Hi I have : Samba4 AD on debian10 Dovecot/exim4 on debian10
So this follow work on debian10 (debian9 to ;)) Samba4 AD : follow this how to (i adapted this on my wiki): https://dev.tranquil.it/samba/fr/samba_config_server/debian/server_prepare_debian.html I create an user on AD samba-tool user create dovecotpdbedit --user=dovecot --modify --fullname="Serveur Dovecot" --account-desc="The BEST way to make Dovecot work"
samba-tool user setpassword dovecot -U administrator Dovecot :apt-get install --assume-yes dovecot-core dovecot-imapd telnet dovecot-ldap ldap-utils
# i use ~/Maildirsed -i '/^mail_location/ s/mbox.*$/maildir:~\/Maildir/' /etc/dovecot/conf.d/10-mail.conf /etc/dovecot/conf.d/10-mail.conf
groupadd -g 5000 vmail useradd -u 5000 -g 5000 -s /bin/bash -d /home/vmail vmail chown vmail /homesed -i 's/#!include auth-ldap.conf.ext/!include auth-ldap.conf.ext/' /etc/dovecot/conf.d/10-auth.conf
FQDN=HOME.LAN LDAPUSER=dovecot LDAPPASS='PASSWORDDOVECOTUSER' IPAD=192.168.123.123 DOMAINE=HOME SUFFIX=LANmv /etc/dovecot/dovecot-ldap.conf.ext /etc/dovecot/dovecot-ldap.conf.ext.ORIGIN
cat <<EOF >/etc/dovecot/dovecot-ldap.conf.ext uris = ldap://${IPAD}/ dn = "${LDAPUSER}@${FQDN}" dnpass = "${LDAPPASS}" sasl_bind = no tls = no ldap_version = 3 deref = never scope = subtree base = cn=Users,dc=${DOMAINE},dc=${SUFFIX} auth_bind = yesuser_filter = (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(|(mail=%u)(sAMAccountName=%u)(otherMailbox=%u))) user_attrs = sAMAccountName=user,userPassword=password,=mail=maildir:/home/%n/Maildir/ pass_filter = (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(sAMAccountName=%u))
pass_attrs = sAMAccountName=user,userPassword=password EOFsed -i "/^mail_location/amail_home = /home/sieve/%u\nmail_uid = vmail\nmail_gid = vmail\nfirst_valid_uid = 107\nfirst_valid_gid = 8\ndisable_plaintext_auth = no" /etc/dovecot/conf.d/10-mail.conf
sed -i "/auth-userdb/amode = 0600\nuser = vmail\ngroup = vmail" /etc/dovecot/conf.d/10-master.conf
sed -i -e '/UserDatabase.Static.txt/,$ s/^\([ ]*\)#/\1/' -e '/UserDatabase.Static.txt/ s/^/#/' /etc/dovecot/conf.d/auth-ldap.conf.ext
/etc/init.d/dovecot restart And Exim aptitude install --assume-yes exim4-daemon-heavy opensslsed -i '/dc_use_split_config/s/false/true/' /etc/exim4/update-exim4.conf.conf
cat <<EOF >/etc/exim4/conf.d/main/15_exim4-ldap
LOCAL_AD_SERVERS = ${IPAD}::389
LOCAL_AD_BASE_DN = \${quote_ldap:CN=Users,DC=${DOMAINE},DC=${SUFFIX}}
LOCAL_AD_BIND_DN =
\${quote_ldap:CN=${LDAPUSER},CN=Users,DC=${DOMAINE},DC=${SUFFIX}}
LOCAL_AD_PASS = "${LDAPPASS}"
.ifdef LOCAL_AD_SERVERS
ldap_default_servers = LOCAL_AD_SERVERS
ldap_start_tls = false
ldap_require_cert = never
.endif
EOF
chmod 644 /etc/exim4/conf.d/main/15_exim4-ldap
cat <<EOF >/etc/exim4/conf.d/router/898_exim4-config_ldap
.ifdef LOCAL_AD_SERVERS
user_ad_aliases:
debug_print = "R: user_ad_aliases for \$local_part@\$domain"
driver = redirect
domains = +local_domains
data = \${lookup ldapm {user=LOCAL_AD_BIND_DN pass=LOCAL_AD_PASS
ldap:///LOCAL_AD_BASE_DN?mail?sub?(memberOf=\${lookup
ldapdn{user=LOCAL_AD_BIND_DN pass=LOCAL_AD_PASS
ldap:///LOCAL_AD_BASE_DN??sub?(mail=\${quote_ldap:\$local_part@\$domain})}})}}
.endif EOF chmod 644 /etc/exim4/conf.d/router/898_exim4-config_ldap cat <<EOF >/etc/exim4/conf.d/router/899_dovecot dovecot: debug_print = "R: dovecot for \$local_part@\$domain" driver = accept domains = +local_domains transport = dovecot_virtual_delivery cannot_route_message = Unknown user EOF chmod 644 /etc/exim4/conf.d/router/899_dovecot cat <<EOF >/etc/exim4/conf.d/transport/35_exim4-config_dovecot dovecot_virtual_delivery: driver = pipecommand = /usr/lib/dovecot/dovecot-lda -d \$local_part@\$domain -f \$sender_address
message_prefix =
message_suffix =
delivery_date_add
envelope_to_add
return_path_add
log_output
user = vmail
temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78
EOF
chmod 644 /etc/exim4/conf.d/transport/35_exim4-config_dovecot
cat <<EOF >/etc/exim4/conf.d/auth/10_exim4-config_dovecot
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = \$auth1
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = \$auth1
EOF
chmod 644 /etc/exim4/conf.d/auth/10_exim4-config_dovecot
/etc/init.d/exim4 restart
cat <<EOF >/tmp/10-master.tmp
unix_listener auth-client {
mode = 0600
user = Debian-exim
}
EOF
sed -i $'/Postfix smtp-auth/{e cat /tmp/10-master.tmp\n}'
/etc/dovecot/conf.d/10-master.conf
cat <<EOF >/etc/dovecot/conf.d/25-custom-stats.conf
service stats {
unix_listener stats-reader {
user = vmail
group = vmail
mode = 0600
}
unix_listener stats-writer {
user = vmail
group = vmail
mode = 0660
}
}
EOF
chmod 644 /etc/dovecot/conf.d/25-custom-stats.conf
/etc/init.d/dovecot restart
Good night !
Benoît
Le 20/11/2020 à 22:52, Odhiambo Washington via Exim-users a écrit :
Hi Benoît, Thanking you in advance for your help with this. I will be waiting for your reply. On Sat, 21 Nov 2020, 00:46 Benoît, <[email protected]> wrote:Hi, I will do mail tomorrow to explain it. I do it with exim and dovecot-lda delivery. Le 20 novembre 2020 08:08:19 GMT+01:00, Odhiambo Washington via Exim-users <[email protected]> a écrit :Hello good people, My Google-fu having failed me miserably, I am only left with one option - to ask here. I have setup a Samba4 as a domain controller on a Unix box. My next quest is to see if I can have Exim to authenticate users against it. I have 2 domains that I'd love to virtualize. Ultimately I am looking for an SSO setup for all services. I am pretty sure there are members of this list who are running such setups. I could not find (well, either Google or me) any detailed documentation in one place. I am requesting you to kindly share me with any HOWTOs, if anyone has documented their setup. Thanking you in advance.-- Benoît Pélissier - Lan2Net
<<attachment: bpelissier.vcf>>
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
