- 论坛徽章:
- 0
|
转自[url]www.postfix.org.cn[/url]
原理:postfix用来做smtp,dovecot做pop
saslauthd用来做smtp验证。
大致验证过程如下:postfix和dovecot把帐号交给saslauthd,saslauthd把账号交给pam,pam通过samba和winbind联系AD
环境:
windows: windows 2003
IP 192.168.101.5
hostname win2003.mkchen.com
配置DNS,建立mkchen.com域
linux: centos4.4
IP 192.168.0.1
hostname sun.mkchen.com
samba-3.0.10-1.4E.9
一、把linux加到AD域中
1、vi /etc/krb5.conf
主要修改如下几部分
[libdefaults]
default_realm = MKCHEN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
MKCHEN.COM = {
kdc = 192.168.101.5:88
kdc = 192.168.101.5
# admin_server = kerberos.example.com:749
default_domain = mkchen.com
kdc = 192.168.101.5
}
[domain_realm]
.mkchen.com = MKCHEN.COM
mkchen.com = MKCHEN.COM
2、vi /etc/samba/smb.conf
修改如下几点:
[global]
workgroup = MKCHEN
netbios name = sun.mkchen.com
realm = MKCHEN.COM
server string = Samba Server
security = ads
encrypt passwords = yes
local master = no
os level = 20
domain master = no
preferred master = no
password server = 192.168.101.5
winbind use default domain = yes
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D
template shell = /bin/bash
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
3、vi /etc/nsswitch.conf
修改如下部分:
passwd: files winbind
shadow: files winbind
group: files winbind
启动smb和winbind
service smb start
service winbind start
4、把linux加入ad
运行authconfig
选择使用winbind,使用MD5口令,使用屏蔽口令,使用kerberos,使用smb验证,使用winbind验证。
按下一步查看kerberos设置
按下一步检查winbind设置,选择加入域,输入帐号密码,按确定
再按确定
这样就把linux加入了ad
使用命令wbinfo -g
wbinfo -u 看能否取到AD的账号和组
二、配置posftfix
vi /etc/postfix/main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = sun.mkchen.com
mydomain = mkchen.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost,$mydomain
unknown_local_recipient_reject_code = 550
mynetworks_style = subnet
mynetworks = 192.168.101.0/24,127.0.0.0/8
relay_domains = $mydestination
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mail_spool_directory = /var/mail
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.10/samples
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $mydomain
smtp_sasl_auth_enable = yes
三、配置sasl验证
ln -s /usr/lib/sasl2/smtp.conf /usr/local/lib/smtp.conf
vi /usr/local/lib/smtp.conf,内容如下
pwcheck_method: saslauthd
log_level:2
mech_list:PLAIN LOGIN
vi /etc/init.d/saslauthd
把 MECH=shadow 改成 MECH=pam
启动saslauthd
service saslauthd start
四、配置dovecot
vi /etc/dovecot.conf
protocols = pop3
pop3_listen = [::]
login_dir = /var/run/dovecot-login
login = pop3
default_mail_env = mbox:~/mail/%u/:INBOX=/var/mail/%u
mbox_locks = fcntl
auth = default
auth_mechanisms = plain
auth_userdb = passwd
auth_passdb = pam
auth_user = root
建立邮件目录
mkdir -p /home/MKCHEN/mail
chown -R 777 /home/MKCHEN/mail
service dovecot start
五、配置pam认证
分别编辑/etc/pam.d下的login,dovecot,smtp
加入如下三行
auth sufficient pam_winbind.so
account sufficient pam_winbind.so
password sufficient pam_winbind.so use_authtok
六、客户端收发测试
客户端用OE,使用AD的帐号收发邮件
以上是大致的配置过程,如有错误的地方,欢迎批评指正 |
|
免费注册
发表于 2007-07-18 08:13