document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-02-25 00:50:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/LCTT/TranslateProject

Browse Source
This commit is contained in:
geekpi 2017-06-20 13:52:01 +08:00
commit 74140b8d68
1 changed files with 79 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
sources/tech/20170510 How to Configure and Integrate iRedMail Services to Samba4 AD DC – Part 11.md → translated/tech/20170510 How to Configure and Integrate iRedMail Services to Samba4 AD DC – Part 11.md
View File

@ -1,25 +1,23 @@
translating---geekpi
How to Configure and Integrate iRedMail Services to Samba4 AD DC Part 11
如何配置并集成 iRedMail 服务到 Samba4 AD DC 中 - 第 11 部分
============================================================
In this tutorial will learn how to modify iRedMail main daemons which provide mail services, respectively, [Postfix used for mail transfer and Dovecot][4] which delivers mail to accounts mailboxes, in order to integrate them both in [Samba4 Active Directory Domain Controller][5].
在本教程中,将学习如何修改 iRedMail 的主要守护进程,相应地,[Postfix 用于邮件传输Dovecot][4] 将邮件传送到帐户邮箱,以便将它们集成到[ Samba4 AD 域控制器][5]中。
By integrating iRedMail to a Samba4 AD DC you will benefit from the following features: user authentication, management, and status via Samba AD DC, create mail lists with the help of AD groups and Global LDAP Address Book in Roundcube.
将 iRedMail 集成到 Samba4 AD DC 中,你将得到以下好处:用户身份验证、管理和通过 Samba AD DC 的状态、在 Roundcube 中的 AD 组和全局 LDAP 地址簿的帮助下创建邮件列表。
#### Requirements
#### 要求
1. [Install iRedMail on CentOS 7 for Samba4 AD Integration][1]
1. [在 CentOS 7 中为 Samba4 AD 集成安装 iRedMail][1]
### Step 1: Prepare iRedMail System for Sama4 AD Integration
### 第一步:准备 iRedMail 系统用于 Samba4 AD 集成
1. On the first step, you need to [assign a static IP address for your machine][6] in case youre using a dynamic IP address provided by a DHCP server.
1. 在第一步中,你需要[为你的机器分配一个静态的 IP 地址][6]以防你使用的是由 DHCP 服务器提供的动态 IP 地址。
Run [ifconfig command][7] to list your machine network interfaces names and edit the proper network interface with your custom IP settings by issuing [nmtui-edit][8] command against the correct NIC.
运行[ ifconfig 命令][7]列出你的机器网络接口名,并对正确的网卡发出 [nmtui-edit][8] 命令,使用自定义 IP 设置编辑正确的网络接口。
Run nmtui-edit command with root privileges.
root 权限运行 nmtui-edit 命令。
```
# ifconfig
@ -27,28 +25,28 @@ Run nmtui-edit command with root privileges.
```
[![Find Network Interface Name](https://www.tecmint.com/wp-content/uploads/2017/05/Find-Network-Interface-Name.png)][9]
Find Network Interface Name
找出网络接口名
2. Once the network interface is opened for editing, add the proper static IP settings, make sure you add the DNS servers IP addresses of your Samba4 AD DC and the name of your domain in order to query the realm from your machine. Use the below screenshot as a guide.
2. 在打开要编辑的网络接口后,添加正确的静态 IP 设置,确保添加了 Samba4 AD DC 的 DNS 服务器 IP 地址以及你的域的名字,以便从机器查询 realm。使用以下截图作为指导。
[![Configure Network Settings](https://www.tecmint.com/wp-content/uploads/2017/05/Configure-Network-Settings.png)][10]
Configure Network Settings
配置网络设置
3. After you finish configuring the network interface, restart the network daemon to apply changes and issue a series of ping commands against the domain name and samba4 domain controllers FQDNs.
