Upload
others
View
22
Download
0
Embed Size (px)
Citation preview
Integration active directory for authentication and authorization | Ical RedHat
1 January 30, 2021
Integration Active Directory for Authentication and Authorization Zimbra – Nextcloud – Onlyoffice – Hotspot – Vpn
Author: ical redhat // alpuketmerah https://gerakanopensource.wordpress.com
Integration active directory for authentication and authorization | Ical RedHat
2 January 30, 2021
Spesifikasi & Requirement:
1. Windows Server 2008 R2:
CPU: 2core, Ram: 1GB,
install Active Directory Domain Services dan Network Policy Server, domain: alpuket-merah.com. ip
address: 10.24.10.89
2. MikroTik RouterOS 6.40.1:
radius, hotspot, pptp, domain: router.alpuket-merah.com. ip address: 10.24.10.74, domain:
hotspot.alpuket-merah.com. ip address: 192.168.56.100
3. Ubuntu Server 18.04.5 LTS:
CPU: 6core, Ram: 3GB, swap: 4GB,
install dnsmasq, zimbra_8.8.15, domain: mail.alpuket-merah.com. ip address: 10.24.10.59 . mx: alpuket-
merah.com
4. Ubuntu Server 20.04.1 LTS:
CPU: 4core, Ram: 2.5GB, swap: 2GB,
install onlyoffice documents, domain: doc.alpuket-merah.com. ip address: 10.24.10.93
5. Ubuntu Server 20.04.1 LTS:
CPU: 4core, Ram: 3GB, swap: 6GB,
install onlyoffice groups, domain: office.alpuket-merah.com. ip address: 10.24.10.73
6. Ubuntu Server 16.04.7 LTS:
CPU: 2core, Ram: 512MB, swap: 1GB,
install apache2, mariadb, php_7.2, nextcloud, domain: nextcloud.alpuket-merah.com. ip address:
10.24.10.72
7. Windows 7 Sp1:
CPU: 2core, Ram: 1GB, join domain, vpn client
Windows Server 2008 R2 {1}_ Install Active Directory Domain Services (AD DS)
Active Directory (AD) adalah layanan yang dimiliki oleh sistem operasi windows untuk jaringan seperti
Windows 2000 Server, Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows
Server 2016, dan Windows Server 2019. Active Directory terdiri atas basis data dan juga layanan direktori.
Basis data yang dimiliki oleh Active Directory menyimpan segala sumber daya yang terdapat di dalam
jaringan, seperti halnya komputer yang telah tergabung ke sebuah domain, daftar akun pengguna dan
kelompok pengguna, folder yang di-share, dan lain-lain.
Pada tutorial ini menggunakan windows server 2008 r2 dikarenakan resource memory yang di gunakan
relatif kecil jadi masih ringan dan sudah ada role network policy server (nps) yang nantinya akan
digunakan untuk radius server. Bisa juga menggunakan windows server 2012, 2016, 2019.
Buka Run, ketik dcpromo
Integration active directory for authentication and authorization | Ical RedHat
3 January 30, 2021
Ceklis Use advanced mode installation, Next >
Pilih Create a new domain in a new forest, Next >
Integration active directory for authentication and authorization | Ical RedHat
4 January 30, 2021
Masukan nama root domain sesuaikan dengan kebutuhan, misal: alpuket-merah.com , Next >
Domain NetBIOS name, biarkan default tidak usah dirubah, Next >
Pada forest functional level dan domain functional level, sesuaikan dengan versi OS windows servernya
saja, Next >
Integration active directory for authentication and authorization | Ical RedHat
5 January 30, 2021
Ceklis DNS server, Next >
Jika muncul seperti ini pilih Yes untuk melanjutkan.
Integration active directory for authentication and authorization | Ical RedHat
6 January 30, 2021
Location Database, Log Files dan SYSVOL, biarkan default tidak usah dirubah, Next >
Masukan password untuk active directory restore mode, Next >
Integration active directory for authentication and authorization | Ical RedHat
7 January 30, 2021
Proses installasi AD DS sedang berlangsung, tunggu hingga selesai dan reboot automatis.
Integration active directory for authentication and authorization | Ical RedHat
8 January 30, 2021
{2}_ Setting DNS Manager
Tambahkan record New Host (A or AAAA)…
FQDN: dc.alpuket-merah.com ip address: 10.24.10.89
FQDN: router.alpuket-merah.com ip address: 10.24.10.74
FQDN: doc.alpuket-merah.com ip address: 10.24.10.93
FQDN: office.alpuket-merah.com ip address: 10.24.10.73
FQDN: mail.alpuket-merah.com ip address: 10.24.10.59
FQDN: nextcloud.alpuket-merah.com ip address: 10.24.10.72
Tambahkan record New Mail Exchanger (MX)…
FQDN: alpuket-merah.com FQDN of mail server: mail.alpuket-merah.com
Integration active directory for authentication and authorization | Ical RedHat
9 January 30, 2021
{3}_ Install Network Policy and Access Services
Buka Server Manager, Add Roles, Network Policy and Access Services, Next >
Ceklis Network Policy Server, Next >
Integration active directory for authentication and authorization | Ical RedHat
10 January 30, 2021
Proses installasi role nps sudah selesai. Close.
