Commit ed048c2b authored by Martin Muller's avatar Martin Muller

Save progress

parent e1c37c7d
......@@ -59,7 +59,7 @@ typings/
public
# Mac files
.DS_Store
*.DS_Store
# Yarn
yarn-error.log
......
......@@ -6,18 +6,18 @@ docker-compose up kerberos
2) copy certs and keytab files. You will need them for configuring Alfresco and Share
```
docker cp docker-kerberos_kerberos_1:/var/lib/samba/private/httpdms2.keytab ~/Downloads
docker cp docker-kerberos_kerberos_1:/var/lib/samba/private/cifsdms.keytab ~/Downloads
docker cp docker-kerberos_kerberos_1:/httpdms2.keytab ~/Downloads
docker cp docker-kerberos_kerberos_1:/cifsdms.keytab ~/Downloads
docker cp docker-kerberos_kerberos_1:/var/lib/samba/private/tls/ca.pem ~/Downloads
docker cp docker-kerberos_kerberos_1:/var/lib/samba/private/tls/cert.pem ~/Downloads
docker cp docker-kerberos_kerberos_1:/var/lib/samba/private/tls/key.pem ~/Downloads
docker cp docker-kerberos_kerberos_1:/usr/local/samba/private/tls/ca.pem ~/Downloads
docker cp docker-kerberos_kerberos_1:/usr/local/samba/private/tls/cert.pem ~/Downloads
docker cp docker-kerberos_kerberos_1:/usr/local/samba/private/tls/key.pem ~/Downloads
```
if the keytab files don't exist create them in the kerberos container (id=docker-kerberos_kerberos_1) with
```
cd /var/lib/samba/private
samba-tool domain exportkeytab httpdms2.keytab --principal=http/dms.keensoft.local
cd /usr/local/samba/private
samba-tool domain exportkeytab httpdms2.keytab --principal=HTTP/dms.keensoft.local
samba-tool domain exportkeytab cifsdms.keytab --principal=cifs/dms
```
......@@ -26,7 +26,14 @@ Put ca.pem cert.pem key.pem files in alfresco/assets/kerberos/certs and share/as
4) Start all the other containers:
```
docker-compose up openldap phpldapadmin alfresco share httpd db solr6 libreoffice
docker-compose up alfresco share httpd db solr6 libreoffice
```
# Samba
## Create user
eg.:
```
samba-tool user create user1 M@rtinmartin --given-name=user1 --surname=user1 --mail-address=user1@alfresco.com --login-shell=/bin/bash
```
# Thanks
......
......@@ -84,43 +84,79 @@ solr.port=8983
solr.port.ssl=8443
solr.secureComms=none
passthru.authentication.servers=dev-win2008.oficina.keensoft.es
alfresco.authentication.authenticateCIFS=false
ldap.authentication.active=false
authentication.chain=alfinst:alfrescoNtlm,passthru1:passthru,kerberos1:kerberos,ldap1:ldap-ad
# passthru.authentication.servers=dev-win2008.oficina.keensoft.es
# alfresco.authentication.authenticateCIFS=false
# ldap.authentication.active=false
# authentication.chain=alfinst:alfrescoNtlm,passthru1:passthru,kerberos1:kerberos,ldap1:ldap-ad
# authentication.chain=alfinst:alfrescoNtlm,passthru1:passthru,kerberos1:kerberos
# authentication.chain=alfrescoKerb1:kerberos
# authentication.chain=alfinst:alfrescoNtlm
authentication.chain=alfrescoKerb1:kerberos
kerberos.authentication.realm=KEENSOFT.LOCAL
kerberos.authentication.sso.enabled=true
kerberos.authentication.browser.ticketLogons=true
kerberos.authentication.authenticateCIFS=true
kerberos.authentication.user.configEntryName=Alfresco
kerberos.authentication.defaultAdministratorUserNames=admin
kerberos.authentication.defaultAdministratorUserNames=Administrator,httpauth-ker-w2k12,cifsauth-ker-w2k12
kerberos.authentication.cifs.configEntryName=AlfrescoCIFS
kerberos.authentication.cifs.password=M@rtinmartin
kerberos.authentication.http.configEntryName=AlfrescoHTTP
kerberos.authentication.http.password=M@rtinmartin
kerberos.authentication.sso.enabled=true
ldap.authentication.active=false
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@KEENSOFT.LOCAL
# ldap.authentication.userNameFormat=uid=%s,dc=keensoft,dc=es
# ldap.authentication.java.naming.provider.url=ldap://openldap:389
ldap.authentication.java.naming.provider.url=ldaps://dev-win2008.oficina.keensoft.es:389
ldap.synchronization.java.naming.security.principal=ldapsync@keensoft.local
ldap.synchronization.java.naming.security.credentials=M@rtinmartin
#ldap.synchronization.active=true
ldap.synchronization.active=false
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(memberOf\:1.2.840.113556.1.4.1941\:\=CN\=BNEUsers,OU\=Groups,OU\=BNE,DC\=keensoft,DC\=local))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(memberOf\:1.2.840.113556.1.4.1941\:\=CN\=BNEUsers,OU\=Groups,OU\=BNE,DC\=keensoft,DC\=local))
ldap.synchronization.userSearchBase=CN\=Users,DC\=keensoft,DC\=local
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
synchronization.autoCreatePeopleOnLogin=false
synchronization.import.cron=0 0/15 * * * ?
