Chinaunix首页 | 论坛 | 博客
  • 博客访问: 135887
  • 博文数量: 58
  • 博客积分: 1411
  • 博客等级: 上尉
  • 技术积分: 750
  • 用 户 组: 普通用户
  • 注册时间: 2006-03-25 11:41
文章分类
文章存档

2010年(20)

2009年(37)

2008年(1)

我的朋友

分类:

2010-01-20 10:08:21

原理:postfix用来做smtp,dovecot做pop
saslauthd用来做smtp验证。
大致验证过程如下:postfix和dovecot把帐号交给saslauthd,saslauthd把账号交给pam,pam通过samba和 winbind联系AD

环境:

windows: windows 2003
           IP 192.168.101.5
           hostname win2003.mkchen.com
           配置DNS,建立mkchen.com域

linux:          centos4.4
           IP 192.168.0.1
           hostname sun.mkchen.com
           samba-3.0.10-1.4E.9

一、把linux加到AD中

1、vi /etc/krb5.conf

主要修改如下几部分

[libdefaults]
default_realm = MKCHEN.COM
dns_lookup_realm = true
dns_lookup_kdc = true

[realms]
MKCHEN.COM = {
          kdc = 192.168.101.5:88
          kdc = 192.168.101.5
#          admin_server = kerberos.example.com:749
          default_domain = mkchen.com
   }

[domain_realm]
.mkchen.com = MKCHEN.COM
mkchen.com = MKCHEN.COM


2、vi /etc/samba/smb.conf

修改如下几点:

[global]

           workgroup = MKCHEN
           netbios name = sun.mkchen.com
           realm = MKCHEN.COM

           server string = Samba Server
           security = ads
           encrypt passwords = yes
          local master = no

           os level = 20

           domain master = no

           preferred master = no

           password server = 192.168.101.5
           winbind use default domain = yes              //帐号前不会出现domain+        这种前缀
           winbind separator = +
           winbind enum users = yes
           winbind enum groups = yes
           template homedir = /home/%D
           template shell = /bin/bash

           idmap uid = 16777216-33554431
           idmap gid = 16777216-33554431
           template shell = /bin/bash

3、vi /etc/nsswitch.conf

修改如下部分:

passwd:             files winbind
shadow:             files winbind
group:              files winbind


启动smb和winbind

service smb start
service winbind start

4、把linux加入ad

运行authconfig

选择使用winbind,使用MD5口令,使用屏蔽口令,使用kerberos,使用smb验证,使用 winbind验证。

按下一步查看kerberos设置
按下一步检查winbind设置,选择加入域,输入帐号密码,按确定
再按确定

这样就把linux加入了ad

使用命令wbinfo -g
wbinfo -u 看能否取到AD的账号和组


二、配置posftfix

          vi /etc/postfix/main.cf


          queue_directory = /var/spool/postfix

          command_directory = /usr/sbin

          daemon_directory = /usr/libexec/postfix

         mail_owner = postfix

         myhostname = sun.mkchen.com

         mydomain = mkchen.com

         myorigin = $mydomain

         inet_interfaces = all

         mydestination = $myhostname, localhost.$mydomain, localhost,$mydomain

         unknown_local_recipient_reject_code = 550

         mynetworks_style = subnet

         mynetworks = 192.168.101.0/24,127.0.0.0/8

         relay_domains = $mydestination

         alias_maps = hash:/etc/aliases

         alias_database = hash:/etc/aliases

         mail_spool_directory = /var/mail

         debug_peer_level = 2

         debugger_command =
                 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
                 xxgdb $daemon_directory/$process_name $process_id & sleep 5

         sendmail_path = /usr/sbin/sendmail.postfix

         newaliases_path = /usr/bin/newaliases.postfix

         mailq_path = /usr/bin/mailq.postfix

         setgid_group = postdrop

         html_directory = no

         manpage_directory = /usr/share/man

sample_directory = /usr/share/doc/postfix-2.2.10/samples

readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $mydomain


三、配置sasl验证

ln -s /usr/lib/sasl2/smtpd.conf /usr/local/lib/smtpd.conf

vi /usr/local/lib/smtpd.conf,内容如下

pwcheck_method: saslauthd
log_level:2
mech_list:PLAIN LOGIN


vi /etc/init.d/saslauthd

vi /etc/sysconfig/saslauthd

           把 MECH=shadow 改成          MECH=pam

启动saslauthd

service saslauthd start


四、配置dovecot

vi /etc/dovecot.conf


protocols = pop3

pop3_listen = [::]

login_dir = /var/run/dovecot-login

login = pop3

default_mail_env = mbox:~/mail/%u/:INBOX=/var/mail/%u

mbox_locks = fcntl

auth = default

auth_mechanisms = plain

auth_userdb = passwd

auth_passdb = pam

auth_user = root

建立邮件目录

mkdir -p /home/MKCHEN/mail

chown -R 777 /home/MKCHEN/mail

service dovecot start


五、配置pam认证

          分别编辑/etc/pam.d下的login,dovecot,smtp

加入如下三行


auth                    sufficient              pam_winbind.so
account                 sufficient              pam_winbind.so
password                sufficient              pam_winbind.so use_authtok

六、客户端登录测试

客户端用OE,使用AD的帐号收发邮件

阅读(905) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~