VORKBAARD(UIT(DE(TOEKOMST

Kapitein(Vorkbaard(to(the(rescue!

AHOY,"MAATJES!

"Solved:"Logitech"SetPoint"settings"are"lost
after"a"reboot

Make"wheel"buttons"of"Logitech"Anywhere"MX
mouse"work"in"Chromium"

Add ownCloud 6.0 to Active Directory 2012 R2

Written"on"January"1,"2014"at"15:06,"by"Kapitein"Vorkbaard

TAAL

Search"for:"

SCIFI

TECH

"

Search

Recent Posts

Im"sure"the"good"folks"at"ownCloud"will"fix"this"eventually"but"in"meanwhile"if"you"want"to"add
an"ownCloud"server"to"your"Active"Directory"2012"R2"network"here"is"how"I"got"it"to"work.

Make"wheel"buttons"of"Logitech"Anywhere
MX"mouse"work"in"Chromium
Add"ownCloud"6.0"to"Active"Directory"2012
R2
Solved:"Logitech"SetPoint"settings"are"lost
after"a"reboot
How"to"set"up"WebSVN"on"VisualSVN
Server"on"Windows"Server"2008
De"oplossing"van"het"downloaddilemma

If"you"found"this"article"you"probably"know"what"ownCloud"is."If"not:

Recent Comments

OwnCloud"is"cool"but"configuring"it"can"be"a"pain"in"the"backoffice."The"administrative
webinterface"is"scantily"documented"and"its"functionality"is"funky,"rendering"the
documentation"even"more"worthless.

OwnCloud)is)privately)hosted)cloud)storage.)Dropbox)on)your)own)server.
What"you"will"get:
"instantly)available)cloud)storage"for"selected"or"all"users"in"your"domain
"as"secure)and)private"as"you"want"it"because"you"are"hosting"it"on"your"own"servers
"free)clients"for"mobile,"desktop"and"web"users
This"solution"is"free,"easy"to"back"up"and"does"not"require"extra"hardware.
I"divided"this"article"into"nine"parts:
0."Intended"audience"and"versions"used
1."Installing"and"configuring"Oracle"VirtualBox
2."Installing"and"configuring"Debian"on"a"virtual"machine
3."Preparing"the"vm"for"ownCloud
4."Installing"ownCloud
5."Connecting"ownCloud"to"Active"Directory
6."Troubleshooting
7."Whats"next?
8."Further"reading"and"useful"resources

0."Intended"audience"and"versions"used
This"article"is"intended"for"administrators"of"relatively"small"Windows"networks"who"want"to
deploy"a"cloud"storage"solution"for"users"thats"low]cost,"low]maintenance"and"safe.
There"are"a"couple"of"good"reasons"to"run"your"own"cloud"storage:
1."You"are"not"subject"to"US"inspection.
2."Theres"no"licensing"hassle.
3."Single"sign]on"because"it"can"use"Active"Directory"for"authentication.
4."Many"businesses"block"access"to"cloud"storage"services"such"as"Dropbox"for"security"reasons.
Thats"all"good"and"well"but"users"will"find"a"way"around"it"or"an"alternative"so"its"better"to"offer
them"something"decent.
5."Extra"geek"credit"\o/
For"this"article"Ive"used"Window"Server"2012"R2"Standard"with"Active"Directory"2012"R2
functional"level."Any"other"AD"version"will"probably"also"work"but"thats"what"I"tested"it"on.
For"the"ownCloud"OS"I"used"Debian"7.3.0"i386."Dont"worry"if"youre"not"a"Linux"guru."First"of"all
none"of"us"was"born"a"Linux"guru"and"second"the"main"interface"is"ownClouds"web"interface,
not"the"Linux"command"line."While"it"is"possible"to"install"ownCloud"on"a"Windows"server"with
IIS"I"recommend"you"use"Linux."This"way"youll"keep"things"isolated,"it"wont"cost"you"a
Windows"license"and"configuring"PHP"and"MySql"projects"on"Windows"is"possible"but"a"rather
esotheric"thing"to"do.
The"OwnCloud"version"I"used"is"6.0.0a."I"recommend"to"always"check"out"the"changelog
because"ownCloud"is"under"very"active"development.
Ive"used"two"virtual"machines:
VM"1
name:"W2012R2ADDC.TESTNET.NETWERK
os:"Windows"Server"2012"R2"Standard
ip"address:"192.168.77.136
netmask:"255.255.255.0
dns:"192.168.77.136

Kapitein"Vorkbaard"on"Set"up"OpenVPN"on
pfSense"for"Windows"clients"with
certificates"and"user"authentication"via
Active"Directory"RADIUS
Ashraf"on"Set"up"OpenVPN"on"pfSense"for
Windows"clients"with"certificates"and"user
authentication"via"Active"Directory
RADIUS
Ashraf"on"Set"up"OpenVPN"on"pfSense"for
Windows"clients"with"certificates"and"user
authentication"via"Active"Directory
RADIUS
Kapitein"Vorkbaard"on"Set"up"OpenVPN"on
pfSense"for"Windows"clients"with
certificates"and"user"authentication"via
Active"Directory"RADIUS
Ashraf"on"Set"up"OpenVPN"on"pfSense"for
Windows"clients"with"certificates"and"user
authentication"via"Active"Directory
RADIUS

