--On Wednesday, April 24, 2013 5:35 PM -0700 Matthew Larsen
<[email protected]> wrote:
I'm working on a project to replace an Exchange 2003 server that is only
still around these days because we have lots of SMTP clients around the
country that use it as an SMTP relay. It only relays messages for
clients authenticated by our Active Directory domain. Members of a
group in the parent domain and a group in the child domain are given
relay permissions for this server.
If you replaced Exchange 2003 with Zimbra, and set up external auth to your
AD server, then it would use the custom zimbra authentication method for
cyrus-sasl to auth your clients against AD. I don't know what you intend
on replacing Exchange with though, so that may be a bit more than you want.
But it is a solution.
If you want to use SASL/GSSAPI, the clients have to be able to get a TGT
from the KDC.
Alternatively, you could just do straight ldap authentication against AD,
instead of Kerberos-AD, something like:
<http://www.howtoforge.com/postfix-dovecot-authentication-against-active-directory-on-centos-5.x>
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
