Bii o ṣe le Tunto ati ṣepọ Awọn iṣẹ iRedMail si Samba4 AD DC - Apá 11
Ninu ẹkọ yii yoo kọ bi a ṣe le yipada awọn daemons akọkọ iRedMail eyiti o pese awọn iṣẹ meeli, lẹsẹsẹ, Samba4 Active Directory Domain Controller.
Nipa sisopọ iRedMail si Samba4 AD DC iwọ yoo ni anfani lati awọn ẹya wọnyi: ijẹrisi olumulo, iṣakoso, ati ipo nipasẹ Samba AD DC, ṣẹda awọn atokọ meeli pẹlu iranlọwọ ti awọn ẹgbẹ AD ati Global LDAP Adirẹsi Iwe ni Roundcube.
- Fi iRedMail sori CentOS 7 fun Samba4 AD Integration
Igbesẹ 1: Mura System iRedMail fun Sama4 AD Integration
1. Ni igbesẹ akọkọ, o nilo lati fi adiresi IP aimi fun ẹrọ rẹ si ọran ti o nlo adiresi IP ti o ni agbara ti a pese nipasẹ olupin DHCP kan.
Ṣiṣe aṣẹ nmtui-satunkọ lodi si NIC ti o tọ.
Ṣiṣe aṣẹ nmtui-satunkọ pẹlu awọn anfaani root.
# ifconfig # nmtui-edit eno16777736
2. Lọgan ti a ti ṣii wiwo nẹtiwọọki fun ṣiṣatunkọ, ṣafikun awọn eto IP aimi to dara, rii daju pe o ṣafikun awọn adirẹsi DNS awọn olupin IP ti Samba4 AD DC rẹ ati orukọ agbegbe rẹ lati le beere ijọba lati ẹrọ rẹ. Lo sikirinifoto ti o wa ni isalẹ bi itọsọna kan.
3. Lẹhin ti o pari tito leto ni wiwo nẹtiwọọki, tun bẹrẹ daemon nẹtiwọọki lati lo awọn ayipada ati gbejade lẹsẹsẹ awọn aṣẹ pingi si orukọ ìkápá ati awọn oluṣakoso ašẹ samba4 FQDNs.
# systemctl restart network.service # cat /etc/resolv.conf # verify DNS resolver configuration if the correct DNS servers IPs are queried for domain resolution # ping -c2 tecmint.lan # Ping domain name # ping -c2 adc1 # Ping first AD DC # ping -c2 adc2 # Ping second AD DC
4. Itele, muṣiṣẹpọ akoko pẹlu oludari ašẹ samba nipa fifi package ntpdate sii ati ibeere olupin olupin Samba4 NTP nipa ipinfunni awọn ofin isalẹ:
# yum install ntpdate # ntpdate -qu tecmint.lan # querry domain NTP servers # ntpdate tecmint.lan # Sync time with the domain
5. O le fẹ akoko agbegbe lati muuṣiṣẹpọ laifọwọyi pẹlu olupin akoko samba AD. Lati le ṣaṣeyọri eto yii, ṣafikun iṣẹ ṣiṣe eto lati ṣiṣẹ ni gbogbo wakati nipasẹ ipinfunni aṣẹ crontab -e ki o fi ila si atẹle naa:
0 */1 * * * /usr/sbin/ntpdate tecmint.lan > /var/log/ntpdate.lan 2>&1
Igbesẹ 2: Mura Samba4 AD DC fun Irẹpọ iRedMail
6. Bayi, gbe si ibi kan.
Ṣii Oluṣakoso DNS, lọ si agbegbe rẹ Awọn agbegbe Lookup siwaju ki o ṣafikun igbasilẹ A tuntun, igbasilẹ MX ati igbasilẹ PTR kan lati tọka si adiresi IP iRedMail rẹ. Lo awọn sikirinisoti isalẹ bi itọsọna.
