从exchange2003迁移到postfix文档
有没有介绍从exchange2000&2003 迁移到postfix的文档资料.包括用户密码,数据等每封邮件后面都有一个Open WebMail Project ([url]http://openwebmail.org[/url]) 标记;
怎样取消呀 [quote][b]下面是引用xiaoke于2006-12-14 16:52发表的从exchange2003迁移到postfix文档:[/b]
有没有介绍从exchange2000&2003 迁移到postfix的文档资料.包括用户密码,数据等
每封邮件后面都有一个Open WebMail Project ([url]http://openwebmail.org[/url]) 标记;
怎样取消呀[/quote]
1)这个可以参考fandy老大主页里有关的内容
2)看看ow的手册咯。。我也不懂哪里设置的 配置内容就可以设配啦! [quote][b]下面是引用fandy于2006-12-15 13:36发表的:[/b]
配置内容就可以设配啦![/quote]
大哥,什么意思呀 [quote][b]下面是引用xiaoke于2006-12-15 19:10发表的:[/b]
大哥,什么意思呀[/quote]
对不起, xiaoke兄弟,因为我没有把问题讲得清楚,请原谅!
用户进入Open WebMail系统后,点选”配置”按键后,就可以进行对内容(界面,语言,内容,字体.自己签名等)的设配啦! [quote][b]下面是引用fandy于2006-12-18 09:16发表的:[/b]
对不起, xiaoke兄弟,因为我没有把问题讲得清楚,请原谅!
用户进入Open WebMail系统后,点选”配置”按键后,就可以进行对内容(界面,语言,内容,字体.自己签名等)的设配啦![/quote]
是的,看起来这么简单的问题是我想复杂了;看来在问之前还是要多看看文档哦;我还以为需要更改代码的.
谢谢已经解决了. [quote][b]下面是引用fandy于2006-12-18 09:16发表的:[/b]
对不起, xiaoke兄弟,因为我没有把问题讲得清楚,请原谅!
用户进入Open WebMail系统后,点选”配置”按键后,就可以进行对内容(界面,语言,内容,字体.自己签名等)的设配啦![/quote]
是的,看起来这么简单的问题是我想复杂了;看来在问之前还是要多看看文档哦;我还以为需要更改代码的.
谢谢已经解决了. 不用,有问题还可以继续贴出来发问啊! [quote][b]下面是引用fandy于2006-12-19 17:02发表的:[/b]
不用,有问题还可以继续贴出来发问啊![/quote]
关于从windows迁移用户名和密码的一个文档资料.
Windows NT Password Dump Utility
--------------------------------
This handy utility dumps the password database of an NT machine that
is held in the NT registry (under
HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account\Users) into a valid
smbpasswd format file. This should be a help to Samba administrators
who have a master password database on a Windows NT machine and need
to keep this in sync with the smbpasswd file on their UNIX/Samba
server.
This utility dumps NT password entries in the format :
<user>:<id>:<lanman pw>:<NT pw>:comment:homedir:
Where <user> is the user-name on Windows NT, <id> is the Windows NT
RID (relative ID) - the last 32 bit component of the Windows NT users
SID, <lanman pw> is the users lanman password hash, <NT pw> is the
users Windows NT (md4) password hash - note that if the user has no
password these will be dumped as the string 'NO PASSWORD*****', if the
account is disabled or invalid these are dumped as 32 '*'
characters. The comment is a concatenation of the users full name on
Windows NT and the description field in the Windows NT user-manager
program. The homedir cannot contain ':' characters unfortunately, as
these are used as field separators in the smbpasswd file (as per
UNIX), all ':' characters after drive letters are dumped as '_'
characters.
How to use pwdump
-----------------
Only as a suggestion, I would recommend dumping your NT machines
account database and then creating regular UNIX users (in /etc/passwd)
with the same UNIX account numbers as their NT RID - this will make
replicating the smbpasswd file much easier later on. These /etc/passwd
accounts may have disabled password entries, prohibiting the NT users
from logging onto the UNIX box via telnet (this is similar to removing
the 'log on locally' right on an NT server). This will not prohibit
them from using the Samba box as a server via Samba though. The
created smbpasswd file may then be copied to the
$SAMBA/private/smbpasswd file (where $SAMBA is the base directory you
installed Samba into). If Samba is set up for user level security and
encrypted passwords (set :
security = user encrypted passwords = yes
in your smb.conf file) then Windows NT / 95 users who have logged on
to the NT domain will be able to transparently access the resources on
the Samba box as their correct UNIX user id's (the ones you originally
created). You can then set up a 'AT' job on your NT server to
periodically dump your NT password database into a new smbpasswd file
and copy it over (securely somehow) to the Samba server to keep the
password databases on the two machines in sync.
