Samba, Squid or ..... what?

[rebayona]

Hi, I'm setting up a linux box to be mailserver, proxy, and DNS for my company. I'm still having trouble with the DNS, (some servers see me, some doesn't).

Right now we're working using the same configuration (a server for mail and proxy for the whole company) but using MS Exchange. Thanks to their absurd pricing policy, we decided to switch to a reliable, better and free solution, like linux. There is another Windows NT machine with all the user accounts, to log in to the Windows Network. Using that login and password, they also log to the proxy, which, as I said, it's on another NT Machine. Every person belongs to a group, for differential internet access. (Controling their services, some can use only port 80, some can use others...).

I'm kind of new on this whole networking thing, so I'm lost here. (I didn't set up the server I just mentioned). What I want to do is to replace the Windows machine with this neat linux box. Mailserver and DNS are running (DNS not the best way, but at least it works), and I want to setup the proxy and switch ASAP. But, I don't know how to do this step .... How to make the windows (the users) server to "see" and "login" to the linux machine, and use it as their proxy? How to make the same group-based (different priviledges) internet access thing? Will Samba do this? (as far as I understand, Samba is to share files, but I want to share services)

My linux machine has two eth cards, one for the internet access, and the other one to plug it to the windows machine. Distribution is RH 7.1.

Thanks for your help,

Rafael

PS.
I'm still stuck with the DNS problem. Please check my message about it if you want to help me. (Page 7, subject: DNS misconfiguration or what is wrong here? )

 

[marsd]

The easiest solution for me would not to be to try and
use the linux machine as some sort of hybrid
proxy solution. You can configure samba to authenticate
users via your pdc/proxy, this is not too difficult.
But you will need to create users correlating to the users
in your office on the linux machine. Then you will need to
create smbaccounts for these users.

A cheesy script to automate this might look like this:

#!/bin/sh


passchng() {
exec passwd $1
return
}

smbuse() {
exec smbpasswd $1
return
}

while :
read name
if [ "$name" = "" ] || [ "$prv_name" = "$name" ]
then
break
else
prv_name=$name
adduser $name -g whatgrp -s /fake/shell -f 0
passchng $name
smbuse $name
continue
fi
done
Use at your own risk.

as far as joining the domain: your users can access the
samba box as any other member of the domain once you have established a trust with the pdc and vice-versa.

Pick up a good book on samba: PrimaTechs "Integrating
Linux Solutions into your Windows Network" has a step by
step of what you want to do.

For mail to work properly you should really get your
dns correctly configured.
If you want post a copy of your named.conf,
and your zone files.
Change the ip addresses to save the innocents;-)
Congratulations on LINUX.
It may be hard now but it gets better.

 

[ifincham]

Hi,

Well, firstly, samba is essentially a file & print server although can act as a PDC/BDC (Primary or Backup Domain Controller). So, samba is not related to any internet connected service.

In the world of M$, it is fairly normal for users of exchange server (via their outlook clients) to be authenticated by their domain logon. In addition, the default M$ Mail API is proprietary and there is no linux client that I know of that can talk to exchange.

If this is the case for your company, then you will have to change all the users onto imap (preferable) or pop3 which will entail setting up accounts/passwords on the linux box. There is really no way round this because even if you set up samba as a PDC there is nothing other than M$/Exchange that will accept that domain authentication. Apart from the cutover, however, its no big deal really because they can still use outlook to talk to the mail server and get it to remember their logon/password.

On the proxy I'd need to check - from memory I don't recollect that M$/Poxy server had any group access permissions, etc., but it may well have. If so, I'd assume that it would use the same authenitication method as all other NT/W2K stuff, i.e. based on domain logons and associated permissions. On the linux side, the http proxy squid (

http://www.squid-cache.org)

has fairly granular permissions but I don't think it supports groups - only user logons, IP addresses, etc.

That will have to do for now....

Regards

 

[rebayona]

Hi, thanks for replying.

Here there are my named config files. Thanks in advance, Rafael

This is 0.0.127.in-addr.arpa.zone:

$TTL 86400
@ IN SOA localhost. root.localhost (
2 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttk
)


@ IN NS localhost.
@ IN NS trinity.attla.net.co.

1 IN PTR localhost.

This is localhost.zone

$TTL 86400
@ IN SOA @ root.localhost (
2 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttl
)


@ IN NS localhost.
@ IN NS trinity.attla.net.co

@ IN MX 10 mail.setecsa.com

@ IN A 127.0.0.1

This is setecsa.com.zone

$TTL 86400
@ IN SOA ns1.setecsa.com. root.localhost (
3 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttl
)


ns1 IN NS trinity.attla.net.co
@ IN NS localhost.
@ IN NS ns1.
ns1 IN NS ns1.granitecanyon.com
ns1 IN NS ns2.granitecanyon.com

@ IN MX 10 mail.setecsa.com.
mail IN MX 10 mail
ns1 IN A 200.74.XXX.XX8
mail IN A 200.74.XXX.XX7
@ IN A 200.74.XXX.XX8
localhost IN A 127.0.0.1
www IN A 200.31.22.44

This is XXX.74.200.in-addr.arpa.zone

$TTL 86400
@ IN SOA ns1.setecsa.com. root.localhost (
2 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttk
)


@ IN NS ns1.
@ IN NS ns1.setecsa.com.
@ IN NS trinity.attla.net.co.

XX7 IN PTR mail.setecsa.com.
XX8 IN PTR ns1.setecsa.com.

This is named.local

$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.

1 IN PTR localhost.