Заметки сисадмина о интересных вещах из мира IT, инструкции и рецензии. Настраиваем Компьютеры/Сервера/1С/SIP-телефонию в Москве

Building a Webserver

2011-04-26 · Posted in CentOS

(CENTOS 5.2 64-bit, Virtualmin, LDAP)
1. Build Basic CentOS 5.2 64-bit XEN

2. Setup Hostname

nano /etc/hostname

server1.example.com

nano /etc/hosts

x.x.x.x server1.example.com server1

1.2.3.4 mx.example.com mx
The order of the host names after the IP seems to matter.
The below reverse order does NOT seem to work on all OS’s
when running “hostname –fqdn”
1.2.3.4 mx mx.example.com

3. Verify Hostnames

Check that you have a valid hostname entered.

hostname –fqdn
it should return the fully qualified domain name of your mx server that should be something like “server1.example.com”.

Then, check that

cat /etc/hostname
returns server1.example.com and that

cat /etc/hosts
returns something like: x.x.x.x server1.example.com server1

now that the config looks good we will check reverse DNS, and verify config

check your hostname ( /etc/hostname )

hostname -d

gives only the domainname

and

hostname -s

gives only the hostname

and

hostname -f

gives the hostname.domainname

then

Then check that:

uname -a

is returning the correct FQDN.

4. Disable SELINUX

To disable SELINUX we have to edit the config file

nano /etc/selinux/config

and change the SELINUX line to:

SELINUX=disabled

Then type:

setenforce 0

to disable selinux durring runtime.

5. Install Virtualmin

Update your system:

yum update

Install perl:

yum install perl

Get the Install script:

wget http://software.virtualmin.com/gpl/scripts/install.sh

Run the install script:

/bin/sh install.sh

6. Basic Virtualmin Configuration

a. First we have to verify Virtualmin Configuration

After Installation, check the configuration by going to:

https://server1.example.com:10000

Login using root credentials.

Click Verify Configuration (in Yellow Box)

b. Now we need to set MySQL Password

Click Webmin

Expand Servers

Click MySQL Database Server

Click Change Administrator Password

Enter root password

Click Change Now

c. Next we will enable disk Quotas

Expand Servers

Click Disk and Network Filesystems

Click Module Config

Click System Configuration under Configuration Category

Change File listing filesystem mounted at boot time to /etc/mtab

Click Save

Click on / (Root filesystem)

Change Use Quotas option to User and Group

Click Save

Expand System

Click Disk Quotas

Click Enable Quotas

d. Configure Mailman Mailing Lists

Click on Webmin

Expand Servers

Click on Virtualmin Mailman Mailing Lists

Enter Administration email, ie:

mailman@example.com

Enter Administration password

Click Create Button

e. Time to Re-Check Virtualmins Config

Click on Virtualmin

Expand System Settings

Click Re-Check Config

If all checks out, continue

Congragulations, You have the basics setup!!

7. Install and Setup LDAP

a. LDAP Install

Open a console window, and run:

yum install openldap openldap-servers openldap-devel openldap-clients perl-LDAP

Fix the default config by:

cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Now, Start LDAP

/etc/init.d/ldap start

b. Setup Webmin’s Server Module

Bring up the web admin interface again

Click on Webmin

Click Refresh Modules

Expand Servers

Click LDAP Server

Click OpenLDAP Server Configuration

change Root DN for LDAP database to:

dc=example,dc=com (ie example.com)

Change Administration login DN to:

cn=Manager,dc=example,dc=com (use Manager for the cn….. there are reasons)

Under New Administrator password, click Set to button and enter a password in the field

Click Save

Click Manage Schema

Make sure the nis schema is checked

Click Save

Click Apply Configuration

You will now have a new button on the screen

Click Create Root DN

Under Start at Boot, Click Yes, then the Start at boot? button

b. Create LDAP Trees

Click Create Tree

Select Distinguished Name, then enter the following into the field:

dc=Users,dc=example,dc=com (use your domain name, and use Users at the begining)

Change Create example object under new DN? to Unix user

Click Create

Now we will create LDAP Groups

Click Create Tree

Select Distinguished Name, then enter the following into the field:

dc=Groups,dc=example,dc=com (use your domain name, and use Groups at the begining)

Change Create example object under new DN? to No

Click Create

Click Browse Database

make sure you see the two entries you just made.

