Solaris 1. 1 Samba ZFS Configuration.I make no promiseswarranties regarding any of this information.The following information contains my opinions from my own experience with SolarisSambaZFS.The following documentation is provided for educational purposes only and should be used at your own risk.Install Samba.By default Solaris 1.Install Ntp On Solaris 11 Patching' title='Install Ntp On Solaris 11 Patching' />Image Packaging System IPS.You will need to install the packages from the Solaris catalog.To do this, you can use the pfexec command as a normal user pretty much like sudo or run the install as root.As root pkg install samba.As a normal user, using pfexec pfexec pkg install samba.Set maximum groups to 1.As of Solaris 1.Solaris 1. 1, the Solaris kernel allows a user to be a member of 1.If you do not set this the default maximum will be 1.Unfortunately nesting groups does not cut down on this number since the system will still see the user as a member of each nested group.CAUTION This will create NFS server incompatibilities.Edit etcsystem and make sure there are no spaces after the sign and everything is spelled correctly.Note If you make a mistake and your system fails to boot just boot interactively and point to devnull when it asks for the location of your etcsystem file.Setup NTP to stay in sync with your domain controllers.Install Ntp On Solaris 11 CheatCreate the ntp filecd etcinet.Edit the file taking out the multicast option and setting up your DC as the server to sync with.SMI.Install Ntp On Solaris 11 DownloadAn example file that could be copied over to etcinetntp.NTP packets on the ntp multicast net.INSERT YOUR PDC EMULATOR AD DC IP ADDRESS.Start the xntpd servicesvcadm enable networkntp.Update your hosts file and enter mappings for all domain controllers as well as server.Edit the hosts filevi etcinethosts.Setup host and alias entries for both of your DCs and for your system.S-hp4i4LM/WSoCOK892FI/AAAAAAAAGJc/2IKVXFcqI04QS7bouMIV-U5e6FYN9OkrQCLcB/s1600/solaris-11.3-ntp-daemon.jpg' alt='Install Ntp On Solaris 11 Repository' title='Install Ntp On Solaris 11 Repository' />The host entries for your DCs may not be completely necessary as long as you have DNS setup properly.I just always do this just in case.Internet host table.Network Domain Controllers.Make sure that etcresolv.Active Directory DNS servers as well as a domain and search field.This file is now auto generated from SMF, if you need to edit it use the appropriate svccfg s dnsclient commands to adjust your name server settings.This article shows you on how to install Java SE 7 JDK 1.Windows 7 Ultimate with 64bit architecture.Support for packages has been discontinued on Sunfreeware.Please Visit our New Website UNIXPackages.UNIX packages provides full package support for all levels.Setup Kerberos.NEW WEIRDNESS Not sure why but as of Solaris 1.I needed to manually create a key tab file from my domain controller otherwise I was getting kerberos errors.This is strange as this is normally all handled in Samba.To begin, create an active directory user account that we will use to create kerberos tickets It may also be possible to just use a normal user account but I havent tested what happens when the account is deleted.For this example I created a user account named host fs.The account should need no special privileges and is just a normal user account.Next, on the domain controller click Start All Programs Accessories and then right click on the command prompt and choose run as Administrator specific to 2.Once the command prompt opens use the following command to generate a keytab file.Catalyst Express 500 Cli Hack .DOMAIN. LOCAL mapuser DOMAINhost fs.All pass lt PASSWORD ENTERED HERE ptype KRB5NTPRINCIPAL out fs.Copy the fs.Solaris server and place it in the etckrb.Setup your etckrb.DOMAIN.LOCAL. dnslookuprealm false.DOMAIN.LOCAL. CHILD.DOMAIN.LOCAL. DOMAIN.LOCAL.DOMAIN.LOCAL. child.CHILD.DOMAIN. LOCAL.CHILD.DOMAIN. LOCAL.FILE varkrb.FILE varkrb.How often to rotate kdc.Logs will get rotated no more.KDC is not used.Test your file using kinit.No response is a good response, otherwise you will receive an errorkinit userDOMAIN.LOCALConfigure Samba.Create a new file named etcsambasmb.DOMAIN.Corporate File Server.Yes.TCPNODELAY SOKEEPALIVE.NTLMv.No. client signing Yes.Yes.Currently testing cross platform oplocks this may need be re enabled as all my production servers have always had vetoed files.DOC xls XLS PPT pst PST MDB ldb LDB VSD mpp MPP QBW qbb QBB I qbl.DXF dwg DWG CDR bak BAK LOG sbs iam Pcb.Doc PCBDOC.CorporateUsersU.Corporate Share.Corporate.No. inherit permissions Yes.Yes.Yes.No. map readonly no.Yes.In order to optimize the config and take out any comments we will use the testparm command to generate a smb.This also has the added benefit of checking your config for any errors and displaying the errors on the screen.We are now ready to join this box to the domain.If successful you should see Joined FS0 to realm DOMAIN.LOCALnet ads join U AdministratorDOMAIN.LOCALSetup PAM and nsswitch.Here we are going to enable the use of winbind through PAM.This will give us the capability of using active directory users and groups when assigning permissions on files and directories.We could also use this for other authentication methods that use PAM such as apache web sites but that is another discussion.Enable winbind in pam.OLD.Enable winbind in nsswitch.The system will now look at the local files followed by a check against winbind.Make sure the entries were adjusted in nsswitch by cat etcnsswitch.You should see the following entries in passwd and group passwd files winbind.Testing the configuration and starting services.Before starting anything we should do a reconfiguration reboot to ensure the kernel entries that were entered in the beginning are being seen.Before starting winbind we will perform a test so you can see what the nsswitch pam changes did getent passwd.You should see a list of ONLY the users and groups in your Solaris etcpasswd and etcgroups files.So now lets enable services and run the commands again svcadm enable winbind.If everything worked you should see all of your local users and groups plus all the users and groups from Active Directory.Winbind downloads this list from active directory maintaining a local cache in tdb files located varsambalocks on your system.Setup ZFS Storage For Samba Shares.Since my first article much has changed with ZFS permissions and as of the latest releases it looks like I no longer need to specify explicit deny statements and so I have altered the config to reflect the new changes.The following example illustrates how to setup root departmental shares along with user folders.The root departmental shares each have two groups associated with them corporate lt DEPARTMENT NAME Departmental group.Members of the department should be put here.Access to ALL department folders used for VPs and privileged users.I use the naming strategy shown above to help keep my groups organized.Notice that corporate is the share name and department is going to be the departmental folder name.This helps make it easy associating shares folders sub folders to groups.You do not need to setup your groups this way but I provide this example to help the ACLs make sense.Before we get started we need to create our ZFS file system.You may have already noticed that I am creating the file system in export.If you already have a file system loaded in export Which looks like the default in Solaris 1.The following zpool shows a smaller system with only six disks.Your configuration will probably be different.Now that the pool is created I am going to create my top level shared folders.Corporate.CorporateUsers.CorporateUsersjdoe.CorporateSales.CorporateAccounting.Set ZFS ACL inheritance to control how ACLs are inherited between file systems.Corporate.Corporate.Ok now we are ready to lay down our ACLs on our Corporate folder.By looking at this ACL you should notice I am first deleting any existing ACLs Important when testing ACLs, then I am setting trivial permissions for user and group as rwx and telling the user and group permissions to inherit.I am then adding Domain Users