Integration active directory for authentication and authorization · 2021. 2. 1. · Integration active directory for authentication and authorization | Ical RedHat January 30, 2021

Integration active directory for authentication and authorization | Ical RedHat

1 January 30, 2021

Integration Active Directory for Authentication and Authorization Zimbra – Nextcloud – Onlyoffice – Hotspot – Vpn

Author: ical redhat // alpuketmerah https://gerakanopensource.wordpress.com


2 January 30, 2021

Spesifikasi & Requirement:

1. Windows Server 2008 R2:

CPU: 2core, Ram: 1GB,

install Active Directory Domain Services dan Network Policy Server, domain: alpuket-merah.com. ip

address: 10.24.10.89

2. MikroTik RouterOS 6.40.1:

radius, hotspot, pptp, domain: router.alpuket-merah.com. ip address: 10.24.10.74, domain:

hotspot.alpuket-merah.com. ip address: 192.168.56.100

3. Ubuntu Server 18.04.5 LTS:

CPU: 6core, Ram: 3GB, swap: 4GB,

install dnsmasq, zimbra_8.8.15, domain: mail.alpuket-merah.com. ip address: 10.24.10.59 . mx: alpuket-

merah.com


CPU: 4core, Ram: 2.5GB, swap: 2GB,

install onlyoffice documents, domain: doc.alpuket-merah.com. ip address: 10.24.10.93


CPU: 4core, Ram: 3GB, swap: 6GB,

install onlyoffice groups, domain: office.alpuket-merah.com. ip address: 10.24.10.73


CPU: 2core, Ram: 512MB, swap: 1GB,

install apache2, mariadb, php_7.2, nextcloud, domain: nextcloud.alpuket-merah.com. ip address:

10.24.10.72

7. Windows 7 Sp1:

CPU: 2core, Ram: 1GB, join domain, vpn client

Windows Server 2008 R2 {1}_ Install Active Directory Domain Services (AD DS)

Active Directory (AD) adalah layanan yang dimiliki oleh sistem operasi windows untuk jaringan seperti

Windows 2000 Server, Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows

Server 2016, dan Windows Server 2019. Active Directory terdiri atas basis data dan juga layanan direktori.

Basis data yang dimiliki oleh Active Directory menyimpan segala sumber daya yang terdapat di dalam

jaringan, seperti halnya komputer yang telah tergabung ke sebuah domain, daftar akun pengguna dan

kelompok pengguna, folder yang di-share, dan lain-lain.

Pada tutorial ini menggunakan windows server 2008 r2 dikarenakan resource memory yang di gunakan

relatif kecil jadi masih ringan dan sudah ada role network policy server (nps) yang nantinya akan

digunakan untuk radius server. Bisa juga menggunakan windows server 2012, 2016, 2019.

Buka Run, ketik dcpromo


3 January 30, 2021

Ceklis Use advanced mode installation, Next >

Pilih Create a new domain in a new forest, Next >


4 January 30, 2021

Masukan nama root domain sesuaikan dengan kebutuhan, misal: alpuket-merah.com , Next >

Domain NetBIOS name, biarkan default tidak usah dirubah, Next >

Pada forest functional level dan domain functional level, sesuaikan dengan versi OS windows servernya

saja, Next >


5 January 30, 2021

Ceklis DNS server, Next >

Jika muncul seperti ini pilih Yes untuk melanjutkan.


6 January 30, 2021

Location Database, Log Files dan SYSVOL, biarkan default tidak usah dirubah, Next >

Masukan password untuk active directory restore mode, Next >


7 January 30, 2021

Proses installasi AD DS sedang berlangsung, tunggu hingga selesai dan reboot automatis.


8 January 30, 2021

{2}_ Setting DNS Manager

Tambahkan record New Host (A or AAAA)…

FQDN: dc.alpuket-merah.com ip address: 10.24.10.89

FQDN: router.alpuket-merah.com ip address: 10.24.10.74

FQDN: doc.alpuket-merah.com ip address: 10.24.10.93

FQDN: office.alpuket-merah.com ip address: 10.24.10.73

FQDN: mail.alpuket-merah.com ip address: 10.24.10.59

FQDN: nextcloud.alpuket-merah.com ip address: 10.24.10.72

Tambahkan record New Mail Exchanger (MX)…

FQDN: alpuket-merah.com FQDN of mail server: mail.alpuket-merah.com


9 January 30, 2021

{3}_ Install Network Policy and Access Services

Buka Server Manager, Add Roles, Network Policy and Access Services, Next >

Ceklis Network Policy Server, Next >


10 January 30, 2021

Proses installasi role nps sudah selesai. Close.

{4}_ Setting Network Policy Server (NPS)

Buka aplikasi Network policy Server yang ada di Administrative Tools


11 January 30, 2021

Setting port pada NPS (Local) properties, Authentication: 1812 dan Accounting: 1813

Register server in Active Directory pada NPS (Local)


12 January 30, 2021

Start NPS Service pada NPS (Local)

Tambahkan Radius Clients, New


13 January 30, 2021

Tambahkan radius client untuk windows server, Ceklis Enable this RADIUS client, masukan ip address

windows server: 10.24.10.89, Shared secret misal: 123456 , vendor name: RADIUS Standard, OK.

Tambahkan radius client untuk mikrotik, Ceklis Enable this RADIUS client, masukan ip address mikrotik:

10.24.10.74, Shared secret misal: 123456 , vendor name: RADIUS Standard, OK.