Ṣafikun Igbasilẹ kan (rọpo orukọ ati Adirẹsi IP ti ẹrọ iRedMail ni ibamu).
Ṣafikun igbasilẹ MX (fi aaye ọmọ silẹ ni ofo ati ṣafikun ipo 10 fun olupin meeli yii).
Ṣafikun igbasilẹ PTR nipasẹ fifẹ si Awọn agbegbe Iparaku Yiyipada (rọpo adirẹsi IP ti olupin iRedMail ni ibamu). Ni ọran ti o ko ba tunto agbegbe idakeji fun oludari agbegbe rẹ titi di isisiyi, ka ikẹkọ atẹle:
- Ṣakoso Samba4 DNS Afihan Ẹgbẹ lati Windows
7. Lẹhin ti o ti ṣafikun awọn igbasilẹ DNS ipilẹ eyiti o ṣe olupin meeli lati ṣiṣẹ daradara, gbe si ẹrọ iRedMail, fi sori ẹrọ package-utils package ati beere awọn igbasilẹ meeli tuntun ti a ṣafikun bi a ti daba lori abala isalẹ.
Olupin DNS DNS Samba4 AD DC yẹ ki o dahun pẹlu awọn igbasilẹ DNS ti a ṣafikun ni igbesẹ ti tẹlẹ.
# yum install bind-utils # host tecmint.lan # host mail.tecmint.lan # host 192.168.1.245
Lati inu ẹrọ Windows kan, ṣii window Tọ Ọsẹ kan ki o gbejade aṣẹ nslookup lodi si awọn igbasilẹ olupin meeli ti o wa loke.
8. Gẹgẹbi ibeere-tẹlẹ ti ikẹhin, ṣẹda akọọlẹ olumulo tuntun pẹlu awọn anfani ti o kere ju ni Samba4 AD DC pẹlu orukọ vmail, yan ọrọ igbaniwọle ti o lagbara fun olumulo yii ati rii daju pe ọrọ igbaniwọle fun olumulo yii ko pari.
Iwe apamọ olumulo vmail naa ni yoo lo nipasẹ awọn iṣẹ iRedMail lati beere ibi ipamọ data Samba4 AD DC LDAP ki o fa awọn iroyin imeeli naa.
Lati ṣẹda iwe apamọ vmail, lo ohun elo ayaworan ADUC lati inu ẹrọ Windows kan ti o darapọ mọ ijọba pẹlu awọn irinṣẹ RSAT ti a fi sii bi a ṣe ṣalaye lori awọn sikirinisoti isalẹ tabi lo laini aṣẹ samba-tool taara lati ọdọ oluṣakoso agbegbe kan gẹgẹbi a ti ṣalaye lori akọle atẹle.
- Ṣakoso Samba4 Ilana Itọsọna lati Laini Commandfin Lainos
Ninu itọsọna yii, a yoo lo ọna akọkọ ti a mẹnuba loke.
9. Lati eto iRedMail, ṣe idanwo agbara olumulo vmail lati beere ibeere data Samba4 AD DC LDAP nipasẹ ipinfunni aṣẹ isalẹ. Abajade ti o pada yẹ ki o jẹ nọmba lapapọ ti awọn titẹ sii ohun fun agbegbe rẹ bi a ṣe ṣalaye lori awọn sikirinisoti isalẹ.
# ldapsearch -x -h tecmint.lan -D '[email ' -W -b 'cn=users,dc=tecmint,dc=lan'
Akiyesi: Rọpo orukọ ìkápá naa ati ipilẹ LDAP dn ni Samba4 AD ('cn = awọn olumulo, dc = tecmint, dc = lan') ni ibamu.
Igbesẹ 3: Ṣepọ Awọn Iṣẹ iRedMail si Samba4 AD DC
10. Bayi o to akoko lati fi ọwọ kan awọn iṣẹ iRedMail (Postfix, Dovecot ati Roundcube) lati le beere Samba4 Oluṣakoso ase fun awọn iroyin meeli.