synchronization.syncOnStartup=true
ldap.synchronization.groupQuery=(&(objectclass\=group)(memberOf\:1.2.840.113556.1.4.1941\:\=CN\=BNEGroups,OU\=Groups,OU\=BNE,DC\=keensoft,DC\=local))
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(memberOf\:1.2.840.113556.1.4.1941\:\=CN\=BNEGroups,OU\=Groups,OU\=BNE,DC\=keensoft,DC\=local))
ldap.synchronization.groupSearchBase=CN\=Users,DC\=keensoft,DC\=local
\ No newline at end of file
kerberos.authentication.stripUsernameSuffix=true
# ntlm.authentication.sso.enabled=false
# kerberos.authentication.sso.enabled=true
# kerberos.authentication.realm=KEENSOFT.LOCAL
# kerberos.authentication.user.configEntryName=Alfresco
# kerberos.authentication.defaultAdministratorUserNames=admin
# kerberos.authentication.cifs.configEntryName=AlfrescoCIFS
# kerberos.authentication.cifs.password=M@rtinmartin
# kerberos.authentication.http.configEntryName=AlfrescoHTTP
# kerberos.authentication.http.password=M@rtinmartin
# kerberos.authentication.browser.ticketLogons=true
# kerberos.authentication.sso.fallback.enabled=false
# kerberos.authentication.stripUsernameSuffix=true
# kerberos.authentication.sso.enabled=true
# kerberos.authentication.defaultAdministratorUserNames=ppppp
# kerberos.authentication.user.configEntryName=Alfresco
# kerberos.authentication.cifs.configEntryName=AlfrescoCIFS
# kerberos.authentication.cifs.password=***
# kerberos.authentication.http.configEntryName=AlfrescoHTTP
# kerberos.authentication.http.password=***
# kerberos.authentication.authenticateCIFS=true
# kerberos.authentication.realm=COMP.COM
# kerberos.authentication.stripUsernameSuffix=true
# kerberos.authentication.browser.ticketLogons=true
# kerberos.authentication.sso.fallback.enabled=false
# ldap.authentication.active=false
# ldap.authentication.allowGuestLogin=false
# ldap.authentication.userNameFormat=%s@KEENSOFT.LOCAL
# # ldap.authentication.userNameFormat=uid=%s,dc=keensoft,dc=es
# # ldap.authentication.java.naming.provider.url=ldap://openldap:389
# ldap.authentication.java.naming.provider.url=ldaps://dev-win2008.oficina.keensoft.es:389
# ldap.synchronization.java.naming.security.principal=ldapsync@keensoft.local
# ldap.synchronization.java.naming.security.credentials=M@rtinmartin
# #ldap.synchronization.active=true
# ldap.synchronization.active=false
# ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(memberOf\:1.2.840.113556.1.4.1941\:\=CN\=BNEUsers,OU\=Groups,OU\=BNE,DC\=keensoft,DC\=local))
# ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(memberOf\:1.2.840.113556.1.4.1941\:\=CN\=BNEUsers,OU\=Groups,OU\=BNE,DC\=keensoft,DC\=local))
