Yadda ake Sanya da Haɗa Sabis na iRedMail zuwa Samba4 AD DC - Kashi na 11

A cikin wannan koyawa za ta koyi yadda ake gyara iRedMail main daemons waɗanda ke ba da sabis na wasiku, bi da bi, Samba4 Active Directory Domain Controller.

Ta hanyar haɗa iRedMail zuwa Samba4 AD DC za ku amfana daga waɗannan fasalulluka masu zuwa: tantancewar mai amfani, gudanarwa, da matsayi ta hanyar Samba AD DC, ƙirƙirar jerin wasiƙu tare da taimakon ƙungiyoyin AD da Littafin adireshi na LDAP na Duniya a cikin Roundcube.

1. Shigar da iRedMail akan CentOS 7 don Haɗin Samba4 AD

Mataki 1: Shirya Tsarin iRedMail don Haɗin Sama4 AD

1. A mataki na farko, kuna buƙatar sanya adireshin IP na tsaye don injin ku idan kuna amfani da adireshin IP mai ƙarfi wanda sabar DHCP ta samar.

Gudun umarnin nmtui-edit a kan daidai NIC.

Run nmtui-edit umarni tare da tushen gata.

# ifconfig
# nmtui-edit eno16777736

2. Da zarar an buɗe cibiyar sadarwa don yin gyare-gyare, ƙara daidaitattun saitunan IP masu dacewa, tabbatar da cewa kun ƙara adireshin IP na sabar DNS na Samba4 AD DC ɗinku da sunan yankin ku don tambayar daular daga injin ku. Yi amfani da hoton allo na ƙasa azaman jagora.

3. Bayan kun gama daidaita hanyar sadarwar cibiyar sadarwa, sake kunna daemon na cibiyar sadarwa don aiwatar da canje-canje kuma ku ba da jerin umarni na ping akan sunan yankin da samba4 domain controllers FQDNs.

# systemctl restart network.service
# cat /etc/resolv.conf     # verify DNS resolver configuration if the correct DNS servers IPs are queried for domain resolution
# ping -c2 tecmint.lan     # Ping domain name
# ping -c2 adc1            # Ping first AD DC
# ping -c2 adc2            # Ping second AD DC

4. Na gaba, lokacin daidaitawa tare da mai sarrafa yanki na samba ta hanyar shigar da kunshin ntpdate da tambaya Samba4 uwar garken NTP ta hanyar ba da umarnin da ke ƙasa:

# yum install ntpdate
# ntpdate -qu tecmint.lan      # querry domain NTP servers
# ntpdate tecmint.lan          # Sync time with the domain

5. Kuna iya son lokacin gida ya daidaita ta atomatik tare da sabar lokacin samba AD. Don cimma wannan saitin, ƙara aikin da aka tsara don gudana kowace sa'a ta hanyar ba da umarnin crontab -e kuma saka layin da ke gaba:

0   */1	  *   *   *   /usr/sbin/ntpdate tecmint.lan > /var/log/ntpdate.lan 2>&1

Mataki 2: Shirya Samba4 AD DC don Haɗin iRedMail

6. Yanzu, matsa zuwa nan.

Buɗe Manajan DNS, je zuwa yankin Neman Gaba da Gaba kuma ƙara sabon rikodin, rikodin MX da rikodin PTR don nuna adireshin iRedMail na tsarin IP na ku. Yi amfani da hotunan kariyar kwamfuta na ƙasa azaman jagora.

Ƙara rikodin (maye gurbin suna da Adireshin IP na na'ura iRedMail daidai).

Ƙara rikodin MX (bar yankin yara ba komai kuma ƙara fifiko 10 don wannan sabar saƙon).

Ƙara rikodin PTR ta faɗaɗa zuwa Yankunan Neman Juya (maye gurbin adireshin IP na sabar iRedMail daidai). Idan baku saita yankin juzu'i don mai sarrafa yankinku ba zuwa yanzu, karanta koyawa mai zuwa:

1. Sarrafa Manufofin Rukuni na DNS na Samba4 daga Windows

7. Bayan kun ƙara ainihin bayanan DNS waɗanda ke sa sabar mail ta yi aiki yadda ya kamata, matsa zuwa na'urar iRedMail, shigar da kunshin ɗaure kuma bincika sabbin bayanan wasiƙun da aka ƙara kamar yadda aka ba da shawarar a ƙasa.

Samba4 AD DC uwar garken DNS yakamata ya amsa tare da bayanan DNS da aka ƙara a matakin baya.

# yum install bind-utils
# host tecmint.lan
# host mail.tecmint.lan
# host 192.168.1.245

Daga na'ura ta Windows, buɗe taga ta Umurnin Ba da izini kuma ba da umarnin nslookup akan bayanan sabar saƙon da ke sama.