{4}_ Setting Network Policy Server (NPS)
Buka aplikasi Network policy Server yang ada di Administrative Tools
Integration active directory for authentication and authorization | Ical RedHat
11 January 30, 2021
Setting port pada NPS (Local) properties, Authentication: 1812 dan Accounting: 1813
Register server in Active Directory pada NPS (Local)
Integration active directory for authentication and authorization | Ical RedHat
12 January 30, 2021
Start NPS Service pada NPS (Local)
Tambahkan Radius Clients, New
Integration active directory for authentication and authorization | Ical RedHat
13 January 30, 2021
Tambahkan radius client untuk windows server, Ceklis Enable this RADIUS client, masukan ip address
windows server: 10.24.10.89, Shared secret misal: 123456 , vendor name: RADIUS Standard, OK.
Tambahkan radius client untuk mikrotik, Ceklis Enable this RADIUS client, masukan ip address mikrotik:
10.24.10.74, Shared secret misal: 123456 , vendor name: RADIUS Standard, OK.
Integration active directory for authentication and authorization | Ical RedHat
14 January 30, 2021
Tampilan RADIUS Client sesudah ditambahkan.
Tambahkan Network Policies, New.
Integration active directory for authentication and authorization | Ical RedHat
15 January 30, 2021
Masukan policy name, misal: mikrotik hotspot, type: unspecified, Next.
Add… Conditions, pilih Windows Groups, Add…
Integration active directory for authentication and authorization | Ical RedHat
16 January 30, 2021
Add Groups… ketik: domain , Check Names, Pilih Domain Users, OK.
Akan tampil seperti berikut jika sudah menambahkan condition: Windows Groups, Next.
Integration active directory for authentication and authorization | Ical RedHat
17 January 30, 2021
Pilih Access granted, Next
Tambahkan EAP Type: Microsoft Protected EAP (PEAP), OK.
Ceklis Encrypted authentication (CHAP), Unencrypted authentication (PAP, SPAP), Next.
Integration active directory for authentication and authorization | Ical RedHat
18 January 30, 2021
Akan tampil seperti berikut, pilih No.
Configure Constraints, biarkan default, Next.
Integration active directory for authentication and authorization | Ical RedHat
19 January 30, 2021
Configure Settings, biarkan default, Next.
Penambahan Network Policy sudah selesai, Finish.
Integration active directory for authentication and authorization | Ical RedHat
20 January 30, 2021
Pastikan urutan network policy yang barusan di buat processing order no.1 paling atas.
{5}_ Tambah Organizational Unit, Group, Users
Buka aplikasi Active Directory Users and Computers
Tambahkan Organizational Unit, New, Organizational Unit (OU).
Integration active directory for authentication and authorization | Ical RedHat
21 January 30, 2021
Masukan nama OU misal: UserDomain , OK.
Tambahkan User, New, User, misal: First name: super , initials: sa2008 , Last name: admin , Full name:
super sa2008. admin , User logon name: sa2008 , Next. Kemudian masukan password user: P@ssw0rd!
Ceklis password never expired. Kemudian properties user yang barusan di buat, masukan email dan tittle
pada object user.
Integration active directory for authentication and authorization | Ical RedHat
22 January 30, 2021
Tambahkan Group, New, Group, misal: super admin, tambahkan Members: super sa2008. admin ,
Member Of: harus ada Domain Users dan RAS and IAS Servers. OK.
Integration active directory for authentication and authorization | Ical RedHat
23 January 30, 2021
Tes radius server pada windows server dengan tool: NTRadPing Test Utility
Masukan radius server: 10.24.10.89 , port: 1812
RADIUS secret key: 123456 , username: sa2008 , password:
Jika saat klik Send terdapat keterangan response: Access-Accept, maka radius server sudah berfungsi.
Integration active directory for authentication and authorization | Ical RedHat
24 January 30, 2021
MikroTik RouterOS 6.40.1 {1}_ Setting LAN
Pastikan jaringan LAN sudah selesai di setting dan terkoneksi ke internet, misal: ip address mikrotik yang
mengarah ke arah server: 10.24.10.74 /24 , ip address mikrotik yang mengarah ke arah client dan hotspot:
192.168.56.100 /24. DNS server menggunakan ip: 10.24.10.89 (windows server 2008 r2)
{2}_ Setting Radius
Tambahkan Radius, ceklis ppp dan hotspot,
address: 10.24.10.89 (ip windows server 2008 r2 sebagai radius server)
secret: 123456 (harus sama dengan yang ada di NPS windows server 2008 r2)
Authentication port: 1812 (harus sama dengan yang ada di NPS windows server 2008 r2)
Accounting port: 1813 (harus sama dengan yang ada di NPS windows server 2008 r2)
Integration active directory for authentication and authorization | Ical RedHat
25 January 30, 2021
{3}_ Setting Hotspot
Setting hotspot samapai selesai, dan pada bagian Server Profiles, misal:
Name: alpuket-merah
Hotspot address: 192.168.56.100 (ip mikrotik yang mengarah ke client)
DNS name: hotspot.alpuket-merah.com
Login By: HTTP PAP
RADIUS: Use RADIUS dan Accounting. OK.
{4}_ Setting VPN Server (PPTP)
Setting PPTP Server: Enable
Default Profiles: default-encryption,
Edit profiles default-ecnryption, misal: Local Address: 172.1.1.10 , Remote: Address: 172.1.1.20 , DNS
Server: 10.24.10.89 (masukan ip windows server 2008 r2). OK.
