Last modified 2 years ago

Zentyal master/slave setup

Starting with the 1.3 series Zentyal allows the synchronization of several slave Zentyal installations against an Zentyal holding a central LDAP directory.

Note: If you are using the Zentyal installer on CD-ROM you don't have to care about the installation instructions and you can skip directly to the configuration section.

Installation

You will have to add the following repositories to /etc/apt/sources.list: 

deb http://ppa.launchpad.net/zentyal/2.0/ubuntu hardy main

Master

We must only install the usersandgroups module in the master Zentyal. If you install any module that depends on usersandgroups in the master, such as asterisk, mail or samba, the master/slave setup won't work. In order to install that module we'll run: 

sudo apt-get install ebox-usersandgroups apparmor-

The apparmor- option will delete the apparmor package. We need to remove this package because the security profiles that it loads are incompatible with our LDAP configuration.

Once the installation process is finished, you'll be able to access  https://<zentyal-ip>.

Module Configuration in the Master Zentyal

  • Set the network configuration through Network->Interfaces and Network->Gateways. Enable the Network module in Module Status.

  • Save changes
  • In Firewall->Packet Filter->Filtering rules from internal networks to Zentyal edit the rule containing the LDAP service, which by default and for security reasons is disabled, and change it to accept connections. Enable the Firewall module in Module status.
  • Save Changes
  • Go to Users->Mode and select the Master mode. If you want a specific base DN in your LDAP installation, you can also select your preferred prefix here.
  • Save Changes
  • Enable the users and groups module in Module Status.
  • Save Changes
  • If everything has gone well, you are now ready to add new users and groups to the master LDAP.
  • Save Changes

Slave

We will install, in addition to usersandgroups, the samba module, or any other module that relies on usersandgroups by running: 

sudo apt-get install ebox-samba apparmor-

The apparmor- option will delete the apparmor package. We need to remove this package because the security profiles that it loads are incompatible with our LDAP configuration.

Module Configuration in the Slave Zentyal

  • Set the network configuration through Network->Interfaces and Network->Gateways. Enable the Network module in Module Status.

  • Save Changes
  • Check that you can ping the master IP from the slave
  • Go to Users->Mode, select the slave mode, input the master IP, and, in the password field, the content of the file /var/lib/ebox/conf/ebox-ldap.passwd from the master machine.
  • Save changes
  • Enable the usersandgroups module in Module status (this will fail if you can't access the master or if the password is wrong)
  • Save Changes
  • Now you should be able to see the users and groups stored in the master in the slave.
  • In File Sharing->General Settings, configure the Domain and NETBIOS names, as well as the drive letters and the group of users that you want to have a Samba account.

Take into account that each hour a script will be run deleting all the directories belonging to users not in this group.

  • Enable the file sharing module in Module status.
  • Save Changes