Postfix running on SLES 10 and Auth over a W2k3 R2 Server, via Kerberos (based, and authorised by, on Loris aw mcgyver.it work )

Prerequisite:

- Ntp working
- Active directory Server
- Postix Server
- RPM: krb5, krb5-apps-clients, krb5-clients, pam_krb5, krb5-plugin-kdb-ldap, cyrus-sasl, cyrus-sasl-plain, cyrus-sasl-saslauthd

From CLI:
# yast -i ntp postfix krb5 krb5-apps-clients krb5-clients pam_krb5 krb5-plugin-kdb-ldap cyrus-sasl cyrus-sasl-plain cyrus-sasl-saslauthd

Let’s Start. (NB backup all configuration files before changing it, ex: cp cfg.conf cfg.conf.orig)

Configure /etc/krb5.conf (warning, it’s case sensitive world!!)

—– [/etc/krb5.conf ]
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
—– [/etc/krb5.conf ]

Ok, now change /etc/pam.d/smtp adding

—– cut here ——
auth sufficient pam_krb5.so no_user_check validate
account sufficient pam_permit.so
—– end cutting —–

Changing sasl auth file

—– [/etc/sasl2/smtpd.conf]
pwcheck_method: saslauthd
—– [/etc/sasl2/smtpd.conf]

Now it’s time to change sasl daemon. Edit

—- [/etc/sysconfig/saslauthd]
SASLAUTHD_AUTHMECH=pam
—- [/etc/sysconfig/saslauthd]
leave default other vars

Let’s try our setting.
TIME It’ important. Kerberos does not allow big time differences between server and client when
client is authenticating on server.

Try executing a simple “kinit username”
Password for username@DOMAIN.LOC:

It you got an error stop and try your configuration, else you can continue.

You can verify authentication on realm DOMAIN.LOC with smtp domain, you execute:

testsaslauthd -u username -p password -r DOMAIN.LOC -s smtp

Now we can configure postfix, just working without auth smtp relay:

smtpd_recipient_restrictions = permit_mynetworks , permit_sasl_authenticated , reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = DOMAIN.LOC
broken_sasl_auth_clients = yes

Rif:
http://www.facebook.com/topic.php?uid=5364518177&topic=6425
Others Rif:
http://www.postfix.org/SASL_README.html
http://pn-it.com/blog/linux-ubuntu/postfix-mit-ldap-auth-ubuntu-10/
http://www.faqs.org/docs/Linux-HOWTO/LDAP-Implementation-HOWTO.html

Evviva i formati aperti e la compatibilità a 360°, come se tutti dovrebbero avere solo Winzoz nei loro pc!

Per fortuna esiste qualche buona anima che ha creato dei plugin per farci assaporare anche a noi linuxiani i piacere riservati ad altri.

per il Silverlight : http://wiki.ubuntu-it.org/Silverlight http://go-mono.com/moonlight

per i codec, avendo Firefox, basta installare il plugin di Mplayer per Firefox/Gecko

Now Enjoy!

Quanto si riceve una notifica tipo questa:
The free disk space under /opt/trend/imss on server SMTP is 1227 MB, which is below the threshold.

significa che il database di IMSS ha quasi saturato il disco, e bisogna procedere all’allegerimento.

Per far ciò:

- Bypassare IMSS commentando la riga “content_filter = imss:localhost:10025“ in /etc/postfix/main.cf
- Riavviare postfix (rcpostfix restart)
- Stoppare i servizi di IMSS
- Lanciare il comando
/opt/trend/imss/PostgreSQL/bin/vacuumdb -f -a -U imss
e attendere che la procedura termini
- Avviare i servizi di IMSS
- Togliere il commento inserito nel file /etc/postfix/main.cf
- Riavviare postfix
Si può verificare che lo spazio si sia effettivamente liberato con il comando df -h

(procedura testata con successo su Sles 10 e Imss 7.0)

[Paolo san docet!]