From owner-freebsd-isp@FreeBSD.ORG Sat May 24 16:07:22 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D739037B401 for ; Sat, 24 May 2003 16:07:22 -0700 (PDT) Received: from loops.nilpotent.org (loops.nilpotent.org [12.17.163.70]) by mx1.FreeBSD.org (Postfix) with SMTP id E19C743F75 for ; Sat, 24 May 2003 16:07:21 -0700 (PDT) (envelope-from fn@hungry.org) Received: (qmail 10385 invoked from network); 24 May 2003 23:07:20 -0000 Received: from unknown (root@203.215.181.53) by loops.nilpotent.org with QMTP; 24 May 2003 23:07:20 -0000 Received: (qmail 949 invoked by uid 500); 24 May 2003 23:05:16 -0000 To: etienne@unix.za.org References: <200305222205.42277.etienne@unix.za.org> X-nil: X-Useless-info: System load is 0.08 with 65 processes active. X-Neuromancer: You wanna wait? From: Faried Nawaz Organization: Integral Domains User-Agent: Gnus/5.090019 (Oort Gnus v0.19) XEmacs/21.4 (Artificial Intelligence, berkeley-unix) Date: Sun, 25 May 2003 04:05:16 +0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-isp@freebsd.org Subject: Re: migrating users from an exchange server to a unix mailserver. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 May 2003 23:07:23 -0000 Etienne Ledoux writes: > - Is it possible to authenticate exchange type usernames (domain\username) > in a unix mail enviroment. If so what should I use etc. There are several ways of doing this, but they all require you to hack on some code. #1: Use /usr/ports/security/pam_smb to authenticate the users. You may need to hack your POP server to use PAM. This is probably the cleanest solution. #2: Hack your POP server to read in the username/password, and then connect to the exchange server to authenticate them. Works okay as long as you fork off a POP server instance for every connecting client. #3: Install samba on your mail server, add the machine to your Windows domain, and hack your POP server to use libsmbclient. This is a variant of #1. #4: /usr/ports/www/squid has some NT authentication code as a separate module. You could hack your POP server to make use of that. > - I would like to do this and still keep the user info in the mysql db, > this will eventually be linked to the rest of the customer db with billing > info etc. which is also kept in a mysql db. By "user info" I assume you mean username ("domain\user") and password. I don't know how you can make your mysql db your authoritative authentication source if users can change their password elsewhere (ie, by changing it on the Windows domain). Perhaps someone else can chime in here... Now, moving mail across is a lot easier. I see Jeff Lynch has mailed a script to do this. I had to do something similar, essentially, when I shifted my users over from an old Lotus Notes server to a qmail+vpopmail system (only my code used IMAP to move mail, not POP). Using any of the above schemes, you can grab the username/password, and then use that info to move mail over. Faried. -- The Great GNU has arrived, infidels, behold his wrath ! "If a MOO runs on a port no one accesses, does it run?"