จากที่ได้เซต Alfresco ให้ใช้ User authen Ldap จาก Zimbra พบปัญหาใหญ่คือ
สามารถ login ผ่านเวบโดยใช้ ldap authen ได้แต่ไม่สามารถใช้ CIFS ได้
เนื่องจาก CIFS ใช้ MD4 ในการ เข้ารหัส(hash password)
แต่ LDAP ใช้ MD5 หรือไม่ก็ AES ทำให้ CIFS client ส่ง MD4 ไปยัง Alfresco
และส่งไปยัง LDAP แต่ LDAP ใช้การเข้ารหัสคนละแบบทำให้ไม่สามารถ map user เข้ากันได้
วันศุกร์ที่ 14 สิงหาคม พ.ศ. 2552
วันพุธที่ 5 สิงหาคม พ.ศ. 2552
Install Freeradius + Ldap server on Ubuntu 8.04.2 LTS
เนื่องจาก Pfsense มีส่วนของ Freeradius แต่ไม่มีส่วนที่สามารถ connect ldap ได้ จึงตั้ง Radius Server แยกออกมาต่างหาก เพื่อให้สามารถใช้ ldap authen ได้ โดย
1. ติดตั้ง Freeradius package โดย
2. เริ่มการทำงานของ freeradius โดย
3. ทดสอบการเชื่อมต่อโดย ใช้คำสั่ง radtest user password localhost port secret
4. จากผลลัพธ์แสดงว่าสามารถใช้ฐานข้อมูล radius ได้แล้ว ต่อไปให้ทำการคอนฟิกให้สามารถ connect ldap จาก zimbra โดยแก้ไขไฟล์ /etc/freeradius/radiusd.conf
5. แก้ไขไฟล์ /etc/freeradius/clients.conf
6. แก้ไขไฟล์ /etc/freeradius/users
7. ทดสอบใน debug mode โดย
1. ติดตั้ง Freeradius package โดย
| root@radiusserver:~# aptitude install freeradius freeradius-ldap |
2. เริ่มการทำงานของ freeradius โดย
| root@radiusserver:~# /etc/init.d/freeradius start |
3. ทดสอบการเชื่อมต่อโดย ใช้คำสั่ง radtest user password localhost port secret
| root@radiusserver:~# radtest root mypassword localhost 0 testing123 Sending Access-Request of id 132 to 192.168.1.13 port 1812 User-Name = "root" User-Password = "mypassword" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Re-sending Access-Accept of id 132 to 192.168.1.13 port 1812 |
4. จากผลลัพธ์แสดงว่าสามารถใช้ฐานข้อมูล radius ได้แล้ว ต่อไปให้ทำการคอนฟิกให้สามารถ connect ldap จาก zimbra โดยแก้ไขไฟล์ /etc/freeradius/radiusd.conf
| LDAP Configuration: ldap { server = "mail.company.co.th" # identity = "cn=admin,o=My Org,c=UA" # password = mypass basedn = "dc=company,dc=co,dc=th" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" .... .... #access_attr = "dialupAccess" # Authorization authorize { ldap //เอาคอมเมนต์ออก # Authentication //เอาคอมเมนต์ออก 3 บรรทัด authenticate { Auth-Type LDAP { ldap } |
5. แก้ไขไฟล์ /etc/freeradius/clients.conf
| client 192.168.1.0/24 { # # The shared secret use to "encrypt" and "sign" packets between # the NAS and FreeRADIUS. You MUST change this secret from the # default, otherwise it's not a secret any more! # # The secret can be any string, up to 31 characters in length. # secret = mypassword # # The short name is used as an alias for the fully qualified # domain name, or the IP address. # shortname = INTERNAL_SUBNET |
6. แก้ไขไฟล์ /etc/freeradius/users
| #DEFAULT Auth-Type = System # Fall-Through = 1 DEFAULT Auth-Type = LDAP Fall-Through = 1 |
7. ทดสอบใน debug mode โดย
| root@radiusserver:~# /etc/init.d/freeradius stop root@radiusserver:~# freeradius -X -A //เปิดทิ้งไว้เลยแล้วเปิดแท็บใหม่แล้วใช้ radtest ทดสอบว่าสามารถ authen ผ่าน ldap ได้หรือยัง root@radiusserver:~# radtest anchalee password 192.168.1.13 0 mypassword Sending Access-Request of id 44 to 192.168.1.13 port 1812 User-Name = "anchalee" User-Password = "password" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 rad_recv: Access-Accept packet from host 192.168.1.13:1812, id=44, length=20 //แสดงว่าสามารถเชื่อมต่อผ่าน ldap ได้แล้ว ^-^ |
Setting up OCS inventory NG on Ubuntu 8.04.2 LTS
OCS Inventory NG เป็น Asset Management ประเภทหนึ่ง ซึ่งช่วยให้ดูรายละเอียดในเครื่องได้โดยไม่ต้องไปแกะฮาร์ดแวร์ และยังช่วยด้านจัดการซอฟต์แวร์ ซึ่งสามารถตรวจสอบถึงซอฟต์แวร์ที่ละเมิดลิขสิทธิ์ได้
สิ่งที่ต้องเตรียม
1. Apache2
2. PHP5
3. MySQL
4. Perl and Perl Modules
5. Make Utilities (sudo aptitude install make)
ณ ที่นี้จะไม่พูดถึงกรณีติดตั้ง LAMP แต่สามารถติดตั้งได้ง่าย ๆ โดยใช้คำสั่ง tasksel และทำการติดตั้ง LAMP Server
1. ติดตั้ง Perl Modules ที่ใช้ในการติดต่อกับเซิฟเวอร์โดย
2. ติดตั้ง PHP Modules
3. ติดตั้งOCSNG_UNIX_SERVER-1.02.1.tar.gz โดย
4. Create Database โดยเข้าผ่าน URL : http://192.168.1.12/ocsreports/install.php
สิ่งที่ต้องเตรียม
1. Apache2
2. PHP5
3. MySQL
4. Perl and Perl Modules
5. Make Utilities (sudo aptitude install make)
ณ ที่นี้จะไม่พูดถึงกรณีติดตั้ง LAMP แต่สามารถติดตั้งได้ง่าย ๆ โดยใช้คำสั่ง tasksel และทำการติดตั้ง LAMP Server