Archives
February"2014
January"2014
November"2013
September"2013
August"2013
July"2013
June"2013
May"2013
June"2012
May"2012

Categories
Scifi
Taal
Tech
Twitter

Meta
Log"in
Entries"RSS
Comments"RSS
WordPress.org

TWITTER

default"gw:"192.168.77.1
VM"2
name:"OWNCLOUD.TESTNET.NETWERK
os:"Debian"7.3.0"i386
ip"address:"192.168.77.130
netmask:"255.255.255.0
dns:"192.168.77.136
default"gw:"192.168.77.1
Im"assuming"since"youre"reading"this"that"you"know"how"to"set"up"Active"Directory"so"I"havent
described"that."If"you"arent"interested"in"working"with"Active"Directory"theres"no"point"in
continuing"reading"this"article
As"for"the"Linux"knowledgability"level"I"assume"you"have"heard"of"Debian,"ran"Ubuntu"at"least
once"and"know"where"to"find"Google."I"will"describe"in"detail"how"to"execute"the"proper
commands"but"explaining"them"all"would"take"too"much"time."If"youre"interested"in"that,"type
man"command"on"the"command"line,"where"command"is"the"command"you"want"information
on."Then"read"it.
In"Active"Directory"I"created"two"groups:"ocusers"and"Testgroup."I"also"created"four"users:
User1,"User2,"User3"and"User4.
ocusers"group"members:"User2,"User3,"Testgroup
Testgroup"group"members:"User4
As"you"can"see"users"2"and"3"are"direct"ocusers"group"members"and"User4"is"a"an"indirect"or
group"member,"or"a"member"due"to"group0nesting."Remember"this"term"as"well"be"using"it
later.

1."Installing"and"configuring"Oracle"VirtualBox
VirtualBox"is"a"so]called"level"2"hypervisor."What"this"means"is"that"it"is"a"virtual"machine
running"program"installed,"just"like"any"other"software,"on"an"operating"system."It"is"very"OS
agnostic:"it"can"be"installed"on"Windows,"Linux,"Solaris"and"OS"X."This"can"come"in"handy"when
you"migrate"to"a"different"platform"or"need"to"replace"hardware:"just"pick"up"your"vms,"install
VirtualBox"on"a"new"machine"and"youre"done."It"is"also"compatible"with"VMware"and"Hyper]V
formats"and"you"can"import"and"export"standard"appliances.
VirtualBox"is"stable,"well"documented"and"very"feature"rich"for"a"level"2"hypervisor."While"I
havent"documented"it"here"it"is"possible"(and"not"very"difficult)"to"run"a"vm"in"headless"mode:
without"a"user"interface."You"can"then"connect"to"it"remotely"via"either"RDP"(you"connect"to"the
vm"but"not"to"the"guest"OS"so"you"can"connect"to"a"non]graphical"UNIX"server"just"as"easily"as
you"could"connect"to"a"Windows"guest),"a"remote"VirtualBox"installation"or"through
conventional"means"such"as"an"MMC"or"SSH.
The"idea"is"you"install"VirtualBox"on"an"existing"server."Since"well"be"using"Debian"Linux"to
install"ownCloud"on"the"installation"wont"be"very"demanding.
Download"the"latest"version"of"Oracle"VirtualBox"from
https://www.virtualbox.org/wiki/Downloads."Install"it"and"stick"to"the"default"settings."When
youre"done,"run"it"as"administrator."Download"the"latest"VirtualBox"Extension"Pack"from"the
same"site."Start"VirtualBox"and"from"the"File"menu,"choose"Settings."Click"on"Extensions."On
the"right"side"of"the"Extension"Packages"list"click"the"upper"button"(Add"Package)."Select"the
downloaded"package"and"click"Open.

Close"VirtualBox"and"run"it"again"as"a"regular"user."Sometimes"VirtualBox"doesnt"quite"get"this
and"you"need"to"end"the"process"and"try"again."This"is"a"bug"in"VirtualBox"or"in"Windows"and"its
only"after"the"above"procedure"of"running"as"administrator"and"installing"the"Extension"Pack."It
is"not"representative"for"VirtualBoxs"stability.

In"VirtualBox,"click"New."For"the"machine"name"I"recommend"ownCloud"but"thats"your"call.
Type:"Linux."Version:"Debian."Click"Next.

The"amount"of"memory"necessary"depends"on"your"number"of"users"and"how"often"theyll"use
ownCloud."Lets"try"1024MB.