Integration active directory for authentication and authorization | Ical RedHat
26 January 30, 2021
Ubuntu Server 18.04.5 LTS Install Zimbra Mail 8.8.15
{1}_ Setting ip address, hosts, hostname
root@doc:/home/ubuntu# nano /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
enp0s3:
dhcp4: no
addresses: [10.24.10.59/24]
gateway4: 10.24.10.74
nameservers:
addresses: [10.24.10.89]
search: [alpuket-merah.com]
root@mail:/home/ubuntu# netplan apply
root@mail:/home/ubuntu# nano /etc/hosts
127.0.0.1 localhost
10.24.10.59 mail.alpuket-merah.com mail
root@mail:/home/ubuntu# nano /etc/hostname
mail.alpuket-merah.com
{2}_ Install dnsmasq
root@mail:/home/ubuntu# apt update && apt install dnsmasq -y
root@mail:/home/ubuntu# nano /etc/dnsmasq
server=10.24.10.59
domain=alpuket-merah.com
mx-host=alpuket-merah.com, mail.alpuket-merah.com, 1
listen-address=127.0.0.1
root@mail:/home/ubuntu# reboot
{3}_ Install Zimbra 8.8.15
root@mail:/home/ubuntu# wget https://files.zimbra.com/downloads/8.8.15_GA/zcs-
8.8.15_GA_3869.UBUNTU18_64.20190918004220.tgz
root@mail:/home/ubuntu# tar -xvf zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220.tgz
root@mail:/home/ubuntu# cd zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220
root@mail:/home/ubuntu/ zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220# ./install.sh
Do you agree with the terms of the software license agreement? [N] Y
Use Zimbra's package repository [Y] Y
Warning: apt-key output should not be parsed (stdout is not a terminal)
Importing Zimbra GPG key
Configuring package repository
Checking for installable packages
Integration active directory for authentication and authorization | Ical RedHat
27 January 30, 2021
Found zimbra-core (local)
Found zimbra-ldap (local)
Found zimbra-logger (local)
Found zimbra-mta (local)
Found zimbra-dnscache (local)
Found zimbra-snmp (local)
Found zimbra-store (local)
Found zimbra-apache (local)
Found zimbra-spell (local)
Found zimbra-memcached (repo)
Found zimbra-proxy (local)
Found zimbra-drive (repo)
Found zimbra-imapd (local)
Found zimbra-patch (repo)
Found zimbra-mta-patch (repo)
Found zimbra-proxy-patch (repo)
Select the packages to install
Install zimbra-ldap [Y] Y
Install zimbra-logger [Y] Y
Install zimbra-mta [Y] Y
Install zimbra-dnscache [Y] N
Install zimbra-snmp [Y] Y
Install zimbra-store [Y] Y
Install zimbra-apache [Y] Y
Install zimbra-spell [Y] Y
Install zimbra-memcached [Y] Y
Install zimbra-proxy [Y] Y
Install zimbra-drive [Y] Y
Install zimbra-imapd (BETA - for evaluation only) [N] N
Install zimbra-chat [Y] Y
Checking required space for zimbra-core
Checking space for zimbra-store
Checking required packages for zimbra-store
zimbra-store package check complete.
Installing:
zimbra-core
zimbra-ldap
zimbra-logger
zimbra-mta
zimbra-snmp
zimbra-store
zimbra-apache
zimbra-spell
Integration active directory for authentication and authorization | Ical RedHat
28 January 30, 2021
zimbra-memcached
zimbra-proxy
zimbra-drive
zimbra-patch
zimbra-mta-patch
zimbra-proxy-patch
zimbra-chat
The system will be modified. Continue? [N] Y
Beginning Installation - see /tmp/install.log.ftNRSHqo for details...
zimbra-core-components will be downloaded and installed.
zimbra-timezone-data will be installed.
zimbra-common-mbox-db will be installed.
zimbra-common-mbox-docs will be installed.
zimbra-common-core-jar will be installed.
zimbra-common-mbox-conf will be installed.
zimbra-common-mbox-conf-msgs will be installed.
zimbra-common-mbox-conf-attrs will be installed.
zimbra-common-mbox-native-lib will be installed.
zimbra-common-mbox-conf-rights will be installed.
zimbra-common-core-libs will be installed.
zimbra-core will be installed.
zimbra-ldap-components will be downloaded and installed.
zimbra-ldap will be installed.
zimbra-logger will be installed.
zimbra-mta-components will be downloaded and installed.
zimbra-mta will be installed.
zimbra-snmp-components will be downloaded and installed.
zimbra-snmp will be installed.
zimbra-store-components will be downloaded and installed.
zimbra-jetty-distribution will be downloaded and installed.
zimbra-mbox-war will be installed.
zimbra-mbox-conf will be installed.
zimbra-mbox-service will be installed.
zimbra-mbox-webclient-war will be installed.
zimbra-mbox-store-libs will be installed.
zimbra-mbox-admin-console-war will be installed.
zimbra-store will be installed.
zimbra-apache-components will be downloaded and installed.
zimbra-apache will be installed.
zimbra-spell-components will be downloaded and installed.
zimbra-spell will be installed.
zimbra-memcached will be downloaded and installed.
zimbra-proxy-components will be downloaded and installed.
zimbra-proxy will be installed.
zimbra-drive will be downloaded and installed (later).
zimbra-patch will be downloaded and installed (later).
Integration active directory for authentication and authorization | Ical RedHat
29 January 30, 2021
zimbra-mta-patch will be downloaded and installed (later).
zimbra-proxy-patch will be downloaded and installed (later).
zimbra-chat will be downloaded and installed (later).
Downloading packages (10):
zimbra-core-components
zimbra-ldap-components
zimbra-mta-components
zimbra-snmp-components
zimbra-store-components
zimbra-jetty-distribution
zimbra-apache-components
zimbra-spell-components
zimbra-memcached
zimbra-proxy-components
...done
Removing /opt/zimbra
Removing zimbra crontab entry...done.
Cleaning up zimbra init scripts...done.
