General discussion on installation and configuration of SOGo

Text archives Help

Re: [SOGo] Outlook question . . .

Chronological Thread 
  • From: Steve Ankeny < >
  • To:
  • Subject: Re: [SOGo] Outlook question . . .
  • Date: Sat, 26 Sep 2015 09:26:03 -0400

On 09/25/2015 08:38 PM, Ludovic Marcotte wrote:
On 25/09/2015 15:40, Steve Ankeny wrote:
(1) What are the differences between Ubuntu Samba 4.1.6 and Inverse Samba 4.1.18 in terms of libraries? Could there be some library or package from 4.1.6 which if removed would cause 4.1.18 to work properly?

It seems to me this might be the source of my problems, as I originally installed 4.1.6
If you use our repository for Samba packages, all should be up-to-date. Here is the bash Samba/OpenChancge function used in the script to prepare the ZEG:

function setupSambaOpenChange {
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak || true

apt-get -y install samba openchangeserver sogo-openchange \
openchangeproxy python-ocsmanager openchange-ocsmanager openchange-rpcproxy python-sievelib python-spyne python-rpclib python-mysqldb

ln -s /etc/apache2/conf.d/ocsmanager.conf /etc/apache2/conf-available/ocsmanager.conf
ln -s /etc/apache2/conf.d/rpcproxy.conf /etc/apache2/conf-available/rpcproxy.conf
cat >/etc/apache2/conf.d/rpcproxy.conf <<EOF
KeepAliveTimeout 120

WSGILazyInitialization On
WSGIPythonPath /usr/lib/openchange/web/rpcproxy

<Directory /usr/lib/openchange/web/rpcproxy/>
<IfVersion < 2.4>
Order deny,allow
Allow from all
<IfVersion >= 2.4>
Require all granted

SetEnv NTLMAUTHHANDLER_WORKDIR /var/cache/ntlmauthhandler
WSGIPassAuthorization On
WSGIProcessGroup %{GLOBAL}

WSGIScriptAlias /rpc/rpcproxy.dll /usr/lib/openchange/web/rpcproxy/rpcproxy.wsgi
WSGIScriptAlias /rpcwithcert/rpcproxy.dll /usr/lib/openchange/web/rpcproxy/rpcproxy.wsgi

My 'rpcproxy.conf' was not EXACTLY the same as here, but I've changed it.

It was missing the 'IfVersion' lines and specifically, 'Order, deny,allow' 'Allow from all'

THAT may or may not make a difference but I've modified mine to match your script.

# ocsmanager
cat >/etc/ocsmanager/ocsmanager.ini <<EOF
debug = true
email_to =

smtp_server = localhost
error_email_from = paste@localhost

auth = ldap
mapistore_root = /var/lib/samba/private
mapistore_data = /var/lib/samba/private/mapistore
debug = yes


host = ldap://
port = 389
bind_dn = cn=administrator,cn=Users,dc=example,dc=com
bind_pw = %1OpenChange
basedn = cn=Users,dc=example,dc=com

username = openchange
password = {SSHA}I6Hy5Wv0wuxyXvMBFWFQDVVN12_CLaX9

How important is THIS password with THIS hash?

The same hash is used in the Configuration guide for 'openchange$123'

Should it not be the hash generated in MySQL for "my" password? (if I've changed it)

use = egg:Paste#http
host =
port = 5000
protocol_version = HTTP/1.1

use = egg:ocsmanager
full_stack = true
static_files = true
cache_dir = %(here)s/data
beaker.session.key = ocsmanager
beaker.session.secret = SDyKK3dKyDgW0mlpqttTMGU1f
app_instance_uuid = {ee533ebc-f266-49d1-ae10-d017ee6aa98c}
NTLMAUTHHANDLER_WORKDIR = /var/cache/ntlmauthhandler

host = localhost
port = 389
basedn = CN=Users,DC=example,DC=com

set debug = true


enabled = true


sieve_script_path = /var/vmail/\$domain/\$user/sieve-script

My line reads 'sieve_script_path = /var/vmail/$domain/$user/sieve-script'

The example in the Configuration guide does not include the back slashes.

