Home Blog Page 6

Howto: Groupwise – SuSE Linux Enterprise

marshalleq
-
0
Howto: Groupwise – SuSE Linux Enterprise

Howto: Groupwise – SuSE Linux Enterprise 9 (SLES9)

**This is a legacy article which does not meet some of our quality standards. While it may contain useful information, is retained here for legacy reasons only.**

I’m posting this here incase it is of use to someone.  I’ll try to hone it a bit once I actually do another install, if that happens but it should provide some good information for anyone having to do this task.  I would welcome feedback as groupwise can be a bit of a black art at time even though it’s underlining mail system is quite simple.   This particular guide was written during a specific install so it may not apply to you.  This install was VMWare based and ext3 was used as a filesytem.  I’ll tidy it up as time permits but for now at least it’s online 🙂

This article was written for Groupwise 7, but may apply to later versions.

Ensure ConsoleOne 1.3.6 is installed

I got revision ‘f’ from http://download.novell.com/Download?buildid=brBWU2uxSiM~ but revision ‘d’ is on the groupwise cd under consoleone directory
untar it into your root home directory (tar -zxvf c1xxxxx)
cd Linux
./c1-install
choose 1 for english
choose 8 for all Snapins, you might not need to but I didn’t know ;} most of them actually came up and said they were already installed)

Install Groupwise
Use the Groupwise Retail CD only!!! The demo one you download cannot be used in a production system

run install.sh from the root of the cd via command prompt
cd /media/dvd
./install
Choose English <OK>
Click Create or update a Groupwise system
Click <NEXT>
Click I accept <NEXT>
Accept default software distribution directory /opt/novell/groupwise/software <NEXT>
Click Select All <NEXT> as some of these are needed by the admin tool
Sit back and wait til it’s all copied.
Click <NEXT> when copying is complete
Choose Create new groupwise system <NEXT>

Click <RUN> to start ConsoleOne
Accept /mnt as the linux mount directory <OK>
Click <OK> again.
Authenticate to edirectory
If ConsoleOne does not start, you can start it with the following command , (make a shortcut)
./usr/ConsoleOne/bin/ConsoleOne
Click on the NDS icon in the ConsoleOne left window pane
Click File / Authenticate
Login as per normal to e-directory eg admin / password / tree /context <LOGIN>

Create New Groupwise System

Click Tools, Groupwise Utilities, New System from the ConsoleOne pulldown menus
Click <NEXT>
Accept the default Software Distribution Directory (SDD) as enterered before <NEXT>
Accept the default tree originally created in edirectory <NEXT>
Click the checkbox ‘Extend eDirectory schema’ <NEXT>
Enter your system name eg Gwxxxxx <NEXT>
Enter your Groupwise Domain Name eg dom1 <NEXT>
Specify your domain directory for your groupwise mail database, should be a subfolder of a parent directory eg /mail/groupwise/dom1 <NEXT>
Choose your edirectory domain context eg groupwise.domain.tree (I first created a groupwise folder under the exisiting edirectory domain with iManager (do this by web browsing to the server) <NEXT>
Choose Domain Language US <NEXT>
Choose your time Zone <NEXT>
Enter in your post office name (cannot be changed later) eg po1 <NEXT>
Choose the postoffice directory (as before under a sub directory) eg, /mail/groupwise/po1 <NEXT>
Choose your postoffice eDirectory context as before eg groupwise.domain.tree <NEXT>
Choose your postoffice language (English US) <NEXT>
And the post office time zone <NEXT>
Accept TVP/IP link for the post office Link Screen <NEXT>
Enter the IP of the server the post office agents are installed on eg 192.168.1.10 leave ports as default <NEXT>
Same again for the MTA network address <NEXT>
add the admin or any other user to the post office accounts section, apparently you have to select one <NEXT>
Click <NEXT> to start the creation of the groupwise system
Check the final summary on the summary screen and choose <NEXT> if all is as expected
Click <NEXT> to continue
Click <NEXT> to begin agent software installation
Click <NEXT> ton install MTA and POA
Ensure the Launch Groupwise agents option is on (ticked red) <EXIT>
You now have a very basic system with no internet connectivity.