Cleaning up /etc/security/limits.conf...done.
Finished removing Zimbra Collaboration Server.
Installing repo packages (10):
zimbra-core-components
zimbra-ldap-components
zimbra-mta-components
zimbra-snmp-components
zimbra-store-components
zimbra-jetty-distribution
zimbra-apache-components
zimbra-spell-components
zimbra-memcached
zimbra-proxy-components
...done
Installing local packages (25):
zimbra-timezone-data
zimbra-common-mbox-db
zimbra-common-mbox-docs
zimbra-common-core-jar
zimbra-common-mbox-conf
zimbra-common-mbox-conf-msgs
zimbra-common-mbox-conf-attrs
zimbra-common-mbox-native-lib
zimbra-common-mbox-conf-rights
zimbra-common-core-libs
zimbra-core
Integration active directory for authentication and authorization | Ical RedHat
30 January 30, 2021
zimbra-ldap
zimbra-logger
zimbra-mta
zimbra-snmp
zimbra-mbox-war
zimbra-mbox-conf
zimbra-mbox-service
zimbra-mbox-webclient-war
zimbra-mbox-store-libs
zimbra-mbox-admin-console-war
zimbra-store
zimbra-apache
zimbra-spell
zimbra-proxy
...done
Installing extra packages (5):
zimbra-drive
zimbra-patch
zimbra-mta-patch
zimbra-proxy-patch
zimbra-chat
...done
Running Post Installation Configuration:
Operations logged to /tmp/zmsetup.20210125-135759.log
Installing LDAP configuration database...done.
Setting defaults...
DNS ERROR resolving MX for mail.alpuket-merah.com
It is suggested that the domain name have an MX record configured in DNS
Re-Enter domain name? [Yes]
Create domain: [mail.alpuket-merah.com] alpuket-merah.com
MX: mail.alpuket-merah.com (10.24.10.59)
Interface: 127.0.0.1
Interface: ::1
Interface: 10.24.10.59
done.
Checking for port conflicts
Main menu
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-logger: Enabled
4) zimbra-mta: Enabled
5) zimbra-snmp: Enabled
6) zimbra-store: Enabled
+Create Admin User: yes
Integration active directory for authentication and authorization | Ical RedHat
31 January 30, 2021
+Admin user to create: [email protected]
******* +Admin Password UNSET
+Anti-virus quarantine user: [email protected]
+Enable automated spam training: yes
+Spam training user: [email protected]
+Non-spam(Ham) training user: [email protected]
+SMTP host: mail.alpuket-merah.com
+Web server HTTP port: 8080
+Web server HTTPS port: 8443
+Web server mode: https
+IMAP server port: 7143
+IMAP server SSL port: 7993
+POP server port: 7110
+POP server SSL port: 7995
+Use spell check server: yes
+Spell server URL: http://mail.alpuket-merah.com:7780/aspell.php
+Enable version update checks: TRUE
+Enable version update notifications: TRUE
+Version update notification email: [email protected]
+Version update source email: [email protected]
+Install mailstore (service webapp): yes
+Install UI (zimbra,zimbraAdmin webapps): yes
7) zimbra-spell: Enabled
8) zimbra-proxy: Enabled
9) Default Class of Service Configuration:
s) Save config to file
x) Expand menu
q) Quit
Address unconfigured (**) items (? - help) 6
Store configuration
1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: [email protected]
** 4) Admin Password UNSET
5) Anti-virus quarantine user: [email protected]
6) Enable automated spam training: yes
7) Spam training user: [email protected]
8) Non-spam(Ham) training user: [email protected]
9) SMTP host: mail.alpuket-merah.com
10) Web server HTTP port: 8080
11) Web server HTTPS port: 8443
12) Web server mode: https
13) IMAP server port: 7143
14) IMAP server SSL port: 7993
15) POP server port: 7110
16) POP server SSL port: 7995
Integration active directory for authentication and authorization | Ical RedHat
32 January 30, 2021
17) Use spell check server: yes
18) Spell server URL: http://mail.alpuket-merah.com:7780/aspell.php
19) Enable version update checks: TRUE
20) Enable version update notifications: TRUE
21) Version update notification email: [email protected]
22) Version update source email: [email protected]
23) Install mailstore (service webapp): yes
24) Install UI (zimbra,zimbraAdmin webapps): yes
Select, or 'r' for previous menu [r] 4
Password for [email protected] (min 6 characters): [DRy4QxUxx] P@ssw0rd!
Store configuration
1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: [email protected]
4) Admin Password set
5) Anti-virus quarantine user: [email protected]
6) Enable automated spam training: yes
7) Spam training user: [email protected]
8) Non-spam(Ham) training user: [email protected]
9) SMTP host: mail.alpuket-merah.com
10) Web server HTTP port: 8080
11) Web server HTTPS port: 8443
12) Web server mode: https
13) IMAP server port: 7143
14) IMAP server SSL port: 7993
15) POP server port: 7110
16) POP server SSL port: 7995
17) Use spell check server: yes
18) Spell server URL: http://mail.alpuket-merah.com:7780/aspell.php
19) Enable version update checks: TRUE
20) Enable version update notifications: TRUE
21) Version update notification email: [email protected]
22) Version update source email: [email protected]
23) Install mailstore (service webapp): yes
24) Install UI (zimbra,zimbraAdmin webapps): yes
Select, or 'r' for previous menu [r] r
Main menu
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-logger: Enabled
4) zimbra-mta: Enabled
5) zimbra-snmp: Enabled
6) zimbra-store: Enabled
7) zimbra-spell: Enabled
8) zimbra-proxy: Enabled
9) Default Class of Service Configuration:
Integration active directory for authentication and authorization | Ical RedHat
33 January 30, 2021
s) Save config to file
x) Expand menu
q) Quit
*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes] Yes
Save config in file: [/opt/zimbra/config.13910]
Saving config in /opt/zimbra/config.13910...done.
