Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- 334
- 335
- 336
- 337
- 338
- 339
- 340
- 341
- 342
- 343
- 344
- 345
- 346
- 347
- 348
- 349
- 350
- 351
- 352
- 353
- 354
- 355
- 356
- 357
- 358
- 359
- 360
- 361
- 362
- 363
- 364
- 365
- 366
- 367
- 368
- 369
- 370
- 371
- 372
- 373
- 374
- 375
- 376
- 377
- 378
- 379
- 380
- 381
- 382
- 383
- 384
- 385
- 386
- 387
- 388
- 389
- 390
- 391
- 392
- 393
- 394
- 395
- 396
- 397
- 398
- 399
- 400
- 401
- 402
- 403
- 404
- 405
- 406
- 407
- 408
- 409
- 410
- 411
- 412
- 413
- 414
- 415
- 416
- 417
- 418
- 419
- 420
- 421
- 422
- 423
- 424
- 425
- 426
- 427
- 428
- 429
- 430
- 431
- 432
- 433
- 434
- 435
- 436
- 437
- 438
- 439
- 440
- 441
- 442
- 443
- 444
- 445
- 446
- 447
- 448
- 449
- 450
- 451
- 452
- 453
- 454
- 455
- 456
- 457
- 458
- 459
- 460
- 461
- 462
- 463
- 464
- 465
- 466
- 467
- 468
- 469
- 470
- 471
- 472
- 473
- 474
- 475
- 476
- 477
- 478
- 479
- 480
- 481
- 482
- 483
- 484
- 485
- 486
- 487
- 488
- 489
- 490
- 491
- 492
- 493
- 494
- 495
- 496
- 497
- 498
- 499
- 500
- 501
- 502
- 503
- 504
- 505
- 506
- 507
- 508
- 509
- 510
- 511
- 512
- 513
- 514
- 515
- 516
- 517
- 518
- 519
- 520
- 521
- 522
- 523
- 524
- 525
- 526
- 527
- 528
- 529
- 530
- 531
- 532
- 533
- 534
- 535
- 536
- 537
- 538
- 539
- 540
- 541
- 542
- 543
- 544
- 545
- 546
- 547
- 548
- 549
- 550
- 551
- 552
- 553
- 554
- 555
- 556
- 557
- 558
- 559
- 560
- 561
- 562
- 563
- 564
- 565
- 566
- 567
- 568
- 569
- 570
- 571
- 572
- 573
- 574
- 575
- 576
- 577
- 578
- 579
- 580
- 581
- 582
- 583
- 584
- 585
- 586
- 587
- 588
- 589
- 590
- 591
- 592
- 593
- 594
- 595
- 596
- 597
- 598
- 599
- 600
- 601
- 602
- 603
- 604
- 605
- 606
- 607
- 608
- 609
- 610
- 611
- 612
- 613
- 614
- 615
- 616
- 617
- 618
- 619
- 620
- 621
- 622
- 623
- 624
- 625
- 626
- 627
- 628
- 629
- 630
- 631
- 632
- 633
- 634
- 635
- 636
- 637
- 638
- 639
- 640
- 641
- 642
- 643
- 644
- 645
- 646
- 647
- 648
- 649
- 650
- 651
- 652
- 653
- 654
- 655
- 656
- 657
- 658
- 659
- 660
- 661
- 662
- 663
- 664
- 665
- 666
- 667
- 668
- 669
- 670
- 671
- 672
- 673
- 674
- 675
- 676
- 677
- 678
- 679
- 680
- 681
- 682
- 683
- 684
- 685
- 686
- 687
- 688
- 689
- 690
- 691
- 692
- 693
- 694
- 695
- 696
- 697
- 698
- 699
- 700
- 701
- 702
- 703
- 704
- 705
- 706
- 707
- 708
- 709
- 710
- 711
- 712
- 713
- 714
- 715
- 716
- 717
- 718
- 719
- 720
- 721
- 722
- 723
- 724
- 725
- 726
- 727
- 728
- 729
- 730
- 731
- 732
- 733
- 734
- 735
- 736
- 737
- 738
- 739
- 740
- 741
- 742
- 743
- 744
- 745
- 746
- 747
- 748
- 749
- 750
- 751
- 752
- 753
- 754
- 755
- 756
- 757
- 758
- 759
- 760
- 761
- 762
- 763
- 764
- 765
- 766
- 767
- 768
- 769
- 770
- 771
- 772
- 773
- 774
- 775
- 776
- 777
- 778
- 779
- 780
- 781
- 782
- 783
- 784
- 785
- 786
- 787
- 788
- 789
- 790
- 791
- 792
- 793
- 794
- 795
- 796
- 797
- 798
- 799
- 800
- 801
- 802
- 803
- 804
- 805
- 806
- 807
- 808
- 809
- 810
- 811
- 812
- 813
- 814
- 815
- 816
- 817
- 818
- 819
- 820
- 821
- 822
- 823
- 824
- 825
- 826
- 827
- 828
- 829
- 830
- 831
- 832
- 833
- 834
- 835
- 836
- 837
- 838
- 839
- 840
- 841
- 842
- 843
- 844
- 845
- 846
- 847
- 848
- 849
- 850
- 851
- 852
- 853
- 854
- 855
- 856
- 857
- 858
- 859
- 860
- 861
- 862
- 863
- 864
- 865
- 866
- 867
- 868
- 869
- 870
- 871
- 872
- 873
- 874
- 875
- 876
- 877
- 878
- 879
- 880
- 881
- 882
- 883
- 884
- 885
- 886
- 887
- 888
- 889
- 890
- 891
- 892
- 893
- 894
- 895
- 896
- 897
- 898
- 899
- 900
- 901
- 902
- 903
- 904
- 905
- 906
- 907
- 908
- 909
- 910
- 911
- 912
- 913
- 914
- 915
- 916
- 917
- 918
- 919
- 920
- 921
- 922
- 923
- 924
- 925
- 926
- 927
- 928
- 929
- 930
- 931
- 932
- 933
- 934
- 935
- 936
- 937
- 938
- 939
- 940
- 941
- 942
- 943
- 944
- 945
- 946
- 947
- 948
- 949
- 950
- 951
- 952
- 953
- 954
- 955
- 956
- 957
- 958
- 959
- 960
- 961
- 962
- 963
- 964
- 965
- 966
- 967
- 968
- 969
- 970
- 971
- 972
- 973
- 974
- 975
- 976
- 977
- 978
- 979
- 980
- 981
- 982
- 983
- 984
- 985
- 986
- 987
- 988
- 989
- 990
- 991
- 992
- 993
- 994
- 995
- 996
- 997
- 998
- 999
- 1000
- 1001
- 1002
- 1003
- 1004
- 1005
- 1006
- 1007
- 1008
- 1009
- 1010
- 1011
- 1012
- 1013
- 1014
- 1015
- 1016
- 1017
- 1018
- 1019
- 1020
- 1021
- 1022
- 1023
- 1024
- 1025
- 1026
- 1027
- 1028
- 1029
- 1030
- 1031
- 1032
- 1033
- 1034
- 1035
- 1036
- 1037
- 1038
- 1039
- 1040
- 1041
- 1042
- 1043
- 1044
- 1045
- 1046
- 1047
- 1048
- 1049
- 1050
