Version 7 (modified by jacalvo@…, 4 years ago) (diff)

--

eBox master/slave setup

Starting with the 1.3 series eBox allows the synchronization of several slave eBox installations against an eBox holding a central LDAP directory.

Note: If you are using the eBox installer on CD-ROM you don't have to care about the installation instructions and you can skip directly to the configuration section. Also, if you are using our installer the default password of your LDAP is ebox.

Installation

You will have to add the following repositories to /etc/apt/sources.list: 

deb http://ppa.launchpad.net/ebox/1.3/ubuntu hardy main

Master

We must only install the usersandgroups module in the master eBox. In order to do that we'll run: 

sudo apt-get install ebox-usersandgroups apparmor-

The apparmor- option will delete the apparmor package. We need to remove this package because the security profiles that it loads are incompatible with our LDAP configuration.

During the installation process you'll have to pay attention to the options that will ask you the LDAP and eBox passwords. If you want a specific base DN in your LDAP installation, you can run: 

sudo dpkg-reconfigure slapd

and select your preferred prefix.

Once the installation process is finished, you'll be able to access  https://<ebox-ip>.

Module Configuration in the Master eBox

  • Set the network configuration through Network->Interfaces and Network->Gateways. Enable the Network module in Module Status.

  • Save changes
  • In Firewall->Packet Filter->Filtering rules from internal networks to eBox edit the rule containing the LDAP service, which by default and for security reasons is disabled, and change it to accept connections. Enable the Firewall module in Module status.
  • Save Changes
  • Go to Users->Mode, select the master mode and input the LDAP password that you set during the installation process (not necessarily the same as the eBox one). If you insert the wrong passwords you'll get an error when trying to enable the module later.
  • Save Changes
  • Enable the users and groups module in Module Status.
  • Save Changes
  • If everything has gone well, you are now ready to add new users and groups to the master LDAP.
  • Save Changes

Slave

We will install, in addition to usersandgroups, the samba module, or any other module that relies on usersandgroups by running: 

sudo apt-get install ebox-samba apparmor-

The apparmor- option will delete the apparmor package. We need to remove this package because the security profiles that it loads are incompatible with our LDAP configuration.

Module Configuration in the Slave eBox

  • Set the network configuration through Network->Interfaces and Network->Gateways. Enable the Network module in Module Status.

  • Save Changes
  • Check that you can ping the master IP from the slave
  • Go to Users->Mode, select the slave mode, input the master IP, and, in the password field, the content of the file /var/lib/ebox/conf/ebox-ldap.passwd from the master machine.
  • Save changes
  • Enable the usersandgroups module in Module status (this will fail if you can't access the master or if the password is wrong)
  • Save Changes
  • Now you should be able to see the users and groups stored in the master in the slave.
  • In File Sharing->General Settings, configure the Domain and NETBIOS names, as well as the drive letters and the group of users that you want to have a Samba account.

Take into account that each hour a script will be run deleting all the directories belonging to users not in this group.

  • Enable the file sharing module in Module status.
  • Save Changes