Click"Create"a"virtual"hard"drive"now"and"click"Create."Now."If"youre"unsure"of"what"to"choose
here,"stick"to"VDI"(VirtualBox"Disk"Image)."VMDK"disks"are"compatible"with"VMware"and"VHD
disks"can"be"used"on"Windows"with"or"without"Hyper]V."Take"your"pick"and"click"Next.
In"the"next"step"you"need"to"choose"between"a"dynamically"allocated"and"a"fixed"size"drive."If
unsure"choose"Dynamically"allocated."If"you"have"5,000"users"you"may"need"the"extra"speed."If
you"dont"have"a"1Gb"upload"speed"the"disk"speed"is"probably"not"your"speed"bottleneck.
Next"choose"how"big"the"drive"should"be."If"you"are"creating"a"dynamically"allocated"disk"the
size"doesnt"really"matter."Choose"an"appropriate"size."The"OS"and"software"take"up"around
2.5GB.
Download"the"Debian"network"installation"CD"iso."I"recommend"the"i386"version.
You"have"now"created"a"virtual"machine"in"VirtualBox."Select"the"VM"and"click"Settings."From
the"list"on"the"left"side"choose"Network.
For"an"exhaustive"discussion"on"virtual"networking,"read"chapter"6"of"the"manual."Or"skip"it"and
only"read"it"if"you"cant"get"it"to"work.
Set"the"adapter"to"Bridged"Adapter"and"choose"the"network"interface"that"connects"your"server
to"the"rest"of"your"network."My"screenshot"shows"an"Intel"Centrino"adapter,"which"is"a"wireless
card,"because"Im"writing"this"on"a"laptop."In"the"event"youre"using"a"wireless"card"you"may
need"to"click"Advanced"and"play"around"with"the"Promiscuous"Mode"setting."This"is"not
necessary"for"wired"connections.

Next"go"to"Storage"and"click"the"Empty"CD"in"the"Storage"Tree."Click"on"the"CD"icon"to"the
right"of"CD/DVD"Drive:"IDE"Secondary"Master.

Click"Choose"a"virtual"CD/DVD"disk"file"and"select"the"debian]n.n.n]xxxx]netinst.iso"file"you
downloaded"earlier.

Click"Ok"to"save"and"return"to"the"main"Oracle"VM"VirtualBox"Manager"window."(My"screenshot
shows"a"couple"more"VMs.)

2."Installing"and"configuring"Debian
To"start"installing"Debian,"fire"up"the"virtual"machine!"Select"it"and"click"Start.
After"a"briefly"shown"boot"logo"youll"be"presented"with"an"installer"boot"menu."Choose"Install.

Select"English"as"the"language.

Select"your"country.

Select"the"country"to"base"the"default"locale"settings"on."Since"this"isnt"a"desktop"dont"be"too
concerned"about"this."Choose"United"States"if"you"are"unsure.

Choose"your"keymap."For"Dutch"keyboards"choose"American"English."If"you"choose"Dutch"your
@"will"not"be"on"the"same"key"as"number"2.

As"the"hostname"I"suggest"OWNCLOUD.

As"the"domain"name"enter"your"Active"Directory"domain."My"lab"setup"is"a"one]tree,"one]
domain"forest."My"server"is"called"W2012R2ADDC.TESTNET.NETWERK"so"Im"entering
TESTNET.NETWERK"here.

Enter"a"root"password"and"enter"is"again."Remember"it.
Then"create"a"new"user."I"suggest"choosing"a"functional"username"like"owncloudlocaluser
because"you"dont"want"ambiguity"in"the"ownCloud]Active"Directory"naming"scheme."You
wont"be"using"this"account"very"much.

Just"keep"the"same"name"for"the"username"and"remember"the"password.
It"is"a"good"idea"to"choose"safe"passwords"for"both"the"root"and"normal"user"account.
Now"the"installer"will"do"some"network"stuff,"like"checking"the"time."The"next"interactive"step"is
the"partitioning."Just"stick"with"the"defaults"unless"you"need"encryption"if"youre"not"sure"what
to"do.
Partitioning"method:"Guided""use"entire"disk.

Disk"to"partition:"select"the"only"available"disk"if"you"have"followed"this"article"step"by"step.

Partitioning"scheme:"All"files"in"one"partition."This"doesnt"really"matter"as"were"working"in"a
virtual"environment.

Select"Finish"partitioning"and"write"changes"to"disk.

Yes,"were"sure.

The"installer"will"now"install"Debian"on"your"virtual"machine.

Since"this"is"the"netinstall"CD"some"parts"need"to"be"downloaded."Select"a"source"that"you"think
is"fast"and"up]to]date."I"chose"Netherlands">"ftp.tiscali.nl.

Enter"proxy"information"if"you"need"to."Then"wait"for"the"installer"to"continue.

The"installer"asks"if"you"want"to"participate"in"a"package"usage"survey."I"tend"to"agree"but"its"up
to"you.

At"the"software"selection"screen,"select:
"Web"server
"SQL"database
"SSH"server
"Standard"system"utilities

Wait"for"the"software"to"be"installed,"then"let"the"installer"install"GRUB"to"the"master"boot
record.

All"done!