# ldap.synchronization.userSearchBase=CN\=Users,DC\=keensoft,DC\=local
# ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
# ldap.synchronization.userIdAttributeName=sAMAccountName
# synchronization.autoCreatePeopleOnLogin=false
# synchronization.import.cron=0 0/15 * * * ?
# synchronization.syncOnStartup=true
# ldap.synchronization.groupQuery=(&(objectclass\=group)(memberOf\:1.2.840.113556.1.4.1941\:\=CN\=BNEGroups,OU\=Groups,OU\=BNE,DC\=keensoft,DC\=local))
# ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(memberOf\:1.2.840.113556.1.4.1941\:\=CN\=BNEGroups,OU\=Groups,OU\=BNE,DC\=keensoft,DC\=local))
# ldap.synchronization.groupSearchBase=CN\=Users,DC\=keensoft,DC\=local
\ No newline at end of file
log4j.logger.sun.security.krb5.*=debug
log4j.logger.org.alfresco.web.app.servlet.KerberosAuthenticationFilter=debug
log4j.logger.org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter=debug
log4j.logger.org.alfresco.web.site.servlet.SSOAuthenticationFilter=debug
og4j.logger.org.alfresco.repo.web.scripts.RepositoryContainer=debug
log4j.logger.org.alfresco.repo.transaction.*=debug
log4j.logger.org.alfresco.repo.web.scripts.*=debug
log4j.logger.org.springframework.extensions.webscripts.servlet.*=debug
# log4j.logger.org.alfresco.web.*=debug
# log4j.logger.org.alfresco.repo.*=debug
# log4j.logger.org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter=debug
# log4j.logger.org.alfresco.web.site.servlet.SSOAuthenticationFilter=debug
# log4j.logger.org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter=debug
# log4j.logger.org.alfresco.repo.web.scripts.RepositoryContainer=debug
# log4j.logger.org.alfresco.repo.transaction.*=debug
# log4j.logger.org.alfresco.repo.web.scripts.*=debug
# log4j.logger.org.springframework.extensions.webscripts.servlet.*=debug
\ No newline at end of file
......@@ -35,6 +35,19 @@ services:
SAMBA_REALM: KEENSOFT.LOCAL
SAMBA_ADMIN_PASSWORD: M@rtinmartin
KERBEROS_PASSWORD: M@rtinmartin
ports:
- 22:22
- 53:53
- 88:88
- 135:135
- 139:139
- 138:138
- 389:389
- 445:445
- 464:464
- 749:749
- 3268:3268
- 3269:3269
volumes:
- "./alfresco/assets/kerberos/krb5.conf:/etc/krb5.conf"
- "./named.conf:/etc/named.conf"
......@@ -53,7 +66,7 @@ services:
# - openldap
ports:
- 9999:9999
- 8082:8080
# - 8080:8080
environment:
- LANG=en_US.utf8
# extra_hosts:
......@@ -64,7 +77,7 @@ services:
- kerberos:dev-win2008.oficina.keensoft.es
build: ./share
ports:
- 8081:8080
- 8080:8080
httpd:
build: ./httpd
......
......@@ -149,6 +149,6 @@ ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY entrypoint.sh /entrypoint.sh
RUN chmod 755 /entrypoint.sh
VOLUME ["/etc/samba", "/var/lib/samba", "/var/run/samba"]
EXPOSE 22 53 389 88 135 139 138 389 445 464 3268 3269
EXPOSE 22 53 88 135 139 138 389 445 464 749 3268 3269
ENTRYPOINT ["/entrypoint.sh"]
CMD ["app:start"]
\ No newline at end of file
FROM centos:7
MAINTAINER Martin Mueller <damadden88@googlemail.com>
ARG SAMBA_VERSION=4.10.4
ARG DEBIAN_FRONTEND=noninteractive
RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
RUN dpkg-reconfigure debconf
RUN sudo apt-get install -y -q
# ENV PYTHON=python2
RUN set -xueo pipefail
RUN yum update -y
RUN yum install -y epel-release
RUN yum update -y
# RUN echo 'cachedir=/var/cache/yum' >> /etc/yum.conf
RUN apt-get install dialog apt-utils expect -y
