Hi robert,
Have done something a little different to integrate AD users into
dovecot. Here i use sssd to integrate AD users into pam
and use standard dovecot pam identification. Maybe not the solution you
want ( i.e it provide full user access ...
if you want only mail )
But sssd is simple to setup and easy to integrate into nsswitch / pam
Moreover sssd provided you with failover ( in case your ad server is not
the same as your mail server )
Maybe it could be an idea ..
Vincent ETIENNE
Le 22/09/2014 23:50, Robert Watson a ?crit :> I'm having a great deal of difficulty with integrating dovecot 2.0.9
with a
> new installation of samba4 4.1.11 and would appreciate anyones help who has
> this working.
>
> *Problem 1:*
> if dn= cn=Administrator,dc=ourhome,dc=net with dnpass = *****
> ---------------I get NT_STATUS_LOGON_FAILURE
> but dn = "Administrator at ourhome.net" with dnpass = **** works
> I guess I shouldn't complain but why doesn't the first one work?
>
> *Problem 2:*
> can't seem to get a working set of
> usr_attrs/user_filter,pass_attrs/pass_filter to authenticate
>
> *dovecot-ldap.conf :*
> uris = ldap://localhost:389
> dn = "Administrator at ourhome.net"
> dnpass = ****
> tls = no
> ldap_version = 3
> base = cn=Users,dc=ourhome,dc=net
> scope = subtree
> user_filter = (&(objectClass=user)(sAMAccountName=%u))
> user_attrs >
sAMAccountName=user,userPassword=password,=mail=maildir:/var/vmail/%Ld/%n,
> =home=/var$
> pass_filter = (&(objectClass=user)(sAMAccountName=%u))
> pass_attrs = sAMAccountName=user,userPassword=password
>
> *dovecont.message log output:*
> *2014-09-22 14:44:50 auth: Debug: Loading modules from directory:
> /usr/lib64/dovecot/auth*
> *2014-09-22 14:44:50 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libauthdb_ldap.so*
> *2014-09-22 14:44:50 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libdriver_mysql.so*
> *2014-09-22 14:44:50 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libdriver_pgsql.so*
> *2014-09-22 14:44:50 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libdriver_sqlite.so*
> *2014-09-22 14:44:50 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libmech_gssapi.so*
> *2014-09-22 14:44:50 auth: Debug: auth client connected (pid=5316)*
> *2014-09-22 14:45:00 auth: Debug: client in: AUTH 1 PLAIN service=imap
> secured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=35148
> resp=AEpvaG5Eb2UASm9obkRvZQ==*
> *2014-09-22 14:45:00 auth: Debug: ldap(JohnDoe,127.0.0.1): pass search:
> base=cn=Users,dc=ourhome,dc=net scope=subtree
> filter=(&(objectClass=user)(sAMAccountName=JohnDoe))
> fields=sAMAccountName,userPassword*
> *2014-09-22 14:45:00 auth: Debug: ldap(JohnDoe,127.0.0.1): result:
> sAMAccountName(user)=JohnDoe*
> *2014-09-22 14:45:00 auth: Info: ldap(JohnDoe,127.0.0.1): No password
> returned (and no nopassword)*
> *2014-09-22 14:45:00 auth: Debug: Loading modules from directory:
> /usr/lib64/dovecot/auth*
> *2014-09-22 14:45:00 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libauthdb_ldap.so*
> *2014-09-22 14:45:00 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libdriver_mysql.so*
> *2014-09-22 14:45:00 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libdriver_pgsql.so*
> *2014-09-22 14:45:00 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libdriver_sqlite.so*
> *2014-09-22 14:45:00 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libmech_gssapi.so*
> *2014-09-22 14:45:00 auth: Debug: pam(JohnDoe,127.0.0.1): lookup
> service=dovecot*
> *2014-09-22 14:45:00 auth: Debug: pam(JohnDoe,127.0.0.1): #1/1 style=1
> msg=Password: *
> *2014-09-22 14:45:02 auth: Info: pam(JohnDoe,127.0.0.1): unknown user*
> *2014-09-22 14:45:04 auth: Debug: client out: FAIL 1 user=JohnDoe*
>