Wait"for"the"system"to"reboot"and"when"the"login"screen"appears"log"in"with"the"root"user.

You"wont"see"any"asterisks"or"other"characters"appear"after"the"Password"prompt.

Configuring"networking"in"Debian
I"didnt"provide"my"Debian"vm"with"a"static"dhcp"address"but"I"suppose"you"would,"being"the
administrator"of"an"Active"Directory.
By"convention"*nix"commands"entered"under"a"root"account"are"preceded"by"a"#."Commands
entered"as"a"regular"user"are"preceded"by"a"$.
Edit"the"file"/etc/network/interfaces"by"typing
# nano /etc/network/interfaces
After"#"The"primary"network"interface"have"it"look"like"this:
allow-hotplug eth0
auto eth0
iface eth0 inet static
address 192.168.77.130
netmask 255.255.255.0
gateway 192.168.77.1
Of"course"enter"your"own"network"addressing"here.
Save"the"file"(^"means"the"control"button"but"use"the"left"one"on"your"keyboard"because"the
right"one"is"VirtualBox's"host"key!)"and"reset"the"networking"service:
# service networking restart
Now"minimize""dont"close""the"VirtualBox"window"and"fire"up"PuTTY"from"your"desktop"or
laptop."If"you"dont"have"PuTTY"installed"now"would"be"a"good"time"to"download"it.

At"the"Host"Name"(or"IP"address)"type"the"IP"address"of"your"ownCloud"VM,"sit"down"and"press
Open.

You"were"sitting"down"werent"you?"The"security"warning"means"you"havent"connected"to"this
machine"before."Read"the"message"and"click"Yes.

The"way"this"works"is"you"log"into"the"virtual"machine"via"SSH"with"a"regular"user"account,"then
as"that"user"switch"to"the"root"account."This"way"the"root"password"isnt"transferred"insecurely
over"the"network."There"are"better"ways"to"do"this"and"you"should"read"up"on"them"after"youre
done"with"ownCloud.
The"reason"we"use"PuTTY"is"that"it"allows"us"to"scroll"up,"copy"from"and"paste"to"the"command
line"and"its"just"a"lot"more"versatile"than"a"VirtualBox"pseusolocal"interface.
At"the"SSH"command"prompt"log"in"as"owncloudlocaluser"(the"one"weve"created"earlier)"and
its"password."Then"do:
$ su root
and"type"the"root"password.
Now"well"set"up"dns."Edit"the"file"/etc/resolv.conf"and"make"it"look"like"this:
domain testnet.netwerk
search testnet.netwerk
nameserver 192.168.77.136
Remember"testnet.netwerk"is"my"lab"AD"name"and"192.168.77.136"is"my"Active"Directory"DNS
server.
You"can"edit"the"file"by"typing
# nano /etc/resolv.conf

If"you"do"this"a"lot"try"and"learn"Vi"as"its"easier"to"use"(but"not"to"learn)"than"Nano."Nano"works
fine"however.
Since"were"on"a"virtual"machine"that"may"be"suspended"and"LDAP"relies"on"the"time"being
correct"lets"set"up"NTP.
# apt-get install ntp
Update"the"system"although"theres"probably"not"a"lot"to"update.
#"apt]get"update
#"apt]get"upgrade
Install"all"suggested"updates"and"upgrades.

Create"a"vm"snapshot
Now"would"be"a"good"time"to"create"a"snapshot"of"your"virtual"machine."If"you"screw"up"the"rest
you"can"return"the"vm"to"this"point"in"time."When"youre"done,"delete"the"snapshot"or"export
them"and"then"delete"them"because"they"take"up"resources.
Open"the"VirtualBox"Manager"window,"select"your"ownCloud"vm"and"click"the"Snapshot"button
top"right.

Click"on"the"Take"Snapshot"button"above"Current"State.

Enter"a"snapshot"name"and"a"description.

Read"chapter"one"of"the"VirtualBox"manual"to"learn"about"snapshots."Its"not"difficult"but"a"bit
outside"of"the"scope"of"this"article.

3."Preparing"the"vm"for"ownCloud
Since"we"selected"Web"server"as"one"of"the"functions"of"the"machine"Apache2"is"installed"and
running"on"the"vm."You"can"test"it"by"entering"the"vms"ip"address"or"hostname"in"your"browser.
It"should"look"like"this:

If"it"doesnt,"troubleshoot"it"until"it"works."Troubleshooting"Linux"systems"is"a"very"good"way"to
learn"about"them."A"good"place"to"start"is"the"error"log"at"/var/log/apache2/error.log:
# tail /var/log/apache2/error.log
/var/www"is"the"default"place"to"store"your"websites"in."By"convention"/var"is"the"place"data"with
a"variable"size"is"stored.
Create"a"file"/var/www/test.php"and"write"this"in"it:
<?
phpinfo();
?>
Open"your"browser"and"navigate"to"http://192.168.77.130/test.php."Depending"on"your"browser
you"will"either"get"a"blank"page"or"a"page"showing"the"contents"of"the"file"you"just"created."We
need"to"tell"Apache"to"parse"php"files:
# apt-get install libapache2-mod-php5
Now"try"again.

