Actually you are authenticating gssapi clients from ad and everyone else from
shadow. maybe you need to configure pam module?
---Aki TuomiDovecot oy
-------- Original message --------From: Mark Foley <mfoley at ohprs.org>
Date: 03/12/2017 06:03 (GMT+02:00) To: dovecot at dovecot.org Subject: Howto
authenticate smartPhone via Active Directory
I have a Samba4 Active Directory server. Dovecot authenticates AD Users with
domain credentials
using GSSAPI (Thunderbird client). I believe I have Dovecot set to attempt
authentication via
shadow first and. failing that, it does authenticate via GSSAPI.
Smartphones connect to Dovecot via port 143 and SSL.? They are not domain
members so if the
shadow authentication fails, no other methods are tried and no connection is
made.
What can I do with my dovecot config to fix this?
> doveconf -n
# 2.2.15: /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 4.4.88 x86_64 Slackware 14.2
auth_debug = yes
auth_debug_passwords = yes
auth_gssapi_hostname = $ALL
auth_krb5_keytab = /etc/dovecot/dovecot.keytab
auth_mechanisms = plain login gssapi
auth_use_winbind = yes
auth_username_format = %n
auth_verbose = yes
auth_verbose_passwords = plain
disable_plaintext_auth = no
info_log_path = /var/log/dovecot_info
mail_location = maildir:~/Maildir
passdb {
? driver = shadow
}
protocols = imap
ssl_cert =
</etc/ssl/certs/OHPRS/GoDaddy/Apache/2016-08-10/54e789087d419b6e.crt
ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key
userdb {
? driver = passwd
}
verbose_ssl = yes
Thanks, Mark
