Shulou(Shulou.com)06/01 Report--

This article mainly shows you "how to configure and integrate iRedMail services into Samba4 AD DC", the content is easy to understand, clear, hope to help you solve your doubts, the following let the editor lead you to study and learn "how to configure and integrate iRedMail services into Samba4 AD DC" this article.

Integrate iRedMail into Samba4 AD DC and you will get the following benefits: getting user authentication, management, and status through Samba AD DC, and creating mailing lists with the help of the global LDAP address book in AD groups and Roundcube.

Request

Install iRedMail for Samba4 AD integration in CentOS 7

* * step: prepare the iRedMail system for Samba4 AD integration

1. In the * * step, you need to assign a static IP address to your machine in case you are using a dynamic IP address provided by the DHCP server.

Run the ifconfig command to list your machine's network interface name, and issue the nmtui-edit command to the correct network card, and use the custom IP settings to edit the correct network interface.

Root permission to run the nmtui-edit command.

# ifconfig # nmtui-edit eno16777736

Find out the network interface name

2. After opening the network interface you want to edit, add the correct static IP settings, and make sure to add the DNS server IP address of Samba4 AD DC and the name of your domain, so that you can query realm from the machine. Use the screenshot below as a guide.

Configure network settings

3. After you have finished configuring the network interface, restart the network process to make the changes effective, and use the ping command to test the domain name and the FQDN of the samba 4 domain controller.

# systemctl restart network.service # cat / etc/resolv.conf # verify that the DNS parser configuration uses the correct DNS server IP # ping-c2 tecmint.lan # ping domain name # ping-c2 adc1 # ping * AD DC # ping-c2 adc2 # Ping second AD DC for domain resolution

Verify the network DNS configuration

4. Next, install the ntpdate package with the following command, synchronize time with the domain controller, and request the NTP server of the samba4 machine:

# yum install ntpdate # ntpdate-qu tecmint.lan # querry domain NTP servers # ntpdate tecmint.lan # Sync time with the domain

Synchronize time with Samba NTP server

5. You may want local time to be automatically synchronized with the samba AD time server. To achieve this setting, add a scheduled task by running the crontab-e command and appending the following lines.

0 * / 1 * / usr/sbin/ntpdate tecmint.lan > / var/log/ntpdate.lan 2 > & 1

Automatically synchronize time with Samba NTP

Step 2: prepare Samba4 AD DC for iRedMail integration

6. Now, as described in this tutorial, enter a Windows machine management Samba4 AD with RSAT tools installed.

Open the DNS manager, go to your domain forwarding lookup area and add a new A record, MX record, and PTR record that points to the IP address of your iRedMail system. Use the screenshot below as a guide.

Add an A record (replaced accordingly with the name of the iRedMail machine and IP).

Create a DNS A record for iRedMail

Add a MX record (leave the subdomain blank with a priority of 10).

Create a DNS MX record for iRedMail

Add an PTR record in the reverse lookup area (replacing the IP address of the iRedMail server accordingly). If you have not configured a reverse zone for a domain controller, read the following tutorial: managing Samba4 DNS Group policies from Windows

Create a DNS PTR record for iRedMail

7. After adding the basic DNS records that make the mail server run normally, go to the iRedMail machine, install the bind-utils software package, and query the newly added mail records according to the following suggestions.

Samba4 AD DC DNS should respond to the previously added DNS record.

# yum install bind-utils # host tecmint.lan # host mail.tecmint.lan # host 192.168.1.245

Install Bind and query email records

On a Windows machine, open a command line window and use the nslookup command to query the mail server records above.

As a prerequisite, create a new user account with minimum privileges in Samba4 AD DC, use the name vmail, select a strong password for this user, and ensure that the user's password never expires.

The vmail account will be used by the iRedMail service to query the Samba4 AD DC LDAP database and pull the email account.

To create a vmail account, as shown in the screenshot, use the ADUC graphical tool on the Windows machine that is joined to the installed RSAT tool domain, or run directly in the domain controller using the samba-tool command line as in the previous topic.

In this guide, we will use the methods mentioned above.

AD users and computers

Create a new user for iRedMail

Set a strong password for the user

9. In the iRedMail system, use the following command to test that vmail users can query the Samba4 AD DC LDAP database. The result returned should be the total number of objects in your domain, as shown in the screenshot below.

# ldapsearch-x-h tecmint.lan-D 'vmail@tecmint.lan'-W-b' cn=users,dc=tecmint,dc=lan'

Note: replace the domain name and Samba4 AD's LDAP dn (cn=users,dc=tecmint,dc=lan) accordingly.

Query Samba4 AD DC LDAP

Step 3: integrate iRedMail services into Samba4 AD DC

10. It is time to modify the iRedMail services (Postfix, Dovecot, and Roundcube) to query Samba4 domain controllers for mailbox accounts.

* the service to be modified is MTA proxy, Postfix. Execute the following command to disable a series of MTA settings, add your domain name to the Postfix local domain and mailbox domain, and use the Dovecot agent to send received mail to the user's mailbox.

