RedHat Enterprise Linux Server 4.2 by fandy
出处:fandy 作者:fandy 时间:2007-3-14 19:30:19
作者:Fandy
电子邮箱:cbbc@163.com、cbbc@avl.com.cnQQ号码:332018422
建立日期:2006年01月16日,最后修改日期:2006年02月20日
版权说明:本文章的内容归作者版权所有,同时也接受大家的转贴,但一定要保存作者信息和出处,多谢!
因为软件版权和费用的问题,一值是公司凝难问题(我们是一家中小型企业,没有那么多钱来投资和购买软件license费用)。经过公司高层领导的决定,公司准备将所有Microsoft服务器操作系统更改为RedHat Enterprise Server 4.2服务器操作系统!公司高层领导对新网络改造要求也不高就是可以共享上网和打印机、公司邮件和用户数据统一管理。
在网络配置过程中遇到了许多不明白的问题,好在有google.com这个好朋友和得到“Extmail、fjufirefox”等几位Linux前辈的指导,才可以顺利完成这一次网络改造任务,真的要好多谢几位前辈的帮助,多谢!
文章分为四大部分介绍实施情况:
第一部分:OpenLDAP主机安装RedHat Enterprise Linux Server 4.2系统过程;
第二部分:DNS + OpenLDAP + Samba(PDC)+ LDAP Browser/Editor系统安装和配置;
第三部分:Postfix + Dovecot + Antivir-Mailgate + MailScanner系统安装和配置;
第四部分:客户端Windows XP、Fedora加入Samba PDC和电子邮件正常收发;
Setp0、实现网络图:
Setp1、OpenLDAP主机安装RedHat Enterprise Linux Server 4.2操作系统截图:
磁盘配置:
设备 类型 大小
/ ext3 39911
swap 1024
网络基本配置:
etho IP/Gateway:192.168.1.254/255.255.255.0
主机名:ldap.easy.com
网关:192.168.1.1
主/次DNS:192.168.1.254/202.96.128.68
防火墙基本配置:
⊙ 无防火墙
⊙ 是否启用 SELinux:已禁用
安装方式的选项:
⊙ 定制要安装的软件包(C)
桌面选项:
(√) X窗口系统 (选取全部)
(√) GNOME桌面环境 (选取全部)
应用程序选项:
(√) 工程和科学 (选取默认)
(√) 图形化互联网 (选取默认)
(√) 基于文本的互联网 (选取默认)
(√) 办公/生产率 (选取默认)
服务器选项:
(√) 服务器配置工具 (选取全部)
(√) 万维网服务器 (选取全部)
(√) Windows文件服务器 (选取全部)
(√) DNS服务器 (选取全部)
开发选项:
(√) 开发工具 (选择全部)
系统选项:
(√) 管理工具 (选取默认)
(√) 打印支持 (选取默认)
杂项选项:
全部不要选择;
OpenLDAP + Samba所需要的全部软件包清单(包括:DNS、DB、OpenLDAP、Samba、Other):
bind-9.2.4-2.i386.rpm bind-chroot-9.2.4-2.i386.rpm
bind-devel-9.2.4-2.i386.rpm bind-libs-9.2.4-2.i386.rpm
bind-utils-9.2.4-2.i386.rpm
db4-4.2.52-7.1.i386.rpm db4-utils-4.2.52-7.1.i386.rpm
db4-devel-4.2.52-7.1.i386.rpm
openldap-2.2.13-3.i386.rpm openldap-clients-2.2.13-3.i386.rpm
openldap-devel-2.2.13-3.i386.rpm openldap-servers-2.2.13-3.i386.rpm
samba-3.0.10-1.4E.2.i386.rpm samba-client-3.0.10-1.4E.2.i386.rpm
samba-common-3.0.10-1.4E.2.i386.rpm samba-swat-3.0.10-1.4E.2.i386.rpm
smbldap-tools-0.9.1-1.2.el4.rf.noarch.rpm
perl-Crypt-SmbHash-0.02-1.2.el4.rf.noarch.rpm perl-Digest-SHA1-2.07-5.i386.rpm
perl-LDAP-0.31-5.noarch.rpm perl-XML-SAX-0.12-7.noarch.rpm
mod_authz_ldap-0.26-2.i386.rpm nss_ldap-226-6.i386.rpm
Setp2、DNS详细配置过程:
修改/var/named/chroot/etc/named.conf文件,添加以下内容如下:
详细内容:
zone "easy.com" { #正解
type master;
file "/var/named/easy.com.hosts";
};
zone "1.168.192.in-addr.arpa" { #反解
type master;
file "/var/named/192.168.1.rev";
};
在/var/named/chroot/var/named/目录建立正解easy.com.hosts文件,文件完整内容如下:
详细内容:
$ttl 38400
easy.com. IN SOA ldap.easy.com. fandy.easy.com. (
1137063120
10800
3600
604800
38400 )
easy.com. IN NS ldap.easy.com.
easy.com. IN A 192.168.1.254
ldap.easy.com IN A 192.168.1.254
mail.easy.com. IN A 192.168.1.253
mail.easy.com. IN MX 10 mail.easy.com
在/var/named/chroot/var/named/目录建立正解192.168.1.rev文件,文件完整内容如下::
详细内容:
$ttl 38400
1.168.192.in-addr.arpa. IN SOA mail.easy.com. fandy.easy.com. (
1137063268
10800
3600
604800
38400 )
1.168.192.in-addr.arpa. IN NS ldap.easy.com.
254.1.168.192.in-addr.arpa. IN PTR easy.com.
253.1.168.192.in-addr.arpa. IN PTR mail.easy.com.
254.1.168.192.in-addr.arpa. IN PTR ldap.easy.com.
Setp3、OpenLDAP的详细配置过程:
在配置OpenLDAP前,先复制samba.schema文件到/etc/openldap/schema/目录下(添加ldap所需要的samba认证的资料文件到schema目录):
详细操作:
# cp /usr/share/doc/samb-3.0.10/LDAP/samba.schema /etc/openldap/schema/
-----------------------------------------------------------------------------------------------------------------------
说明:请一定要复制samba.schema文件到/etc/openldap/schema目录下, 否则在启动ldap时会出现以下的错误提示信息:
# service ldap start
检查 的配置文件:slaptest: bad configuration file! [失败]
-----------------------------------------------------------------------------------------------------------------------
修改/etc/openldap/目录中的slapd.conf文件,主要说明修改的关键部分,详细内容如下:
详细配置内容:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
部分增加以下一行内容:
include /etc/openldap/schema/samba.schema
database ldbm(定义ldap的数据库类型)
更改为:
database bdb
suffix "dc=my-domain,dc=com" (定义ldap搜索的域后缀)
rootdn "cn=Manager,dc= my-domain,dc=com" (定义ldap的管理DN)
更改为:
suffix "dc=easy,dc=com"
rootdn "cn=Manager,dc=easy,dc=com"
# rootpw {crypt}ijFYNcSNctBYg (设置管理DN的密码)
更改为:
rootpw {SSHA}zW6nrZ8Muho9GOl/nAk3grt4Xqq0ZpJi
-----------------------------------------------------------------------------------------------------------------------
说明:DN管理者密码的制造过程:
# slappasswd -h {SSHA} -s jinbiao
{SSHA}zW6nrZ8Muho9GOl/nAk3grt4Xqq0ZpJi
-----------------------------------------------------------------------------------------------------------------------
继续slapd.conf文件内容:
详细配置内容:
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
更改为:
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to *
by * read
-----------------------------------------------------------------------------------------------------------------------
在slapd.conf文件最后部分添加的内容,作用为定义ldap的访问权限(注意书写的格式,因为作者就是因为这个问题浪费了不少的时间和感情啦!
