Alexandr Sabitov
2013-Nov-20 00:50 UTC
[Dovecot] NTLM authentication in Thunderbird vs Outlook 2010.
Hi List, I am using the Dovecot 2.1.12 with NTLM authentication enabled. The Dovecot is set up in cluster with directors, 60 000 connections simultaneously. I have noticed that NTLM authentication is processed differently for Thunderbird and Outlook 2010 users. It actually makes Outlook 2010 clients query LDAP more often that Thunderbird ones which is not good potentially for overall performance. Dovecot do not see a domain in NTLM Type 3 message but it does exist there. Could somebody explain please why it is happening? Tcpdump Thunderbird: 1) IP proxy.netregistry.net.19228 > dovecot-test-1.private.netregistry.net.pop3 E..3.. at .}..........)K..n#...9...P..qXT..AUTH NTLM 2) IP dovecot-test-1.private.netregistry.net.pop3 > proxy.netregistry.net.19228 E..,.. at .@.,....).....nK.9...#...P....W..+ 3) IP proxy.netregistry.net.19228 > dovecot-test-1.private.netregistry.net.pop3 E..V.. at .}..........)K..n#...9...P..m.n..TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA 4) IP dovecot-test-1.private.netregistry.net.pop3 > proxy.netregistry.net.19228 E..... at .@., at ...).....nK.9...#..:P.......+ TlRMTVNTUAACAAAAHAAcADAAAAAFAooAbuK/LV9v9xIAA AAAAAAAACQAJABMAAAAZABvAHYAZQBjAG8AdAAtAHQAZQBzAHQALQAxAAMAHABkAG8 AdgBlAGMAbwB0AC0AdABlAHMAdAAtADEAAAAAAA= 5) IP proxy.netregistry.net.19228 > dovecot-test-1.private.netregistry.net.pop3 E..&.. at .}..........)K..n#..:9...P...|...TlRMTVNTUAADAAAAGAAYAIwAAAAYABgApAAAAAAAAABAAA AAOAA4AEAAAAAUABQAeAAAAAAAAAAAAAAABQIIAG0AaQBnAHIAYQB0AGkAbwBuAC4AdAB lAHMAdABAAG4AZQB0AHcAbwByAGsALgBpAGQALgBhAHUAbQB5AHAAcgBvAGoAZQBjAHQA cwBEqdTLLSMLdQAAAAAAAAAAAAAAAAAAAADZv(...) Base64 decoding of the last message (NTLM Type 3): NTLMSSP?.m.i.g.r.a.t.i.o.n...t.e.s.t. at .n.e.t.w.o.r.k...i.d...a.u.m.y.p.r.o.j.e.c.t.s.D-#?u.......................(....)Nh\P 6) IP dovecot-test-1.private.netregistry.net.pop3 > proxy.netregistry.net.19228 E..(.. at .@.,....).....nK.9...#..8P.. .'.. 7) IP dovecot-test-1.private.netregistry.net.pop3 > proxy.netregistry.net.19228 E..8.. at .@.,....).....nK.9...#..8P.. .c..+OK Logged in.>From logs:Nov 19 18:14:53 dovecot-test-1 dovecot: auth: Debug: ldap(migration.test at network.id.au,203.30.252.5,<sI7Ga4LrOADLHvwF>): pass search: base=ou=email, dc=netregistry, dc=net scope=subtree filter=(&(objectClass=nrPOPAccount)(uid=migration.test at network.id.au)) fields=uid,userPassword Nov 19 18:14:53 dovecot-test-1 dovecot: auth: Debug: ldap(migration.test at network.id.au,203.30.252.5,<sI7Ga4LrOADLHvwF>): result: uid=migration.test at network.id.au userPassword=Secret123 All good. Outlook 2010: 1) IP proxy.netregistry.net.47129 > dovecot-test-1.private.netregistry.net.pop3 E..3.. at .}..........)...n...Q..f9P..qOv..AUTH NTLM 2) IP dovecot-test-1.private.netregistry.net.pop3 > proxy.netregistry.net.47129 E..,.. at .@.P....).....n....f9...\P....W..+ 3) IP proxy.netregistry.net.47129 > dovecot-test-1.private.netregistry.net.pop3 E..b.. at .}..........)...n...