

   Hello guys, i know a lot of you already know about this configuration, and you can find many tutorial about this configuration on the internet. The reason why i decided to made this tutorial because in my university used file system like this too but with windows server, so i wanna know how to it work but in this case i will use ubuntu server 12.04.
   You can find what is domain controller over here. Ok for details let's see when you used samba server without domain controller configuration
source :   http://data-analytics-tools.blogspot.com/2009/02/four-simple-steps-to-secure-samba.html

And when you used domain controller configuration the directory will be look like this
see melody is user, in this tutorial when you setting samba server with domain controller configuration you must log in for access the user directory. OK let's begin :
ip server = 192.168.56.1
domain = rizal.local
dns server 192.168.56.1
in this tutorial i'm just made 2 users "melody" and "nabilah"

setting ip address, i'm used virtual box so i need 2 lan card, first for connection to the internet and the another one for local connection, edit on /etc/network/interfaces and restart the networking

next step
  • apt-update
  • apt-get install samba samba-common samba-doc libcupsys2 winbind smbclient smbfs
edit file /etc/samba/smb.conf
[global] 
workgroup = rizal.local
netbios name = ubuntu 
server string = %h server (Samba, Ubuntu) 
passdb backend = tdbsam 
security = user 
username map = /etc/samba/smbusers 
name resolve order = wins lmhosts bcast hosts 
domain logons = yes 
preferred master = yes 
domain master = yes 
wins support = yes 
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 
os level = 65 
logon driver : H:
path = /var/tmp 
lm announce = yes 
lm interval = 10 

# Useradd scripts 
add user script = /usr/sbin/useradd -m %u 
delete user script = /usr/sbin/userdel -r %u 
add group script = /usr/sbin/groupadd %g 
delete group script = /usr/sbin/groupdel %g 
add user to group script = /usr/sbin/usermod -G %g %u 
add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u 

# sync smb passwords woth linux passwords 
passwd program = /usr/bin/passwd %u 
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . 
passwd chat debug = yes 
unix password sync = yes 
# set the loglevel 
log level = 3 

[homes] 
comment = Home 
valid users = %S 
read only = no 
browsable = no 

[netlogon] 
comment = Network Logon Service 
path = /home/samba/netlogon 
admin users = Administrator 
valid users = %U 
read only = no 

[profile] 
comment = User profiles 
path = /home/samba/profiles 
valid users = %U 
create mode = 0600 
directory mode = 0700 
writable = yes 
browsable = no 

find this word and edited to be like this (in smb.conf)

next step, make some file and folder
  • # mkdir /home/samba 
  • # mkdir /home/samba/netlogon 
  • # mkdir /home/samba/profiles 
  • # mkdir /var/spool/samba
  • # chmod 777 /var/spool/samba/
  • # chown -R root:users /home/samba/
  • # chmod -R 771 /home/samba/
  • # touch /home/samba/netlogon/logon.cmd
and then restart samba server : service smbd restart

next step, i will set the root to be Administrator :
  • smbdpasswd -a root
  • edit file /etc/samba/smbusers :
    • root = Administrator 
next step, test samba configuration : smbclient -L localhost -%U

next step, setup domain group for windows :
  • # net groupmap add ntgroup="Domain Users" unixgroup=users 
  • # net groupmap add ntgroup="Domain Guests" unixgroup=nogroup
    •  
next step, add user (nabilah and melody) :

next step, install dns server : apt-get install bind9 :
  • edit /etc/bind/name.conf.local to be like this
  • copy /etc/bind/db.local to /etc/bind/db.rizal and /etc/bind/db.192 and then edited to be like this :


next step, edit /etc/hosts to be like this and then restart bind  :

127.0.0.1         localhost
192.168.56.1   ubuntu rizal.local

next step, check dns configuration on resolv.conf

test your dns settings with nslookup


install dhcp server : apt-get install isc-dhcp-server, and then configure /etc/dhcp/dhcpd.conf to be like this :

and then, restart dhcp server : service isc-dhcp-server restart
now, we will switch to the client and join client to the samba server
first, setting ip client with dhcp and then make sure the configuration it's correct



next step, click start and right click on my computer and then choose properties, switch to then computer name tab,click change and then click more finally type the domain, in this case "rizal.local.".

next step, clik domain and then type the domain again "rizal.local"
finally, just restart you client and log in with account has created before


ok thx for visited my blog, see you next time

reference : http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
                http://www.opikdesign.com/kios/tutorial_ubuntu/Domain_Controller.pdf
Posted by at 2 comments:

Wednesday, January 15, 2014

Mail server (using dovecot)

Finally, for a long time i'm not posting in my blog. Now i will make tutorial about mail server. If you see my old post, you can see i have make tutorial about mail server too ..., so what's different ?. In this tutorial i'm using dovecot for imap and pop3, roundcube v 0.9 (new) and non linux account.
well let's begin .. !!!