-----------------------------------------------------------------------------------------------------------------------
修改/etc/openldap/ldap.conf文件内容,主要说明修改的关键部分:
详细配置内容:
BASE dc=example,dc=com (更改ldap搜索的域后缀)
更改为:
BASE dc=easy,dc=com
TLS_CACERTDIR /etc/openldap/cacerts(不使用TLS服务项目)
更改为:
# TLS_CACERTDIR /etc/openldap/cacerts
启动OpenLDAP服务器项目,详细操作如下:
详细操作:
# service ldap start
检查 slapd 的配置文件:config file testing succeeded
启动 slapd: [ 确定 ]
配置linux系统使用ldap进认证过程:
详细操作:
# setup
选择一种工具项目中选择:验证配置,然后按“运行工具”键;
用户信息项目中点选“缓存信息”、“使用LDAP”;
验证项目中点选“使用MD5口令”、“使用屏蔽口令”、“使用LDAP验证”;
然后按“下一步”键;
LDAP设置:
[ ] 使用TLS (不要点选);
服务器:127.0.0.1 (按默认地址)
基点 DN:dc=easy,dc=com (更改为:dc=easy,dc=com)
然后按“确定”键:
系统自动执行过程如下:
setsebool: SELinux is disabled.
停止 nscd: [ 失败 ]
启动 nscd: [ 确定 ]
执行后以上的操作后,将后回到“选择一种工具”介面,按“退出”键完成所有ldap进认证过程。
修改/etc/openldap/ldap.conf文件内容,主要说明修改的关键部分:
详细配置内容:
TLS_CACERTDIR /etc/openldap/cacerts
更改为:
# TLS_CACERTDIR /etc/openldap/cacerts
修改/etc/ ldap.conf文件内容,主要说明修改的关键部分:
详细配置内容:
#krb5_ccname FILE:/etc/.ldapcache
添加以下内容:
#krb5_ccname FILE:/etc/.ldapcache
nss_base_passwd ou=Users,dc=easy,dc=com?one
nss_base_passwd ou=Computers,dc=easy,dc=com?one
nss_base_shadow ou=Users,dc=easy,dc=com?one
nss_base_group ou=Groups,dc=easy,dc=com?one
TLS_CACERTDIR /etc/openldap/cacerts
更改为:
# TLS_CACERTDIR /etc/openldap/cacerts
重新启动OpenLDAP服务器项目,详细操作如下:
详细操作:
# service ldap restart
停止 slapd: [ 确定 ]
检查 slapd 的配置文件:config file testing succeeded
启动 slapd: [ 确定 ]
查看OpenLDAP服务器端口是否被监听,详细操作如下:
详细操作:
# netstat -an |grep 389
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN
tcp 0 0 :::389 :::* LISTEN
Samba的详细配置过程:
在配置smb.conf前,先备份原smb.conf文件:
详细操作:
# cp /etc/samba/smb.conf /etc/samba/backup_smb.conf
Samba的主要配置文件/etc/samba/smb.conf,其实系统中存有一个实际的例子配置文件可提供参考,只要更换成例子文件和按照自己的实际情况做一定的修改就可供使用:
详细操作:
# cp /usr/share/doc/smbldap-tools-0.9.1/smb.conf /etc/samba/
cp:是否覆盖‘/etc/samba/smb.conf’? y
修改/etc/samba/smb.conf文件,以下为完整文件的详细内容::
详细配置内容:
############################## Global parameters############################
[global]
workgroup = easy-pdc
netbios name = PDC
server string = Samba Server %v
log file = /var/log/samba/log.%m
security = user
encrypt passwords = Yes
obey pam restrictions = No
ldap passwd sync = Yes
log level = 3
syslog = 0
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = UTF-8
Unix charset = UTF-8
logon script = %U.bat
logon drive = H:
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
继续smb.conf文件内容:
详细配置内容:
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=easy,dc=com
ldap suffix = dc=easy,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap ssl = off
ldap delete dn = Yes
add user script = /sbin/smbldap-useradd -m "%u"
add machine script = /sbin/smbldap-useradd -t 0 -w "%u"
add group script = /sbin/smbldap-groupadd -p "%g"
add user to group script = /sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /sbin/smbldap-usermod -g '%g' '%u'
############################## Homes parameters ############################
[homes]
comment = repertoire de %U, %u
browseable = no
writeable = yes
read only = no
force create mode = 0700
create mode = 0700
force directory mode = 0700
directory mode = 700
############################# Netlogone parameters ##########################
[netlogon]
path = /home/netlogon/
browseable = No
read only = yes
############################# Public parameters ##########################
[public]
comment = Public Directory
path = /home/public/
browseable = No
writable = yes
guest ok = yes
create mask = 0777
-----------------------------------------------------------------------------------------------------------------------
特别提示:在网上有一些文章介绍可以实现自动创建计算机帐号的方法,不知道可否正常使用,小弟没有试过!
操作如下在smb.conf文件的[global]里加入以下内容(注:适合Samba 3.0版以上):
add machind script = /usr/sbin/useradd –d /dev/null –g 100 –s /bin/false –M %u
-----------------------------------------------------------------------------------------------------------------------
建立目录和更改目录属性操作:
详细操作:
# mkdir /home/netlogon
# mkdir /home/public
启动Samba服务项目:
详细操作:
# service smb start
启动 SMB 服务: [ 确定 ]
启动 NMB 服务: [ 确定 ]
添加Samba admin dn的ldap管理密码(注意密码要和您openldap的rootdn密码要一致啊):
详细操作:
# smbpasswd -w jinbiao
Setting stored password for "cn=Manager,dc=easy,dc=com" in secrets.tdb
使用testparm命令来测试Samba服务器是否正常启动:
详细操作:
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[public]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
Sambldap的配置使用过程:
详细操作:
# cd /usr/share/doc/smbldap-tools-0.9.1/
# ./configure.pl
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
smbldap-tools script configuration
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Before starting, check
. if your samba controller is up and running.
. if the domain SID is defined (you can get it with the 'net getlocalsid')
. you can leave the configuration using the Crtl-c key combination
. empty value can be set with the "." character
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Looking for configuration files...
Samba Configuration File Path [/etc/samba/smb.conf] >
The default directory in which the smbldap configuration files are stored is shown.
If you need to change this, enter the full directory path, then press enter to continue.
Smbldap-tools Configuration Directory Path [/etc/smbldap-tools/] >
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Let's start configuring the smbldap-tools scripts ...
. workgroup name: name of the domain Samba act as a PDC
workgroup name [easy-pdc] >
. netbios name: netbios name of the samba controler
netbios name [PDC] >
. logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:'
logon drive [H:] >
. logon home: home directory location (for Win95/98 or NT Workstation).
(use %U as username) Ex:'\\PDC\%U'
logon home (press the "." character if you don't want homeDirectory) [\\PDC\%U] >
. logon path: directory where roaming profiles are stored. Ex:'\\PDC\profiles\%U'
logon path (press the "." character if you don't want roaming profile) [\\PDC\profiles\%U] > . (输入“.”)
