Hi all, I?m actually running samba 3 as a primary domain controller. The workstations of my network are all running windows (some xp, some vista) and use Outlook 2007 as a web client. Samba is set up with the following parameters : security = user passdb backend = tdbsam unix password sync = Yes domain master = yes domain logons = yes Everything works fine on samba side, meaning that the machines are part of the domain, and users do authenticate correctly. For the moment, the users are getting their mail (pop3 or imap) through dovecot (running on the same box as samba). Dovecot is configured with mechanisms = plain. I would like to secure it by using mechanisms = ntlm, but still using the system users. I found much information on how to authenticate against an active directory, but nothing that allows me to keep my actual authentication against system users. Indeed, if I just change the mechanisms to ntlm, dovecot does not start anymore complaining that ?NTLM mechanism can't be supported with given passdbs? Any help would be much appreciated as I already tried the whole day yesterday to get it working Best regards, C?dric Laruelle
On 126, 05 06, 2009 at 11:18:52AM +0200, C?dric Laruelle wrote:> Hi all, > > > > I?m actually running samba 3 as a primary domain controller. The > workstations of my network are all running windows (some xp, some vista) and > use Outlook 2007 as a web client. > > Samba is set up with the following parameters : > > security = user > > passdb backend = tdbsam > > unix password sync = Yes > > domain master = yes > > domain logons = yes > > > > Everything works fine on samba side, meaning that the machines are part of > the domain, and users do authenticate correctly. > > > > For the moment, the users are getting their mail (pop3 or imap) through > dovecot (running on the same box as samba). > > Dovecot is configured with mechanisms = plain. > > I would like to secure it by using mechanisms = ntlm, but still using the > system users. > > I found much information on how to authenticate against an active directory, > but nothing that allows me to keep my actual authentication against system > users. Indeed, if I just change the mechanisms to ntlm, dovecot does not > start anymore complaining that ?NTLM mechanism can't be supported with given > passdbs?You can authenticate your users via Samba's winbind daemon. Read more here: http://wiki.dovecot.org/Authentication/Mechanisms/Winbind> Any help would be much appreciated as I already tried the whole day > yesterday to get it working ? > > > > Best regards, > > > > C?dric Laruelle >
Hi again everybody ! I?m still stuck with the dovecot ntlm authentication I configured dovecot to use winbind, and I would like winbind to authenticate against samba (samba, winbind and dovecot are running on the same box). Here is the log I have (192.168.0.1 is the server box, 192.168.0.254 the client box) dovecot: May 06 14:52:37 Info: auth(default): new auth connection: pid=25828 dovecot: May 06 14:52:38 Info: auth(default): client in: AUTH 1 NTLM service=imap secured lip=192.168.0.1 rip=192.168.0.254 lport=143 rport=1084 dovecot: May 06 14:52:38 Info: auth(default): client out: CONT 1 dovecot: May 06 14:52:38 Info: auth(default): client in: CONT 1 TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw= dovecot: May 06 14:52:38 Info: auth(default): client out: CONT 1 TlRMTVNTUAACAAAADgAOADAAAAAFgomizPYc4ALWKQgAAAAAAAAAAIAAgAA+AAAAQQBMAFYA TlRMTVNTUAACAAAADgAOADAAAAAFgomizPYc4ALWKQgAAAAAAAAAAIAAgAA+QQBS AFUATQACAA4AQQBMAFYAQQBSAFUATQABABAASQBOAFQARQBSAE4AQQBMAAQAHgBhAGkAZABlAHIA ZABvAG4AbgBlAHIALgBjAG8AbQADADAAaQBuAHQAZQByAG4AYQBsAC4AYQBpAGQAZQByAGQAbwBu AG4AZQByAC4AYwBvAG0AAAAAAA= dovecot: May 06 14:52:38 Info: auth(default): client in: CONT 1 TlRMTVNTUAADAAAAGAAYAF4AAAAYABgAdgAAAAAAAABIAAAABgAGAEgAAAAQABAATgAAAAAAAACO AAAABYKIogUBKAoAAAAPZgBmAHMAQQBMAFYAQQBSAFUATQAzABXRN5WNNwAgAAAAAAAAAAAAAAAA AAAAALm1ePVxjdOF1UPe8A/e1D6H0+jlJYQPUA= dovecot: May 06 14:52:38 Info: auth(default): winbind(?,192.168.0.254): user not authenticated: NT_STATUS_NO_LOGON_SERVERS dovecot: May 06 14:52:40 Info: auth(default): client out: FAIL 1 Please help, I really need to set this up and it begins to drive me really crazy C?dric Laruelle
