- 论坛徽章:
- 0
|
Paul Matthews
E: paul.matthews@cathedral.qld.edu.au
W: www.cathedral.qld.edu.au
BLOG:http://tlug.dnho.net/?q=blog/127
WEBSITE:http://www.yourhowto.org/
This is my replacement for M$ exchange server. Dovecot runs
as either pop3 or imap, the Perl script draws down the aliases from the Active
Directory CN, postfix runs as the SMTP server, sSquirrel Mail runs as my mail
client and the Squirrel Mail plug-in draws the needed information down from
Active directory automatically every time you login and places it in your squirrel
mail preferences and winbind authenticates against active directory to synchronize
the usernames/passwords between ADS and the Linux box.
Name: Dovecot
HomePage: http://dovecot.org/
Fuction: Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written with security primarily in mind.
Name: Postfix
HomePage: http://www.postfix.org/
Fuction: Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users
Name: Squirrel Mail
Homepage: http://www.squirrelmail.org/
fuction: Webmail client, used to check e-mails from anywhere in world, via the internet, like gmail or hotmail
1. edit the dovecot file '/etc/dovecot.conf'
protocols = imap
2. make the '/home/' directory writable by everyone
chmod a+rwx /home/
3. Now edit the '/etc/dovecot.conf' file. (change the UID, GID to suit your system)
auth_userdb = passwd
auth_passdb = pam
default_mail_env = mbox:/home/imap/%u/mail:INBOX=/var/spool/mail/%u
4. set dovecot to start on boot and then start it
chkconfig dovecot on
/etc/init.d/dovecot start'
5. start the apache webserver next,
'/etc/init.d/httpd start'
6. make sure that squirrelmail is working properly go to the web address
http://ip-address-of-the-mail-server/webmail/
(if squirrelmail was installed at the installation of fedora this alias should already be made)
5. now it's time get winbind to authenticate against Active Directory. stop both winbind and samba services
'/etc/init.d/smb stop'
'/etc/init.d/winbind stop'
7. edit Kerberos files to have the right configuration
/etc/krb5.conf
[libdefaults]
default_realm = WINDOWS.SERVER.INT
[realms]
WINDOWS.SERVER.INT = {
kdc = mc1.windows.server.int
default_domain = WINDOWS.SERVER.INT
kpasswd_server = mc1.windows.server.int
admin_server = mc1.windows.server.int
}
[domain_realm]
.windows.server.int = WINDOWS.SERVER.INT
8. edit Samba files to have the right configuration
/etc/samba/smb.conf
workgroup = server
security = ads
realm = WINDOWS.SERVER.INT
encrypt passwords = yes
username map = /etc/samba/smbusers
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
9. now it's time to join the domain
'net ads join -U administrator -S mc1'
10. Now we need to edit the /etc/nsswitch.conf file
from:
passwd: files
shadow: files
group: files
to:
passwd: files winbind
shadow: files
group: files
11. now it's time to start both winbind and samba services
'/etc/init.d/smb start'
'/etc/init.d/winbind start'
12. now hopefully all that went well, to test it out lets try this comand
'/usr/bin/wbinfo -g'
this should display all the groups in your active directory structure.
13. now it is time to edit dovecot pam module
'nano /etc/pam.d/dovecot/'
#%PAM-1.0
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required pam_listfile.so onerr=fail file=/etc/postfix/usernames item=user sense=allow
auth sufficient pam_winbind.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_localuser.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
auth required /lib/security/$ISA/pam_deny.so
14. once that is done it's time to setup the aliases in postfix and usernames, download the following scripts.
'wget http://www.geocities.com/evilperson85/script/getadusername_pl.txt'
'wget http://www.geocities.com/evilperson85/script/getadalias_pl.txt'
'wget http://www.geocities.com/evilper ... ernameformap_pl.txt'
15. edit the files to suit your network
16. Make cron run this script every 10 minutes, or whenever you want it to.
'crontab -e'
then place the following information into the file
30 * * * * /etc/postfix/getadalias_pl.txt
30 * * * * /etc/postfix/getadusername_pl.txt
30 * * * * /etc/postfix/getadusernameformap_pl.txt
17. once that information is set in, you need to add a cron job to sync the file with the aliases database, make it run a minute after each time the getadalias_pl.txt script is run.
