[Samba] Integration with AD and mail service
Marc Muehlfeld
mmuehlfeld at samba.org
Wed Oct 21 16:23:17 UTC 2015
Hello,
Am 21.10.2015 um 13:21 schrieb Guilherme Boing:
> As of now my mail server is basically postfix.
>
> Did anyone succeed integrating the Samba4 AD DC users with any mail daemon ?
Yes.
At work I have an LDAP proxy to AD
(https://wiki.samba.org/index.php/OpenLDAP_as_proxy_to_AD) in my DMZ,
because I don't have to have an DC out there.
The authentication for postfix and cyrus is done via pam ldap against AD
via that proxy.
In AD we use the proxyAddresses attribute on user objects to store all
addresses the user is allowed to send with. The mail attribute is single
value, so you can't use that for this case (we use that one only for the
primary mail address, to view in addressbooks, etc.). Via
smtpd_sender_login_maps you can let postfix get that information to
validate if the user owns the address and is allowed to send with it.
> 1) I have several mail domains to host. Can I use all of them with my
> single DC/DOMAIN ?
Postfix can be configured to use LDAP for several things. Im sure, if
you find places in AD where to store everything, Postfix is able to get
that information from there.
> 2) The usernames are not the same as the email (e.g.: AD user is
> guilherme.walter but my email is somethingelse at my.domain). Would it work ?
That's fine.
I don't suggest usernames containing an @. I'm sure, it will cause
problems one some day (didn't we had that a while ago on the list?).
Regards,
Marc
More information about the samba
mailing list