1. ติดตั้ง Perl Modules ที่ใช้ในการติดต่อกับเซิฟเวอร์โดย
| staffs@ocsinventory:~$ sudo aptitude install libxml-simple-perl libcompress-zlib-perl libdbi-perl libdbd-mysql-perl libapache-dbi-perl libnet-ip-perl libsoap-lite-perl |
2. ติดตั้ง PHP Modules
| staffs@ocsinventory:~$ sudo aptitude install libphp-pclzip php5-gd |
3. ติดตั้งOCSNG_UNIX_SERVER-1.02.1.tar.gz โดย
| staffs@ocsinventory:~$ wget http://sourceforge.net/projects/ocsinventory/files/OCS%20Inventory%20NG/1.02/OCSNG_UNIX_SERVER-1.02.1.tar.gz/download staffs@ocsinventory:~$ tar xvfz OCSNG_UNIX_SERVER-1.02.1.tar.gz staffs@ocsinventory:~$ cd OCSNG_UNIX_SERVER-1.02.1 staffs@ocsinventory:~$ sudo ./setup.sh |
| +----------------------------------------------------------+ | | | Welcome to OCS Inventory NG Management server setup ! | | | +----------------------------------------------------------+ CAUTION: If upgrading Communication server from OCS Inventory NG 1.0 RC2 and previous, please remove any Apache configuration for Communication Server! Do you wish to continue ([y]/n)? [enter] |
| Assuming Communication server 1.0 RC2 or previous is not installed on this computer. Starting OCS Inventory NG Management server setup from folder /tmp/OCSNG_UNIX_SERVER-1.02.1 Storing log in file /tmp/OCSNG_UNIX_SERVER-1.02.1/ocs_server_setup.log +----------------------------------------------------------+ | Checking for database server properties... | +----------------------------------------------------------+ Your MySQL client seems to be part of MySQL version 5.0. Your computer seems to be running MySQL 4.1 or higher, good ;-) Which host is running database server [localhost] ? [enter] |
| OK, database server is running on host localhost ;-) On which port is running database server [3306] ? [enter] |
| OK, database server is running on port 3306 ;-) +----------------------------------------------------------+ | Checking for Apache web server daemon... | +----------------------------------------------------------+ Where is Apache daemon binary [/usr/sbin/apache2] ? [enter] |
| OK, using Apache daemon /usr/sbin/apache2 ;-) +----------------------------------------------------------+ | Checking for Apache main configuration file... | +----------------------------------------------------------+ Where is Apache main configuration file [/etc/apache2/apache2.conf] ? [enter] |
| OK, using Apache main configuration file /etc/apache2/apache2.conf ;-) +----------------------------------------------------------+ | Checking for Apache user account... | +----------------------------------------------------------+ Which user account is running Apache web server [${APACHE_RUN_USER}] ?www-data |
| OK, Apache is running under user account www-data ;-) +----------------------------------------------------------+ | Checking for Apache group... | +----------------------------------------------------------+ Which user group is running Apache web server [${APACHE_RUN_GROUP}] ?www-data |
| OK, Apache is running under users group www-data ;-) +----------------------------------------------------------+ | Checking for Apache Include configuration directory... | +----------------------------------------------------------+ Setup found Apache Include configuration directory in //etc/apache2/conf.d/. Setup will put OCS Inventory NG Apache configuration in this directory. Where is Apache Include configuration directory [//etc/apache2/conf.d/] ? [enter] |
| OK, Apache Include configuration directory //etc/apache2/conf.d/ found ;-) +----------------------------------------------------------+ | Checking for PERL Interpreter... | +----------------------------------------------------------+ Found PERL Intrepreter at ;-) Where is PERL Intrepreter binary [/usr/bin/perl] ? [enter] |
| OK, using PERL Intrepreter /usr/bin/perl ;-) Do you wish to setup Communication server on this computer ([y]/n)? [enter] |