3. 在你完成配置网络接口后,重启网络进程使更改生效,并对域名以及 samba 4 域控制器的 FQDN 使用 ping 命令测试。
```
# systemctl restart network.service
# cat /etc/resolv.conf # verify DNS resolver configuration if the correct DNS servers IPs are queried for domain resolution
# ping -c2 tecmint.lan # Ping domain name
# ping -c2 adc1 # Ping first AD DC
# ping -c2 adc2 # Ping second AD DC
# cat /etc/resolv.conf # 验证 DNS 解析器配置是否对域解析使用了正确的 DNS 服务器 IP
# ping -c2 tecmint.lan # ping 域名
# ping -c2 adc1 # ping 第一个 AD DC
# ping -c2 adc2 # Ping 第二个 AD DC
```
[![Verify Network DNS Configuration](https://www.tecmint.com/wp-content/uploads/2017/05/Verify-Network-DNS-Configuration.png)][11]
Verify Network DNS Configuration
验证网络 DNS 配置
4. Next, sync time with samba domain controller by installing the ntpdate package and query Samba4 machine NTP server by issuing the below commands:
4. 接下来,用下面的命令安装 ntpdate 包,与域控制器同步时间,并请求 samba4 机器的 NTP 服务器:
```
# yum install ntpdate
@ -57,46 +55,46 @@ Verify Network DNS Configuration
```
[![Sync Time with Samba NTP Server](https://www.tecmint.com/wp-content/uploads/2017/05/Sync-Time-with-Samba-NTP-Server.png)][12]
Sync Time with Samba NTP Server
与 Samba NTP 服务器同步时间
5. You might want the local time to be automatically synchronized with samba AD time server. In order to achieve this setting, add a scheduled job to run every hour by issuing [crontab -e command][13] and append the following line:
5. 你或许想要本地时间自动与 samba AD 时间服务器同步。为了实现这个设置,通过运行 [crontab -e 命令][13]并追加下面的行添加一条计划任务。
```
0 */1 * * * /usr/sbin/ntpdate tecmint.lan > /var/log/ntpdate.lan 2>&1
```
[![Auto Sync Time with Samba NTP](https://www.tecmint.com/wp-content/uploads/2017/05/Auto-Sync-Time-with-Samba-NTP.png)][14]
Auto Sync Time with Samba NTP
自动与 Samba NTP 同步时间
### Step 2: Prepare Samba4 AD DC for iRedMail Integration
### 第二步:为 iRedMail 集成准备 Samba4 AD DC
6. Now, move to a [Windows machine with RSAT tools installed][15] to manage Samba4 Active Directory as described in this tutorial [here][16].
6. 现在,如[这篇][16]教程所述进入一台[安装了 RSAT 工具的 Windows 机器][15]管理 Samba4 AD。
Open DNS Manager, go to your domain Forward Lookup Zones and add a new A record, an MX record and a PTR record to point to your iRedMail system IP address. Use the below screenshots as a guide.
打开 DNS 管理器,转到你的域转发查找区并添加新的 A 记录、MX记录还有 PTR 记录指向你的 iRedMail 系统的 IP 地址。使用以下截图作为指导。
Add A record (replace the name and the IP Address of iRedMail machine accordingly).
添加一条 A 记录(相应地用 iRedMail 机器的名字和 IP 替换)。
[![Create DNS A Record for iRedMail](https://www.tecmint.com/wp-content/uploads/2017/05/Create-DNS-A-Record-for-iRedMail.png)][17]
Create DNS A Record for iRedMail
为 iRedMail 创建 DNS A 记录
Add MX record (leave child domain blank and add a 10 priority for this mail server).
添加 MX 记录(将子域留空,优先级为 10
[![Create DNS MX Record for iRedMail](https://www.tecmint.com/wp-content/uploads/2017/05/Create-DNS-MX-Record-for-iRedMail.png)][18]
Create DNS MX Record for iRedMail
为 iRedMail 创建 DNS MX 记录
Add PTR record by expanding to Reverse Lookup Zones (replace IP address of iRedMail server accordingly). In case you havent configured a reverse zone for your domain controller so far, read the following tutorial:
在反向查找区域(相应地替换 iRedMail 服务器的 IP 地址)添加 PTR 记录。如果你尚未为域控制器配置反向区域,请阅读以下教程:
1. [Manage Samba4 DNS Group Policy from Windows][2]
1. [从 Windows 管理 Samba4 DNS 组策略][2]
[![Create DNS PTR Record for iRedMail](https://www.tecmint.com/wp-content/uploads/2017/05/Create-DNS-PTR-Record-for-iRedMail.png)][19]
Create DNS PTR Record for iRedMail
为 iRedMail 创建 DNS PTR 记录
7. After youve added the basic DNS records which make a mail server to function properly, move to the iRedMail machine, install bind-utils package and query the newly added mail records as suggested on the below excerpt.
7.添加了使邮件服务器正常运行的基本 DNS 记录后,请进入 iRedMail 机器,安装 bind-utils 软件包,并按如下建议查询新添加的邮件记录。
Samba4 AD DC DNS server should respond with the DNS records added in the previous step.