The system will be modified - continue? [No] Yes
Operations logged to /tmp/zmsetup.20210125-135759.log
Setting local config values...done.
Initializing core config...Setting up CA...done.
Deploying CA to /opt/zimbra/conf/ca ...done.
Creating SSL zimbra-store certificate...done.
Creating new zimbra-ldap SSL certificate...done.
Creating new zimbra-mta SSL certificate...done.
Creating new zimbra-proxy SSL certificate...done.
Installing mailboxd SSL certificates...done.
Installing MTA SSL certificates...done.
Installing LDAP SSL certificate...done.
Installing Proxy SSL certificate...done.
Initializing ldap...done.
Setting replication password...done.
Setting Postfix password...done.
Setting amavis password...done.
Setting nginx password...done.
Setting BES searcher password...done.
Creating server entry for mail.alpuket-merah.com...done.
Setting Zimbra IP Mode...done.
Saving CA in ldap...done.
Saving SSL Certificate in ldap...done.
Setting spell check URL...done.
Setting service ports on mail.alpuket-merah.com...done.
Setting zimbraFeatureTasksEnabled=TRUE...done.
Setting zimbraFeatureBriefcasesEnabled=TRUE...done.
Checking current setting of zimbraReverseProxyAvailableLookupTargets
Querying LDAP for other mailstores
Searching LDAP for reverseProxyLookupTargets...done.
Adding mail.alpuket-merah.com to zimbraReverseProxyAvailableLookupTargets
Updating zimbraLDAPSchemaVersion to version '1557224584'
Setting TimeZone Preference...done.
Disabling strict server name enforcement on mail.alpuket-merah.com...done.
Initializing mta config...done.
Setting services on mail.alpuket-merah.com...done.
Adding mail.alpuket-merah.com to zimbraMailHostPool in default COS...done.
Creating domain alpuket-merah.com...done.
Setting default domain name...done.
Integration active directory for authentication and authorization | Ical RedHat
34 January 30, 2021
Creating domain alpuket-merah.com...already exists.
Creating admin account [email protected].
Creating root alias...done.
Creating postmaster alias...done.
Creating user [email protected].
Creating user [email protected].
Creating user [email protected].
Setting spam training and Anti-virus quarantine accounts...done.
Initializing store sql database...done.
Setting zimbraSmtpHostname for mail.alpuket-merah.com...done.
Configuring SNMP...done.
Setting up syslog.conf...done.
Starting servers...done.
Installing common zimlets...
com_zimbra_attachcontacts...done.
com_zimbra_ymemoticons...done.
com_zimbra_tooltip...done.
com_zimbra_date...done.
com_zextras_chat_open...done.
com_zimbra_proxy_config...done.
com_zimbra_email...done.
com_zimbra_mailarchive...done.
com_zextras_drive_open...done.
com_zimbra_url...done.
com_zimbra_viewmail...done.
com_zimbra_webex...done.
com_zimbra_bulkprovision...done.
com_zimbra_phone...done.
com_zimbra_clientuploader...done.
com_zimbra_cert_manager...done.
com_zimbra_srchhighlighter...done.
com_zimbra_adminversioncheck...done.
com_zimbra_attachmail...done.
Finished installing common zimlets.
Restarting mailboxd...done.
Creating galsync account for default domain...done.
You have the option of notifying Zimbra of your installation.
This helps us to track the uptake of the Zimbra Collaboration Server.
The only information that will be transmitted is:
The VERSION of zcs installed (8.8.15_GA_3869_UBUNTU18_64)
The ADMIN EMAIL ADDRESS created ([email protected])
Notify Zimbra of your installation? [Yes] Yes
Notifying Zimbra of installation via http://www.zimbra.com/cgi-
bin/notify.cgi?VER=8.8.15_GA_3869_UBUNTU18_64&[email protected]
Notification complete
Integration active directory for authentication and authorization | Ical RedHat
35 January 30, 2021
Checking if the NG started running...done.
Setting up zimbra crontab...done.
Moving /tmp/zmsetup.20210125-135759.log to /opt/zimbra/log
Configuration complete - press return to exit
root@mail:/home/ubuntu/zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220# su - zimbra
zimbra@mail:~$ zmcontrol status
Host mail.alpuket-merah.com
amavis Running
antispam Running
antivirus Running
ldap Running
logger Running
mailbox Running
memcached Running
mta Running
opendkim Running
proxy Running
service webapp Running
snmp Running
spell Running
stats Running
zimbra webapp Running
zimbraAdmin webappRunning
zimlet webapp Running
zmconfigd Running
zimbra@mail:~$ exit
{4}_ Setting Active Directory Authentication dan Create User
Login ke web admin zimbra dengan port 7071, sesuaikan dengan ip address jaringan / domain yang sudah
dibuat di active directory, misal: https://mail.alpuket-merah.com:7071
Masukan user admin zimbra: [email protected] dan password: P@ssw0rd!
Tampilan web admin zimbra.
Integration active directory for authentication and authorization | Ical RedHat
36 January 30, 2021
Masuk menu Configure, Domains, Pilih domain alpuket-merah.com, Configure Authentication.