| +----------------------------------------------------------+ | Checking for Make utility... | +----------------------------------------------------------+ OK, Make utility found at ;-) +----------------------------------------------------------+ | Checking for Apache mod_perl version... | +----------------------------------------------------------+ Checking for Apache mod_perl version 1.99_22 or higher Found that mod_perl version 1.99_22 or higher is available. OK, Apache is using mod_perl version 1.99_22 or higher ;-) +----------------------------------------------------------+ | Checking for Communication server log directory... | +----------------------------------------------------------+ Communication server can create detailled logs. This logs can be enabled by setting interger value of LOGLEVEL to 1 in Administration console menu Configuration. Where to put Communication server log directory [/var/log/ocsinventory-server] ? [enter] |
| OK, Communication server will put logs into directory /var/log/ocsinventory-server ;-) +----------------------------------------------------------+ | Checking for required Perl Modules... | +----------------------------------------------------------+ Checking for DBI PERL module... Found that PERL module DBI is available. Checking for Apache::DBI PERL module... Found that PERL module Apache::DBI is available. Checking for DBD::mysql PERL module... Found that PERL module DBD::mysql is available. Checking for Compress::Zlib PERL module... Found that PERL module Compress::Zlib is available. Checking for XML::Simple PERL module... Found that PERL module XML::Simple is available. Checking for Net::IP PERL module... Found that PERL module Net::IP is available. +----------------------------------------------------------+ | Checking for optional Perl Modules... | +----------------------------------------------------------+ Checking for SOAP::Lite PERL module... Found that PERL module SOAP::Lite is available. Checking for XML::Entities PERL module... *** Warning: PERL module XML::Entities is not installed ! This module is only required by OCS Inventory NG SOAP Web Service. Do you wish to continue ([y]/n] ? [enter] |
| +----------------------------------------------------------+ | OK, looks good ;-) | | | | Configuring Communication server Perl modules... | +----------------------------------------------------------+ Checking if your kit is complete... Looks good Writing Makefile for Apache::Ocsinventory +----------------------------------------------------------+ | OK, looks good ;-) | | | | Preparing Communication server Perl modules... | +----------------------------------------------------------+ +----------------------------------------------------------+ | OK, prepare finshed ;-) | | | | Installing Communication server Perl modules... | +----------------------------------------------------------+ +----------------------------------------------------------+ | OK, Communication server Perl modules install finished;-)| | | | Creating Communication server log directory... | +----------------------------------------------------------+ Creating Communication server log directory /var/log/ocsinventory-server. Fixing Communication server log directory files permissions. Configuring logrotate for Communication server. Removing old communication server logrotate file /etc/logrotate.d/ocsinventory-NG Writing communication server logrotate to file /etc/logrotate.d/ocsinventory-server +----------------------------------------------------------+ | OK, Communication server log directory created ;-) | | | | Now configuring Apache web server... | +----------------------------------------------------------+ To ensure Apache loads mod_perl before OCS Inventory NG Communication Server, Setup can name Communication Server Apache configuration file 'z-ocsinventory-server.conf' instead of 'ocsinventory-server.conf'. Do you allow Setup renaming Communication Server Apache configuration file to 'z-ocsinventory-server.conf' ([y]/n) ? [enter] |
