|
To make my pop3 e-mail server authenticate against my windows 2003
domain controller so people's e-mail accounts and people's domain
logins will be the same, here it is. This is only the authentication
how-to, to setup the pop3 server on fedora follow the 'pop3 Server On
Fedora with IlohaMail'.
Name: PAM
HomePage: http://www.kernel.org/pub/linux/libs/pam/
Function: Linux-PAM (Pluggable Authentication Modules for Linux)
Name: Samba
HomePage: http://www.samba.org/
Function: Samba is a suite of programs that enables interoperability between Linux/Unix servers and Windows client
1. Stop both winbind and samba services
/etc/init.d/smb stop
/etc/init.d/winbind stop
2. Edit Kerberos files to have the right configuration
/etc/krb5.conf krb5.conf:
[libdefaults]
default_realm = WINDOWS.SERVER.INT
[realms]
WINDOWS.SERVER.INT = {
kdc = mc1.windows.server.int
default_domain = WINDOWS.SERVER.INT
kpasswd_server = mc1.windows.server.int
admin_server = mc1.windows.server.int
}
[domain_realm]
.windows.server.int = WINDOWS.SERVER.INT
|
3. Edit Samba files to have the right configuration
/etc/samba/smb.conf
smb.conf:
workgroup = server
security = ads
realm = WINDOWS.SERVER.INT
encrypt passwords = yes
username map = /etc/samba/smbusers
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
|
4. Now it's time to join the domain
net ads join -U administrator -S mc1
5. Now it's time to start both winbind and samba services
/etc/init.d/smb start
/etc/init.d/winbind start
6. Now hopefully all that went well, to test it out lets try this comand
/usr/bin/wbinfo -g
this should display all the groups in your active directory structure.
7. Now we have to get the pop3 service to Authenticate against Active Directories, and we'll do that by editing the pam (Pluggable authentication module) module.
8. So we edit the /etc/pam.d/pop3 file, in the /etc/pam.d/ folder you will see various files all of these are pam modules for a service. eg: samba, pop, imap, etc.
9. Now change the nsswitch.conf nano /etc/nsswitch.conf
from nsswitch.conf:
passwd: files
shadow: files
group: files |
to
nsswitch.conf:
passwd: files winbind
shadow: files winbind
group: files winbind
|
10. The best way I have found to understand pam is to use the webmin module (webmin is a great Linux tool found at www.webmin.com) but for now I’ll just give you the pam module i have used.
nano /etc/pam.d/dovecot
dovecot:
#%PAM-1.0
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required pam_listfile.so onerr=fail file=/etc/postfix/usernames item=user sense=allow
auth sufficient pam_winbind.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_localuser.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
auth required /lib/security/$ISA/pam_deny.so
|
BookMarking:
cell1
|
|
cell3 |
|
cell4
|
|
Trouble Shooting:
Go to the wiki page
Go to the 'Contact Us ' Forum
Go to the how-to's Support Forum
External Links:
http://www.samba.org |