Delete"this"file"after"youre"done"installing"and"configuring;"its"noones"business"but"your"own
what"you"have"installed"on"your"server.
Well"be"installing"ownCloud"manually."I"prefer"this"method"to"the"packaged"version"because"it
takes"out"the"dependence"on"the"package"manager"(the"person"managing"the"packages,"not
the"package"manager"on"your"system)"and"you"know"exactly"what"you"are"doing.
Here"is"a"list"of"packages"that"need"to"be"installed"for"ownCloud"to"work."Some"of"them"were
preinstalled"on"my"fresh"Debian"7.3.0"install"so"Im"not"covering"them"here."If"youre"installing
on"an"other"version"or"distro"the"complete"list"might"come"in"handy.
Database:
# apt-get install mysql-server mysql-client php5-mysql
Remember"the"MySql"root"password!"You"wont"need"it"a"lot"but"if"you"do"its"probably"for
troubleshooting.
Film"and"pictures"preview:
# apt-get install php5-ffmpeg php5-imagick
Optional"(but"recommended):
# apt-get install libcurl3 curl php5-curl php5-mcrypt php5-intl
Communication"with"Active"Directory:
# apt-get install php5-ldap
Editing"documents:
# apt-get install libreoffice
Restart"Apache"for"good"measure.
# service apache2 restart

4."Installing"ownCloud
After"installing"ownCloud"you"will"probably"want"to"edit"php.ini"a"bit."By"default"you"can"only
upload"files"of"up"to"2MB"in"size."The"number"of"files"you"can"upload"in"one"go"is"limited"and
there"are"a"couple"more"limits"you"may"want"to"tweak.
You"will"need"to"edit"php.ini"for"that,"which"you"will"find"in"the"/etc/php5/apache2/"directory.
After"you"have"edited"that"file"restart"Apache.
The"download"url"I"mention"here"is"current"at"the"time"of"writing"however"ownCloud"is"under
active"development"and"the"link"will"probably"have"changed"so"go"over"to
http://owncloud.org/install/,"click"Tar"or"Zip"File"and"copy"the"tarballs"exact"url.
Via"PuTTY"do:
# cd /var/www
# wget http://download.owncloud.org/community/owncloud6.0.0a.tar.bz2
Extract"the"tarball:
tar -xjf owncloud-6.0.0a.tar.bz2
Fix"the"rights"on"the"ownCloud"folder:

# chown -R www-data:www-data /var/www/owncloud

Create"a"data"folder""dont"do"it"under"the"ownCloud"or"www"folder"in"/var"because"it"would"be
open"for"anyone"to"explore."Create"it"outside"of"the"/var/www"folder,"for"example"in"/var/.
# mkdir /var/ownclouddata
Keep"a"note"of"where"you"put"this"folder.
Fix"the"rights"on"the"data"folder:
# chown -R www-data:www-data /var/ownclouddata
Tell"Apache"about"the"site"by"editing"or"creating"/etc/apache2/httpd.conf:
<Directory /var/www/owncloud>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
Activate"Apaches"rewrite"module:
# a2enmod rewrite
Finally"restart"Apache:
# service apache2 restart
Usually"wed"create"a"dedicated"MySql"user"for"ownCloud"but"at"the"moment"thats"now
working"very"well"in"the"ownCloud"administration"web"interface"and"besides"this"is"a"dedicated
machine"so"well"just"use"the"MySql"root"user."For"servers"hosting"more"sites"that"would"be"a
safety"issue.
Browse"to"http://192.168.77.130/owncloud."You"can"safely"ignore"the"security"warning"about
your"data"directory"location."OwnCloud"doesnt"yet"know"where"it"is.
At"the"Create"an"admin"account"section"we"create"your"ownClouds"administrator"account.
Lets"call"it"ocadmin.
Enter"the"location"of"the"data"directory:"/var/ownclouddata
As"the"Database"user,"enter"root."The"password"is"the"MySql"server"password"you"entered"while
installing"MySql.
The"root"user"is"capable"of"creating"a"database"so"pick"a"functional"name,"like"owncloud.
The"MySql"and"Apache"server"are"on"the"same"machine"so"enter"127.0.0.1"as"the"Database"host.

If"all"went"well"you"will"now"have"a"functioning"ownCloud"server!

5."Connecting"ownCloud"to"Active"Directory
In"Active"Directory"Users"and"Computers"create"a"new"user"called"owncloudaduser."It"doesnt
have"to"be"a"member"of"any"special"groups."Give"it"a"hard"password"and"set"it"and"the"account
to"never"expire."I"created"this"user"in"the"Users"OU."This"doesnt"really"matter"but"keep"it"in
mind"when"specifying"the"users"DN"in"ownCloud.

