我将Windows 2008配置为Exchange2010服务器,其具有域Example.com,另一个Windows 7客户端作为Exchange2010客户端。 服务器IP地址为192.168.0.76,同时客户端IP地址为192.168.0.176。
我们都知道,当客户端请求Exchange2010服务器时,我们可以通过kerberos身份验证进行配置。 客户端可以从Windows 2008的KDC获取Ticket。有关更多详细信息,客户端可以通过Windows 2008的KDC中的kerberos的TGS_REP消息获取加密的Service_key。
在这种情况下,我有一个想法是我们在组织中将Red Hat Linux配置为域控制器以获取加密的Service_key。 Red Hat Linux的ip地址是192.168.0.149。 Red Hat Linux用作域控制器,它具有KDC的功能,而不是Windows 2008服务器的KDC的功能。
我的第一个问题是那是我的想法可行吗? 或者如果不可行,我该如何获得service_key?
我的第二个问题是Red Hat Linux安装了samba,samba可以用作域控制器,samba如何从Windows Server2 008获取同步用户的信息以及密码和Ticket信息?
I configure the windows 2008 as Exchange2010 server, which has domain Example.com, and the other Windows 7 client as Exchange2010 client. The Server IP address is 192.168.0.76 , meanwhile the client IP address is 192.168.0.176.
We all know that, when the the client request to the Exchange2010 server, we can configure it through kerberos authentication. The client can get the Ticket from the KDC of Windows 2008. For further detail, the Client can get the encrypted Service_key through the TGS_REP message of kerberos from the KDC of Windows 2008.
Under these circumstances, I have an idea is that we configure Red Hat Linux as Domain Controller in my organisation to get the encrypted Service_key. The Red Hat Linux ip address is 192.168.0.149. The Red Hat Linux used as Domain Controller, which has the function of KDC instead of the function of Windows 2008 server’s KDC.
My first question is that is that is my idea feasible? Or if it not feasible, how can I get the service_key?
My Second question is that the Red Hat Linux has samba installed, and the samba can used as domain controller, how can samba get the synchronize user’s informations as well as password and Ticket informations from Windows Server2 008?
最满意答案
Exchange 2010期望的域控制器功能只能由Active Directory域控制器提供。 RHEL因为它无法提供RHEL上提供的Samba版本。 请注意,Exchange 2010服务器不仅需要来自域控制器的Kerberos KDC。
Samba项目从Samba 4.0开始实现类似AD DC的功能。 有一些关于实施的细节; 特别是,Samba 4.x还不能用MIT Kerberos KDC(在RHEL上可用)编译,以提供类似AD DC的设置。 RHEL 6.x中的samba4软件包版本仅适用于FreeIPA身份管理解决方案(尚不能用于托管Exchange服务器)。
唯一的其他解决方案是使用嵌入式Heimdal Kerberos KDC自行编译和配置Samba 4.x,如http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO所述。 但是,这种配置不属于受支持的RHEL设置,至少对我的理解是这样。
The domain controller functionality which Exchange 2010 expects can only be provided by an Active Directory Domain Controller. RHEL as it is cannot provide it with the Samba version that is available on RHEL. Please note that Exchange 2010 server expects more than just Kerberos KDC from a domain controller.
Samba project implements AD DC-like functionality starting with Samba 4.0. There are some details as to implementation; in particular, Samba 4.x cannot yet to be compiled with MIT Kerberos KDC (available on RHEL) to provide AD DC-like setup. The version of samba4 packages in RHEL 6.x is only suitable for using with FreeIPA identity management solution (which cannot yet be used to host Exchange server).
The only other solution would be to compile and configure Samba 4.x by yourself, using embedded Heimdal Kerberos KDC, as described http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO. However, this configuration would fall outside of a supported RHEL setup, at least for my understanding.
更多推荐
发布评论