. home directory prefix (use %U as username) [/home/%U] >
. default users' homeDirectory mode [700] >
. default user netlogon script (use %U as username) [%U.bat] >
default password validation time (time in days) [45] >
. ldap suffix [dc=easy,dc=com] >
. ldap group suffix [ou=Groups] >
. ldap user suffix [ou=Users] >
继续smb.conf文件内容:
详细配置内容:
. ldap machine suffix [ou=Computers] >
. Idmap suffix [ou=Idmap] >
. sambaUnixIdPooldn: object where you want to store the next uidNumber
and gidNumber available for new users and groups
sambaUnixIdPooldn object (relative to ${suffix}) [sambaDomainName=easy-pdc] >
. ldap master server: IP adress or DNS name of the master (writable) ldap server
ldap master server [127.0.0.1] >
. ldap master port [389] >
. ldap master bind dn [cn=Manager,dc=easy,dc=com] >
. ldap master bind password [] > jinbiao (Samba admin dn的ldap管理密码)
. ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master one
ldap slave server [127.0.0.1] >
. ldap slave port [389] >
. ldap slave bind dn [cn=Manager,dc=easy,dc=com] >
. ldap slave bind password [] > jinbiao (Samba admin dn的ldap管理密码)
. ldap tls support (1/0) [0] >
. SID for domain easy-pdc: SID of the domain (can be obtained with 'net getlocalsid PDC')
SID for domain easy-pdc [S-1-5-21-2425048407-535062381-2029233160] >
. unix password encryption: encryption used for unix passwords
unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) [SSHA] >
. default user gidNumber [513] >
. default computer gidNumber [515] >
. default login shell [/bin/bash] >
. default skeleton directory [/etc/skel] >
. default domain name to append to mail adress [] > easy.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
backup old configuration files:
/etc/smbldap-tools/smbldap.conf->/etc/smbldap-tools/smbldap.conf.old
/etc/smbldap-tools/smbldap_bind.conf->/etc/smbldap-tools/smbldap_bind.conf.old
writing new configuration file:
/etc/smbldap-tools/smbldap.conf done.
/etc/smbldap-tools/smbldap_bind.conf done.
-----------------------------------------------------------------------------------------------------------------------
重点说明:检查/etc/smbldap-tools/目录内的smbldap_bind.conf文件以下内容要一致:
slaveDN=″cn=Manager,dc=easy,dc=com″
slavePW =″jinbiao″
masterDN=″cn=Manager,dc=easy,dc=com″
masterPW “jinbiao”
-----------------------------------------------------------------------------------------------------------------------
使用smbldap-populate命令初始化用户服务数据库:
详细操作:
# smbldap-populate
Populating LDAP directory for domain easy-pdc (S-1-5-21-810223790-3119279897-2165375470)
(using builtin directory structure)
adding new entry: dc=easy,dc=com
adding new entry: ou=Users,dc=easy,dc=com
adding new entry: ou=Groups,dc=easy,dc=com
adding new entry: ou=Computers,dc=easy,dc=com
adding new entry: ou=Idmap,dc=easy,dc=com
adding new entry: uid=root,ou=Users,dc=easy,dc=com
adding new entry: uid=nobody,ou=Users,dc=easy,dc=com
adding new entry: cn=Domain Admins,ou=Groups,dc=easy,dc=com
adding new entry: cn=Domain Users,ou=Groups,dc=easy,dc=com
adding new entry: cn=Domain Guests,ou=Groups,dc=easy,dc=com
adding new entry: cn=Domain Computers,ou=Groups,dc=easy,dc=com
adding new entry: cn=Administrators,ou=Groups,dc=easy,dc=com
adding new entry: cn=Account Operators,ou=Groups,dc=easy,dc=com
adding new entry: cn=Print Operators,ou=Groups,dc=easy,dc=com
adding new entry: cn=Backup Operators,ou=Groups,dc=easy,dc=com
adding new entry: cn=Replicators,ou=Groups,dc=easy,dc=com
adding new entry: sambaDomainName=easy-pdc,dc=easy,dc=com
Please provide a password for the domain root:
Changing password for root
New password : jinbiao (admin的ldap管理密码)
Retype new password : jinbiao (admin的ldap管理密码)
查看Samba的SID编号:
详细操作:
# net getlocalsid
SID for domain EASY-PDC is: S-1-5-21-810223790-3119279897-2165375470
为Samba添加用户和计算机名:
详细操作:
# smbldap-useradd -a user1 (添加一个samba帐号)
# smbldap-useradd -a -m user2 (添加一个samba帐号并创建主目录)
# smbldap-useradd -m user3 (添加一个系统用户帐号并创建主目录)
# smbldap-useradd -w winxp$ (添加一个域计算机帐号)
更改user2帐号的密码:
详细操作:
# smbldap-passwd user2
Changing password for user2
New password : 123456 (用户密码)
Retype new password : 123456 (确认用户密码)
添加user2帐号的信息:
详细操作:
# smbldap-userinfo user2
Changing the user information for user2
Enter the new value, or press ENTER for the default
User Shell [/bin/bash]: /bin/sh
Full Name [System User]: fan jin biao
Room Number []: 4873
Work Phone []: 013060677004
Home Phone []: 82-020-84680605
Other []: ha ha!
LDAP updated
查看user2帐号的信息:
详细操作:
# smbldap-usershow user2
dn: uid=user2,ou=Users,dc=easy,dc=com
objectClass: top,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount
uid: user2
uidNumber: 1000
gidNumber: 513
homeDirectory: /home/user2
description: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: System User
sambaSID: S-1-5-21-2547670411-3484865238-2904186615-3000
sambaPrimaryGroupSID: S-1-5-21-2547670411-3484865238-2904186615-513
sambaLogonScript: user2.bat
sambaHomePath: \\PDC\user2
sambaHomeDrive: H:
sambaLMPassword: 15881AE64C222524AAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: D577561A7CF0233733F6EA39BB596996
sambaPwdLastSet: 1138015107
sambaPwdMustChange: 1141903107
userPassword: {SSHA}lSYoTrxEsxdfnMgCmxT8d72xKgdUZTVV
gecos: fan jin biao,4873,013060677004,82-020-84680605,ha ha!
cn: fan jin biao
sn: biao
givenName: fan jin
roomNumber: 4873
telephoneNumber: 013060677004
homePhone: 82-020-84680605
loginShell: /bin/sh
Samba用户登陆调试说明:
使用user2帐号登陆PDC服务器:
详细操作:
# smbclient -L 192.168.1.254 -U user2
Password:
Domain=[EASY-PDC] OS=[Unix] Server=[Samba 3.0.10-1.4E.2]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server 3.0.10-1.4E.2)
ADMIN$ IPC IPC Service (Samba Server 3.0.10-1.4E.2)
user2 Disk repertoire de user2, user2
Domain=[EASY-PDC] OS=[Unix] Server=[Samba 3.0.10-1.4E.2]
Server Comment
--------- -------
PDC Samba Server 3.0.10-1.4E.2
Workgroup Master
--------- -------
EASY-PDC PDC
用ssh测试smbldap添加的用户是否正确:
详细操作:
# ssh user2@192.168.1.254
The authenticity of host '192.168.1.254 (192.168.1.254)' can't be established.
RSA key fingerprint is 37:32:c7:3f:b6:8c:d2:a6:be:8c:44:05:4c:5c:92:ed.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.254' (RSA) to the list of known hosts.
user2@192.168.1.254's password:
-sh-3.00$ id (输入id,然后按回车键,查看自己的uid、gid、groups等信息)
uid=1000(user2) gid=513(Domain Users) groups=513(Domain Users)
-sh-3.00$ exit (输入exit,离开本次登陆)
logout
Connection to 192.168.1.254 closed.
再次查看OpenLDAP服务器端口是否被监听,详细操作如下:
详细操作:
# netstat -an |grep 389
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:32805 127.0.0.1:389 ESTABLISHED
tcp 0 0 127.0.0.1:32811 127.0.0.1:389 TIME_WAIT
tcp 0 0 127.0.0.1:389 127.0.0.1:32805 ESTABLISHED
tcp 0 0 :::389 :::* LISTEN
Samba域建立Windows用户登陆logon文件(本例为建立user2用户的user2.bat文件):
使用“文本编辑器”在/home/netlogon/目录新建user2.tmp文件,完整内容如下:
详细内容:
net time \\PDC /set /yes (客户端与服务器的时间同步)
net use T: \\PDC\public (设定public目录为T:盘)
将tmp文件转换成bat文件(因操作系统文件格式的不同,所以要进行一些特殊的转换工作):
详细内容:
# cat -A user2.tmp | tr ‘$’ ‘\r’ > user2.bat
查看user2.bat文件转换结果:
详细内容:
# cat -A user2.bat
net time \\PDC /set /yes^M$
net use T: \\PDC\public^M$
Setp4、使用Clamav + Samba-Vscan查杀Samba服务器内设定的共享文件夹内容:
软件包格式:clamav-db-0.86.2-1.2.el4.rf.i386.rpm
clamav-0.86.2-1.2.el4.rf.i386.rpm
clamav-devel-0.86.2-1.2.el4.rf.i386.rpm
clamd-0.86.2-1.2.el4.rf.i386.rpm
clamav-milter-0.86.2-1.2.el4.rf.i386.rpm
软件包的大小分别为(KB):2385KB、602KB、153KB、58KB 、66KB
下载地址:http://dries.studentenweb.org/rpm/packages/clamav/info.html软件包格式: samba-vscan-clamav-0.3.6-1.i386.rpm
软件包的大小(KB):56KB
下载地址:http://crash-hat.sd2.mirrors.redwire.net/crash-hat/3/samba-vscan/安装Clamav软件包:
详细操作:
# clamav-db-0.86.2-1.2.el4.rf.i386.rpm
warning: clamav-db-0.86.2-1.2.el4.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 1aa78495
Preparing... ########################################### [100%]
1:clamav-db ########################################### [100%]
# clamav-0.86.2-1.2.el4.rf.i386.rpm
warning: clamav-0.86.2-1.2.el4.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 1aa78495
Preparing... ########################################### [100%]
1:clamav ########################################### [100%]
# clamav-devel-0.86.2-1.2.el4.rf.i386.rpm
warning: clamd-0.86.2-1.2.el4.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 1aa78495
Preparing... ########################################### [100%]
1:clamd ########################################### [100%]
# clamd-0.86.2-1.2.el4.rf.i386.rpm
warning: clamav-devel-0.86.2-1.2.el4.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 1aa78495
Preparing... ########################################### [100%]
1:clamav-devel ########################################### [100%]
# clamav-milter-0.86.2-1.2.el4.rf.i386.rpm
warning: clamav-milter-0.86.2-1.2.el4.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 1aa78495
Preparing... ########################################### [100%]
1:clamav-milter ########################################### [100%]
-----------------------------------------------------------------------------------------------------------------------
特别提示:请严格按照以上的安装顺序来安装Clamav软件包,否则出现安装不成功的情况!
-----------------------------------------------------------------------------------------------------------------------
安装Samba-Vscan软件包:
详细操作:
# samba-vscan-clamav-0.3.6-1.i386.rpm
warning: samba-vscan-clamav-0.3.6-1.i386.rpm: V3 DSA signature: NOKEY, key ID 6cdf2cc1
Preparing... ########################################### [100%]
1:samba-vscan-clamav ########################################### [100%]
升级病毒库文件:
详细操作:
# freshclam –verbose
Current working dir is /var/clamav
Max retries == 3
ClamAV update process started at Fri Jan 27 17:37:45 2006
Querying current.cvd.clamav.net
TTL: 900
Software version from DNS: 0.88
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.86.2 Recommended version: 0.88
DON'T PANIC! Read http://www.clamav.net/faq.htmlmain.cvd version from DNS: 35
Retrieving http://db.cn.clamav.net/main.cvdDownloading main.cvd
main.cvd updated (version: 35, sigs: 41649, f-level: 6, builder: tkojm)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 5, recommended = 6
DON'T PANIC! Read http://www.clamav.net/faq.html
daily.cvd version from DNS: 1252
Retrieving http://db.cn.clamav.net/daily.cvd
Downloading daily.cvd
daily.cvd updated (version: 1252, sigs: 1513, f-level: 7, builder: diego)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 5, recommended = 7
DON'T PANIC! Read http://www.clamav.net/faq.html
Database updated (43162 signatures) from db.cn.clamav.net (IP: 221.6.197.162)
ERROR: Clamd was NOT notified: Can't connect to clamd on 127.0.0.1:3310
connect(): Connection refused
Freeing option list...done
修改/etc/samba/目录中的smb.conf文件中[global]配置部分加入以下内容,完整内容如下:
详细操作:
############################## Global parameters############################
[global]
workgroup = easy-pdc
netbios name = PDC
server string = Samba Server %v
log file = /var/log/samba/log.%m
security = user
encrypt passwords = Yes
obey pam restrictions = No
ldap passwd sync = Yes
log level = 3
syslog = 0
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = UTF-8
Unix charset = UTF-8
logon script = %U.bat
logon drive = H:
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=easy,dc=com
ldap suffix = dc=easy,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap ssl = off
ldap delete dn = Yes
add user script = /sbin/smbldap-useradd -m "%u"
add machine script = /sbin/smbldap-useradd -t 0 -w "%u"
add group script = /sbin/smbldap-groupadd -p "%g"
add user to group script = /sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /sbin/smbldap-usermod -g '%g' '%u'
vfs object = vscan-clamav
vscan-oav: config-file = /etc/samba/vscan-clamav.conf
修改修改/etc/samba/目录中的vscan-clamav.conf文件,主要说明修改的关键部分,详细内容如下:
详细操作:
infected file action = nothing (当找到感染的档案是否发出”警告popup 窗口”给windows)
更改为:
infected file action = quarantine
修改修改/etc/目录中的clamd.conf文件,主要说明修改的关键部分,详细内容如下:
详细操作:
TCPSocket 3310 (取消TCPSocket 3310)
更改为:
#TCPSocket 3310
#LocalSocket /var/run/clamav/clamd.sock (clamd socket的位置)
更改为:
LocalSocket /var/run/clamav/clamd.sock
User clamav (更改操作用户帐号)
更改为:
User root
重新启动Samba服务项目:
详细操作:
# service smb restart
关闭 SMB 服务: [ 确定 ]
关闭 NMB 服务: [ 确定 ]
启动 SMB 服务: [ 确定 ]
启动 NMB 服务: [ 确定 ]
启动Samba服务项目:
详细操作:
# service clamd start
Starting Clam AntiVirus Daemon [ 确定 ]
如果看到以下的讯息表现已经成功:
详细操作:
# tail /var/log/messages
Jan 27 17:56:10 ldap clamd[3218]: HTML support enabled.