8. A matsayin buƙatun ƙarshe na ƙarshe, ƙirƙirar sabon asusun mai amfani tare da ƙaramin gata a cikin Samba4 AD DC tare da sunan vmail, zaɓi kalmar sirri mai ƙarfi don wannan mai amfani kuma tabbatar da kalmar wucewa ta wannan mai amfani ba ta ƙare ba.

Sabis na iRedMail za su yi amfani da asusun mai amfani na vmail don tambayar Samba4 AD DC LDAP database da kuma ja da asusun imel.

Don ƙirƙirar asusun vmail, yi amfani da kayan aikin hoto na ADUC daga injin Windows wanda aka haɗa zuwa daula tare da kayan aikin RSAT da aka sanya kamar yadda aka kwatanta akan hotunan kariyar kwamfuta ko amfani da layin umarni na samba-kayan aiki kai tsaye daga mai sarrafa yanki kamar yadda aka bayyana akan batu mai zuwa.

1. Sarrafa Samba4 Active Directory daga Linux Command Line

A cikin wannan jagorar, za mu yi amfani da hanyar farko da aka ambata a sama.

9. Daga tsarin iRedMail, gwada ikon mai amfani da vmail don tambayar Samba4 AD DC LDAP database ta hanyar ba da umarnin da ke ƙasa. Sakamakon da aka dawo ya kamata ya zama jimlar abubuwan shigarwar abubuwa don yankinku kamar yadda aka kwatanta akan hotunan kariyar kwamfuta na ƙasa.

# ldapsearch -x -h tecmint.lan -D '[email ' -W -b 'cn=users,dc=tecmint,dc=lan'

Lura: Sauya sunan yanki da tushen LDAP dn a cikin Samba4 AD ('cn = masu amfani, dc=tecmint, dc=lan') daidai.

Mataki 3: Haɗa Sabis na iRedMail zuwa Samba4 AD DC

10. Yanzu lokaci ya yi da za a lalata ayyukan iRedMail (Postfix, Dovecot da Roundcube) don yin tambaya Samba4 Domain Controller don asusun wasiku.

Sabis na farko da za a gyara zai zama wakilin MTA, Postfix. Ba da waɗannan umarni masu zuwa don kashe jerin saitunan MTA, ƙara sunan yankin ku zuwa yankin gida na Postfix da wuraren akwatin wasiku kuma yi amfani da wakilin Dovecot don isar da wasikun da aka karɓa a cikin gida zuwa akwatunan saƙo na mai amfani.

# postconf -e virtual_alias_maps=' '
# postconf -e sender_bcc_maps=' '
# postconf -e recipient_bcc_maps= ' '
# postconf -e relay_domains=' '
# postconf -e relay_recipient_maps=' '
# postconf -e sender_dependent_relayhost_maps=' '
# postconf -e smtpd_sasl_local_domain='tecmint.lan'	#Replace with your own domain
# postconf -e virtual_mailbox_domains='tecmint.lan'	#Replace with your own domain	
# postconf -e transport_maps='hash:/etc/postfix/transport'
# postconf -e smtpd_sender_login_maps='proxy:ldap:/etc/postfix/ad_sender_login_maps.cf'  # Check SMTP senders
# postconf -e virtual_mailbox_maps='proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf'  # Check local mail accounts
# postconf -e virtual_alias_maps='proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf'  # Check local mail lists
# cp /etc/postfix/transport /etc/postfix/transport.backup	# Backup transport conf file
# echo "tecmint.lan dovecot" > /etc/postfix/transport		# Add your domain with dovecot transport
# cat /etc/postfix/transport					# Verify transport file
# postmap hash:/etc/postfix/transport

11. Na gaba, ƙirƙiri Postfix /etc/postfix/ad_sender_login_maps.cf fayil ɗin sanyi tare da editan rubutu da kukafi so kuma ƙara daidaitawar ƙasa.

server_host     = tecmint.lan
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = [email 
bind_pw         = ad_vmail_account_password
search_base     = dc=tecmint,dc=lan
scope           = sub
query_filter    = (&(userPrincipalName=%s)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
result_attribute= userPrincipalName
debuglevel      = 0

12. Ƙirƙiri /etc/postfix/ad_virtual_mailbox_maps.cf tare da tsari mai zuwa.

server_host     = tecmint.lan
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = [email 
bind_pw         = ad_vmail_account_password
search_base     = dc=tecmint,dc=lan
scope           = sub
query_filter    = (&(objectclass=person)(userPrincipalName=%s))
result_attribute= userPrincipalName
result_format   = %d/%u/Maildir/
debuglevel      = 0