# postconf-e virtual_alias_maps=''# postconf-e sender_bcc_maps=''# postconf-e recipient_bcc_maps=''# postconf-e relay_domains=''# postconf-e relay_recipient_maps=''# postconf-e sender_dependent_relayhost_maps=''# postconf-e smtpd_sasl_local_domain='tecmint.lan' # replace # postconf-e virtual_mailbox_domains='tecmint.lan' with your own domain # replace # postconf-e transport_maps='hash:/etc/postfix/transport' # postconf-e smtpd_sender_login_maps='proxy:ldap:/etc/postfix/ad_sender_login_maps.cf' # check SMTP sender # postconf-e virtual_mailbox_maps='proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf' # check local mail account # postconf-e virtual_alias_maps= 'proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf' # check the local mailing list # cp / etc/postfix/transport / etc/postfix/transport.backup # backup transport configuration # echo "tecmint.lan dovecot" > / etc/postfix/transport # add a field with dovecot transport # cat / etc/postfix/transport # verify transport file # postmap hash:/etc/postfix/transport

Next, create the / etc/postfix/ad_sender_login_maps.cf configuration file for Postfix with your favorite text editor and add the following configuration.

Server_host = tecmint.lan server_port = 389version = 3 bind = yes start_tls = no bind_dn = vmail@tecmint.lan bind_pw = ad_vmail_account_password search_base = dc=tecmint,dc=lan scope = sub query_filter = (& (userPrincipalName=%s) (objectClass=person) (! (userAccountControl:1.2.840.113556.1.4.803:=2) result_attribute= userPrincipalName debuglevel = 0

Create / etc/postfix/ad_virtual_mailbox_maps.cf using the following configuration.

Server_host = tecmint.lan server_port = 389version = 3 bind = yes start_tls = no bind_dn = vmail@tecmint.lan bind_pw = ad_vmail_account_password search_base = dc=tecmint,dc=lan scope = sub query_filter = (& (objectclass=person) (userPrincipalName=%s)) result_attribute= userPrincipalName result_format =% d/%u/Maildir/ debuglevel = 0

Create / etc/postfix/ad_virtual_group_maps.cf using the following configuration.

Server_host = tecmint.lan server_port = 389version = 3 bind = yes start_tls = no bind_dn = vmail@tecmint.lan bind_pw = ad_vmail_account_password search_base = dc=tecmint,dc=lan scope = sub query_filter = (& (objectClass=group) (mail=%s)) special_result_attribute = member leaf_result_attribute = mail result_attribute= userPrincipalName debuglevel = 0

Replace server_host, bind_dn, bind_pw and search_base in the above three configuration files to reflect the settings of your own domain.

Next, open the main Postfix configuration file and search for and disable iRedAPD's check_policy_service and smtpd_end_of_data_restrictions by adding a # comment before the line below.

# nano / etc/postfix/main.cf

Comment the following line:

# check_policy_service inet:127.0.0.1:7777 # smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777

15. Now, verify that Postfix uses existing domain users and domain groups to bind to Samba AD by executing a series of queries, as shown in the following example.

The result should be similar to the screenshot below.

# postmap-Q tecmint_user@tecmint.lan ldap:/etc/postfix/ad_virtual_mailbox_maps.cf # postmap-Q tecmint_user@tecmint.lan ldap:/etc/postfix/ad_sender_login_maps.cf # postmap-Q linux_users@tecmint.lan ldap:/etc/postfix/ad_virtual_group_maps.cf

Verify that Postfix is bound to Samba AD

Replace AD user and group accounts accordingly. Also, make sure that the AD group you are using has been assigned some members.

In the next step, modify the Dovecot configuration file to query Samba4 AD DC. Open the / etc/dovecot/dovecot-ldap.conf file and add the following line.

Hosts = tecmint.lan:389 ldap_version = 3 auth_bind = yes dn = vmail@tecmint.lan dnpass = ad_vmail_password base = dc=tecmint Dc=lan scope = subtree deref = never user_filter = (& (userPrincipalName=%u) (objectClass=person) (! (userAccountControl:1.2.840.113556.1.4.803:=2) pass_filter = (& (userPrincipalName=%u) (objectClass=person) (! (userAccountControl:1.2.840.113556.1.4.803:=2) pass_attrs = userPassword=password default_pass_scheme = CRYPT user_attrs = = home=/var/vmail/vmail1/%Ld/%Ln/Maildir/ = mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/

The mailbox for the Samba4 AD account will be stored in / var/vmail/vmail1/your_domain.tld/your_domain_user/Maildir/.

Make sure that the pop3 and imap protocols are enabled in the main configuration file of dovecot. Open / etc/dovecot/dovecot.conf to verify that the quota and acl mail plug-ins are enabled and check that these values exist.

Enable POP3 and IMAP in Dovecot

18. Optionally, if you want to set the global hard quota to no more than 500 MB storage per domain user, add the following line to the / etc/dovecot/dovecot.conf file.

Quota_rule = *: storage=500M

19. * in order for the current changes to take effect, restart and verify the status of the Postfix and Dovecot daemons with root privileges.

# systemctl restart postfix dovecot # systemctl status postfix dovecot

To test the mail server configuration from the command line using the IMAP protocol, use the telnet or netcat command, as shown below.

# nc localhost 143A1 LOGIN ad_user@your_domain.tld ad_user_password a2 LIST "*" a3 LOGOUT

Test iRedMail configuration

If you can use the Samba4 user account to perform an IMAP login from the command line, the iRedMail server seems ready to send and receive mail from the AD account.

In the next tutorial, you will discuss how to integrate Roundcube webmail with Samba4 AD DC, enable the global LDAP address book, customize Roudcube, access the Roundcube Web interface from the browser, and disable some unwanted iRedMail services.

The above is all the contents of the article "how to configure and integrate iRedMail Services into Samba4 AD DC". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.