On 25/09/2015 15:40, Steve Ankeny wrote:
(1) What are the differences between Ubuntu Samba 4.1.6 and Inverse
Samba 4.1.18 in terms of libraries? Could there be some library or
package from 4.1.6 which if removed would cause 4.1.18 to work properly?
It seems to me this might be the source of my problems, as I
originally installed 4.1.6
If you use our repository for Samba packages, all should be up-to-date.
Here is the bash Samba/OpenChancge function used in the script to
prepare the ZEG:
function setupSambaOpenChange {
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak || true
apt-get -y install samba openchangeserver sogo-openchange \
openchangeproxy python-ocsmanager
openchange-ocsmanager openchange-rpcproxy python-sievelib python-spyne
python-rpclib python-mysqldb
ln -s /etc/apache2/conf.d/ocsmanager.conf
/etc/apache2/conf-available/ocsmanager.conf
ln -s /etc/apache2/conf.d/rpcproxy.conf
/etc/apache2/conf-available/rpcproxy.conf
cat >/etc/apache2/conf.d/rpcproxy.conf <<EOF
KeepAliveTimeout 120
WSGILazyInitialization On
WSGIPythonPath /usr/lib/openchange/web/rpcproxy
<Directory /usr/lib/openchange/web/rpcproxy/>
<IfVersion < 2.4>
Order deny,allow
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
SetEnv RPCPROXY_LOGLEVEL INFO
SetEnv NTLMAUTHHANDLER_WORKDIR /var/cache/ntlmauthhandler
SetEnv SAMBA_HOST 127.0.0.1
WSGIPassAuthorization On
WSGIProcessGroup %{GLOBAL}
</Directory>
WSGIScriptAlias /rpc/rpcproxy.dll
/usr/lib/openchange/web/rpcproxy/rpcproxy.wsgi
WSGIScriptAlias /rpcwithcert/rpcproxy.dll
/usr/lib/openchange/web/rpcproxy/rpcproxy.wsgi
EOF
# ocsmanager
cat >/etc/ocsmanager/ocsmanager.ini <<EOF
[DEFAULT]
debug = true
email_to = y...@yourdomain.com
smtp_server = localhost
error_email_from = paste@localhost
[main]
auth = ldap
mapistore_root = /var/lib/samba/private
mapistore_data = /var/lib/samba/private/mapistore
debug = yes
[auth:file]
[auth:ldap]
host = ldap://127.0.0.1
port = 389
bind_dn = cn=administrator,cn=Users,dc=example,dc=com
bind_pw = %1OpenChange
basedn = cn=Users,dc=example,dc=com
[auth:single]
username = openchange
password = {SSHA}I6Hy5Wv0wuxyXvMBFWFQDVVN12_CLaX9
[server:main]
use = egg:Paste#http
host = 127.0.0.1
port = 5000
protocol_version = HTTP/1.1
[app:main]
use = egg:ocsmanager
full_stack = true
static_files = true
cache_dir = %(here)s/data
beaker.session.key = ocsmanager
beaker.session.secret = SDyKK3dKyDgW0mlpqttTMGU1f
app_instance_uuid = {ee533ebc-f266-49d1-ae10-d017ee6aa98c}
NTLMAUTHHANDLER_WORKDIR = /var/cache/ntlmauthhandler
SAMBA_HOST = 127.0.0.1
[rpcproxy:ldap]
host = localhost
port = 389
basedn = CN=Users,DC=example,DC=com
set debug = true
[autodiscover]
[autodiscover:rpcproxy]
enabled = true
[outofoffice]
[outofoffice:file]
sieve_script_path = /var/vmail/\$domain/\$user/sieve-script
sieve_script_path_mkdir = false
[outofoffice:managesieve]
secret = secret
[loggers]
keys = root
[handlers]
keys = console
[formatters]
keys = generic
[logger_root]
level = INFO
handlers = console
[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic
[formatter_generic]
format = %(asctime)s %(levelname)-5.5s [%(name)s] [%(threadName)s]
%(message)s
EOF
# enable modules
a2enconf rpcproxy
a2enconf ocsmanager
# it gets better, provision will fail if smb.conf exists
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak || true
rm -rf /var/lib/samba/private/* || true
samba-tool domain provision --realm=$DOMAINNAME.$TLD \
--domain=$DOMAINNAMEUPPER \
--adminpass='%1OpenChange' \
--server-role='domain controller'
samba-tool user setexpiry administrator --noexpiry
cat >/etc/samba/smb.conf <<EOF
# Global parameters
[global]
server role = active directory domain controller
workgroup = $DOMAINNAMEUPPER
realm = $DOMAINNAME.$TLD
netbios name = sogo
passdb backend = samba4
dns forwarder = 8.8.4.4
### Configuration required by OpenChange server ###
dsdb:schema update allowed = true
dcerpc endpoint servers = epmapper, mapiproxy, dnsserver
dcerpc_mapiproxy:server = true
dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp,
exchange_ds_rfr
mapistore:namedproperties = mysql
namedproperties:mysql_user = openchange-user
namedproperties:mysql_pass = openchange123
namedproperties:mysql_host = localhost
namedproperties:mysql_db = openchange
mapistore:indexing_backend =
mysql://openchange-user:openchange123@localhost/openchange
mapiproxy:openchangedb =
mysql://openchange-user:openchange123@localhost/openchange
### Configuration required by OpenChange server ###
[netlogon]
path = /var/lib/samba/sysvol/$DOMAINNAME.$TLD/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
EOF
# sogo config link since samba is started as root
rm -rf /root/GNUstep || true
ln -s ~sogo/GNUstep /root/
# OpenChange MySQL indexing db
mysql -uroot <<EOF
CREATE USER "openchange-user"@"localhost" IDENTIFIED BY "openchange123";
GRANT ALL PRIVILEGES ON openchange.* TO "openchange-user"@"localhost"
WITH GRANT OPTION;
FLUSH PRIVILEGES;
EOF
/usr/sbin/openchange_provision --standalone
/usr/sbin/openchange_provision --openchangedb --openchangedb-uri
'mysql://openchange-user:openchange123@localhost/openchange'
echo "manual" >> /etc/init/nmbd.conf
echo "manual" >> /etc/init/smbd.conf
service slapd stop
update-rc.d slapd disable
sed -i s/'start on (local-filesystems and net-device-up)'/'start on
(started mysql)'/ /etc/init/samba-ad-dc.conf
start samba-ad-dc
a2enmod proxy proxy_http
/etc/init.d/apache2 restart
echo "supersede domain-name-servers 127.0.0.1;" >>/etc/dhcp/dhclient.conf
}
(2) Could there be an issue with 'NTLMAuthHandler.py' such as was
experienced in Bug 0002732?
http://www.sogo.nu/bugs/view.php?id=2732
No, that was a packaging issue only affecting RHEL-based distributions.
Thanks,
--
Ludovic Marcotte
lmarco...@inverse.ca :: +1.514.755.3630 :: http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu) and PacketFence
(http://packetfence.org)
--
users@sogo.nu
https://inverse.ca/sogo/lists