31 * * * * /etc/postfix/sync-db
have this information ins the '/etc/postfix/sync-db' file
/usr/sbin/postalias hash:/etc/postfix/ldap-aliases.cf/usr/sbin/postmap hash:/etc/postfix/usernames_forlocalmaps
18. make the files executable and then run it
'chmod ug+rwx /etc/postfix/getadalias_pl.txt'
'/etc/postfix/getadalias_pl.txt'
'chmod ug+rwx /etc/postfix/getadusername_pl.txt'
'/etc/postfix/getadusername_pl.txt'
'chmod ug+rwx /etc/postfix/getadusernameforlocalmap_pl.txt'
'/etc/postfix/getadusernameforlocalmap_pl.txt'
'chmod ug+rwx /etc/postfix/sync-db'
'/etc/postfix/sync-db'
19. change your postfix main.cf file to look like this
alias_maps = hash:/etc/aliases, hash:/etc/postfix/ldap-aliases.cf
local_recipient_maps = unix:passwd.byname hash:/etc/postfix/usernames_forlocalmaps
20.This requires Net::LDAP to be installed. To install Net::LDAP,
Download it from
http://search.cpan.org/~gbarr/perl-ldap-0.33/lib/Net/LDAP.pod
Install it
21. This script searches your active directory database to returns with the
sAMAccountName and mail attriube, strips out the unnecessary
'@example.com' and then places them in the file that you choose when
editing the script (eg: /etc/postfix/ldap-aliases.cf) in the format of
postfix aliases (aliases: username).
22. download the 'Retrieve User Data' from the plugins section of the squirrelmail website
http://www.squirrelmail.org/plugin_view.php?id=11
and put the file in the folder
'/usr/share/squirrelmail/plugins'
23. unzip the file
gzip -d retrieveuserdata.0.9-1.4.0.tar.gz
tar -xvf retrieveuserdata.0.9-1.4.0.tar
24. the to the folder '/usr/share/squirrelmail/config' and run the program
./conf.pl
23. choose option 8 'Plugins' and then installed the retrieveuserdata plugin by selecting the number next do it, after it has
been installed choose the save option 's' then quit 'q'
25. then go back into the plugins folder and into the retrieveuserdata folder
'cd /usr/share/squirrelmail/plugins/retrieveuserdata '
26. edit the below part of your 'config.php' file to suit your network settings.
$SQRUD_LDAP_FROM_MAIN_CONFIG = 0;
$SQRUD_LDAP_UID = "sAMAccountName";
$SQRUD_LDAP_USERNAME = "displayName";
$SQRUD_LDAP_MAIL = "mail"; // or "mail"
$SQRUD_LDAP_MAIL_ALIASES = "proxyaddresses";
$SQRUD_LDAP_MAIL_ALIAS_PREFIX = "smtp:";
$SQRUD_LDAP_ANONYMOUS_BIND = 0;
// $SQRUD_LDAP_BIND_RDN = "cn=moodleuser,cn=users,dc=fedora,dc=directory,dc=server";
$SQRUD_LDAP_BIND_RDN = "fedora\\SQRUD_UID"; // for Microsoft ADS
$SQRUD_LDAP_SERVER[0] = array(
'host' => 'fedora.directory.server', // hostname, required
'base' => 'dc=fedora,dc=directory,dc=server', // base distinguished name, required
'port' => '389', // port, optional
'charset' => 'utf-8' // charset, optional
27. now we need to change the way squirrel mail delievers it's mail
/usr/share/squirrelmail/config/conf.pl
Choose:
2. Server Settings
Choose:
3. Sendmail or SMTP : SMTP
Choose
SMTP
Choose:
Return 'R' & then
Choose
4. General Options
Then
10. Allow editing of identity
Make Both false/false
28. now we need to set postfix as the default MTA for the system
'alternatives --config mta'
then select postfix as your mta
29. now it's time to set all our severs
chkconfig postfix on
/etc/init.d/potfix start
/etc/init.d/sendmail stop
rpm -qa | grep sendmail
sendmail-8.13.1-2
sendmail-cf-8.13.1-2
rpm -e sendmail-8.13.1-2
rpm -e sendmail-cf-8.13.1-2
Last Updated ( Wednesday, 22 February 2006 ) |
|
免费注册
发表于 2006-04-09 15:40
