Instalasi Zimbra

Instalasi Zimbra+Samba PDC Untuk Menggantikan
Windows Active Directory+MS Exchange Server

with 11 comments
Prolog
Artikel ini menjelaskan bagaimana mengkonfigurasi ZCS (Zimbra Collaboration Server) dan
Samba sebagai Server PDC (Primary Domain Controller) yang menggunakan LDAP
(Lightweight Directory Access Protocol) sebagai database user terpusat untuk autentikasi user
Linux maupun Windows. Fungsi ini dicapai dengan mengkonfigurasi Zimbra LDAP yang
bekerja sebagai database user terpusat untuk PAM (Pluggable Authentication Modules), NSS
(Name Service Switch), dan Samba ldapsam password backend. Server Linux menggunakan
CentOS 5.4 yang sudah diinstal mengikuti panduan Instalasi Server Linux CLI dengan CentOS
5.4.
Proses integrasi ini akan memudahkan para Admin dalam mengelola account-account Zimbra
Mail Server dan Samba PDC/Active Directory karena bisa langsung terintegrasi. Jika diterapkan
pada lingkungan perusahaan atau lembaga atau instansi yang selama ini menggunakan Windows
Server, panduan ini bisa digunakan untuk menyiapkan Linux server menggantikan Windows
Active Directory Server dan Microsoft Exchange Server.
Persiapan
Panduan ini menggunakan Zimbra Mail Server 6.0.12 32 bit yang diinstall pada CentOS 5.4
(VirtualBox).
Konfigurasi Domain & Hostname :
Domain : centos.org
Hostname : vbox-server.centos.org
Zimbra(*) : server.centos.org
(*)
Ini adalah nama server zimbra yang akan diinstal di server linux.
Konfigurasi IP:
IP Address: 192.168.87.103
Gateway : 192.168.87.97
DNS sudah dikonfigurasi mengikuti manual Konfigurasi DNS dengan Bind
Keperluan
zcs-6.0.12_GA_2883.RHEL5.20110306010832.tgz
systat
zcs-samba.zip
zimbraSambaPassword.zip
Pre Instalasi Zimbra

1. Pastikan service dns sudah berjalan.
2. [root@vbox-server ~]# /etc/init.d/named status

3. number of zones: 9
4. debug level: 0
5. xfers running: 0
6. xfers deferred: 0
7. soa queries in progress: 0
8. query logging is OFF
9. recursive clients: 0/1000
10. tcp clients: 0/100
11. server is up and running
named (pid 1485) is running...
12. Tidak ada service sendmail yang berjalan. Jalankan perintah di bawah sebagai user root
untuk mematikan service sendmail.
13. [root@vbox-server ~]# /etc/init.d/sendmail stop

14. Shutting down sendmail: [ OK ]
15. [root@vbox-server ~]# cd /etc/init.d
[root@vbox-server init.d]# chkconfig --del sendmail
16. Tidak ada service httpd yang berjalan di tcp port 80. Jalankan perintah di bawah sebagai
user root untuk mematikan service httpd.
17. [root@vbox-server ~]# etc/init.d/httpd stop

18. Stopping httpd:
19. [ OK ]
20. [root@vbox-server ~]# cd /etc/init.d
[root@vbox-server init.d]# chkconfig --del httpd
Jika masih memerlukan service httpd, edit file /etc/httpd/conf/httpd.conf

dan ubah port default 80 ke port lain.
21. Masukkan DVD CentOS 5.4, mount DVD dan instal systat.
22.
mkdir /media/CentOS
23. mount /dev/dvd /media/CentOS
24. yum --disablerepo=\* --enablerepo=c5-media install sysstat
Instalasi Zimbra
1. Extract file zcs-6.0.12_GA_2883.RHEL5.20110306010832.tgz (asumsi file source ada di
direktori /usr/local/src).
2.
cd /usr/local/src
3. tar zxf zcs-6.0.12_GA_2883.RHEL5.20110306010832.tgz
4. Setup zimbra. Perintah yang harus diisi ditampilkan dalam huruf tebal.
5.
cd zcs-6.0.12_GA_2883.RHEL5.20110306010832
6. ./install.sh --platform-override
Operations logged to /tmp/install.log.32084

Checking for existing installation...
zimbra-ldap...NOT FOUND
zimbra-logger...NOT FOUND
zimbra-mta...NOT FOUND
zimbra-snmp...NOT FOUND
zimbra-store...NOT FOUND
zimbra-apache...NOT FOUND
zimbra-spell...NOT FOUND
zimbra-convertd...NOT FOUND
zimbra-memcached...NOT FOUND
zimbra-proxy...NOT FOUND
zimbra-archiving...NOT FOUND
zimbra-cluster...NOT FOUND
zimbra-core...NOT FOUND
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.

ZIMBRA, INC. ("ZIMBRA") WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.
License Terms for the Zimbra Collaboration Suite:

http://www.zimbra.com/license/zimbra_public_eula_2.1.html
Do you agree with the terms of the software license agreement? [N] Y
Checking for prerequisites...