Have you confirmed winbind is configured and working correctly ? "user not authenticated: NT_STATUS_NO_LOGON_SERVERS" suggests to me that you havent got a working winbind setup. Rob On Mon, 2009-05-11 at 10:01 +0200, C?dric Laruelle wrote:> Hi again everybody ! > > > > I?m still stuck with the dovecot ntlm authentication? I configured dovecot > to use winbind, and I would like winbind to authenticate against samba > (samba, winbind and dovecot are running on the same box). > > Here is the log I have (192.168.0.1 is the server box, 192.168.0.254 the > client box) > > > > dovecot: May 06 14:52:37 Info: auth(default): new auth connection: pid=25828 > > dovecot: May 06 14:52:38 Info: auth(default): client in: AUTH 1 NTLM > > service=imap secured lip=192.168.0.1 rip=192.168.0.254 lport=143 > > rport=1084 > > dovecot: May 06 14:52:38 Info: auth(default): client out: CONT 1 > > dovecot: May 06 14:52:38 Info: auth(default): client in: CONT 1 > > TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw=> > dovecot: May 06 14:52:38 Info: auth(default): client out: CONT 1 > > TlRMTVNTUAACAAAADgAOADAAAAAFgomizPYc4ALWKQgAAAAAAAAAAIAAgAA+AAAAQQBMAFYA > > TlRMTVNTUAACAAAADgAOADAAAAAFgomizPYc4ALWKQgAAAAAAAAAAIAAgAA+QQBS > > AFUATQACAA4AQQBMAFYAQQBSAFUATQABABAASQBOAFQARQBSAE4AQQBMAAQAHgBhAGkAZABlAHIA > > ZABvAG4AbgBlAHIALgBjAG8AbQADADAAaQBuAHQAZQByAG4AYQBsAC4AYQBpAGQAZQByAGQAbwBu > > AG4AZQByAC4AYwBvAG0AAAAAAA=> > dovecot: May 06 14:52:38 Info: auth(default): client in: CONT 1 > > TlRMTVNTUAADAAAAGAAYAF4AAAAYABgAdgAAAAAAAABIAAAABgAGAEgAAAAQABAATgAAAAAAAACO > > AAAABYKIogUBKAoAAAAPZgBmAHMAQQBMAFYAQQBSAFUATQAzABXRN5WNNwAgAAAAAAAAAAAAAAAA > > AAAAALm1ePVxjdOF1UPe8A/e1D6H0+jlJYQPUA=> > dovecot: May 06 14:52:38 Info: auth(default): winbind(?,192.168.0.254): user > not authenticated: NT_STATUS_NO_LOGON_SERVERS > > dovecot: May 06 14:52:40 Info: auth(default): client out: FAIL 1 > > > > Please help, I really need to set this up and it begins to drive me really > crazy ? > > > > C?dric Laruelle >Please consider the environment before printing this email. GAME Group plc, winners of: 2009 Retail Week Awards - Speciality Retailer of the Year 2009 National Sales Awards - Sales Training Programme/Initiative of the Year 2008 Econsultancy Innovation Awards - Innovation in Online Acquisition 2008 MCV Awards - Specialist Retailer of the Year 2007 Golden Joystick Awards - Retailer of the Year 2007 MCV Awards - Specialist Retailer of the Year 2006 Golden Joystick Awards - Retailer of the Year This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the system manager at: mailto:postmaster at game.co.uk The recipient acknowledges that the transmissions made via the Internet can be corrupted and therefore THE GAME GROUP PLC and any of its subsidiaries do not give any warranty as to the quality or accuracy of any information contained in the message or assume any liability for it or for its transmission, reception or storage. This footnote also confirms that this e-mail message has been swept by anti-virus software for the presence of computer viruses. http://www.game.co.uk http://www.gamegroup.plc.uk Registered Number: 1937170 Registered Office: Unity House, Telford Road, Basingstoke, Hampshire. RG21 6YJ Registered in England and Wales.