eBox Desktop

Introduction

ebox-desktop is a Ubuntu package intended to be installed on the desktop clients (workstations) of a network managed by eBox platform.

It provides two main features:

• Authentication against eBox LDAP: The user database is stored only on the eBox server and if you have an account on it you can login from any machine on the network. This works exactly the same as the PDC feature for Windows clients, but in this case with Ubuntu clients.
• Autoconfiguration of desktop clients for the services provided by eBox (mail, samba, Jabber, VoIP, ...): The first time the user logs in a machine it creates a home directory with the proper preconfigured settings.

Configured applications

Here is a list of the applications included with Ubuntu that are automatically configured by ebox-desktop:

• Evolution (Mail service): The mail account of the user is read from ldap and added.
• Nautilus (File sharing): Links to the samba user share and all group shares for the user are added on the desktop.
• Ekiga (VoIP): The asterisk account for the user is added and it will connect automatically at the start.
• Pidgin (Jabber service): The jabber account of the user (if it has one) is added. It also adds a conference to its buddy list for each group that the user belongs to.
• Firefox (eGroupware & User corner): Links to this two services are added to the bookmarks toolbar. Currently it only works if the user corner port is the default one (8888).

Required scenario

• eBox server. It has been currently tested with eBox 1.1.10 (alpha2) on Ubuntu Hardy, but it should work with eBox 1.0.
• At least one client machine with Ubuntu Jaunty installed.

Changes on server side to make it work

General changes

• Make sure that you have the File Sharing module installed, if not you can install it by apt-get install ebox-samba or using ebox-software (Software Management menu on the eBox interface).
• Enable file sharing module and save changes.
• Edit /etc/ebox/80samba.conf and change value of login_shell option to /bin/bash (default is /bin/false).
• The above change will only affect to the users we create from now.
• Create a user from the Users/Add? user menu on the eBox interface.

Jabber service

• Make sure you have the SSL support option on the eBox Jabber configuration set to Optional or Required. That's because pidgin is configured by default to use SSL.
• Check the option Enable MUC (Multi User Chat) if you want to use conferences for the groups on your system.
• The Domain name must be set to ebox because at the moment we don't have any way to get it, but this will change in next versions.

• The users that you create must have enabled the Jabber Account section in the Users/Edit? User menu of eBox. You can see the image below.

Mail service

• You need to have a virtual mail domain created (eBox Installer version > 1.1.10 does it for you).
• The users should have a mail account created (as shown in the last image of the Jabber service section).
• You can enable the mail retrieval services you want in the Mail/General? menu on eBox. But they have to be according to the /etc/ebox-desktop/ebox-desktop.conf file.
• The default values on that file are to use IMAP instead of POP and use SSL when available.

Client side

Installation:

• A ebox-desktop package is provided (not yet in the official repositories), you can install it with apt-get install ebox-desktop.
• The installation process will ask for the address of the eBox server.
• Once the package is installed, you can change this address executing ebox-setup-client <newaddress>.
• You can also do a dpkg-reconfigure ebox-desktop and the address will be prompted again.

Usage:

• Login with any user created in the eBox server after the setup and check that the desktop programs are configured for the eBox services.

• After enter the username a password you'll see a warning about recently created directories if this is the first time the user logs in.
• If you want to force a reconfiguration you can do it executing rm ~/.ebox-desktop-configured and then login again.

Here is an example desktop after login and running pidgin. Pidgin asks directly for the password without needing of configurate the account. You can also see a link on the desktop to the user personal samba share.

How it works

• It uses pam_ldap.so PAM module (libpam-ldap pacakge) for the remote authentication.
• The configuration of the user home directory is done by a script located at /usr/share/ebox-desktop/ebox-setup-user that is ran after login succeded.
• There is a /usr/share/ebox-desktop/skel directory that contains templates for some of the configured applications.
• The ebox-setup-user script gets different needed values from LDAP (connecting to the eBox server) and replaces them on the templates.
• It creates a .ebox-desktop-configured file on the user home to avoid repeating the process after each login.
• ebox-setup-user is ran (using pam_exec.so) as root user, so it adds some actions to the ~/.profile in order to be ran as the login user (some of them are other auxiliar scripts located in /usr/share/ebox-desktop).