search for: sasl_realm

...of eyes to look at it (of course dovecot.conf should also be correct, but one thing at a time). Here's my dovecot-ldap.conf file: hosts = 192.168.0.240 #uris = dn = cn=<BINDUSER>,ou=IT,ou=Central Office,dc=<DOMAIN>,dc=local dnpass = <>PASSWORD #sasl_bind = no #sasl_mech = #sasl_realm = #sasl_authz_id = auth_bind = yes #auth_bind_userdn = ldap_version = 3 base = dc=<DOMAIN>, dc=local deref = never scope = subtree #user_filter = (&(objectClass=posixAccount)(uid=%u)) #pass_attrs = uid=user,userPassword=password #pass_attrs = uid=user,userPassword=password,homeDirectory=u...

...dovecot.krb5.ccache)) I have set the import_environment in dovecot.conf: import_environment = TZ CORE_OUTOFMEM CORE_ERROR LISTEN_PID LISTEN_FDS KRB5CCNAME=FILE:/tmp/dovecot.krb5.ccache And these in LDAP configuration: dn = imap/host.example.com at EXAMPLE.COM sasl_bind = yes sasl_mech = gssapi sasl_realm = EXAMPLE.COM sasl_authz_id = imap/host.example.com at EXAMPLE.COM I have tried with different values in dn and sasl_authz_id and also leaving them out completely but I always end up with the error message above. Using simple bind without GSSAPI works just fine. The credentials cache file exist...

...recently changed to require binds. I need LDAP to verify users exist. I am using Kerberos (GSSAPI) as the passdb. Samba can handle GSSAPI/Kerberos SASL binds. I have the following in my dovecot-ldap setup for userdb: dn = smtp/mailhost.example.org at EXAMPLE.ORG sasl_bind = yes sasl_mech = GSSAPI sasl_realm = EXAMPLE.ORG sasl_authz_id = smtp/mailhost.example.org at EXAMPLE.ORG Which gives me the following error. Debug: ldap(trever): user search: base=dc=example,dc=org scope=subtree filter=(&(objectClass=person)(|(mail=trever)(sAMAccountName=trever)(userPrincipalName=trever))) fields=userPrincip...

...gt; import_environment = TZ CORE_OUTOFMEM CORE_ERROR LISTEN_PID LISTEN_FDS >> KRB5CCNAME=FILE:/tmp/dovecot.krb5.ccache >> >> And these in LDAP configuration: >> >> dn = imap/host.example.com at EXAMPLE.COM >> sasl_bind = yes >> sasl_mech = gssapi >> sasl_realm = EXAMPLE.COM >> sasl_authz_id = imap/host.example.com at EXAMPLE.COM >> >> I have tried with different values in dn and sasl_authz_id and also >> leaving them out completely but I always end up with the error message >> above. Using simple bind without GSSAPI works j...

...LISTEN_FDS >>>> KRB5CCNAME=FILE:/tmp/dovecot.krb5.ccache >>>> >>>> And these in LDAP configuration: >>>> >>>> dn = imap/host.example.com at EXAMPLE.COM >>>> sasl_bind = yes >>>> sasl_mech = gssapi >>>> sasl_realm = EXAMPLE.COM >>>> sasl_authz_id = imap/host.example.com at EXAMPLE.COM >>>> >>>> I have tried with different values in dn and sasl_authz_id and also >>>> leaving them out completely but I always end up with the error >>>> message >&g...

...me #map passwd userPassword passwordChar #map passwd uidNumber uid #map passwd gidNumber gid #filter group (objectClass=aixAccessGroup) #map group cn groupName #map group uniqueMember member #map group gidNumber gid #sasl_mech GSSAPI sasl_realm HH3.SITE #krb5_ccname /tmp/krb5cc_0 Thanks Steve

Hi! Running Dovecot 2.2.36 and authenticating against an OpenLDAP 2.4.45 server. Now since some update of dovecot it will not be able to authenticate your logins after a restart of the LDAP service is restarted without a reboot of the dovecot server. Anything new here that I should be aware of? Best Regards Dag

...s and can/must be removed) map passwd uid sAMAccountName map passwd homeDirectory unixHomeDirectory map passwd gecos displayName map passwd gidNumber primaryGroupID map group member member # Kerberos #sasl_mech GSSAPI #sasl_realm CORP.OFLAMEO.COM #krb5_ccname /tmp/nslcd.tkt # The LDAP protocol version to use. #ldap_version 3 # LDAP bind (Account in AD that is used from nslcd to bind to the directory) binddn cn=ldap-connect,cn=Users,dc=corp,dc=oflameo,dc=com bindpw icanread33# # The DN used for password modifications by r...

...[^#] /etc/nslcd.conf -> uid nslcd gid nslcd uri ldap://serveur.radiodjiido.nc base DC=radiodjiido,DC=nc map passwd uid samAccountName map passwd homeDirectory unixHomeDirectory map passwd gecos displayName map passwd gidNumber primaryGroupID sasl_mech GSSAPI sasl_realm RADIODJIIDO.NC krb5_ccname /tmp/nslcd.tkt checking that k5start is well running: ps ax | grep k5 -> 2956 pts/1 T 0:00 sudo k5start -f /etc/krb5.nslcd.keytab -U -o nslcd -K 540 -k /tmp/nslcd.tkt klist -> Ticket cache: FILE:/tmp/krb5cc_1000_mx2700 Default principal: serveur at RADIOD...

...t-ldap.conf userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: _postfix group: _postfix /etc/dovecot-ldap.conf hosts = xxx.xxx.xxx.xxx:389 #uris = #dn = #dnpass = #sasl_bind = no #sasl_mech = #sasl_realm = #sasl_authz_id = #tls = no auth_bind = yes auth_bind_userdn = cn=%u,cn=Users,dc=koelewijn,dc=bz #ldap_version = 2 base = dc=bz #deref = never #scope = subtree #user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid #user_filter = (&(objectClass=posixAccount)(uid=%u)) #pass_attrs = uid=us...

