Email system.

[Roger Oberholtzer]

On Fri, 2009-10-16 at 08:02 -0500, Michael Hipp wrote:

> Yes. But I don't think they're talking about any linux clients. Appears all 
> the talk is about Outlook and such. Sounds like a Windows shop.

Exactly. If they need access to shared storage or any thing on that
server, but from Windows, and without knowing it is a Linux box, their
AD credentials must be used. Any Linux-based service that you want to
offer to the unsuspecting Windows users should, if it is authenticates
via PAM, get AD authentication into the bargain. It is only things like
apache and .htaccess that have many hoops to jump through before AD can
be used. I have never really gotten that to work.

> Did a bit of googling and didn't realize before that dovecot (for example) can 
> readily authenticate against AD. So that should help. But getting the level of 
> integration they're expecting may not be easy (e.g. automatically setting up 
> email boxes on the linux server).

Does dovecot authenticate with PAM? If so, it should then be able to
authenticate against an AD.

I do caution that there is no replacement for actually trying these
things.

In all of this, the only thing I have not gotten sorted, using PAM/samba
to authenticate against an AD, is how to have a list of AD users who can
then go on to be authenticated against the AD. I wand a union of the AD
and my list to allow authentication. The local AD guys here do not do
groups. I don't want my services open to the whole 8000 in the company.
I don't have a problem maintaining a list of names...

-- 
Roger Oberholtzer

OPQ Systems / Ramböll RST

Ramböll Sverige AB
Krukmakargatan 21
P.O. Box 17009
SE-104 62 Stockholm, Sweden

Office: Int +46 8-615 60 20
Mobile: Int +46 70-815 1696