Arief Yudhawarman

Masih belajar buat blog

Instalasi Zimbra 8.5 + Samba 3.6.9 PDC di CentOS 6.5

with 9 comments

Prolog

Artikel ini ditulis untuk menjawab keingintahuan teman-teman di facebook dan milis id-zimbra yang bertanya apakah Zimbra ZCS 8.5 bisa terintergrasi dengan Samba PDC (Primary Domain Controller) agar menjadi database user terpusat untuk autentikasi user Linux maupun Windows. Hal ini bisa dicapai dengan mengkonfigurasi Zimbra LDAP yang bekerja sebagai database user terpusat untuk PAM (Pluggable Authentication Modules), NSS (Name Service Switch), dan Samba ldapsam password backend.

Referensi dasar artikel ini adalah tulisan di wiki zimbra UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI namun ada perubahan significant untuk modifikasi Zimbra LDAP di ZCS Zimbra 8.5.0 agar support Samba PDC yakni:

  • File zimlet zimbra_posixaccount.zip dan zimbra_samba.zip disimpan ke /opt/zimbra/zimlets/ alih-alih /opt/zimbra/zimlets-extra/
  • Zimbra LDAP menggunakan database type mdb (sebelumnya bertype hdb) sehingga saat menambahkan indexes untuk PAM dan Samba harus menggunakan DN (distinguished name) dn: olcDatabase={2}mdb,cn=config
  • Modifikasi LDAP ACL untuk DN olcDatabase={2}mdb,cn=config mulai dari entry ke-10
  • Harus menambahkan DN root uid=root,ou=people,dc=domain,dc=tld agar proses intergrasi Samba PDC lancar


Untuk dasar-dasar instalasi Zimbra dan CentOS silahkan pembaca membuka artikel oleh penulis di bawah ini:

  1. Instalasi Server Linux CLI dengan CentOS 5.4
  2. Konfigurasi DNS dengan Bind
  3. Instalasi Zimbra 6.0.12 + Samba 3.4.8 PDC di CentOS 5.4
  4. Instalasi Zimbra 7.2.5 + Samba 3.6.9 PDC di CentOS 6.5

Konfigurasi Domain & Hostname

  • Domain : domain.org
  • Hostname : server.domain.org
  • Zimbra Hostname : mail.domain.org

Pastikan nama domain dan zimbra hostname sudah dikonfigurasikan di DNS dengan benar.

File /etc/hosts

192.168.87.99   server.domain.org       server
127.0.0.1       localhost.localdomain   localhost
::1             localhost6.localdomain6 localhost6

File /etc/resolv.conf

search domain.org
nameserver 127.0.0.1


Kemudian cek konfigurasi DNS dengan dig.

[root@server ~]# dig +short -t ns domain.org
ns1.domain.org.
[root@server ~]# dig +short -t mx domain.org
10 mail.domain.org.
[root@server ~]# dig +short mail.domain.org
192.168.87.99


Instalasi Zimbra ZCS 8.5

  1. Download source Zimbra ZCS 8.5 64-bit untuk platform Red Hat Enterprise Linux 6
    Note: Yang dipakai penulis pada tulisan ini adalah versi zcs-8.5.0_GA_3040.RHEL6_64.20140816142607.
  2. Sebelum instalasi zimbra matikan dahulu service sendmail dan httpd:

    /etc/init.d/sendmail stop /etc/init.d/httpd stop chkconfig --del httpd chkconfig --del sendmail

  3. Setelah file source diextract instal zimbra:

    cd /usr/local/src tar zxf zcs-8.5.0_GA_3040.RHEL6_64.20140816142607.tgz cd zcs-8.5.0_GA_3040.RHEL6_64.20140816142607 ./install.sh --platform-override

    Karena kita sudah mempunyai dns cache maka zimbra-memcached tidak kita instal.

    Operations logged to /tmp/install.log.881
    Checking for existing installation...
        zimbra-ldap...NOT FOUND
        zimbra-logger...NOT FOUND
        zimbra-mta...NOT FOUND
        zimbra-dnscache...NOT FOUND
        zimbra-snmp...NOT FOUND
        zimbra-store...NOT FOUND
        zimbra-apache...NOT FOUND
        zimbra-spell...NOT FOUND
        zimbra-convertd...NOT FOUND
        zimbra-memcached...NOT FOUND
        zimbra-proxy...NOT FOUND
        zimbra-archiving...NOT FOUND
        zimbra-cluster...NOT FOUND
        zimbra-core...NOT FOUND
    
    PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
    ZIMBRA, INC. ("ZIMBRA") WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
    FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
    THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
    THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
    AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.
    
    License Terms for the Zimbra Collaboration Suite:
      http://www.zimbra.com/license/zimbra-public-eula-2-5.html
    
    Do you agree with the terms of the software license agreement? [N] Y
    
    Checking for prerequisites...
         FOUND: NPTL
         FOUND: nc-1.84-22
         FOUND: sudo-1.8.6p3-12
         FOUND: libidn-1.18-2
         FOUND: gmp-4.3.1-7
         FOUND: libaio-0.3.107-10
         FOUND: libstdc++-4.4.7-4
         FOUND: unzip-6.0-1
    
    Checking for suggested prerequisites...
         FOUND: perl-5.10.1
         FOUND: sysstat
         FOUND: sqlite
    Prerequisite check complete.
    
    Checking for installable packages
    
    Found zimbra-core
    Found zimbra-ldap
    Found zimbra-logger
    Found zimbra-mta
    Found zimbra-dnscache
    Found zimbra-snmp
    Found zimbra-store
    Found zimbra-apache
    Found zimbra-spell
    Found zimbra-memcached
    Found zimbra-proxy
    
    Select the packages to install
    
    Install zimbra-ldap [Y] 
    Install zimbra-logger [Y] 
    Install zimbra-mta [Y] 
    Install zimbra-dnscache [Y] N
    Install zimbra-snmp [Y] 
    Install zimbra-store [Y] 
    Install zimbra-apache [Y] 
    Install zimbra-spell [Y] 
    Install zimbra-memcached [Y] N
    Install zimbra-proxy [Y] N
    
    Checking required space for zimbra-core
    Checking space for zimbra-store
    Checking required packages for zimbra-store
    zimbra-store package check complete.
    
    Installing:
        zimbra-core
        zimbra-ldap
        zimbra-logger
        zimbra-mta
        zimbra-snmp
        zimbra-store
        zimbra-apache
        zimbra-spell
    
    The system will be modified.  Continue? [N] Y
    
    Removing /opt/zimbra
    Removing zimbra crontab entry...done.
    Cleaning up zimbra init scripts...done.
    Cleaning up /etc/ld.so.conf...done.
    Cleaning up /etc/security/limits.conf...done.
    
    Finished removing Zimbra Collaboration Server.
    