LDAP"can"be"tricky."If"your"AD"works"you"dont"have"to"deal"with"it"but"as"soon"as"things"start"to

disintegrate"you"will"have"to"get"your"shovel"and"dig"in"the"LDAP"database."Windows"Server
2012"provides"a"couple"of"tools;"do"some"Googling.
Also"it"can"be"insightful"to"go"into"Active"Directory"Users"and"Computers,"select"your"domain,
click"View"and"check"Advanced"features.

Now"Active"Directory"Users"and"Computers"shows"you"a"lot"more"information."Doubleclick"a
user"and"check"out"the"new"tabs."Especially"handy"is"the"Attribute"Editor"which"tells"you"not
only"which"attributes"there"are"but"also"their"exact"values"which"can"be"very"helpful"when
troubleshooting"the"connection"between"ownCloud"and"Active"Directory.

Right,"back"to"ownCloud."Point"your"browser"to"http://192.168.77.130/owncloud"and"log"in"as
ocadmin.
From"the"top"right"menu"choose"Users.

Note"that"there"is"only"the"one"ocadmin"user"we"created"earlier."Normally"this"is"where"you
would"create"ownCloud"users.
Click"on"the"+"Apps"icon"bottom"left.

In"the"apps"list"scroll"down"to"LDAP"user"and"group"backend,"click"it"and"click"Enable.

From"the"top"right"menu"choose"Admin.

Ignore"the"https"security"warning"for"now."Scroll"down"to"the"LDAP"section."This"is"the"section
that"has"the"Server,"User"Filter,"etc."tab"bar"on"top."Start"out"with"the"Server"tab"and"fill"out
your"own"values."Remember"you"can"find"the"DN"of"the"client"user"in"Active"Directory"Users"and
Computers.

The"Could"not"determine"Base"DN"error"is"caused"by"a"bug"in"ownCloud;"dont"worry"about"it.
All"values"are"instantly"saved."Press"F5"to"reload"the"page"and"behold!"You"can"now"enter"a"Base
DN.

Users.testnet.netwerk"is"the"default"(with"your"own"AD"of"course)"but"you"could"just"enter
DC=testnet,DC=netwerk."This"would"give"you"all"users"in"the"AD,"including"system"accounts
that"will"never"need"ownCloud"accounts.
Click"the"Expert"tab"and"in"the"Internal"Username"Attribute"field"enter"sAMAccountName."This
way"ownClouds"internal"usernames"are"identical"to"your"AD"usernames"instead"of"the
objectSid"which"is"a"long"range"of"numbers.

Click"the"Save"button"on"the"bottom"of"the"form"after"you"change"this.
Click"the"Advanced"tab."Under"Connection"Settings"check"these"options:"Configuration"Active;
Case"insensitive"LDAP"server"(Windows);"Turn"off"SSL"certificate"validation"[for"now]."Set
Cache"Time]To]Live"to"5"seconds"for"now."If"you"are"done"configuring"change"this"back"to"600
or"so."You"dont"want"to"wait"ten"minutes"after"every"change"to"test"if"it"is"working.

Click"the"Save"button.
Under"Directory"Settings"enter"these"values:
User"Display"Name"Field:"displayName
Base"User"Tree:"CN=Users,DC=testnet,DC=netwerk
Group"Display"Name"Field:"cn
Base"Group"Tree:"DC=testnet,DC=netwerk"(Im"not"sure"this"makes"any"difference,"Ive"never
seen"ownCloud"pull"non]system"groups"from"LDAP)
Group]Member"association:"member"(AD)"(idem:"this"makes"no"difference"but"this"is
supposedly"the"correct"setting)

Click"Save,"then"click"the"Login"Filter"tab."You"may"now"see"a"Configuration"incorrect"message
followed"by"a"red"square."Dont"worry"about"it;"this"is"ownCloud"being"confused"I"guess.
Click"the"Edit"raw"filter"instead"line"and"enter"this"text:
(&
(memberOf:1.2.840.113556.1.4.1941:=cn=ocusers,dc=testnet,dc=netwerk)
(sAMAccountName=%uid))
(I"edited"the"screenshot"a"bit"so"it"would"show"all"text.)

The"memberOf:1.2.840.113556.1.4.1941:"key"is"interesting."It"means"members"of"the"following
group,"including"indirect"members"due"to"group"nesting."This"will"include"User4"even"though
User4"is"not"a"member"of"the"ocusers"group.
sAMAccountName=%uid"means"where"the"sAMAccountName"value"equals"the"string"the"user
entered"in"the"username"field"on"the"logon"page.
The"Login"Filter"tells"ownCloud"which"users"are"allowed"to"log"in"and"which"LDAP"attributes
they"are"allowed"to"use"for"their"usernames.
Clicking"Continue"will"take"you"to"the"Group"Filter"tab"and,"if"all"went"well,"replace"the"error
message"by"a"happy"Configuration"OK"message"followed"by"a"green"dot.

