Helo all!
I'm trying to set up a dovecot server so that it authenticates local
user via /etc/passwd (I'm on a Freebsd 13.1) and via winbindd for
those that it cannot find localy. The samba suite is alive and well,
postfix gets happily mail from domain users and saves it with correct
name and permissions from the windows domain. If I try to authenticate
a domain user via wbinfo it works, with dovecot it doesn't.
I guess I'v forgot something in the dovecot config... :)
Here is my doveconf -n:
# 2.3.20 (80a5ac675d): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.20 (149edcf2)
# OS: FreeBSD 13.1-RELEASE-p5 powerpc ufs
# Hostname: numeron.mcs.it
auth_cache_size = 30 k
auth_debug_passwords = yes
auth_mechanisms = plain ntlm login
auth_use_winbind = yes
auth_username_format = %n
auth_winbind_helper_path = /usr/local/bin/ntlm_auth
default_client_limit = 1128
default_vsz_limit = 712 M
disable_plaintext_auth = no
first_valid_uid = 0
info_log_path = /var/log/dovecot/logfile.info
listen = *
lock_method = flock
log_path = /var/log/dovecot/logfile
login_greeting = Dovecot at Nameron Ready.
mail_location = mbox:/var/spool/dovecot/%u:INBOX=/var/mail/%u
mail_plugins = fts
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext
passdb {
driver = passwd
}
protocols = imap pop3
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service auth-client {
user = root
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns-client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
service_count = 0
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service imap-master {
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service lmtp {
name = lmtp
}
service log-errors {
name = log
}
service sieve {
name = managesieve-login
}
service login/sieve {
name = managesieve
}
service old-stats-mail {
name = old-stats
}
service pop3 {
process_limit = 255
service_count = 1
name = pop3-login
}
service login/pop3 {
name = pop3
}
service replicator-doveadm {
name = replicator
}
service login/stats-writer {
unix_listener {
group = mail
mode = 0666
user = dovecot
path = stats-reader
}
unix_listener {
group = mail
mode = 0666
user = dovecot
path = stats-writer
}
name = stats
}
service submission {
name = submission-login
}
service login/submission {
name = submission
}
ssl = no
userdb {
driver = passwd
}
protocol pop3 {
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_enable_last = yes
pop3_uidl_format = %08Xu%08Xv
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service auth-client {
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns-client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service imap-master {
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service lmtp {
name = lmtp
}
service log-errors {
name = log
}
service sieve {
name = managesieve-login
}
service login/sieve {
name = managesieve
}
service old-stats-mail {
name = old-stats
}
service pop3 {
name = pop3-login
}
service login/pop3 {
name = pop3
}
service replicator-doveadm {
name = replicator
}
service login/stats-writer {
name = stats
}
service submission {
name = submission-login
}
service login/submission {
name = submission
}
}
protocol lda {
debug_log_path = /var/log/dovecot/lda-debug.log
info_log_path = /var/log/dovecot/lda.info
log_path = /var/log/dovecot/lda.err
mail_debug = yes
postmaster_address = l at mcs.it
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service auth-client {
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns-client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service imap-master {
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service lmtp {
name = lmtp
}
service log-errors {
name = log
}
service sieve {
name = managesieve-login
}
service login/sieve {
name = managesieve
}
service old-stats-mail {
name = old-stats
}
service pop3 {
name = pop3-login
}
service login/pop3 {
name = pop3
}
service replicator-doveadm {
name = replicator
}
service login/stats-writer {
name = stats
}
service submission {
name = submission-login
}
service login/submission {
name = submission
}
}
root at numeron:~#
Thanks for any hint,
Luciano.
--
/"\ /Via A. Salaino, 7 - 20144 Milano (Italy)
\ / ASCII RIBBON CAMPAIGN / PHONE : +39 02485781 FAX: +39 0248028247
X AGAINST HTML MAIL / E-MAIL: posthamster at sublink.sublink.ORG
/ \ AND POSTINGS / WWW: http://www.lesassaie.IT/
>>>>> "Luciano" == Luciano Mannucci <luciano at vespaperitivo.it> writes:> I'm trying to set up a dovecot server so that it authenticates local > user via /etc/passwd (I'm on a Freebsd 13.1) and via winbindd for > those that it cannot find localy. The samba suite is alive and well, > postfix gets happily mail from domain users and saves it with > correct name and permissions from the windows domain. If I try to > authenticate a domain user via wbinfo it works, with dovecot it > doesn't. I guess I'v forgot something in the dovecot config... :)I can't help you with your config, but I would *strongly* recommend that you just make all your users virtual ones, and all using the same backend. Now you don't say if your local user account works or not, but I'd work on getting just the AD part (really, you're using windind?) first. Also, have you compared your postfix and dovecot setups? There are good docs out there on how you combine them to use the same authentication backend. And the info you posted really don't help much, since you don't post any log messages from when the authentication fails. That will tell you more I'm sure. John