    Installing packages
    
        zimbra-core......zimbra-core-8.5.0_GA_3040.RHEL6_64-20140816142607.x86_64.rpm...done
        zimbra-ldap......zimbra-ldap-8.5.0_GA_3040.RHEL6_64-20140816142607.x86_64.rpm...done
        zimbra-logger......zimbra-logger-8.5.0_GA_3040.RHEL6_64-20140816142607.x86_64.rpm...done
        zimbra-mta......zimbra-mta-8.5.0_GA_3040.RHEL6_64-20140816142607.x86_64.rpm...done
        zimbra-snmp......zimbra-snmp-8.5.0_GA_3040.RHEL6_64-20140816142607.x86_64.rpm...done
        zimbra-store......zimbra-store-8.5.0_GA_3040.RHEL6_64-20140816142607.x86_64.rpm...done
        zimbra-apache......zimbra-apache-8.5.0_GA_3040.RHEL6_64-20140816142607.x86_64.rpm...done
        zimbra-spell......zimbra-spell-8.5.0_GA_3040.RHEL6_64-20140816142607.x86_64.rpm...done
    Operations logged to /tmp/zmsetup08292014-153011.log
    Installing LDAP configuration database...done.
    Setting defaults...No results returned for A lookup of server.domain.org
    Checked nameservers:
    	127.0.0.1
    No results returned for AAAA lookup of server.domain.org
    Checked nameservers:
    	127.0.0.1
    
    DNS ERROR resolving server.domain.org
    It is suggested that the hostname be resolvable via DNS
    Change hostname [Yes] 
    Please enter the logical hostname for this host [server.domain.org] mail.domain.org
    
    DNS ERROR resolving MX for mail.domain.org
    It is suggested that the domain name have an MX record configured in DNS
    Change domain name? [Yes] 
    Create domain: [mail.domain.org] domain.org
    	MX: mail.domain.org (192.168.87.99)
    
    	Interface: 192.168.87.99
    	Interface: 127.0.0.1
    	Interface: ::1
    done.
    Checking for port conflicts
    
    Main menu
    
       1) Common Configuration:                                                  
       2) zimbra-ldap:                             Enabled                       
       3) zimbra-logger:                           Enabled                       
       4) zimbra-mta:                              Enabled                       
       5) zimbra-snmp:                             Enabled                       
       6) zimbra-store:                            Enabled                       
            +Create Admin User:                    yes                           
            +Admin user to create:                 admin@domain.org            
    ******* +Admin Password                        UNSET                         
            +Anti-virus quarantine user:           virus-quarantine.ectddlvdi@domain.org
            +Enable automated spam training:       yes                           
            +Spam training user:                   spam.v0sswi2wq@domain.org   
            +Non-spam(Ham) training user:          ham._jjqc1zf@domain.org     
            +SMTP host:                            mail.domain.org             
            +Web server HTTP port:                 80                            
            +Web server HTTPS port:                443                           
            +Web server mode:                      https                         
            +IMAP server port:                     143                           
            +IMAP server SSL port:                 993                           
            +POP server port:                      110                           
            +POP server SSL port:                  995                           
            +Use spell check server:               yes                           
            +Spell server URL:                     http://mail.domain.org:7780/aspell.php
            +Configure for use with mail proxy:    FALSE                         
            +Configure for use with web proxy:     FALSE                         
            +Enable version update checks:         TRUE                          
            +Enable version update notifications:  TRUE                          
            +Version update notification email:    admin@server.domain.org      
            +Version update source email:          admin@server.domain.org      
            +Install mailstore (service webapp):   yes                           
            +Install UI (zimbra,zimbraAdmin webapps): yes                           
       7) zimbra-spell:                            Enabled                       
       8) Default Class of Service Configuration:                                
       s) Save config to file                                                    
       x) Expand menu                                                            
       q) Quit                                    
    
    Address unconfigured (**) items  (? - help) 6
    
    Store configuration
       1) Status:                                  Enabled                       
       2) Create Admin User:                       yes                           
       3) Admin user to create:                    admin@domain.org            
    ** 4) Admin Password                           UNSET                         
       5) Anti-virus quarantine user:              virus-quarantine.ectddlvdi@domain.org
       6) Enable automated spam training:          yes                           
       7) Spam training user:                      spam.v0sswi2wq@domain.org   
       8) Non-spam(Ham) training user:             ham._jjqc1zf@domain.org     
       9) SMTP host:                               mail.domain.org             
      10) Web server HTTP port:                    80                            
      11) Web server HTTPS port:                   443                           
      12) Web server mode:                         https                         
      13) IMAP server port:                        143                           
      14) IMAP server SSL port:                    993                           
      15) POP server port:                         110                           
      16) POP server SSL port:                     995                           
      17) Use spell check server:                  yes                           
      18) Spell server URL:                        http://mail.domain.org:7780/aspell.php
      19) Configure for use with mail proxy:       FALSE                         
      20) Configure for use with web proxy:        FALSE                         
      21) Enable version update checks:            TRUE                          
      22) Enable version update notifications:     TRUE                          
      23) Version update notification email:       admin@server.domain.org      
      24) Version update source email:             admin@server.domain.org      
      25) Install mailstore (service webapp):      yes                           
      26) Install UI (zimbra,zimbraAdmin webapps): yes                           
    
    Select, or 'r' for previous menu [r] 4
    
    Password for admin@domain.org (min 6 characters): [IQERd6FLwN] password1
    
    Store configuration
       1) Status:                                  Enabled                       
       2) Create Admin User:                       yes                           
       3) Admin user to create:                    admin@domain.org            
       4) Admin Password                           set                           
       5) Anti-virus quarantine user:              virus-quarantine.ectddlvdi@domain.org
       6) Enable automated spam training:          yes                           
       7) Spam training user:                      spam.v0sswi2wq@domain.org   
       8) Non-spam(Ham) training user:             ham._jjqc1zf@domain.org     
       9) SMTP host:                               mail.domain.org             
      10) Web server HTTP port:                    80                            
      11) Web server HTTPS port:                   443                           
      12) Web server mode:                         https                         
      13) IMAP server port:                        143                           
      14) IMAP server SSL port:                    993                           
      15) POP server port:                         110                           
      16) POP server SSL port:                     995                           
      17) Use spell check server:                  yes                           
      18) Spell server URL:                        http://mail.domain.org:7780/aspell.php
      19) Configure for use with mail proxy:       FALSE                         
      20) Configure for use with web proxy:        FALSE                         
      21) Enable version update checks:            TRUE                          
      22) Enable version update notifications:     TRUE                          
      23) Version update notification email:       admin@server.domain.org      
      24) Version update source email:             admin@server.domain.org      
      25) Install mailstore (service webapp):      yes                           
      26) Install UI (zimbra,zimbraAdmin webapps): yes                           
    
