Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung Nächste Überarbeitung Beide Seiten der Revision | ||
os4e_-_2014_-_fortgeschrittene [2014/07/08 14:53] admin [Dienstag - Nachmittag] |
os4e_-_2014_-_fortgeschrittene [2014/07/09 08:06] admin |
||
---|---|---|---|
Zeile 88: | Zeile 88: | ||
cscript "\Program Files\Microsoft Office\Office14\ospp.vbs" /sethst:kms.voyager.or.at | cscript "\Program Files\Microsoft Office\Office14\ospp.vbs" /sethst:kms.voyager.or.at | ||
cscript "\Program Files\Microsoft Office\Office14\ospp.vbs" /act | cscript "\Program Files\Microsoft Office\Office14\ospp.vbs" /act | ||
- | |||
*Datenrettung | *Datenrettung | ||
+ | * Folien: Stefan | ||
*Virtuelle Festplatte einbinden | *Virtuelle Festplatte einbinden | ||
+ | |||
apt-get install virtualbox-fuse | apt-get install virtualbox-fuse | ||
vdfuse -f /pfad/zum/image.vdi /mountpoint | vdfuse -f /pfad/zum/image.vdi /mountpoint | ||
Zeile 99: | Zeile 100: | ||
umount /mountpoint2 | umount /mountpoint2 | ||
umount /mountpoint | umount /mountpoint | ||
+ | |||
===== Dienstag - Nachmittag ===== | ===== Dienstag - Nachmittag ===== | ||
Zeile 119: | Zeile 121: | ||
vi /etc/smbldap-tools/smbldap.conf | vi /etc/smbldap-tools/smbldap.conf | ||
+ | </file> | ||
+ | |||
+ | <file> | ||
+ | Windows -> Netzlaufwerk verbinden | ||
+ | \\s4e\install | ||
+ | Mit anderen Anmeldeinformationen her | ||
+ | Benutzername: sambakeeper | ||
+ | Passwort: [das von der Installation] | ||
+ | |||
+ | Datei win7_s4e.exe kopieren | ||
+ | "irgendwo"/am Desktop einfügen | ||
+ | |||
+ | Computer - Netzlaufwerk trennen - Z: trennen | ||
+ | |||
+ | win7_s4e.exe starten | ||
+ | |||
+ | Benutzername: hsmarg\sambakeeper | ||
+ | Domäne: hsmarg | ||
+ | Passwort: open23 | ||
</file> | </file> | ||
*Benutzerprofile | *Benutzerprofile | ||
+ | * Unter Windows: Als Benutzer "profil_schueler" anmelden, um das Profil aller Schüler zu verändern. Als Benutzer "profil_lehrer" anmelden, um das Profil aller Lehrer zu verändern usw. | ||
+ | * Profil wird am Server gespeichert! | ||
+ | * Unter Linux: Pro Client als Benutzer "profil" anmelden. Das Profil ist für sämtliche Benutzer gültig. | ||
+ | |||
*Datensicherung | *Datensicherung | ||
* rsync | * rsync | ||
Zeile 132: | Zeile 157: | ||
*WLAN (Radius Server) | *WLAN (Radius Server) | ||
*Cloud/ownCloud | *Cloud/ownCloud | ||
- | *Zarafa | ||
- | |||
- | zypper in htop rsync mc nmap | ||
- | |||
- | === Zarafa Grundinstallation === | ||
- | |||
- | https://portal.zarafa.com/download-release | ||
- | |||
- | zypper in mysql apache2 libxml2 php5 apache2-mod_php5 php5-gettext php5-zlib php5-mysql xpdf-tools sysstat | ||
- | |||
- | === Postfix === | ||
- | |||
- | <file ini /etc/services> | ||
- | ... | ||
- | smtps 465/tcp # Secure SMTP | ||
- | smtps 465/udp # Secure SMTP | ||
- | ... | ||
- | </file> | ||
- | |||
- | <file ini /etc/postfix/main.cf> | ||
- | unknown_local_recipient_reject_code = 550 | ||
- | local_recipient_maps = | ||
- | |||
- | mydestination = /etc/postfix/virtual/domains | ||
- | virtual_alias_maps = hash:/etc/postfix/virtual/addresses | ||
- | virtual_transport = lmtp:127.0.0.1:2003 | ||
- | |||
- | setgid_group = maildrop | ||
- | queue_directory = /var/spool/postfix | ||
- | command_directory = /usr/sbin | ||
- | daemon_directory = /usr/lib/postfix | ||
- | data_directory = /var/lib/postfix | ||
- | mail_owner = postfix | ||
- | mydomain = mail.bgweiz.at | ||
- | myhostname = $mydomain | ||
- | mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 | ||
- | myorigin = mail.bgweiz.at | ||