Jan 27 17:56:10 ldap clamd[3218]: Self checking every 1800 seconds.
Jan 27 17:56:26 ldap smbd_vscan-clamav[3209]: samba-vscan (vscan-clamav 0.3.6) connected (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org
Jan 27 17:56:26 ldap smbd_vscan-clamav[3209]: INFO: connect to service IPC$ by user nobody
Jan 27 17:56:26 ldap smbd_vscan-clamav[3209]: INFO: disconnected
Jan 27 17:56:26 ldap smbd_vscan-clamav[3209]: samba-vscan (vscan-clamav 0.3.6) connected (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org
Jan 27 17:56:26 ldap smbd_vscan-clamav[3209]: INFO: connect to service IPC$ by user user2
Jan 27 17:56:26 ldap smbd_vscan-clamav[3209]: samba-vscan (vscan-clamav 0.3.6) connected (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org
Jan 27 17:56:26 ldap smbd_vscan-clamav[3209]: INFO: connect to service IPC$ by user nobody
Jan 27 17:56:37 ldap smbd_vscan-clamav[3209]: INFO: disconnected
Setp5、为系统增加(五笔和拼音等)Fcitx中文输入法:
软件包格式:fcitx-3.0.2-1.i386.rpm
软件包的大小(KB):45858KB
下载地址:http://www.fcitx.org/main/?q=node/9
安装Fcitx软件包前,检查和删除系统原有的输入法,详细操作如下:
-----------------------------------------------------------------------------------------------------------------------
特别提示:在安装fcitx-3.0.2-1.i386.rpm之前,请先执行以下的操作(一定要做啊!因为非常重要的啊(^_^)):
-----------------------------------------------------------------------------------------------------------------------
详细操作:
# service iiim status (查找iiim输入法服务是否在运行)
htt (pid 2126) 正在运行...
# service iiim stop (停止iiim服务)
正在停止 IIIMF 输入法服务器: [ 确定 ]
# chkconfig –del iiim (禁止iiim服务自动运行)
-----------------------------------------------------------------------------------------------------------------------
特别提示:特别说明:禁止iiim服务自动运行的方法有两种,第一种方法就是使用命令方式如上,另一种的方法就是使用来实现(本人也是使用这种方法的啊!):
点击“任务栏” → “系统配置” → “服务器配置” → “服务”,取消iiim项目
前的“√”,结果以下图:
点出工具栏图标按键“保存(S)”,结果以下图:
-----------------------------------------------------------------------------------------------------------------------
详细操作:
# rpm -e miniChinput (删除系统原有的miniChinput软件包)
# rpm –e xcin (删除系统原有的xcin软件包)
现在正式开始安装citx-3.0.0-1输入法,请注意啦(记住要输入后面的参数):
详细操作:
# rpm -ivh fcitx-3.0.2-1.i386.rpm --nodeps --force (输入法的安装)
Preparing... ############################### [100%]
1:fcitx ############################# [100%]
进行用户环境的相关配置:
修改.bashrc文件 (是隐藏文件,所以前面有一个“.”):
详细内容:
# vi ~/.bashrc (使用VI命令编辑.bashrc,在这个文件最后面加上)
export LC_ALL=zh_CN.UTF-8
export LANG=zh_CN.UTF-8
export XMODIFIERS="@im=fcitx"
在/etc/X11/xinit/xinput.d/目录中新建一个名为fcitx的文件,输入如下内容:
详细内容:
XMODIFIERS="@im=fcitx"
XIM=fcitx
XIM_PROGRAM=fcitx
用文本编辑器打开/etc/alternatives/xinput-zh_CN把它的内容也修改为:
详细内容:
XMODIFIERS="@im=fcitx"
XIM=fcitx
XIM_PROGRAM=fcitx
完成用户环境的相关配置后,重新启动操作系统:
详细操作:
# reboot
-----------------------------------------------------------------------------------------------------------------------
特别提示:如果此时不能输入中文或不能启动输入法,则执行下列命令:
# rm ~root/.fcitx –rf
然后重新启动操作系统:
# reboot
-----------------------------------------------------------------------------------------------------------------------
Setp6、使用LDAP Browser/Editor客户端来管理OpenLdap中的资料:
-----------------------------------------------------------------------------------------------------------------------
特别提示:LDAP Browser/Editor软件,需要在jdk 环境下才能执行。所以要安装jdk-1.5.0_04软件包才可以使LDAP Browser/Editor软件正常工作!
-----------------------------------------------------------------------------------------------------------------------
软件包格式:jdk-1_5_0_04-linux-i586-rpm.bin
软件包的大小(KB):45858KB
下载地址:http://ftp.isu.edu.tw/pub/Sun/java/J2SE/5.0_04/linux32/
软件包格式:Browser282b2.tar.gz
软件包的大小(KB):637KB
下载地址:http://www.iit.edu/~gawojar/ldap/
安装LDAP Browser/Editor前,请先安装jdk软件包:
详细操作:
# chmod 755 jdk-1_5_0_04-linux-i586-rpm.bin(更改文件的执行权限)
# ./jdk-1_5_0_04-linux-i586-rpm.bin(编译文件,查看版权说明过程)
# rpm -ivh jdk-1_5_0_04-linux-i586.rpm(开始安装文件)
Preparing... ############################################ [100%]
package jdk-1.5.0_04-fcs is already installed
修改/etc/目录中的profile文件(在profile文件的最后面加入以下的信息):
详细内容:
JAVA_HOME=/usr/java/jdk1.5.0_04
PATH=$JAVA_HOME/bin:$PATH
CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export JAVA_HOME,PATH,CLASSPATH
修改完/etc/目录中的profile文件后,重新启动RedHat Enterprise Linux Server 4.2操作系统:
详细操作:
# reboot
LDAP Browser/Editor软件包详细安装过程:
详细操作:
# tar -zxvf Browser282b2.tar.gz -C /root/
以下操作请回到桌面环境进行,点选任务栏中“应用程序” → “文件浏览器”;
进入Browser282b2应用程序的解压目录,“/root/ldapbrowser”→ 双击“lbe.sh”运行程序;
lbe.sh程序运行时,系统会出现一个提示 “运行还是显示”信息窗口内容如下:
可点选“在终端中运行(T)”或者“运行(R)”两按键中的其中之一;
接着出现“Connect” → “Edit”按键;
出现“Edit Session”信息窗口,点选“Name”选择框:
Name:Easy-PDC (随着输入一个名称)
点选“Connection”选择框:
Host:127.0.01 (输入ldap服务器的主机地址);
Port:389 (输入访问ldap服务器的端口);
Version:2 (选择ldap服务器的版本);
Base DN:dc=easy,dc=com (输入ldap服务器的DN地址:dc=easy,dc=com);
User DN:cn=Manager,dc=easy,dc=com (输入管理ldap服务器的用户名);
Password:jinbiao (输入管理ldap服务器的用户密码);
点击“Save”按键;
完成 “Edit Session”信息窗口相关内容修改后 → 重新回到“Connect”信息窗口 → 点击“Connect”按键;
在配置 “Edit Session”信息窗口相关内容时,没有发生什么修改错误的话。应就会跟小弟的系统一样出现以下成功登入信息窗口;
到这为止,就完成Browser282b2软件的所有配置工作!