    Select, or 'r' for previous menu [r] 21
    
    Store configuration
       1) Status:                                  Enabled                       
       2) Create Admin User:                       yes                           
       3) Admin user to create:                    admin@domain.org            
       4) Admin Password                           set                           
       5) Anti-virus quarantine user:              virus-quarantine.ectddlvdi@domain.org
       6) Enable automated spam training:          yes                           
       7) Spam training user:                      spam.v0sswi2wq@domain.org   
       8) Non-spam(Ham) training user:             ham._jjqc1zf@domain.org     
       9) SMTP host:                               mail.domain.org             
      10) Web server HTTP port:                    80                            
      11) Web server HTTPS port:                   443                           
      12) Web server mode:                         https                         
      13) IMAP server port:                        143                           
      14) IMAP server SSL port:                    993                           
      15) POP server port:                         110                           
      16) POP server SSL port:                     995                           
      17) Use spell check server:                  yes                           
      18) Spell server URL:                        http://mail.domain.org:7780/aspell.php
      19) Configure for use with mail proxy:       FALSE                         
      20) Configure for use with web proxy:        FALSE                         
      21) Enable version update checks:            FALSE                         
      22) Install mailstore (service webapp):      yes                           
      23) Install UI (zimbra,zimbraAdmin webapps): yes                           
    
    Select, or 'r' for previous menu [r] 
    
    Main menu
       1) Common Configuration:                                                  
       2) zimbra-ldap:                             Enabled                       
       3) zimbra-logger:                           Enabled                       
       4) zimbra-mta:                              Enabled                       
       5) zimbra-snmp:                             Enabled                       
       6) zimbra-store:                            Enabled                       
       7) zimbra-spell:                            Enabled                       
       8) Default Class of Service Configuration:                                
       s) Save config to file                                                    
       x) Expand menu                                                            
       q) Quit                                    
    
    *** CONFIGURATION COMPLETE - press 'a' to apply
    Select from menu, or press 'a' to apply config (? - help) a
    
    Save configuration data to a file? [Yes] 
    Save config in file: [/opt/zimbra/config.7997] 
    Saving config in /opt/zimbra/config.7997...done.
    The system will be modified - continue? [No] Yes
    Operations logged to /tmp/zmsetup08292014-153011.log
    Setting local config values...done.
    Initializing core config...Setting up CA...done.
    Deploying CA to /opt/zimbra/conf/ca ...done.
    Creating SSL zimbra-store certificate...done.
    Creating new zimbra-ldap SSL certificate...done.
    Creating new zimbra-mta SSL certificate...done.
    Installing mailboxd SSL certificates...done.
    Installing MTA SSL certificates...done.
    Installing LDAP SSL certificate...done.
    Initializing ldap...done.
    Setting replication password...done.
    Setting Postfix password...done.
    Setting amavis password...done.
    Setting nginx password...done.
    Setting BES searcher  password...done.
    Creating server entry for mail.domain.org...done.
    Setting Zimbra IP Mode...done.
    Saving CA in ldap ...done.
    Saving SSL Certificate in ldap ...done.
    Setting spell check URL...done.
    Setting service ports on mail.domain.org...done.
    Setting zimbraFeatureTasksEnabled=TRUE...done.
    Setting zimbraFeatureBriefcasesEnabled=TRUE...done.
    Setting MTA auth host...done.
    Setting TimeZone Preference...done.
    Initializing mta config...done.
    Setting services on mail.domain.org...done.
    Adding mail.domain.org to zimbraMailHostPool in default COS...done.
    Creating domain domain.org...done.
    Setting default domain name...done.
    Creating domain domain.org...already exists.
    Creating admin account admin@domain.org...done.
    Creating root alias...done.
    Creating postmaster alias...done.
    Creating user spam.v0sswi2wq@domain.org...done.
    Creating user ham._jjqc1zf@domain.org...done.
    Creating user virus-quarantine.ectddlvdi@domain.org...done.
    Setting spam training and Anti-virus quarantine accounts...done.
    Initializing store sql database...done.
    Setting zimbraSmtpHostname for mail.domain.org...done.
    Configuring SNMP...done.
    Setting up syslog.conf...done.
    Starting servers...done.
    Installing common zimlets...
    	com_zimbra_adminversioncheck...done.
    	com_zimbra_email...done.
    	com_zimbra_url...done.
    	com_zimbra_linkedinimage...done.
    	com_zimbra_bulkprovision...done.
    	com_zimbra_proxy_config...done.
    	com_zimbra_srchhighlighter...done.
    	com_zimbra_attachmail...done.
    	com_zimbra_mailarchive...done.
    	com_zimbra_attachcontacts...done.
    	com_zimbra_tooltip...done.
    	com_zimbra_date...done.
    	com_zimbra_webex...done.
    	com_zimbra_viewmail...done.
    	com_zimbra_ymemoticons...done.
    	com_zimbra_clientuploader...done.
    	com_zimbra_cert_manager...done.
    	com_zimbra_phone...done.
    Finished installing common zimlets.
    Restarting mailboxd...done.
    Creating galsync account for default domain...done.
    
    You have the option of notifying Zimbra of your installation.
    This helps us to track the uptake of the Zimbra Collaboration Server.
    The only information that will be transmitted is:
    	The VERSION of zcs installed (8.5.0_GA_3040_RHEL6_64)
    	The ADMIN EMAIL ADDRESS created (admin@domain.org)
    
    Notify Zimbra of your installation? [Yes] No
    Notification skipped
    Setting up zimbra crontab...done.
    
    Moving /tmp/zmsetup08292014-153011.log to /opt/zimbra/log
    
    Configuration complete - press return to exit 
    

  4. Cek apakah zimbra telah running.
    [root@server zcs-8.5.0_GA_3040.RHEL6_64.20140816142607]# su - zimbra
    [zimbra@server ~]$ zmcontrol -v
    Release 8.5.0_GA_3040.RHEL6_64_20140816142607 RHEL6_64 FOSS edition.
    [zimbra@server ~]$ zmcontrol status
    Host mail.domain.org
    	amavis                  Running
    	antispam                Running
    	antivirus               Running
    	ldap                    Running
    	logger                  Running
    	mailbox                 Running
    	mta                     Running
    	opendkim                Running
    	service webapp          Running
    	snmp                    Running
    	spell                   Running
    	stats                   Running
    	zimbra webapp           Running
    	zimbraAdmin webapp      Running
    	zimlet webapp           Running
    	zmconfigd               Running 
    


Konfigurasi Zimbra LDAP

  1. Pada tahap ini kita memerlukan file zcs-8.5-posix-samba.zip. Hasil extract file zip :
    • indexes.ldif
    • posixusers.ldif
    • samba-schema.tar.gz
    • script create-file-ldif.sh
    • script zcs-8.5-posix-samba.sh
    • zimlet zimbra_posixaccount.zip
    • zimlet zimbra_samba.zip
    • zimbraSambaPassword.zip

    Simpan file-file tersebut di direktori /tmp.

  2. Masih sebagai user zimbra jalankan perintah seperti ini:

    cd /tmp mv zimbra_posixaccount.zip /opt/zimbra/zimlets/ mv zimbra_samba.zip /opt/zimbra/zimlets/ mkdir zcs-samba mv samba-schema.tar.gz zcs-samba/ mv posixusers.ldif zcs-samba/ mv indexes.ldif zcs-samba/ chmod 755 create-file-ldif.sh chmod 755 zcs-8.5-posix-samba.sh

  3. Jika script zcs-8.5-posix-samba.sh dijalankan tanpa argumen maka SMBSCHEMA akan menggunakan file default /usr/share/doc/samba-3.6.9/LDAP/samba.schema.
    [zimbra@server tmp]$ ./zcs-8.5-posix-samba.sh
    File samba schema [/usr/share/doc/samba-3.6.9/LDAP/samba.schema]? 
    
    Press any key to continue.
    
    

  4. Hasil eksekusi script zcs-8.5-posix-samba.sh.
    ==> Getting Zimbra parameter...
    Domain : domain.org
    Hostname : server.domain.org
    LDAP Root Password : NDHX4Jycnx
    LDAP Prefix : dc=domain,dc=org
    
    ==> Configuring NIS Schema...
    Killing slapd with pid 628 done.
    Started slapd: pid 15089
    
    ==> Configuring Samba Schema...
    ./
    ./cn=config.ldif
    ./test.conf
    ./schema/
    ./schema/samba.schema
    ./cn=config/
    ./cn=config/olcDatabase={-1}frontend.ldif
    ./cn=config/olcDatabase={0}config.ldif
    ./cn=config/cn=schema/
    ./cn=config/cn=schema/cn={11}samba.ldif
    ./cn=config/cn=schema/cn={1}cosine.ldif
    ./cn=config/cn=schema/cn={2}inetorgperson.ldif
    ./cn=config/cn=schema/cn={0}core.ldif
    ./cn=config/cn=schema.ldif
    Killing slapd with pid 15089 done.
    Started slapd: pid 15190
    
    ==> Add indexes for PAM & Samba...
    modifying entry "olcDatabase={2}mdb,cn=config"
    
    ==> Create user for local posix and Samba...
    adding new entry "uid=zmposix,cn=appaccts,cn=zimbra"
    adding new entry "uid=zmposixroot,cn=appaccts,cn=zimbra"
    
    ==> Adjust LDAP ACL...
    modifying entry "olcDatabase={2}mdb,cn=config"
    
    modifying entry "olcDatabase={2}mdb,cn=config"
    
    ==> Configuring posixAccount and sambaSamAccount...
    
    Deleting root alias.....
    
    Proceed to Installing zimbra_posixaccount and zimbra_samba extensions for Zimbra Admin
    
    [] INFO: Deploying Zimlet zimbra_posixaccount in LDAP.
    [] INFO: Installing Zimlet zimbra_posixaccount on this host.
    [] INFO: Upgrading Zimlet zimbra_posixaccount to 1
    [] INFO: Installing Zimlet config for zimbra_posixaccount
    [] INFO: Enabling Zimlet zimbra_posixaccount
    [] INFO: Deploying Zimlet zimbra_samba in LDAP.
    [] INFO: Installing Zimlet zimbra_samba on this host.
    [] INFO: Upgrading Zimlet zimbra_samba to 6.0.3
    [] INFO: Installing Zimlet config for zimbra_samba
    [] INFO: Enabling Zimlet zimbra_samba
    [] INFO: Installing Zimlet config for zimbra_posixaccount
    [] INFO: Installing Zimlet config for zimbra_samba
    
    Zimbra LDAP configuration has been setup successfully...
    


Konfigurasi Samba Server untuk menggunakan Zimbra LDAP sebagai Centralized Database dan Primary Domain Controller

Edit file konfigurasi samba /etc/samba/smb.conf. Simpan file konfigurasi sebelumnya menjadi /etc/samba/smb.conf.orig.
Isi file /etc/samba/smb.conf

[global]
  workgroup = DOMAIN
  netbios name = MAIL
  os level = 33
  preferred master = yes
  # enable privileges = yes
  server string = %h Server (SAMBA)
  wins support =yes
  dns proxy = no
  name resolve order = wins bcast hosts
  log file = /var/log/samba/log.%m
  log level = 3
  max log size = 1000
  syslog only = no
  syslog = 0
  panic action = /usr/share/samba/panic-action %d
  security = user
  encrypt passwords = true
  ldap passwd sync = yes
  passdb backend = ldapsam:ldap://mail.domain.org/
  ldap admin dn = "cn=config"
  ldap suffix = dc=domain,dc=org
  ldap group suffix = ou=groups
  ldap user suffix = ou=people
  ldap machine suffix = ou=machines
  obey pam restrictions = no
  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
  domain logons = yes
  # logon path di bawah ini untuk roaming profile
  #logon path = \\%L\profiles\%U
  #logon home = \\%L\%U
  #logon drive = P:
  logon path =
  ldap ssl = no
  logon home = 
  logon script = logon.cmd
  add user script = /usr/sbin/useradd "%u" -n -g users
  add group script = /usr/sbin/groupadd "%g"
  add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
  delete user script = /usr/sbin/userdel "%u"
  delete user from group script = /usr/sbin/userdel "%u" "%g"
  delete group script = /usr/sbin/groupdel "%g"
  socket options = TCP_NODELAY
  domain master = yes
  local master = yes
  ldap debug level = 1
  #username map = /etc/samba/smbusers
[homes]
  comment = Home Directories
  browseable =no
  read only = No
  valid users = %S
[netlogon]
  comment = Network Logon Service
  path = /var/lib/samba/netlogon
  guest ok = yes
  locking = no
[profiles]
  comment = Users profiles
  path = /var/lib/samba/profiles
  read only = No
#Tambahan
  store dos attributes = Yes
  create mask = 0600
  directory mask = 0700
  browseable = no
  guest ok = no
  printable = no 

[profdata]
  comment = Profile Data Share
  path = /var/lib/samba/profdata
  read only = No
  profile acls = Yes
[printers]
  comment = All Printers
  browseable = no
  path = /tmp
  printable = yes
  public = no
  writable = no
  create mode = 0700
[print$]
  comment = Printer Drivers
  path = /var/lib/samba/printers
  browseable = yes
  read only = yes
  guest ok = no


Konfigurasi Server Linux untuk menggunakan Zimbra LDAP sebagai Centralized Database