14 January 30, 2021

Tampilan RADIUS Client sesudah ditambahkan.

Tambahkan Network Policies, New.


15 January 30, 2021

Masukan policy name, misal: mikrotik hotspot, type: unspecified, Next.

Add… Conditions, pilih Windows Groups, Add…


16 January 30, 2021

Add Groups… ketik: domain , Check Names, Pilih Domain Users, OK.

Akan tampil seperti berikut jika sudah menambahkan condition: Windows Groups, Next.


17 January 30, 2021

Pilih Access granted, Next

Tambahkan EAP Type: Microsoft Protected EAP (PEAP), OK.

Ceklis Encrypted authentication (CHAP), Unencrypted authentication (PAP, SPAP), Next.


18 January 30, 2021

Akan tampil seperti berikut, pilih No.

Configure Constraints, biarkan default, Next.


19 January 30, 2021

Configure Settings, biarkan default, Next.

Penambahan Network Policy sudah selesai, Finish.


20 January 30, 2021

Pastikan urutan network policy yang barusan di buat processing order no.1 paling atas.

{5}_ Tambah Organizational Unit, Group, Users

Buka aplikasi Active Directory Users and Computers

Tambahkan Organizational Unit, New, Organizational Unit (OU).


21 January 30, 2021

Masukan nama OU misal: UserDomain , OK.

Tambahkan User, New, User, misal: First name: super , initials: sa2008 , Last name: admin , Full name:

super sa2008. admin , User logon name: sa2008 , Next. Kemudian masukan password user: P@ssw0rd!

Ceklis password never expired. Kemudian properties user yang barusan di buat, masukan email dan tittle

pada object user.


22 January 30, 2021

Tambahkan Group, New, Group, misal: super admin, tambahkan Members: super sa2008. admin ,

Member Of: harus ada Domain Users dan RAS and IAS Servers. OK.


23 January 30, 2021

Tes radius server pada windows server dengan tool: NTRadPing Test Utility

Masukan radius server: 10.24.10.89 , port: 1812

RADIUS secret key: 123456 , username: sa2008 , password:

Jika saat klik Send terdapat keterangan response: Access-Accept, maka radius server sudah berfungsi.


24 January 30, 2021

MikroTik RouterOS 6.40.1 {1}_ Setting LAN

Pastikan jaringan LAN sudah selesai di setting dan terkoneksi ke internet, misal: ip address mikrotik yang

mengarah ke arah server: 10.24.10.74 /24 , ip address mikrotik yang mengarah ke arah client dan hotspot:

192.168.56.100 /24. DNS server menggunakan ip: 10.24.10.89 (windows server 2008 r2)

{2}_ Setting Radius

Tambahkan Radius, ceklis ppp dan hotspot,

address: 10.24.10.89 (ip windows server 2008 r2 sebagai radius server)

secret: 123456 (harus sama dengan yang ada di NPS windows server 2008 r2)

Authentication port: 1812 (harus sama dengan yang ada di NPS windows server 2008 r2)

Accounting port: 1813 (harus sama dengan yang ada di NPS windows server 2008 r2)


25 January 30, 2021

{3}_ Setting Hotspot

Setting hotspot samapai selesai, dan pada bagian Server Profiles, misal:

Name: alpuket-merah

Hotspot address: 192.168.56.100 (ip mikrotik yang mengarah ke client)

DNS name: hotspot.alpuket-merah.com

Login By: HTTP PAP

RADIUS: Use RADIUS dan Accounting. OK.

{4}_ Setting VPN Server (PPTP)

Setting PPTP Server: Enable

Default Profiles: default-encryption,

Edit profiles default-ecnryption, misal: Local Address: 172.1.1.10 , Remote: Address: 172.1.1.20 , DNS

Server: 10.24.10.89 (masukan ip windows server 2008 r2). OK.


26 January 30, 2021

Ubuntu Server 18.04.5 LTS Install Zimbra Mail 8.8.15

{1}_ Setting ip address, hosts, hostname

root@doc:/home/ubuntu# nano /etc/netplan/01-netcfg.yaml

# This file describes the network interfaces available on your system

# For more information, see netplan(5).

network:

version: 2

renderer: networkd

ethernets:

enp0s3:

dhcp4: no

addresses: [10.24.10.59/24]

gateway4: 10.24.10.74

nameservers:

addresses: [10.24.10.89]

search: [alpuket-merah.com]

root@mail:/home/ubuntu# netplan apply

root@mail:/home/ubuntu# nano /etc/hosts

127.0.0.1 localhost

10.24.10.59 mail.alpuket-merah.com mail

root@mail:/home/ubuntu# nano /etc/hostname

mail.alpuket-merah.com

{2}_ Install dnsmasq

root@mail:/home/ubuntu# apt update && apt install dnsmasq -y

root@mail:/home/ubuntu# nano /etc/dnsmasq

server=10.24.10.59

domain=alpuket-merah.com

mx-host=alpuket-merah.com, mail.alpuket-merah.com, 1

listen-address=127.0.0.1

root@mail:/home/ubuntu# reboot

{3}_ Install Zimbra 8.8.15

root@mail:/home/ubuntu# wget https://files.zimbra.com/downloads/8.8.15_GA/zcs-

8.8.15_GA_3869.UBUNTU18_64.20190918004220.tgz

root@mail:/home/ubuntu# tar -xvf zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220.tgz

root@mail:/home/ubuntu# cd zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220

root@mail:/home/ubuntu/ zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220# ./install.sh

