TipsMake.com - The eBox Platform is one of the open source server systems for small and medium-sized companies and businesses, allowing administrators to capture, control and manage network services such as firewalls. , DHCP, DNS, VPN, proxy, IDS, mail, file sharing and printers, VoIP, IM . Besides, these features are tightly linked, automatically backed up, avoid risks and save time, cost of the administrator.
In the following article, TipsMake.com will introduce you how to use eBox as Windows Primary Domain Controller. And when finished, you can also use eBox Platform 1.2 for users and manage shared resources on Windows domain systems.
Install eBox server
The installation process can be done in two different ways:
Using the eBox Platform Installer (recommended)
Based on Ubuntu LTS Server Edition system available
In the second case, you need to add the eBox Platform PPA repositories to the source list and then install the packages as usual.
The eBox Platform installer is based on the Ubuntu installer platform, which you can refer to in this article.
When the basic installation is finished, the system will restart and start the main installation. First is the mode (basic and advanced), in this article we choose simple - simple:
Then you will get the list of suitable software. And in this case we choose Office that contains all the necessary components for PDC. However, users can still change, add or remove these options in the following steps:
Installation process begins:
When finished, you will have to enter any password to access the eBox Platform via the web interface:
Confirm password again:
The installer will try to set up and customize some components with basic parameters. First, the application will ask you if there are any external connections - external (not on the local network). Strict policies for external traffic to the network system will be applied, depending on the server's role:
Next, the program will ask for the default mail virtual domain name value. In this article, we do not use an email server, so enter any name you like:
When answering all the following questions, each module you install will be pre-set:
Once completed, the program will give a notice of address to access the eBox Platform web interface:
Login with web interface
After completing the above steps, the user is ready to log into the system via the web interface. Enter the address provided in the previous step (here is https://10.0.2.15 ):
Enter the admin password you declared in the installation step above. This is the general page of the eBox:
Enable or disable the module
The next step is to turn off the modules that are not really needed with the PDC server. To do this, select the Status Module in the left menu bar, which will list the installed eBox modules and checkboxes to enable or disable the corresponding modules:
In the default installation mode, all of these modules are in the active state. Some essential modules for PDC server system:
Network
Logs
Users and Groups
File Sharing
Printers
Antivirus
Create a group
For the convenience of management, you should create and divide user groups in the domain. To create a group, select Groups -> Add group . Enter the group name and brief description:
After this step, you will be redirected to the Edit group page to set, change, add or delete group properties. In this article, we create an IT group.
Create user account
In the left menu bar, select Users -> Add user . A sample form will appear to add user accounts, including the following fields:
User name
First name
Last name
Comment
Password and Retype password
Group
Here we will create an account with the name pdcadmin, other information at will. Once created, you will automatically be redirected to the Edit user page. Here, the administrator can activate, turn off the account, have access to the system or not, have administrative rights or not:
General settings in PDC
To adjust file sharing settings, in the left menu select File sharing. In the General settings tab, check the Enable PDC box to enable the PDC feature. Or you can change the default domain name value to a name that matches the manager's needs and ideas. Here, we will use the ebox name as the domain name, or change the netbios name - this parameter is used to identify the server when using the netbios address. And of course, this name is not the same as the domain name, where we will use the ebox-server name as the netbios name value.
Set PDC password customization policy
Domain administrators often apply strict policies to passwords because users do not pay much attention to this issue, 1 is to leave the password too short, 2 is too easy to remember and guess, 3 is the person Use not often change the password.
The first field is Password Length , the minimum number of characters allowed is 8.
Next is Maximum Password Age , set this value to 180 days to make sure the user has to change the password at least twice a year.
The last field is Enforce password history, this feature is to force users to never reuse the old password for the second time. Here we set a value of 5, meaning that the last 5 passwords cannot be reused.
Save changes
If you pay close attention, you will see a small Save changes button on the right on the top of the work window, if you have not applied the changes, the button will be red, otherwise green.
Add computer to PDC
Now that we have a stable PDC server system, we will proceed to add computers to the domain system. To do this, we need to know the domain name in use, the username and password of the user account with administrative rights. Here is the account pdcadmin.
Component computers want to add the domain system to the same network and have CIFS Windows compatibility capabilities (eg Windows XP Professional). The eBox surface connected to this network is not marked as an external network - external. In this article, assume that you are using Windows XP Professional operating system.
Log in to the Windows operating system, select My PC -> Properties , change the properties needed to join the new domain:
In the next window, enter the domain name to join (here is the ebox) and click OK :
A small login window appears, you must log in with an account with administrative rights:
If you perform all of the above steps correctly, a screen welcomes you to join the new domain. After joining, you must restart the computer, and then log in normally as a member of that domain:
If you need more references about the process of adding any computer to an existing domain, you can refer to Microsoft documentation here.
Set sharing properties
Now, we have a domain with separate user accounts, groups and computers. Next, we will proceed to add file sharing service among different users. And there are 3 sharing services in eBox:
Users home directory shares : are automatically created for each user, automatically activated with the user as a shared map with the character defined in the General Settings tab. And only this user can connect to the root share folder.
Groups shares : not automatically created, you need to set this attribute in the Edit Group section, and name this attribute. And all of the groups are granted access to this shared item, and of course cannot change, add, or delete shared data in this section.
General shares : eBox allows us to define, create shared items with access to access controls lists - ACL
To illustrate this feature, we will create the document sharing folder of the IT team, and all members of the IT team can read the document, pdcadmin account will have full decentralization rights for the the rest.
To create a sharing service, select the Shares tab in the File sharing menu. Here, we will see the shared list, select Add new to start. The first parameter in this window allows the system to enable or disable sharing mode, Share name to name (here is IT documentation), comment to comment on this sharing item (eg Documentation and knowledge base for the IT department). Finally, the path to share data on the server, there are 2 options under Directory under eBox or File path (look at this example we choose Directory under eBox and name the folder itdoc)
After initializing, we need to choose the correct ACLs. To do this, scroll to the shared list, find the right row and click the Access Control field.
Apply Antivirus method on shared data
eBox has a mechanism to scan shared data files to detect viruses. The review process is conducted when the data is written, accessed and make sure that the shared data has been checked by the security program. If a file is found to be infected, it will immediately be quarantined in the ebox-quarantine folder that only users with administrative rights can access:
Access the shared folder
Above we created the shared folder, now we will have to access them from elsewhere in the system. When logging in to a domain computer, users can access resources in the system through the Entire network window, using the My PC -> Network Place link and select Other places item on the left. :
Then select the server eBox :
Besides, the user's root share folder will also point to the virtual drive with the character defined in the PDC section. On GNU / Linux systems you can use the smbclient application to access these shared resources.
Create a login code
eBox supports the use of Windows logon script. These scripts will be loaded and executed each time the user logs in to the domain system. When writing code, it must be very careful, because with Windows computer systems with statements written in DOS order. To ensure users can do this in a Windows environment, you should use the flip tool of Unix to switch between formats.
When you have completed this code, you need to save it as logon.bat in the / home / samba / netlogon directory on the server eBox.
This is the code used in the article, which automatically accesses timetable shared folders on the Y drive:
# contents of logon.bat search server
# map timetable share
echo "Timetable Mapping share to drive Y: ."
net use y: ebox-servertimetable
Good luck!