(Yes,"I"edited"the"screenshot"so"it"would"show"all"text.)
The"Login"Filter"raw"filter"string"you"entered"is"very"sensitive"about"changes"in"other"places"in
the"ownCloud"administration"web"interface"and"even"to"reloads"of"the"page"itself."If"you"change
anything"check"back"here"and"fix"the"value"if"necessary."The"fix"may"take"but"if"you"press"F5"the
default"value"is"reset."I"hope"this"will"be"fixed"in"future"updates"but"for"now"it"helps"if"you"are
aware"of"these"features.
Before"continuing,"check"which"users"are"listed"in"the"User"section"(top"right"menu,"Users).
Note"that"there"are"too"many.
Under"the"User"Filter"tab"click"Edit"raw"filter"instead"and"enter"this"text:
memberOf:1.2.840.113556.1.4.1941:=cn=ocusers,dc=testnet,dc=netwerk
Press"Continue"to"save"the"value.
Check"back"in"the"top"right"menu"under"Users"and"verify"that"all"intended"users"are"present.

Theres"a"fair"chance"it"wont"work"the"first"time"but"it"helps"to"know"which"values"should"work
and"once"it"works"it"keeps"working.

6."Troubleshooting

Begin"trouleshooting"by"checking"all"entered"values"in"the"ownCloud"administrative"web
interface."Having"DN"where"it"should"be"CN"can"break"the"whole"thing.
Press"F5"and"check"the"values"again."Some"values"will"be"randomly"and"automatically"reset
to"their"default"values"if"you"reload"the"page."Fix"the"value"and"press"Continue"or"Save"but
do"not"reload"and"test"wether"it"works"in"another"browser"or"tab."If"it"does"dont"touch"it
anymore.
Changing"a"value"on"one"tab"may"influence"a"value"on"a"different"tab.
From"your"VM"check"if"you"can"ping"the"DC"by"its"name."If"you"cant"you"need"to"fix"that
first.
The"user"counter"doesnt"always"work.
The"Group"Filter"doesnt"work.

7."Whats"next?
Definately"read"up"on"hardening"your"Linux"server."A"few"minor"changes"can"help"a"lot.
This"includes"using"an"ssl"certificate"on"ownCloud.
Further"tweak"ownCloud"to"allow"for"bigger"and"more"files"to"be"used.
Deploy"desktop,"mobile"and"web"clients.
Have"ownCloud"store"its"data"to"AD"user"home"shares
I"may"or"may"not"publish"articles"on"the"above"topics.

8."Further"reading"and"useful"resources
Technet:"Active"Directory:"LDAP"Syntax"Filters
ownCloud"Administrators"Manual:"User"Authentication"with"LDAP
PHP:"ldap_search""Search"LDAP"tree
Debian"wiki:"NetworkConfiguration
VirtualBox"End]user"documentation
Mobile"clients"for"ownCloud"on"F]Droid
Tech"

2012,"2012"r2,"active"directory,"ad,"owncloud,"windows"

20"Comments

Recieve"new"post"updates:"Entries"(RSS)"
Recieve"follow"up"comments"updates:"RSS"2.0

Written"by"Kapitein"Vorkbaard
View"all"posts"by:"Kapitein"Vorkbaard

"Solved:"Logitech"SetPoint"settings"are"lost
after"a"reboot

Make"wheel"buttons"of"Logitech"Anywhere"MX
mouse"work"in"Chromium"

Leave"a"comment

20"Comments.

Chris"McBride
2014]01]05

Thanks"for"the"walkthrough,"but"my"LDAP"settings"are"still"not
working."It"wont"change"from"Configuration"Incorrect"to
Configuration"OK."Its"pulling"the"Base"DN"correctly"and"I"can"tell
its"able"to"query"AD,"so"I"think"the"base"Server"settings"are"correct."I
set"the"Login"filter"and"User"Filter"to"what"you"recommended.
Should"I"set"anything"for"the"Group"filter?"Any"other"hints?
Reply

nevermind,"it"was"a"typo"on"the"Login"filter"tab."The"GUI
had"stripped"out"some"()s."thanks!
Reply

Chris"McBride
2014]01]05

Oh"and"it"still"said"Configuration"Incorrect,"but"it"still
works."I"was"able"to"login"with"my"AD"username"and
PW.
Reply

Chris"McBride
2014]01]05

Kapitein"Vorkbaard
2014]01]06

You"can"leave"the"Group"Filter"empty
because"you"specify"which"users"can"log"on
in"the"Login"Filter.
I"sometimes"think"the"Configuration
Incorrect"statement"is"a"random"one."As
you"say,"it"may"just"be"working"when"it"says
it"isnt.
Reply

Hi,"could"I"ask"you"when"you"get"this":
memberOf:1.2.840.113556.1.4.1941:"I"want"set"my"own"group,"when
I"can"this"found"in"Attribute"Editor"?
thank"you"for"your"help
Reply

Roman"Valasek
2014]01]09

Kapitein"Vorkbaard
2014]01]10

Roman,"memberOf:1.2.840.113556.1.4.1941:"is"a"fixed
name."The"numbers"do"not"represent"a"groupname;"it"is
just"a"very"undescriptive"name"for"members"of"a"group
including"objects"through"group"nesting.
The"numbers"are"not"a"variable.
So"if"your"group"is"called"RomansGroup"then"you
would"use
memberOf:1.2.840.113556.1.4.1941:RomansGroup.
Reply