- 1051
- 1052
- 1053
- 1054
- 1055
- 1056
- 1057
- 1058
- 1059
- 1060
- 1061
- 1062
- 1063
- 1064
- 1065
- 1066
- 1067
- 1068
- 1069
- 1070
- 1071
- 1072
- 1073
- 1074
- 1075
- 1076
- 1077
- 1078
- 1079
- 1080
- 1081
- 1082
- 1083
- 1084
- 1085
- 1086
- 1087
- 1088
- 1089
- 1090
- 1091
- 1092
- 1093
- 1094
- 1095
- 1096
- 1097
- 1098
- 1099
- 1100
- 1101
- 1102
- 1103
- 1104
- 1105
- 1106
- 1107
- 1108
- 1109
- 1110
- 1111
- 1112
- 1113
- 1114
- 1115
- 1116
- 1117
- 1118
- 1119
- 1120
- 1121
- 1122
- 1123
- 1124
- 1125
- 1126
- 1127
- 1128
- 1129
- 1130
- 1131
- 1132
- 1133
- 1134
- 1135
- 1136
- 1137
- 1138
- 1139
- 1140
- 1141
- 1142
- 1143
- 1144
- 1145
- 1146
- 1147
- 1148
- 1149
- 1150
- 1151
- 1152
- 1153
- 1154
- 1155
- 1156
- 1157
- 1158
- 1159
- 1160
- 1161
- 1162
- 1163
- 1164
- 1165
- 1166
- 1167
- 1168
- 1169
- 1170
- 1171
- 1172
- 1173
- 1174
- 1175
- 1176
- 1177
- 1178
- 1179
- 1180
- 1181
- 1182
- 1183
- 1184
- 1185
- 1186
- 1187
- 1188
- 1189
- 1190
- 1191
- 1192
- 1193
- 1194
- 1195
- 1196
- 1197
- 1198
- 1199
- 1200
- 1201
- 1202
- 1203
- 1204
- 1205
- 1206
- 1207
- 1208
- 1209
- 1210
- 1211
- 1212
- 1213
- 1214
- 1215
- 1216
- 1217
- 1218
- 1219
- 1220
- 1221
- 1222
- 1223
- 1224
- 1225
- 1226
- 1227
- 1228
- 1229
- 1230
- 1231
- 1232
- 1233
- 1234
- 1235
- 1236
- 1237
- 1238
- 1239
- 1240
- 1241
- 1242
- 1243
- 1244
- 1245
- 1246
- 1247
- 1248
- 1249
- 1250
- 1251
- 1252
- 1253
- 1254
- 1255
- 1256
- 1257
- 1258
- 1259
- 1260
- 1261
- 1262
- 1263
- 1264
- 1265
- 1266
- 1267
- 1268
- 1269
- 1270
- 1271
- 1272
- 1273
- 1274
- 1275
- 1276
- 1277
- 1278
- 1279
- 1280
- 1281
- 1282
- 1283
- 1284
- 1285
- 1286
- 1287
- 1288
- 1289
- 1290
- 1291
- 1292
- 1293
- 1294
- 1295
- 1296
- 1297
- 1298
- 1299
- 1300
- 1301
- 1302
- 1303
- 1304
- 1305
- 1306
- 1307
- 1308
- 1309
- 1310
- 1311
- 1312
- 1313
- 1314
- 1315
- 1316
- 1317
- 1318
- 1319
- 1320
- 1321
- 1322
- 1323
- 1324
- 1325
- 1326
- 1327
- 1328
- 1329
- 1330
- 1331
- 1332
- 1333
- 1334
- 1335
- 1336
- 1337
- 1338
- 1339
- 1340
- 1341
- 1342
- 1343
- 1344
- 1345
- 1346
- 1347
- 1348
- 1349
- 1350
- 1351
- 1352
- 1353
- 1354
- 1355
- 1356
- 1357
- 1358
- 1359
- 1360
- 1361
- 1362
- 1363
- 1364
- 1365
- 1366
- 1367
- 1368
- 1369
- 1370
- 1371
- 1372
- 1373
- 1374
- 1375
- 1376
- 1377
- 1378
- 1379
- 1380
- 1381
- 1382
- 1383
- 1384
- 1385
- 1386
- 1387
- 1388
- 1389
- 1390
- 1391
- 1392
- 1393
- 1394
- 1395
- 1396
- 1397
- 1398
- 1399
- 1400
- 1401
- 1402
- 1403
- 1404
- 1405
- 1406
- 1407
- 1408
- 1409
- 1410
- 1411
- 1412
- 1413
- 1414
- 1415
- 1416
- 1417
- 1418
- 1419
- 1420
- 1421
- 1422
- 1423
- 1424
- 1425
- 1426
- 1427
- 1428
- 1429
- 1430
- 1431
- 1432
- 1433
- 1434
- 1435
- 1436
- 1437
- 1438
- 1439
- 1440
- 1441
- 1442
- 1443
- 1444
- 1445
- 1446
- #!/bin/bash
- #######################################################################
- #
- # This script builds a SOGo/OpenChange Server on Ubuntu 14.04
- #
- # 2015-07-09 - Gerald Brandt - Original Version
- #
- # This script is GPLv2 Licensed
- #
- #######################################################################
- installback=""
- installstr=""
- hostname=""
- domainname=""
- ipaddress=""
- netmask=""
- gateway=""
- nameserver2=""
- dompart1=""
- dompart2=""
- workgroup=""
- password=""
- timezone=""
- upperdomain=""
- upperhost=""
- upperworkgroup=""
- genpassword=""
- cidr=""
- basenet=""
- #######################################################################
- #
- #
- # @return 0 for failure
- # 1 for success
- #
- # @brief
- # configure the network
- #
- #######################################################################
- configure_network () {
- # configure network
- installstr+="Preparing Network\n"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox $installstr 15 50 2>.tmp
- echo "Configuring network" >> INSTALL-LOG
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo " Configure Network" >> INSTALL-LOG 2>&1
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo " "
- # build a proper static ip network
- cp /etc/network/interfaces /etc/network/interfaces-orig >> INSTALL-LOG
- echo "
- auto lo
- iface lo inet loopback
- auto eth0
- iface eth0 inet static
- address $ipaddress
- netmask $netmask
- gateway $gateway
- dns-nameservers $ipaddress
- dns-search $domainname
- " > /etc/network/interfaces
- # add us to the hosts file
- apt-get -y install rpl >> INSTALL-LOG 2>&1
- response=$?