Samba4 AD DC DNS 应该会响应之前添加的 DNS 记录。
```
# yum install bind-utils
@ -106,49 +104,49 @@ Samba4 AD DC DNS server should respond with the DNS records added in the previou
```
[![Install Bind and Query Mail Records](https://www.tecmint.com/wp-content/uploads/2017/05/Install-Bind-and-Query-Mail-Records.png)][20]
Install Bind and Query Mail Records
安装 Bind 并查询邮件记录
From a Windows machine, open a Command Prompt window and issue [nslookup command][21] against the above mail server records.
在一台 Windows 机器上,打开命令行窗口并使用[ nslookup 命令][21]查询上面的邮件服务器记录。
8. As a final pre-requirement, create a new user account with minimal privileges in Samba4 AD DC with the name vmail, choose a strong password for this user and make sure the password for this user never expires.
8. 作为最后一个先决要求,在 Samba4 AD DC 中创建一个具有最小权限的新用户帐户,并使用名称 vmail, 为此用户选择一个强密码, 并确保该用户的密码永不过期。
The vmail user account will be used by iRedMail services to query Samba4 AD DC LDAP database and pull the email accounts.
vmail 帐户将被 iRedMail 服务用来查询 Samba4 AD DC LDAP 数据库并拉取电子邮件帐户。
To create the vmail account, use ADUC graphical tool from a Windows machine joined to the realm with RSAT tools installed as illustrated on the below screenshots or use samba-tool command line directly from a domain controller as explained on the following topic.
要创建 vmail 账户,如截图所示,使用加入了已安装 RSAT 工具域的 Windows 机器上的 ADUC 图形化工具,或者按照先前主题中那样用 samba-tool 命令行直接在域控制器中运行。
1. [Manage Samba4 Active Directory from Linux Command Line][3]
1. [在 Linux 命令行中管理 Samba4 AD][3]
In this guide, well use the first method mentioned above.
在本指导中,我们会使用上面提到的第一种方法。
[![Active Directory Users and Computers](https://www.tecmint.com/wp-content/uploads/2017/05/Active-Directory-Users-and-Computers.png)][22]
Active Directory Users and Computers
AD 用户和计算机
[![Create New User for iRedMail](https://www.tecmint.com/wp-content/uploads/2017/05/Create-New-User-for-iRedMail.png)][23]
Create New User for iRedMail
为 iRedMail 创建新的用户
[![Set Strong Password for User](https://www.tecmint.com/wp-content/uploads/2017/05/Set-Strong-Password-for-User.png)][24]
Set Strong Password for User
为用户设置强密码
9. From iRedMail system, test the vmail user ability to query Samba4 AD DC LDAP database by issuing the below command. The returned result should be a total number of objects entries for your domain as illustrated on the below screenshots.
9. 在 iRedMail 系统中,用下面的命令测试 vmail 用户能够查询 Samba4 AD DC LDAP 数据库。返回的结果应该是你的域的对象总数, 如下截图所示。
```
# ldapsearch -x -h tecmint.lan -D 'vmail@tecmint.lan' -W -b 'cn=users,dc=tecmint,dc=lan'
```
Note: Replace the domain name and the LDAP base dn in Samba4 AD (cn=users,dc=tecmint,dc=lan) accordingly.
注意:相应地替换域名以及 Samba4 AD 的 LDAP dn cn=users,dc=tecmint,dc=lan
[![Query Samba4 AD DC LDAP](https://www.tecmint.com/wp-content/uploads/2017/05/Query-Samba4-AD-DC-LDAP.png)][25]
Query Samba4 AD DC LDAP
查询 Samba4 AD DC LDAP
### Step 3: Integrate iRedMail Services to Samba4 AD DC
### 第三步:将 iRedMail 服务集成到 Samba4 AD DC 中
10. Now its time to tamper with iRedMail services (Postfix, Dovecot and Roundcube) in order to query Samba4 Domain Controller for mail accounts.
10. 现在是时候修改 iRedMail 服务Postfix、Dovecot 和 Roundcube以便为邮箱帐户查询 Samba4 域控制器。
The first service to be modified will be the MTA agent, Postfix. Issue the following commands to disable a series of MTA settings, add your domain name to Postfix local domain and mailbox domains and use Dovecot agent to deliver received mails locally to user mailboxes.