  1. Sebagai user root lihat resources yang digunakan untuk autentikasi sistem dengan perintah
    authconfig --test
    .
    caching is disabled
    nss_files is always enabled
    nss_compat is disabled
    nss_db is disabled
    nss_hesiod is disabled
     hesiod LHS = ""
     hesiod RHS = ""
    nss_ldap is disabled
     LDAP+TLS is disabled
     LDAP server = "ldap://127.0.0.1/"
     LDAP base DN = "dc=example,dc=com"
    nss_nis is disabled
     NIS server = ""
     NIS domain = ""
    nss_nisplus is disabled
    nss_winbind is disabled
     SMB workgroup = "DOMAIN"
     SMB servers = ""
     SMB security = "user"
     SMB realm = ""
     Winbind template shell = "/bin/false"
     SMB idmap range = "16777216-33554431"
    nss_sss is disabled by default
    nss_wins is disabled
    nss_mdns4_minimal is disabled
    DNS preference over NSS or WINS is disabled
    pam_unix is always enabled
     shadow passwords are enabled
     password hashing algorithm is sha512
    pam_krb5 is disabled
     krb5 realm = "EXAMPLE.COM"
     krb5 realm via dns is disabled
     krb5 kdc = "kerberos.example.com"
     krb5 kdc via dns is disabled
     krb5 admin server = "kerberos.example.com"
    pam_ldap is disabled
     LDAP+TLS is disabled
     LDAP server = "ldap://127.0.0.1/"
     LDAP base DN = "dc=example,dc=com"
     LDAP schema = "rfc2307"
    pam_pkcs11 is disabled
     use only smartcard for login is disabled
     smartcard module = ""
     smartcard removal action = ""
    pam_fprintd is disabled
    pam_winbind is disabled
     SMB workgroup = "DOMAIN"
     SMB servers = ""
     SMB security = "user"
     SMB realm = ""
    pam_sss is disabled by default
     credential caching in SSSD is enabled
     SSSD use instead of legacy services if possible is enabled
    IPAv2 is disabled
    IPAv2 domain was not joined
     IPAv2 server = "None"
     IPAv2 realm = "None"
     IPAv2 domain = "None"
    pam_cracklib is enabled (try_first_pass retry=3 type=)
    pam_passwdqc is disabled ()
    pam_access is disabled ()
    pam_mkhomedir or pam_oddjob_mkhomedir is disabled ()
    Always authorize local users is enabled ()
    Authenticate system accounts against network services is disabled
    

  2. Perintah authconfig berikutnya akan memodifikasi file /etc/nsswitch.conf dan beberapa file autentikasi di direktori /etc/pam.d/ agar menggunakan resource LDAP sebagai autentikasi.
    [root@server ~]# authconfig --enableldap --enableldapauth --disablenis --enablecache --ldapserver=mail.domain.org --ldapbasedn=dc=domain,dc=org --updateall
    Starting nslcd:                                            [  OK  ]
    Starting nscd:                                             [  OK  ]
    

  3. Lihat kembali resources yang digunakan untuk autentikasi sistem dengan perintah
    authconfig --test
    .
    caching is enabled
    nss_files is always enabled
    nss_compat is disabled
    nss_db is disabled
    nss_hesiod is disabled
     hesiod LHS = ""
     hesiod RHS = ""
    nss_ldap is enabled
     LDAP+TLS is disabled
     LDAP server = "ldap://mail.domain.org/"
     LDAP base DN = "dc=domain,dc=org"
    nss_nis is disabled
     NIS server = ""
     NIS domain = ""
    nss_nisplus is disabled
    nss_winbind is disabled
     SMB workgroup = "DOMAIN"
     SMB servers = ""
     SMB security = "user"
     SMB realm = ""
     Winbind template shell = "/bin/false"
     SMB idmap range = "16777216-33554431"
    nss_sss is disabled by default
    nss_wins is disabled
    nss_mdns4_minimal is disabled
    DNS preference over NSS or WINS is disabled
    pam_unix is always enabled
     shadow passwords are enabled
     password hashing algorithm is sha512
    pam_krb5 is disabled
     krb5 realm = "EXAMPLE.COM"
     krb5 realm via dns is disabled
     krb5 kdc = "kerberos.example.com"
     krb5 kdc via dns is disabled
     krb5 admin server = "kerberos.example.com"
    pam_ldap is enabled
     LDAP+TLS is disabled
     LDAP server = "ldap://mail.domain.org/"
     LDAP base DN = "dc=domain,dc=org"
     LDAP schema = "rfc2307"
    pam_pkcs11 is disabled
     use only smartcard for login is disabled
     smartcard module = ""
     smartcard removal action = ""
    pam_fprintd is disabled
    pam_winbind is disabled
     SMB workgroup = "DOMAIN"
     SMB servers = ""
     SMB security = "user"
     SMB realm = ""
    pam_sss is disabled by default
     credential caching in SSSD is enabled
     SSSD use instead of legacy services if possible is enabled
    IPAv2 is disabled
    IPAv2 domain was not joined
     IPAv2 server = ""
     IPAv2 realm = ""
     IPAv2 domain = ""
    pam_cracklib is enabled (try_first_pass retry=3 type=)
    pam_passwdqc is disabled ()
    pam_access is disabled ()
    pam_mkhomedir or pam_oddjob_mkhomedir is disabled ()
    Always authorize local users is enabled ()
    Authenticate system accounts against network services is disabled
    

  4. Selanjutnya dapatkan password zimbra ldap.
    [root@server ~]# sudo -u zimbra /opt/zimbra/bin/zmlocalconfig -s zimbra_ldap_password
    zimbra_ldap_password = NDHX4Jycnx
    

  5. Setup koneksi samba ke Zimbra LDAP menggunakan password root dalam hal ini menggunakan password zimbra ldap.
    [root@server ~]# smbpasswd -w  NDHX4Jycnx
    Setting stored password for "cn=config" in secrets.tdb
    
    [root@server ~]# tdbdump /var/lib/samba/private/secrets.tdb 
    {
    key(30) = "SECRETS/LDAP_BIND_PW/cn=config"
    data(10) = "NDHX4Jycnx"
    }
    

    Sampai langkah ini kita belum akan menambahkan user root dengan perintah smbpasswd -a root.

  6. Kemudian edit file /etc/nslcd.conf secara manual, gunakan password zimbra ldap yang telah diperoleh dari langkah sebelumnya.
    binddn cn=config
    bindpw NDHX4Jycnx
    uri ldap://mail.domain.org/
    base dc=domain,dc=org
    ssl no
    tls_cacertdir /etc/openldap/cacerts
    timelimit 120
    bind_timelimit 120
    

  7. Restart nscd dan nslcd.

    /etc/init.d/nscd restart /etc/init.d/nslcd restart


Menambahkan user & group linux dan samba serta entry root menggunakan utility ldapadd

  1. Dapatkan Samba SID (Security IDentifier).
    [root@server ~]# /usr/bin/net GETLOCALSID |cut -f6 -d' '
    S-1-5-21-1668761153-695509762-2949468400
    
    [root@server ~]# /usr/bin/net GETLOCALSID MAIL |cut -f6 -d' '
    S-1-5-21-1668761153-695509762-2949468400
    

  2. Masih sebagai user root install zimbraSambaPassword.

    cd /tmp/ unzip zimbraSambaPassword.zip chmod 755 install.sh ./install.sh -i

  3. Sebagai user zimbra buat file-file bertipe ldif sbb:
    • sambaDomainName.ldif
    • groups.ldif
    • machines.ldif
    • DomainAdmins.ldif
    • DomainUsers.ldif
    • root.ldif

    Untuk membuat file-file bertipe ldif di atas eksekusi script create-file-ldif.sh.

  4. Jalankan script dengan argumen pertama berupa Samba Domain dan kedua berupa password root.
    [zimbra@server tmp]$ chmod 755 create-file-ldif.sh
    [zimbra@server tmp]$ ./create-file-ldif.sh DOMAIN password1
    

  5. Sebagai user zimbra gunakan perintah ldapadd untuk menambahkan file-file ldif ke Zimbra LDAP.

    PASSLDAP=`zmlocalconfig -s zimbra_ldap_password | awk '{print $3}'` ldapadd -v -h `zmhostname` -x -w $PASSLDAP -c -D "uid=zimbra,cn=admins,cn=zimbra" -f /tmp/sambaDomainName.ldif ldapadd -v -h `zmhostname` -x -w $PASSLDAP -c -D "uid=zimbra,cn=admins,cn=zimbra" -f /tmp/groups.ldif ldapadd -v -h `zmhostname` -x -w $PASSLDAP -c -D "uid=zimbra,cn=admins,cn=zimbra" -f /tmp/machines.ldif ldapadd -v -h `zmhostname` -x -w $PASSLDAP -c -D "uid=zimbra,cn=admins,cn=zimbra" -f /tmp/DomainAdmins.ldif ldapadd -v -h `zmhostname` -x -w $PASSLDAP -c -D "uid=zimbra,cn=admins,cn=zimbra" -f /tmp/DomainUsers.ldif ldapadd -v -h `zmhostname` -x -w $PASSLDAP -c -D "uid=zimbra,cn=admins,cn=zimbra" -f /tmp/root.ldif

  6. Sebagai user root restart samba.
    [root@server ~]# /etc/init.d/smb start
    Starting SMB services:                                     [  OK  ]
    [root@server ~]# /etc/init.d/nmb start
    Starting NMB services:                                     [  OK  ]
    

  7. Tambahkan user root dengan smbpasswd. Password sama seperti yang digunakan user root untuk login ke server yakni password1.
    [root@server ~]# smbpasswd -a root
    smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=MAIL))]
    smbldap_open_connection: connection opened
    ldap_connect_system: successful connection to the LDAP server
    New SMB password:
    Retype new SMB password:
    init_sam_from_ldap: Entry found for user: root
    Forcing Primary Group to 'Domain Users' for root
    init_ldap_from_sam: Setting entry for user: root
    ldapsam_modify_entry: LDAP Password changed for user root
    ldapsam_update_sam_account: successfully modified uid = root in the LDAP database
    

    Apa yang terjadi jika kita eksekusi smbpasswd -a root tanpa menambahkan entry root.ldif dengan ldapadd seperti di langkah 4 di atas?

    [root@server ~]# smbpasswd -a root
    smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=MAIL))]
    smbldap_open_connection: connection opened
    ldap_connect_system: successful connection to the LDAP server
    smbldap_search_domain_info: Got no domain info entries for domain
    add_new_domain_info: Adding new domain
    add_new_domain_info: added: domain = MAIL in the LDAP database
    add_new_domain_account_policies: Adding new account policies for domain
    smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=MAIL))]
    New SMB password:
    Retype new SMB password:
    smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=MAIL))]
    init_ldap_from_sam: Setting entry for user: root
    ldapsam_create_user: Creating new posix user
    ldapsam_create_user: Unable to get the Domain Users gid: bailing out!
    Failed to add entry for user root.
    

  8. Jalankan perintah di bawah untuk memberi kewenangan pada group Domain Admins. Gunakan password root.
    [root@server ~]# net rpc rights grant "domain.org\Domain Admins" SeAddUsersPrivilege SeMachineAccountPrivilege SePrintOperatorPrivilege
    Enter root's password:
    Successfully granted rights.
    

  9. Sebagai user zimbra update profile user admin.

    zmprov ma admin@domain.org +objectClass posixAccount uidNumber 11000 gidNumber 12001 homeDirectory /home/admin loginShell /bin/false zmprov ma admin@domain.org +objectClass sambaSamAccount sambaDomainName MAIL sambaSID "S-1-5-21-1668761153-695509762-2949468400-23000" sambaAcctFlags [UX]

  10. Test dengan getent dan pdbedit.
    [zimbra@server ~]$ getent passwd|tail
    tcpdump:x:72:72::/:/sbin/nologin
    nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
    rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
    nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
    nslcd:x:65:55:LDAP Client User:/:/sbin/nologin
    zimbra:x:500:500::/opt/zimbra:/bin/bash
    postfix:x:501:501::/opt/zimbra/postfix:/bin/bash
    vm1-winxpsp3$:x:11002:100:Workstation (vm1-winxpsp3$):/nohome:/bin/false
    admin:*:11000:12001:admin:/home/admin:/bin/false
    root:*:1000:12002:root:/root:
    
    [zimbra@server ~]$ getent group|tail
    nscd:x:28:
    slocate:x:21:
    rpcuser:x:29:
    nfsnobody:x:65534:
    ldap:x:55:
    zimbra:x:500:
    postfix:x:501:zimbra
    postdrop:x:502:
    Domain Admins:*:12001:1
    Domain Users:*:12002:2
    

     

    [root@server ~]# pdbedit -Lv admin
    smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=MAIL))]
    smbldap_open_connection: connection opened
    ldap_connect_system: successful connection to the LDAP server
    init_sam_from_ldap: Entry found for user: admin
    init_group_from_ldap: Entry found for group: 12001
    init_group_from_ldap: Entry found for group: 12001
    Unix username:        admin
    NT username:          admin
    Account Flags:        [UX         ]
    User SID:             S-1-5-21-1668761153-695509762-2949468400-23000
    Primary Group SID:    S-1-5-21-1668761153-695509762-2949468400-512
    Full Name:            admin
    Home Directory:       \\mail\admin
    HomeDir Drive:        P:
    Logon Script:         logon.cmd
    Profile Path:         
    Domain:               MAIL
    Account desc:         Administrative Account
    Workstations:         
    Munged dial:          
    Logon time:           0
    Logoff time:          never
    Kickoff time:         never
    Password last set:    0
    Password can change:  0
    Password must change: 0
    Last bad password   : 0
    Bad password count  : 0
    Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    
    [root@server ~]# pdbedit -Lv root 
    smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=MAIL))]
    smbldap_open_connection: connection opened
    ldap_connect_system: successful connection to the LDAP server
    init_sam_from_ldap: Entry found for user: root
    Forcing Primary Group to 'Domain Users' for root
    Unix username:        root
    NT username:          root
    Account Flags:        [U          ]
    User SID:             S-1-5-21-1668761153-695509762-2949468400-1000
    Primary Group SID:    S-1-5-21-1668761153-695509762-2949468400-513
    Full Name:            root
    Home Directory:       \\mail\root
    HomeDir Drive:        P:
    Logon Script:         logon.cmd
    Profile Path:         
    Domain:               MAIL
    Account desc:         
    Workstations:         
    Munged dial:          
    Logon time:           0
    Logoff time:          never
    Kickoff time:         never
    Password last set:    Fri, 22 Aug 2014 13:22:35 WIB
    Password can change:  Fri, 22 Aug 2014 13:22:35 WIB
    Password must change: never
    Last bad password   : 0
    Bad password count  : 0
    Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    