RUN DEBIAN_FRONTEND=noninteractive yum install -y \
"@Development Tools" \
acl \
attr \
autoconf \
avahi-devel \
bind-utils \
binutils \
bison \
cups-devel \
curl \
dbus-devel \
docbook-dtds \
docbook-style-xsl \
flex \
gawk \
gcc \
gdb \
git \
glib2-devel \
glibc-common \
gnutls \
gnutls-devel \
gpgme-devel \
gzip \
hostname \
htop \
jansson-devel \
keyutils-libs-devel \
krb5-devel \
krb5-server \
lcov \
libacl-devel \
libaio-devel \
libarchive-devel \
libattr-devel \
libblkid-devel \
libbsd-devel \
libcap-devel \
libicu-devel \
libnsl2-devel \
libpcap-devel \
libsemanage-python \
libtasn1-devel \
libtasn1-tools \
libtirpc-devel \
libunwind-devel \
libuuid-devel \
libxslt \
lmdb \
lmdb-devel \
make \
mingw64-gcc \
ncurses-devel \
nettle-devel \
openldap-devel \
pam-devel \
patch \
perl-Archive-Tar \
perl-ExtUtils-MakeMaker \
perl-JSON-Parse \
perl-Parse-Yapp \
perl-Test-Base \
perl-core \
perl-generators \
perl-interpreter \
pkgconfig \
policycoreutils-python \
popt-devel \
procps-ng \
psmisc \
pygpgme \
python-crypto \
python-devel \
python-dns \
python-markdown \
python36 \
python36-crypto \
python36-devel \
python36-dns \
python36-markdown \
quota-devel \
readline-devel \
redhat-lsb \
rng-tools \
rpcgen \
rsync \
sed \
sudo \
systemd-devel \
tar \
tree \
which \
xfsprogs-devel \
yum-utils \
zlib-devel
RUN yum clean all
RUN if [ ! -f /usr/bin/python3 ]; then ln -sf /usr/bin/python3.6 /usr/bin/python3; fi
# Install samba with MIT Kerberos support
ADD https://download.samba.org/pub/samba/stable/samba-$SAMBA_VERSION.tar.gz samba-$SAMBA_VERSION.tar.gz
RUN tar -zxf samba-$SAMBA_VERSION.tar.gz ; cd samba-$SAMBA_VERSION ; ./configure --with-system-mitkrb5 --with-experimental-mit-ad-dc; make; make install
RUN rm /etc/samba/smb.conf
# ADD src/dcpromo.py /usr/local/bin/dcpromo.py
RUN mkdir /run/sshd
ADD kdb5_util_create.expect kdb5_util_create.expect
ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY entrypoint.sh /entrypoint.sh
RUN chmod 755 /entrypoint.sh
VOLUME ["/etc/samba", "/var/lib/samba", "/var/run/samba"]
EXPOSE 22 53 389 88 135 139 138 389 445 464 3268 3269
ENTRYPOINT ["/entrypoint.sh"]
CMD ["app:start"]
\ No newline at end of file
FROM debian:9
MAINTAINER Martin Mueller <damadden88@googlemail.com>
ARG SAMBA_VERSION=4.10.4
# RUN set -xueo pipefail
RUN export DEBIAN_FRONTEND=noninteractive
RUN apt-get -y update
RUN apt-get -y install \
acl \
apt-utils \
attr \
autoconf \
bind9utils \
binutils \
bison \
build-essential \
curl \
debhelper \
dnsutils \
docbook-xml \
docbook-xsl \
flex \
gcc \
gdb \
git \
glusterfs-common \
gzip \
hostname \
htop \
krb5-config \
krb5-kdc \
krb5-user \
lcov \
libacl1-dev \
libaio-dev \
libarchive-dev \
libattr1-dev \
libavahi-common-dev \
libblkid-dev \
libbsd-dev \
libcap-dev \
libcephfs-dev \
libcups2-dev \
libdbus-1-dev \
libglib2.0-dev \
libgnutls28-dev \
libgpgme11-dev \
libicu-dev \
libjansson-dev \
libjs-jquery \
libjson-perl \
libkrb5-dev \
libldap2-dev \
liblmdb-dev \
libncurses5-dev \
libpam0g-dev \
libparse-yapp-perl \
libpcap-dev \
libpopt-dev \
libreadline-dev \
libsystemd-dev \
libtasn1-bin \
libtasn1-dev \
libunwind-dev \
lmdb-utils \
locales \
lsb-release \
make \
mawk \
mingw-w64 \
nettle-dev \
patch \
perl \
perl-modules \
pkg-config \
procps \
psmisc \
python-crypto \
python-dbg \
python-dev \
python-dnspython \
python-gpg \
python-iso8601 \
python-markdown \
python-pexpect \
python3 \
python3-crypto \
python3-dbg \
python3-dev \
python3-dnspython \
python3-gpg \
python3-iso8601 \
python3-markdown \
python3-matplotlib \
python3-pexpect \
rng-tools \
rsync \
sed \
sudo \
tar \
tree \
uuid-dev \
xfslibs-dev \
xsltproc \
zlib1g-dev
RUN apt-get -y autoremove
RUN apt-get -y autoclean
RUN apt-get -y clean
# Install samba with MIT Kerberos support
ADD https://download.samba.org/pub/samba/stable/samba-$SAMBA_VERSION.tar.gz samba-$SAMBA_VERSION.tar.gz
RUN tar -zxf samba-$SAMBA_VERSION.tar.gz ; cd samba-$SAMBA_VERSION ; ./configure --with-system-mitkrb5 --with-experimental-mit-ad-dc; make; make install
RUN rm /etc/samba/smb.conf
# ADD src/dcpromo.py /usr/local/bin/dcpromo.py
RUN mkdir /run/sshd
ADD kdb5_util_create.expect kdb5_util_create.expect
ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY entrypoint.sh /entrypoint.sh
RUN chmod 755 /entrypoint.sh
VOLUME ["/etc/samba", "/var/lib/samba", "/var/run/samba"]
EXPOSE 22 53 389 88 135 139 138 389 445 464 3268 3269
ENTRYPOINT ["/entrypoint.sh"]
CMD ["app:start"]
\ No newline at end of file
......@@ -42,16 +42,16 @@ appSetup () {
# smbd -b | grep HAVE_LIBKADM5SRV_MIT HAVE_LIBKADM5SRV_MIT
echo "creating user http cifs"
samba-tool user create http/dms.keensoft.local M@rtinmartin
samba-tool user create cifs/dms M@rtinmartin
samba-tool user create httpauth-ker-w2k12 M@rtinmartin
samba-tool user create cifsauth-ker-w2k12 M@rtinmartin
samba-tool spn add HTTP/dms.keensoft.local@KEENSOFT.LOCAL http/dms.keensoft.local
samba-tool spn add HTTP/dms.keensoft.local.KEENSOFT.LOCAL http/dms.keensoft.local
samba-tool spn add HTTP/dms.keensoft.local http/dms.keensoft.local
samba-tool spn add HTTP/dms.keensoft.local@KEENSOFT.LOCAL httpauth-ker-w2k12
samba-tool spn add HTTP/dms.keensoft.local.KEENSOFT.LOCAL httpauth-ker-w2k12
samba-tool spn add HTTP/dms.keensoft.local httpauth-ker-w2k12
samba-tool spn add cifs/dms@KEENSOFT.LOCAL cifs/dms
samba-tool spn add cifs/dms.KEENSOFT.LOCAL cifs/dms
samba-tool spn add cifs/dms cifs/dms
samba-tool spn add cifs/dms@KEENSOFT.LOCAL cifsauth-ker-w2k12
samba-tool spn add cifs/dms.KEENSOFT.LOCAL cifsauth-ker-w2k12
samba-tool spn add cifs/dms cifsauth-ker-w2k12
# cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
if [ "${LDAP_ALLOW_INSECURE,,}" == "true" ]; then
......
......@@ -10,5 +10,5 @@ nodaemon=true
[program:samba]
command=/usr/local/samba/sbin/samba -i
[program:syslog]
command=/usr/sbin/rsyslogd -n
# [program:syslog]
# command=/usr/sbin/rsyslogd -n
......@@ -40,7 +40,7 @@
[realms]
KEENSOFT.LOCAL = {
kdc = dev-win2008.oficina.keensoft.es
kdc = dev-win2008.oficina.keensoft.es:88
admin_server = dev-win2008.oficina.keensoft.es
default_domain = KEENSOFT.LOCAL
}
......
......@@ -330,7 +330,7 @@
Service Principal Name to use on the repository tier.
This must be like: HTTP/host.name@REALM
-->
<endpoint-spn>http/dms.keensoft.local@KEENSOFT.LOCAL</endpoint-spn>
<endpoint-spn>HTTP/dms.keensoft.local@KEENSOFT.LOCAL</endpoint-spn>
<!--
JAAS login configuration entry name.
-->
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment