[CentOS] web based mail packages for CentOS

James Marcinek jmarc1 at jemconsult.biz
Tue Aug 22 16:35:29 UTC 2006


Ed,

I tried creating an account last evening but never recieved a confirmation email. I do not see the Forest prep tool that they mention. Where is it located? I downloaded my open source distro and looked in the software folder and did not find it.

Thanks,

James
----- Original Message -----
From: Edward R. Bailey <ed at commercescience.com>
To: centos <centos at centos.org>
Sent: Tuesday, August 22, 2006 10:45:11 AM GMT-0500
Subject: RE: [CentOS] web based mail packages for CentOS

James, 

Looks like you have more then one problem here so I am going start with your AD/SSO integration issue - BTW - have you tried the Scalix Community forum at http://www.scalix.com/commnity? It offers an excellent source of help and many of the Scalix developers and support personal hang out there.

You do need to run Forest Prep in order to integrate Scalix into AD. For Scalix version 10.0.1 go to page 102 of the admin guide and start from there.
I am guessing you setup SSO and Kerberos without integrating AD first so Scalix is not recognizing any of your users.

Once you run though the AD integration steps you can get SSO to work. Below is a short version of the instructions that I used. The admin guide includes more detailed instructions. Let me know how it goes.

Ed

For SSO integration with AD - here are the instructions I used to get it working

SSO AD INSTRUCTIONS

Step 1. Make sure you have created Forward Lookup Zones for your domains and created Host records for all Scalix Servers in the appropriate Forward Lookup Zone.
Step 2. Under Forward Lookup Zones, select a Scalix Server Single Sign-on domain and go to Action > New Alias.
Step 3. Create a new Alias called “scalix-default-mail” in the Alias name field, and the fully qualified name of the Scalix Server with which you are using Single Signon in the Fully qualified name for target host field (for example, scalixserver.acme.net).
Step 4. Create reverse lookup zone for the Scalix server.
Step 5. Go to Active directory User and Computers and create a new OU and call it Scalix services.
Step 6. Select the Scalix service OU and Action > New > User.
Step 7. Create the user, enter “scalix-ual” in the first name field. You can also enter the name of the Single Sign-on Scalix Server in the Last Name field. This allows you to identify the keytabs you generate for multiple Scalix Servers. Click next and Enter and confirm a password for the user. Make sure that the password you enter is sufficiently complex and that;
User must change password at next logon field is not selected
User cannot change password field is not selected
Password never expires field is selected
Click next and clear the create an Exchange mailbox field, then click next and then click finish. The user has successfully been created for the Scalix UAL service.
Step 8. Generate a Kerberos keytab, enter:

ktpass –princ scalix-ual/scalixservername.domain at REALM –mapuser scalix-ual -pass password –out path\filename -kvno 3
For example: ktpass -princ scalix-ual/scalixserver.acme.net at ACME.NET -mapuser scalix-ual -pass password -out scalix-ual.keytab -kvno 3
Step 9. Copy the keytab to the home directory of the Single Sign on Scalix Server.

Step 10. Run the command. ommergekeys /path/filename.keytab Where /path is the location that you copied the keytab too.

Step 11. omkrbconf -r REALM -s servername.domain -d domain

-r specifies the realm that the Kerberos database controls. For example, if your domain name is acme.com, your realm is ACME or ACME.NET.

-s specifies the fully qualified host name of the Kerberos KDC machine. For Single Sign-on, the KDC is the Domain Controller with Active Directory installed.
Step 12. In order for Single Signon to work , the authentication ID for a scalix server mailbox must match the domain identity (Active Directory ID) for the user. For example, if jsmith at acme.net is the user logon ID for a user in AD then enter the following on the Scalix server:

ommodu –o jsmith -–authid jsmith at ACME.NET

Note: The realm MUST be in uppercase.
To view the user;
omshowu “Joe Smith/mailnode”

Step 13. Test out the connection.
Run the command ; kinit “your AD user ID” for example kinit jsmith @ACME.NET
You should be prompted for your AD password, enter it and it should just come back to you.
Step 14. Modify the /var/opt/scalix/sys/pam.d/ual.remote file. The only lines that are needed are these four;
auth required om_krb5 user_unknown=ignore
auth optional om_auth use_first_pass
account required om_auth
password required om_auth

Now save that file and now edit the pop3 file and make sure it has the same entries as the ual.remote.
Now save that po3 file and edit the omslapdeng file and make sure it has the same 4 entries.
Now save the omslapdeng file and edit the smtpd.auth file and make sure it has the same 4 entries.
Now save that file and we are done.