- | alias_maps = hash:/etc/aliases | ||
- | alias_database = hash:/etc/aliases | ||
- | relayhost = | ||
- | relay_domains = $mydestination | ||
- | mailbox_size_limit = 0 | ||
- | recipient_delimiter = + | ||
- | inet_interfaces = all | ||
- | inet_protocols = ipv4 | ||
- | |||
- | mailbox_command = /usr/bin/zarafa-dagent "$USER" | ||
- | mailbox_transport = zarafa: | ||
- | zarafa_destination_recipient_limit = 1 | ||
- | |||
- | ## | ||
- | smtpd_sasl_authenticated_header = yes | ||
- | header_checks = regexp:/etc/postfix/header_checks | ||
- | smtpd_sasl_local_domain = | ||
- | smtpd_sasl_auth_enable = yes | ||
- | smtpd_sasl_security_options = noanonymous | ||
- | broken_sasl_auth_clients = yes | ||
- | smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination | ||
- | smtpd_tls_auth_only = no | ||
- | smtp_tls_note_starttls_offer = yes | ||
- | smtp_tls_security_level = may | ||
- | smtpd_tls_security_level = may | ||
- | smtpd_tls_cert_file = /etc/zarafa/ssl/server.crt | ||
- | smtpd_tls_key_file = /etc/zarafa/ssl/server.key | ||
- | smtp_tls_CApath = /etc/ssl/certs | ||
- | smtpd_tls_loglevel = 1 | ||
- | smtpd_tls_received_header = yes | ||
- | </file> | ||
- | |||
- | <file ini /etc/postfix/master.cf> | ||
- | # | ||
- | # Postfix master process configuration file. For details on the format | ||
- | # of the file, see the Postfix master(5) manual page. | ||
- | # | ||
- | # ========================================================================== | ||
- | # service type private unpriv chroot wakeup maxproc command + args | ||
- | # (yes) (yes) (yes) (never) (100) | ||
- | # ========================================================================== | ||
- | smtp inet n - n - - smtpd | ||
- | #submission inet n - n - - smtpd | ||
- | # -o smtpd_etrn_restrictions=reject | ||
- | # -o smtpd_client_restrictions=permit_sasl_authenticated,reject | ||
- | smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes | ||
- | -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes | ||
- | #submission inet n - n - - smtpd | ||
- | # -o smtpd_etrn_restrictions=reject | ||
- | # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes | ||
- | #628 inet n - n - - qmqpd | ||
- | pickup fifo n - n 60 1 pickup | ||
- | cleanup unix n - n - 0 cleanup | ||
- | qmgr fifo n - n 300 1 qmgr | ||
- | #qmgr fifo n - n 300 1 oqmgr | ||
- | tlsmgr unix - - n 1000? 1 tlsmgr | ||
- | rewrite unix - - n - - trivial-rewrite | ||
- | bounce unix - - n - 0 bounce | ||
- | defer unix - - n - 0 bounce | ||
- | trace unix - - n - 0 bounce | ||
- | verify unix - - n - 1 verify | ||
- | flush unix n - n 1000? 0 flush | ||
- | proxymap unix - - n - - proxymap | ||
- | smtp unix - - n - - smtp | ||
- | # When relaying mail as backup MX, disable fallback_relay to avoid MX loops | ||
- | relay unix - - n - - smtp | ||
- | -o fallback_relay= | ||
- | # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 | ||
- | showq unix n - n - - showq | ||
- | error unix - - n - - error | ||
- | discard unix - - n - - discard | ||
- | local unix - n n - - local | ||
- | virtual unix - n n - - virtual | ||
- | lmtp unix - - n - - lmtp | ||
- | anvil unix - - n - 1 anvil | ||
- | #localhost:10025 inet n - n - - smtpd -o content_filter= | ||
- | scache unix - - n - 1 scache | ||
- | # | ||
- | # ==================================================================== | ||
- | # Interfaces to non-Postfix software. Be sure to examine the manual | ||
- | # pages of the non-Postfix software to find out what options it wants. | ||
- | # | ||
