Otu esi ahazi na jikọta ọrụ iRedMail na Samba4 AD DC - Nkebi 11
N'ime nkuzi a ga-amụta ka esi agbanwe iRedMail main daemons nke na-enye ọrụ ozi, otu, Samba4 Active Directory Domain Controller.
Site na ijikọ iRedMail na Samba4 AD DC ị ga-erite uru na njirimara ndị a: njirimara onye ọrụ, njikwa, na ọkwa site na Samba AD DC, mepụta ndepụta ozi site n'enyemaka nke otu AD na Global LDAP Address Book na Roundcube.
- Wụnye iRedMail na CentOS 7 maka njikọta Samba4 AD
Kwụpụ 1: Kwadebe sistemu iRedMail maka njikọta Sama4 AD
1. Na nzọụkwụ mbụ, ịkwesịrị ịnye adreesị IP static maka igwe gị ma ọ bụrụ na ị na-eji adreesị IP dị ike nke ihe nkesa DHCP nyere.
Gbaa nmtui-edit iwu megide NIC ziri ezi.
Jiri ohere mgbọrọgwụ gbaa nmtui-edit iwu.
# ifconfig # nmtui-edit eno16777736
2. Ozugbo e meghere netwọk netwọk maka edezi, gbakwunye ntọala IP kwesịrị ekwesị, jide n'aka na ị gbakwunye adreesị IP nke samba4 AD DC gị na aha ngalaba gị iji jụọ ebe ahụ site na igwe gị. Jiri nseta ihuenyo dị n'okpuru dịka ntuziaka.
3. Mgbe ị gụchara configuring netwọk interface, Malitegharịa ekwentị netwọk daemon itinye mgbanwe na inye a usoro nke ping iwu megide ngalaba aha na samba4 ngalaba controllers FQDNs.
# systemctl restart network.service # cat /etc/resolv.conf # verify DNS resolver configuration if the correct DNS servers IPs are queried for domain resolution # ping -c2 tecmint.lan # Ping domain name # ping -c2 adc1 # Ping first AD DC # ping -c2 adc2 # Ping second AD DC
4. Ọzọ, mekọrịta oge na samba ngalaba njikwa site na ịwụnye ngwugwu ntpdate na ajụjụ Samba4 igwe NTP nkesa site na ịnye iwu ndị a:
# yum install ntpdate # ntpdate -qu tecmint.lan # querry domain NTP servers # ntpdate tecmint.lan # Sync time with the domain
5. Ị nwere ike ịchọ ka emekọrịta oge mpaghara na ihe nkesa oge samba AD. Iji nweta ntọala a, gbakwunye ọrụ akwadoro ka ị na-agba ọsọ kwa elekere site na ịnye iwu crontab -e wee tinye ahịrị ndị a:
0 */1 * * * /usr/sbin/ntpdate tecmint.lan > /var/log/ntpdate.lan 2>&1
Kwụpụ 2: Kwadebe Samba4 AD DC maka njikọta iRedMail
6. Ugbu a, kwaga ebe a.
Mepee onye njikwa DNS, gaa na ngalaba nleba anya n'ihu wee gbakwunye ndekọ ọhụrụ, ndekọ MX na ndekọ PTR iji rụtụ aka na adreesị IP sistemụ iRedMail gị. Jiri nseta ihuenyo dị n'okpuru dịka ntuziaka.
Tinye ndekọ (dochie aha na adreesị IP nke igwe iRedMail otu a).
Tinye ndekọ MX (hapụ ngalaba ụmụaka ohere ma tinye ihe dị mkpa 10 maka nkesa ozi a).
Tinye ndekọ PTR site na ịgbasawanye na Mpaghara Nchọgharị (dochie adreesị IP nke sava iRedMail n'otu aka ahụ). Ọ bụrụ na ị hazieghị mpaghara mgbagha maka onye na-ahụ maka ngalaba gị ruo ugbu a, gụọ nkuzi a:
- Jikwaa Samba4 DNS Otu amụma si Windows
7. Mgbe ị gbakwunyere ihe ndekọ DNS ndị bụ isi nke na-eme ka ihe nkesa ozi na-arụ ọrụ nke ọma, gaa na igwe iRedMail, wụnye ngwugwu bind-utils ma jụọ ndekọ akwụkwọ ozi agbakwunyere ọhụrụ dị ka a tụrụ aro na n'okpuru ebe a.
Samba4 AD DC nkesa DNS kwesịrị ịzaghachi na ndekọ DNS agbakwunyere na nzọụkwụ gara aga.
# yum install bind-utils # host tecmint.lan # host mail.tecmint.lan # host 192.168.1.245
Site na igwe Windows, mepee windo Command Prompt wee nye iwu nslookup megide ndekọ ihe nkesa ozi dị n'elu.