FOUND: NPTL
FOUND: sudo-1.6.9p17-5
FOUND: libidn-0.6.5-1.1
FOUND: gmp-4.1.4-10
FOUND: /usr/lib/libstdc++.so.6
Checking for suggested prerequisites...
FOUND: perl-5.8.8
FOUND: sysstat
Prerequisite check complete.
Checking for installable packages
Found zimbra-core
Found zimbra-ldap
Found zimbra-logger
Found zimbra-mta
Found zimbra-snmp
Found zimbra-store
Found zimbra-apache
Found zimbra-spell
Found zimbra-memcached
Found zimbra-proxy
Select the packages to install
Install zimbra-ldap [Y]
Install zimbra-logger [Y]
Install zimbra-mta [Y]
Install zimbra-snmp [Y]
Install zimbra-store [Y]
Install zimbra-apache [Y]
Install zimbra-spell [Y]
Install zimbra-memcached [N]
Install zimbra-proxy [N]

Checking required space for zimbra-core
checking space for zimbra-store
Installing:
zimbra-core
zimbra-ldap
zimbra-logger
zimbra-mta
zimbra-snmp
zimbra-store
zimbra-apache
zimbra-spell
You appear to be installing packages on a platform different
than the platform for which they were built.
This platform is CentOS5

Packages found: RHEL5
This may or may not work.
Using packages for a platform in which they were not designed for
may result in an installation that is NOT usable. Your support
options may be limited if you choose to continue.
Install anyway? [N] Y
The system will be modified. Continue? [N] Y
Removing /opt/zimbra
Removing zimbra crontab entry...done.
done.
Cleaning up zimbra init scripts...done.
Cleaning up /etc/ld.so.conf...done.
Cleaning up /etc/prelink.conf...done.
Cleaning up /etc/security/limits.conf...done.
Finished removing Zimbra Collaboration Suite.
Installing packages
zimbra-core......zimbra-core-6.0.12_GA_2883.RHEL5-
20110306010832.i386.rpm...done
zimbra-ldap......zimbra-ldap-6.0.12_GA_2883.RHEL5-
20110306010832.i386.rpm...done
zimbra-logger......zimbra-logger-6.0.12_GA_2883.RHEL5-
20110306010832.i386.rpm...done
zimbra-mta......zimbra-mta-6.0.12_GA_2883.RHEL5-
20110306010832.i386.rpm...done
zimbra-snmp......zimbra-snmp-6.0.12_GA_2883.RHEL5-
20110306010832.i386.rpm...done
zimbra-store......zimbra-store-6.0.12_GA_2883.RHEL5-
20110306010832.i386.rpm...done
zimbra-apache......zimbra-apache-6.0.12_GA_2883.RHEL5-
20110306010832.i386.rpm...done
zimbra-spell......zimbra-spell-6.0.12_GA_2883.RHEL5-
20110306010832.i386.rpm...done
Operations logged to /tmp/zmsetup.02082013-150930.log
Installing LDAP configuration database...done.
Berikutnya zimbra akan meresolve hostname server yakni vbox-

server.centos.org karena ini tidak ada di dns maka zimbra akan menanyakan
nama hostname yang bisa diresolve (isi dengan nama server zimbra
server.centos.org). Setelah itu zimbra akan menanyakan alamat MX. Karena
tidak ada MX record untuk server.centos.org maka isikan dengan nama domain
centos.org.
Setting defaults...No results returned for A lookup of vbox-
server.centos.org
Checked nameservers:
192.168.87.103
DNS ERROR resolving vbox-server.centos.org

It is suggested that the hostname be resolveable via DNS
Change hostname [Yes]
Please enter the logical hostname for this host [vbox-server.centos.org]
server.centos.org
Interface: 192.168.87.103
Interface: 127.0.0.1
DNS ERROR - none of the MX records for server.centos.org

resolve to this host
Change domain name? [Yes]
Create domain: [server.centos.org] centos.org
MX: mail.centos.org (192.168.87.103)
Interface: 192.168.87.103
Interface: 127.0.0.1
done.
Checking for port conflicts
Selanjutnya adalah setup password untuk admin zimbra, mematikan version update
checks dan spell check server, apply config, modifikasi sistem dan seterusnya sampai
zimbra restart.
Main menu
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-store: Enabled
+Create Admin User: yes
+Admin user to create: admin@centos.org
******* +Admin Password UNSET
+Enable automated spam training: yes
+Spam training user: spam.cu_ulydp@centos.org
+Non-spam(Ham) training user: ham.l4vdnhgf7b@centos.org
+Global Documents Account: wiki@centos.org
+SMTP host: server.centos.org
+Web server HTTP port: 80
+Web server HTTPS port: 443
+Web server mode: http
+IMAP server port: 143
+IMAP server SSL port: 993
+POP server port: 110
+POP server SSL port: 995
+Use spell check server: yes
+Spell server URL:
http://server.centos.org:7780/aspell.php
+Configure for use with mail proxy: FALSE
+Configure for use with web proxy: FALSE
+Enable version update checks: TRUE
+Enable version update notifications: TRUE
+Version update notification email: admin@vbox-
server.centos.org
+Version update source email: admin@vbox-
server.centos.org
4) zimbra-mta: Enabled
5) zimbra-snmp: Enabled
6) zimbra-logger: Enabled
7) zimbra-spell: Enabled
8) Default Class of Service Configuration:
r) Start servers after configuration yes
s) Save config to file
x) Expand menu
q) Quit
Address unconfigured (**) items (? - help) 3
Store configuration
1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: admin@centos.org
** 4) Admin Password UNSET
5) Enable automated spam training: yes
6) Spam training user: spam.cu_ulydp@centos.org
7) Non-spam(Ham) training user: ham.l4vdnhgf7b@centos.org
8) Global Documents Account: wiki@centos.org
9) SMTP host: server.centos.org
10) Web server HTTP port: 80
11) Web server HTTPS port: 443
12) Web server mode: http
13) IMAP server port: 143
14) IMAP server SSL port: 993
15) POP server port: 110
16) POP server SSL port: 995
17) Use spell check server: yes
18) Spell server URL:
19) Configure for use with mail proxy: FALSE
20) Configure for use with web proxy: FALSE
21) Enable version update checks: TRUE
22) Enable version update notifications: TRUE
23) Version update notification email: admin@vbox-
server.centos.org
24) Version update source email: admin@vbox-
server.centos.org
Select, or 'r' for previous menu [r] 4
Password for admin@centos.org (min 6 characters): [k3pGD2HJrE] password
Store configuration
1) Status: Enabled
4) Admin Password set
21) Enable version update checks: TRUE
22) Enable version update notifications: TRUE
23) Version update notification email: admin@vbox-
server.centos.org
24) Version update source email: admin@vbox-
server.centos.org
Store configuration
1) Status: Enabled
21) Enable version update checks: FALSE
Store configuration
1) Status: Enabled
17) Use spell check server: no
20) Enable version update checks: FALSE
Select, or 'r' for previous menu [r] r
Main menu
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-store: Enabled
4) zimbra-mta: Enabled
5) zimbra-snmp: Enabled
6) zimbra-logger: Enabled
7) zimbra-spell: Enabled
8) Default Class of Service Configuration:
r) Start servers after configuration yes
s) Save config to file
x) Expand menu
q) Quit
*** CONFIGURATION COMPLETE - press 'a' to apply

Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes]
Save config in file: [/opt/zimbra/config.6154]
Saving config in /opt/zimbra/config.6154...done.
The system will be modified - continue? [No] Yes
Operations logged to /tmp/zmsetup.02082013-150930.log
Setting local config values...done.
Setting up CA...done.
Deploying CA to /opt/zimbra/conf/ca ...done.
Creating SSL certificate...done.
Installing mailboxd SSL certificates...done.
Initializing ldap...done.
Setting replication password...done.
Setting Postfix password...done.
Setting amavis password...done.
Setting nginx password...done.
Creating server entry for server.centos.org...done.
Saving CA in ldap ...done.
Saving SSL Certificate in ldap ...done.
Setting service ports on server.centos.org...done.
Adding server.centos.org to zimbraMailHostPool in default COS...done.
Installing webclient skins...
sand...done.
beach...done.
zmail...done.
bones...done.
bare...done.
waves...done.
sky...done.
yahoo...done.
hotrod...done.
lake...done.
twilight...done.
oasis...done.
steel...done.
pebble...done.
lemongrass...done.
tree...done.
lavender...done.
smoke...done.
Finished installing webclient skins.
Setting zimbraFeatureIMEnabled=FALSE...done.
Setting zimbraFeatureTasksEnabled=TRUE...done.
Setting zimbraFeatureBriefcasesEnabled=TRUE...done.
Setting zimbraFeatureNotebookEnabled=TRUE...done.
Setting MTA auth host...done.
Setting TimeZone Preference...done.
Initializing mta config...done.
Setting services on server.centos.org...done.
Creating domain centos.org...done.
Setting default domain name...done.
Creating domain centos.org...already exists.
Creating admin account admin@centos.org...done.
Creating root alias...done.
Creating postmaster alias...done.
Creating user wiki@centos.org...done.
Creating user spam.cu_ulydp@centos.org...done.
Creating user ham.l4vdnhgf7b@centos.org...done.
Setting spam training accounts...done.
Initializing store sql database...done.
Setting zimbraSmtpHostname for server.centos.org...done.
Configuring SNMP...done.
Checking for default IM conference room...not present.
Initializing default IM conference room...done.
Setting up syslog.conf...done.
You have the option of notifying Zimbra of your installation.

This helps us to track the uptake of the Zimbra Collaboration Suite.
The only information that will be transmitted is:
The VERSION of zcs installed (6.0.12_GA_2883_CentOS5)
The ADMIN EMAIL ADDRESS created (admin@centos.org)
Notify Zimbra of your installation? [Yes] No

Notification skipped
Starting servers...done.
Installing common zimlets...
com_zimbra_ymemoticons...done.
com_zimbra_date...done.
com_zimbra_url...done.
com_zimbra_cert_manager...done.
com_zimbra_bulkprovision...done.
com_zimbra_email...done.
com_zimbra_adminversioncheck...done.
com_zimbra_phone...done.
com_zimbra_dnd...done.
Finished installing common zimlets.
Initializing Documents...done.
Restarting mailboxd...done.
Setting up zimbra crontab...done.
Moving /tmp/zmsetup.02082013-150930.log to /opt/zimbra/log
Configuration complete - press return to exit
7. Cek apakah zimbra telah running.
8.
su - zimbra
9. zmcontrol status
Host server.centos.org
antispam Running
antivirus Running
ldap Running
logger Running
mailbox Running
mta Running
snmp Running
spell Running
stats Running
10. Selanjutnya adalah tuning zimbra. Kita akan matikan service yang tidak begitu perlu:
snmp, spell dan logger.
11.
zmprov ms server.centos.org -zimbraServiceEnabled snmp
12. zmprov ms server.centos.org -zimbraServiceEnabled spell
13. zmprov ms server.centos.org -zimbraServiceEnabled logger
14. zmcontrol restart
Stopping stats...Done.
Stopping mta...Done.
Stopping spell...Done.
Stopping snmp...Done.
Stopping archiving...Done.
Stopping antivirus...Done.
Stopping antispam...Done.
Stopping imapproxy...Done.
Stopping memcached...Done.
Stopping mailbox...Done.
Stopping logger...Done.
Stopping ldap...Done.
Starting ldap...Done.
Starting mailbox...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting mta...Done.
Starting stats...Done.
[zimbra@vbox-server ~]$ zmcontrol status

antispam Running
antivirus Running
ldap Running
mailbox Running
mta Running
stats Running
Konfigurasi Zimbra LDAP