Internet Agent

Disable any other smtp servers on the box
eg chkconfig postfix off
Certificate Export
First export the LDAP’s root certificate to be used later
Ensure you are authenticated to edirectory in ConsoleOne
Left click on your domain, Right click on the SSL Certificate IP in the right pane, then click properties
Choose the certificates tab, click Export
Note the file name and export the TrustedRootCert.der file to /root
Click Cancel
Install Agent
Again run the install script from a shell on the retail CD
./media/dvd/install
Choose English <OK>
Click ‘Install Products’
Click Groupwise Internet Agent
Click Install Internet Agent (FYI this needs to be on the same box as a domain to work properly) <OK>
Click Configure Internet Agent
Choose <NEXT> to start the configuration
Configure Agent
Accept the licence agreement <NEXT>
Enter in the IP address of the server you are installing GWIA on.
Enter the DNS name of the local server eg bob.somedomain.com
Change the MTP port to be 7102 <NEXT>
Send outbound mail directly <NEXT>
Enter in the host portion of the domain name eg bob.somedomain.com <NEXT>
Specify the groupwise domain directory eg /mail/groupwise/dom1/ <NEXT>
Enter in the LDAP address so the GWIA can authenticate to edirectory (local IP address eg 192.168.1.10)
Click Use SSL certificate File, browse to previously created file in /root
Click <NEXT>
Accept object name of GWIA
enter domain name and context eg cn=dom1,ou=groupwise,o=domain (use commas as LDAP requires it)
Ensure Launch Internet agent on startup is selected <EXIT>
In ConsoleOne choose Tools, Groupwise System Operations, Internet Addressing
Create any valid email domains here such as what you entered in the somedomain field before, adjust the allowed address formats as you wish. <OK> <YES> to update any effected users.

Groupwise Web Access

From the normal install screen on the retail disc choose install products
Choose Groupwise Webaccess
Choose install web access Agent <OK>
Choose Install Web Access Application <OK>
Choose Configure Web Access Agent <NEXT>
Accept the licence <NEXT>
Enter in the local IP address <NEXT>
Enter in the domain directory path eg /mail/groupwise/dom1
Name the Web Access Agent subdirectory eg webac70a <NEXT>
enter the local LDAP IP address, change the domain and choose ssl and the root certfile as above. <NEXT>
Enter the context of the gateway object eg cn=dom1,ou=groupwise,o=domain <NEXT>
Ensure Launch Web Access Agent is clicked on <EXIT>
Choose configure web access application <NEXT>
Accept the licence agreement <NEXT>
Browse to the path of the webaccess agents gateway directory eg /mail/groupwise/dom1/wpgate/webac70a <NEXT>
Accept the default path to the apache and Tomcat root directories <NEXT>
Enter the local ldap server ip, domain, password and use ssl as above. <NEXT>
specify context as above (ou=groupwise,o=domain) <NEXT>
<EXIT>

Other random notes

The Groupwise Monitor can be installed in the same way as the above agents.

It would be a good time to restart the box to get everything in order.

Don’t forget to upgrade to SP1

If you upgrade using rug SP1 will be needed due to a change in glibc

if e-directory or console one won’t start you could try ln -s /var/opt/novell/nici /var/novell/nici
then /etc/init.d/ndsd start.  This also happens after a rug update.

It is likely you will also need to re-configure all your agents after a service pack install.  Basically follow all the above tips for the configure option only again.

To test receiving email use a pop3 client and send via’s it’s smtp to the local server to a local account
To test sending mail log into the local account and send to a valid one.  This way you don’t need to re-route your companies email for testing purposes!  Also ensure you have the name of the account set in consoleone otherwise most mail servers will reject your mail, (by default the admin account seems to leave this info out).

Howto: Kidsafe web filter on Linux

marshalleq
-
8
Howto: Kidsafe web filter on Linux

How to set up a kidsafe filter on Sabayon Linux

This is a legacy article which does not meet some of our quality standards. While it may contain useful information, is retained here for legacy reasons only.[/alert]

Surprisingly something a number of people still don’t know about is that linux has a great parental / kidsafe web filter available free of charge.  It can run on your machine or on another machine serving all your computers.  It can run as an optional proxy (needing to change a setting in a browser) or as a mandatory system which forces all traffic on your lan or computer to run through it (doesn’t need any special browser settings otherwise called a transparent proxy).  Best of all, it’s quite easy to set up.