TESTING. You can now log onto scalix using your AD logon credentials.
Log into SWA via your AD id and AD password to test.
To Test Outlook, create a new profile and enter in the scalix-default-mail as the server and that should automatically finish.



-----Original Message-----
From: James Marcinek [mailto:jmarc1 at jemconsult.biz] 
Sent: Tuesday, August 22, 2006 10:19 AM
To: CentOS mailing list
Subject: Re: [CentOS] web based mail packages for CentOS

Ed,

I saw no activity though the sac queue (I kept refreshing) but no luck. 
I had created 2 users in SAC to hopefully catch all of the mail that I was no longer recieving while I was trying to get the kerberos going... 
I believe what could have been the cause is: 1 the post I read on setting this up wasn't correct or some part of the process was not the same 2) I configured scalix to authenticate against the kerberos. So when I tried to logon I kept getting rejected as password or userid not found 3) not understanding what I am getting -> do I have to create an account and 'tie' it to the kerberos?

The sendmail was rejecting to my userid even though the user existed on both the sac and AD, which supports my idea that it's not 'authenticating' with the AD server...

As I mentioned sendmail isn't my favorite but I did run for some time before moving to postfix. From what I've read scalix takes care of this. 
Are there any post install scalix scripts that I have to run?

I see that there is a component called Scalix ForestPrep. Is this included in the open source distro? I would prefer this if possible. A single sign on is ok if that's all I can get but having true integration with the directory server would be preferable as I would like to have a single entry for ease of admin.

Edward R. Bailey wrote:
> James,
> 
> When you say mail is not coming in do you mean that scalix is not accepting mail for your users? Did you provision your users in the Scalix SAC? What sort of error message is Scalix giving you when it rejects email? 
> 
> Also, sendmail is most likely not the issue as sendmail is only used to process outbound mail. Scalix has its own smtpd that handles processing inbound mail and relaying. Let me know if I can help.
> 
> Ed Bailey
> 
> -----Original Message-----
> From: James Marcinek [mailto:jmarc1 at jemconsult.biz]
> Sent: Tuesday, August 22, 2006 7:31 AM
> To: centos at centos.org
> Subject: Re: [CentOS] web based mail packages for CentOS
> 
> Easy for you to say! I was up late last night trying to figure out why no mail was coming in? I think it has to do with the kerberos integration with AD (which is what provides the single sign on).
> 
> I followed the directions and even saw users but for the life of me I could not logon to webmail?
> 
> Using the sxadmin I noticed that no mail was active at all in the queue? 
> Do you have any idea to what could be the cause?
> 
> All of the mail coming in was being flat out rejected. Was there some additional steps that had to be done on 'sendmail' I had not configured the sendmail.mc which I would have typically done to get a mail server running with sendmail.
> 
> I hate sendmail (though I have a big hefty sendmail book) and moved to postfix for the ease of admin...
> 
> Perhaps I do not understand what is going on with the imap service and 
> mta. I noticed that there is a modififed sendmail.cf that contains 
> information of scalix. This makes me think that scalix 'should' (key
> word) be setting up what it needs to. By default sendmail will only accept mail from localhost. Does scalix take care of this or is it one more thing that I have to do? The docs and knowledge base do not really talk about it, which makes me believe that this thing should be working out of the box.
> 
> I would like to give another shot (this time try it without the AD
> intergration) to see how it works.
> 
> Thanks,
> 
> James
> 
> 
> centos at 911networks.com wrote:
>> On Mon, 21 Aug 2006 15:58:15 -0400
>> James Marcinek <jmarc1 at jemconsult.biz> wrote:
>>
>>> Was it easy to install? I currently have postfix and cyrus-imapd 
>>> running but could make changes.
>> Extremely easy if you have the right RPM andright OS, just RH 
>> [CentOS] or SUSE. Disable your existing postfix..., they provide everything.
>>
>>> I just changed from a linux Samba DC to an Active Directory one to 
>>> change things up a bit. Does this Zimbra integrate with AD (or 
>>> vice-a-versa)?
>> No experience, my customers do not have ADs, but Zimbra claims easy 
>> integration. Take a look @
>> http://www.zimbra.com/forums/showthread.php?t=1614
>> and
>> http://www.google.ca/search?q=zimbra+active+directories
>>
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 

_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos




More information about the CentOS mailing list