  • install linux ubuntu server version (i'm using ubuntu 12.04 LTS)
  • install postfix and mailutils : apt-get install postfix mailutils
  •   configure postfix
  • open file /etc/postfix/main.cf, edit to like this
  • restart postfix : /etc/init.d/postfix restart
  • test postfix configuration
  • create virtual mailbox group and virtual mailbox owner
  • add to /etc/postfix/main.cf
  • create new file:  /etc/postfix/vhosts (for your domain), i'm using rizal.net and ubuntu.com
 
  • create new file:  /etc/postfix/vmaps. To make an alias, map to same folder as another user.
 
  • convert vmaps into hash file by running : postmap /etc/postfix/vmaps
  • test send mail with postfix
  • install dovecot : apt-get install dovecot-common dovecot-imapd dovecot pop3d
  • configure dovecot, backup your dovecot default configuration : mv /etc/dovecot/dovecot.conf
  • create new file for dovecot configuration : nano /etc/dovecot/dovecot.conf
  • for reduce errors will be better if we using ftp server and then you can upload this file to your server. Download dovecot.conf file here
  • if you have upload dovecot.conf to your server, next step  you must copy dovecot.conf to /etc/dovecot/dovecot.conf
  • now i will make scripts for add and delete dovecot user, i hope you install ftp server, because that's really helpful
  • download script for add user here, and then upload with ftp server to your server, copy to /usr/local/sbin/
  • make file executable : chmod +x /usr/local/sbin/adddovecotuser
  • if you get error like this : /bin/sh^M bad interprenter, try this for fix it : perl -i -pe 'y|\r||d' /usr/local/sbin/adddovecotuser
  • add user like this (example) : adddovecotuser nabilah@rizal.net, and then press enter you will be required fill a password
  • download script for delete user here, and then upload and copy to : /usr/local/sbin/
  • make file executable : chmod +x /usr/local/sbin/deldovecotuser
  • if you get error like this : /bin/sh^M bad interprenter, try this for fix it : perl -i -pe 'y|\r||d' /usr/local/sbin/deldovecotuser
  • for delete user like this : deldovecotuser nabilah@rizal.net
  • restart postfix and dovecot service
  • now i will test the configuration
  • install clamav for filtering your email from virus : apt-get install clamav-daemon clamav clamsmtp
  • and then do this for completing clamav
  • now you can run clamav
  •  add to main.cf : nano /etc/postfix/main.cf
  • add to master.cf : nano /etc/postfix/master.cf
  • restart postfix : service postfix restart
  • restart dovecot: service dovecot restart
  • restart clamav: service clamav-daemon restart
  • now i will test clamav
  • install mutt : apt-get install mutt ( for attach file from command line)
  • download eicar_com.zip using wget
  • for attach eicar_com.zip do like this : mutt nabilah@rizal.net -a eicar_com.zip -s "<virus>"
  • if you finish, press enter until you see like this ..., and then press "Y" for send email
  • for check the clamav : tail /var/log/mail.log, you can see "Virus detected", and the message will be deleted
  • next step i will install roundcube 0.9 for webmail, but before install roundcube you must install lamp server : apt-get install lamp-server^
  • if you have finished install lamp server, configure mysql to like this :
  • download roundcube 0.9 from here, download complete package, and then upload to your server again with ftp and copy to /var/www
  • extrack roundcube : tar -xzvf roundcubemail-0.9.5.tar.gz
  • rename roundcubemail-0.9.5 to webmail : mv /var/www/roundcubemail-0.9.2 /var/www/webmail
  • change directory to /var/www/webmail : cd /var/www/webmail
  • change the owner for logs and temp
  • logs : chown -R www-data.www-data logs/
  • temp : chown -R www-data.www-data temp/
  • import roundcube database to mysql : mysql -u root -p roundcube < /var/www/webmail/SQL/mysql.initial.sql
  • edit file /etc/apache2/sites-available/default to like this
  • edit file /etc/apache2/httpd.conf to like this 
  • restart apache : service apache2 restart
  • go to client, open a browser and then go to roundcube installter
  • you can see there are some that not ok, for fix it do this : apt-get install php5-mcrypt php5-intl. Edit file /etc/php5/apache2/php.ini and fink "date.timezone" like this :
  •  restart you apache2 and refresh you browser
  •  click continue, edit database and imap setting to like this
  • edit smpt setting and display settings to like this
  • click create config, download main.inc.php and db.inc, upload to your server and then copy to /var/www/webmail/config
  • change the owner 
    • chown -R www-data.www-data /var/www/webmail/config/main.inc.php
    • chown -R www-data.www-data /var/www/webmail/config/db.inc.php
  •  restart apache2
  • and then click continue, if you have error like this 
  • back to mysql and do this :
    • GRANT ALL PRIVILEGES ON roundcube.* TO 'rizal'@'localhost' IDENTIFIED BY 'yourpassword' WITH GRANT OPTION;
    • flush privileges;
    • quit on mysql and restart apache and refresh a browser
  • delete installer page
  • finish ... ^o ^
 

i am sorry about my English, i just want improve my English and if you have question contact me on  
  • email : rizalubuntuuser@gmail.com
  • facebook (you can see on this blog hehehe) but before ask please add me on facebook 
 reference : https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto#Install_Dovecot_IMAP.2BAC8-POP3_server
Posted by at No comments:
Subscribe to: Posts (Atom)