The pwdump.exe utility can take a \\machine name as argument, it will
then proceed to dump the password database from that machine instead
of the local machine, if it has sufficient privillages to do so. By
default it will dump the password database of the local machine.
NOTE: The passwords dumped by this utility are 'plain-text equivalent'
in the CIFS protocol and *MUST* be protected. The UNIX security on the
smbpasswd file *MUST* be set to (owner root, permissions rw------- -
ie. read/write owner, no access to anyone else).
Future Enhancements
-------------------
As this code decrypts the obfuscication step in the NT password
database it may be reversed, allowing a lanman and md4 hash to be
written into the NT registry for a user account. This would allow a
UNIX/Samba box to be the master repository for user account details,
and the account passwords to be replicated and 'brute forced' into the
NT password database, bypassing the rather baroque NT API mechanisms.
This code doesn't attempt to do this however, this is left as an
'exercise to the reader' (or an enterprising university somewhere :-).
How it works
------------
This utility takes great pains to maintain NT security as it wanders
through the NT SAM areas of the registry. It will not even run is you
are not running as Administrator. Firstly it goes through and adds the
'minimum necessary change' (see Asimov's 'the End of Eternity' :-) to
allow the program to read the password entries. It dumps the users
entries (see the code for details) and then goes back through the
registry restoring the security on all the keys it touched. I have
tested this code on NT Server/Workstation 4.0 and NT 3.51 and have
never had problems, but as always, this code has *NO GUARANTEE*
associated.
Source code
-----------
The source code for this utility may be found in
[url]ftp://samba.anu.edu.au/pub/samba/pwdump/pwdump.c[/url]
Note that this code needs a DES library to compile. The one I used in
development is Eric Young's excellent DES library found at :
[url]ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-4.01.tar.gz[/url]
which compiles fine under Windows NT. I used Microsoft Visual C++ 4.x
as the compile environment. The code pwdump.exe is provided for people
who do not have a compiler and is a binary of the program for x86 NT
machines (are there any other kind :-).
Please report all bugs to :
Jeremy Allison,
[email]jeremy@valinux.com[/email] 好资料,收集中…..! Linux + Samba 3.0 Alpha 13 (2002-1-11 Release) 取代WinNT 4.0 Server作为企业内部网的域服务器
本文的目的是说明如何通过配置Linux 和 Samba 使其达到如下功能:
取代WinNT 4.0 Server作为域主控服务器,提供NetBIOS浏览,漫游用户配置文件,登陆脚本,基于NT域模型的用户和组管理等。
要注意的是,Samba的目前最新版本(到2002-1-28号止)无法实现如下功能:
1。使用WinNT Server的User Manager添加用户或组(但可用其察看已有的用户和组)
2。与其他PDC建立信任关系(造成在登陆时只能登陆本机和选定的域)
3。作为备份域控制服务器(降低了域的整体性能)
本文不讨论如何配置Samba使其成为文件或打印服务器,也不讨论如何配置Linux的DNS,DHCP服务等。
以下假设Turbo Linux 6.5已被正确安装配置。
1。下载[url]http://www.samba.org/samba/ftp/alpha/samba-3.0-alpha13.tar.gz[/url]至/usr/src,并编译安装。
cd /usr/src
gunzip samba-3.0-alpha13.tar.gz
tar xvf samba-3.0-alpha13.tar
cd samba-3.0-alpha13
cd source
./configure
./make
./make install
2。Samba的缺省安装目录在/usr/local/samba,配置文件在/usr/local/samba/lib/smb.conf,以下逐行解释作为域主控服务器的smb.conf的配置,Samba的配置分段(Section)进行,其中 global,netlogon,printers,homes是几个特殊段,对我们来说,只关心global和netlogon段(homes和printers段用于配置文件和打印共享)。
[global]