- case $response in
- 100)
- whiptail --title " ERROR " --backtitle "$installback" \
- --infobox "Failed to install rpl. See INSTALL-LOG" 10 50
- exit
- ;;
- esac
- echo "Save old files..." >> INSTALL-LOG 2>&1
- cp /etc/hosts /etc/hosts-orig >> INSTALL-LOG 2>&1
- cp /etc/hostname /etc/hostname-orig >> INSTALL-LOG 2>&1
- cp /etc/resolv.conf /etc/resolv.conf-orig >> INSTALL-LOG 2>&1
- read oldhostname < /etc/hostname
- rpl $oldhostname $hostname /etc/hosts >> INSTALL-LOG 2>&1
- hostname $hostname >> INSTALL-LOG 2>&1
- echo "$ipaddress $hostname.$domainname $hostname" >> /etc/hosts
- echo $hostname > /etc/hostname
- echo "retstart the network"
- # restart the network
- ifdown eth0 >> INSTALL-LOG 2>&1
- service resolvconf restart 2>&1
- ifup eth0 >> INSTALL-LOG 2>&1
- # set the proper name resolution (temp, reboot will reset this properly)
- # we'll get rid of 8.8.8.8 after samba is up
- echo "nameserver $ipaddress" > /etc/resolv.conf
- echo "nameserver 8.8.8.8" >> /etc/resolv.conf
- echo "search $domainname" >> /etc/resolv.conf
- echo "domain $domainname" >> /etc/resolv.conf
- }
- #######################################################################
- #
- # @param none
- #
- # @return 0 for failure
- # 1 for success
- #
- # @brief
- # Modify the fstab for acl's and remount
- #
- #######################################################################
- modify_fstab () {
- installstr+="Modifying fstab\n"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox $installstr 15 50 2>.tmp
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo " Modifying fstab" >> INSTALL-LOG 2>&1
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo " "
- # modify the fstab for acl's
- cp /etc/fstab /etc/fstab-orig
- rpl -e "errors=remount-ro" "user_xattr,acl,barrier=1,errors=remount-ro,relatime" /etc/fstab >> INSTALL-LOG 2>&1
- # remount /
- mount -o remount / >> INSTALL-LOG 2>&1
- }
- #######################################################################
- #
- # @return 0 for failure
- # 1 for success
- #
- # @brief
- # We use samba 4 for user auth, so get it installed and running with the proper domain
- #
- #######################################################################
- install_samba () {
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo " INSTALL SAMBA" >> INSTALL-LOG 2>&1
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo
- installstr+="Samba : install"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox "$installstr" 15 50 2>.tmp
- echo krb5-config krb5-config/admin_server string $hostname.$domainname > krb5-config
- echo krb5-config krb5-config/kerberos-servers string $hostname.$domainname >> krb5-config
- echo krb5-config krb5-config/default_realm string $domainname >> krb5-config
- echo krb5-config krb5-config/add_servers_realm string $domainname >> krb5-config
- echo krb5-config krb5-config/add_servers boolean false >> krb5-config
- cat krb5-config | debconf-set-selections
- apt-get -y install ntp acl samba samba-dev krb5-user attr smbclient dnsutils python-dnspython winbind ldap-utils >> INSTALL-LOG 2>&1
- #apt-get -y install ntp acl samba samba-dev krb5-user attr smbclient dnsutils python-dnspython winbind ldap-utils >> INSTALL-LOG 2>&1
- response=$?
- case $response in
- 100)
- whiptail --title " ERROR " --backtitle "$installback" \
- --infobox "Failed to install Samba. See INSTALL-LOG" 10 50
- exit
- ;;
- esac
- installstr+=" - config"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox "$installstr" 15 50 2>.tmp
- service samba stop >> INSTALL-LOG 2>&1
- service smbd stop >> INSTALL-LOG 2>&1
- service samba-ad-dc stop >> INSTALL-LOG 2>&1
- # sometimes, these don't stop
- killall -9 smbd >> INSTALL-LOG 2>&1
- killall -9 nmbd >> INSTALL-LOG 2>&1
- killall -9 samba >> INSTALL-LOG 2>&1
- service ntp stop >> INSTALL-LOG 2>&1
- ntpdate -B ca.pool.ntp.org >> INSTALL-LOG 2>&1
- service ntp start >> INSTALL-LOG 2>&1
- mv /etc/samba/smb.conf /etc/samba/smb.conf-orig >> INSTALL-LOG 2>&1
- #provision samba
- echo running: samba-tool domain provision --realm=$domainname --domain=$upperworkgroup --adminpass=$password --server-role=dc --use-rfc2307 --host-name=$hostname --host-ip=$ipaddress --use-xattrs=yes --dns-backend=SAMBA_INTERNAL >> INSTALL-LOG 2>&1
- samba-tool domain provision --realm=$domainname --domain=$upperworkgroup --adminpass=$password --server-role=dc --use-rfc2307 --host-name=$hostname --host-ip=$ipaddress --use-xattrs=yes --dns-backend=SAMBA_INTERNAL >> INSTALL-LOG 2>&1
- cp /var/lib/samba/private/krb5.conf /etc
- # set the proper name resolution (in order to finish install)
- echo "nameserver $ipaddress" > /etc/resolv.conf
- echo "search $domainname" >> /etc/resolv.conf
- service samba-ad-dc restart >> INSTALL-LOG 2>&1
- samba-tool domain level raise --domain-level 2008_R2 --forest-level 2008_R2 >> INSTALL-LOG 2>&1
- samba-tool domain passwordsettings set --complexity=off >> INSTALL-LOG 2>&1
- samba-tool domain passwordsettings set --min-pwd-length=1 >> INSTALL-LOG 2>&1
- #*****************************************************************
- # TODO TODO TODO
- #
- # figure out how to pass password in so it's not requested
- #
- #*****************************************************************
- samba-tool user setpassword Administrator <<< $password
- #expect -c "
- # spawn samba-tool user setpassword Administrator
- # expect "?assword: "
- # send $password
- # expect eof"
- samba-tool user setexpiry Administrator --noexpiry >> INSTALL-LOG 2>&1
- service samba-ad-dc restart >> INSTALL-LOG 2>&1
- echo "
- # Global parameters
- [global]
- server role = active directory domain controller
- workgroup = $upperworkgroup
- realm = $domainname
- netbios name = $hostname
- passdb backend = samba4
- dns forwarder = $nameserver2
- [netlogon]
- path = /var/lib/samba/sysvol/example.com/scripts
- read only = No
- [sysvol]
- path = /var/lib/samba/sysvol
- read only = No
- " > /etc/samba/smb.conf
- service samba-ad-dc stop >> INSTALL-LOG 2>&1
- # sometimes, these don't stop
- killall -9 smbd >> INSTALL-LOG 2>&1
- killall -9 nmbd >> INSTALL-LOG 2>&1
- killall -9 samba >> INSTALL-LOG 2>&1
- # none of this seems to work, smbd starts and samba-ad-dc doesn't. Neither does ocsmanager
- mv /etc/init/smbd.conf /etc/init/smbd.conf.disabled >> INSTALL-LOG 2>&1
- mv /etc/init/reload-smbd.conf /etc/init/reload-smbd.conf.disabled >> INSTALL-LOG 2>&1
- mv /etc/init/nmbd.conf /etc/init/nmbd.conf.disabled >> INSTALL-LOG 2>&1
- mv /etc/init/samba.conf /etc/init/samba.conf.disabled >> INSTALL-LOG 2>&1
- update-rc.d -f smbd remove >> INSTALL-LOG 2>&1
- update-rc.d -f nmbd remove >> INSTALL-LOG 2>&1
- update-rc.d -f samba remove >> INSTALL-LOG 2>&1
- update-rc.d samba-ad-dc defaults >> INSTALL-LOG 2>&1
- service samba-ad-dc start >> INSTALL-LOG 2>&1
- echo "nameserver $ipaddress" > /etc/resolv.conf
- echo "nameserver 8.8.8.8" >> /etc/resolv.conf
- echo "search $domainname" >> /etc/resolv.conf
- echo "domain $domainname" >> /etc/resolv.conf
- installstr+=" - done\n"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox "$installstr" 15 50 2>.tmp
- }
- #######################################################################
- #
- # @param
- #
- # @return 0 for failure
- # 1 for success
- #
- # @brief
- # Install dovecot and config to authenticate against samba
- #
- #######################################################################
- install_dovecot () {
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo " INSTALL DOVECOT" >> INSTALL-LOG 2>&1
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo
- installstr+="Dovecot : install"
- dialog --title " Please Wait... " --backtitle "$installback" --infobox "$installstr" 15 50 2>.tmp
- # create user
- groupadd -g 5000 vmail >> INSTALL-LOG 2>&1
- useradd -m -u 5000 -g 5000 -s /bin/bash -d /var/mail vmail >> INSTALL-LOG 2>&1
- adduser vmail mail >> INSTALL-LOG 2>&1
- chown -R vmail:vmail /var/mail >> INSTALL-LOG 2>&1
- # preseed
- echo "dovecot-core dovecot-core/create-ssl-cert boolean true
- dovecot-core dovecot-core/ssl-cert-name string localhost" | debconf-set-selections
- apt-get -y install dovecot-imapd dovecot-pop3d dovecot-ldap dovecot-managesieved dovecot-sieve dovecot-lmtpd >> INSTALL-LOG 2>&1
- response=$?
