search for: authbind

...? if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0) ??? ??? fatal("Privileged ports can only be forwarded by root."); The constant IPPORT_RESERVED is system wide and fixed at make time. This test is not compatible with local and dynamic strategies such as authbind. I would like a non-privileged user (uid!=0) to be able to forward local port, such as 443. Authbind is correctly setup on my Linux box: "$ uptime | authbind nc 127.0.0.1 -l 443" runs smoothly. But "$ authbind ssh -L 443:someserver:443 ..." does not because of the previous chec...

...d access to dn.base="cn=Subschema" by * read access to attrs=userPassword,sambaLMPassword,sambaNTPassword by anonymous auth by self write by * none access to dn.subtree="ou=Groups,ou=auth,ou=example.com ,dc=noc1,dc=example,dc=com" by dn="cn=authbind,ou=auth,ou=example.com,dc=noc1,dc=example,dc=com" read by users read by anonymous none access to dn.subtree="ou=Users,ou=auth,ou=example.com ,dc=noc1,dc=example,dc=com" by dn="cn=authbind,ou=auth,ou=example.com,dc=noc1,dc=example,dc=com" read...

Hi, I am trying to configure Dovecot (2.2.27) with LDAP passdb, specifically with authentication binds (https://wiki.dovecot.org/AuthDatabase/LDAP/AuthBinds). Atribute shadowExpire has a unix time stamp value. Is there a way to write pass_filter like shadowExpire<ToDay? Or maybe there is better way to implement password expiration in Dovecot? -- Pagarbiai Mantas Gegu?is VU Informacini? technologij? taikymo centras

Hi, i would like to know if anybody have implemented the authentication of dovecot against samba4 via secure ldap (SSL/TLS). I made it but in plain text through dovecot?s offical page: http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds http://wiki2.dovecot.org/AuthDatabase/LDAP But when i try to do it in a secure way i can?t make it work. Samba4 is listening by port 636 and dovecot is speaking by 389 or 636, but they can?t comunicate themself. I?m wondering if any of you have done this before or have any clue that might help me...

What is different about the initial startup of iptables than 'service iptables restart' (and different from C5)? I want to use iptables port redirection to send port 80 to 8080 so a java web service doesn't have to start as root. On C5 it worked to give the iptables commmands, then 'iptables save', and from then on it would automatically work when iptables started after a

Hi list Does anyone has experience in setting up dovecot or any other mail system with user auth against a Samba4 AD ? If yes could I get some advice on that Topic or even a link to a ressource where I can get some Information. Googled a lot but didn't find something yet. Thankx in advance. -- Mit freundlichem Gru? Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49

Hi Karsten, > You should be able to add multiple userPassword attributes to your directory: > > userPassword: {CRAM-MD5}xxx > userPassword: {DIGEST-MD5}xxxx > userPassword: {SCRAM-SHA-1}xxxx > userPassword: {NTLM}xxxx > > > Karsten Did try this, didn't end end well. Jun 14 12:59:43 auth: Error: ldap(leonkyneur at itest.com,192.168.99.3,<SQn6QD41TpvLhgGR>):

...,dc=private > ldap_version = 3 > auth_bind = yes > auth_bind_userdn = cn=%u,cn=home,ou=robina_users,dc=robina,dc=private > pass_attrs = uid=user > pass_filter = (&(objectClass=posixAccount)(uid=%u)) Why do you ignore the documentation? http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds "If you're using DN template, pass_attrs and pass_filter settings are completely ignored. That means you can't make passdb return any extra fields. You should also set auth_username_format = %Lu in dovecot.conf to normalize the username by lowercasing it. " > i have also...

Let me know how you like this one. This assumes one config parameter. The non-null of auth_bind_userdn overrides auth_bind = yes. I'm using this patch now on cvs head. Comments are always welcome. Thanks much, Geff -------------- next part -------------- A non-text attachment was scrubbed... Name: dovecot.patch.auth_bind_userdn Type: application/octet-stream Size: 4607 bytes Desc: not

I want my Windows application to be able to listen on any port, but by default only root can create servers on ports <1024. As far as I know authbind doesn't work with Wine (and never will), and I can't redirect packets to a higher port with a firewall rule, because the Windows application (uTorrent) "tells" the other peers which port is listening on. Making wineserver suid root would work? Is this the cleanest/only way?

...nets function. It is really cool! In a filebased passwd backend you simply add "allow_nets=192.0.2.143/32" as mentioned in http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets But if I use an LDAP backend it looks different. Following http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds and http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb#Attribute_templates_.28v2.1.29 my pass_attrs looks this: pass_attrs = =user=%{ldap:uid}, \ =allow_nets=%{ldap:allownets} Using this syntax I could add an attribute "allownets" in the ldapserver to limit access for a use...

Hi, i would like to know if anybody have implemented the authentication of dovecot against samba4 via secure ldap (SSL/TLS). I made it but in plain text through dovecot?s offical page: http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds http://wiki2.dovecot.org/AuthDatabase/LDAP But when i try to do it in a secure way i can?t make it work. Samba4 is listening by port 636 and dovecot is speaking by 389 or 636, but they can?t comunicate themself. I?m wondering if any of you have done this before or have any clue that might help me...

Sorry for top posting, don't mean to, looks like my outlook mobile client does it by default Ok great thanks Daniel for this, also do you know if I have to change/edit the config files for postfix/openldap as well or just for dovecot Thank you Rob Sent from my Windows Phone -----Original Message----- From: "Daniel Tr?der" <troeder at univention.de> Sent: ?26/?06/?2015

Hello Steffen and List, Thanks for the answer and help, I mean I found the biggest problem it is "auth_bind_userdn = " please read the rest ;-) Am Dienstag, 25. Oktober 2016, 12:19:08 schrieb Steffen Kaiser: > On Tue, 25 Oct 2016, G?nther J. Niederwimmer wrote: > > I setup ldap (FreeIPA) to have a user for dovecot that can (read search > > compare) all attributes that