Pilih External Active Directory
AD domain name: alpuket-merah.com , AD Server name: 10.24.10.89 , port: 3268
Integration active directory for authentication and authorization | Ical RedHat
37 January 30, 2021
Masukan username active directory yang sudah di buat di windows server 2008 r2: sa2008 , password:
Jika saat Test muncul keterangan Authentication test succeded, maka zimbra sudah berhasil terkoneksi
dengan active directory yang ada pada windwos server 2008 r2. Nexts ampai Finish.
Create user, dari web admin zimbra, masuk menu Manage, Accounts, New.
Harus diperhatikan sebelum membuat user, pada isian account name harus sama dengan user logon
name yang ada pada user active directory. Misal: sa2008 . Finish.
Integration active directory for authentication and authorization | Ical RedHat
38 January 30, 2021
Login ke web user zimbra dengan alamat: https://mail.alpuket-merah.com , masukan username dan
password user.
Tampilan inbox
Integration active directory for authentication and authorization | Ical RedHat
39 January 30, 2021
Ubuntu 20.04.1 LTS Install OnlyOffice Documents v6.1
{1}_ Setting ip address, hosts, hostname
root@doc:/home/ubuntu# nano /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
enp0s3:
dhcp4: no
addresses: [10.24.10.93/24]
gateway4: 10.24.10.1
nameservers:
addresses: [10.24.10.89]
search: [alpuket-merah.com]
root@doc:/home/ubuntu# netplan apply
root@doc:/home/ubuntu# nano /etc/hosts
127.0.0.1 localhost
10.24.10.93 doc.alpuket-merah.com doc
10.24.10.73 office.alpuket-merah.com office
root@doc:/home/ubuntu# nano /etc/hostname
doc.alpuket-merah.com
{2}_ Install PostgresSQL
root@doc:/home/ubuntu# apt-get install postgresql
The created database must have onlyoffice both for user and password root@doc:/home/ubuntu# sudo -i -u postgres psql -c "CREATE DATABASE onlyoffice;"
root@doc:/home/ubuntu# sudo -i -u postgres psql -c "CREATE USER onlyoffice WITH password
'onlyoffice';"
root@doc:/home/ubuntu# sudo -i -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO
onlyoffice;"
{3}_ Install rabbitmq dan nginx-extras
root@doc:/home/ubuntu# apt install rabbitmq-server -y
root@doc:/home/ubuntu# apt install nginx-extras
{4}_ Change default port onlyoffice docs to 80
root@doc:/home/ubuntu# echo onlyoffice-documentserver onlyoffice/ds-port select 80 | sudo debconf-
set-selections
{5}_ Install OnlyOffice Docs
root@doc:/home/ubuntu# sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys
CB2DE8E5
root@doc:/home/ubuntu# sudo echo "deb https://download.onlyoffice.com/repo/debian squeeze
main" | sudo tee /etc/apt/sources.list.d/onlyoffice.list
root@doc:/home/ubuntu# apt update && apt install ttf-mscorefonts-installer -y
root@doc:/home/ubuntu# apt install onlyoffice-documentserver -y
Tunggu hingga installasi selesai…
Integration active directory for authentication and authorization | Ical RedHat
40 January 30, 2021
Ubuntu 20.04.1 LTS Install OnlyOffice Groups v11.0
{1}_ Setting ip address, hosts, hostname
root@office:/home/ubuntu# nano /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
enp0s3:
dhcp4: no
addresses: [10.24.10.73/24]
gateway4: 10.24.10.1
nameservers:
addresses: [10.24.10.89]
search: [alpuket-merah.com]
root@office:/home/ubuntu# netplan apply
root@office:/home/ubuntu# nano /etc/hosts
127.0.0.1 localhost
10.24.10.93 doc.alpuket-merah.com doc
10.24.10.73 office.alpuket-merah.com office
root@office:/home/ubuntu# nano /etc/hostname
office.alpuket-merah.com
{2}_ Download installation script file
root@office:/home/ubuntu# wget https://download.onlyoffice.com/install/install-Debian.sh
{3}_ Install onlyoffice groups
root@office:/home/ubuntu# bash install-Debian.sh -it GROUPS
Tunggu hingga installasi selesai…
{4}_ Welcome page onlyoffice portal
Create password admin onlyoffice: P@ssw0rd!
Masukan email admin: [email protected]
Integration active directory for authentication and authorization | Ical RedHat
41 January 30, 2021
{5}_ Administrator Dashboard OnlyOffice
{6}_ Setting Active Directory Authentication
Masuk Control Panel, LDAP, Enable LDAP Authentication,
Server: LDAP://10.24.10.89
Port number: 389
User DN: DC=alpuket-merah,DC=com
Login Attribute: sAMAccountName
User Filter: (userPrincipalName=*)
Integration active directory for authentication and authorization | Ical RedHat
42 January 30, 2021
Attribute Mapping, Add Attribute
Profile Photo : JpegPhoto
Enable: Group Membership
Group DN: DC=alpuket-merah,DC=com
User Attribute: distinguishedName
Group Name Attribute: cn
Group Filter: (objectClass=group)
Group Member Attribute: member
Integration active directory for authentication and authorization | Ical RedHat
43 January 30, 2021
Enable: Authentication
Login: [email protected]
Password: P@ssw0rd!
Ceklis: Send Welcome Letter
Save
Enable: Auto Sync , Sync
{7}_ Integration Document Service
Document Editing Service Address: http://doc.alpuket-merah.com
Document Service Address: http://doc.alpuket-merah.com
Community Server Address: http://office.alpuket-merah.com
Integration active directory for authentication and authorization | Ical RedHat
44 January 30, 2021
{8}_ Integration SMTP Settings
Host: mail.alpuket-merah.com
Port: 465
Ceklis: Authentication
Host Login: [email protected]
Host Password: P@ssw0rd!