- case $response in
- 100)
- whiptail --title " ERROR " --backtitle "$installback" \
- --infobox "Failed to install Dovecot. See INSTALL-LOG" 10 50
- exit
- ;;
- esac
- installstr+=" - config"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox "$installstr" 15 50 2>.tmp
- echo -e "
- # Enable installed protocols
- !include_try /usr/share/dovecot/protocols.d/*.protocol
- postmaster_address=administrator@$domainname
- # AUTH
- disable_plaintext_auth = yes
- auth_master_user_separator = *
- auth_mechanisms = plain login
- # master users
- #passdb {
- # driver = passwd-file
- # master = yes
- # args = /etc/dovecot/master-users
- # Unless you're using PAM, you probably still want the destination user to
- # be looked up from passdb that it really exists. pass=yes does that.
- #pass = yes
- #}
- # ldap users
- passdb {
- driver = ldap
- args = /etc/dovecot/dovecot-ldap.conf.ext
- }
- userdb {
- driver = ldap
- args = /etc/dovecot/dovecot-ldap.conf.ext
- }
- # trust on 127.0.0.1
- passdb {
- driver = static
- args = nopassword=y allow_nets=127.0.0.1/32
- }
- # LOGGING
- auth_verbose = yes
- mail_debug = no
- plugin {
- # Events to log. Also available: flag_change append
- #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
- # Available fields: uid, box, msgid, from, subject, size, vsize, flags
- # size and vsize are available only for expunge and copy events.
- #mail_log_fields = uid box msgid size
- }
- # MAIL and NAMESPACES
- mail_location = maildir:~/maildir
- mail_uid = vmail
- mail_gid = vmail
- mail_plugins = acl quota
- namespace {
- type = private
- separator = /
- prefix =
- inbox = yes
- mailbox INBOX {
- auto = create
- }
- }
- namespace {
- type = shared
- separator = /
- prefix = shared/%%u/
- location = maildir:%%h/maildir:INDEX=~/maildir/shared/%%u
- subscriptions = no
- list = children
- }
- # MASTER
- service imap-login {
- inet_listener imap {
- #port = 143
- }
- inet_listener imaps {
- #port = 993
- ssl = yes
- }
- # this is suboptimal since imap and imaps will also accept nopass
- inet_listener imap-nopass {
- port = 144
- }
- }
- service pop3-login {
- inet_listener pop3 {
- #port = 110
- }
- inet_listener pop3s {
- #port = 995
- #ssl = yes
- }
- }
- service lmtp {
- unix_listener lmtp {
- #mode = 0666
- }
- # Create inet listener only if you can't use the above UNIX socket
- inet_listener lmtp {
- # Avoid making LMTP visible for the entire internet
- address = 127.0.0.1
- port = 24
- }
- }
- service imap {
- executable = imap postlogin
- }
- service auth {
- # auth_socket_path points to this userdb socket by default. It's typically
- # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
- # permissions make it readable only by root, but you may need to relax these
- # permissions. Users that have access to this socket are able to get a list
- # of all usernames and get results of everyone's userdb lookups.
- unix_listener /var/spool/postfix/private/auth {
- mode = 0660
- user = postfix
- group = postfix
- }
- }
- service postlogin {
- executable = script-login -d rawlog
- unix_listener postlogin {
- }
- }
- # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
- ssl = yes
- ssl_cert = </etc/ssl/certs/dovecot.pem
- ssl_key = </etc/ssl/private/dovecot.pem
- # LDA
- quota_full_tempfail = yes
- protocol lda {
- # Space separated list of plugins to load (default is global mail_plugins).
- #mail_plugins = \$mail_plugins
- }
- # PROTOCOLS
- protocol imap {
- mail_plugins = \$mail_plugins autocreate imap_acl imap_quota
- }
- protocol lmtp {
- mail_plugins = \$mail_plugins sieve
- }
- service managesieve-login {
- inet_listener sieve {
- port = 4190
- address = 127.0.0.1
- }
- }
- service managesieve {
- }
- protocol sieve {
- }
- plugin {
- acl = vfile
- acl_shared_dict = file:/var/spool/dovecot/shared-mailboxes.db
- quota_rule = *:storage=2G
- quota_rule2 = Trash:storage=+100M
- quota = dict:::file:%h/dovecot-quota
- sieve = ~/.dovecot.sieve
- sieve_dir = ~/sieve
- autocreate = Trash
- autosubscribe = Trash
- autocreate2 = Drafts
- autosubscribe2 = Drafts
- autocreate3 = Sent
- }
- " > /etc/dovecot/dovecot.conf
- echo -e "
- hosts = 127.0.0.1:389
- dn = cn=administrator,cn=Users,dc=${DOM[0]},dc=${DOM[1]}
- dnpass = $password
- base = cn=Users,dc=${DOM[0]},dc=${DOM[1]}
- auth_bind = yes
- pass_filter = (cn=%n)
- user_filter = (cn=%n)
- user_attrs = cn=home=/var/spool/dovecot/%$
- " > /etc/dovecot/dovecot-ldap.conf.ext
- rpl -e "#C=FI" "C=CA" /usr/share/doc/dovecot-core/dovecot/dovecot-openssl.cnf >> INSTALL-LOG 2>&1
- rpl -e "#ST=" "ST=Manitoba" /usr/share/doc/dovecot-core/dovecot/dovecot-openssl.cnf >> INSTALL-LOG 2>&1
- rpl -e "#L=Helsinki" "L=Winnipeg" /usr/share/doc/dovecot-core/dovecot/dovecot-openssl.cnf >> INSTALL-LOG 2>&1
- rpl -e "#O=Dovecot" "O=$workgroup" /usr/share/doc/dovecot-core/dovecot/dovecot-openssl.cnf >> INSTALL-LOG 2>&1
- rpl -e "CN=imap.example.com" "CN=*.$domainname" /usr/share/doc/dovecot-core/dovecot/dovecot-openssl.cnf >> INSTALL-LOG 2>&1
- rpl -e "emailAddress=postmaster@example.com" "emailAddress=postmaster@$domainname" /usr/share/doc/dovecot-core/dovecot/dovecot-openssl.cnf >> INSTALL-LOG 2>&1
- pushd .