Iṣẹ akọkọ lati ṣe atunṣe yoo jẹ oluranlowo MTA, Postfix. Ṣe awọn ofin wọnyi lati mu lẹsẹsẹ awọn eto MTA, ṣafikun orukọ ibugbe rẹ si ifiweranṣẹ agbegbe Postfix ati awọn ibugbe apoti leta ati lo oluranlowo Dovecot lati firanṣẹ awọn leta ti o gba ni agbegbe si awọn apoti leta olumulo.
# postconf -e virtual_alias_maps=' ' # postconf -e sender_bcc_maps=' ' # postconf -e recipient_bcc_maps= ' ' # postconf -e relay_domains=' ' # postconf -e relay_recipient_maps=' ' # postconf -e sender_dependent_relayhost_maps=' ' # postconf -e smtpd_sasl_local_domain='tecmint.lan' #Replace with your own domain # postconf -e virtual_mailbox_domains='tecmint.lan' #Replace with your own domain # postconf -e transport_maps='hash:/etc/postfix/transport' # postconf -e smtpd_sender_login_maps='proxy:ldap:/etc/postfix/ad_sender_login_maps.cf' # Check SMTP senders # postconf -e virtual_mailbox_maps='proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf' # Check local mail accounts # postconf -e virtual_alias_maps='proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf' # Check local mail lists # cp /etc/postfix/transport /etc/postfix/transport.backup # Backup transport conf file # echo "tecmint.lan dovecot" > /etc/postfix/transport # Add your domain with dovecot transport # cat /etc/postfix/transport # Verify transport file # postmap hash:/etc/postfix/transport
11. Nigbamii, ṣẹda Postfix /etc/postfix/ad_sender_login_maps.cf faili iṣeto pẹlu oluṣatunkọ ọrọ ayanfẹ rẹ ati ṣafikun iṣeto isalẹ.
server_host = tecmint.lan server_port = 389 version = 3 bind = yes start_tls = no bind_dn = [email bind_pw = ad_vmail_account_password search_base = dc=tecmint,dc=lan scope = sub query_filter = (&(userPrincipalName=%s)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) result_attribute= userPrincipalName debuglevel = 0
12. Ṣẹda /etc/postfix/ad_virtual_mailbox_maps.cf pẹlu iṣeto atẹle.
server_host = tecmint.lan server_port = 389 version = 3 bind = yes start_tls = no bind_dn = [email bind_pw = ad_vmail_account_password search_base = dc=tecmint,dc=lan scope = sub query_filter = (&(objectclass=person)(userPrincipalName=%s)) result_attribute= userPrincipalName result_format = %d/%u/Maildir/ debuglevel = 0
13. Ṣẹda /etc/postfix/ad_virtual_group_maps.cf pẹlu iṣeto ni isalẹ.
server_host = tecmint.lan server_port = 389 version = 3 bind = yes start_tls = no bind_dn = [email bind_pw = ad_vmail_account_password search_base = dc=tecmint,dc=lan scope = sub query_filter = (&(objectClass=group)(mail=%s)) special_result_attribute = member leaf_result_attribute = mail result_attribute= userPrincipalName debuglevel = 0
Lori gbogbo awọn faili iṣeto mẹta rọpo awọn iye lati server_host, bind_dn, bind_pw ati search_base lati ṣe afihan awọn eto aṣa aṣa tirẹ.
14. Nigbamii, ṣii faili iṣeto akọkọ ti Postfix ki o wa ki o mu iRedAPD check_policy_service ṣiṣẹ ati smtpd_end_of_data_restrics nipasẹ fifi asọye kan kun # ni iwaju awọn ila wọnyi.