How important are the back slashes? I will modify mine and test it.

sieve_script_path_mkdir = false

secret = secret

keys = root

keys = console

keys = generic

level = INFO
handlers = console

class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic

format = %(asctime)s %(levelname)-5.5s [%(name)s] [%(threadName)s] %(message)s

# enable modules
a2enconf rpcproxy
a2enconf ocsmanager

# it gets better, provision will fail if smb.conf exists
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak || true
rm -rf /var/lib/samba/private/* || true

samba-tool domain provision --realm=$DOMAINNAME.$TLD \
--adminpass='%1OpenChange' \
--server-role='domain controller'

samba-tool user setexpiry administrator --noexpiry

cat >/etc/samba/smb.conf <<EOF
# Global parameters
server role = active directory domain controller
netbios name = sogo
passdb backend = samba4
dns forwarder =

### Configuration required by OpenChange server ###
dsdb:schema update allowed = true
dcerpc endpoint servers = epmapper, mapiproxy, dnsserver

Again, the Configuration guide lists ONLY 'dcerpc endpoint servers = +epmapper, +mapiproxy'

I have been using 'dcerpc endpoint servers = +mapiproxy'

How important are these DCERPC calls when Samba AD includes 'epmapper' & 'dnsserver' natively?

adam@sogo:~$ samba-tool testparm -v | grep 'dcerpc endpoint servers'

dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver

It is my understanding that invoking 'epmapper' & 'dnsserver' through DCERPC calls disables --

wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey

Are we sure we want to "turn off" those endpoint servers?

dcerpc_mapiproxy:server = true
dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, exchange_ds_rfr

mapistore:namedproperties = mysql
namedproperties:mysql_user = openchange-user
namedproperties:mysql_pass = openchange123
namedproperties:mysql_host = localhost
namedproperties:mysql_db = openchange

HERE the OpenChange password is 'openchange123' See the discussion above on password & hash.

mapistore:indexing_backend = mysql://openchange-user:openchange123@localhost/openchange
mapiproxy:openchangedb = mysql://openchange-user:openchange123@localhost/openchange
### Configuration required by OpenChange server ###

path = /var/lib/samba/sysvol/$DOMAINNAME.$TLD/scripts
read only = No

path = /var/lib/samba/sysvol
read only = No

# sogo config link since samba is started as root
rm -rf /root/GNUstep || true
ln -s ~sogo/GNUstep /root/

I find no link of '~sogo/GNUstep' in '/root' although 'root' has access to the directory.

# OpenChange MySQL indexing db
mysql -uroot <<EOF
CREATE USER "openchange-user"@"localhost" IDENTIFIED BY "openchange123";
GRANT ALL PRIVILEGES ON openchange.* TO "openchange-user"@"localhost" WITH GRANT OPTION;

/usr/sbin/openchange_provision --standalone
/usr/sbin/openchange_provision --openchangedb --openchangedb-uri 'mysql://openchange-user:openchange123@localhost/openchange'

echo "manual" >> /etc/init/nmbd.conf
echo "manual" >> /etc/init/smbd.conf
service slapd stop
update-rc.d slapd disable
sed -i s/'start on (local-filesystems and net-device-up)'/'start on (started mysql)'/ /etc/init/samba-ad-dc.conf
start samba-ad-dc

a2enmod proxy proxy_http
/etc/init.d/apache2 restart

echo "supersede domain-name-servers;" >>/etc/dhcp/dhclient.conf

(2) Could there be an issue with '' such as was experienced in Bug 0002732?
No, that was a packaging issue only affecting RHEL-based distributions.


Archive powered by MHonArc 2.6.18.

Top of page