Sender Display name: [BOT] OnlyOffice Postman
Sender Email Address: [email protected]
Ceklis: Enable SSL
Save, Send Test Mail.
{9}_ Tes login dengan user active directory
Username: [email protected]
Password: P@ssw0rd!
Ceklis: Sign in to: alpuket-merah.com
Integration active directory for authentication and authorization | Ical RedHat
45 January 30, 2021
Dasboard User
{10}_ Setting Mail Zimbra Connect to OnlyOffice
Masuk Mail, Settings, Account Management, +Set up the first account
Email: [email protected]
Receive mail
POP Server: mail.alpuket-merah.com
Port POP: 995 , Authentication type: Simple Password
Login: [email protected]
Password email: P@ssw0rd!
Encryption for POP Server: SSL
Send mail
SMTP Server: mail.alpuket-merah.com
Port SMTP: 465 , Authentication type: Simple Password
Login: [email protected]
Password email: P@ssw0rd!
Encryption for SMTP Server: SSL
Integration active directory for authentication and authorization | Ical RedHat
46 January 30, 2021
Tampilan jika user onlyoffice sudah terkoneksi dengan mail zimbra maka akan terlihat list mail pada inbox.
{11}_ Setting Documents Connect to Nextcloud file server
Masuk Documents, Setting, Connected clouds, +Connect
Connection url: http://nextcloud.alpuket-merah.com/remote.php* (url bisa dilihat di nextcloud)
Login: [email protected] (user active directory, dengan catatan: nextcloud sudah terintegrasi
dengan active directory)
Password:
Folder title: Nextcloud Directory
Integration active directory for authentication and authorization | Ical RedHat
47 January 30, 2021
url WebDav pada nextcloud untuk mengintegrasikan dengan onlyoffice.
Tampilan Onlyoffice jika sudah terhubung dengan Nextcloud file server.
Integration active directory for authentication and authorization | Ical RedHat
48 January 30, 2021
{12}_ Mengkoneksikan OnlyOffice Desktop Editor dengan server onlyoffice
Download OnlyOffice Desktop Editor:
https://download.onlyoffice.com/install/desktop/editors/windows/distrib/onlyoffice/DesktopEditors_x
86.exe?_ga=2.42085155.764533964.1595236576-1157782750.1587541027
Connect to cloud, pilih OnlyOffice, masukan alamat server only office: http://office.alpuket-merah.com,
Connect now.
Login dengan user active directory
Onlyoffice desktop editor sudah terkoneksi dengan onlyoffice server
Integration active directory for authentication and authorization | Ical RedHat
49 January 30, 2021
Ubuntu 16.04.7 LTS Install Nextcloud
{1}_ Setting ip address, hosts, hostname root@cloud:/home/ubuntu# nano /etc/network/interfaces
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto enp0s3
iface enp0s3 inet static
address 10.24.10.72
netmask 255.255.255.0
network 10.24.10.0
broadcast 10.24.10.255
gateway 10.24.10.1
dns-nameservers 10.24.10.89
search alpuket-merah.com
root@cloud:/home/ubuntu# /etc/init.d/networking restart
root@cloud:/home/ubuntu# nano /etc/hosts
127.0.0.1 localhost
10.24.10.72 nextcloud.alpuket-merah.com nextcloud
root@cloud:/home/ubuntu# nano /etc/hostname
cloud.alpuket-merah.com
{2}_ Install Apache2 root@cloud:/home/ubuntu# apt update && apt install apache2 -y
root@cloud:/home/ubuntu# systemctl stop apache2.service
root@cloud:/home/ubuntu# systemctl start apache2.service
root@cloud:/home/ubuntu# systemctl enable apache2.service
{3}_ Install mariadb
root@cloud:/home/ubuntu# apt install mariadb-server mariadb-client -y
root@cloud:/home/ubuntu# systemctl stop mysql.service
root@cloud:/home/ubuntu# systemctl start mysql.service
root@cloud:/home/ubuntu# systemctl enable mysql.service
root@cloud:/home/ubuntu# mysql_secure_installation
{4}_ Install PHP7.2
root@cloud:/home/ubuntu# apt install software-properties-common -y
root@cloud:/home/ubuntu# add-apt-repository ppa:ondrej/php && sudo apt update
root@cloud:/home/ubuntu# apt install php7.2 libapache2-mod-php7.2 php7.2-common php7.2-curl
php7.2-mbstring php7.2-xmlrpc php7.2-mysql php7.2-gd php7.2-xml php7.2-intl php7.2-ldap php7.2-
imagick php7.2-json php7.2-cli php7.2-zip php7.2-gd unzip -y
root@cloud:/home/ubuntu# nano /etc/php/7.2/apache2/php.ini
file_uploads = On
allow_url_fopen = On
Integration active directory for authentication and authorization | Ical RedHat
50 January 30, 2021
short_open_tag = On
memory_limit = 256M
upload_max_filesize = 100M
max_execution_time = 360
date.timezone = Asia/Jakarta
root@cloud:/home/ubuntu# systemctl restart apache2.service
{5}_ Create Database
root@cloud:/home/ubuntu# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE nextcloud;
MariaDB [(none)]> CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';
MariaDB [(none)]> GRANT ALL ON nextcloud.* TO 'user'@'localhost' IDENTIFIED BY 'password' WITH
GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;
{6}_ Download Nextcloud 20.0.6
root@cloud:/home/ubuntu# wget https://download.nextcloud.com/server/releases/nextcloud-
20.0.6.zip
root@cloud:/home/ubuntu# unzip nextcloud-20.0.6.zip
root@cloud:/home/ubuntu# mv nextcloud /var/www/html/nextcloud
root@cloud:/home/ubuntu# chown -R www-data:www-data /var/www/html/nextcloud/
root@cloud:/home/ubuntu# chmod 755 /var/www/html/nextcloud/
{7}_ Create Virtual host
root@cloud:/home/ubuntu# nano /etc/apache2/sites-available/nextcloud.alpuket-merah.com.conf
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/html/nextcloud
ServerName nextcloud.alpuket-merah.com
<Directory /var/www/html/nextcloud/>
Options FollowSymlinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
root@cloud:/home/ubuntu# a2ensite nextcloud.alpuket-merah.com.conf
root@cloud:/home/ubuntu# systemctl reload apache2.service
{8}_ Install Nextcloud dari komputer client, akses: nextcloud.alpuket-merah.com
Create user: admin
Password admin:
User database: user
Password database: password
Nama database: nextcloud
Lokasi database: localhost
Integration active directory for authentication and authorization | Ical RedHat
51 January 30, 2021
Ceklis Install recommended apps, Finis setup
Proses installasi
Integration active directory for authentication and authorization | Ical RedHat
52 January 30, 2021
Tampilan dashboard nextcloud
{9}_ Setting LDAP
Enable module LDAP user and group backend di menu apps.