13. Ƙirƙiri /etc/postfix/ad_virtual_group_maps.cf tare da tsarin da ke ƙasa.

server_host     = tecmint.lan
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = [email 
bind_pw         = ad_vmail_account_password
search_base     = dc=tecmint,dc=lan
scope           = sub
query_filter    = (&(objectClass=group)(mail=%s))
special_result_attribute = member
leaf_result_attribute = mail
result_attribute= userPrincipalName
debuglevel      = 0

A kan duk fayilolin sanyi guda uku suna maye gurbin dabi'u daga uwar garken_host, bind_dn, bind_pw da search_base don nuna saitunan al'ada na yankin ku.

14. Na gaba, buɗe babban fayil ɗin sanyi na Postfix kuma bincika kuma kashe iRedAPD check_policy_service da smtpd_end_of_data_restrictions ta ƙara sharhi # a gaban layin masu zuwa.

# nano /etc/postfix/main.cf

Yi sharhi wadannan layukan:

#check_policy_service inet:127.0.0.1:7777
#smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777

15. Yanzu, tabbatar da ɗaurin Postfix zuwa Samba AD ta amfani da mai amfani da yanki da kuma rukunin yanki ta hanyar ba da jerin tambayoyi kamar yadda aka gabatar a cikin misalai masu zuwa.

Sakamakon yakamata ya zama kama kamar yadda aka kwatanta akan hoton bellow.

# postmap -q [email  ldap:/etc/postfix/ad_virtual_mailbox_maps.cf
# postmap -q [email  ldap:/etc/postfix/ad_sender_login_maps.cf
# postmap -q linux[email  ldap:/etc/postfix/ad_virtual_group_maps.cf

Maye gurbin mai amfani da AD da asusun rukuni daidai. Hakanan, tabbatar cewa rukunin AD ɗin da kuke amfani da shi yana da wasu membobin AD ɗin da aka sanya mata.

16. A mataki na gaba gyara fayil ɗin daidaitawar Dovecot domin yin tambaya Samba4 AD DC. Buɗe fayil /etc/dovecot/dovecot-ldap.conf don gyara kuma ƙara layin masu zuwa.

hosts           = tecmint.lan:389
ldap_version    = 3
auth_bind       = yes
dn              = [email 
dnpass          = ad_vmail_password
base            = dc=tecmint,dc=lan
scope           = subtree
deref           = never
user_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs      = userPassword=password
default_pass_scheme = CRYPT
user_attrs      = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/

Za a adana akwatin wasiku na asusun Samba4 AD a /var/vmail/vmail1/your_domain.tld/your_domain_user/Maildir/ wuri akan tsarin Linux.

17. Tabbatar cewa an kunna ka'idojin pop3 da imap a cikin babban fayil ɗin sanyi na dovecot. Tabbatar idan an kunna keɓaɓɓiyar keɓaɓɓu da plugins na acl mail ta buɗe fayil /etc/dovecot/dovecot.conf kuma duba idan waɗannan ƙimar suna nan.

18. Zabi, idan kana so ka saita ƙayyadaddun ƙayyadaddun ƙididdiga na duniya don kada ya wuce iyakar 500 MB na ajiya ga kowane mai amfani da yanki, ƙara layin da ke gaba a cikin /etc/dovecot/dovecot.conf file.

quota_rule = *:storage=500M 

19. A ƙarshe, don amfani da duk canje-canjen da aka yi zuwa yanzu, sake farawa kuma tabbatar da matsayin Postfix da Dovecot daemons ta hanyar ba da umarnin da ke ƙasa tare da tushen gata.

# systemctl restart postfix dovecot
# systemctl status postfix dovecot

20. Domin gwada saitunan sabar sabar daga layin umarni ta amfani da ka'idar IMAP amfani da telnet ko netcat umurnin kamar yadda aka gabatar a cikin misalin da ke ƙasa.

# nc localhost 143
a1 LOGIN [email _domain.tld ad_user_password
a2 LIST “” “*”
a3 LOGOUT

Idan za ku iya yin shigar da IMAP daga layin umarni tare da asusun mai amfani na Samba4 to iRedMail uwar garken yana da alama yana shirye don aikawa da karɓar wasiku don asusun Active Directory.

A kan koyawa ta gaba za ta tattauna yadda ake haɗa saƙon gidan yanar gizo na Roundcube tare da Samba4 AD DC da kuma ba da damar Littafin adireshi na LDAP na Duniya, da daidaita Roudcube, samun damar Intanet ɗin Roundcube daga mai bincike da kuma kashe wasu ayyukan iRedMail da ba a buƙata ba.