Do you agree with the terms of the software license agreement? [N] Y

Use Zimbra's package repository [Y] Y

Warning: apt-key output should not be parsed (stdout is not a terminal)

Importing Zimbra GPG key

Configuring package repository

Checking for installable packages

https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220.tgz

https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220.tgz


27 January 30, 2021

Found zimbra-core (local)

Found zimbra-ldap (local)

Found zimbra-logger (local)

Found zimbra-mta (local)

Found zimbra-dnscache (local)

Found zimbra-snmp (local)

Found zimbra-store (local)

Found zimbra-apache (local)

Found zimbra-spell (local)

Found zimbra-memcached (repo)

Found zimbra-proxy (local)

Found zimbra-drive (repo)

Found zimbra-imapd (local)

Found zimbra-patch (repo)

Found zimbra-mta-patch (repo)

Found zimbra-proxy-patch (repo)

Select the packages to install

Install zimbra-ldap [Y] Y

Install zimbra-logger [Y] Y

Install zimbra-mta [Y] Y

Install zimbra-dnscache [Y] N

Install zimbra-snmp [Y] Y

Install zimbra-store [Y] Y

Install zimbra-apache [Y] Y

Install zimbra-spell [Y] Y

Install zimbra-memcached [Y] Y

Install zimbra-proxy [Y] Y

Install zimbra-drive [Y] Y

Install zimbra-imapd (BETA - for evaluation only) [N] N

Install zimbra-chat [Y] Y

Checking required space for zimbra-core

Checking space for zimbra-store

Checking required packages for zimbra-store

zimbra-store package check complete.

Installing:

zimbra-core

zimbra-ldap

zimbra-logger

zimbra-mta

zimbra-snmp

zimbra-store

zimbra-apache

zimbra-spell


28 January 30, 2021

zimbra-memcached

zimbra-proxy

zimbra-drive

zimbra-patch

zimbra-mta-patch

zimbra-proxy-patch

zimbra-chat

The system will be modified. Continue? [N] Y

Beginning Installation - see /tmp/install.log.ftNRSHqo for details...

zimbra-core-components will be downloaded and installed.

zimbra-timezone-data will be installed.

zimbra-common-mbox-db will be installed.

zimbra-common-mbox-docs will be installed.

zimbra-common-core-jar will be installed.

zimbra-common-mbox-conf will be installed.

zimbra-common-mbox-conf-msgs will be installed.

zimbra-common-mbox-conf-attrs will be installed.

zimbra-common-mbox-native-lib will be installed.

zimbra-common-mbox-conf-rights will be installed.

zimbra-common-core-libs will be installed.

zimbra-core will be installed.

zimbra-ldap-components will be downloaded and installed.

zimbra-ldap will be installed.

zimbra-logger will be installed.

zimbra-mta-components will be downloaded and installed.

zimbra-mta will be installed.

zimbra-snmp-components will be downloaded and installed.

zimbra-snmp will be installed.

zimbra-store-components will be downloaded and installed.

zimbra-jetty-distribution will be downloaded and installed.

zimbra-mbox-war will be installed.

zimbra-mbox-conf will be installed.

zimbra-mbox-service will be installed.

zimbra-mbox-webclient-war will be installed.

zimbra-mbox-store-libs will be installed.

zimbra-mbox-admin-console-war will be installed.

zimbra-store will be installed.

zimbra-apache-components will be downloaded and installed.

zimbra-apache will be installed.

zimbra-spell-components will be downloaded and installed.

zimbra-spell will be installed.

zimbra-memcached will be downloaded and installed.

zimbra-proxy-components will be downloaded and installed.

zimbra-proxy will be installed.

zimbra-drive will be downloaded and installed (later).

zimbra-patch will be downloaded and installed (later).


29 January 30, 2021

zimbra-mta-patch will be downloaded and installed (later).

zimbra-proxy-patch will be downloaded and installed (later).

zimbra-chat will be downloaded and installed (later).

Downloading packages (10):

zimbra-core-components

zimbra-ldap-components

zimbra-mta-components

zimbra-snmp-components

zimbra-store-components

zimbra-jetty-distribution

zimbra-apache-components

zimbra-spell-components

zimbra-memcached

zimbra-proxy-components

...done

Removing /opt/zimbra

Removing zimbra crontab entry...done.

Cleaning up zimbra init scripts...done.

Cleaning up /etc/security/limits.conf...done.

Finished removing Zimbra Collaboration Server.

Installing repo packages (10):

zimbra-core-components

zimbra-ldap-components

zimbra-mta-components

zimbra-snmp-components

zimbra-store-components

zimbra-jetty-distribution

zimbra-apache-components

zimbra-spell-components

zimbra-memcached

zimbra-proxy-components

...done

Installing local packages (25):

zimbra-timezone-data

zimbra-common-mbox-db

zimbra-common-mbox-docs

zimbra-common-core-jar

zimbra-common-mbox-conf

zimbra-common-mbox-conf-msgs

zimbra-common-mbox-conf-attrs

zimbra-common-mbox-native-lib

zimbra-common-mbox-conf-rights

zimbra-common-core-libs

zimbra-core


30 January 30, 2021

zimbra-ldap

zimbra-logger

zimbra-mta

zimbra-snmp

zimbra-mbox-war

zimbra-mbox-conf

zimbra-mbox-service

zimbra-mbox-webclient-war

zimbra-mbox-store-libs

zimbra-mbox-admin-console-war

zimbra-store

zimbra-apache

zimbra-spell

zimbra-proxy

...done

Installing extra packages (5):

zimbra-drive

zimbra-patch

zimbra-mta-patch

zimbra-proxy-patch

zimbra-chat

...done

Running Post Installation Configuration:

Operations logged to /tmp/zmsetup.20210125-135759.log

Installing LDAP configuration database...done.

Setting defaults...

DNS ERROR resolving MX for mail.alpuket-merah.com

It is suggested that the domain name have an MX record configured in DNS

Re-Enter domain name? [Yes]

Create domain: [mail.alpuket-merah.com] alpuket-merah.com

MX: mail.alpuket-merah.com (10.24.10.59)

Interface: 127.0.0.1

Interface: ::1

Interface: 10.24.10.59

done.

Checking for port conflicts

Main menu

1) Common Configuration:

2) zimbra-ldap: Enabled

3) zimbra-logger: Enabled

4) zimbra-mta: Enabled

5) zimbra-snmp: Enabled

6) zimbra-store: Enabled

+Create Admin User: yes


31 January 30, 2021

+Admin user to create: [email protected]

******* +Admin Password UNSET

+Anti-virus quarantine user: [email protected]

+Enable automated spam training: yes

+Spam training user: [email protected]

+Non-spam(Ham) training user: [email protected]

+SMTP host: mail.alpuket-merah.com

+Web server HTTP port: 8080

+Web server HTTPS port: 8443

+Web server mode: https

+IMAP server port: 7143

+IMAP server SSL port: 7993

+POP server port: 7110

+POP server SSL port: 7995

+Use spell check server: yes

+Spell server URL: http://mail.alpuket-merah.com:7780/aspell.php

+Enable version update checks: TRUE

+Enable version update notifications: TRUE

+Version update notification email: [email protected]

+Version update source email: [email protected]

+Install mailstore (service webapp): yes

+Install UI (zimbra,zimbraAdmin webapps): yes

7) zimbra-spell: Enabled

8) zimbra-proxy: Enabled

9) Default Class of Service Configuration:

s) Save config to file

x) Expand menu

q) Quit

Address unconfigured (**) items (? - help) 6

Store configuration

1) Status: Enabled

2) Create Admin User: yes

3) Admin user to create: [email protected]

** 4) Admin Password UNSET

5) Anti-virus quarantine user: [email protected]

6) Enable automated spam training: yes

7) Spam training user: [email protected]

8) Non-spam(Ham) training user: [email protected]

9) SMTP host: mail.alpuket-merah.com

10) Web server HTTP port: 8080

11) Web server HTTPS port: 8443

12) Web server mode: https

13) IMAP server port: 7143

14) IMAP server SSL port: 7993

15) POP server port: 7110

16) POP server SSL port: 7995


32 January 30, 2021

17) Use spell check server: yes

18) Spell server URL: http://mail.alpuket-merah.com:7780/aspell.php

19) Enable version update checks: TRUE

20) Enable version update notifications: TRUE

21) Version update notification email: [email protected]

22) Version update source email: [email protected]

23) Install mailstore (service webapp): yes

24) Install UI (zimbra,zimbraAdmin webapps): yes

Select, or 'r' for previous menu [r] 4

Password for [email protected] (min 6 characters): [DRy4QxUxx] P@ssw0rd!

Store configuration

1) Status: Enabled

2) Create Admin User: yes

3) Admin user to create: [email protected]

4) Admin Password set

5) Anti-virus quarantine user: [email protected]

6) Enable automated spam training: yes

7) Spam training user: [email protected]

8) Non-spam(Ham) training user: [email protected]

9) SMTP host: mail.alpuket-merah.com

10) Web server HTTP port: 8080

11) Web server HTTPS port: 8443

12) Web server mode: https

13) IMAP server port: 7143

14) IMAP server SSL port: 7993

15) POP server port: 7110

16) POP server SSL port: 7995

17) Use spell check server: yes

18) Spell server URL: http://mail.alpuket-merah.com:7780/aspell.php

19) Enable version update checks: TRUE

20) Enable version update notifications: TRUE

21) Version update notification email: [email protected]

22) Version update source email: [email protected]

23) Install mailstore (service webapp): yes

24) Install UI (zimbra,zimbraAdmin webapps): yes

Select, or 'r' for previous menu [r] r

Main menu

1) Common Configuration:

2) zimbra-ldap: Enabled

3) zimbra-logger: Enabled

4) zimbra-mta: Enabled

5) zimbra-snmp: Enabled

6) zimbra-store: Enabled

7) zimbra-spell: Enabled

8) zimbra-proxy: Enabled

9) Default Class of Service Configuration:


33 January 30, 2021

s) Save config to file

x) Expand menu

q) Quit

*** CONFIGURATION COMPLETE - press 'a' to apply

Select from menu, or press 'a' to apply config (? - help) a

Save configuration data to a file? [Yes] Yes

Save config in file: [/opt/zimbra/config.13910]

Saving config in /opt/zimbra/config.13910...done.

The system will be modified - continue? [No] Yes

Operations logged to /tmp/zmsetup.20210125-135759.log

Setting local config values...done.

Initializing core config...Setting up CA...done.

Deploying CA to /opt/zimbra/conf/ca ...done.

Creating SSL zimbra-store certificate...done.

Creating new zimbra-ldap SSL certificate...done.

Creating new zimbra-mta SSL certificate...done.

Creating new zimbra-proxy SSL certificate...done.

Installing mailboxd SSL certificates...done.

Installing MTA SSL certificates...done.

Installing LDAP SSL certificate...done.

Installing Proxy SSL certificate...done.

Initializing ldap...done.

Setting replication password...done.

Setting Postfix password...done.

Setting amavis password...done.

Setting nginx password...done.

Setting BES searcher password...done.

Creating server entry for mail.alpuket-merah.com...done.

Setting Zimbra IP Mode...done.

Saving CA in ldap...done.

Saving SSL Certificate in ldap...done.

Setting spell check URL...done.

Setting service ports on mail.alpuket-merah.com...done.

Setting zimbraFeatureTasksEnabled=TRUE...done.

Setting zimbraFeatureBriefcasesEnabled=TRUE...done.

Checking current setting of zimbraReverseProxyAvailableLookupTargets

Querying LDAP for other mailstores

Searching LDAP for reverseProxyLookupTargets...done.

Adding mail.alpuket-merah.com to zimbraReverseProxyAvailableLookupTargets

Updating zimbraLDAPSchemaVersion to version '1557224584'

Setting TimeZone Preference...done.

Disabling strict server name enforcement on mail.alpuket-merah.com...done.

Initializing mta config...done.

Setting services on mail.alpuket-merah.com...done.

Adding mail.alpuket-merah.com to zimbraMailHostPool in default COS...done.

Creating domain alpuket-merah.com...done.

Setting default domain name...done.


34 January 30, 2021

Creating domain alpuket-merah.com...already exists.

Creating admin account [email protected].

Creating root alias...done.

Creating postmaster alias...done.

Creating user [email protected].



Setting spam training and Anti-virus quarantine accounts...done.

Initializing store sql database...done.

Setting zimbraSmtpHostname for mail.alpuket-merah.com...done.

Configuring SNMP...done.

Setting up syslog.conf...done.

Starting servers...done.

Installing common zimlets...

com_zimbra_attachcontacts...done.

com_zimbra_ymemoticons...done.

com_zimbra_tooltip...done.

com_zimbra_date...done.

com_zextras_chat_open...done.

com_zimbra_proxy_config...done.

com_zimbra_email...done.

com_zimbra_mailarchive...done.

com_zextras_drive_open...done.

com_zimbra_url...done.

com_zimbra_viewmail...done.

com_zimbra_webex...done.

com_zimbra_bulkprovision...done.

com_zimbra_phone...done.

com_zimbra_clientuploader...done.

com_zimbra_cert_manager...done.

com_zimbra_srchhighlighter...done.

com_zimbra_adminversioncheck...done.

com_zimbra_attachmail...done.

Finished installing common zimlets.

Restarting mailboxd...done.

Creating galsync account for default domain...done.

You have the option of notifying Zimbra of your installation.

This helps us to track the uptake of the Zimbra Collaboration Server.

The only information that will be transmitted is:

The VERSION of zcs installed (8.8.15_GA_3869_UBUNTU18_64)

The ADMIN EMAIL ADDRESS created ([email protected])

Notify Zimbra of your installation? [Yes] Yes

Notifying Zimbra of installation via http://www.zimbra.com/cgi-

bin/notify.cgi?VER=8.8.15_GA_3869_UBUNTU18_64&[email protected]

Notification complete


35 January 30, 2021

Checking if the NG started running...done.

Setting up zimbra crontab...done.

Moving /tmp/zmsetup.20210125-135759.log to /opt/zimbra/log

Configuration complete - press return to exit

root@mail:/home/ubuntu/zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220# su - zimbra

zimbra@mail:~$ zmcontrol status

Host mail.alpuket-merah.com

amavis Running

antispam Running

antivirus Running

ldap Running

logger Running

mailbox Running

memcached Running

mta Running

opendkim Running

proxy Running

service webapp Running

snmp Running

spell Running

stats Running

zimbra webapp Running

zimbraAdmin webappRunning

zimlet webapp Running

zmconfigd Running

zimbra@mail:~$ exit

{4}_ Setting Active Directory Authentication dan Create User

Login ke web admin zimbra dengan port 7071, sesuaikan dengan ip address jaringan / domain yang sudah

dibuat di active directory, misal: https://mail.alpuket-merah.com:7071

Masukan user admin zimbra: [email protected] dan password: P@ssw0rd!

Tampilan web admin zimbra.

https://mail.alpuket-merah.com:7071/

mailto:[email protected]


36 January 30, 2021

Masuk menu Configure, Domains, Pilih domain alpuket-merah.com, Configure Authentication.

Pilih External Active Directory

AD domain name: alpuket-merah.com , AD Server name: 10.24.10.89 , port: 3268


37 January 30, 2021

Masukan username active directory yang sudah di buat di windows server 2008 r2: sa2008 , password:

Jika saat Test muncul keterangan Authentication test succeded, maka zimbra sudah berhasil terkoneksi

dengan active directory yang ada pada windwos server 2008 r2. Nexts ampai Finish.

Create user, dari web admin zimbra, masuk menu Manage, Accounts, New.

Harus diperhatikan sebelum membuat user, pada isian account name harus sama dengan user logon

name yang ada pada user active directory. Misal: sa2008 . Finish.


38 January 30, 2021

Login ke web user zimbra dengan alamat: https://mail.alpuket-merah.com , masukan username dan

password user.

Tampilan inbox

https://mail.alpuket-merah.com/


39 January 30, 2021

Ubuntu 20.04.1 LTS Install OnlyOffice Documents v6.1


root@doc:/home/ubuntu# nano /etc/netplan/01-netcfg.yaml



network:

version: 2

renderer: networkd

ethernets:

enp0s3:

dhcp4: no

addresses: [10.24.10.93/24]

gateway4: 10.24.10.1

nameservers:

addresses: [10.24.10.89]


root@doc:/home/ubuntu# netplan apply

root@doc:/home/ubuntu# nano /etc/hosts

127.0.0.1 localhost

10.24.10.93 doc.alpuket-merah.com doc

10.24.10.73 office.alpuket-merah.com office

root@doc:/home/ubuntu# nano /etc/hostname

doc.alpuket-merah.com

{2}_ Install PostgresSQL

root@doc:/home/ubuntu# apt-get install postgresql

The created database must have onlyoffice both for user and password root@doc:/home/ubuntu# sudo -i -u postgres psql -c "CREATE DATABASE onlyoffice;"

root@doc:/home/ubuntu# sudo -i -u postgres psql -c "CREATE USER onlyoffice WITH password

'onlyoffice';"

root@doc:/home/ubuntu# sudo -i -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO

onlyoffice;"

{3}_ Install rabbitmq dan nginx-extras

root@doc:/home/ubuntu# apt install rabbitmq-server -y

root@doc:/home/ubuntu# apt install nginx-extras

{4}_ Change default port onlyoffice docs to 80

root@doc:/home/ubuntu# echo onlyoffice-documentserver onlyoffice/ds-port select 80 | sudo debconf-

set-selections

{5}_ Install OnlyOffice Docs

root@doc:/home/ubuntu# sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys

CB2DE8E5

root@doc:/home/ubuntu# sudo echo "deb https://download.onlyoffice.com/repo/debian squeeze

main" | sudo tee /etc/apt/sources.list.d/onlyoffice.list

root@doc:/home/ubuntu# apt update && apt install ttf-mscorefonts-installer -y

root@doc:/home/ubuntu# apt install onlyoffice-documentserver -y

Tunggu hingga installasi selesai…


40 January 30, 2021

Ubuntu 20.04.1 LTS Install OnlyOffice Groups v11.0


root@office:/home/ubuntu# nano /etc/netplan/01-netcfg.yaml



network:

version: 2

renderer: networkd

ethernets:

enp0s3:

dhcp4: no

addresses: [10.24.10.73/24]

gateway4: 10.24.10.1

nameservers:

addresses: [10.24.10.89]


root@office:/home/ubuntu# netplan apply

root@office:/home/ubuntu# nano /etc/hosts

127.0.0.1 localhost

10.24.10.93 doc.alpuket-merah.com doc

10.24.10.73 office.alpuket-merah.com office

root@office:/home/ubuntu# nano /etc/hostname

office.alpuket-merah.com

{2}_ Download installation script file

root@office:/home/ubuntu# wget https://download.onlyoffice.com/install/install-Debian.sh

{3}_ Install onlyoffice groups

root@office:/home/ubuntu# bash install-Debian.sh -it GROUPS

Tunggu hingga installasi selesai…

{4}_ Welcome page onlyoffice portal

Create password admin onlyoffice: P@ssw0rd!

Masukan email admin: [email protected]

https://download.onlyoffice.com/install/install-Debian.sh


41 January 30, 2021

{5}_ Administrator Dashboard OnlyOffice

{6}_ Setting Active Directory Authentication

Masuk Control Panel, LDAP, Enable LDAP Authentication,

Server: LDAP://10.24.10.89

Port number: 389

User DN: DC=alpuket-merah,DC=com

Login Attribute: sAMAccountName

User Filter: (userPrincipalName=*)


42 January 30, 2021

Attribute Mapping, Add Attribute

Profile Photo : JpegPhoto

Enable: Group Membership

Group DN: DC=alpuket-merah,DC=com

User Attribute: distinguishedName

Group Name Attribute: cn

Group Filter: (objectClass=group)

Group Member Attribute: member


43 January 30, 2021

Enable: Authentication

Login: [email protected]

Password: P@ssw0rd!

Ceklis: Send Welcome Letter

Save

Enable: Auto Sync , Sync

{7}_ Integration Document Service

Document Editing Service Address: http://doc.alpuket-merah.com

Document Service Address: http://doc.alpuket-merah.com

Community Server Address: http://office.alpuket-merah.com


http://doc.alpuket-merah.com/

http://doc.alpuket-merah.com/

http://office.alpuket-merah.com/


44 January 30, 2021

{8}_ Integration SMTP Settings

Host: mail.alpuket-merah.com

Port: 465

Ceklis: Authentication

Host Login: [email protected]

Host Password: P@ssw0rd!

Sender Display name: [BOT] OnlyOffice Postman

Sender Email Address: [email protected]

Ceklis: Enable SSL

Save, Send Test Mail.

