SSO with UCS & Kopano


#1

I have installed the AD compatible domain controller. My computer could become a member of the domain.

But if I start the DeskApp and activate the logon with the Windows logon data there (use system logon data) I get an error.

“Single Sign On is not supported by the webserver. Please enter your username and password.”

I’ve been searching the web for hours now. I find a lot of basic information about LDAP, but no indication as to whether or how I can activate it in UCS.

Translated with www.DeepL.com/Translator


#2

hi @bitboy0,

your webserver would need to have been configured to support login via Kerberos. This is explained in https://documentation.kopano.io/kopanocore_administrator_manual/special_kc_configurations.html#apache-configuration-for-sso-with-webapp (and the chapters leading to it).


#3

I installed libapache2-mod-auth-kerb

then I enter

chmod 400 /etc/httpd/keytab.apache
chown apache:apache /etc/httpd/keytab.apache

but there is no file like /etc/httpd/keytab.apache
and there is no user like “apache” … so I failed

Is there anything to do before that steps?
I’m not really Linux expert … I use the vmware-virtual machine as provided by UCS. So it is DEBIAN


#4

The manual is not really meant as a copy & paste howto, so you’d still need to adapt paths (and if you scroll up in the documents it tells you how to generate the keytab.apache file).


#5

Just to understand: Do I have to create the keytab.apache on a Windows machine? I don’t have a Windows server anymore. Otherwise I can only use a Windows10 client.


#6

No, this is generally also possible on a Linux machine (for example directly in the Univention host). see https://wiki.samba.org/index.php/Generating_Keytabs