Membuat script untuk menambah account zimbra dan lakukan login domain dari komputer windows

  1. Sebagai user root buat script /usr/local/bin/add-account-zimbra-ldap.sh untuk menambah account zimbra + ldap.
    #!/bin/sh
    #
    # /usr/local/bin/add-account-zimbra-ldap.sh
    #
     
    if [ "$USER" != "zimbra" ]
    then
      echo "You need to be user zimbra to run this script"
      exit
    fi
    
    if [ "$#" -ne 2 ]
    then
      echo ""
      echo "Usage: $0 USER NAME"
      echo "Note:"
      echo "* Password akan dibuat otomatis oleh system."
      echo "* Argumen pertama harus 1 kata tanpa spasi."
      echo "* Argumen kedua jika mengandung spasi harus diapit tanda kutip tunggal '"
      echo "Eg. user1 'User 1'"
      echo ""
      exit 0
    fi
     
    #
    # DYNAMIC VARIABLE
    #
    DOMAIN=`zmprov getAllDomains`
    HOSTNAME=`zmhostname`
    GROUP="Domain Users"
    LDAP_PREFIX="dc="${DOMAIN//\./,dc=}
    BINDDN="uid=zimbra,cn=admins,cn=zimbra"
    LDAPPASS=`zmlocalconfig -s zimbra_ldap_password | awk '{print $3}'`
    
    # Variable
    ACCOUNT=$1
    PASSWD=`/usr/local/bin/randpass.sh 6 0`
    NAME=$3
     
    #
    # Posix account
    #
    GIDUSR=`ldapsearch -x -LLL -h $HOSTNAME -b "cn=$GROUP,ou=groups,$LDAP_PREFIX" -D "$BINDDN" \
      -w $LDAPPASS |grep 'gidNumber'|awk '{print $2}'`
     
    # login shell
    SHELL='/bin/false'
    # home directory
    HOMEDIR='/home'
    #
    # Samba account
    #
    # Samba Domain
    SMBDOMNM=`egrep -e "[\s]*workgroup" /etc/samba/smb.conf | awk '{print $3}'`
    # Samba SID
    SMBSID=`sudo /usr/bin/net GETLOCALSID $SMBDOMNM|cut -f6 -d' '`
    #
    # Get last uid
    LUID=`getent passwd|cut -f3 -d':'|sort -n| tail -n 2|head -n 1`
    # new uid
    LUID=$((LUID+1))
    SMBSID="$SMBSID-$(($LUID*2+1000))"
     
    # check if the name already exist
    if `getent passwd | grep -q "^${ACCOUNT}:"`
    then
       STAT=`ldapsearch -x -LLL -h $HOSTNAME -b "ou=people,$LDAP_PREFIX" -D "$BINDDN" -w $LDAPPASS \
         "(zimbraMailDeliveryAddress=${ACCOUNT}@${DOMAIN})"|grep '^zimbraAccountStatus:'|awk '{print $2}'`
       STAT=`echo $STAT | tr [a-z] [A-Z]`
       echo ""
       echo "The account $ACCOUNT already exist and have status $STAT."
       echo "Exit."
       echo ""
       sleep 1
       exit 1
    fi
     
    # check if uid already exist
    if `getent passwd | grep -q "${LUID}:"`
    then
       echo "The uid $LUID already exist."
       echo "Exit."
       echo ""
       sleep 1
       exit 1
    else
       # just wait one second
       sleep 1
    fi
     
    SMBMD4=`mkntpwd -N $PASSWD`
    # add account posix and samba
    echo ""
    echo "Creating account ..."
    echo "zmprov ca ${ACCOUNT}@${DOMAIN} $PASSWD displayName \"$NAME\" \
    uidNumber $LUID gidNumber $GIDUSR homeDirectory ${HOMEDIR}/${ACCOUNT} \
    loginShell $SHELL sambaDomainName $SMBDOMNM sambaSID $SMBSID \
    sambaAcctFlags [UX] sambaNTPassword $SMBMD4"
     
    # execute it
    zmprov ca ${ACCOUNT}@${DOMAIN} $PASSWD displayName "$NAME" \
      uidNumber $LUID gidNumber $GIDUSR homeDirectory ${HOMEDIR}/${ACCOUNT} \
      loginShell $SHELL sambaDomainName $SMBDOMNM sambaSID $SMBSID \
      sambaAcctFlags [UX] sambaNTPassword $SMBMD4
     
    if [ $? -eq 0 ]
    then
      echo ""
      echo "Add account successful."
      echo "User    : $ACCOUNT"
      echo "Password: $PASSWD"
      echo ""
    else
      echo "Add account failed."
      echo ""
    fi
    

    Gunakan visudo untuk memberi akses kepada user zimbra agar bisa menjalankan /usr/bin/net.

    %zimbra ALL=NOPASSWD:/usr/bin/net
    
  2. Sebagai user root buat script /usr/local/bin/randpass.sh untuk menggenerate password otomatis.
    #!/bin/bash
    
    # /usr/local/bin/randpass.sh
    
    [ "$2" == "0" ] && CHAR="[:alnum:]" || CHAR="[:graph:]"
      cat /dev/urandom | tr -cd "$CHAR" | head -c ${1:-32}
    echo
    
  3. Setelah kedua script di atas selesai dibuat dan diubah permission-nya ke 755 maka pindah sebagai user zimbra dan eksekusi add-account-zimbra-ldap.sh untuk menambah user dengan group default Doman Users.
    [zimbra@server ~]$ add-account-zimbra-ldap.sh 
    
    Usage: /usr/local/bin/add-account-zimbra-ldap.sh USER NAME
    Note:
    * Password akan dibuat otomatis oleh system.
    * Argumen pertama harus 1 kata tanpa spasi.
    * Argumen kedua boleh lebih dari 1 kata (mengandung spasi) namun harus diapit tanda kutip tunggal '
    Eg. user1 'User 1'
    
    [zimbra@server ~]$ add-account-zimbra-ldap.sh arief 'Arief Y'
    