- cd /usr/share/doc/dovecot-core/dovecot >> INSTALL-LOG 2>&1
- chmod +x mkcert.sh >> INSTALL-LOG 2>&1
- ./mkcert.sh >> INSTALL-LOG 2>&1
- popd
- touch /var/log/dovecot.message
- chown vmail.vmail /var/log/dovecot.message
- mkdir /var/spool/dovecot
- chown vmail.vmail /var/spool/dovecot
- service dovecot restart >> INSTALL-LOG 2>&1
- installstr+=" - done\n"
- dialog --title " Please Wait... " --backtitle "$installback" --infobox "$installstr" 15 50 2>.tmp
- }
- #######################################################################
- #
- # @param
- #
- # @return 0 for failure
- # 1 for success
- #
- # @brief
- # Install imapproxy
- #
- #######################################################################
- install_imapproxy () {
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo " INSTALL IMAPPROXY" >> INSTALL-LOG 2>&1
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo " " >> INSTALL-LOG 2>&1
- #just in case
- service dovecot restart >> INSTALL-LOG 2>&1
- installstr+="IMAP Proxy: install"
- dialog --title " Please Wait... " --backtitle "$installback" --infobox "$installstr" 15 50 2>.tmp
- apt-get -y install imapproxy >> INSTALL-LOG 2>&1
- installstr+=" - config"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox "$installstr" 15 50 2>.tmp
- echo -e "
- server_hostname localhost
- connect_retries 10
- connect_delay 5
- cache_size 3072
- listen_port 1143
- server_port 143
- cache_expiration_time 300
- proc_username nobody
- proc_groupname nogroup
- stat_filename /var/run/pimpstats
- protocol_log_filename /var/log/imapproxy_protocol.log
- syslog_facility LOG_MAIL
- send_tcp_keepalives no
- enable_select_cache no
- foreground_mode no
- force_tls no
- chroot_directory /var/lib/imapproxy/chroot
- enable_admin_commands no
- " > /etc/imapproxy.conf
- installstr+=" - done\n"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox "$installstr" 15 50 2>.tmp
- }
- #######################################################################
- #
- # @param
- #
- # @return 0 for failure
- # 1 for success
- #
- # @brief
- # Install postfix and configure to autheticate against ldap
- #
- #######################################################################
- install_postfix () {
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo " INSTALL POSTFIX" >> INSTALL-LOG 2>&1
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo
- installstr+="Postfix : install"
- dialog --title " Please Wait... " --backtitle "$installback" --infobox "$installstr" 15 50 2>.tmp
- echo postfix postfix/main_mailer_type select Internet Site > postfix-config
- echo postfix postfix/mailname string $domainname >> postfix-config
- echo postfix postfix/destinations string $domainname, localhost, localhost.localdomain >> postfix-config
- cat postfix-config | debconf-set-selections
- apt-get -y install postfix postfix-ldap >> INSTALL-LOG 2>&1
- response=$?
- case $response in
- 100)
- whiptail --title " ERROR " --backtitle "$installback" \
- --infobox "Failed to install Postfix. See INSTALL-LOG" 10 50
- exit
- ;;
- esac
- installstr+=" - config"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox "$installstr" 15 50 2>.tmp
- echo -e "
- # See /usr/share/postfix/main.cf.dist for a commented, more complete version
- # Debian specific: Specifying a file name will cause the first
- # line of that file to be used as the name. The Debian default
- # is /etc/mailname.
- #myorigin = /etc/mailname
- smtpd_banner = \$myhostname ESMTP \$mail_name (Ubuntu)
- biff = no
- # appending .domain is the MUA's job.
- append_dot_mydomain = no
- # Uncomment the next line to generate "delayed mail" warnings
- #delay_warning_time = 4h
- readme_directory = no
- # TLS parameters
- smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
- smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
- smtpd_use_tls=yes
- smtpd_tls_session_cache_database = btree:\${data_directory}/smtpd_scache
- smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache
- # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
- # information on enabling SSL in the smtp client.
- smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
- myhostname = $hostname.$domainname
- alias_maps = hash:/etc/aliases
- alias_database = hash:/etc/aliases
- myorigin = /etc/mailname
- mydestination = localhost, \$myhostname, \$mydomain
- relayhost =
- mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 $basenet/$cidr
- mailbox_size_limit = 0
- recipient_delimiter = +
- inet_interfaces = all
- inet_protocols = all
- virtual_alias_maps = ldap:/etc/postfix/people.ldap
- mailbox_transport = lmtp:127.0.0.1:24
- # SASL Auth
- smtpd_sasl_auth_enable = yes
- smtpd_sasl_security_options = noanonymous
- smtpd_sasl_type = dovecot
- smtpd_sasl_path = private/auth
- smtpd_sasl_local_domain = \$myorigin
- broken_sasl_auth_clients = yes
- " > /etc/postfix/main.cf
- echo -e "
- version = 3
- server_port = 389
- timeout = 60
- search_base = cn=Users,dc=${DOM[0]},dc=${DOM[1]}
- query_filter = (mail=%s)
- result_attribute = cn
- bind = yes
- bind_dn = cn=administrator,cn=Users,dc=${DOM[0]},dc=${DOM[1]}
- bind_pw = $password
- server_host = ldap://127.0.0.1:389/
- " > /etc/postfix/people.ldap
- #echo -e "\ndovecot unix - n n - - pipe
- # flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d \${user}" >> /etc/postfix/master.cf
- service postfix restart >> INSTALL-LOG 2>&1
- installstr+=" - done\n"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox "$installstr" 15 50 2>.tmp
- }
- #######################################################################
- #
- # @param
- #
- # @return 0 for failure
- # 1 for success
- #
- # @brief
- # install mysql for sogos (and later on ocsmanagers) use
- #
- #######################################################################
- install_mysql () {
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo " INSTALL MySQL" >> INSTALL-LOG 2>&1
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo
- installstr+="MySQL : install"
- dialog --title " Please Wait... " --backtitle "$installback" --infobox "$installstr" 15 50 2>.tmp
- # set up the preseed
- # we use the user supplied admin password for the mysql db
- echo "mysql-server-5.5 mysql-server/root_password password $password
- mysql-server-5.5 mysql-server/root_password seen true
- mysql-server-5.5 mysql-server/root_password_again password $password
- mysql-server-5.5 mysql-server/root_password_again seen true
- " | debconf-set-selections
- apt-get -y install mysql-server mysql-client python-mysqldb >> INSTALL-LOG 2>&1
- response=$?
- case $response in
- 100)
- whiptail --title " ERROR " --backtitle "$installback" \
- --infobox "Failed to install MySQL. See INSTALL-LOG" 10 50
- exit
- ;;
- esac
- installstr+=" - config"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox "$installstr" 15 50 2>.tmp
- service mysql restart >> INSTALL-LOG 2>&1
- installstr+=" - done\n"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox "$installstr" 15 50 2>.tmp
- }
- #######################################################################
- #
- # @param
- #
- # @return 0 for failure
- # 1 for success
- #
- # @brief
- # Install the SOGo server
- #
- #######################################################################
- install_sogo () {
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo " INSTALL SOGo" >> INSTALL-LOG 2>&1
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo
- installstr+="SOGo : install"
- dialog --title " Please Wait... " --backtitle "$installback" --infobox "$installstr" 15 50 2>.tmp
- # set up the preseed
- echo "tmpreaper tmpreaper/TMPREAPER_TIME note
- tmpreaper tmpreaper/confignowexists note
- tmpreaper tmpreaper/readsecurity note
- tmpreaper tmpreaper/readsecurity_upgrading note" | debconf-set-selections
- #apt-get -y install sogo sogo-activesync libwbxml2-0 python-mysqldb python-sievelib >> INSTALL-LOG 2>&1
- apt-get -y install sogo sogo-activesync >> INSTALL-LOG 2>&1
- response=$?