# nano /etc/postfix/main.cf
Ọrọìwòye awọn ila wọnyi:
#check_policy_service inet:127.0.0.1:7777 #smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
15. Nisisiyi, ṣayẹwo ijẹrisi Postfix si Samba AD nipa lilo oluṣe ašẹ ti o wa tẹlẹ ati ẹgbẹ-ašẹ kan nipa fifiranṣẹ lẹsẹsẹ awọn ibeere bi a ti gbekalẹ ninu awọn apẹẹrẹ atẹle.
Abajade yẹ ki o jẹ iru bi a ṣe ṣalaye lori sikirinifoto iboju.
# postmap -q [email ldap:/etc/postfix/ad_virtual_mailbox_maps.cf # postmap -q [email ldap:/etc/postfix/ad_sender_login_maps.cf # postmap -q [email ldap:/etc/postfix/ad_virtual_group_maps.cf
Rọpo olumulo AD ati awọn iroyin ẹgbẹ ni ibamu. Pẹlupẹlu, ṣe idaniloju pe ẹgbẹ AD ti o nlo ni diẹ ninu awọn ọmọ ẹgbẹ AD awọn ọmọ ẹgbẹ ti a fi si.
16. Ni igbesẹ ti n tẹle yi faili atunto Dovecot lati le beere lọwọ Samba4 AD DC. Ṣii faili /etc/dovecot/dovecot-ldap.conf fun ṣiṣatunkọ ati ṣafikun awọn ila wọnyi.
hosts = tecmint.lan:389 ldap_version = 3 auth_bind = yes dn = [email dnpass = ad_vmail_password base = dc=tecmint,dc=lan scope = subtree deref = never user_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) pass_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) pass_attrs = userPassword=password default_pass_scheme = CRYPT user_attrs = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/
Apoti leta ti iroyin Samba4 AD yoo wa ni fipamọ ni /var/vmail/vmail1/your_domain.tld/your_domain_user/Maildir/ ipo lori eto Linux.
17. Rii daju pe pop3 ati awọn ilana imap ti ṣiṣẹ ni dovecot faili iṣeto akọkọ. Ṣayẹwo ti o ba jẹ pe ipin ati awọn afikun meeli acl tun ṣiṣẹ nipasẹ ṣiṣi faili /etc/dovecot/dovecot.conf ki o ṣayẹwo boya awọn iye wọnyi wa.
18. Ni yiyan, ti o ba fẹ ṣeto ipin lile agbaye lati ma kọja o pọju ti 500 MB ti ipamọ fun olumulo alakọkọ kọọkan, ṣafikun laini atẹle ni faili /etc/dovecot/dovecot.conf.
quota_rule = *:storage=500M
19. Lakotan, lati lo gbogbo awọn ayipada ti a ṣe bẹ, tun bẹrẹ ati ṣayẹwo ipo ti Postfix ati awọn daemons Dovecot nipa gbigbejade awọn ofin isalẹ pẹlu awọn anfani root.
# systemctl restart postfix dovecot # systemctl status postfix dovecot
20. Lati le ṣe idanwo iṣeto olupin olupin lati laini aṣẹ ni lilo ilana IMAP lo telnet tabi aṣẹ netcat bi a ti gbekalẹ ninu apẹẹrẹ isalẹ.
# nc localhost 143 a1 LOGIN [email _domain.tld ad_user_password a2 LIST “” “*” a3 LOGOUT
Ti o ba le ṣe iwọle IMAP lati laini aṣẹ pẹlu iroyin olumulo Samba4 lẹhinna olupin iRedMail dabi pe o ti ṣetan lati firanṣẹ ati gba meeli fun awọn iroyin Itọsọna Iroyin.
Lori ẹkọ ti nbọ yoo jiroro bii a ṣe le ṣepọ Roundcube webmail pẹlu Samba4 AD DC ati mu Iwe Adirẹsi LDAP Global ṣiṣẹ, ṣe akanṣe Roudcube, wọle si Roundcube oju opo wẹẹbu lati ẹrọ lilọ kiri ayelujara kan ati mu diẹ ninu awọn iṣẹ iRedMail ti ko wulo.