Setp7、Postfix主机安装RedHat Enterprise Linux Server 4.2操作系统截图:
磁盘配置:
设备 类型 大小
/ ext3 39911
swap 1024
网络基本配置:
etho IP/Gateway:192.168.1.253/255.255.255.0
主机名:mail.easy.com
网关:192.168.1.1
主/次DNS:192.168.1.254/192.168.1.253/202.96.128.68
防火墙基本配置:
⊙ 无防火墙
⊙ 是否启用 SELinux:已禁用
安装方式的选项:
⊙ 定制要安装的软件包(C)
桌面选项:
(√) X窗口系统 (选取全部)
(√) GNOME桌面环境 (选取全部)
应用程序选项:
(√) 工程和科学 (选取默认)
(√) 图形化互联网 (选取默认)
(√) 基于文本的互联网 (选取默认)
(√) 办公/生产率 (选取默认)
服务器选项:
(√) 服务器配置工具 (选取全部)
(√) 万维网服务器 (选取全部)
(√) 邮件服务器(自行选全部)
(√) Windows文件服务器 (选取全部)
(√) SQL数据库 (选取全部)
邮件服务器的细节选项:
(√) perl-Cyrus - Cyrus IMAP server utility Perl modules.
(√) spamassassin - Spam filter for email which can be invoked from mail delivery age...
开发选项:
(√) 开发工具 (选择全部)
系统选项:
(√) 管理工具 (选取默认)
(√) 打印支持 (选取默认)
杂项选项:
全部不要选择;
Step8、Postfix软件包安装和配置过程:
软件包格式:postfix-2.2.5-1.mysql.sasl2.vda.rhel4.i386.rpm
特别说明:本软件包默认以支持MySQL、SASL、VDA、TLS等功能;
软件包的大小(KB):3408KB
下载地址:http://www.proficuous.com/postfix/4/postfix_2.2/5/index_4_2.2.5.html
软件包格式: dovecot-0.99.14-1.2.el4.rf.i386.rpm
软件包的大小(KB):604KB
下载地址:http://distro.ibiblio.org/pub/linux/distributions/e-smith/devel/repo/RPMS/
-----------------------------------------------------------------------------------------------------------------------
特别提示:SASL所提供的密码认证方式共分为四种:
PAM :使用系统的 pam 模块做为认证,在Redhat上可使用此方式 ;
shadow :利用系统的 /etc/shadow 文件做为其身份认证的方式。但也因此则需要修改 /etc/shadow 档的存取权限,需改为 644,安全性有较大问题;
pwcheck :方式同 shadow 认证,但不须修改 /etc/shadow 档的存取权限,而须在每次开机时执行 pwcheck 。您也可在 /etc/rc.d/rc.local 档中加入执行叙述,适用于FreeBSD;
sasldb :SASL本身自带的认证方法,是使用 sasl 数据库来存放使用者的账号与密码,使用指令 saslpasswd 来新增或修改使用者账号与密码;
saslpasswd -c -u 11way.com dandy //新增sasl用户
sasldblistusers //list sasl用户
-----------------------------------------------------------------------------------------------------------------------
安装Dovecot软件包安装过程如下(注:也可以使用系统自带软件,看个人喜欢啦(^_^)):
详细操作:
# rpm -ivh dovecot-0.99.14-1.2.el4.rf.i386.rpm (安装Dovecot软件包)
安装Postfix前,请先删除系统安装时所自带的Sendmail软件包:
详细操作:
# service sendmail stop (停止sendmail系统的运行)
# rpm -e sendmail --nodeps (从操作系统中删除sendmail软件包)
Postfix软件包详细安装过程:
详细操作:
# rpm -ivh postfix-2.2.5-1.mysql.sasl2.vda.rhel4.i386.rpm (安装postfix软件包)
Preparing... ########################################### [100%]
1:postfix ########################################### [100%]
修改/etc/目录中的dovecont.conf文件,让Dovecot服务器它支持imap imap3 pop3 pop3s等功能:
详细内容:
#protocols = imap imap3(启动imap imap3 pop3 pop3s功能)
更改为:
protocols = imap imap3 pop3 pop3s
auth_passdb = pam (使用密码认证方式)
更改为:
auth_passdb = shadow
启动Dovecot服务器:
详细操作:
# service dovecot start(启动dovecot服务)
启动 Dovecot Imap: [ 确定 ]
检查Dovecot服务器是否正常启动:
详细操作:
# telnet mail.easy.com 110 (测试110端口)
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK dovecot ready.
quit
+OK Logging out
Connection closed by foreign host.
修改/etc/postfix目录中的main.conf文件,让Postfix服务器可以正常运行:
详细内容:
#myhostname = host.domain.tld (指定运行Postfix邮件系统的主机名称)
更改为:
myhostname = mail.easy.com
#mydomain = domain.tld (指定Postfix邮件系统使用的域名比例:easy.com)
更改为:
mydomain = easy.com
#myorigin = $mydomain (指定发件人所在的域名比例:easy.com)
更改为:
myorigin = easy.com
#inet_interfaces = all (指定Postfix邮件系统监视的网络接口)
更改为:
Inet_interfaces =all
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, ail.$mydomain,
http://www.$mydomain/, ftp.$mydomain (指定Postfix接收邮件时收件人的域名)
更改为:
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, http://www.$mydomain/,ftp.$mydomain
#mynetworks = host (指定您所在的网络地址)
更改为:
mynetworks = host
#################### 增加限制用户发送电子邮的权限 #####################
smtpd_restriction_classes = local_only
local_only = check_recipient_access hash:/etc/postfix/local_domains, reject
smtpd_recipient_restrictions = check_sender_acc, ess hash:/etc/postfix/local_senders
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname
-----------------------------------------------------------------------------------------------------------------------
特别提示:注意smtpd_recipient_restrictions =这一项的书写格式,就是它而令我身体死着不知道多少个细胞,它伤害了我。请大家一定要注意书写格式啊!!!
-----------------------------------------------------------------------------------------------------------------------
在/etc/postfix/目录下建立local_senders文件,内容如下:
详细内容:
fandy@easy.com local_only
在/etc/postfix/目录下建立local_domains文件,内容如下:
详细内容:
easy.com OK (fandy用户邮件可以发给所有@easy.com的用户)
mail.easy.com OK (fandy用户邮件可以发给所有@mail.easy.com的用户)
为local_senders、local_domains两个文件建立hash:
详细操作:
# postmap hash:/etc/postfix/local_senders
# postmap hash:/etc/postfix/local_domains
启动Postfix服务器:
详细操作:
# service postfix start(启动postfix服务)
Starting postfix: [ 确定 ]
检查Postfix服务器是否正常启动:
详细操作:
# telnet mail.easy.com 25 (测试25端口)
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.easy.com ESMTP Postfix
quit
221 Bye
Connection closed by foreign host.
F-Prot Antivirus软件包安装和配置过程:
软件包格式: fp-linux-ws.rpm
软件包的大小(KB):3970KB
下载地址:http://files.f-prot.com/files/linux-x86/fp-linux-ws.rpm
安装F-Prot Antivirus软件包前,请先启动SpamAssassin服务器:
详细操作:
# service spamassassin start (启动SpamAssassin服务器)
Starting spamd: [ 确定 ]
安装F-Prot Antivirus软件包安装过程如下:
详细操作:
# rpm -ivh fp-linux-ws.rpm (安装F-Prot Antivirus软件包)
Preparing... ########################################### [100%]
1:fp-linux-ws ########################################### [100%]
***************************************
* F-Prot Antivirus Updater *
***************************************
There's a new version of:
"Document/Office/Macro viruses" signatures on the web.
Starting to download...
Download completed.
There's a new version of:
"Application/Script viruses and Trojans" signatures on the web.
Starting to download...
Download completed.
Preparing to install Application/Script viruses and Trojans signatures.
Application/Script viruses and Trojans signatures have successfully been installed.
Preparing to install Document/Office/Macro viruses signatures.
Document/Office/Macro viruses signatures have successfully been installed.
***************************************
* Update completed successfully. *
***************************************
升级的F-Prot Antivirus病毒库的操作:
详细操作:
# cd /usr/local/f-prot/tools/
# ./check-updates.pl (升级命令)
***************************************
* F-Prot Antivirus Updater *
***************************************
Nothing to be done...
MailScanner软件包安装和配置过程:
软件包格式: MailScanner-4.50.5-1.rpm.tar.gz
软件包的大小(KB):4840KB
下载地址:http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
安装MailScanner软件包安装过程如下:
详细操作:
# mv MailScanner-4.50.5-1.rpm.tar.gz /tmp/source/ (移动文件到/tmp/source/目录中)
# cd /tmp/source/ (进入source目录中)
# tar -zxvf MailScanner-4.50.5-1.rpm.tar.gz (MailScanner解压过程)
# cd MailScanner-4.50.5-1 (进入MailScanner软件解压目录)
# ./install.sh (执行MailScanner软件的安装命令)
更改incoming、quarantine两个目录相关用户和组的使用权限:
详细操作:
# chown postfix.postfix /var/spool/MailScanner/incoming
# chown postfix.postfix /var/spool/MailScanner/quarantine
修改/etc/MailScanner/目录下的MailScanner.conf文件,修改详细内容以下:
详细内容:
Run As User =
Run As Group =
更改为:
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/mqueue.in
Outgoing Queue Dir = /var/spool/mqueue
更改为:
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = sendmail
更改为:
MTA = postfix
Virus Scanners = none
更改为:
Virus Scanners = f-prot
Always Include SpamAssassin Report = no
更改为:
Always Include SpamAssassin Report = yes
Use SpamAssassin = no
更改为:
Use SpamAssassin = yes
Required SpamAssassin Score = 6
更改为:
Required SpamAssassin Score = 4
SpamAssassin User State Dir =
更改为:
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Install Prefix =
更改为:
SpamAssassin Install Prefix = /usr/bin
SpamAssassin Local Rules Dir =
更改为:
SpamAssassin Local Rules Dir = /etc/MailScanner
修改/etc/postfix/目录下的header_checks文件,新增加以下一行内容到文件中,详细内容如下:
完整内容:
/^Received:/ HOLD
修改/etc/postfix/目录下的main.conf文件,详细内容如下:
完整内容:
#header_checks = regexp:/etc/postfix/header_checks
更改为:
header_checks = regexp:/etc/postfix/header_checks
停止Postfix服务器,因为启动MailScanner服务时会自动启动Postfix服务器:
详细操作:
# service postfix stop
Shutting down postifx: [ 确定 ]
启动MailScanner服务器和设置开机时自动启动:
详细操作:
# service MailScanner start
Starting MailScanner daemons:
incoming postfix: [ 确定 ]
outgoing postfix: [ 确定 ]
MailScanner: [ 确定 ]
# chkconfig --level 33 MailScanner on
测试结果:
从以下的网站下载一个测试病毒文件:
连接地址:http://www.eicar.org/anti_virus_test_file.htm
文件名称为:eicar.com
测试病毒文件的大小(Bytes):68 Bytes
编写一封测试邮件(附件中带上的eicar.com文件):
结果会收一封以下的警告邮件,议题内容以下:
详细内容:
{Virus?} testing……
邮件详细内容以下:
详细内容:
Warning: This message has had one or more attachments removed
Warning: (eicar.com).
Warning: Please read the "yoursite-Attachment-Warning.txt" attachment(s) for more information.
testing......
查看maillog日志,请确认日志中是否存在以下相近的信息:
详细内容:
Jan 8 12:11:08 mail MailScanner[9199]: Virus Scanning: F-Prot found virus EICAR_Test_File
Jan 8 12:11:08 mail MailScanner[9199]: Virus Scanning: F-Prot found 1 infections
Jan 8 12:11:08 mail MailScanner[9199]: Infected message E73EE13C07C.07685 came from
Jan 8 12:11:08 mail MailScanner[9199]: Virus Scanning: Found 1 viruses
Jan 8 12:11:09 mail MailScanner[9199]: Requeue: A9D6413C085.39DDE to 6414713C089
Jan 8 12:11:09 mail MailScanner[9199]: Uninfected: Delivered 1 messages
如出现以上的日志信息就代表您的F-Prot Antivirus + MailScanner-4.31.6-1架设已经成功啦,真的要恭喜您啦!
OpenWebmail软件包安装和配置过程:
安装Openwebmail所需其它软件包格式:perl-Text-Iconv-1.4-1.2.el4.rf.i386.rpm
perl-suidperl-5.8.5-12.1.1.i386.rpm
perl-Compress-Zlib-1.34-1.2.el4.rf.i386.rpm
perl-CGI-SpeedyCGI-2.22-1.2.el4.rf.i386.rpm
perl-5.8.5-12.1.i386.rpm
软件包的大小(KB):19KB、50KB、89KB、68KB、11186KB
下载地址:http://www.proficuous.com/postfix/4/postfix_2.2/5/index_4_2.2.5.html
软件包格式:openwebmail-2.51-1.i386.rpm
软件包的大小(KB):7527KB
下载地址:http://openwebmail.org/openwebmail/download/redhat/rpm/release
安装所需其它软件包过程:
详细操作:
# rpm -ivh perl-5.8.5-12.1.i386.rpm
# rpm -ivh perl-CGI-SpeedyCGI-2.22-1.2.el4.rf.i386.rpm
# rpm -ivh perl-Compress-Zlib-1.34-1.2.el4.rf.i386.rpm
# rpm -ivh perl-suidperl-5.8.5-12.1.1.i386.rpm
# rpm -ivh perl-Text-Iconv-1.4-1.2.el4.rf.i386.rpm
OpenWebmail软件包详细安装过程:
详细操作:
# rpm -ivh openwebmail-2.51-1.i386.rpm (安装openwebmail软件包)
warning: openwebmail-2.51-1.i386.rpm: V3 DSA signature: NOKEY, key ID cfb164d8
Preparing... ########################################### [100%]
1:postfix ########################################### [100%]
You may login with non-root account from
http://mail.easy.com/cgi-bin/openwebmail/openwebmail.pl
使用openwebmail-tool.pl命令来改变/etc/目录中的dbm.conf文件内容,详细操作如下:
详细操作:
# cd /var/www/cgi-bin/openwebmail/ (进行openwebmail程序目录)
# ./openwebmail-tool.pl --init (使用命令来改变dbm.conf文件内容)
Please change './etc/dbm.conf' from
dbm_ext .db
dbmopen_ext none
dbmopen_haslock no
to
dbm_ext .db
dbmopen_ext .db
dbmopen_haslock no
And execute './openwebmail-tool.pl --init' again!
ps: If you are running openwebmail in persistent mode,
don't forget to 'touch openwebmail*.pl', so speedycgi
will reload all scripts, modules and conf files in --init.