Yang dilakukan dalam proses ini adalah:
Menambahkan NIS Schema kedalam Zimbra LDAP
Menambahkan Samba Schema kedalam Zimbra LDAP
Menambahkan Indeks kedalam LDAP Schema
Restart Service Zimbra
Menambahkan 2 user (zmposix dan zmposixroot) dengan default password
Mengubah ACL LDAP
Menambahkan Admin Extension Zimbra Posfix Account dan Zimbra Samba Extension
Berikut langkah-langkahnya:
1. Buat direktori /tmp/zcs-samba.
2.
mkdir /tmp/zcs-samba
3. Extract file zcs-samba.zip. Simpan filenya ke /tmp/zcs-samba kecuali zcs-samba-
auto.sh simpan di /tmp.
4.
cp zcs-samba-auto.sh /tmp
5. cp samba-schema.tar.gz /tmp/zcs-samba
6. cp posixusers.ldif /tmp/zcs-samba
7. cp indexes.ldif /tmp/zcs-samba
8. chown -R zimbra. /tmp/zcs-samba
9. Edit file /tmp/zcs-samba-auto.sh. Ganti variable PASSWORD, gidBase dan

uidBase, home directory, serta samba schema jika perlu.
10. ..
11. # PARAMETER
12. # Change this password
13. PASSWD="password"
14. # GID & UID
15. gidBase=12000
16. uidBase=11000
17. # change this default home path
18. homePath='/home/%u'
19. # samba schema (sesuaikan file schema sesuai dengan versi samba yang
diinstal)
20. # Jika pakai samba hasil instalasi centos 5.4
21. SMBSCHEMA='/usr/share/doc/samba-3.0.33/LDAP/samba.schema'
22. # Jika pakai samba hasil instalasi dari versi 3.4.8
23. # SMBSCHEMA='/usr/share/doc/samba-doc-3.4.8/LDAP/samba.schema'
...
24. Ubah format file /tmp/zcs-samba-auto.sh menjadi unix dan set file mode ke 755.
25.
cd /tmp
26. dos2unix zcs-samba-auto.sh
27. chmod 755 zcs-samba-auto.sh
28. Eksekusi !
29. [root@vbox-server tmp]# su - zimbra

30. [zimbra@vbox-server ~]$ cd /tmp
31. [zimbra@vbox-server tmp]$ ./zcs-samba-auto.sh
32.
33. ==> Getting Zimbra parameter...
34. Domain : centos.org
35. Hostname : vbox-server.centos.org
36. Zimbra LDAP Password : U0Csv8Ve
37. LDAP Prefix : dc=centos,dc=org
38. ZMPOSIX_LDAP_PASSWORD : password
39. ZMPOSIXROOT_LDAP_PASSWORD : password
40.
41. ==> Configuring NIS Schema...
42. Killing slapd with pid 2870 done.
43. Started slapd: pid 24536
44.
45. ==> Configuring Samba Schema...
46. ./
47. ./cn=config.ldif
48. ./test.conf
49. ./schema/
50. ./schema/samba.schema
51. ./cn=config/
52. ./cn=config/olcDatabase={-1}frontend.ldif
53. ./cn=config/olcDatabase={0}config.ldif
54. ./cn=config/cn=schema/
55. ./cn=config/cn=schema/cn={11}samba.ldif
56. ./cn=config/cn=schema/cn={1}cosine.ldif
57. ./cn=config/cn=schema/cn={2}inetorgperson.ldif
58. ./cn=config/cn=schema/cn={0}core.ldif
59. ./cn=config/cn=schema.ldif
60. Killing slapd with pid 24536 done.
61. Started slapd: pid 24622
62.
63. ==> Add indexes for PAM & Samba...
64. modifying entry "olcDatabase={2}hdb,cn=config"
65.
66. ==> Create user for local posix and Samba...
67. adding new entry "uid=zmposix,cn=appaccts,cn=zimbra"
68.
69. adding new entry "uid=zmposixroot,cn=appaccts,cn=zimbra"
70.
71. ==> Adjust LDAP ACL...
73.
75.
76. ==> Configuring posixAccount and sambaSamAccount...
77.
78. Deleting root alias.....
79.
80. Proceed to Installing zimbra_posixaccount and zimbra_samba extensions
for Zimbra Admin
81.
82. [] INFO: Deploying on server.centos.org
83. [] INFO: Deploy initiated. Check the server's mailbox.log for the
status.
84. [] INFO: Deploying on server.centos.org
85. [] INFO: Deploy initiated. Check the server's mailbox.log for the
status.
86. [] INFO: Configure zimlet on server.centos.org
87. [] INFO: Configure initiated. (check the servers mailbox.log for the
status)
88. [] INFO: Configure zimlet on server.centos.org
89. [] INFO: Configure initiated. (check the servers mailbox.log for the
status)
90.
Zimbra LDAP configuration has been setup successfully...
Konfigurasi Samba Server untuk menggunakan Zimbra LDAP sebagai
Centralized Database dan Primary Domain Controller
Edit file konfigurasi samba /etc/samba/smb.conf. Simpan file konfigurasi sebelumnya
menjadi /etc/samba/smb.conf.default. Ganti beberapa parameter di bawah ini sesuai
dengan kebutuhan anda.
workgroup =
netbios name =
passdb backend = ldapsam:ldap://Nama_Server_Zimbra/
logon home = \\IP_Address_Server_Samba\%U
Isi file /etc/samba/smb.conf
[global]
workgroup = DOMAIN4
netbios name = Server
os level = 33
preferred master = yes
enable privileges = yes
server string = %h Server (SAMBA)
wins support =yes
dns proxy = no
name resolve order = wins bcast hosts
log file = /var/log/samba/log.%m
log level = 3
max log size = 1000
syslog only = no
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
ldap passwd sync = yes
passdb backend = ldapsam:ldap://server.centos.org/
ldap admin dn = "cn=config"
ldap suffix = dc=centos,dc=org
ldap group suffix = ou=groups
ldap user suffix = ou=people
ldap machine suffix = ou=machines
obey pam restrictions = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
domain logons = yes
# logon path di bawah ini untuk roaming profile
# logon path = \\192.168.87.103\%U\profile
logon path =
ldap ssl = no
logon drive = P:
logon home = \\192.168.87.103\%U
logon script = logon.cmd
add user script = /usr/sbin/useradd "%u" -n -g users
add group script = /usr/sbin/groupadd "%g"
add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d
/nohome -s /bin/false "%u"
delete user script = /usr/sbin/userdel "%u"
delete user from group script = /usr/sbin/userdel "%u" "%g"
delete group script = /usr/sbin/groupdel "%g"
socket options = TCP_NODELAY
domain master = yes
local master = yes
[homes]
comment = Home Directories
browseable =no
read only = No
valid users = %S
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
locking = no
[profiles]
comment = Users profiles
path = /var/lib/samba/profiles
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
browseable = no
guest ok = no
printable = no
[profdata]
comment = Profile Data Share
path = /var/lib/samba/profdata
read only = No
profile acls = Yes
[printers]
comment = All Printers
browseable = no
path = /tmp
printable = yes
public = no
writable = no
create mode = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
Konfigurasi Server Linux untuk menggunakan Zimbra LDAP sebagai
Centralized Database
1. Sebagai user root lihat resources yang digunakan untuk autentikasi sistem dengan
perintah autconfig test.
2. [root@vbox-server ~]# authconfig --test