| OK, using 'z-ocsinventory-server.conf' as Communication Server Apache configuration file Removing old communication server configuration to file //etc/apache2/conf.d//ocsinventory.conf Writing communication server configuration to file //etc/apache2/conf.d//z-ocsinventory-server.conf +----------------------------------------------------------+ | OK, Communication server setup sucessfully finished ;-) | | | | Please, review //etc/apache2/conf.d//z-ocsinventory-server.conf | to ensure all is good. Then restart Apache daemon. | +----------------------------------------------------------+ Do you wish to setup Administration Server (Web Administration Console) on this computer ([y]/n)? [enter] |
| +----------------------------------------------------------+ | Checking for Administration Server directories... | +----------------------------------------------------------+ CAUTION: Setup now install files in accordance with Filesystem Hierarchy Standard. So, no file is installed under Apache root document directory (Refer to Apache configuration files to locate it). If you're upgrading from OCS Inventory NG Server 1.01 and previous, YOU MUST REMOVE (or move) directories 'ocsreports' and 'download' from Apache root document directory. If you choose to move directory, YOU MUST MOVE 'download' directory to Administration Server writable/cache directory (by default /var/lib/ocsinventory-reports), especialy if you use deployement feature. Do you wish to continue ([y]/n)? [enter] |
| Assuming directories 'ocsreports' and 'download' removed from Apache root document directory. Where to copy Administration Server static files for PHP Web Console [/usr/share/ocsinventory-reports] ? [enter] |
| Assuming directories 'ocsreports' and 'download' removed from Apache root document directory. Where to copy Administration Server static files for PHP Web Console [/usr/share/ocsinventory-reports] ? OK, using directory /usr/share/ocsinventory-reports to install static files ;-) Where to create writable/cache directories for deployement packages and IPDiscover [/var/lib/ocsinventory-reports] ? [enter] |
| OK, writable/cache directory is /var/lib/ocsinventory-reports ;-) +----------------------------------------------------------+ | Checking for required Perl Modules... | +----------------------------------------------------------+ Checking for DBI PERL module... Found that PERL module DBI is available. Checking for DBD::mysql PERL module... Found that PERL module DBD::mysql is available. Checking for XML::Simple PERL module... Found that PERL module XML::Simple is available. Checking for Net::IP PERL module... Found that PERL module Net::IP is available. +----------------------------------------------------------+ | Installing files for Administration server... | +----------------------------------------------------------+ Creating PHP directory /usr/share/ocsinventory-reports/ocsreports. Copying PHP files to /usr/share/ocsinventory-reports/ocsreports. Fixing permissions on directory /usr/share/ocsinventory-reports/ocsreports. Creating database configuration file /usr/share/ocsinventory-reports/ocsreports/dbconfig.inc.php. Creating IPDiscover directory /var/lib/ocsinventory-reports/ipd. Fixing permissions on directory /var/lib/ocsinventory-reports/ipd. Creating packages directory /var/lib/ocsinventory-reports/download. Fixing permissions on directory /var/lib/ocsinventory-reports/download. Configuring IPDISCOVER-UTIL Perl script. Installing IPDISCOVER-UTIL Perl script. Fixing permissions on IPDISCOVER-UTIL Perl script. Writing Administration server configuration to file //etc/apache2/conf.d//ocsinventory-reports.conf +----------------------------------------------------------+ | OK, Administration server installation finished ;-) | | | | Please, review //etc/apache2/conf.d//ocsinventory-reports.conf | to ensure all is good and restart Apache daemon. | | | | Then, point your browser to http://server//ocsreports | to configure database server and create/update schema. | +----------------------------------------------------------+ Setup has created a log file /tmp/OCSNG_UNIX_SERVER-1.02.1/ocs_server_setup.log. Please, save this file. If you encounter error while running OCS Inventory NG Management server, we can ask you to show us his content ! DON'T FORGET TO RESTART APACHE DAEMON ! Enjoy OCS Inventory NG ;-) |
4. Create Database โดยเข้าผ่าน URL : http://192.168.1.12/ocsreports/install.php
สมัครสมาชิก:
บทความ (Atom)