Re: [exim] Exim samba4 active directory

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Benoît PELISSIER
日付:  
To: exim-users
題目: Re: [exim] Exim samba4 active directory
Hi

I have :
Samba4 AD on debian10
Dovecot/exim4 on debian10

So this follow work on debian10 (debian9 to ;))

Samba4 AD :
follow this how to (i adapted this on my wiki):
https://dev.tranquil.it/samba/fr/samba_config_server/debian/server_prepare_debian.html

I create an user on AD

samba-tool user create dovecot
pdbedit --user=dovecot --modify --fullname="Serveur Dovecot"
--account-desc="The BEST way to make Dovecot work"
samba-tool user setpassword dovecot -U administrator

Dovecot :

apt-get install --assume-yes dovecot-core dovecot-imapd telnet
dovecot-ldap ldap-utils

# i use ~/Maildir
sed -i '/^mail_location/ s/mbox.*$/maildir:~\/Maildir/'
/etc/dovecot/conf.d/10-mail.conf /etc/dovecot/conf.d/10-mail.conf

groupadd -g 5000 vmail
useradd -u 5000 -g 5000 -s /bin/bash -d /home/vmail vmail
chown vmail /home

sed -i 's/#!include auth-ldap.conf.ext/!include auth-ldap.conf.ext/'
/etc/dovecot/conf.d/10-auth.conf

FQDN=HOME.LAN
LDAPUSER=dovecot
LDAPPASS='PASSWORDDOVECOTUSER'
IPAD=192.168.123.123
DOMAINE=HOME
SUFFIX=LAN

mv /etc/dovecot/dovecot-ldap.conf.ext
/etc/dovecot/dovecot-ldap.conf.ext.ORIGIN

cat <<EOF >/etc/dovecot/dovecot-ldap.conf.ext
uris = ldap://${IPAD}/
dn = "${LDAPUSER}@${FQDN}"
dnpass = "${LDAPPASS}"
sasl_bind = no
tls = no
ldap_version = 3
deref = never
scope = subtree
base = cn=Users,dc=${DOMAINE},dc=${SUFFIX}
auth_bind = yes
user_filter =
(&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(|(mail=%u)(sAMAccountName=%u)(otherMailbox=%u)))
user_attrs =
sAMAccountName=user,userPassword=password,=mail=maildir:/home/%n/Maildir/
pass_filter =
(&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(sAMAccountName=%u))
pass_attrs = sAMAccountName=user,userPassword=password
EOF

sed -i "/^mail_location/amail_home = /home/sieve/%u\nmail_uid =
vmail\nmail_gid = vmail\nfirst_valid_uid = 107\nfirst_valid_gid =
8\ndisable_plaintext_auth = no" /etc/dovecot/conf.d/10-mail.conf

sed -i "/auth-userdb/amode = 0600\nuser = vmail\ngroup = vmail"
/etc/dovecot/conf.d/10-master.conf

sed -i -e '/UserDatabase.Static.txt/,$ s/^\([ ]*\)#/\1/' -e
'/UserDatabase.Static.txt/ s/^/#/' /etc/dovecot/conf.d/auth-ldap.conf.ext

/etc/init.d/dovecot restart

And Exim

aptitude install --assume-yes exim4-daemon-heavy openssl

sed -i '/dc_use_split_config/s/false/true/'
/etc/exim4/update-exim4.conf.conf

cat <<EOF >/etc/exim4/conf.d/main/15_exim4-ldap
LOCAL_AD_SERVERS = ${IPAD}::389
LOCAL_AD_BASE_DN = \${quote_ldap:CN=Users,DC=${DOMAINE},DC=${SUFFIX}}
LOCAL_AD_BIND_DN =
\${quote_ldap:CN=${LDAPUSER},CN=Users,DC=${DOMAINE},DC=${SUFFIX}}
LOCAL_AD_PASS = "${LDAPPASS}"

.ifdef LOCAL_AD_SERVERS
ldap_default_servers = LOCAL_AD_SERVERS
ldap_start_tls = false
ldap_require_cert = never
.endif
EOF

chmod 644 /etc/exim4/conf.d/main/15_exim4-ldap

cat <<EOF >/etc/exim4/conf.d/router/898_exim4-config_ldap
.ifdef LOCAL_AD_SERVERS

user_ad_aliases:
debug_print = "R: user_ad_aliases for \$local_part@\$domain"
driver = redirect
domains = +local_domains
data = \${lookup ldapm {user=LOCAL_AD_BIND_DN pass=LOCAL_AD_PASS
ldap:///LOCAL_AD_BASE_DN?mail?sub?(memberOf=\${lookup
ldapdn{user=LOCAL_AD_BIND_DN pass=LOCAL_AD_PASS
ldap:///LOCAL_AD_BASE_DN??sub?(mail=\${quote_ldap:\$local_part@\$domain})}})}}