    Creating account ...
    zmprov ca arief@domain.org t3hbee displayName "" uidNumber 11004 gidNumber 12002 homeDirectory /home/arief loginShell /bin/false sambaDomainName MAIL sambaSID S-1-5-21-1668761153-695509762-2949468400-23008 sambaAcctFlags [UX] sambaNTPassword F01CC8BA9A881156D01118A99A39372E
    156a5502-849c-41ec-8622-4c72e9154b64
    
    Add account successful.
    User    : arief
    Password: t3hbee
    

  4. Langkah selanjutnya buat user yang mempunyai privileges sebagai admin domain atau sebagai member Domain Admin. Untuk ini buat user it.admin. Langkahnya sama seperti saat membuat user biasa di atas. Kemudian masukkan user yang baru dibuat ke dalam group Domain Admins dengan zmprov.


    zmprov ma it.admin@domain.org gidNumber 12001

  5. Selanjutnya lakukan join domain dari komputer, misal vm1-winxpsp3, gunakan username it.admin dan password yang sesuai untuk autentikasi join domain. Setelah berhasil join, komputer minta reboot. Kemudian usai reboot login ke domain MAIL sebagai user arief.
  6. Untuk mencek apakah nama komputer telah masuk ke dalam system /etc/passwd dan zimbra ldap.
    [zimbra@server ~]$ grep vm1-winxpsp3 /etc/passwd
    vm1-winxpsp3$:x:11002:100:Workstation (vm1-winxpsp3$):/nohome:/bin/false
    [zimbra@server ~]$ LDAPPASS=`zmlocalconfig -s zimbra_ldap_password | awk '{print $3}'`
    [zimbra@server ~]$ DC="dc=domain,dc=org"
    [zimbra@server ~]$ BINDDN="uid=zimbra,cn=admins,cn=zimbra"
    [zimbra@server ~]$ ldapsearch -x -LLL -h `hostname` -b "ou=machines,$DC" -D "$BINDDN" -w $LDAPPASS "(uid=vm1-winxpsp3$)"
    dn: uid=VM1-WINXPSP3$,ou=machines,dc=domain,dc=org
    uid: VM1-WINXPSP3$
    sambaSID: S-1-5-21-1668761153-695509762-2949468400-1002
    objectClass: sambaSamAccount
    objectClass: account
    displayName: VM1-WINXPSP3$
    sambaNTPassword: 75DF64BB1A43F64A8EFD5FAE0CB69A85
    sambaPwdLastSet: 1408933296
    sambaAcctFlags: [W          ]
    


Screenshot Zimbra Admin Console

Zimbra Admin Console

Zimbra Admin Console


Zimbra Administration Summary

Zimbra Administration Summary


Zimbra Admin Extensions

Zimbra Admin Extensions


Screenshot Create Account Email and Domain
Create Email Account

Create Email Account


Setup Account Domain

Setup Account Domain


Setup Samba Domain

Setup Samba Domain


Zimbra Accounts

Zimbra Accounts


Screenshot Login Domain
System Properties -> Computer Name

System Properties -> Computer Name


Set Member of DOMAIN Domain

Set Member of DOMAIN Domain


Join into DOMAIN Domain with username it.admin

Join into DOMAIN Domain with username it.admin


Welcome to DOMAIN Domain

Welcome to DOMAIN Domain


Log On to Windows using logon domain

Log On to Windows using logon domain


Computer domain changed to DOMAIN after successfully login into domain

Computer domain changed to DOMAIN after successfully login into domain


Written by awarmanf

November 6, 2014 at 9:43 am

Posted in centos, LDAP, Linux, samba, zimbra

Tagged with , , , ,

9 Responses

Subscribe to comments with RSS.

  1. server samba san server zimbra kalau terpisah mesinnya bisa gak ya pak ?

    Yana

    November 27, 2014 at 8:54 am

    • Bisa pak.

      awarmanf

      November 27, 2014 at 9:24 am

      • Ok Terima Kasih Pak ….

        Yana

        November 27, 2014 at 5:19 pm

    • gan untuk file zcs-8.5-posix-samba.sh di eksekusi di server zimbra ato samba ya? saya sedang mencoba membuat server zimbra dan samba terpisah. untuk percobaan saya coba eksekusi file zcs-8.5-posix-samba.sh di server zimbra dan lokasi file samba.schema sudah saya copy dari server samba. Apa bisa seperti itu ?

      Selanjutnya saya sudah sampai tahap memberi kewenangan pada group Domain Admins. dengan perintah : net rpc rights grant “mail\Domain Admins” SeAddUsersPrivilege SeMachineAccountPrivilege SePrintOperatorPrivilege.

      tapi ada error seperti :

      ldap_url_parse_ext(ldap://localhost/)
      ldap_init: trying /etc/openldap/ldap.conf
      ldap_init: using /etc/openldap/ldap.conf
      ldap_url_parse_ext(ldap://mail.aviastar.id/)
      ldap_init: HOME env is /root
      ldap_init: trying /root/ldaprc
      ldap_init: trying /root/.ldaprc
      ldap_init: LDAPCONF env is NULL
      ldap_init: LDAPRC env is NULL
      Enter root’s password:
      Could not connect to server 127.0.0.1
      Connection failed: NT_STATUS_UNSUCCESSFUL

      mohon pencerahannya. ^-^

      untuk spek server zimbra menggunakan centos 7 dan zimbra 8.x dan untuk server samba menggunakan centos 6.5 dan samba 3.6.x. sudah di coba juga dengan server samba dengan spek centos 7 dan samba 4.1.x hasilnya sama seperti di atas.

      chandra kusuma

      November 29, 2014 at 5:53 am

      • File zcs-8.5-posix-samba.sh di eksekusi di server zimbra.
        File samba.schema harus diambil dari samba yang sudah diinstal di server zimbra.
        Dan samba di server zimbra nanti terintegrasi ke Zimbra LDAP.
        Pokoknya instal dulu semuanya di satu mesin.
        Kalau sudah berhasil anda bisa setup samba di mesin lain untuk integrasi ke Zimbra+Samba PDC

        awarmanf

        December 1, 2014 at 1:53 am

  2. Makasih Pak,, manfaat banget nih..

    John

    November 28, 2014 at 3:28 am

  3. Syukronnnn.. terima kasih atas sharing nya.. mantappp, rapih dan jelas sekali pak.
    saya kira zimbra 8.5 tidak bisa menggunakan zimlet admin (possix + domain), ternyata bisa ya pak. Terima kasih atas blog nya yg sangat bermanfaat🙂

    awaludinhakim

    December 2, 2014 at 4:40 am

  4. Reblogged this on awaludin's blog and commented:
    Artikel yang sangat bermanfaat dari Arief Yudhawarman

    awaludinhakim

    December 2, 2014 at 4:55 am

  5. Can I use the zcs-8.5-posix-samba.zip on a 8.6 Zimbra instalation?

    Cesar

    March 17, 2016 at 12:09 pm


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: