Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Postfix smtp authentication using pam / winbind

Status
Not open for further replies.
ssaddler

ssaddler

Technical User
Mar 23, 2002
1
US
I have established a Postfix mail server on a RH9 Linux box which operates as a mail gateway for my domain and transfers mail to a MS Exchange 5.5 server for local delivery. The RH9/Postfix box sits behind a NAT/Firewall on a DSL circuit. I have many road warriors which need to relay mail through my system from the public network.

Is it possible to configure Postfix to perform smtp authentication to Microsoft Primary Domain Controller (PDC) using pam and the Samba winbind module? I would expect the sasl_auth module to be utilized along with pam_winbind.so.

The road warriors do have windows accounts and we are not using LDAP.

 
Sort by date Sort by votes
We use Mandrake 9.1, but it is supposedly very similar to RH9. We also use LDAP authentication, but the config should be similar

On our system, we had to install the libsasl7 libraries, which created the /usr/lib/sasl directory. We then added a file to that directory called smtpd.conf

smtpd.conf:
pwcheck_method: pam

This passes the sasl authentication to the PAM modules. We then setup the file /etc/pam.d/smtp:

auth required /lib/security/pam_ldap.so
account required /lib/security/pam_ldap.so

You would of course change this to be pam_winbind.so

Finally in main.cf, we added:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_delay_reject = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

This setup the procedure so that postfix asked sasl for authentication, then sasl passed the request to PAM and finally PAM accessed its libraries to authenticate.

Notes:
I have just downloaded a copy of Mandrake 9.2 Beta. In this release they have compiled postfix to use sasl2 libraries. This slightly changes the configuration. We need to install sasl2 libraries, which creates /usr/lib/sasl2. This is where the smtpd.conf file goes, and it contains
pwcheck_method: saslauthd

We then had to modify the startup script for saslauthd (in Mandrake this is in /etc/sysconfig/saslauthd.conf) to read SASL_AUTHMECH=pam
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

litchi
  • Locked
  • Question
SMTP issue need urgent help
Replies
0
Views
274
litchi
litchi
7xja
  • Locked
  • Question
Some problems on Postfix 3.6
Replies
0
Views
298
7xja
7xja
alexk345
  • Locked
  • Question
I need a way to block outgoing recipients using Mysql - Postfix / Postmap
Replies
1
Views
301
alexk345
alexk345
Martin Zahn
  • Locked
  • Question
postfix: fatal: could not find any active network interfaces
Replies
0
Views
311
Martin Zahn
Martin Zahn
BJZeak
  • Locked
  • Question
Looking to understand the feasibility of creating a SEND only POSTFIX solution for an IOT (pi) ctrlr
Replies
0
Views
273
BJZeak
BJZeak

Part and Inventory Search

Sponsor

Back
Top