Now you have finished the installation of VmWare Server, and can connect with the VmWare Console to the machine to setup a virtual machine.
Install Windows 2003 and Exchange 2003.
Some tips if you are a home user like me:
- If your IP is known to be a dynamic one, do not send e-mail directly to others. Relay your mail through your ISP’s mail server which is probably not dynamic. This can prevent that your mail will be classified as spam by others.
- If you do not use the same domain in Exchange as your FQDN ( fully Qualified Domain Name ), you should masquerade all e-mail as your FQDN. This will also save you a lot of spam points, because spamfilters tend to lookup the server FQDN when it connects to them. If the FQDN of the connecting server does not exist in DNS, you probably get more spam points.
Both options can be found in Exchange System Manager -> servers -> SMTP -> properties of Default virtual SMTP server:
The 192.168.0.xx should be the IP adress of your Exchange Virtual Machine.
Next, the real pain in the ass: Samba + kerberos
Get your self a fresh copy of the latest samba, heimdal and openldap sources.
Extract the heimdal package and compile it:
./configure
make && make install
Next openldap:
./configure
make depend && make && make install
And finaly samba(3). You will need it to compile with ldap, Active Directory Support, kerberos, winbind and pam:
./configure –with-krb5
–with-winbind
–with-ads
–with-ldap
–with-pam
make && make install
!! Do not delete your samba source directory, you will be needing it later !!
You should now have installed all necessary packages. Before continuing make sure your windows 2003 server is started.
Add to your /etc/resolv.conf the IP adress of the windows 2003 server. This way the Kerberos libraries can fetch some DNS settings out of windows 2003 wich make it easier to configure.
Next: Configuring Samba.
The following configuration works for me, so it should work for you too 
workgroup = AD
realm = AD.ALLABOUTSECURITY.NET
server string = %h server (Samba, Ubuntu)
security = ADS
winbind separator = +
auth methods = winbind
password server =
obey pam restrictions = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
wins server =
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = yes
invalid users = root
server signing = auto
client signing = auto
client use spnego = no
client schannel = no
To add shares which authenticates windows 2003 users, use the following setup:
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = @”AD+domain users”
read only = no
create mode = 0600
directory mode = 0700
This gives users who are a member of the domain users group access to that share. If you would like to give just a person rights this would be “AD+ t.waters”@
So far, so good. Next we will be joining our samba machine into the Active Directory. This, and configuring PAM to authenticate took me most of the time. I can only give you the configuration samples I have right now, because I changed to much to remember how I got it working Please let me know if you have a full description.
Anyway, this is what I think should be done to get it working:
Kinit Administrator@YOUR_DOMAIN
/path/to/samba/bin/net ads join “Active directory\Organization Unit you like”
In the active Directory there should be created a new member server( probably with your hostname ).
Did you delete your samba source directory already? Tobad! Start over, because we needed some files that strangly where not copied by the install script and thus we need to do it manualy.
cp /samba/source/dir/source/nsswitch/libnss_winbind.so /lib
cp /samba/source/dir/source/nsswitch/pam_winbind.so /lib/security
The next thing we will do is giving samba rights in PAM to use Active Directory authentication. We will be doing this by adding the following lines to /etc/pam.d/samba:
auth required /lib/security/pam_winbind.so
account required /lib/security/pam_winbind.so
And furthermore to allow linux to get account information from windows 2003 we change the /etc/nsswitch.conf to:
passwd compat winbind
group compat winbind
This should be it! start nmbd and winbind, and verify your setup works by entering getent group. This should give you a complete list of the groups on your system, plus on the end of the list all groups in Active Directory. You now should be able to logon to samba with an Active Directory account.
Outlook Web Access
Normally you do not have two Global IP address ( on the internet ). So how should you use OWA and OMA then?
Simple: Let Apache proxy all requests:
ServerAdmin Postmaster@yourdomain.com
DocumentRoot /mnt/data/http/mail/htdocs
ServerName mail.yourdomain.com
ErrorLog /var/www/mail/logs/mail_error_log
CustomLog /var/www/mail/logs/mail_custom_log common
ProxyRequests Off
ProxyVia On
ProxyPass /exchange http://exchange_IP/exchange
ProxyPassReverse /exchange http://exchange_IP/exchange
ProxyPass /Exchange http://Exchange_IP/exchange
ProxyPassReverse /Exchange http://Exchange_IP/exchange
ProxyPass /exchweb http://Exchange_IP/exchweb
ProxyPassReverse /exchweb http://Exchange_IP/exchweb
ProxyPass /public http://Exchange_IP/public
ProxyPassReverse /public http://Exchange_IP/public
ProxyPass /iisadmpwd http://Exchange_IP/iisadmpwd
ProxyPassReverse /iisadmpwd http://Exchange_IP/iisadmpwd
ProxyPass /oma http://Exchange_IP/oma
ProxyPassReverse /oma http://Exchange_IP/oma
RewriteEngine On
RewriteMap percentsubject int:escape
RewriteCond $1 ^/exchange/.*\%.*$
RewriteRule (/exchange/.*) ${percentsubject:$1} [P]
ProxyPreserveHost On
To make this work you should load the modules proxy and rewrite in apache.
Resources