85
edits
Changes
From SME Server
Jump to navigationJump to searchEmail - Setting up E-mail clients for SME 8.0 (view source)
Revision as of 00:12, 5 February 2011
, 00:12, 5 February 2011Created page with '==Why This Is Needed== From SME 8.0beta6 onwards, standard, unauthorised access to SMTP on Port 25 has been prevented, by design, even for users in the local network, and replac…'
==Why This Is Needed==
From SME 8.0beta6 onwards, standard, unauthorised access to SMTP on Port 25 has been prevented, by design, even for users in the local network, and replaced with SSL authorised access on Port 25. At the same time the security arrangements in standard Windows Email clients, such as Outlook, have been beefed up. The result is that setting up such clients to successfully authorise against SME-Server SMTP has become a little complicated. This Howto is intended to give step-by-step instructions.
The same sequence of steps should apply to most other Email Clients, although the locations of the settings may vary.
==Assumptions==
This Howto was researched and tested on a systems where the server is used as the SMTP server for the network. Systems with a Smarthost configured should work in the same way because the fundamental principle is to allow clients to authorise to the SME Server before mail is accepted for transmission. Perhaps someone with such a system can check and confirm this assumption.
{{Level|medium}}
==Things to do in the Server Manager==
Login to the server manager at http://your_server_address/server-manager and click on the menu item '''Email'''. Then click the button labelled ''''Change e-mail reception settings.''''
Change 'SMTP authentication' to 'Allow both SMTP and SSMTP' and save the new settings.
===Domain Login===
A Domain login lets users login without admin setting up each user first.
====Client configuration====
apt-get install winbind libpam-mount
nano -w /etc/samba/smb.conf
workgroup = 'Your Windows workgroup' # probably correct, you set this during install
security = domain # edit, set to user
wins server 192.168.1.1 # edit, to your server IP
;password server = * # remove line
winbind uid = 10000-20000
winbind gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%U
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 10
winbind separator = /
winbind use default domain = yes
acl compatibility = winnt
nano -w /etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat winbind
hosts: files wins dns
nano -w /etc/pam.d/common-account
account sufficient pam_winbind.so
account required pam_unix.so
nano -w /etc/pam.d/common-auth
auth required pam_mount.so
## will validate ONLY off of network
#auth required pam_winbind.so use_first_pass
## will validate off of EITHER network or local passwd db
auth sufficient pam_winbind.so use_first_pass
auth required pam_unix.so use_first_pass
nano -w /etc/pam.d/common-session
session required pam_unix.so
session required pam_mkhomedir.so umask=0022 skel=/etc/skel/
session optional pam_mount.so
optional, do later if needed, add to
nano -w /etc/hosts
192.168.1.1 YourServername
/etc/init.d/samba restart
/etc/init.d/winbind restart
If you misconfigure a file and lock yourself out of the workstation <br>
hit spacebar at the grub prompt <br>
change to root=(leave as is) single <br>
login as root and check your config files
====Connect to domain====
on SME 7.3 and above
On the client [''Workgroup'' is your SME Server Workgroup]
and admin may be any user in the 'domain-admin' group
net rpc join -D '''WorkGroup''' -U admin
Log out, and now you should have all your SME Users in your login 'user list'
====Mounting Shares====
pam_mount works well if you use domain logins, other methods are too much trouble.
mount your server home directory and ibays
nano -w /etc/security/pam_mount.conf
volume * smbfs servername & /home/&/Desktop/& uid=&,gid=10000,dmask=0700 - -
volume * smbfs servername ibay1 /home/&/Desktop/ibay1 uid=&,gid=10000,dmask=0700 - -
===Printing===
Printing to your SME Server depends on your printers being supported by cups
'''cupsd'''
When you install mepis, when asked you should elect to run cupsd
check and if necessary change with
ls -la /etc/rc5.d/???cupsys
cd /etc/rc5.d
mv K??cupsys S20cupsys
'''Configure printer'''
K menu > Settings > Peripherals > Printers
Administrator Mode
Add Printer > SMB Printer > Normal Account, and enter your SME username and password
Enter your workgroup, servername, and printer name as setup in the /server-manager workgroup and printer panels
Select your Printer from the cups database, check settings and print a test page
Enter the rest of wizard details to suit.
You can monitor your cups printers at YourClientIP:631
===Ident===
If using Ident Authentication for browsing
apt-get install ident2
===PPTP Connection===
When you install mepis, when asked you should elect to run ppp
To Connect to a remote SME Server
apt-get install pptp-linux kvpnc
K menu > Internet > Connection > VPN Client
===Applications===
*Install VMware, http://www.mepis.org/docs/en/index.php/VMWare#MEPIS_7.0
*Install a subversion client, synaptic -> kdesvn
*Enable mp3 & multimedia
:Synaptic > settings > repositories. Activate the repository for Debian-Multimedia
:Then install Libdvdcss2 and w32codecs
===Settings===
*Thunderbird, to enable links in email
:Advance,General,Config Editor, Right Click, New > String
: preference=network.protocol-handler.app.http, string=firefox
: preference=network.protocol-handler.app.https, string=firefox
*Enable Numlocks
:http://www.mepis.org/node/6937
----
[[Category:Howto]]
[[Category:Administration]]
From SME 8.0beta6 onwards, standard, unauthorised access to SMTP on Port 25 has been prevented, by design, even for users in the local network, and replaced with SSL authorised access on Port 25. At the same time the security arrangements in standard Windows Email clients, such as Outlook, have been beefed up. The result is that setting up such clients to successfully authorise against SME-Server SMTP has become a little complicated. This Howto is intended to give step-by-step instructions.
