Koozali.org: home of the SME Server
Obsolete Releases => SME Server 8.x => Topic started by: jameswilson on April 04, 2012, 03:55:13 PM
-
Hi all
I have added a sme server to our work network with the aim of using it for spam filtering and AV for the MS exchange server. I also want to use it as a file server to take the load of the sbs.
However i want to add the sme server to the domain so that i can use AD to authenticate users. Also i want to use MS backup to backup the SBS to the SME.
Im lost on both. I have seen a contrib called adv samba but it appears to not be on 8. ANy ideas on how i can achieve this or a workable solution?
Thanks
James
-
However i want to add the sme server to the domain so that i can use AD to authenticate users.
I don't know that anyone has done the work to make that possible.
-
However i want to add the sme server to the domain so that i can use AD to authenticate users.
There is a contrib called "Advanced Samba", maybe that is helpful.
Active Directory domain member
This server role is nearly identical to the domain member server role except that in this server role, SME Server will have access to Active Directory services provided by an Active Directory server.
It should be noted that this contrib is a work in progress. Preliminary support is provided for all Server Roles and full support for a selection of them, as detailed below. In time, all server roles listed here in will be fully supported by this contrib.
http://wiki.contribs.org/Advanced_Samba (http://wiki.contribs.org/Advanced_Samba)
-
Thanks FP seem to be getting closer.
However i have joined the domain but now cannot browse the sme server from windows
i get
[2012/04/04 20:53:43.340967, 0] auth/auth_domain.c:188(connect_to_domain_password_server)
connect_to_domain_password_server: unable to open the domain client session to machine SECURE-QSERVER. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
[2012/04/04 20:53:43.342239, 0] rpc_client/cli_pipe.c:3940(get_schannel_session_key_common)
get_schannel_session_key: could not fetch trust account password for domain 'SECUREITALL'
[2012/04/04 20:53:43.342491, 0] rpc_client/cli_pipe.c:4163(cli_rpc_pipe_open_schannel)
cli_rpc_pipe_open_schannel: failed to get schannel session key from server SECURE-QSERVER for domain SECUREITALL.
[2012/04/04 20:53:43.342590, 0] auth/auth_domain.c:188(connect_to_domain_password_server)
connect_to_domain_password_server: unable to open the domain client session to machine SECURE-QSERVER. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
[2012/04/04 20:53:43.342793, 0] auth/auth_domain.c:289(domain_client_validate)
domain_client_validate: Domain password server not available.
-
Have given up on using this sme to replace the sbs. To many things on sbs so looking at it a different way now.
I am using affa to backup the essential network shares. Im then backing up to local drive using the sbs backup tool. This is then shared and also backedup to the local sme.
II have then got 2 off site sme boxes also running affa and backing up the local sme once a week.
I cant get the speed benefits of using sme as my file server but backup was the primary goal.
Next up now is to get sme running the routing side, and being the email gateway, ie using it for spam and virus checking. Ill do a search as over the years ive seen this discussed, but if anyone has any good links id appriciate it.
By the way no issues at all so far with this pretty much RC sme 8.
-
Just wondered if i can backup emails (well ideally all of exchange) maybe into pst files weekly etc.
I cant seem to see a way of doing this unless sme is handling the email, but i need exchange due to using outlook on the desktops and also using blackberry BES
-
Just wondered if i can backup emails (well ideally all of exchange) maybe into pst files weekly etc.
AFAIR exchange has a feature to export mailbox into pst.. you should search in M$ kb..
-
jameswilson
Next up now is to get sme running the routing side, and being the email gateway, ie using it for spam and virus checking. Ill do a search as over the years ive seen this discussed, but if anyone has any good links id appriciate it.
Just configure the sme in server gateway mode and away you go.
then follow this
http://wiki.contribs.org/SME_Server:Documentation:FAQ#Internal_Mail_Servers
See also this thread
http://forums.contribs.org/index.php/topic,28488.msg118345.html#msg118345
Note you do not need to setup the Exchange users on sme.
There are clever functionality hooks between sme & the Exchange server courtesy of Gordon Rowell, refer to some old bugzilla posts or I think the devinfo mailing list, search.
This thread answers some/all of it
http://forums.contribs.org/index.php/topic,35532.msg155592.html#msg155592
See particularly this post
http://forums.contribs.org/index.php/topic,35532.msg155693.html#msg155693
-
Fantastic
Nearly done thankyou Mary great and useful post.
I have now put my sme as the router, it is recieving and forwarding email perfectly. However my exchnage server wont send email it just keeps saying relaying denied.
as it is no longer public i have tried to allow it to relay but it keeps saying the same. I know this isnt a SME issue (or at least dont think it is) but im obviosly missing a step somewhere.
James
-
However my exchnage server wont send email it just keeps saying relaying denied.
as it is no longer public i have tried to allow it to relay but it keeps saying the same.
Did you read
http://forums.contribs.org/index.php/topic,28488.msg118443.html#msg118443
- Configure the Exchange server to use the SME Server as the upstream mail host
-
Did you read
http://forums.contribs.org/index.php/topic,28488.msg118443.html#msg118443
- Configure the Exchange server to use the SME Server as the upstream mail host
Those instructions are quite old. Exchange can no longer use SME Server as the upstream mail host without being configured to use authentication. You really have three choices here:
- don't configure it to relay via SME server
- configure SME server to allow it to relay without authentication (not sure how to do that)
- configure Exchange to authenticate, which requires setting up a username and password for it on SME server.
-
- configure Exchange to authenticate, which requires setting up a username and password for it on SME server.
Spot on charlie. Configured that in the smtp small business connector emails now going out a treat.
Many thanks all
-
Please add [SOLVED] to the thread Subject.
-
done
thank you sir
James
-
done
No, that's only the last message in the thread, not the thread subject. See:
http://forums.contribs.org/index.php/board,26.0.html
-
Done it for you.
-
sorry
and thanks
-
Nothing to be sorry about, I am still to find out an easy way to modify the subject of a topic....
-
Not sure if i should reopen this one. It is sort of solved but i have now found out that our remote workers have to use the vpn to sync their outlook as the rpc over http no longer works. I have added the /rpc to the proxy pass fragment but it doesnt seem to work.
I have found a pot on here where they were struggling too but no positive outcome in that thread.
James
-
jameswilson
Search here on OWA, for info re how to use that in this type of sme/exchange scenario. The answers may assist.
Perhaps you need to setup port forwarding from sme to the exchange server for these other services.
-
I have the owa working a treat with proxy pass, its just the rpc bit
-
jameswilson
A 10 second search found this
http://forums.contribs.org/index.php/topic,46215.msg226319.html#msg226319
-
Mary
Thanks but ive seen that. It refers to forwarding port 443 wholesale and not using proxy pass.
I would prefer to keep the security of sme rather than port forward.
-
jameswilson
Charlie seemed to indicate in that thread, there was no reason why proxypass should not do the job for you.
If it does not work as required, then perhaps lodge a bug report, I think having exchange behind sme is a popular requirement & therefore a valid enough request for developers to look at/fix, so others will benefit too.
There was another search result that also referred to changing the port on exchange, but that still requires forwarding of a different port, so may not fit your security model.
Perhaps you should/could also look at configuring your sme gateway in static IP mode, and setting up a DMZ, perhaps that will give you the gateway functionality plus the security for exchange.
That concept is mentioned in some of the search results, and sme expert installers (onsellers) often use that approach.