Synchronizing eBox with a Windows Active Directory Domain Controller

This guide assumes that you already have a working Windows Domain Controller. At the moment this has been confirmed to be working only under Windows 2003. We will try to have also support for Windows 2000 and 2008 in the future. Please read the Warnings section before doing any of these steps.

Setup of the Windows Server

• Download and execute the  https://sourceforge.net/projects/ebox-platform/files/ebox-adsync-installer-1.3.exe/download ebox-adsync-installer-1.3.exe on your Windows Server.
• During the installation the configuration tool will be launched automatically, you can enter the data at this moment:
  • At the eBox slave host field you have to enter the IP address of your eBox machine.
  • At the Port field you can leave the default one or choose another.
  • As Secret key you can choose any password as long as it has 16 characters.
  • NOTE: You will need to enter the same port and secret key in the eBox machine as it is explained later.
  • Click on the Enable service checkbox. This action would write changes to the registry instantly but it wouldn't take effect until the server is restarted.
  • Click Save to Registry and Exit and finish the installation. Don't restart the server yet as you still need to do additional steps.

• Go to Administrative Tools --> Domain Security Policy and enable the complexity requirements for passwords as you can see in the image:

• Add a user called ebox-adsync (or any other name of your choice) and set a password for it.
• Give the recently created user the proper permissions to read the Active Directory information (FIXME).
• Restart your Windows Server as was said by the installer.

Setup of the eBox slave

• Go to Users --> Mode and fill the following data:
  • Master host: IP address of your Windows Server.
  • LDAP password: The password of the ebox-adsync user you created before.
  • AD user: This will be ebox-adsync unless you specified a different one.
  • Listen port: If you have changed the default one during the Windows configuration, you have to write the same one here.
  • AD Secret Key: The 16 characters key that you entered during the installation on Windows.
• Enable the Users and Groups module in Module Status.
• Save changes.

Warnings

• The passwords for the already existing users will need to be reset in order to synchronize them.
• IMPORTANT: This is still alpha software and it's neither stable nor secure, so please use it only under test environment and never under production ones.

Troubleshooting

• If you experience problems with the synchronization you should enable the debug mode and check the eBox log:
  • Edit the /etc/ebox/99ebox.conf file and set debug = yes.
  • Try to reproduce your problem and check the contents of /var/log/ebox/ebox.log.
• Contact us providing as much information as you can by the different means available: Forum, IRC or mailing lists.
  • You can find all these resources on the main page of this site ( http://trac.ebox-platform.com).