CentOS 6.0 Postfix 整合 Windows2008 AD 與即時通訊錄
CentOS 6.0
——————————————————————————————
yum install 下列元件
samba
samba-winbind
krb5
pam
oddjob
postfix
dovecot
saslauthd
——————————————————————————————
CentOS 6.0 網路設定完畢後
vi /etc/hosts
vi /etc/resole.conf
service iptables stop
service ip6tables stop
chkconfig iptables off
chkconfig ip6tables off
X-Windows > 系統 > 管理 > SELinux 管理 > 停用
X-Windows > 系統 > 管理 > 認證 > 設定完 > 套用
——————————————————————————————
設定 Samba and Winbind
vi /etc/samba/smb.conf
[global]
netbios name = cs6
workgroup = aaazzz
realm = AAAZZZ.COM
security = ads
encrypt passwords = yes
password server = ad8.aaazzz.com
wins server = 172.16.1.11
winbind use default domain = yes
winbind offline logon = false
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 300
idmap uid = 100000 – 200000
idmap gid = 100000 – 200000
template homedir = /home/%D/%U
template shell = /bin/bash
obey pam restrictions = yes
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = MYDOMAIN\%S
——————————————————————————————
/etc/pam.d/…
/etc/nsswitch.conf
/etc/login.defs
都預設未更改
——————————————————————————————
設定 Kerberos 只更動紅字部分其他預設
vi /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = AAAZZZ.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
AAAZZZ.COM = {
kdc = AD8.AAAZZZ.COM
admin_server = AD8.AAAZZZ.COM
}
[domain_realm]
.aaazzz.com = AAAZZZ.COM
aaazzz.com = AAAZZZ.COM
——————————————————————————————
vi /var/kerberos/krb5kdc/kadm5.acl
*/administrator@AAAZZZ.COM *
——————————————————————————————
vi /var/kerberos/krb5kdc/kdc.conf
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88
[realms]
AAAZZZ.COM = {
#master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
}
——————————————————————————————
設定 Dovecot
vi /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = yes
auth_mechanisms = plain
!include auth-system.conf.ext
——————————————————————————————
vi /etc/dovecot/conf.d/auth-system.conf.ext
passdb {
driver = pam
}
userdb {
}
——————————————————————————————
vi /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir
——————————————————————————————
Postfix 基本設定外加入以下設定
vi /etc/postfix/main.cf
home_mailbox = Maildir/
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
——————————————————————————————
設定完畢啟動服務
service smb restart
service winbind restart
service oddjobd restart
service postfix restart
service dovecot restart
service saslauthd restart
chkconfig smb on
chkconfig winbind on
chkconfig oddjobd on
chkconfig postfix on
chkconfig dovecot on
chkconfig saslauthd on
——————————————————————————————
加入網域並取得Kerberos憑證 (Windows2008網域須先建立)
kinit administrator@AAA.ZZZ
klist 查看憑證
net ads join -U administrator 加入網域 (查看AD有無加入cs6 Computer) 
——————————————————————————————
取得網域使用者帳號
wbinfo -u
getent passwd (必須要出現網域使用者帳號)
——————————————————————————————
Windows2008 AD (DNS + WINS皆已安裝)
打開 Active Directory 使用者和電腦 > 檢視 > 進階功能
隨意建立一使用者後於該使用者右鍵內容 > 屬性編輯器
DisplayName > 輸入想要在通訊錄上顯示的名字
mail > 填入email
——————————————————————————————
Outlook 2003 or 2010
新增目錄或通訊錄 > 網際網路目錄服務(LDAP)
(Outlook 2010 啟用瀏覽功能打勾 )
開啟通訊錄即能顯示即時通訊錄
——————————————————————————————
因 Dovecot 自動建立家目錄未搞定
所以須先由使用者電腦連結至 CentOS Server (\\CentOS_server) 後會自動建立家目錄
或在 Windows 2008 GPO 設定使用者登入時建立網路磁碟機
net use z: \\cs6\public (smb.conf 須設定)
net use y: \\cs6\%username%
破的記事本 Blog 