- | # Many of the following services use the Postfix pipe(8) delivery | ||
- | # agent. See the pipe(8) man page for information about ${recipient} | ||
- | # and other message envelope options. | ||
- | # ==================================================================== | ||
- | # | ||
- | # maildrop. See the Postfix MAILDROP_README file for details. | ||
- | # Also specify in main.cf: maildrop_destination_recipient_limit=1 | ||
- | # | ||
- | maildrop unix - n n - - pipe | ||
- | flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} | ||
- | cyrus unix - n n - - pipe | ||
- | user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} | ||
- | uucp unix - n n - - pipe | ||
- | flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) | ||
- | ifmail unix - n n - - pipe | ||
- | flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) | ||
- | bsmtp unix - n n - - pipe | ||
- | flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient | ||
- | procmail unix - n n - - pipe | ||
- | flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient} | ||
- | retry unix - - n - - error | ||
- | proxywrite unix - - n - 1 proxymap | ||
- | |||
- | # Zarafa | ||
- | #zarafa unix - n n - 10 pipe | ||
- | # flags=DRhu user=vmail argv=/usr/bin/zarafa-dagent -R ${recipient} | ||
- | #zarafa unix - n n - - pipe | ||
- | # flags= user=mail argv=/usr/bin/procmail -a ${user} | ||
- | zarafa unix - n n - 10 pipe | ||
- | flags= user=mail argv=/usr/bin/zarafa-dagent ${user} | ||
- | </file> | ||
- | |||
- | <file ini /etc/postfix/virtual/domains> | ||
- | bgweiz.at | ||
- | mail.bgweiz.at | ||
- | d4e.at | ||
- | mail.d4e.at | ||
- | </file> | ||
- | |||
- | <file ini /etc/postfix/virtual/addresses> | ||
- | #bgweiz.at DOMAIN | ||
- | direktion@bgweiz.at direktion | ||
- | matthias.praunegger@bgweiz.at matthias | ||
- | |||
- | #d4e.at DOMAIN | ||
- | info@d4e.at info | ||
- | |||
- | </file> | ||
- | |||
- | postmap /etc/postfix/virtual/addresses | ||
- | |||
- | /etc/init.d/postfix restart | ||
- | |||
- | === Zarafa-Konfiguration === | ||
- | |||
- | <file ini /etc/sysconfig/zarafa> | ||
- | ZARAFA_LOCALE="de_DE.UTF-8" | ||
- | ZARAFA_USERSCRIPT_LOCALE="de_DE.UTF-8" | ||
- | </file> | ||
- | |||
- | <file ini /etc/zarafa/server.cfg> | ||
- | ... | ||
- | local_admin_users = root mail | ||
- | mysql_password = mysqlpasswort | ||
- | server_ssl_enabled = yes | ||
- | server_ssl_key_pass = sslpasswort | ||
- | server_ssl_ca_file = /etc/zarafa/ssl/ca.pem | ||
- | user_plugin_config = | ||
- | #/etc/zarafa/ldap.cfg | ||
- | disabled_features = pop3 | ||
- | ... | ||
- | </file> | ||
- | |||
- | mkdir /etc/zarafa/ssl | ||
- | cd /etc/zarafa/ssl | ||
- | wget http://www.startssl.com/certs/ca.pem | ||
- | wget http://www.startssl.com/certs/sub.class1.server.ca.pem | ||
- | cat server.crt server.key > server.pem | ||
- | |||
- | mkdir /etc/apache2/ssl | ||
- | cd /etc/apache2/ssl | ||
- | wget http://www.startssl.com/certs/ca.pem | ||
- | wget http://www.startssl.com/certs/sub.class1.server.ca.pem | ||
- | |||
- | <file ini /etc/zarafa/gateway.cfg> | ||
- | ... | ||
- | pop3_enable = no | ||
- | imaps_enable = yes | ||
- | ssl_private_key_file = /etc/zarafa/ssl/server.key | ||
- | ssl_certificate_file = /etc/zarafa/ssl/server.crt | ||
- | ... | ||
- | </file> | ||
- | |||
- | |||
- | <file ini /etc/sysconfig/apache2> | ||
- | ... | ||
- | APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif ssl suexec userdir php5 proxy headers rewrite" | ||
- | ... | ||
- | </file> | ||
- | |||
- | <file ini /etc/apache2/listen.conf> | ||