8. Dị ka ihe ikpeazụ tupu ihe a chọrọ, mepụta akaụntụ onye ọrụ ọhụrụ nwere obere ohere na Samba4 AD DC na aha vmail, họrọ paswọọdụ siri ike maka onye ọrụ a ma jide n'aka na paswọọdụ maka onye ọrụ a agaghị agwụ.
Ndị ọrụ iRedMail ga-eji akaụntụ onye ọrụ vmail wee jụọ Samba4 AD DC LDAP nchekwa data wee dọpụta akaụntụ email ahụ.
Iji mepụta akaụntụ vmail ahụ, jiri ADUC eserese eserese sitere na igwe Windows jikọtara ya na mpaghara yana ngwa RSAT arụnyere dị ka egosipụtara na nseta ihuenyo dị n'okpuru ma ọ bụ jiri akara iwu samba-tool ozugbo sitere na ngalaba njikwa dịka akọwara n'isiokwu na-esonụ.
- Jikwaa Samba4 Active Directory si Linux Command Line
N'ime ntuziaka a, anyị ga-eji usoro mbụ a kpọtụrụ aha n'elu.
9. Site na usoro iRedMail, nwalee ike onye ọrụ vmail ịjụ Samba4 AD DC LDAP nchekwa data site n'inye iwu dị n'okpuru. Nsonaazụ eweghachi kwesịrị ịbụ ọnụọgụ ihe ndenye maka ngalaba gị dị ka egosiri na nseta ihuenyo dị n'okpuru.
# ldapsearch -x -h tecmint.lan -D '[email ' -W -b 'cn=users,dc=tecmint,dc=lan'
Mara: Dochie ngalaba aha na LDAP base dn na Samba4 AD ('cn=users,dc=tecint,dc=lan') ya mere.
Kwụpụ 3: Jikọta ọrụ iRedMail na Samba4 AD DC
10. Ugbu a ọ bụ oge iji mebie ọrụ iRedMail (Postfix, Dovecot na Roundcube) iji jụọ Samba4 Domain Controller maka akaụntụ mail.
Ọrụ mbụ a ga-agbanwe ga-abụ onye nnọchi anya MTA, Postfix. Nye iwu ndị a iji gbanyụọ usoro ntọala MTA, tinye aha ngalaba gị na ngalaba Postfix na ngalaba igbe ozi wee jiri onye nnọchi anya Dovecot na-ebuga ozi ndị anatara na mpaghara na igbe ozi onye ọrụ.
# postconf -e virtual_alias_maps=' ' # postconf -e sender_bcc_maps=' ' # postconf -e recipient_bcc_maps= ' ' # postconf -e relay_domains=' ' # postconf -e relay_recipient_maps=' ' # postconf -e sender_dependent_relayhost_maps=' ' # postconf -e smtpd_sasl_local_domain='tecmint.lan' #Replace with your own domain # postconf -e virtual_mailbox_domains='tecmint.lan' #Replace with your own domain # postconf -e transport_maps='hash:/etc/postfix/transport' # postconf -e smtpd_sender_login_maps='proxy:ldap:/etc/postfix/ad_sender_login_maps.cf' # Check SMTP senders # postconf -e virtual_mailbox_maps='proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf' # Check local mail accounts # postconf -e virtual_alias_maps='proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf' # Check local mail lists # cp /etc/postfix/transport /etc/postfix/transport.backup # Backup transport conf file # echo "tecmint.lan dovecot" > /etc/postfix/transport # Add your domain with dovecot transport # cat /etc/postfix/transport # Verify transport file # postmap hash:/etc/postfix/transport
11. Ọzọ, mepụta Postfix /etc/postfix/ad_sender_login_maps.cf faịlụ nhazi na nchịkọta ederede ọkacha mmasị gị wee tinye nhazi n'okpuru.
server_host = tecmint.lan server_port = 389 version = 3 bind = yes start_tls = no bind_dn = [email bind_pw = ad_vmail_account_password search_base = dc=tecmint,dc=lan scope = sub query_filter = (&(userPrincipalName=%s)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) result_attribute= userPrincipalName debuglevel = 0
12. Mepụta /etc/postfix/ad_virtual_mailbox_maps.cf na nhazi ndị a.
server_host = tecmint.lan server_port = 389 version = 3 bind = yes start_tls = no bind_dn = [email bind_pw = ad_vmail_account_password search_base = dc=tecmint,dc=lan scope = sub query_filter = (&(objectclass=person)(userPrincipalName=%s)) result_attribute= userPrincipalName result_format = %d/%u/Maildir/ debuglevel = 0
13. Mepụta /etc/postfix/ad_virtual_group_maps.cf na nhazi dị n'okpuru.
server_host = tecmint.lan server_port = 389 version = 3 bind = yes start_tls = no bind_dn = [email bind_pw = ad_vmail_account_password search_base = dc=tecmint,dc=lan scope = sub query_filter = (&(objectClass=group)(mail=%s)) special_result_attribute = member leaf_result_attribute = mail result_attribute= userPrincipalName debuglevel = 0
Na faịlụ nhazi atọ niile dochie ụkpụrụ sitere na server_host, bind_dn, bind_pw na search_base iji gosipụta ntọala omenala ngalaba nke gị.