修改 /var/www/cgi-bin/openwebmail/etc/目录中的openwebmail.conf 文件,详细内容如下:
详细内容:
domainnames auto (更改为自己定义的域名)
更改为:
domainnames easy.com
default_language en (更改为简体中文版介面)
更改为:
default_language zh_CN.GB2312
default_iconset Cool3D.Englist (更改为中文3D按键)
更改为:
default_iconset Cool3D.Chinese.Simplified
修改/var/www/cgi-bin/openwebmail/etc/defaults/目录中的openwebmail.conf文件,详细内容如下:
详细内容:
smtpserver 127.0.0.1 (更改smtp服务器的地址)
更改为:
smtpserver 192.168.1.253
authpop3_server localhost (更改pop3服务器的地址)
更改为:
authpop3_server 192.168.1.253
修改/var/www/cgi-bin/openwebmail/etc/defaults/目录中的dbm.conf文件,详细内容如下:
详细内容:
dbmopen_ext none
更改为:
dbmopen_ext .db
dbmopen_haslock no
更改为:
dbmopen_haslock yes
smtpserver 192.168.1.253 (添加smtp服务器的地址)
继续使用openwebmail-tool.pl命令来改变/etc/目录中的dbm.conf文件内容,详细操作如下:
详细操作:
# cd /var/www/cgi-bin/openwebmail/ (进行openwebmail程序目录)
# ./openwebmail-tool.pl --init (使用命令来改变dbm.conf文件内容)
creating db /var/www/cgi-bin/openwebmail/etc/maps/b2g ...done.
creating db /var/www/cgi-bin/openwebmail/etc/maps/g2b ...done.
creating db /var/www/cgi-bin/openwebmail/etc/maps/lunar ...done.
Welcome to the Open WebMail!
This program is going to send a short message back to the developer,
so we could have the idea that who is installing and how many sites are
using this software, the content to be sent is:
OS: Linux 2.6.9-11.EL i686
Perl: 5.008005
WebMail: Open WebMail 2.51 20050228
Send the site report?(Y/n) y (输入y,然后按回车键)
sending report...
Thank you.
启动www服务器:
详细操作:
# service httpd start(启动http服务)
启动 httpd: [ 确定 ]
测试webmail方式收发电子邮件:
在Internet Explorer或者Mozilla Firefox等浏览器中输入以下地址:
地址:http://mail.easy.com/cgi-bin/openwebmail/openwebmail.pl
账号:fandy
密码:jinbiao
继续请单击“登录”按键;
用户登录过程如下(载入文件过程………):
正常登录后的主介面;
操作到这里用户就可以使用WEB方式来收发电子邮件和使用“通讯簿”、“网络磁盘”等功能了(如想更加详细的了解openwebmail软件的功能,请浏览http://openwebmail.org/网站)!
Setp9、Windows XP SP2英文版操作系统加入Samba域详细说明:
在Windows XP SP2加入SMB域之前,请先运行以下的两个注册文件:
A、 WinXP_PlainPassword.reg
B、 WinXP_SignOrSeal.reg
-----------------------------------------------------------------------------------------------------------------------
说明:WinXP_PlainPassword.reg、WinXP_SignOrSeal.reg这两个文件可以在/usr/share/doc/samba
-3.0.10/registry/目录查找到!
-----------------------------------------------------------------------------------------------------------------------
完成WinXP_PlainPassword.reg、WinXP_SignOrSeal.reg两个注册文件的安装工作后,点击“我的电脑” → “属性”,出现“系统属性”窗口;
点击“计算机名” → “网络标识” → “更改(C)...”;
出现“计算机名称更改”属性窗口:
“隶属于” → “域(D):” 输入easy-pdc;(sambaDomain Namep定义域名);
出现新的“计算机名更改”信息窗口;
请输入有加入该域权限的帐户的名称和密码:
用户名(U):root
密码(P):jinbiao
如果输入的“计算机名(C):”和“域(D):”正确,经过一小段时间就会出现“欢迎加入easy-pdc域”的信息窗口;
关闭“欢迎加入easy-pdc域”的信息窗口,按“确定”键,接着出现新的提示窗口“要使更改生效,必须重新启动计算机”信息窗口;
关闭“要使更改生效,必须重新启动计算机”信息窗口。回到“系统属性”窗口,按“确定”键,关闭“系统属性”窗口;
接着出现“系统设置改变”信息窗口,提示“必须重新启动计算机才能使新设置生效,想现在重新启动计算机吗?”,按“是(Y)”键,关闭“系统设置改变”信息窗口;
到这为止,就完成Windows XP SP2英文版操作系统加入Samba域的工作!
完成重新启动后,出现第一个信息“Welcome to Windows”窗口:
根据信息提示同时按“Ctrl” + “Alt” + “Delete”三个按键,出现“Log On to Windows” 窗口:
在“Log On to Windows” 窗口中点击“Options >>”按键;
现在可以试一下输入以下的用户信息登陆到Easy-PDC网域内:
User name:user2
Password:123456
Log on to:EASY-PDC
登陆操作系统后,桌面环境(一片空白);
在桌面内,按“Mouse”右键,“Properties”;
出现“Display Properties”窗口,点选“Themes” 标签栏;
“Themes”选择框选择“Windows XP”;
点选“Desktop” 标签栏;
点击“Customize Desktop…”按键,出现“Desktop Items”属性窗口;
“Desktop icons”选择栏中,点选:
⊙ My Documents
⊙ My Network Places
⊙ My Computer
⊙ Internet Explorer
点击“OK”按键,回到“Display Properties”窗口;
继续点击“Apply”、“OK”按键,更改主题过程;
完成更改主题后,出现我们熟识的Windows XP介面;
双击桌面中的“My Computer”;
打开“My Computer”后,查看一下是否出现以下的内容:
H:网络盘;
T:网络盘;
配置Outlook Express 6.0来收发电子邮件,详细操作如下:
点击工具栏“start” → “All Programs” → “Outlook Express”;
出现系统提示信息介面,继续安装请单击“Yes”按键;
Display name:user2
继续安装请单击“Next >”按键;
E-mail address:user2@easy.com
继续安装请单击“Next >”按键;
My incoming mail server is a “POP3” server. (选择邮件服务类型)
Incoming mail(POP3、IMAP or HTTP)server:(接收电子邮件的服务器地址)
192.168.1.253
Outgoing mail(SMTP)server:(发送电子邮件的服务器地址)
192.168.1.253
继续安装请单击“Next >”按键;
Account name:
user2
Password:
1234567
继续安装请单击“Next >”按键;
单击“Finish >”按键,完成“Internet Connection Wizard” 的配置信息;
到止Windows用户就可以正常使用Outlook Express程序,来收发电子邮件了!