Hi"Kapitein"Vorkbaard,
thank"you"for"your"information"and"detailed
manual.
It"works
Roman"Valasek

Reply

2014]01]10

My"pleasure,"thanks"for"your
feedback":)
Reply

Kapitein"Vorkbaard
2014]01]10

Thanks"a"lot,"your"post"helped"me"a"lot!
Reply

johan
2014]01]17

JW
2014]02]11

Hello"Kapitain"Vorkbaard,
the"hints"about"Could"not"determine"Base"DN"error"is"caused"by"a
bug"in"ownCloud;"dont"worry"about"it"Press"F5"helps"a"lot"and
was"the"solution"for"our"problem"with"asking"a"second"active]
directory.
Thanks"for"your"extensive"description.
JW.
Reply

THANK"YOU!!!!"Youre"post"is"the"only"one"Ive"found"that"talks
about"this"memberOf:1.2.840.113556.1.4.1941"setting"in"relation"to
ownCloud.
Reply

Joe"Anderson
2014]02]13

Yeah"that"one"took"me"some"Googling";)
Reply

Kapitein"Vorkbaard
2014]02]13

You"save"my"day"!"Thanks"Kapitein
But"Im"not"very"happy"with"this"random"ldap"config
Reply

Pierre
2014]02]25

Im"sure"the"ldap"connection"will"improve"with"new
iterations"of"ownCloud,"Pierre."Keep"an"eye"on
ownClouds"changelogs.
Reply

Kapitein"Vorkbaard
2014]02]25

I"am"running"in"to"an"issue"where"the"login"isnt"taking"the"users
password,"I"have"tried"just"the"username"for"login"and
username@domain.suffix"and"its"not"taking"the"password."Is"there
a"different"username"I"should"be"using?
Reply

Randy"Forgeur
2014]03]01

Kapitein"Vorkbaard
2014]03]01

Try"without"@domain.suffix."Also"create"a"share"on
your"DC"and"try"mapping"it"from"a"client"to"verify"the
credentials"are"correct."Check"the"servers"Event"Viewer
and"lastly"ownClouds"log."OwnCloud"will"probably"log"a
bunch"of"messages"that"will"not"help"but"you"never
know.
If"this"doesnt"help"try"the"ownCloud"forums."Be"sure"to
mention"the"exact"versions"of"Windows"Server,"the
server"running"ownCloud"and"the"ownCloud"version"you
are"using.
Oh"and"in"the"last"screenshot"in"my"article"you"see"the
usernames."They"should"represent"the"users"you"want
to"give"access."If"they"do,"check"the"Login"Filter.
Reply

Thanks,"I"will"check"the"logs,"its"importing
the"users"with"no"problem,"I"can"see"all"of
the"users"in"OwnClouds"user"list."My"only
issue"is"I"cant"login."Ill"update"this"with"my
results"later
Randy"Forgeur

Reply

2014]03]01

Ah,"try"rebooting"your"servers."You
never"know.
Reply

Kapitein"Vorkbaard
2014]03]01

Stead"Halstead
2014]03]05

OwnCloud"6.0.2"is"out"yesterday!"We"were"struggling"with"some"of
the"set"up"(this"guide"is"great!"It"just"seems"like"the"config"tool"kept
fighting"us).
My"first"go"with"the"new"config"tool"is"good,"so"far."I"havent
successfully"limited"my"users"down"to"just"my"OwnCloud"Users
group"(although"it"successfully"finds"that"group"now!)
Whats"the"difference"between"Login"Filtering"and"User"Filtering?
Which"one"controls"which"accounts"get"created"on"the"users"view?
Thanks"for"a"great"guide!
Reply

Kapitein"Vorkbaard
2014]03]05

The"Login"Filter"determines"if"a"user"can"log"on,"the
User"Filter"is"for"populating"the"Admin">"Users"listing.
Its"been"a"while"since"I"wrote"up"this"manual"so"I"may"be
mistaken"but"this"is"what"I"think"it"is.
If"it"doesnt"work"check"and"check"again"if"you"havent
made"any"typing"errors."Then"check"some"more."Also
read"my"answer"to"Randys"question"above.
I"think"its"time"to"test"with"the"new"ownCloud"version":)
Reply

Leave a Reply
Your"email"address"will"not"be"published."Required"fields"are"marked"*
Name"* "
Email"* "
Website "
Comment "

You"may"use"these"HTML"tags"and"attributes:"<a href="" title=""> <abbr title=""> <acronym

title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite="">
<strike> <strong>

Post Comment

Ahoy,"maatjes!

Rent]a]beard

Scifi

"2014"Vorkbaard"uit"de"toekomst."All"Rights"Reserved."
Theme"by"Bas"Weinans."Powered"by"WordPress.