第一个要修改的服务是 MTA 代理Postfix。执行以下命令禁用一系列的 MTA 设置,添加你的域名到 Postfix 本地域以及邮箱域中,并使用 Dovecot 代理发送已接收的邮件到用户邮箱中。
```
# postconf -e virtual_alias_maps=' '
@ -157,19 +155,19 @@ The first service to be modified will be the MTA agent, Postfix. Issue the follo
# postconf -e relay_domains=' '
# postconf -e relay_recipient_maps=' '
# postconf -e sender_dependent_relayhost_maps=' '
# postconf -e smtpd_sasl_local_domain='tecmint.lan' #Replace with your own domain
# postconf -e virtual_mailbox_domains='tecmint.lan' #Replace with your own domain
# postconf -e smtpd_sasl_local_domain='tecmint.lan' #用你自己的域替换
# postconf -e virtual_mailbox_domains='tecmint.lan' #用你自己的域替换
# postconf -e transport_maps='hash:/etc/postfix/transport'
# postconf -e smtpd_sender_login_maps='proxy:ldap:/etc/postfix/ad_sender_login_maps.cf' # Check SMTP senders
# postconf -e virtual_mailbox_maps='proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf' # Check local mail accounts
# postconf -e virtual_alias_maps='proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf' # Check local mail lists
# cp /etc/postfix/transport /etc/postfix/transport.backup # Backup transport conf file
# echo "tecmint.lan dovecot" > /etc/postfix/transport # Add your domain with dovecot transport
# cat /etc/postfix/transport # Verify transport file
# postconf -e smtpd_sender_login_maps='proxy:ldap:/etc/postfix/ad_sender_login_maps.cf' # 检查 SMTP 发送者
# postconf -e virtual_mailbox_maps='proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf' # 检查本地邮件帐户
# postconf -e virtual_alias_maps='proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf' # 检查本地邮件列表
# cp /etc/postfix/transport /etc/postfix/transport.backup # 备份 transport 配置
# echo "tecmint.lan dovecot" > /etc/postfix/transport # 添加带 dovecot transport 的域
# cat /etc/postfix/transport # 验证 transport 文件
# postmap hash:/etc/postfix/transport
```
11. Next, create Postfix `/etc/postfix/ad_sender_login_maps.cf` configuration file with your favorite text editor and add the below configuration.
11. 接下来,用你最喜欢的文本编辑器创建 Postfix `/etc/postfix/ad_sender_login_maps.cf` 配置文件,并添加下面的配置。
```
server_host = tecmint.lan
@ -186,7 +184,7 @@ result_attribute= userPrincipalName
debuglevel = 0
```
12. Create `/etc/postfix/ad_virtual_mailbox_maps.cf` with the following configuration.
12. 使用下面的配置创建 `/etc/postfix/ad_virtual_mailbox_maps.cf`
```
server_host = tecmint.lan
@ -204,7 +202,7 @@ result_format = %d/%u/Maildir/
debuglevel = 0
```
13. Create `/etc/postfix/ad_virtual_group_maps.cf` with the below configuration.
13. 使用下面的配置创建 `/etc/postfix/ad_virtual_group_maps.cf`
```
server_host = tecmint.lan
@ -223,24 +221,24 @@ result_attribute= userPrincipalName
debuglevel = 0
```
On all three configuration files replace the values from server_host, bind_dn, bind_pw and search_base to reflect your own domain custom settings.
替换上面三个配置文件中的 server_host、bind_dn、bind_pw  search_base 以反应你自己域的设置。
14. Next, open Postfix main configuration file and search and disable iRedAPD check_policy_service and smtpd_end_of_data_restrictions by adding a comment `#` in front of the following lines.
14. 接下来,打开 Postfix 主配置文件,通过在下面的行前添加 `#`,搜索并禁用 iRedAPD 的 check_policy_service 和 smtpd_end_of_data_restrictions。
```
# nano /etc/postfix/main.cf
```
Comment the following lines:
注释下面的行:
```
#check_policy_service inet:127.0.0.1:7777
#smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
```
15. Now, verify Postfix binding to Samba AD using an existing domain user and a domain group by issuing a series of queries as presented in the following examples.
15. 现在,通过执行一系列查询,验证 Postfix 是否使用现有的域用户和域组绑定到 Samba AD如以下示例所示。
The result should be similar as illustrated on the bellow screenshot.
结果应与下面的截图类似。
```
# postmap -q tecmint_user@tecmint.lan ldap:/etc/postfix/ad_virtual_mailbox_maps.cf
@ -249,11 +247,11 @@ The result should be similar as illustrated on the bellow screenshot.
```
[![Verify Postfix Binding to Samba AD](https://www.tecmint.com/wp-content/uploads/2017/05/Verify-Postfix-Binding-to-Samba-AD.png)][26]
Verify Postfix Binding to Samba AD
验证 Postfix 绑定到了 Samba AD
Replace AD user and group accounts accordingly. Also, assure that the AD group youre using has some AD users members assigned to it.
相应替换 AD 用户及组帐户。同样,确保你使用的 AD 组已被分配了一些成员。
16. On the next step modify Dovecot configuration file in order to query Samba4 AD DC. Open file `/etc/dovecot/dovecot-ldap.conf` for editing and add the following lines.
16. 在下一步中修改 Dovecot 配置文件以查询 Samba4 AD DC。打开 `/etc/dovecot/dovecot-ldap.conf` 文件并添加下面的行。
```
hosts = tecmint.lan:389
@ -271,28 +269,28 @@ default_pass_scheme = CRYPT
user_attrs = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/
```
The mailbox of a Samba4 AD account will be stored in /var/vmail/vmail1/your_domain.tld/your_domain_user/Maildir/ location on the Linux system.
Samba4 AD 帐户的邮箱将会存储在 /var/vmail/vmail1/your_domain.tld/your_domain_user/Maildir/ 中。
17. Make sure pop3 and imap protocols are enabled in dovecot main configuration file. Verify if quota and acl mail plugins are also enabled by opening file `/etc/dovecot/dovecot.conf` and check if these values are present.
17. 确保 dovecot 的主配置文件中启用了 pop3 和 imap 协议。打开 `/etc/dovecot/dovecot.conf` 验证是否启用了 quota 和 acl 邮件插件,并检查这些值是否存在。
[![Enable Pop3 and Imap in Dovecot](https://www.tecmint.com/wp-content/uploads/2017/05/Enable-Pop3-Imap-in-Dovecot.png)][27]
Enable Pop3 and Imap in Dovecot
在 Dovecot 中启用 POP3 和 IMAP
18. Optionally, if you want to set a global hard quota to not exceed the maximum of 500 MB of storage for each domain user, add the following line in /etc/dovecot/dovecot.conf file.
18. 可选地,如果要将全局硬配额设置为每个域用户的最大不超过 500 MB 存储,请在 /etc/dovecot/dovecot.conf 文件中添加以下行。
```
quota_rule = *:storage=500M
```
19. Finally, in order to apply all changes made so far, restart and verify the status of Postfix and Dovecot daemons by issuing the below commands with root privileges.
19. 最后,为了使目前这些更改生效,用 root 权限执行下面的命令重启并验证 Postfix 和 Dovecot 守护进程的状态。
```
# systemctl restart postfix dovecot
# systemctl status postfix dovecot
```
20. In order to test mail server configuration from the command line using IMAP protocol use telnet or [netcat command][28] as presented in the below example.
20. 为了使用 IMAP 协议从命令行测试邮件服务器配置,请使用 telnet 或[ netcat 命令][28],如下所示。
```
# nc localhost 143
@ -302,17 +300,17 @@ a3 LOGOUT
```
[![Test iRedMail Configuration](https://www.tecmint.com/wp-content/uploads/2017/05/Test-iRedMail-Configuration.png)][29]
Test iRedMail Configuration
测试 iRedMail 配置
If you can perform an IMAP login from the command line with a Samba4 user account then iRedMail server seems ready to send and receive mail for Active Directory accounts.
如果你可以使用 Samba4 用户帐户从命令行执行 IMAP 登录,那么 iRedMail 服务器似乎已经准备好发送和接收 AD 帐户的邮件。
On the next tutorial will discuss how to integrate Roundcube webmail with Samba4 AD DC and enable Global LDAP Address Book, customize Roudcube, access Roundcube web interface from a browser and disable some unneeded iRedMail services.
在下一个教程中将讨论如何将 Roundcube webmail 与 Samba4 AD DC 集成,并启用全局 LDAP 地址簿,自定义 Roudcube从浏览器访问 Roundcube Web 界面,并禁用某些不需要的 iRedMail 服务。
--------------------------------------------------------------------------------
作者简介:
I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.
我是一个电脑上瘾的家伙,开源和基于 linux 的系统软件的粉丝,在 Linux 发行版桌面、服务器和 bash 脚本方面拥有大约4年的经验。
-----