use win2003 active directory as username/password validator?

Started by lurker, September 02, 2004, 10:00:29 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

lurker

September 02, 2004, 10:00:29 PM
Hi,
I have not even started installing matts toaster and if I do, I most likely will just hire matt to do it for me as I really dont know much about freebsd and dont think a production mail server would be the place to learn....in the mean time, I need to figure out a few things in order to decide how it all would be done at the end.

1) we currently use Win 2003 active directory with exchange.....we have about 300 users.  Is it possible to migrate (using scripts probably from exchange to the toaster solution?)
2) is it possible to validate users directly from active directory instead of locally? is there a script to this?  That way there would only be one set of usernames and passwords instead of two lists.
3) if the neither of the above is possible, then would it be possible to have the mail toaster import a list of usernames and then create an account plus a temporary pasword? this we could print (along with instructions) on individual pieces of paper which would be given to each user....then the user would log on and on the first login the system would require an inmediate password change (thats how it was done in the college I went to).
4) if none of the above work, what would you reccomend for a mass user migration assuming all you have is a long list of usernames?

thank you.
lurky

matt

#1
September 04, 2004, 07:39:42 AM
lurker

Hi,
1) we currently use Win 2003 active directory with exchange.....we have about 300 users.  Is it possible to migrate (using scripts probably from exchange to the toaster solution?)


Last I knew, there was no easy way to pull the passwords out of the active directory, but the Mail::Toaster supports password learning, so you can simply build the toaster with learning support (the default), create all the users on the toaster, and let it learn their passwords the first time they authenticate.

lurker


2) is it possible to validate users directly from active directory instead of locally? is there a script to this?  That way there would only be one set of usernames and passwords instead of two lists.


Is it possible,  yet. Anything is possible. However, it's not supported at the moment.

lurker


3) if the neither of the above is possible, then would it be possible to have the mail toaster import a list of usernames


That's easy.

Matt

lurker

#2
September 04, 2004, 01:45:46 PM
Maybe I dont understand what password learning means....but how would you avoid users from entering with somebody elses username and putting in a password (for fun, with evil intentions, etc)?

donavan

#3
September 07, 2004, 11:27:53 AM
Its a gem for moving domains. Basically when the acct is created the password is blank. Any password will be accepted the first time a user logs in. That password will also be permanantly set for the users account. If you can just get a list of usernames its very simple to use the password learning.

Also, you might want to check out an LDAP Auth solution. Win AD is basically a mutated LDAP from hell, you might be able to hack the standard Qmail LDAP to work with it.
Print
Go Up Pages1
User actions