.endif
EOF

chmod 644 /etc/exim4/conf.d/router/898_exim4-config_ldap

cat <<EOF >/etc/exim4/conf.d/router/899_dovecot
dovecot:
debug_print = "R: dovecot for \$local_part@\$domain"
driver = accept
domains = +local_domains
transport = dovecot_virtual_delivery
cannot_route_message = Unknown user
EOF

chmod 644 /etc/exim4/conf.d/router/899_dovecot

cat <<EOF >/etc/exim4/conf.d/transport/35_exim4-config_dovecot
dovecot_virtual_delivery:
driver = pipe
command = /usr/lib/dovecot/dovecot-lda -d \$local_part@\$domain -f
\$sender_address
message_prefix =
message_suffix =
delivery_date_add
envelope_to_add
return_path_add
log_output
user = vmail
temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78
EOF

chmod 644 /etc/exim4/conf.d/transport/35_exim4-config_dovecot

cat <<EOF >/etc/exim4/conf.d/auth/10_exim4-config_dovecot
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = \$auth1

dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = \$auth1
EOF

chmod 644 /etc/exim4/conf.d/auth/10_exim4-config_dovecot

/etc/init.d/exim4 restart

cat <<EOF >/tmp/10-master.tmp
unix_listener auth-client {
     mode = 0600
     user = Debian-exim
   }


EOF

sed -i $'/Postfix smtp-auth/{e cat /tmp/10-master.tmp\n}'
/etc/dovecot/conf.d/10-master.conf

cat <<EOF >/etc/dovecot/conf.d/25-custom-stats.conf
service stats {
   unix_listener stats-reader {
     user = vmail
     group = vmail
     mode = 0600
   }


   unix_listener stats-writer {
     user = vmail
     group = vmail
     mode = 0660
   }
}
EOF


chmod 644 /etc/dovecot/conf.d/25-custom-stats.conf

/etc/init.d/dovecot restart

Good night !

Benoît

Le 20/11/2020 à 22:52, Odhiambo Washington via Exim-users a écrit :
> Hi Benoît,
>
> Thanking you in advance for your help with this. I will be waiting for your
> reply.
>
> On Sat, 21 Nov 2020, 00:46 Benoît, <bpelissier@???> wrote:
>
>> Hi,
>>
>> I will do mail tomorrow to explain it. I do it with exim and dovecot-lda
>> delivery.
>>
>> Le 20 novembre 2020 08:08:19 GMT+01:00, Odhiambo Washington via Exim-users
>> <exim-users@???> a écrit :
>>>
>>> Hello good people,
>>>
>>> My Google-fu having failed me miserably, I am only left with one option -
>>> to ask here.
>>>
>>> I have setup a Samba4 as a domain controller on a Unix box.
>>>
>>> My next quest is to see if I can have Exim to authenticate users against
>>> it.
>>> I have 2 domains that I'd love to virtualize.
>>> Ultimately I am looking for an SSO setup for all services.
>>>
>>> I am pretty sure there are members of this list who are running such
>>> setups. I could not find (well, either Google or me) any
>>> detailed documentation in one place.
>>>
>>> I am requesting you to kindly share me with any HOWTOs, if anyone has
>>> documented their setup.
>>>
>>> Thanking you in advance.
>>>
>>>
>> --
>> Benoît Pélissier - Lan2Net
>>

begin:vcard
fn;quoted-printable:Beno=C3=AEt PELISSIER
n;quoted-printable:PELISSIER;Beno=C3=AEt
org;quoted-printable:LAN2NET - l'informatique fiable sous Linux + logiciels libres;membre du r=C3=A9seau "Alliance-Libre"
adr;quoted-printable;dom:12 avenue Jules Verne;;Les Espaces Jules Verne, b=C3=A2timent A;SAINT-SEBASTIEN SUR LOIRE;;44230
email;internet:bpelissier@???
title;quoted-printable:Technicien syst=C3=A8me & r=C3=A9seau
tel;work:02 85 52 65 37
url:http://www.lan2net.fr
version:2.1
end:vcard