- case $response in
- 100)
- whiptail --title " ERROR " --backtitle "$installback" \
- --infobox "Failed to install SOGo. See INSTALL-LOG" 10 50
- exit
- ;;
- esac
- mysql --password="$password" --user=root mysql -e "CREATE DATABASE sogo CHARACTER SET utf8 ; CREATE USER 'sogo'@'localhost' IDENTIFIED BY '$genpassword' ; GRANT ALL PRIVILEGES ON sogo.* TO 'sogo'@'localhost' WITH GRANT OPTION; FLUSH PRIVILEGES;" >> INSTALL-LOG 2>&1
- installstr+=" - config"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox "$installstr" 15 50 2>.tmp
- samba-tool user add sogo '$password' >> INSTALL-LOG 2>&1
- #make a good sogo.conf
- echo "
- {
- SOGoUserSources = (
- {
- CNFieldName = cn;
- IDFieldName = cn;
- UIDFieldName = sAMAccountName;
- baseDN = \"cn=Users,dc=${DOM[0]},dc=${DOM[1]}\";
- bindDN = \"cn=administrator,cn=Users,dc=${DOM[0]},dc=${DOM[1]}\";
- bindFields = (sAMAccountName);
- bindPassword = \"$password\";
- canAuthenticate = YES;
- displayName = \"Shared Addresses\";
- hostname = \"ldap://127.0.0.1:389/\";
- id = public;
- isAddressBook = YES;
- type = ldap;
- }
- );
- SOGoAppointmentSendEMailNotifications = YES;
- //SOGoSuperUsernames = (administrator);
- SOGoProfileURL = mysql://sogo:$genpassword@127.0.0.1:3306/sogo/sogo_user_profile;
- OCSFolderInfoURL = mysql://sogo:$genpassword@127.0.0.1:3306/sogo/sogo_folder_info;
- OCSEMailAlarmsFolderURL = mysql://sogo:$genpassword@127.0.0.1:3306/sogo/sogo_alarms_folder;
- OCSSessionsFolderURL = mysql://sogo:$genpassword@127.0.0.1:3306/sogo/sogo_sessions_info;
- SOGoSieveScriptsEnabled = YES;
- SOGoForwardEnabled = YES;
- SOGoVacationEnabled = YES;
- SOGoEnableEMailAlarms = YES;
- SOGoTimeZone = $timezone;
- SOGoIMAPServer = 127.0.0.1:1143;
- SOGoSieveServer = sieve://127.0.0.1:4190;
- SOGoMailingMechanism = smtp;
- SOGoSMTPServer = 127.0.0.1;
- SOGoCalendarDefaultRoles = (\"PublicDAndTViewer\");
- /* Debugging */
- //LDAPDebugEnabled = YES;
- //MySQL4DebugEnabled = YES;
- //OCSFolderManagerSQLDebugEnabled = YES;
- //PGDebugEnabled = YES;
- //SOGoDebugRequests = YES;
- //WODebugTakeValues = YES;
- SOGoUIxDebugEnabled = YES;
- //SaxDebugReaderFactory = YES;
- //SaxObjectDecoderDebugEnabled = YES;
- //SoDebugObjectTraversal = YES;
- //SoSecurityManagerDebugEnabled = YES;
- //VSSaxDriverDebugEnabled = YES;
- //WODebugResourceLookup = YES;
- //WEResourceManagerDebugEnabled = YES;
- //WEResourceManagerComponentDebugEnabled = YES;
- }
- " > /etc/sogo/sogo.conf
- # the Ubuntu startup scripts specifies the number of threads. The commndline overrides
- # the config, so we need to change that
- rpl -e "PREFORK=3" "PREFORK=10" /etc/init.d/sogo >> INSTALL-LOG 2>&1
- # get cronjobs installed
- echo "
- * * * * * sogo /usr/sbin/sogo-ealarms-notify
- 0 0 * * * sogo /usr/sbin/sogo-tool expire-autoreply -p /etc/sogo/sieve.creds
- " >> /etc/crontab
- echo "administrator:$password
- " > /etc/sogo/sieve.creds
- service samba-ad-dc start >> INSTALL-LOG 2>&1
- service sogo restart >> INSTALL-LOG 2>&1
- installstr+=" - done\n"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox "$installstr" 15 50 2>.tmp
- }
- #######################################################################
- #
- # @param
- #
- # @return 0 for failure
- # 1 for success
- #
- # @brief
- # We use samba 4 for user auth, so get it installed and running with the proper domain
- #
- #######################################################################
- install_apache () {
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo " INSTALL Apache" >> INSTALL-LOG 2>&1
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo
- installstr+="Apache : install"
- dialog --title " Please Wait... " --backtitle "$installback" --infobox "$installstr" 15 50 2>.tmp
- #apt-get -y install apache2 apache2-mpm-prefork apache2-utils libapache2-mod-wsgi apachetop >> INSTALL-LOG 2>&1
- apt-get -y install apache2 apache2-utils libapache2-mod-wsgi apachetop >> INSTALL-LOG 2>&1
- response=$?
- case $response in
- 100)
- whiptail --title " ERROR " --backtitle "$installback" \
- --infobox "Failed to install SOGo MySQL Connector. See INSTALL-LOG" 10 50
- exit
- ;;
- esac
- installstr+=" - config"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox "$installstr" 15 50 2>.tmp
- a2dismod mpm_event >> INSTALL-LOG 2>&1
- a2enmod mpm_prefork >> INSTALL-LOG 2>&1
- a2enmod proxy >> INSTALL-LOG 2>&1
- a2enmod proxy_http >> INSTALL-LOG 2>&1
- a2enmod wsgi >> INSTALL-LOG 2>&1
- a2enmod headers >> INSTALL-LOG 2>&1
- a2enmod rewrite >> INSTALL-LOG 2>&1
- a2enmod ssl >> INSTALL-LOG 2>&1
- a2dismod reqtimeout >> INSTALL-LOG 2>&1
- a2ensite default-ssl >> INSTALL-LOG 2>&1
- # temp for bad placment by the .debs
- mv /etc/apache2/conf.d/SOGo.conf /etc/apache2/conf-available >> INSTALL-LOG 2>&1
- rpl -e "443" "80" /etc/apache2/conf-available/SOGo.conf >> INSTALL-LOG 2>&1
- rpl -e "yourhostname" "$hostname.$domainname" /etc/apache2/conf-available/SOGo.conf >> INSTALL-LOG 2>&1
- rpl -e "http://yourhostname" "http://$hostname.$domainname" /etc/apache2/conf-available/SOGo.conf >> INSTALL-LOG 2>&1
- # turn on activesync
- rpl -e "#ProxyPass /Micro" "ProxyPass /Micro" /etc/apache2/conf-available/SOGo.conf >> INSTALL-LOG 2>&1
- rpl -e "# http://127.0.0.1:20000" " http://127.0.0.1:20000" /etc/apache2/conf-available/SOGo.conf >> INSTALL-LOG 2>&1
- rpl -e "# retry=60" " retry=60" /etc/apache2/conf-available/SOGo.conf >> INSTALL-LOG 2>&1
- # add remote hosts
- rpl -e " RequestHeader unset" "# RequestHeader unset" /etc/apache2/conf-available/SOGo.conf >> INSTALL-LOG 2>&1
- rpl -e " AddDefaultCharset" " RequestHeader set "x-webobjects-remote-host" %{REMOTE_HOST}e env=REMOTE_HOST\n AddDefaultCharset" /etc/apache2/conf-available/SOGo.conf >> INSTALL-LOG 2>&1
- a2enconf SOGo >> INSTALL-LOG 2>&1
- echo -e "
- ## We use mod_rewrite to pass remote address to the SOGo proxy.
- # The remote address will appear in SOGo's log files and in the X-Forward
- # header of emails.
- RewriteEngine On
- RewriteRule ^/SOGo/(.*)$ /SOGo/$1 [env=REMOTE_HOST:%{REMOTE_ADDR},PT]
- " >> /etc/apache2/conf-available/SOGo.conf
- service apache2 restart >> INSTALL-LOG 2>&1
- service sogo restart >> INSTALL-LOG 2>&1
- installstr+=" - done\n"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox "$installstr" 15 50 2>.tmp
- }
- #######################################################################
- #
- # @param
- #
- # @return 0 for failure
- # 1 for success
- #
- # @brief
- # saslauthd and related tools
- #
- #######################################################################
- install_saslauthd () {
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo " INSTALL SASLAuthD" >> INSTALL-LOG 2>&1
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo
- installstr+="saslauthd : install"
- dialog --title " Please Wait... " --backtitle "$installback" --infobox "$installstr" 15 50 2>.tmp
- apt-get -y install sasl2-bin >> INSTALL-LOG 2>&1
- response=$?