\..f=P..m....TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw= 4) IP dovecot-test-1.private.netregistry.net.pop3 > proxy.netregistry.net.47129 E..... at .@.Pe...).....n....f=....P.......+ TlRMTVNTUAACAAAAHAAcADAAAAAFAooAQlAQ6i5tIiIAAAAAAAAAACQAJA BMAAAAZABvAHYAZQBjAG8AdAAtAHQAZQBzAHQALQAxAAMAHABkAG8AdgBlAGMAbwB0AC0AdABlAHM AdAAtADEAAAAAAA= 5) IP proxy.netregistry.net.47129 > dovecot-test-1.private.netregistry.net.pop3 E..... at .}..........)...n......f.P....c..TlRMTVNTUAADAAAAGAAYAJIAAAAYABgAqgAAABoAGgBIAAAAHAAcAGIAAAAUA BQAfgAAAAAAAADCAAAABQKIAgUBKAoAAAAPbgBlAHQAdwBvAHIAawAuAGkAZAAuAGEAdQBtAGkAZwByAG EAdABpAG8AbgAuAHQAZQBzAHQATQBZAFAAUgBPAEoARQBDAFQAUwADFLugRfGh3gAAAAAAAAAAAAAAAA AAAAA(...) Base64 decoding of the last message (NTLM Type 3): NTLMSSP.....................H....b..~.?????( ...?n.e.t.w.o.r.k...i.d...a.u.m.i.g.r.a.t.i.o.n...t.e.s.t.M.Y.P.R.O.J.E.C.T.S.??E..(....)..q?%/ 6) IP dovecot-test-1.private.netregistry.net.pop3 > proxy.netregistry.net.47129 E..(.. at .@.Q....).....n....f.....P.. .5.. 7) IP dovecot-test-1.private.netregistry.net.pop3 > proxy.netregistry.net.47129 E..E.. at .@.P....).....n....f.....P.. .p..-ERR Authentication failed.>From logs:Nov 19 18:33:24 dovecot-test-1 dovecot: auth: Debug: ldap(migration.test,203.30.252.5,<Hab+rYLrPQDLHvwF>): pass search: base=ou=email, dc=netregistry, dc=net scope=subtree filter=(&(objectClass=nrPOPAccount)(uid=migration.test)) fields=uid,userPassword Nov 19 18:33:24 dovecot-test-1 dovecot: auth: ldap(migration.test,203.30.252.5,<Hab+rYLrPQDLHvwF>): unknown user Well, WHERE is my domain in the LDAP query? :) 8) IP proxy.netregistry.net.47129 > dovecot-test-1.private.netregistry.net.pop3 E..K.. at .}..........)...n......f.P...X,..USER migration.test at network.id.au 9) IP dovecot-test-1.private.netregistry.net.pop3 > proxy.netregistry.net.47129 E..(.. at .@.P....).....n....f.....P.. .... 10) IP dovecot-test-1.private.netregistry.net.pop3 > proxy.netregistry.net.47129 E..-.. at .@.P....).....n....f.....P.. .X..+OK 11) IP proxy.netregistry.net.47129 > dovecot-test-1.private.netregistry.net.pop3 E..7.. at .}..........)...n......f.P...l;..PASS Secret123 12) IP dovecot-test-1.private.netregistry.net.pop3 > proxy.netregistry.net.47129 E..(.. at .@.P....).....n....f.....P.. .... 13) IP dovecot-test-1.private.netregistry.net.pop3 > proxy.netregistry.net.47129 E..8.. at .@.P....).....n....f.....P.. .c..+OK Logged in. Configuration file This is LDAP configuration on one of director servers where clients are authenticated. uris = ldap://ldap-node-2.mynetwork.net, ldap://ldap-node-3.mynetwork.net debug_level = 0 base = ou=email, dc=netregistry, dc=net user_attrs = homeDirectory=home, uidNumber=uid, gidNumber=gid, mailQuotaSize=quota_rule=*:storage=%$ user_filter = (&(objectClass=nrPOPAccount)(uid=%u)) pass_attrs = uid=user, userPassword=password, =proxy=y, =destuser=%u, =pass=Secret456 pass_filter = (&(objectClass=nrPOPAccount)(uid=%u)) default_pass_scheme = PLAIN Regards, Alexandr Sabitov System Administrator
Apparently Analagous Threads
Wisdom of the Ancients