3. caching is enabled
4. nss_files is always enabled
5. nss_compat is disabled
6. nss_db is disabled
7. nss_hesiod is disabled
8. hesiod LHS = ""
9. hesiod RHS = ""
10. nss_ldap is enabled
11. LDAP+TLS is disabled
12. LDAP server = "ldap://127.0.0.1/"
13. LDAP base DN = "dc=example,dc=com"
14. nss_nis is disabled
15. NIS server = ""
16. NIS domain = ""
17. nss_nisplus is disabled
18. nss_winbind is disabled
19. SMB workgroup = "DOMAIN4"
20. SMB servers = ""
21. SMB security = "user"
22. SMB realm = ""
23. Winbind template shell = "/bin/false"
24. SMB idmap uid = "16777216-33554431"
25. SMB idmap gid = "16777216-33554431"
26. nss_wins is disabled
27. pam_unix is always enabled
28. shadow passwords are enabled
29. password hashing algorithm is md5
30. pam_krb5 is disabled
31. krb5 realm = "EXAMPLE.COM"
32. krb5 realm via dns is disabled
33. krb5 kdc = "kerberos.example.com:88"
34. krb5 kdc via dns is disabled
35. krb5 admin server = "kerberos.example.com:749"
36. pam_ldap is enabled
37.
39. LDAP server = "ldap://127.0.0.1/"
40. LDAP base DN = "dc=example,dc=com"
41. pam_pkcs11 is disabled
42.
43. use only smartcard for login is disabled
44. smartcard module = "coolkey"
45. smartcard removal action = "Ignore"
46. pam_smb_auth is disabled
49. pam_winbind is disabled
53. SMB realm = ""
54. pam_cracklib is enabled (try_first_pass retry=3)
55. pam_passwdqc is disabled ()
56. pam_access is disabled ()
57. pam_mkhomedir is disabled ()
58. Always authorize local users is disabled ()
59. Authenticate system accounts against network services is disabled
60.
In most cases the following command will do the job (although some
manual editing will still be needed):
61. Bakup dahulu file /etc/nsswitch.conf dan /etc/pam.d/system-auth-ac.
62.
cp /etc/nsswitch.conf /etc/nsswitch.conf.default
63. cp /etc/pam.d/system-auth-ac /etc/pam.d/system-auth-ac.default
64. Sebelum menjalankan perintah authconfig sebagai user root untuk rekonfigurasi sumber
autentikasi sistem dapatkan dahulu password zimbra ldap.
65.
sudo -u zimbra /opt/zimbra/bin/zmlocalconfig -s zimbra_ldap_password
66. zimbra_ldap_password = U0Csv8Ve
Perintah authconfig akan memodifikasi file /etc/nsswitch.conf dan

/etc/pam.d/system-auth-ac untuk menggunakan resource LDAP sebagai
autentikasi.
authconfig --enableldap --enableldapauth --disablenis --enablecache

--ldapserver=server.centos.org --ldapbasedn=dc=centos,dc=org --updateall
Stopping nscd: [ OK ]
Starting nscd:
67. Lihat kembali resources yang digunakan untuk autentikasi sistem dengan perintah
autconfigtest.
68. [root@vbox-server ~]# authconfig --test

