dovecot - Apr 2005 - dovecot + postfix + active directory

hi list,


          I'm just curious if someone succesfully done dovecot 
authentication of Active directory and I will appreciage any link in 
this regards



Thanks

Askar

I don't know if there are any howto in the net, but I had it configured 
and working, so I will give you some little tips.

I tested this configuration on Fedora Core 3 and SuSE Prof. 9.2, with 
dovecot 0.99

- Create a Linux user named "vmail" or similar (all virtual mailboxes 
will be in a dir. under this user's home or under a directory owned by 
this user).

- Postfix side: you must use virtual mailbox delivery (one Linux user 
"vmail", multiple virtual mailboxes), see the Postfix distribution 
readme files (README_VIRTUAL if I remember well).

- Dovecot side: use pam as password database and use static as user 
database (with same uid and gid as Postfix virtual mailbox user).

- Pam side: in /etc/pam.d add/modify a "dovecot" file containing:

auth      required  pam_krb5.so no_user_check
account      required  pam_permit.so


- Last: you must verify that you have installed Kerberos 5 clients and 
libraries, then edit your /etc/krb5.conf like this (CASE SENSITIVE!):

[libdefaults]
 clockskew = 300
 default_realm = YOUR.AD.DOMAIN
# default_etypes = des-cbc-crc
#       default_etypes_des = des-cbc-crc
# dns_lookup_realm = false
# dns_lookup_kdc = false

[realms]
your.ad.domain = {
 kdc = your_dc_server.your.ad.domain
 default_domain = YOUR.AD.DOMAIN
 kpasswd_server = your_dc_server.your.ad.domain
}

[domain_realm]
 .your.ad.domain = YOUR.AD.DOMAIN

[logging]
 default = SYSLOG:NOTICE:DAEMON
 kdc = FILE:/var/log/kdc.log
 kadmind = FILE:/var/log/kadmind.log

[appdefaults]
pam = {
 ticket_lifetime = 1d
 renew_lifetime = 1d
 forwardable = true
 proxiable = false
 retain_after_close = false
 minimum_uid = 0
 debug = false
}

You can test Kerberos authentication with the command "kinit 
username at YOUR.AD.DOMAIN"

Good luck!

-- 
___________________________________________________________________

Ing. PAOLO BASENGHI :::: Systems & Networking Engineer
p.basenghi at netribe.it
???????????????????????????????????????????????????????????????????
NETRIBE srl :: Collaborative E-Business
42100 :: Reggio Emilia :: Italy :: Via della Costituzione, 27/4
ph. +39 0522 232378 :: fax +39 0522 232386 :: http://www.netribe.it
???????????????????????????????????????????????????????????????????
???????????????????????????????????????????????????????????????????
Le informazioni contenute in questa comunicazione sono riservate e
destinate esclusivamente alla/e persona/e o all'ente sopra indicati.
? vietato ai soggetti diversi dai destinatari qualsiasi uso, copia,
diffusione di quanto in esso contenuto sia ai sensi dell'art. 616
c.p., sia ai sensi della legge 196/2003. Se questa comunicazione vi
? pervenuta per errore, vi preghiamo di rispondere a questa mail e
successivamente cancellarla dal vostro sistema.
???????????????????????????????????????????????????????????????????



Askar wrote:
> hi list,
>
>
>          I'm just curious if someone succesfully done dovecot 
> authentication of Active directory and I will appreciage any link in 
> this regards
>
>
>
> Thanks
>
> Askar

I've got it to work (in testing) with PAM and pam_ldap in Solaris 8. 
The user account info is stored in NIS (i.e. userdb=passwd), though. 
We're not using postfix.

Best Wishes,
Chris

On Mon, 11 Apr 2005 13:26:04 +0600 Askar <askar at askarali.info> wrote:
> hi list,
> 
> 
>           I'm just curious if someone succesfully done dovecot 
> authentication of Active directory and I will appreciage any link in 
> this regards
> 
> 
> 
> Thanks
> 
> Askar
> 
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+--
Christopher Wakelin,                                c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading,       Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 2AF, UK                   Fax: +44 (0)118 975 3094