...rets.ldb GSS server Update(krb5)(1) Update failed: An unsupported mechanism was requested: unknown mech-code 0 for mech 1 2 840 113554 1 2 2 The call is from here: base dc=hh3,dc=site map passwd uid samAccountName map passwd homeDirectory unixHomeDirectory sasl_mech GSSAPI sasl_realm HH3.SITE krb5_ccname /tmp/krb5cc_0 There is a ticket cache in /tmp/krb5cc_0 A conventional bind works fine. Thanks, Steve

...section in # conf.d/auth-ldap.conf.ext # Space separated list of LDAP hosts to use. host:port is allowed too. #hosts = ldap.sv.hm #uris = ldaps://ldap.sv.hm:636/ uris = ldap://ldap.sv.hm:389/ dn = cn=dovecot,ou=bindusers,dc=smuy,dc=net dnpass = 1qaz2wsx #sasl_bind = no #sasl_mech = #sasl_realm = #sasl_authz_id = # Use TLS to connect to the LDAP server. tls = yes #tls = no tls_ca_cert_file = /etc/ssl/certs/ca/signing-ca.crt tls_ca_cert_dir = /etc/ssl/certs/ca #tls_cipher_suite = # TLS cert/key is used only if LDAP server requires a client certificate. #tls_cert_file = /etc/ssl...

...XXXXXXX' # Use SASL binding instead of the simple binding. Note that this changes # ldap_version automatically to be 3 if it's lower. Also note that SASL binds # and auth_bind=yes don't work together. sasl_bind = yes # SASL mechanism name to use. sasl_mech = gssapi # SASL realm to use. sasl_realm = EXAMPLE.COM # SASL authorization ID, ie. the dnpass is for this "master user", but the # dn is still the logged in user. Normally you want to keep this empty. sasl_authz_id = imap/mx01.example.com at EXAMPLE.COM # Use TLS to connect to the LDAP server. #tls = yes # TLS options, current...

Hello guys I need some lights to migrate a Winbind/Samba share to a new AD. My scenario is: I have an old AD running on a Debian 9 and Samba 4.5.16 with many replication issues. Then I decided to create a new one from the scratch using Debian 10 and Samba 4.12.2 (and everything is working perfectly). I have migrated all the accounts/machines/etc from old to new domain without any problem. Both the

....krb5.ccache >>>>>> >>>>>> And these in LDAP configuration: >>>>>> >>>>>> dn = imap/host.example.com at EXAMPLE.COM >>>>>> sasl_bind = yes >>>>>> sasl_mech = gssapi >>>>>> sasl_realm = EXAMPLE.COM >>>>>> sasl_authz_id = imap/host.example.com at EXAMPLE.COM >>>>>> >>>>>> I have tried with different values in dn and sasl_authz_id and >>>>>> also >>>>>> leaving them out completely but I alw...

...server #dnpass = # Use SASL binding instead of the simple binding. Note that this changes # ldap_version automatically to be 3 if it's lower. Also note that SASL binds # and auth_bind=yes don't work together. #sasl_bind = no # SASL mechanism name to use. #sasl_mech = # SASL realm to use. #sasl_realm = # SASL authorization ID, ie. the dnpass is for this "master user", but the # dn is still the logged in user. Normally you want to keep this empty. #sasl_authz_id = # Use authentication binding for verifying password's validity. This works by # logging into LDAP server using the use...

...as. uid nslcd gid nslcd # The location at which the LDAP server(s) should be reachable. uri???????????? ldap://dc1.samdom.example.com/ base??????????? dc=samdom,dc=example,dc=com pagesize??????? 1000 referrals?????? off nss_nested_groups yes # Kerberos authentication to AD sasl_mech?????? GSSAPI sasl_realm????? SAMDOM.EXAMPLE.COM krb5_ccname???? /tmp/nslcd.tkt # Filters. Disable, if your: filter? passwd? (objectClass=user) filter? group?? (objectClass=group) # Attribute mappings map???? passwd? uid??????????????? sAMAccountName map???? passwd? homeDirectory????? unixHomeDirectory map???? passwd? ge...

Hi, I am trying to configure the nslcd service on an Ubuntu client for kerberos authentication against samba4. My /etc/nslcd.conf contains the following: uid nslcd gid nslcd uri ldapi:///cofil01.mydomain.net base dc=mydomain,dc=net sasl_mech GSSAPI krb5_ccname FILE:/tmp/host.tkt I have added the host principal "host/ubuntu-test.mydomain.net @ MYDOMAIN.NET" to /etc/krb5.keytab on both

Hi all, i've got samba 3.6 joined to a ad domain (s4 in this case) running winbind all looks ok, but i ran into a problem (for us that is) i've got 2 groups (students and employes) who have there home dirs in 2 different places. /home/students/<user> /home/employ/<user> so far so good, but i can't make the [homes] work for both of them (just 1 group) in winbind

...stead of the simple binding. Note that this changes > # ldap_version automatically to be 3 if it's lower. Also note that SASL binds > # and auth_bind=yes don't work together. > sasl_bind = yes > # SASL mechanism name to use. > sasl_mech = gssapi > # SASL realm to use. > sasl_realm = EXAMPLE.COM > # SASL authorization ID, ie. the dnpass is for this "master user", but the > # dn is still the logged in user. Normally you want to keep this empty. > sasl_authz_id = imap/mx01.example.com at EXAMPLE.COM Dunno with SASL and Co. > # Use authentication binding...