== c. LDAP Client Setup ==

Open console window, and run: (This installs NSS and PAM)

yum install nss_ldap

Login to the administrative web site

Click on Webmin

Click Refresh Modules

Expand System

Click on LDAP Client

Click LDAP Server Configuration

Change Logon for root user to:

cn=Manager,dc=example,dc=com

Change Password for root user to:

‘password you setup for Manager’

Click Save

Click LDAP Search Bases

Change Global search base to:

dc=example,dc=com

Change Base for Unix users to:

dc=Users,dc=example,dc=com

Change Base for Unix groups to:

dc=Groups,dc=example,dc=com

Click Save

Click LDAP Browser, and make sure you can see Users and Groups

Click on Services using LDAP

Click Unix users

Change Second data source to LDAP

Click Save

Click Unix Groups

Change Second data source to LDAP

Click Save

Click Unix shadow passwords

Change Second data source to LDAP

Click Save

Verify all of this by clicking Validate Configuration

if you get a “user does not exist” error, restart webmin by:
Open a console window, and type: /etc/webmin/restart
Then rerun Validate Configuration

d. Setup PAM to use LDAP

Click Webmin

Expand System

Click PAM Authentication

NOTE: if 64-bit OS follow the following:
Click Module Config
Change Directories containing PAM libraries to:
/lib64/security
Click Save
Click system-auth

Under Authentication steps section

Choose pam_ldap.so from drop down window

Click Add step for: button

Change Failure level to Sufficient

Click Create

Use the ‘up arrow’ on pam_ldap.so so that it is above pam_unix.so

Repeat for Account verification steps

Repeat for Session setup steps

Repeat for Password change steps

e. Setup Webmin to use LDAP

Click on Virtualmin

Expand System Settings

Click on Module Config

Under Store users and groups choose In LDAP database

Click Save

f. Store Email Aliases in LDAP

Click on Webmin

Expand Servers

Click on LDAP Server

Click on Manage Schema

Check the box for misc

Click Save

Click on Manage Schema

Under misc click Edit

Find inetLocalMailRecipient class

Should look like this:
objectclass ( 2.16.840.1.113730.3.2.147
NAME ‘inetLocalMailRecipient’
DESC ‘Internet local mail recipient’
SUP top AUXILIARY
MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )
Change AUXILIARY to STRUCTURAL

Click Save

Click Save again

Click Apply Configuration

Click Create Tree

Select Distinguished name and in the adjacent field enter:

dc=Aliases,dc=example,dc=com

Click Create Tree

Select Distinguished name and in the adjacent field enter:

dc=Virtual,dc=example,dc=com

g. Configure Postfix to use LDAP database

Click Webmin

Expand Servers

Click Postfix Mail Server

Click on Module Config

Under Configuration category choose LDAP options

Change Object classes for maps to inetLocalMailRecipient

Change Key attribute for map objects to mailLocalAddress

Change Create seperate DN for each domain? to No

Click Save

Click Mail Aliases

Under Alias databases used by the local delivery agent click on …. button

Expand Map source 2

Select LDAP server

Change LDAP search base DN to:

dc=Aliases,dc=example,dc=com

Change Query filter to:

mailLocalAddress=%s

Change Result attribute to:

mailRoutingAddress

Change Server login to:

cn=Manager,dc=example,dc=com

Enter LDAP password into Server password field

Click Save

Click Save and Apply

Click Virtual Domains

Under Domain mapping lookup tables click on …. button

Expand Map source 2

Select LDAP server

Change LDAP search base DN to:

dc=Virtual,dc=example,dc=com

Change Query filter to:

mailLocalAddress=%s

Change Result attribute to:

mailRoutingAddress

Change Server login to:

cn=Manager,dc=example,dc=com

Enter LDAP password into Server password field

Click Save

Click Save and Apply

I will tweak the rest in the coming days. Enjoy,

Leave a Reply