This is a guide for IRC Network Administrators. If you just want to connect to AfterNET's ZNC bouncer, go to znc
If you use X3 with ldap support (Or any services with ldap support) you can host a ZNC bouncer for all your users to use, by using ZNC's cyrusauth module. Here is how we build ZNC for afternet:
apt-get install sasl2-bin/etc/defaults/saslauthd:START=yes MECHANISM="ldap"
/etc/saslauthd.conf:ldap_servers: ldaps://yourldapserver.domain ldap_search_base: ou=Users,dc=yourdomain,dc=org ldap_filter: (uid=%u) #ldap_tls_cacert_file: /etc/ssl/yourcertificate.cer
/etc/init.d/saslauthd starttestsaslauthd -u “yourldapuid” -p yourpassword -f /var/run/saslauthd/mux/usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -n 1 -d/var/log/auth.log and /var/log/daemon.logldapsearch -D "uid=youruid,ou=Users,dc=yourdomain,dc=org" -w yourpassword -H ldaps://ldapservername -b "ou=Users,dc=yourdomain,dc=org" -s sub "(objectclass=*)"
Assuming a debian 8 (jessie) base system:
sudo adduser yourzncuser sasl log out and back indeb http://ftp.debian.org/debian jessie-backports main to /etc/apt/sources.list. dont forget to sudo apt-get updatesudo apt-get build-dep zncsudo apt-get install cmakesudo apt-get install libicu-devsudo apt-get install swig3.0sudo apt-get install libboost-all-devgit submodule update –init –recursivemakemake installbin/znc –makeconf/msg *status load cyrusauth saslauthd webirc impersonation/msg *controlpanel adduser zncclone somepassword/msg *cyrusauth help)cloneuser yourcloneusernameherecreateuser Yessetimpersonateaccount znc somepasswordsetNetworkName yournetworksetServer irc.yournetwork.org 6697 trueset UserSalt somethingrandomsetWebIrc username passwordsetWebIrcHost .users.yournetwork.org/msg *status load sasl/msg *sasl help):requireauth yesmechanism PLAINWebIRC {
description = "znc";
host = "*@zncip";
pass = "crypted password";
};
* Except block to protect znc from flood limits:
Except {
host = "*@zncip";
gline = yes;
rdns = yes;
ipcheck = yes;
targetlimit = yes;
};
I run this script after make install to disable a bunch of the plugins:
#!/bin/bash RM='/bin/rm -v' echo "Lets delete modules we dont trust or need for security!" #Lets remove unsafe modules! #keep#lib/znc/adminlog.so #keep#lib/znc/alias.so #keep#lib/znc/autoattach.so #keep#lib/znc/autocycle.so #keep#lib/znc/autoop.so #keep#lib/znc/autoreply.so #keep#lib/znc/autovoice.so #keep#lib/znc/awaynick.so $RM lib/znc/awaystore.so #keep#lib/znc/block_motd.so #keep#lib/znc/blockuser.so $RM lib/znc/bouncedcc.so #keep#lib/znc/buffextras.so $RM lib/znc/certauth.so $RM lib/znc/cert.so # ADD? #lib/znc/chanfilter.so #keep#lib/znc/chansaver.so #keep#lib/znc/clearbufferonmsg.so # ADD? #lib/znc/clientaway.so # ADD? #lib/znc/clientbuffer.so #keep#lib/znc/clientnotify.so $RM lib/znc/controlpanel.so $RM lib/znc/crypt.so #keep#lib/znc/ctcpflood.so #keep#lib/znc/cyrusauth.so $RM lib/znc/dcc.so #keep#lib/znc/disconkick.so #keep#lib/znc/fail2ban.so #keep#lib/znc/flooddetach.so #keep#lib/znc/identfile.so $RM lib/znc/imapauth.so #keep#lib/znc/keepnick.so #keep#lib/znc/kickrejoin.so #keep#lib/znc/lastseen.so $RM lib/znc/listsockets.so #keep#lib/znc/log.so $RM lib/znc/missingmotd.so #$RM lib/znc/modperl $RM lib/znc/modperl.so $RM lib/znc/modperl/startup.pl $RM lib/znc/modperl/ZNC.pm $RM lib/znc/modperl/ZNC.so #$RM lib/znc/modpython $RM lib/znc/modpython.so $RM lib/znc/modpython/znc_core.py $RM lib/znc/modpython/_znc_core.so $RM lib/znc/modpython/znc.py #keep#lib/znc/modules_online.so $RM lib/znc/nickserv.so $RM lib/znc/notes.so #keep#lib/znc/notify_connect.so # ADD? #lib/znc/partdetach2.cpp #keep#lib/znc/partyline.so #keep#lib/znc/perform.so $RM lib/znc/perleval.pm $RM lib/znc/pyeval.py $RM lib/znc/q.so $RM lib/znc/raw.so # ADD? #lib/znc/playback.so # ADD? #lib/znc/privmsg_auto.so #keep#lib/znc/route_replies.so $RM lib/znc/sample.so #keep#lib/znc/sasl.so $RM lib/znc/savebuff.so $RM lib/znc/schat.so $RM lib/znc/send_raw.so #keep#lib/znc/shell.so #keep#lib/znc/simple_away.so # ADD? #lib/znc/snomask.so #keep#lib/znc/stickychan.so #keep#lib/znc/watch.so #keep#lib/znc/webadmin.so