Enter Dansguardian – The kidsafe web filter

This Howto is based on Sabayon, a Gentoo based distribution, but other than the package install, should be able to be easily adapted to other systems.

Installation

Remember:  In Sabayon you have 3 different methods of package installation, emerge (gentoo method), Spritz (Sabayon Gui Method) and equo (sabayon console method).  Personally, I’ve found spritz to not work alltogether and haven’t yet gotten equo running so this howto is based on emerge.  The important thing is that no matter which method you use, don’t mix a Sabayon method with the gentoo method, stick to whatever you’ve already been doing or it will stuff up the package database.

You basically need two packages, squid and Dansguardian.  In Sabayon you can just sync up your repositories via emerge –sync, then install them via emerge squid and emerge dansguardian.  If you have another distro it will be in it’s package manager (such as YaST) for openSuSE for sure.  Source code can be obtained from http://dansguardian.org/?page=download2

Configuration – Squid

Edit the squid.conf file with your favourite editor

# vi /etc/squid/squid.conf

In the gentoo/sabayon version of squid that came down from emerge I got some sensible defaults, however if you’re feeling picky or it’s different for you, remove the three lines that say:

acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

and add a line that says:

acl localnet src 192.168.1.0/24

Remember to substitute your local network address range above with a 0 on the end.

Search for the visible_hostname Tag and add a line underneath #none so that it looks like this:

#Default:
# none
visible_hostname localhost
Save your squid.conf file and start squid as root

# /etc/init.d/squid start

# /etc/init.d/squid start
squid                   | * Initializing cache directories …            [ ok ]
squid                   | * Starting squid …                            [ ok ]

For some reason, on the latest version of Sabayon I had to install libwww to get squid to start.  So if you get an error like this, “usr/sbin/squid: error while loading shared libraries: libmd5.so.0: cannot open shared object file: No such file or directory” then run # equo install libwww.

Configuration – Dansguardian

Configuration is done in the file/etc/dansguardian/dansguardian.conf

In Sabayon/Gentoo, no configuration is needed, just start the service as root

** Update 5-11-09**

In latest version of Sabayon I had to edit the line that reads “originalip = on” and change it to off to get it to work.  You probably will too as this is currently a feature that is not fully tested but enabled by default by the Gentoo/Sabayon devs.

** End of Update**

If you want you can edit the file so that your domain name shows up in the page:

  • vi /etc/dansguardian/dansguardian.conf

Change accessdenied webpage from YOURSERVER.YOURSITE to IPADDRESS and save the file

# /etc/init.d/dansguardian start
dansguardian            | * Starting DansGuardian …                     [ ok ]

A

If you want to add log rotation add the following:

Edit the crontab file
  • vi /etc/crontab
  • add the line 59 23 * * sun /etc/dansguardian/logrotation – adds a command to rotate the logs into the task schedule

Making Squid and Dansguardian start automatically at boot time

You will no doubt want it to all start automatically each time the computer/server is started or restarted, to do this, see below:

# rc-update add squid default
* squid added to runlevel default
# rc-update add dansguardian default
* dansguardian added to runlevel default

The Browser

Don’t forget to set in your browser:

Proxy server = your ip address: Port 8080

Use this proxy server for all protocols if you like.

Now test it by going to a website like www.playboy.com, if it’s working you should be presented by a Dansguardian Access Denied web page.

Preventing children (and others) from Disabling the Kidsafe Web Filter

The restrictions created by a content-filtering proxy can be easily circumvented by simply not using the proxy. Assuming that the users so restricted do not have administrative access, this can be prevented as follows:

Edit /usr/lib/firefox/firefox.cfg and add the following entries:


lockPref("network.proxy.http","127.0.0.1");
lockPref("network.proxy.http_port",8080);
lockPref("network.proxy.type,1);
lockPref("network.proxy.no_proxies_on","localhost,127.0.0.1

Sources

http://slack-tux.org/howto/setup-content-filtering-with-dansguardian/

http://www.tgorg.com/main/?q=node/64

1...456Page 6 of 6
© Newspaper WordPress Theme by TagDiv