- case $response in
- 100)
- whiptail --title " ERROR " --backtitle "$installback" \
- --infobox "Failed to install saslauthd. See INSTALL-LOG" 10 50
- exit
- ;;
- esac
- installstr+=" - config"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox "$installstr" 15 50 2>.tmp
- echo "
- START=yes
- DESC=\"SASL Authentication Daemon\"
- NAME=\"saslauthd\"
- MECHANISMS=\"ldap\"
- MECH_OPTIONS=\"\"
- THREADS=5
- OPTIONS=\"-c -m /var/run/saslauthd\"
- " > /etc/default/saslauthd
- echo "
- ldap_servers: ldap://127.0.0.1:389/
- ldap_version: 3
- ldap_auth_method: bind
- ldap_bind_dn: cn=administrator,cn=Users,dc=${DOM[0]},dc=${DOM[1]}
- ldap_bind_pw: $password
- ldap_search_base: cn=Users,dc=${DOM[0]},dc=${DOM[1]}
- ldap_filter: cn=%U
- ldap_scope: sub
- " > /etc/saslauthd.conf
- service saslauthd start
- installstr+=" - done\n"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox "$installstr" 15 50 2>.tmp
- }
- #######################################################################
- #
- # @param
- #
- # @return 0 for failure
- # 1 for success
- #
- # @brief
- # We use samba 4 for user auth, so get it installed and running with the proper domain
- #
- #######################################################################
- install_openchange () {
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo " INSTALL Openchange" >> INSTALL-LOG 2>&1
- echo "###################################################################################" >> INSTALL-LOG 2>&1
- echo
- installstr+="OpenChange: install"
- dialog --title " Please Wait... " --backtitle "$installback" --infobox "$installstr" 15 50 2>.tmp
- apt-get -y install openchangeserver sogo-openchange openchangeproxy python-ocsmanager python-mysqldb openchange-ocsmanager openchange-rpcproxy python-sievelib python-spyne python-rpclib >> INSTALL-LOG 2>&1
- response=$?
- case $response in
- 100)
- whiptail --title " ERROR " --backtitle "$installback" \
- --infobox "Failed to install OpenChange. See INSTALL-LOG" 10 50
- exit
- ;;
- esac
- installstr+=" - config"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox "$installstr" 15 50 2>.tmp
- #create the ocsmanager file
- echo "
- [DEFAULT]
- debug = true
- email_to = administrator@$domainname
- smtp_server = localhost
- error_email_from = administrator@$domainname
- [main]
- auth = ldap
- mapistore_root = /var/lib/samba/private
- mapistore_data = /var/lib/samba/private/mapistore
- debug = yes
- [auth:file]
- [auth:ldap]
- host = ldap://127.0.0.1
- port = 389
- bind_dn = cn=administrator,cn=Users,dc=${DOM[0]},dc=${DOM[1]}
- bind_pw = $password
- basedn = cn=Users,dc=${DOM[0]},dc=${DOM[1]}
- [auth:single]
- username = openchange
- # password is test
- password = {SSHA}I6Hy5Wv0wuxyXvMBFWFQDVVN12_CLaX9
- [server:main]
- use = egg:Paste#http
- host = 127.0.0.1
- port = 5000
- protocol_version = HTTP/1.1
- [app:main]
- use = egg:ocsmanager
- full_stack = true
- static_files = true
- cache_dir = %(here)s/data
- beaker.session.key = ocsmanager
- beaker.session.secret = SDyKK3dKyDgW0mlpqttTMGU1f
- app_instance_uuid = {ee533ebc-f266-49d1-ae10-d017ee6aa98c}
- NTLMAUTHHANDLER_WORKDIR = /var/cache/ntlmauthhandler
- SAMBA_HOST = 127.0.0.1
- [rpcproxy:ldap]
- host = localhost
- port = 389
- basedn = CN=Users,DC=${DOM[0]},DC=${DOM[1]}
- set debug = true
- [autodiscover]
- [autodiscover:rpcproxy]
- enabled = true
- [outofoffice]
- [outofoffice:file]
- sieve_script_path = /var/vmail/\$domain/\$user/sieve-script
- sieve_script_path_mkdir = false
- [outofoffice:managesieve]
- secret = secret
- # Logging configuration
- [loggers]
- keys = root
- [handlers]
- keys = console
- [formatters]
- keys = generic
- [logger_root]
- level = INFO
- handlers = console
- [handler_console]
- class = StreamHandler
- args = (sys.stderr,)
- level = NOTSET
- formatter = generic
- [formatter_generic]
- format = %(asctime)s %(levelname)-5.5s [%(name)s] [%(threadName)s] %(message)s
- " > /etc/ocsmanager/ocsmanager.ini
- # replace the smb.conf file with the one we need
- echo "
- # Global parameters
- [global]
- server role = active directory domain controller
- workgroup = $upperworkgroup
- realm = $domainname
- netbios name = $hostname
- passdb backend = samba4
- dns forwarder = $nameserver2
- ### Configuration required by OpenChange server ###
- dsdb:schema update allowed = true
- dcerpc endpoint servers = +epmapper, +mapiproxy, +dnsserver
- dcerpc_mapiproxy:server = true
- dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, exchange_ds_rfr
- mapistore:namedproperties = mysql
- namedproperties:mysql_user = openchange-user
- namedproperties:mysql_pass = $genpassword
- namedproperties:mysql_host = localhost
- namedproperties:mysql_db = openchange
- mapistore:indexing_backend = mysql://openchange-user:$genpassword@localhost/openchange
- mapiproxy:openchangedb = mysql://openchange-user:$genpassword@localhost/openchange
- ### Configuration required by OpenChange server ###
- [netlogon]
- path = /var/lib/samba/sysvol/$domainname/scripts
- read only = No
- [sysvol]
- path = /var/lib/samba/sysvol
- read only = No
- " > /etc/samba/smb.conf
- #configure mysql for Openchnage
- echo "running: mysql --password="$password" --user=root mysql -e \"CREATE USER 'openchange-user'@'localhost' IDENTIFIED BY '$genpassword';GRANT ALL PRIVILEGES ON openchange.* TO 'openchange-user'@'localhost' WITH GRANT OPTION;FLUSH PRIVILEGES;\"" >> INSTALL-LOG 2>&1
- mysql --password="$password" --user=root mysql -e "CREATE USER 'openchange-user'@'localhost' IDENTIFIED BY '$genpassword';GRANT ALL PRIVILEGES ON openchange.* TO 'openchange-user'@'localhost' WITH GRANT OPTION;FLUSH PRIVILEGES;" >> INSTALL-LOG 2>&1
- service samba-ad-dc start >> INSTALL-LOG 2>&1
- openchange_provision --standalone >> INSTALL-LOG 2>&1
- openchange_provision --openchangedb --openchangedb-uri mysql://openchange-user:$genpassword@localhost/openchange >> INSTALL-LOG 2>&1
- # tell samba to use mysql backend
- #rpl -e "[global]" "[global]\n\tmapistore:namedproperties = mysql\n\tnamedproperties:mysql_user = openchange-user\n\tnamedproperties:mysql_pass = $genpassword\n\tnamedproperties:mysql_host = localhost\n\tnamedproperties:mysql_db = openchange\n\n\tmapistore:indexing_backend = mysql://openchange-user:$genpassword@localhost/openchange\n\tmapiproxy:openchangedb = mysql://openchange-user:$genpassword@localhost/openchange\n" /etc/samba/smb.conf >> INSTALL-LOG 2>&1
- # create new openchange users
- openchange_newuser --create Administrator >> INSTALL-LOG 2>&1
- # restart samba
- service samba-ad-dc restart >> INSTALL-LOG 2>&1
- service openchange-ocsmanager restart >> INSTALL-LOG 2>&1
- # set the proper name resolution (temp, reboot will reset this properly)
- # we'll get rid of 8.8.8.8 after samba is up
- echo "nameserver $ipaddress" > /etc/resolv.conf
- echo "nameserver 8.8.8.8" >> /etc/resolv.conf
- echo "search $domainname" >> /etc/resolv.conf
- echo "domain $domainname" >> /etc/resolv.conf
- # temp for bad placment by the .debs
- mv /etc/apache2/conf.d/ocsmanager.conf /etc/apache2/conf-available >> INSTALL-LOG 2>&1
- mv /etc/apache2/conf.d/rpcproxy.conf /etc/apache2/conf-available >> INSTALL-LOG 2>&1
- a2enconf ocsmanager >> INSTALL-LOG 2>&1
- a2enconf rpcproxy >> INSTALL-LOG 2>&1
- rpl -e "</Directory>" " Require all granted\n</Directory>" /etc/apache2/conf-available/rpcproxy.conf >> INSTALL-LOG 2>&1
- update-rc.d openchange-ocsmanager defaults >> INSTALL-LOG 2>&1
- service apache2 restart >> INSTALL-LOG 2>&1
- service samba-ad-dc start >> INSTALL-LOG 2>&1
- service openchange-ocsmanager restart >> INSTALL-LOG 2>&1
- service sogo restart >> INSTALL-LOG 2>&1
- installstr+=" - done\n"
- dialog --title " Please Wait... " --backtitle "$installback" \
- --infobox "$installstr" 15 50 2>.tmp
- }
- # Get the Network destination from the IP & Subnet mask
- get_network_address() {
- SaveIFS=$IFS
- IFS=.
