Building a Webserver
(CENTOS 5.2 64-bit, Virtualmin, LDAP)
1. Build Basic CentOS 5.2 64-bit XEN
2. Setup Hostname
nano /etc/hostname
server1.example.com
nano /etc/hosts
x.x.x.x server1.example.com server1
server1.example.com
nano /etc/hosts
x.x.x.x server1.example.com server1
1.2.3.4 mx.example.com mx
The order of the host names after the IP seems to matter. The below reverse order does NOT seem to work on all OS's when running "hostname --fqdn"
1.2.3.4 mx mx.example.com
3. Verify Hostnames
Check that you have a valid hostname entered.
Then, check that
now that the config looks good we will check reverse DNS, and verify config
check your hostname ( /etc/hostname )
hostname -d
gives only the domainname
and
hostname -s
gives only the hostname
and
hostname -f
gives the hostname.domainname
then
Then check that:
uname -a
is returning the correct FQDN.
hostname --fqdnit should return the fully qualified domain name of your mx server that should be something like "server1.example.com".
Then, check that
cat /etc/hostnamereturns server1.example.com and that
cat /etc/hostsreturns something like: x.x.x.x server1.example.com server1
now that the config looks good we will check reverse DNS, and verify config
check your hostname ( /etc/hostname )
hostname -d
gives only the domainname
and
hostname -s
gives only the hostname
and
hostname -f
gives the hostname.domainname
then
Then check that:
uname -a
is returning the correct FQDN.
4. Disable SELINUX
To disable SELINUX we have to edit the config file
nano /etc/selinux/config
and change the SELINUX line to:
SELINUX=disabled
Then type:
setenforce 0
to disable selinux durring runtime.
nano /etc/selinux/config
and change the SELINUX line to:
SELINUX=disabled
Then type:
setenforce 0
to disable selinux durring runtime.
5. Install Virtualmin
Update your system:
yum update
Install perl:
yum install perl
Get the Install script:
wget http://software.virtualmin.com/gpl/scripts/install.sh
Run the install script:
/bin/sh install.sh
yum update
Install perl:
yum install perl
Get the Install script:
wget http://software.virtualmin.com/gpl/scripts/install.sh
Run the install script:
/bin/sh install.sh
6. Basic Virtualmin Configuration
a. First we have to verify Virtualmin Configuration
After Installation, check the configuration by going to:
https://server1.example.com:10000
Login using root credentials.
Click Verify Configuration (in Yellow Box)
https://server1.example.com:10000
Login using root credentials.
Click Verify Configuration (in Yellow Box)
b. Now we need to set MySQL Password
Click Webmin
Expand Servers
Click MySQL Database Server
Click Change Administrator Password
Enter root password
Click Change Now
Expand Servers
Click MySQL Database Server
Click Change Administrator Password
Enter root password
Click Change Now
c. Next we will enable disk Quotas
Expand Servers
Click Disk and Network Filesystems
Click Module Config
Click System Configuration under Configuration Category
Change File listing filesystem mounted at boot time to /etc/mtab
Click Save
Click on / (Root filesystem)
Change Use Quotas option to User and Group
Click Save
Expand System
Click Disk Quotas
Click Enable Quotas
Click Disk and Network Filesystems
Click Module Config
Click System Configuration under Configuration Category
Change File listing filesystem mounted at boot time to /etc/mtab
Click Save
Click on / (Root filesystem)
Change Use Quotas option to User and Group
Click Save
Expand System
Click Disk Quotas
Click Enable Quotas
d. Configure Mailman Mailing Lists
Click on Webmin
Expand Servers
Click on Virtualmin Mailman Mailing Lists
Enter Administration email, ie:
mailman@example.com
Enter Administration password
Click Create Button
Expand Servers
Click on Virtualmin Mailman Mailing Lists
Enter Administration email, ie:
mailman@example.com
Enter Administration password
Click Create Button
e. Time to Re-Check Virtualmins Config
Click on Virtualmin
Expand System Settings
Click Re-Check Config
If all checks out, continue
Congragulations, You have the basics setup!!
Expand System Settings
Click Re-Check Config
If all checks out, continue
Congragulations, You have the basics setup!!