{9}_ Tes login dengan user active directory

Username: [email protected]

Password: P@ssw0rd!

Ceklis: Sign in to: alpuket-merah.com





45 January 30, 2021

Dasboard User

{10}_ Setting Mail Zimbra Connect to OnlyOffice

Masuk Mail, Settings, Account Management, +Set up the first account

Email: [email protected]

Receive mail

POP Server: mail.alpuket-merah.com

Port POP: 995 , Authentication type: Simple Password


Password email: P@ssw0rd!

Encryption for POP Server: SSL

Send mail

SMTP Server: mail.alpuket-merah.com

Port SMTP: 465 , Authentication type: Simple Password


Password email: P@ssw0rd!

Encryption for SMTP Server: SSL





46 January 30, 2021

Tampilan jika user onlyoffice sudah terkoneksi dengan mail zimbra maka akan terlihat list mail pada inbox.

{11}_ Setting Documents Connect to Nextcloud file server

Masuk Documents, Setting, Connected clouds, +Connect

Connection url: http://nextcloud.alpuket-merah.com/remote.php* (url bisa dilihat di nextcloud)

Login: [email protected] (user active directory, dengan catatan: nextcloud sudah terintegrasi

dengan active directory)

Password:

Folder title: Nextcloud Directory

http://nextcloud.alpuket-merah.com/remote.php*



47 January 30, 2021

url WebDav pada nextcloud untuk mengintegrasikan dengan onlyoffice.

Tampilan Onlyoffice jika sudah terhubung dengan Nextcloud file server.


48 January 30, 2021

{12}_ Mengkoneksikan OnlyOffice Desktop Editor dengan server onlyoffice

Download OnlyOffice Desktop Editor:

https://download.onlyoffice.com/install/desktop/editors/windows/distrib/onlyoffice/DesktopEditors_x

86.exe?_ga=2.42085155.764533964.1595236576-1157782750.1587541027

Connect to cloud, pilih OnlyOffice, masukan alamat server only office: http://office.alpuket-merah.com,

Connect now.

Login dengan user active directory

Onlyoffice desktop editor sudah terkoneksi dengan onlyoffice server

http://office.alpuket-merah.com/


49 January 30, 2021

Ubuntu 16.04.7 LTS Install Nextcloud

{1}_ Setting ip address, hosts, hostname root@cloud:/home/ubuntu# nano /etc/network/interfaces

source /etc/network/interfaces.d/*

# The loopback network interface

auto lo

iface lo inet loopback

# The primary network interface

auto enp0s3

iface enp0s3 inet static

address 10.24.10.72

netmask 255.255.255.0

network 10.24.10.0

broadcast 10.24.10.255

gateway 10.24.10.1

dns-nameservers 10.24.10.89

search alpuket-merah.com

root@cloud:/home/ubuntu# /etc/init.d/networking restart

root@cloud:/home/ubuntu# nano /etc/hosts

127.0.0.1 localhost

10.24.10.72 nextcloud.alpuket-merah.com nextcloud

root@cloud:/home/ubuntu# nano /etc/hostname

cloud.alpuket-merah.com

{2}_ Install Apache2 root@cloud:/home/ubuntu# apt update && apt install apache2 -y

root@cloud:/home/ubuntu# systemctl stop apache2.service

root@cloud:/home/ubuntu# systemctl start apache2.service

root@cloud:/home/ubuntu# systemctl enable apache2.service

{3}_ Install mariadb

root@cloud:/home/ubuntu# apt install mariadb-server mariadb-client -y

root@cloud:/home/ubuntu# systemctl stop mysql.service

root@cloud:/home/ubuntu# systemctl start mysql.service

root@cloud:/home/ubuntu# systemctl enable mysql.service

root@cloud:/home/ubuntu# mysql_secure_installation

{4}_ Install PHP7.2

root@cloud:/home/ubuntu# apt install software-properties-common -y

root@cloud:/home/ubuntu# add-apt-repository ppa:ondrej/php && sudo apt update

root@cloud:/home/ubuntu# apt install php7.2 libapache2-mod-php7.2 php7.2-common php7.2-curl

php7.2-mbstring php7.2-xmlrpc php7.2-mysql php7.2-gd php7.2-xml php7.2-intl php7.2-ldap php7.2-

imagick php7.2-json php7.2-cli php7.2-zip php7.2-gd unzip -y

root@cloud:/home/ubuntu# nano /etc/php/7.2/apache2/php.ini

file_uploads = On

allow_url_fopen = On


50 January 30, 2021

short_open_tag = On

memory_limit = 256M

upload_max_filesize = 100M

max_execution_time = 360

date.timezone = Asia/Jakarta

root@cloud:/home/ubuntu# systemctl restart apache2.service

{5}_ Create Database

root@cloud:/home/ubuntu# mysql -u root -p

MariaDB [(none)]> CREATE DATABASE nextcloud;

MariaDB [(none)]> CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';

MariaDB [(none)]> GRANT ALL ON nextcloud.* TO 'user'@'localhost' IDENTIFIED BY 'password' WITH

GRANT OPTION;

MariaDB [(none)]> FLUSH PRIVILEGES;

MariaDB [(none)]> EXIT;

{6}_ Download Nextcloud 20.0.6

root@cloud:/home/ubuntu# wget https://download.nextcloud.com/server/releases/nextcloud-