14. Ọzọ, mepee faịlụ nhazi isi Postfix wee chọọ ma gbanyụọ iRedAPD check_policy_service na smtpd_end_of_data_restrictions site n'ịgbakwunye okwu # n'ihu ahịrị ndị a.
# nano /etc/postfix/main.cf
Kwuo ahịrị ndị a:
#check_policy_service inet:127.0.0.1:7777 #smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
15. Ugbu a, nyochaa Postfix na-ejikọta na Samba AD site na iji onye ọrụ ngalaba na ngalaba ngalaba site na ịnye usoro ajụjụ dị iche iche dị ka e gosipụtara na ihe atụ ndị a.
Nsonaazụ kwesịrị ịdị ka nke egosiri na nseta ihuenyo dị n'okpuru.
# postmap -q [email ldap:/etc/postfix/ad_virtual_mailbox_maps.cf # postmap -q [email ldap:/etc/postfix/ad_sender_login_maps.cf # postmap -q [email ldap:/etc/postfix/ad_virtual_group_maps.cf
Dochie onye ọrụ AD na akaụntụ otu otu ya. Ọzọkwa, jide n'aka na otu AD ị na-eji nwere ụfọdụ ndị ọrụ AD ekenyere ya.
16. Na nzọụkwụ ọzọ gbanwee Dovecot nhazi faịlụ iji jụọ Samba4 AD DC. Mepee faịlụ /etc/dovecot/dovecot-ldap.conf maka ndezi ma tinye ahịrị ndị a.
hosts = tecmint.lan:389 ldap_version = 3 auth_bind = yes dn = [email .lan dnpass = ad_vmail_password base = dc=tecmint,dc=lan scope = subtree deref = never user_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) pass_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) pass_attrs = userPassword=password default_pass_scheme = CRYPT user_attrs = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/
A ga-echekwa igbe ozi nke akaụntụ Samba4 AD na /var/vmail/vmail1/your_domain.tld/your_domain_user/Maildir/ ọnọdụ na sistemụ Linux.
17. Jide n'aka na-akwado pop3 na imap protocos na dovecot isi nhazi faịlụ. Nyochaa ma akwadokwara ntinye na acl mail plugins site na imepe faịlụ /etc/dovecot/dovecot.conf wee lelee ma ụkpụrụ ndị a dị.
18. Nhọrọ, ma ọ bụrụ na ị chọrọ ka a zuru ụwa ọnụ ike oke ka ọ ghara gafere kacha nke 500 MB nke nchekwa maka onye ọ bụla na ngalaba ọrụ, tinye na-esonụ akara na /etc/dovecot/dovecot.conf faịlụ.
quota_rule = *:storage=500M
19. N'ikpeazụ, iji tinye mgbanwe niile emere ka ọ dị ugbu a, malitegharịa ma nyochaa ọnọdụ Postfix na Dovecot daemons site n'inye iwu ndị dị n'okpuru na ikike mgbọrọgwụ.
# systemctl restart postfix dovecot # systemctl status postfix dovecot
20. Iji nwalee nhazi ihe nkesa ozi site na ahịrị iwu site na iji IMAP protocol jiri telnet ma ọ bụ iwu netcat dị ka ewepụtara na ihe atụ dị n'okpuru.
# nc localhost 143 a1 LOGIN [email _domain.tld ad_user_password a2 LIST “” “*” a3 LOGOUT
Ọ bụrụ na ị nwere ike ime nbanye IMAP site na ahịrị iwu na akaụntụ onye ọrụ Samba4 mgbe ahụ iRedMail nkesa dị ka ọ dị njikere iziga na ịnata ozi maka akaụntụ Active Directory.
Na nkuzi na-esote ga-atụle otu esi ejikọta Roundcube webmail na Samba4 AD DC wee mee ka Global LDAP Address Book, hazie Roudcube, nweta Roundcube web interface site na ihe nchọgharị wee gbanyụọ ụfọdụ ọrụ iRedMail na-adịghị mkpa.