You are not logged in.

Pages: 1

#1 2010-10-04 16:07:41

Carlwill
Member
From: Orlando, FL
Registered: 2008-10-06
Posts: 560
Website

Using Arch Mail & Web Server in a A.D. Environment

I am being asked to stand up a dedicated mail and web server in a network that runs Active Directory 2008 domain. All users are running Windows XP and or Windows 7. I have stood up two dedicated Arch Linux servers (64-bit) for the requested tasks and everything is working perfect except for the fact that users now have three individual passwords:

1. Windows domain login credentials
2. Postfix / Dovecot (email) credentials are the Linux shell login (set to /bin/false)
3. Apache / Intranet access is used from a '.htpasswd' file

Does anyone recommend a way that I could somehow synchronize the users mail & web credentials with their Windows / Kerberos credentials.

Thanks for any help!

./

Offline

#2 2010-10-04 22:12:57

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,231
Website

Re: Using Arch Mail & Web Server in a A.D. Environment

I'm guessing you could do something with LDAP for both....
Use pam directly from Apache: http://www.debianhelp.co.uk/apachepam.htm
I can't remember if Dovecot can use pam or not, but I've sure it has some kind of LDAP integration...

auth     sufficient     pam_ldap.so config=/etc/pam_ldap.conf
account  sufficient     pam_ldap.so config=/etc/pam_ldap use_first_pass
password required       pam_deny.so
session  required       pam_deny.so
#debug 10
host ldap.internal.server.com
base DC=INTERNAL,DC=LOCAL
binddn CN=WebServer,DC=INTERNAL,DC=LOCAL
bindpw w3B-53RveR
pam_login_attribute sAMAccountName
pam_groupdn CN=WebServerUsers,DC=INTERNAL,DC=LOCAL
pam_member_attribute member

These came from a live pam config we use at a client site to auth squid proxy users against AD.

Last edited by fukawi2 (2010-10-04 22:13:28)

Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?

BlueHackers // fscanary // resticctl

Offline

#3 2010-10-06 19:18:56

briest
Member
From: Katowice, PL
Registered: 2006-05-04
Posts: 468

Re: Using Arch Mail & Web Server in a A.D. Environment

With Winbind (part of Samba) you can have single sign-on with AD -- at least with dovecot (more about dovecot) and Apache, don't know about Postfix. Contrary to popular belief (and HOWTOs), I have never had to touch Kerberos configuration, winbind alone is enough.
See Samba documentation on becoming domain member.

Offline

#4 2010-10-06 22:12:34

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,231
Website

Re: Using Arch Mail & Web Server in a A.D. Environment

OOoooh, that's awesome briest....

/me bookmarks those links for my new job wink

Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?

BlueHackers // fscanary // resticctl

Offline

Pages: 1

Board footer

Powered by FluxBB