20.0.6.zip

root@cloud:/home/ubuntu# unzip nextcloud-20.0.6.zip

root@cloud:/home/ubuntu# mv nextcloud /var/www/html/nextcloud

root@cloud:/home/ubuntu# chown -R www-data:www-data /var/www/html/nextcloud/

root@cloud:/home/ubuntu# chmod 755 /var/www/html/nextcloud/

{7}_ Create Virtual host

root@cloud:/home/ubuntu# nano /etc/apache2/sites-available/nextcloud.alpuket-merah.com.conf

<VirtualHost *:80>

ServerAdmin [email protected]

DocumentRoot /var/www/html/nextcloud

ServerName nextcloud.alpuket-merah.com

<Directory /var/www/html/nextcloud/>

Options FollowSymlinks

AllowOverride All

Require all granted

</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

root@cloud:/home/ubuntu# a2ensite nextcloud.alpuket-merah.com.conf

root@cloud:/home/ubuntu# systemctl reload apache2.service

{8}_ Install Nextcloud dari komputer client, akses: nextcloud.alpuket-merah.com

Create user: admin

Password admin:

User database: user

Password database: password

Nama database: nextcloud

Lokasi database: localhost


51 January 30, 2021

Ceklis Install recommended apps, Finis setup

Proses installasi


52 January 30, 2021

Tampilan dashboard nextcloud

{9}_ Setting LDAP

Enable module LDAP user and group backend di menu apps.

LDAP / AD integration

Server: alpuket-merah.com port: 389

User active directory: cn=super sa2008. admin,ou=UserDomain,dc=alpuket-merah,dc=com

Password user:

Base DN: dc=alpuket-merah,=dc=com

Test Base DN, jika sukses maka akan tampil Configuration OK , Continue.


53 January 30, 2021

Cara mengetahui rumus user active directory dengan tool: Active Directory Explorer

Pilih user sa2008, pada distinguihedName, akan terlihat

cn=super sa2008. admin,ou=UserDomain,dc=alpuket-merah,dc=com

Pada tab Users, pastikan Only these object classes: person

Jika di verify setting and count user, maka akan terlihat 8 users found yang ada pada active directory


54 January 30, 2021

Pada tab Login Attributes, ceklis LDAP / AD Username dan LDAP / AD Email Address.

Pastika attribute yang ada pada user active directory bagian Email di isi di sesuaikan dengan email yang

sudah terdaftar di zimbra.

Pada tab Groups, pilih UserGroup pada Only from these groups. Jika di verify maka akan muncul 1 group

found. Selesai.

Akan terlihat list user yang sudah terkoneksi dengan active directory.


55 January 30, 2021

{10}_ Mengkoneksikan Nextcloud Desktop dengan Nextcloud server

Download Nextcloud for Desktop:

https://github.com/nextcloud/desktop/releases/download/v3.1.1/Nextcloud-3.1.1-x64.msi

Masukan server address: http://nextcloud.alpuket-merah.com

Login to your Nextcloud, masukan username dan password, Log in, Grant access.

Account sudah terkoneksi, Cek di File Explorer.

https://github.com/nextcloud/desktop/releases/download/v3.1.1/Nextcloud-3.1.1-x64.msi


56 January 30, 2021

{11}_ Mengkoneksikan Nextcloud Mobile android dengan nextcloud server

Download aplikasi nextcloud dari play store android.

Masukan server address: http://nextcloud.alpuket-merah.com

Masukan user dan password, Grant access. Berhasil login ke nextcloud server.

http://nextcloud.alpuket-merah.com/


57 January 30, 2021

Windows 7 SP1 {1}_ Tes login hotspot dari komputer client menggunakan user active directory

Akses url: hotspot.alpuket-merah.com

User: sa2008

Password: P@ssw0rd!

(Catatan: untuk username bisa menggunakan format seperti berikut)

{2}_ Tes login vpn dari komputer client menggunakan user active directory

Create VPN client, username: [email protected], server: 192.168.56.100, Data encryption:

Require encryption. Ceklis: Microsoft CHAP Version 2 (MS-CHAP v2).



58 January 30, 2021

REFERENSI • Tutorial MikroTik

https://gerakanopensource.wordpress.com/2016/01/03/konfigurasi-router-mikrotik-interface-ip-

address-ip-route-ip-dns-ip-dhcp-server-ip-firewall-nat-ip-firewall-mangle-hotspot-server-radius-

server-manajemen-bandwidth-queue-tree/

• Template Login MikroTik

https://gerakanopensource.wordpress.com/2019/01/11/template-login-hotspot-mikrotik-

responsive-bootstrap-design-premium/

• Tutorial Zimbra

https://gerakanopensource.wordpress.com/2016/01/20/install-zimbra-mail-server-di-ubuntu-14-

04/

• Onlyoffice Docs

https://helpcenter.onlyoffice.com/installation/docs-community-install-ubuntu.aspx

• Onlyoffice Groups

https://helpcenter.onlyoffice.com/installation/groups-install-ubuntu.aspx

• NextCloud

https://nextcloud.com/install/#instructions-server

• Zimbra

https://www.zimbra.com/try/zimbra-collaboration-open-source/

• Tutorial OnlyOffice

https://gerakanopensource.wordpress.com/2016/07/19/membangun-web-office-menggunakan-

aplikasi-onlyoffice-berbasis-cloud-lengkap/

•