netbios name = wqmsmail
# netbios name说明了你要在网上注册的NetBIOS机器名(其实是NetBIOS机器名的可见部分,也就是前15个字符,第16个字符是此NetBIOS名的属性),也就是你在浏览器的网络邻居中看到的机器名。
workgroup = overseas
# workgroup字段的值就是你要建立的域的名字
server string = overseas department samba domain server
# server string字段的值是浏览器中看到的机器名旁的备注字段
log file = /usr/local/samba/var/log.%m
# samba的log文件的位置,%m表示为每一台登陆机器(machine)生成一个log
security = user
# 使用用户级(user)的访问控制。(域主控服务器必须设此项为user)
guest account = ftp
# 用于NetBIOS名字浏览,因为连接IPC$需要一个有效的guest账号.
encrypt passwords = yes
# 进行访问认证(如登陆或访问有口令的共享文件夹)时是要使用加密的口令还是非加密的口令(域主控服务器必须设此项为yes)
max log size = 50
socket options = TCP_NODELAY
# 几个无关紧要的选项,随便设,TCP_NODELAY可以提高些socket的性能
local master = yes
domain master = yes
preferred master = yes
# 这三个选项告诉局域网中的其他域服务器,本台机器将作为域主控服务器(domain master),本地子网域和浏览服务器(local master),而prefered master设为yes将使得samba启动时发出一个重新进行域主控服务器推荐(或说竞争)的网络广播,结合下面的os level,竞争成为域主控服务器。这三个选项有点暧昧,总之,全设为yes就OK。
os level = 65
# Microsoft的每个操作系统都有一个固定的os level,到目前为止最大的是64,所以我们要大过64,设为65,没什么道理好讲。估计设的小于64也行 :-)
domain logons = yes
# 这句话说明了samba将作为域登陆服务器,也就是处理用户登陆的机器。
browse list = yes
# 允许用户浏览网络,如果设为no,在浏览器的网络邻居中将看不到任何机器
wins server = 192.168.1.3
# 设置wins的地址,如果局域网内没有wins服务器,可以将此行改为 wins support = yes从而由samba自己来充当wins服务器,注意wins server和wins support是互斥的选项
announce as = NT
announce version = 4.2
# 这两行的意思是samba要对外宣称(或说伪装)自己是一台什么样的机器,现在我们谎报自己是一台Windows NT Server,版本4.2
add user script = /usr/sbin/adduser -n -c Machine -d /dev/null -s /bin/false %m$
# 这是个较高级的选项,目的是自动添加机器信任账户,所谓机器信任账户是NT中的一个概念,就是每一台登入域的机器必须在域中拥有一个机器信任账户名,这个账户名由机器的NetBIOS名加一个$组成。而 add user script选项将自动完成在/etc/passwd中添加此账户的功能。%m会被动态替换成机器的NetBIOS名
logon path = \%Nprofiles%U
# 此行设置漫游用户配置文件的存放位置,%N表示samba起来后运行samba的机器的NetBIOS名,这里是wqmsmail,而%U将被替换成登陆的用户的用户名,因此假设用户dzzhu在登陆时,客户端(95,NT,2000)将被告知,去\wqmsmailprofilesdzzhu取得你的用户配置方案,而在他Logout时,客户端也会同样把当前的用户配置方案保存进\wqmsmailprofilesdzzhu.由此牵涉到下面一个名为Profiles的段设置。
[Profiles]
path = /usr/local/samba/profiles
create mode = 0600
directory mode = 0770
browseable = no
writeable = yes
guest ok = yes
此Profiles段设置了一个名为profiles的共享,并且是可写的(writeable = yes),但看不见(browseable = no).有了这个段上面logon path的设置就能够找到所谓\wqmsmailprofiles%u的共享,并能自由的读写其中的文件,目录,以实现漫游配置文件。注意:创建的/usr/local/samba/profiles目录要对所有人可读写。
下面说明netlogon段的设置
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/netlogon
guest ok = yes
writable = no
public = no
browseable = no
locking = no
这个段的设置仅仅是要模拟出NT登陆模型中必须的所谓NetLogon登陆共享,也没什么道理,建立好/usr/local/samba/netlogon目录就一切OK了。
以上就完成了linux + samba作为域主控服务器的基本配置,下面说明如何使用。
3。实现NT模型的用户和组管理
A.用户管理
目前的samba在用户和组管理上还不完美,它仍然不能够摆脱Unix的用户认证系统,也就是说,要在域中添加一个用户,将涉及两方面,首先必须添加Unix的用户,使用/usr/sbin/useradd -s /bin/false dummy ,这里用了-s /bin/false 使此用户不能telnet至Unix机器,保持Unix的安全性,然后再使用/usr/local/samba/bin/smbpasswd -a dummy dummypass将用户加入samba的用户数据库/usr/local/samba/private/smbpasswd中。涉及到smbpasswd文件,还有一点,目前的samba有一个限制,就是在客户端申请进入samba域时,会提示用户输入可以添加机器信任账号的管理账号,目前此管理账号只能为root,所以root也必须在smbpasswd中占有一项,希望此项危害安全性的限制能尽早在以后版本中改变。
[从NT迁移到samba]
如何从NT迁移到samba恐怕是一个系统管理员最大的困惑,要将原有NT用户的列表转移到samba中,同时又不想失去每个用户的密码,又想避免一个用户一个用户的重新录入,下面是一种解决办法。
去[url]http://va.samba.org/samba/ftp/pwdump/[/url]下载pwdump工具,一个可以以smbpasswd文件格式导出NT所有用户列表的工具,然后在NT上用Administrator登陆(由于此软件的权限要求),运行pwdump > smbpasswd-notfilt得到域中所有的账号和密码。然后在Unix下编辑一个要加入新域的用户列表hw,每个名字一行,如下
$cat > hw
xlcheng
mhma
zcxu
dzzhu
.