7. Install and Setup LDAP
a. LDAP Install
Open a console window, and run:
yum install openldap openldap-servers openldap-devel openldap-clients perl-LDAP
Fix the default config by:
cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
Now, Start LDAP
/etc/init.d/ldap start
yum install openldap openldap-servers openldap-devel openldap-clients perl-LDAP
Fix the default config by:
cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
Now, Start LDAP
/etc/init.d/ldap start
b. Setup Webmin's Server Module
Bring up the web admin interface again
Click on Webmin
Click Refresh Modules
Expand Servers
Click LDAP Server
Click OpenLDAP Server Configuration
change Root DN for LDAP database to:
dc=example,dc=com (ie example.com)
Change Administration login DN to:
cn=Manager,dc=example,dc=com (use Manager for the cn..... there are reasons)
Under New Administrator password, click Set to button and enter a password in the field
Click Save
Click Manage Schema
Make sure the nis schema is checked
Click Save
Click Apply Configuration
You will now have a new button on the screen
Click Create Root DN
Under Start at Boot, Click Yes, then the Start at boot? button
Click on Webmin
Click Refresh Modules
Expand Servers
Click LDAP Server
Click OpenLDAP Server Configuration
change Root DN for LDAP database to:
dc=example,dc=com (ie example.com)
Change Administration login DN to:
cn=Manager,dc=example,dc=com (use Manager for the cn..... there are reasons)
Under New Administrator password, click Set to button and enter a password in the field
Click Save
Click Manage Schema
Make sure the nis schema is checked
Click Save
Click Apply Configuration
You will now have a new button on the screen
Click Create Root DN
Under Start at Boot, Click Yes, then the Start at boot? button
b. Create LDAP Trees
Click Create Tree
Select Distinguished Name, then enter the following into the field:
dc=Users,dc=example,dc=com (use your domain name, and use Users at the begining)
Change Create example object under new DN? to Unix user
Click Create
Now we will create LDAP Groups
Click Create Tree
Select Distinguished Name, then enter the following into the field:
dc=Groups,dc=example,dc=com (use your domain name, and use Groups at the begining)
Change Create example object under new DN? to No
Click Create
Click Browse Database
make sure you see the two entries you just made.
== c. LDAP Client Setup ==
Open console window, and run: (This installs NSS and PAM)
yum install nss_ldap
Login to the administrative web site
Click on Webmin
Click Refresh Modules
Expand System
Click on LDAP Client
Click LDAP Server Configuration
Change Logon for root user to:
cn=Manager,dc=example,dc=com
Change Password for root user to:
'password you setup for Manager'
Click Save
Click LDAP Search Bases
Change Global search base to:
dc=example,dc=com
Change Base for Unix users to:
dc=Users,dc=example,dc=com
Change Base for Unix groups to:
dc=Groups,dc=example,dc=com
Click Save
Click LDAP Browser, and make sure you can see Users and Groups
Click on Services using LDAP
Click Unix users
Change Second data source to LDAP
Click Save
Click Unix Groups
Change Second data source to LDAP
Click Save
Click Unix shadow passwords
Change Second data source to LDAP
Click Save
Verify all of this by clicking Validate Configuration
Select Distinguished Name, then enter the following into the field:
dc=Users,dc=example,dc=com (use your domain name, and use Users at the begining)
Change Create example object under new DN? to Unix user
Click Create
Now we will create LDAP Groups
Click Create Tree
Select Distinguished Name, then enter the following into the field:
dc=Groups,dc=example,dc=com (use your domain name, and use Groups at the begining)
Change Create example object under new DN? to No
Click Create
Click Browse Database
make sure you see the two entries you just made.
== c. LDAP Client Setup ==
Open console window, and run: (This installs NSS and PAM)
yum install nss_ldap
Login to the administrative web site
Click on Webmin
Click Refresh Modules
Expand System
Click on LDAP Client
Click LDAP Server Configuration
Change Logon for root user to:
cn=Manager,dc=example,dc=com
Change Password for root user to:
'password you setup for Manager'
Click Save
Click LDAP Search Bases
Change Global search base to:
dc=example,dc=com
Change Base for Unix users to:
dc=Users,dc=example,dc=com
Change Base for Unix groups to:
dc=Groups,dc=example,dc=com
Click Save
Click LDAP Browser, and make sure you can see Users and Groups
Click on Services using LDAP
Click Unix users
Change Second data source to LDAP
Click Save
Click Unix Groups
Change Second data source to LDAP
Click Save
Click Unix shadow passwords
Change Second data source to LDAP
Click Save
Verify all of this by clicking Validate Configuration
if you get a "user does not exist" error, restart webmin by:
Open a console window, and type: /etc/webmin/restart
Then rerun Validate Configuration
d. Setup PAM to use LDAP
Click Webmin
Expand System
Click PAM Authentication
Under Authentication steps section
Choose pam_ldap.so from drop down window
Click Add step for: button
Change Failure level to Sufficient
Click Create
Use the 'up arrow' on pam_ldap.so so that it is above pam_unix.so
Repeat for Account verification steps
Repeat for Session setup steps
Repeat for Password change steps
Expand System
Click PAM Authentication
NOTE: if 64-bit OS follow the following:
Click Module Config
Change Directories containing PAM libraries to:
/lib64/security
Click SaveClick system-auth
Under Authentication steps section
Choose pam_ldap.so from drop down window
Click Add step for: button
Change Failure level to Sufficient
Click Create
Use the 'up arrow' on pam_ldap.so so that it is above pam_unix.so
Repeat for Account verification steps
Repeat for Session setup steps
Repeat for Password change steps
e. Setup Webmin to use LDAP
Click on Virtualmin
Expand System Settings
Click on Module Config
Under Store users and groups choose In LDAP database
Click Save
Expand System Settings
Click on Module Config
Under Store users and groups choose In LDAP database
Click Save
f. Store Email Aliases in LDAP
Click on Webmin
Expand Servers
Click on LDAP Server
Click on Manage Schema
Check the box for misc
Click Save
Click on Manage Schema
Under misc click Edit
Find inetLocalMailRecipient class
Click Save
Click Save again
Click Apply Configuration
Click Create Tree
Select Distinguished name and in the adjacent field enter:
dc=Aliases,dc=example,dc=com
Click Create Tree
Select Distinguished name and in the adjacent field enter:
dc=Virtual,dc=example,dc=com
Expand Servers
Click on LDAP Server
Click on Manage Schema
Check the box for misc
Click Save
Click on Manage Schema
Under misc click Edit
Find inetLocalMailRecipient class
Should look like this: objectclass ( 2.16.840.1.113730.3.2.147 NAME 'inetLocalMailRecipient' DESC 'Internet local mail recipient' SUP top AUXILIARY MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )Change AUXILIARY to STRUCTURAL
Click Save
Click Save again
Click Apply Configuration
Click Create Tree
Select Distinguished name and in the adjacent field enter:
dc=Aliases,dc=example,dc=com
Click Create Tree
Select Distinguished name and in the adjacent field enter:
dc=Virtual,dc=example,dc=com
g. Configure Postfix to use LDAP database
Click Webmin
Expand Servers
Click Postfix Mail Server
Click on Module Config
Under Configuration category choose LDAP options
Change Object classes for maps to inetLocalMailRecipient
Change Key attribute for map objects to mailLocalAddress
Change Create seperate DN for each domain? to No
Click Save
Click Mail Aliases
Under Alias databases used by the local delivery agent click on .... button
Expand Map source 2
Select LDAP server
Change LDAP search base DN to:
dc=Aliases,dc=example,dc=com
Change Query filter to:
mailLocalAddress=%s
Change Result attribute to:
mailRoutingAddress
Change Server login to:
cn=Manager,dc=example,dc=com
Enter LDAP password into Server password field
Click Save
Click Save and Apply
Click Virtual Domains
Under Domain mapping lookup tables click on .... button
Expand Map source 2
Select LDAP server
Change LDAP search base DN to:
dc=Virtual,dc=example,dc=com
Change Query filter to:
mailLocalAddress=%s
Change Result attribute to:
mailRoutingAddress
Change Server login to:
cn=Manager,dc=example,dc=com
Enter LDAP password into Server password field
Click Save
Click Save and Apply
0 comments:
Post a Comment