69. caching is enabled
70. nss_files is always enabled
71. nss_compat is disabled
72. nss_db is disabled
73. nss_hesiod is disabled
74. hesiod LHS = ""
75. hesiod RHS = ""
76. nss_ldap is enabled
78. LDAP server = "ldap://server.centos.org/"
79. LDAP base DN = "dc=centos,dc=org"
80. nss_nis is disabled
81. NIS server = ""
82. NIS domain = ""
83. nss_nisplus is disabled
84. nss_winbind is disabled
88. SMB realm = ""
89. Winbind template shell = "/bin/false"
90. SMB idmap uid = "16777216-33554431"
91. SMB idmap gid = "16777216-33554431"
92. nss_wins is disabled
93. pam_unix is always enabled
94. shadow passwords are enabled
95. password hashing algorithm is md5
96. pam_krb5 is disabled
97. krb5 realm = "EXAMPLE.COM"
98. krb5 realm via dns is disabled
99. krb5 kdc = "kerberos.example.com:88"
100. krb5 kdc via dns is disabled
101. krb5 admin server = "kerberos.example.com:749"
102. pam_ldap is enabled
103.
105. LDAP server = "ldap://server.centos.org/"
106. LDAP base DN = "dc=centos,dc=org"
107. pam_pkcs11 is disabled
108.
109. use only smartcard for login is disabled
110. smartcard module = "coolkey"
111. smartcard removal action = "Ignore"
112. pam_smb_auth is disabled
115. pam_winbind is disabled
119. SMB realm = ""
120. pam_cracklib is enabled (try_first_pass retry=3)
121. pam_passwdqc is disabled ()
122. pam_access is disabled ()
123. pam_mkhomedir is disabled ()
124. Always authorize local users is disabled ()
Authenticate system accounts against network services is disabled
125. Selanjutnya edit file /etc/ldap.conf secara manual, gunakan password

zimbra ldap yang telah diperoleh dari langkah sebelumnya. Bagian yang musti diubah di
file /etc/ldap.conf ditandai dengan cetak tebal.
126. binddn cn=config
127. bindpw U0Csv8Ve
128. uri ldap://server.centos.org/
129. base dc=centos,dc=org
130. ssl no
131. tls_cacertdir /etc/openldap/cacerts
132. pam_password md5
133. bind_policy soft
134. timelimit 120
bind_timelimit 120
135. Setup koneksi samba ke Zimbra LDAP menggunakan password root dalam hal ini
menggunakan password zimbra ldap.
136.
PASSLDAP=`sudo -u zimbra /opt/zimbra/bin/zmlocalconfig -s
zimbra_ldap_password | awk '{print $3}'`
137. smbpasswd -w $PASSLDAP
Selain itu tambahkan user root ke dalam file lokal smbpasswd. Password sama seperti
yang digunakan user root untuk login ke server.
smbpasswd -a root
Start samba dan lihat status samba yang sedang running.
[root@vbox-server ~]# /etc/init.d/smb start

Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@vbox-server ~]# /etc/init.d/smb status

smbd dead but pid file exists
nmbd (pid 7184) is running...
[root@vbox-server ~]# tail /var/log/samba/log.smbd

[2013/02/12 09:28:26, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/12 09:28:26, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/12 09:28:26, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/12 09:28:26, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/12 09:28:26, 0] smbd/server.c:main(1059)
ERROR: failed to setup guest info.
Hm, rupanya samba masih error? Jangan kuatir masalah ini akan solve sebentar lagi :).
Menambahkan user & group linux dan samba menggunakan utility
ldapadd
Dalam tahapan ini kita tidak menggunakan Zimbra Admin User Interface untuk mmenambahkan
user & group linux dan samba melainkan menggunakan ldapadd.
Dapatkan Samba SID (Security IDentifier).

[root@vbox-server ~]# /usr/bin/net GETLOCALSID |cut -f6 -d' '
S-1-5-21-1508648254-3288735373-2858972520
Atau jika menggunakan nama domain
[root@vbox-server ~]# /usr/bin/net GETLOCALSID DOMAIN4|cut -f6 -d' '

S-1-5-21-1508648254-3288735373-2858972520
Catatan: Samba SID ini bilangan unik.
Buat file ldif (Lightweight Directory Interchange Format) dengan vi atau nano. Kita
namakan filenya sambaDomainName.ldif dan simpan di folder /tmp. Edit bagian
yang bercetak tebal.
dn: sambaDomainName=DOMAIN4,dc=centos,dc=org
sambaDomainName: DOMAIN4
sambaSID: S-1-5-21-1508648254-3288735373-2858972520
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
sambaMinPwdAge: 0
sambaPwdHistoryLength: 0
sambaNextRid: 1252
Selanjutnya tambahkan data ldif ke Zimbra LDAP dengan perintah ldapadd. Untuk ini
login sebagai user zimbra.
su - zimbra
PASSLDAP=`zmlocalconfig -s zimbra_ldap_password | awk '{print $3}'`
ldapadd -v -H ldap://server.centos.org/ -x -w $PASSLDAP -c -D
"uid=zimbra,cn=admins,cn=zimbra" -f /tmp/sambaDomainName.ldif
ldap_initialize( ldap://server.centos.org:389/??base )
add sambaDomainName:
DOMAIN4
add sambaSID:
S-1-5-21-1508648254-3288735373-2858972520
add sambaAlgorithmicRidBase:
1000
add objectClass:
sambaDomain
add sambaNextUserRid:
1000
add sambaMinPwdLength:
5
add sambaLogonToChgPwd:
0
add sambaMaxPwdAge:
-1
add sambaLockoutDuration:
30
add sambaLockoutObservationWindow:
30
add sambaLockoutThreshold:
0
add sambaForceLogoff:
-1
add sambaRefuseMachinePwdChange:
0
add sambaMinPwdAge:
0
add sambaPwdHistoryLength:
0
add sambaNextRid:
1252
adding new entry "sambaDomainName=DOMAIN4,dc=centos,dc=org"
modify complete
Berikutnya berturut-turut buat file groups.ldif, machines.ldif, DomainAdmins.ldif, dan