- typeset -a IParr=($1)
- typeset -a NMarr=($2)
- IFS=$SaveIFS
- echo $((${IParr[0]} & ${NMarr[0]})).$((${IParr[1]} & ${NMarr[1]})).$((${IParr[2]} & ${NMarr[2]})).$((${IParr[3]} & ${NMarr[3]}))
- }
- # Function calculates number of bit in a netmask
- #
- mask2cidr() {
- nbits=0
- IFS=.
- for dec in $1 ; do
- case $dec in
- 255) let nbits+=8;;
- 254) let nbits+=7;;
- 252) let nbits+=6;;
- 248) let nbits+=5;;
- 240) let nbits+=4;;
- 224) let nbits+=3;;
- 192) let nbits+=2;;
- 128) let nbits+=1;;
- 0);;
- *) echo "Error: $dec is not recognised"; exit 1
- esac
- done
- echo "$nbits"
- }
- #######################################################################
- #
- # @param
- #
- # @return 0 for failure
- # 1 for success
- #
- # @brief
- #
- #
- #######################################################################
- template () {
- echo "hello"
- }
- echo Building an Active Directory Master and SOGo Server > INSTALL-LOG 2>&1
- echo >> INSTALL-LOG 2>&1
- echo Preparing install environment... >> INSTALL-LOG 2>&1
- installstr=""
- installback="Majentis Active Directory/SOGo/OpenChange Install v0.8.0"
- whiptail --title " Please Wait... " --backtitle "$installback" \
- --infobox "Preparing install environment" 15 50 2>.tmp
- # Get the SOGo repo online
- cp /etc/apt/sources.list /etc/apt/sources.list-orig
- echo "deb http://inverse.ca/ubuntu trusty trusty" >> /etc/apt/sources.list
- apt-key adv --keyserver keys.gnupg.net --recv-key 0x810273C4 >> INSTALL-LOG 2>&1
- apt-get update >> INSTALL-LOG 2>&1
- # I just prefer dialog, though I use whiptail for errors, since it changes the background color (whiptail doesn't work over ssh?)
- apt-get -y install dialog debconf-utils joe htop expect >> INSTALL-LOG 2>&1
- response=$?
- case $response in
- 100)
- echo "Failed to prepare install environment. See INSTALL-LOG\n" >> INSTALL-LOG
- whiptail --title " ERROR " --backtitle "$installback" \
- --infobox "Failed to prepare install environment. See INSTALL-LOG" 10 50
- exit
- ;;
- esac
- # getting server information
- dialog --title " Static IP Address " --backtitle "$installback" --inputbox "Enter this server's static IP address" 15 50 2>.tmp
- ipaddress=`cat .tmp`
- dialog --title " Netmask " --backtitle "$installback" --inputbox "Enter this server's netmask" 15 50 2>.tmp
- netmask=`cat .tmp`
- dialog --title " Gateway IP Address " --backtitle "$installback" --inputbox "Enter this server's gateway IP address" 15 50 2>.tmp
- gateway=`cat .tmp`
- dialog --title " External Nameserver IP Address " --backtitle "$installback" --inputbox "Enter this server's external namserver\n (i.e. 8.8.8.8)" 15 50 2>.tmp
- nameserver2=`cat .tmp`
- dialog --title " Domain Name " --backtitle "$installback" --inputbox "Enter this server's domain name\n (i.e. fisheye.com)" 15 50 2>.tmp
- domainname=`cat .tmp`
- dialog --title " Workgroup Name " --backtitle "$installback" --inputbox "Enter this server's workgroup / domain name\n (i.e. fisheye)" 15 50 2>.tmp
- workgroup=`cat .tmp`
- dialog --title " System Hostname " --backtitle "$installback" --inputbox "Enter this server's hostname\n (i.e. pdc)" 15 50 2>.tmp
- hostname=`cat .tmp`
- dialog --title " Administrator password " --backtitle "$installback" --inputbox "The password must contain lowercase letters,\nuppercase letters, and numbers.\n\nIf it doesn't, the install will fail." 0 0 2>.tmp
- password=`cat .tmp`
- timezone=`cat /etc/timezone`
- dialog --title " Confirmation " --backtitle "$installback" --yesno "Is the following information correct:\n\n
- System Name: $hostname.$domainname\n
- Domain: $workgroup\n
- IP address: $ipaddress/$netmask\n
- Gateway: $gateway\n
- External DNS Server: $nameserver2\n
- Administrator password: $password\n
- Timezone: $timezone" 0 0 2>.tmp
- response=$?
- case $response in
- 1)
- exit
- ;;
- 255)
- exit
- ;;
- esac
- echo -e "System Name: $hostname.$domainname\n
- Domain: $workgroup\n
- IP address: $ipaddress/$netmask\n
- Gateway: $gateway\n
- External DNS Server: $nameserver2\n
- Administrator password: $password\n
- Timezone: $timezone" >> INSTALL-LOG
- # uppercase some info
- upperdomain=${domainname^^}
- upperhost=${hostname^^}
- upperworkgroup=${workgroup^^}
- # split domain up
- OLDIFS="$IFS"
- IFS='.'; DOM=($domainname)
- IFS="$OLDIFS"
- # generate the password used for DB access
- genpassword=$(date +%s | sha256sum | base64 | head -c 16)
- # get network info
- basenet=$(get_network_address $ipaddress $netmask)
- cidr=$(mask2cidr $netmask)
- configure_network
- modify_fstab
- install_saslauthd
- install_samba
- install_dovecot
- install_postfix
- install_mysql
- install_sogo
- install_apache
- install_openchange
- install_imapproxy
Add Comment
Please, Sign In to add comment