The same sequence of steps should apply to most other Email Clients, although the locations of the settings may vary.
==Assumptions==
This Howto was researched and tested on a systems where the server is used as the SMTP server for the network. Systems with a Smarthost configured should work in the same way because the fundamental principle is to allow clients to authorise to the SME Server before mail is accepted for transmission. Perhaps someone with such a system can check and confirm this assumption.
{{Level|medium}}
==Things to do in the Server Manager==
Login to the server manager at http://your_server_address/server-manager and click on the menu item '''Email'''. Then click the button labelled ''''Change e-mail reception settings.''''
Change 'SMTP authentication' to 'Allow both SMTP and SSMTP' and save the new settings.
===Domain Login===
A Domain login lets users login without admin setting up each user first.
====Client configuration====
apt-get install winbind libpam-mount
nano -w /etc/samba/smb.conf
workgroup = 'Your Windows workgroup' # probably correct, you set this during install
security = domain # edit, set to user
wins server 192.168.1.1 # edit, to your server IP
;password server = * # remove line
winbind uid = 10000-20000
winbind gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%U
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 10
winbind separator = /
winbind use default domain = yes
acl compatibility = winnt
nano -w /etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat winbind
hosts: files wins dns
nano -w /etc/pam.d/common-account
account sufficient pam_winbind.so
account required pam_unix.so
nano -w /etc/pam.d/common-auth
auth required pam_mount.so
## will validate ONLY off of network
#auth required pam_winbind.so use_first_pass
## will validate off of EITHER network or local passwd db
auth sufficient pam_winbind.so use_first_pass
auth required pam_unix.so use_first_pass
nano -w /etc/pam.d/common-session
session required pam_unix.so
session required pam_mkhomedir.so umask=0022 skel=/etc/skel/
session optional pam_mount.so
optional, do later if needed, add to
nano -w /etc/hosts
192.168.1.1 YourServername
/etc/init.d/samba restart
/etc/init.d/winbind restart
If you misconfigure a file and lock yourself out of the workstation <br>
hit spacebar at the grub prompt <br>
change to root=(leave as is) single <br>
login as root and check your config files
====Connect to domain====
on SME 7.3 and above
On the client [''Workgroup'' is your SME Server Workgroup]
and admin may be any user in the 'domain-admin' group
net rpc join -D '''WorkGroup''' -U admin
Log out, and now you should have all your SME Users in your login 'user list'
====Mounting Shares====
pam_mount works well if you use domain logins, other methods are too much trouble.
mount your server home directory and ibays
nano -w /etc/security/pam_mount.conf
volume * smbfs servername & /home/&/Desktop/& uid=&,gid=10000,dmask=0700 - -
volume * smbfs servername ibay1 /home/&/Desktop/ibay1 uid=&,gid=10000,dmask=0700 - -
===Printing===
Printing to your SME Server depends on your printers being supported by cups
'''cupsd'''
When you install mepis, when asked you should elect to run cupsd
check and if necessary change with
ls -la /etc/rc5.d/???cupsys
cd /etc/rc5.d
mv K??cupsys S20cupsys
'''Configure printer'''
K menu > Settings > Peripherals > Printers
Administrator Mode
Add Printer > SMB Printer > Normal Account, and enter your SME username and password
Enter your workgroup, servername, and printer name as setup in the /server-manager workgroup and printer panels
Select your Printer from the cups database, check settings and print a test page
Enter the rest of wizard details to suit.
You can monitor your cups printers at YourClientIP:631
===Ident===
If using Ident Authentication for browsing
apt-get install ident2
===PPTP Connection===
When you install mepis, when asked you should elect to run ppp
To Connect to a remote SME Server
apt-get install pptp-linux kvpnc
K menu > Internet > Connection > VPN Client
===Applications===
*Install VMware, http://www.mepis.org/docs/en/index.php/VMWare#MEPIS_7.0
*Install a subversion client, synaptic -> kdesvn
*Enable mp3 & multimedia
:Synaptic > settings > repositories. Activate the repository for Debian-Multimedia
:Then install Libdvdcss2 and w32codecs
===Settings===
*Thunderbird, to enable links in email
:Advance,General,Config Editor, Right Click, New > String
: preference=network.protocol-handler.app.http, string=firefox
: preference=network.protocol-handler.app.https, string=firefox
*Enable Numlocks
:http://www.mepis.org/node/6937
----
[[Category:Howto]]
[[Category:Administration]]