LDAP / AD integration
Server: alpuket-merah.com port: 389
User active directory: cn=super sa2008. admin,ou=UserDomain,dc=alpuket-merah,dc=com
Password user:
Base DN: dc=alpuket-merah,=dc=com
Test Base DN, jika sukses maka akan tampil Configuration OK , Continue.
Integration active directory for authentication and authorization | Ical RedHat
53 January 30, 2021
Cara mengetahui rumus user active directory dengan tool: Active Directory Explorer
Pilih user sa2008, pada distinguihedName, akan terlihat
cn=super sa2008. admin,ou=UserDomain,dc=alpuket-merah,dc=com
Pada tab Users, pastikan Only these object classes: person
Jika di verify setting and count user, maka akan terlihat 8 users found yang ada pada active directory
Integration active directory for authentication and authorization | Ical RedHat
54 January 30, 2021
Pada tab Login Attributes, ceklis LDAP / AD Username dan LDAP / AD Email Address.
Pastika attribute yang ada pada user active directory bagian Email di isi di sesuaikan dengan email yang
sudah terdaftar di zimbra.
Pada tab Groups, pilih UserGroup pada Only from these groups. Jika di verify maka akan muncul 1 group
found. Selesai.
Akan terlihat list user yang sudah terkoneksi dengan active directory.
Integration active directory for authentication and authorization | Ical RedHat
55 January 30, 2021
{10}_ Mengkoneksikan Nextcloud Desktop dengan Nextcloud server
Download Nextcloud for Desktop:
https://github.com/nextcloud/desktop/releases/download/v3.1.1/Nextcloud-3.1.1-x64.msi
Masukan server address: http://nextcloud.alpuket-merah.com
Login to your Nextcloud, masukan username dan password, Log in, Grant access.
Account sudah terkoneksi, Cek di File Explorer.
Integration active directory for authentication and authorization | Ical RedHat
56 January 30, 2021
{11}_ Mengkoneksikan Nextcloud Mobile android dengan nextcloud server
Download aplikasi nextcloud dari play store android.
Masukan server address: http://nextcloud.alpuket-merah.com
Masukan user dan password, Grant access. Berhasil login ke nextcloud server.
Integration active directory for authentication and authorization | Ical RedHat
57 January 30, 2021
Windows 7 SP1 {1}_ Tes login hotspot dari komputer client menggunakan user active directory
Akses url: hotspot.alpuket-merah.com
User: sa2008
Password: P@ssw0rd!
(Catatan: untuk username bisa menggunakan format seperti berikut)
{2}_ Tes login vpn dari komputer client menggunakan user active directory
Create VPN client, username: [email protected], server: 192.168.56.100, Data encryption:
Require encryption. Ceklis: Microsoft CHAP Version 2 (MS-CHAP v2).
Integration active directory for authentication and authorization | Ical RedHat
58 January 30, 2021
REFERENSI • Tutorial MikroTik
https://gerakanopensource.wordpress.com/2016/01/03/konfigurasi-router-mikrotik-interface-ip-
address-ip-route-ip-dns-ip-dhcp-server-ip-firewall-nat-ip-firewall-mangle-hotspot-server-radius-
server-manajemen-bandwidth-queue-tree/
• Template Login MikroTik
https://gerakanopensource.wordpress.com/2019/01/11/template-login-hotspot-mikrotik-
responsive-bootstrap-design-premium/
• Tutorial Zimbra
https://gerakanopensource.wordpress.com/2016/01/20/install-zimbra-mail-server-di-ubuntu-14-
04/
• Onlyoffice Docs
https://helpcenter.onlyoffice.com/installation/docs-community-install-ubuntu.aspx
• Onlyoffice Groups
https://helpcenter.onlyoffice.com/installation/groups-install-ubuntu.aspx
• NextCloud
https://nextcloud.com/install/#instructions-server
• Zimbra
https://www.zimbra.com/try/zimbra-collaboration-open-source/
• Tutorial OnlyOffice
https://gerakanopensource.wordpress.com/2016/07/19/membangun-web-office-menggunakan-
aplikasi-onlyoffice-berbasis-cloud-lengkap/
•