歡迎您光臨本站 註冊首頁

postfix+dovecot+saslauthd+samba+winbind+pam+AD (轉)

←手機掃碼閱讀     火星人 @ 2014-03-04 , reply:0

postfix+dovecot+saslauthd+samba+winbind+pam+AD (轉)

轉自www.postfix.org.cn

原理:postfix用來做smtp,dovecot做pop
saslauthd用來做smtp驗證。
大致驗證過程如下:postfix和dovecot把帳號交給saslauthd,saslauthd把賬號交給pam,pam通過samba和winbind聯繫AD

環境:

windows: windows 2003
     IP 192.168.101.5
     hostname win2003.mkchen.com
     配置DNS,建立mkchen.com域

linux:    centos4.4
     IP 192.168.0.1
     hostname sun.mkchen.com
     samba-3.0.10-1.4E.9

一、把linux加到AD域中

1、vi /etc/krb5.conf

主要修改如下幾部分


default_realm = MKCHEN.COM
dns_lookup_realm = true
dns_lookup_kdc = true


MKCHEN.COM = {
    kdc = 192.168.101.5:88
    kdc = 192.168.101.5
#    admin_server = kerberos.example.com:749
    default_domain = mkchen.com
    kdc = 192.168.101.5
}


.mkchen.com = MKCHEN.COM
mkchen.com = MKCHEN.COM


2、vi /etc/samba/smb.conf

修改如下幾點:



     workgroup = MKCHEN
     netbios name = sun.mkchen.com
     realm = MKCHEN.COM

     server string = Samba Server
     security = ads
     encrypt passwords = yes
    local master = no

     os level = 20

     domain master = no

     preferred master = no

     password server = 192.168.101.5
     winbind use default domain = yes
     winbind separator = +
     winbind enum users = yes
     winbind enum groups = yes
     template homedir = /home/%D
     template shell = /bin/bash

     idmap uid = 16777216-33554431
     idmap gid = 16777216-33554431
     template shell = /bin/bash

3、vi /etc/nsswitch.conf

修改如下部分:

passwd:       files winbind
shadow:       files winbind
group:        files winbind


啟動smb和winbind

service smb start
service winbind start

4、把linux加入ad

運行authconfig

選擇使用winbind,使用MD5口令,使用屏蔽口令,使用kerberos,使用smb驗證,使用winbind驗證。

按下一步查看kerberos設置
按下一步檢查winbind設置,選擇加入域,輸入帳號密碼,按確定
再按確定

這樣就把linux加入了ad

使用命令wbinfo -g
wbinfo -u 看能否取到AD的賬號和組


二、配置posftfix

    vi /etc/postfix/main.cf


    queue_directory = /var/spool/postfix

    command_directory = /usr/sbin

    daemon_directory = /usr/libexec/postfix

   mail_owner = postfix

   myhostname = sun.mkchen.com

   mydomain = mkchen.com

   myorigin = $mydomain

   inet_interfaces = all

   mydestination = $myhostname, localhost.$mydomain, localhost,$mydomain

   unknown_local_recipient_reject_code = 550

   mynetworks_style = subnet

   mynetworks = 192.168.101.0/24,127.0.0.0/8

   relay_domains = $mydestination

   alias_maps = hash:/etc/aliases

   alias_database = hash:/etc/aliases

   mail_spool_directory = /var/mail

   debug_peer_level = 2

   debugger_command =
           PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
           xxgdb $daemon_directory/$process_name $process_id & sleep 5

   sendmail_path = /usr/sbin/sendmail.postfix

   newaliases_path = /usr/bin/newaliases.postfix

   mailq_path = /usr/bin/mailq.postfix

   setgid_group = postdrop

   html_directory = no

   manpage_directory = /usr/share/man

sample_directory = /usr/share/doc/postfix-2.2.10/samples

readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $mydomain
smtp_sasl_auth_enable = yes


三、配置sasl驗證

ln -s /usr/lib/sasl2/smtp.conf /usr/local/lib/smtp.conf

vi /usr/local/lib/smtp.conf,內容如下

pwcheck_method: saslauthd
log_level:2
mech_list:PLAIN LOGIN


vi /etc/init.d/saslauthd

     把 MECH=shadow 改成    MECH=pam

啟動saslauthd

service saslauthd start


四、配置dovecot

vi /etc/dovecot.conf


protocols = pop3

pop3_listen = [::]

login_dir = /var/run/dovecot-login

login = pop3

default_mail_env = mbox:~/mail/%u/:INBOX=/var/mail/%u

mbox_locks = fcntl

auth = default

auth_mechanisms = plain

auth_userdb = passwd

auth_passdb = pam

auth_user = root

建立郵件目錄

mkdir -p /home/MKCHEN/mail

chown -R 777 /home/MKCHEN/mail

service dovecot start


五、配置pam認證

    分別編輯/etc/pam.d下的login,dovecot,smtp

加入如下三行


auth              sufficient        pam_winbind.so
account           sufficient        pam_winbind.so
password          sufficient        pam_winbind.so use_authtok

六、客戶端收發測試

客戶端用OE,使用AD的帳號收發郵件


以上是大致的配置過程,如有錯誤的地方,歡迎批評指正

[火星人 ] postfix+dovecot+saslauthd+samba+winbind+pam+AD (轉)已經有656次圍觀

http://coctec.com/docs/service/show-post-37386.html