.
.
然后形成smbpasswd-notfilt文件
$for name in `cat hw`; do grep "^$name:" smbpasswd-notfilt >> smbpasswd done
然后加入这些账号到/etc/passwd
$for name_uid in `cat smbpasswd`; do name=`echo $name_uid|cut -d: -f1` uid=`echo $name_uid|cut -d: -f2` /usr/sbin/useradd -u $uid -s /bin/false $name done
B.组管理
samba 3.0 alpha 2起基于NT模型的组管理已基本可用。但界面仍然不友好,你不能够通过NT 4.0的User Manager添加域的用户和组,只能使用一个概念模糊不清的smbgroupedit工具通过对NT和Unix这两个对组的概念和意义定义完全不同的实体间进行所谓的组映射基本实现NT组的功能。比如
(1)要设置一个域管理员组(Domain Admins),首先要在Unix下建立一个Unix组,如winadm,/usr/sbin/groupadd winadm,然后编辑/etc/group加入希望成为域管理员的账户,像下面一样:
winadm:x:2563:root,dzzhu,gjx,fjiang,sliao
然后映射这个winadm组到Domain Admins组中,
root$smbgroupedit -vs|grep "Domain Admins"
Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> -1
root$smbgroupedit -c S-1-5-21-1108995562-3116817432-1375597819-512 -u winadm
(2)加入一个所谓NT本地组(NT local group) pj_wqms,首先也要在Unix下建立一个Unix组,如wqmspj,/usr/sbin/groupadd wqmspj,然后编辑/etc/group加入希望成为域管理员的账户,像下面一样:
wqmspj:x:2567:hling,kyoku,jjiao,gshen
因为不象上面的Domain Admins是samba预先定义的组,pj_wqms是我们要添加的本地组,所以要运行
root$smbgroupedit -a wqmspj -n pj_wqms -tl
总结:如上所述,samba作为一个Open Source的项目已经历经10年,与同样免费的Linux搭配目前已经可以较完美的替代WinNT 4.0 Server作为企业内部网的核心服务器组合,即提高了性能又可大大降低企业内部网络配置的成本。是目前中小企业内部网络构建的另一选择。
附:一个迁移NT账号到Linux下的完整的shell,你需要使用pwdump的输出作为此shell的输入
# !/bin/sh
#
# function : help create unix /etc/passwd accounts and also ./smbpasswd file
# from your NT domain accounts ,need root to run this, and after
# run this script,you must run "smbpasswd root" to set root password
#
# usage : adduser userlistfile pwdumpoutputfile
#
# output : will create a file "smbpasswd" in current directory
#
# author : dzzhu/EBT 2002.2.1 tested in turbolinux 6.5
#
# please note there is no guarantee for this shell
#set -x
#myverbose="no"
myverbose="yes"
myout()
{
[ $myverbose = "yes" ] && echo $1
}
if [ $LOGNAME != "root" ]; then
echo "you need to be root to run this script"
exit 1
fi
if [ $# -lt 2 ]; then
echo "Usage: $0 userlistfile pwdumpoutputfile."
exit 1
fi
if [ ! -s $1 -o ! -s $2 ]; then
echo "invalid parameter,make sure files exist and not empty."
exit 0
fi
echo "root:0:********************************:********************************:::" > ./smbpasswd
myout "root account has been added to ./smbpasswd"
chmod 600 ./smbpasswd
for name in `cat $1`; do
grep "^$name:" $2 > /dev/null 2>&1
if [ $? -eq 0 ]; then
info=`grep "^$name:" $2`
grep "^$name:" /etc/passwd > /dev/null 2>&1
if [ $? -eq 1 ]; then
uid=`echo $info | awk -F : '{printf $2}' `
/usr/sbin/useradd -n -c "Samba helper account" -d /dev/null -s /bin/false -u $uid -g 100 $name
myout "$name account has been added to /etc/passwd"
fi
echo $info >> ./smbpasswd
myout "$name account has been added to ./smbpasswd"
fi
done
exit 0 好文章啊,不过网上也有不少相同类的教程! 微软有出来篇关于怎么将windows的用户给导出来的文章。
这样导出来后,再使用ldap导入到linxu里就可以了,具体的没有仔细看。
页:
[1]