DomainUsers.ldif. Simpan ketiganya di folder /tmp. Edit bagian yang bercetak tebal.
SambaSID berturut-turut untuk Domain Admins dan Domain Users adalah SambaSID-
512 dan SambaSID-513.
/tmp/groups.ldif
dn: ou=groups,dc=centos,dc=org
cn: groups
objectClass: organizationalRole
ou: groups
/tmp/machines.ldif
dn: ou=machines,dc=centos,dc=org
cn: machines
objectClass: organizationalRole
ou: machines
/tmp/DomainAdmins.ldif
dn: cn=Domain Admins,ou=groups,dc=centos,dc=org

cn: Domain Admins
description: Domain Admins
gidNumber: 12001
memberUid: 1
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaGroupType: 2
sambaSID: S-1-5-21-1508648254-3288735373-2858972520-512
/tmp/DomainUsers.ldif
dn: cn=Domain Users,ou=groups,dc=centos,dc=org

cn: Domain Users
description: Domain Users
displayName: Domain Users
gidNumber: 12002
memberUid: 2
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaGroupType: 2
sambaSID: S-1-5-21-1508648254-3288735373-2858972520-513
Selanjutnya tambahkan ke-4 data ldif tersebut ke Zimbra LDAP dengan perintah
ldapadd.

"uid=zimbra,cn=admins,cn=zimbra" -f /tmp/groups.ldif
add cn:
groups
add objectClass:
organizationalRole
add ou:
groups
adding new entry "ou=groups,dc=centos,dc=org"
modify complete
"uid=zimbra,cn=admins,cn=zimbra" -f /tmp/machines.ldif
add cn:
machines
add objectClass:
organizationalRole
add ou:
machines
adding new entry "ou=machines,dc=centos,dc=org"
modify complete
"uid=zimbra,cn=admins,cn=zimbra" -f /tmp/DomainAdmins.ldif
add cn:
Domain Admins
add description:
Domain Admins
add gidNumber:
12001
add memberUid:
1
add objectClass:
posixGroup
sambaGroupMapping
add sambaGroupType:
2
add sambaSID:
S-1-5-21-1508648254-3288735373-2858972520-512
adding new entry "cn=Domain Admins,ou=groups,dc=centos,dc=org"
modify complete
"uid=zimbra,cn=admins,cn=zimbra" -f /tmp/DomainUsers.ldif
add cn:
Domain Users
add description:
Domain Users
add displayName:
Domain Users
add gidNumber:
12002
add memberUid:
2
add objectClass:
posixGroup
sambaGroupMapping
add sambaGroupType:
2
add sambaSID:
S-1-5-21-1508648254-3288735373-2858972520-513
adding new entry "cn=Domain Users,ou=groups,dc=centos,dc=org"
modify complete
Restart samba.
[root@vbox-server ~]# /etc/init.d/smb restart

Shutting down SMB services: [FAILED]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@vbox-server ~]# /etc/init.d/smb status

smbd (pid 9531) is running...
nmbd (pid 9534) is running...
Setelah itu jalankan perintah di bawah menggunakan hak akses root untuk memberi
kewenangan pada group Domain Admins. Gunakan password root dan ganti nama
domain centos.org dengan yang sesuai:
net rpc rights grant "centos.org\Domain Admins" SeAddUsersPrivilege

SeMachineAccountPrivilege SePrintOperatorPrivilege
Password:
Successfully granted rights.
Update Profile User admin

Jalankan perintah berikut untuk memodifikasi membership dan profile account admin
yang pernah dibuat sebelumnya saat Zimbra belum digabungkan dengan Samba.
Sesuaikan nama domain. User admin diberi uidNumber 11000 dan gidNumber 12001.
SambaSID-nya adalah angka SambaSID domain, dalam hal ini DOMAIN4,
dikombinasikan dengan (uidNumber*2)+1000.
whoami
root
/usr/bin/net GETLOCALSID |cut -f6 -d' '
S-1-5-21-1508648254-3288735373-2858972520
su - zimbra
zmprov ma admin@centos.org +objectClass posixAccount uidNumber 11000
gidNumber 12001 homeDirectory /home/admin loginShell /bin/false
zmprov ma admin@centos.org +objectClass sambaSamAccount sambaDomainName
DOMAIN4 sambaSID "S-1-5-21-1508648254-3288735373-2858972520-23000"
sambaAcctFlags [UX]
Test dengan getent dan pdbedit

[root@vbox-server ~]# getent passwd|tail
named:x:25:25:Named:/var/named:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi-autoipd:x:100:104:avahi-autoipd:/var/lib/avahi-
autoipd:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
zimbra:x:500:500::/opt/zimbra:/bin/bash
postfix:x:501:501::/opt/zimbra/postfix:/bin/bash
admin:*:11000:12001:admin:/home/admin:/bin/false
[root@vbox-server ~]# getent group|tail

rpcuser:x:29:
nfsnobody:x:65534:
haldaemon:x:68:
avahi-autoipd:x:104:
xfs:x:43:
zimbra:x:500:
postfix:x:501:zimbra
postdrop:x:502:
Domain Admins:*:12001:1
Domain Users:*:12002:2
[root@vbox-server ~]# pdbedit -Lv admin
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)

(sambaDomainName=DOMAIN4))]
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)
(sambaDomainName=DOMAIN4))]
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
init_sam_from_ldap: Entry found for user: admin
Unix username: admin
NT username: admin
Account Flags: [UX ]
User SID: S-1-5-21-1508648254-3288735373-2858972520-23000
init_group_from_ldap: Entry found for group: 12001
init_group_from_ldap: Entry found for group: 12001
Primary Group SID: S-1-5-21-1508648254-3288735373-2858972520-512
Full Name: admin
Home Directory: \\192.168.87.103\admin
HomeDir Drive: P:
Logon Script: logon.cmd
Profile Path:
Domain: DOMAIN4
Account desc: Administrative Account
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: 0
Password can change: 0
Password must change: 0
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Instalasi zimbraSambaPassword
Ini diperlukan apabila kita menginginkan password samba terintegrasi dengan password user
zimbra. Secara default apabila user mengganti password melalui webmail zimbra ini tidak akan
mengubah password samba (baca: password untuk logon domain).
Download zimbraSambaPassword.zip
Extract zimbraSambaPassword.zip
Ikuti petunjuk di README.txt
[root@vbox-server ~]# cd /tmp

[root@vbox-server tmp]# unzip zimbraSambaPassword.zip
[root@vbox-server tmp]# ls
install.sh mkntpwd.tar.gz README.txt sambapassword.jar
[root@vbox-server tmp]# chmod 755 install.sh

[root@vbox-server tmp]# ./install.sh
ERROR: Unknown option
./install.sh -[hiu]
-h|--help Usage
-i|--install Install extension
-u|--uninstall Uninstall extension
[root@vbox-server tmp]# ./install.sh -i

Checking for existing installation...
Shutting down Zimbra

Stopping stats...Done.
Stopping mta...Done.
Stopping spell...Done.
Stopping snmp...Done.
Stopping archiving...Done.
Stopping antivirus...Done.
Stopping antispam...Done.
Stopping imapproxy...Done.
Stopping memcached...Done.
Stopping mailbox...Done.
Stopping logger...Done.
Stopping ldap...Done.
Installing zimbraSambaPassword extension
Installing mkntpwd binary

gcc -O2 -DMPU8086 -c -o getopt.o getopt.c
gcc -O2 -DMPU8086 -c -o md4.o md4.c
md4.c: In function mdfour:
md4.c:144: warning: incompatible implicit declaration of built-in function
memcpy
gcc -O2 -DMPU8086 -c -o mkntpwd.o mkntpwd.c
mkntpwd.c: In function main:
mkntpwd.c:37: warning: return type of main is not int
gcc -O2 -DMPU8086 -c -o smbdes.o smbdes.c
gcc -O2 -DMPU8086 -o mkntpwd getopt.o md4.o mkntpwd.o
smbdes.o
Starting up Zimbra
Starting ldap...Done.
Starting mailbox...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting mta...Done.
Starting stats...Done.
Registering zimbraSambaPassword extension
Screenshot

Instalasi Zimbra

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Instalasi Zimbra

Diunggah oleh

Hak Cipta:

Format Tersedia

Instalasi Zimbra+Samba PDC Untuk Menggantikan

Windows Active Directory+MS Exchange Server

Konfigurasi Domain & Hostname :

DNS sudah dikonfigurasi mengikuti manual Konfigurasi DNS dengan Bind

Pre Instalasi Zimbra

2. [root@vbox-server ~]# /etc/init.d/named status

13. [root@vbox-server ~]# /etc/init.d/sendmail stop

17. [root@vbox-server ~]# etc/init.d/httpd stop

Jika masih memerlukan service httpd, edit file /etc/httpd/conf/httpd.conf

Operations logged to /tmp/install.log.32084

PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.

License Terms for the Zimbra Collaboration Suite:

Checking for prerequisites...

Checking for installable packages

Select the packages to install

Install zimbra-ldap [Y]

Install zimbra-logger [Y]

Install zimbra-mta [Y]

Install zimbra-snmp [Y]

Install zimbra-store [Y]

Install zimbra-apache [Y]

Install zimbra-spell [Y]

Install zimbra-memcached [N]

Install zimbra-proxy [N]

This platform is CentOS5

Install anyway? [N] Y

The system will be modified. Continue? [N] Y

Finished removing Zimbra Collaboration Suite.

Berikutnya zimbra akan meresolve hostname server yakni vbox-

DNS ERROR resolving vbox-server.centos.org

DNS ERROR - none of the MX records for server.centos.org

Address unconfigured (**) items (? - help) 3

Select, or 'r' for previous menu [r] 4

Password for admin@centos.org (min 6 characters): [k3pGD2HJrE] password

Select, or 'r' for previous menu [r] 21

Select, or 'r' for previous menu [r] 17

Select, or 'r' for previous menu [r] r

*** CONFIGURATION COMPLETE - press 'a' to apply

You have the option of notifying Zimbra of your installation.

Notify Zimbra of your installation? [Yes] No

Moving /tmp/zmsetup.02082013-150930.log to /opt/zimbra/log

Configuration complete - press return to exit

7. Cek apakah zimbra telah running.

[zimbra@vbox-server ~]$ zmcontrol status

Konfigurasi Zimbra LDAP

Menambahkan NIS Schema kedalam Zimbra LDAP

Menambahkan Samba Schema kedalam Zimbra LDAP

Menambahkan Indeks kedalam LDAP Schema

Restart Service Zimbra

Menambahkan 2 user (zmposix dan zmposixroot) dengan default password

Mengubah ACL LDAP

1. Buat direktori /tmp/zcs-samba.

9. Edit file /tmp/zcs-samba-auto.sh. Ganti variable PASSWORD, gidBase dan

29. [root@vbox-server tmp]# su - zimbra

passdb backend = ldapsam:ldap://Nama_Server_Zimbra/

logon home = \\IP_Address_Server_Samba\%U

Isi file /etc/samba/smb.conf

2. [root@vbox-server ~]# authconfig --test

61. Bakup dahulu file /etc/nsswitch.conf dan /etc/pam.d/system-auth-ac.

Perintah authconfig akan memodifikasi file /etc/nsswitch.conf dan

authconfig --enableldap --enableldapauth --disablenis --enablecache

68. [root@vbox-server ~]# authconfig --test

125. Selanjutnya edit file /etc/ldap.conf secara manual, gunakan password

Start samba dan lihat status samba yang sedang running.