- | Listen 443 | ||
- | Listen 80 | ||
- | |||
- | NameVirtualHost *:443 | ||
- | </file> | ||
- | |||
- | <file ini /etc/apache2/vhosts.d/zarafa.conf> | ||
- | <VirtualHost *:443> | ||
- | DocumentRoot "/srv/www/htdocs" | ||
- | ServerName mail.bgweiz.at:443 | ||
- | ServerAdmin webmaster@bgweiz.at | ||
- | ErrorLog /var/log/apache2/bgweiz.at-ssl-error_log | ||
- | TransferLog /var/log/apache2/bgweiz.at-ssl-access_log | ||
- | |||
- | SSLEngine on | ||
- | SSLProtocol all -SSLv2 | ||
- | SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM | ||
- | |||
- | SSLCertificateFile /etc/apache2/ssl/server.crt | ||
- | SSLCertificateKeyFile /etc/apache2/ssl/server.key | ||
- | SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem | ||
- | SSLCACertificateFile /etc/apache2/ssl/ca.pem | ||
- | SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown | ||
- | CustomLog /var/log/apache2/bgweiz.at-ssl-custom_log \ | ||
- | "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" | ||
- | |||
- | RewriteEngine On | ||
- | RewriteCond %{SERVER_PORT} 80 | ||
- | RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L] | ||
- | </VirtualHost> | ||
- | </file> | ||
- | |||
- | <file ini /etc/apache2/conf.d/zarafa-webaccess.conf> | ||
- | Alias /webaccess /usr/share/zarafa-webaccess | ||
- | |||
- | RewriteEngine On | ||
- | RewriteCond %{SERVER_PORT} 80 | ||
- | RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L] | ||
- | |||
- | <Directory /usr/share/zarafa-webaccess/> | ||
- | DirectoryIndex index.php | ||
- | Options -Indexes +FollowSymLinks | ||
- | AllowOverride Options | ||
- | |||
- | Order allow,deny | ||
- | Allow from all | ||
- | </Directory> | ||
- | </file> | ||
- | |||
- | <file ini /etc/apache2/conf.d/z-push.conf> | ||
- | Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php | ||
- | |||
- | RewriteEngine On | ||
- | RewriteCond %{SERVER_PORT} 80 | ||
- | RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L] | ||
- | |||
- | <Directory /usr/share/z-push/> | ||
- | DirectoryIndex index.php | ||
- | Options -Indexes +FollowSymLinks | ||
- | AllowOverride Options | ||
- | |||
- | Order allow,deny | ||
- | Allow from all | ||
- | </Directory> | ||
- | </file> | ||
- | |||
- | cd /raid/zarafa | ||
- | wget http://zarafa-deutschland.de/z-push-download/final/2.0/z-push-2.0.5-1541.tar.gz | ||
- | tar xvfz z-push-2.0.5-1541.tar.gz | ||
- | cp -av z-push-2.0.5-1541 /usr/share/z-push | ||
- | chown -R wwwrun:www /usr/share/z-push/ | ||
- | |||
- | <file ini /usr/share/z-push/.htaccess> | ||
- | php_flag magic_quotes_gpc off | ||
- | php_flag register_globals off | ||
- | php_flag magic_quotes_runtime off | ||
- | php_flag short_open_tag on | ||
- | </file> | ||
- | |||
- | <file php /usr/share/z-push/config.php> | ||
- | ... | ||
- | define('TIMEZONE', 'Europe/Vienna'); | ||
- | ... | ||
- | </file> | ||
- | |||
- | <file ini /srv/www/htdocs/.htaccess> | ||
- | RewriteEngine On | ||
- | RewriteCond %{SERVER_PORT} 80 | ||
- | RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L] | ||
- | </file> | ||
- | |||
- | <file php /srv/www/htdocs/index.php> | ||
- | <?php | ||
- | header("Location: /webaccess"); | ||
- | ?> | ||
- | </file> | ||
- | |||
- | mkdir /var/log/z-push/ | ||
- | chown -R wwwrun:www /var/log/z-push/ | ||
- | mkdir /var/lib/z-push/ | ||
- | chmod 777 /var/lib/z-push/ | ||
- | |||
- | /etc/init.d/apache2 restart | ||
- | /etc/init.d/zarafa-gateway restart | ||
- | /etc/init.d/zarafa-server restart | ||
- | |||
===== Dienstag - Abendprogramm ===== | ===== Dienstag - Abendprogramm ===== | ||