Univention Corporate Server Manual for users and administrators Version 4.3-5 Date: October 8th, 2019 Alle Rechte vorbehalten./ All rights reserved. (c) 2002-2019 Univention GmbH Mary-Somerville-Straße 1 28359 Bremen Deutschland [email protected] Jede aufgeführte Marke und jedes Warenzeichen steht im Eigentum ihrer jeweiligen eingetragenen Rechtsinhaber. Linux ist ein eingetragenes Warenzeichen von Linus Torvalds. The mentioned brand names and registered trademarks are owned by the respective legal owners in each case. Linux is a registered trademark of Linus Torvalds. 2 Table of Contents 1. Introduction ....................................................................................................................... 13 1.1. What is Univention Corporate Server? ........................................................................ 13 1.2. Overview of UCS .................................................................................................... 14 1.2.1. Commissioning ............................................................................................. 14 1.2.2. Domain concept ............................................................................................ 14 1.2.3. Expandability with the Univention App Center ................................................... 15 1.2.4. LDAP directory service .................................................................................. 15 1.2.5. Domain administration ................................................................................... 17 1.2.6. Computer administration ................................................................................ 17 1.2.7. Policy concept .............................................................................................. 18 1.2.8. Listener/notifier replication ............................................................................. 18 1.2.9. Virtualization and cloud management ............................................................... 18 1.3. Further documentation .............................................................................................. 18 1.4. Symbols and conventions used in this manual ............................................................... 19 2. Installation ........................................................................................................................ 21 2.1. Introduction ............................................................................................................ 21 2.2. Selecting the installation mode ................................................................................... 22 2.3. Selecting the installation language .............................................................................. 23 2.4. Selecting the location ............................................................................................... 23 2.5. Selecting the keyboard layout .................................................................................... 24 2.6. Network configuration .............................................................................................. 25 2.7. Setting up the root password ..................................................................................... 27 2.8. Partitioning the hard drive ......................................................................................... 27 2.9. Domain settings ....................................................................................................... 29 2.9.1. "Create a new UCS domain" mode ................................................................... 30 2.9.2. "Join an existing Active Directory domain" mode ............................................... 31 2.9.3. "Join an existing UCS domain domain" mode .................................................... 32 2.9.4. "Do not use any domain" mode ....................................................................... 33 2.10. Selecting UCS software components ......................................................................... 33 2.11. Confirming the settings ........................................................................................... 34 2.12. Troubleshooting for installation problems ................................................................... 35 2.13. Installation in text mode .......................................................................................... 35 2.14. Installation in the Amazon EC2 cloud ....................................................................... 36 2.15. Installation in VMware ........................................................................................... 36 2.16. Installation as Docker image .................................................................................... 36 2.17. Installation in Citrix XenServer ................................................................................ 36 3. Domain services / LDAP directory ........................................................................................ 37 3.1. Introduction ............................................................................................................ 38 3.2. Joining domains ...................................................................................................... 38 3.2.1. How UCS systems join domains ...................................................................... 38 3.2.1.1. Subsequent domain joins with univention-join ................................ 39 3.2.1.2. Joining domains with Univention Management Console ............................. 39 3.2.1.3. Join scripts / Unjoin scripts .................................................................. 39 3.2.2. Windows domain joins ................................................................................... 40 3.2.2.1. Windows 10 ...................................................................................... 41 3.2.2.2. Windows 8 ........................................................................................ 41 3.2.2.3. Windows 7 ........................................................................................ 42 3.2.2.4. Windows Server 2012 ......................................................................... 42 3.2.3. Ubuntu domain joins ..................................................................................... 42 3.2.4. Mac OS X domain joins ................................................................................. 42 3.2.4.1. Domain join using the system preferences GUI ........................................ 42 3.2.4.2. Domain join on the command line ......................................................... 43 3 3.3. UCS system roles .................................................................................................... 43 3.3.1. Domain controller master ............................................................................... 43 3.3.2. Domain controller backup ............................................................................... 44 3.3.3. Domain controller slave ................................................................................. 44 3.3.4. Member server .............................................................................................. 44 3.3.5. Base system ................................................................................................. 44 3.3.6. Ubuntu ........................................................................................................ 44 3.3.7. Linux .......................................................................................................... 44 3.3.8. Univention Corporate Client ............................................................................ 44 3.3.9. Mac OS X ................................................................................................... 44 3.3.10. Domain Trust Account ................................................................................. 45 3.3.11. IP managed client ........................................................................................ 45 3.3.12. Windows Domaincontroller ........................................................................... 45 3.3.13. Windows Workstation/Server ......................................................................... 45 3.4. LDAP directory ....................................................................................................... 45 3.4.1. LDAP schemas ............................................................................................. 45 3.4.1.1. LDAP schema extensions ..................................................................... 45 3.4.1.2. LDAP schema replication ..................................................................... 45 3.4.2. Audit-proof logging of LDAP changes .............................................................. 46 3.4.3. Timeout for inactive LDAP connections ............................................................ 46 3.4.4. LDAP command line tools .............................................................................. 46 3.4.5. Access control for the LDAP directory ............................................................. 47 3.4.5.1. Delegation of the privilege to reset user passwords ................................... 47 3.4.6. Name Service Switch / LDAP NSS module ....................................................... 48 3.4.7. Syncrepl for synchronization with non-UCS OpenLDAP servers ............................ 48 3.4.8. Configuration of the directory service when