to the ACL and allowing them to read the directory and list its contents.I always setup the root directories so users cannot add or remove files.This way Administrators can maintain organization by creating new departmental shares.A exportCorporate.Corporate.A0owner rwxpd.The MIMEDefang HOWTOMickey Hill.Last updated May 2.Recent Changes.May 2.Updated MIMEDefang version Updated sendmail version Other minor updates.This document is intended to guide an administrator through the.Linux, BSD derivative, or UNIX system based mail server with.MIMEDefang, spam filtering software, and antivirus software.Introduction.This document was written to guide a mail system administrator through the.Linux, BSD derivative, or UNIX.MIMEDefang.Other useful software.Ancillary software is also described, including POP3, IMAP, and.A mail server is used to transfer electronic mail using SMTP Simple Mail.Transfer Protocol.This is widely accomplished through the use of.Linux, a BSD derivative, or UNIX, and sendmail, a popular MTA.While a mail server can operate successfully with only.Linux, a BSD derivative, or UNIX, and sendmail, many administrators, especially.A mail server can be rounded out with end user mail retrieval.Installation and configuration questions can be posted to the MIMEDefang.Send corrections, suggestions, and comments about this HOWTO to.Please do not send installation or.MIMEDefang.Copyrights and Trademarks.The MIMEDefang HOWTO is Copyright c 2.Mickey Hill.Permission is.GNU Free Documentation License, Version 1.Free Software Foundation with no Invariant Sections, no Front Cover Texts.Back Cover Texts.A copy of the license is included in the section.GNU Free Documentation License.MIMEDefang is a trademark of.Roaring Penguin Software Inc.Can.It is a trademark of.Roaring Penguin Software Inc.Linux is a registered trademark of Linus Torvalds.UNIX is a registered trademark of.The Open Group in the United States and.Fedora is a trademark or registered.Red Hat, Inc.Red Hat is a registered trademark of Red.Hat, Inc.Slackware is a registered trademark of.Slackware Linux, Inc.Yellow Dog is a trademark of Terra Soft Solutions of Colorado, Inc.Solaris is a trademark or.Sun Microsystems, Inc.United States and other countries.BSD is a registered trademark of Berkeley Software Design, Inc.AIX is a trademark or.IBM Corporation.IRIX is a trademark or.Silicon Graphics, Inc.United States and other countries.Sendmail is a registered trademark of.Sendmail, Inc.QPopper is a trademark of.QUALCOMM Inc.Network Associates and Mc.Afee are registered trademarks of Network.Associates, Inc.Anti.Vir is a registered trademark of HBEDV Datentechnik Gmb.H.All other registered and unregistered trademarks in this document are the.Acknowledgements and Credits.Thanks to Dianne Skoll.Roaring Penguin Software.MIMEDefang and providing some of the text and.Thanks also to everyone on the MIMEDefang.MIMEDefang is an open source product, and technical support is primarily.MIMEDefang mailing list.For commercial support, please.Can.It, a commercial.MIMEDefang and offered by Roaring Penguin Software.This document is distributed in the hope that it will be useful, but.WITHOUT ANY WARRANTY without even the implied warranty of MERCHANTABILITY.FITNESS FOR A PARTICULAR PURPOSE.What is MIMEDefang MIMEDefang is a software program for sendmail based mail servers that.MIMEDefang uses sendmails built in milter, or mail filter.MIMEDefang is.MIMEDefang provides an interface between sendmail and other.MIMEDefang provides a complete, robust, and configurable.A typical MIMEDefang installation consists of sendmail, MIMEDefang.Spam.Assassin, and one or more open source or commercial antivirus scanners.MIMEDefang uses the milter, or mail filter, interface provided by sendmail to.MIMEDefang can also send messages to external programs for further.MIMEDefang remains in.MIMEDefang consists of four major components mimedefang.C, and is the actual mail.Perl processes that.Perl script.Perl fragment that is read by mimedefang.This configuration file is where the vast majority.More advanced configurations can entirely replace mimedefang.MIMEDefang is licensed under the GNU General Public License.Requirements.A computer with Linux, a BSD derivative, or UNIX installed and capable of.Internet is required.All other required software can be.Internet.In general, hardware requirements are the same as for sendmail.However.Perl 5. 0. 01 or greater is required by MIMEDefang.Some other packages.This HOWTO was written using Red Hat Linux 7.Fedora. Diner Dash Hometown Hero Cheat . Core 5 Linux.Installation on other versions of Linux, on a BSD derivative, or.UNIX should be similar however, directory and file names and locations may.Correct timekeeping is essential to any mail server.NTP network time protocol and ntpd the NTP daemon are recommended for this purpose.A permanent connection to the Internet is assumed.While a mail server with.Known to Compile.MIMEDefang should compile on any modern Linux, BSD derivative, or UNIX.It has been known to compile on the following systems.Fedora Core 6 Linux.Fedora Core 5 Linux.Fedora Core 4 Linux.Fedora Core 3 Linux.Fedora Core 2 Linux.Fedora Core 1 Linux.Red Hat Linux 9.Red Hat Linux 8.Red Hat Linux 7.Red Hat Linux 7. 2.Red Hat Linux 7.Red Hat Linux 7. 0.Red Hat Linux 6.Red Hat Linux 6. 1.Red Hat Enterprise Linux ES 4.Red Hat Enterprise Linux ES 2.SUSE Linux Enterprise Server 9.Slackware Linux 1.Slackware Linux 1.Slackware Linux 9.Slackware Linux 8.Slackware Linux 8.Slackware Linux 7.Slackware Linux 7.Yellow Dog Linux 3.Caldera Open Linux 3.Linux From Scratch 3.Ubuntu 2.Free. BSD 5. 2. 1 RELEASE.Free.BSD 4. 9 STABLE.Free.BSD 4. 5 STABLE.Tru.Unix 5. 0.A. If you have successfully compiled and installed MIMEDefang on a system not.Mickey Hill.MIMEDefang has been operated on single mail servers processing fewer than.Installation Notes.Dont make, build, compile or run software as the root user.Instead.The more you think this doesnt apply to you, the more it does.Install sendmail.Sendmail Home Page.Sendmail version 8.MIMEDefang.Version 8.Earlier versions 8.Versions prior to 8.Although many people have success installing sendmail from vendor packages.Overview.Download and unpack the source.Enable milter support in devtoolsSitesite.Build the source.Create cfcfsendmail.Build and install the cf files.Create smmsp user and group.Create symbolic link for man page directory.Install.Build and install mailstats.Build and install makemap.Build and install libmilter.Build and install smrsh.Install headers and libraries for MIMEDefang.Edit etcmaillocal host names.Edit etcmailrelay domains.Edit etcmailvirtusertable.Edit etcmailaliases.Create etcinit.MIMEDefang support.Link startup script in rc.Installation.Create the usrsrcsendmail directory and cd to it.The latest source is available from.This example uses version 8.Download the source at.Unpack the source.Remove the source.Cd into the sendmail 8.Beginning with version 8.API.Also, libmilter will not unlink a socket when running as.In versions prior to 8.DMILTER.To do this, create devtoolsSitesite.APPENDDEFconfsendmailENVDEF, DMILTER.APPENDDEFconflibmilterENVDEF, DFFRMILTERROOTUNSAFE.The first APPENDDEF enables the mail filter interface.The second APPENDDEF.It is strongly.MIMEDefang is not run as root.MIMEDefang does not need root.To enable SMTP AUTH, devtoolsSitesite.APPENDDEFconfsendmailENVDEF, DSASL2.APPENDDEFconfsendmailLIBS, lsasl.In the sendmail directory, build the source.NOTE If this is not the first build in this directory tree, and you have.Site.Build c to clear the.This may be the case if you forgot the.Change to the cfcf directory.Copy generic linux.Next, tailor it as explained in cfREADME.Example sendmail.Copyright c 1.Sendmail, Inc. and its suppliers.All rights reserved.Copyright c 1.Eric P. Allman. All rights reserved.Copyright c 1.The Regents of the University of California.All rights reserved.By using this file, you agree to the terms and conditions set.LICENSE file which can be found at the top level of.VERSIONIDId generic linux.Exp.OSTYPElinuxdnl.DOMAINgenericdnl.BADRCPTTHROTTLE, 3dnl.TOIDENT,0sdnl.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |