Hello, I have successfully used dovecot 1.0 Beta 9 to do SASL authentication for postfix using the unix passwd/shadow files. I need to authenticate with a windows 2003 server using active directory. My system does not support PAM (I'm using slackware) so I cannot take that route. I do not need to use dovecot for POP or IMAP at the present time and so I would like to avoid modifying my active directory schema. Dovecot seems to be communicating with the active directory server, however it is sending an authentication failure to postfix: postfix/smtpd[24540]: warning: unknown[XXX.XXX.XXX.X]: SASL LOGIN authentication failed: UxxvcmxxQ6 I don't see any messages in the log from dovecot. Here is my dovecot-ldap.conf: hosts = 192.168.1.2:389 dn = "cn=dovecot,cn=Users,dc=DOM,dc=local" dnpass = "password" auth_bind = yes ldap_version = 3 base = cn=Users,dc=DOM,dc=local deref = never scope = subtree default_pass_scheme = CRYPT user_global_uid = 900 user_global_gid = 900 Can someone point out what I am missing? I can't find documentation on this type of setup. Thanks in advance. B Hatoum -------------- next part -------------- An HTML attachment was scrubbed... URL: http://dovecot.org/pipermail/dovecot/attachments/20060615/8d020205/attachment.htm
On Thu, Jun 15, 2006 at 02:30:09PM -0400, B Hatoum wrote:> Hello, > I have successfully used dovecot 1.0 Beta 9 to do SASL authentication for > postfix using the unix passwd/shadow files. > > I need to authenticate with a windows 2003 server using active directory. > My system does not support PAM (I'm using slackware) so I cannot take that > route. I do not need to use dovecot for POP or IMAP at the present time and > so I would like to avoid modifying my active directory schema.some of the systems I inherited also run Slackware, but it's easy to get PAM support: http://www.kernel.org/pub/linux/libs/pam/pre/library/ in fact, for these particular systems, PAM was a requirement to support the authentication methods we use. just download and install the Linux-PAM source. just curious, if you don't need to use Dovecot for POP or IMAP, what are you actually using it for? :) in another setup, Dovecot is authenticating from AD, not via LDAP, but Samba's winbindd. winbindd provides a PAM module which can be used by the system for Dovecot auth (and other services). grant.
On Thu, 2006-06-15 at 14:30 -0400, B Hatoum wrote:> Hello, > I have successfully used dovecot 1.0 Beta 9 to do SASL authentication > for postfix using the unix passwd/shadow files. > > I need to authenticate with a windows 2003 server using active > directory. My system does not support PAM (I'm using slackware) so I > cannot take that route. I do not need to use dovecot for POP or IMAP > at the present time and so I would like to avoid modifying my active > directory schema. > > Dovecot seems to be communicating with the active directory server, > however it is sending an authentication failure to postfix: > postfix/smtpd[24540]: warning: unknown[XXX.XXX.XXX.X]: SASL LOGIN > authentication failed: UxxvcmxxQ6What is the client that tries to authenticate to it here?> I don't see any messages in the log from dovecot.Set auth_debug=yes and check again. I'm not sure why Postfix would give that weird looking error message.. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: This is a digitally signed message part Url : http://dovecot.org/pipermail/dovecot/attachments/20060616/e50e7a2b/attachment.pgp