similar to: Cannot Authenticate user with Kerberos/GSSAPI

My last message probably contained too much information. This one is more succient. I have a user, 'mark', who has been running a Thunderbird client on Windows to Dovecot server with Kerberos/GSSAPI authentication for over a year. I created a new Tbird account on a new Linux workstation for 'mark', also with Kerberos/GSSAPI and that worked just fine. I have another user,

I've been running with Dovecot 2.2.15 on my mail server and Thunderbird on workstations with Kerberos/GSSAPI authentication. This has been working for over a year for 10 users. The other day, I replaced a user's workstation and set up this user with a Thunderbird client. Unfortunately, I got the error: "The Kerberos/GSSAPI ticket was not accepted by the IMAP server ... please

The last log line shows "user=<>". This indicates no credentials were presented. If the rip field matches the client ip you tested from, I would bet the appropriate kerberos ticket (imap/host.domain.tld at REALM) was not pulled for the authentication. On Jun 28, 2016 11:33 PM, "Mark Foley" <mfoley at ohprs.org> wrote: > Aki - partial success! I rebuilt my

hi, check your /etc/openldap/ldap.conf for REFERRALS off I had this errors with "referrals on" in misconfigured dns environments. you can debug the dns packets by strace-ing the auth process On Tue, 8 Sep 2015 11:00:37 +0200 Fran <cumc-4361-2 at chguadalquivir.es> wrote: > Hello, > > my dovecot installation has been working fine against AD till we >

> On Jun 28, 2016, at 10:32 PM, Mark Foley <mfoley at ohprs.org> wrote: > > Aki - partial success! I rebuilt my dovecot with ./config --with-gssapi, and restarted. Now I > don't get that "Unknown authentication mechanism 'gssapi'" message in maillog, and mail is > delivered successfully to the other domain users having PLAIN authentication. That's a

Can you On 12.12.2016 13:00, Mart Pirita wrote: > Hello. > > > Few days ago upgraded from v2.2.26.0 >v2.2.27 and now windows 10, with > any outlook version (2007,2010,2013,2016) doesn't connect IMAP SSL: > > > Dec 12 12:29:35 server dovecot: imap-login: Debug: SSL: elliptic curve > secp384r1 will be used for ECDH and ECDHE key exchanges > Dec 12 12:29:35

Hello. Few days ago upgraded from v2.2.26.0 >v2.2.27 and now windows 10, with any outlook version (2007,2010,2013,2016) doesn't connect IMAP SSL: Dec 12 12:29:35 server dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Dec 12 12:29:35 server dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key

Hi Matthias, thank you very much! that fixed the problem. I had workaround the problem by using "base = ou=xxxx, dc=dom", instead of "base = dc=dom" in the dovecot-ldap.conf.ext file, because that also worked (I don't know why, but the problem happen if you use as base just the domain, but not if you add a second level). But that forced to me to use several userdb/passdb

Hi! I am trying to make Windows 8 using Live 2012 and Outlook 2010 login in Dovecot POP3s. However, I receive this message in log: Feb 28 07:32:05 ipanema dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=10.0.0.10, lip=10.0.0.1, TLS handshaking: Disconnected, session=<joP78nTz9ACsFQAF> Note that user is sent as blank and this is the only log line. I used

Fran and/or Matthias, Could you publish your doveconf -n? I can't get dovecot to authenticate with my AD. Maybe you have a solution I could try. What mail client(s) are you using? I assume by "AD 2003/8" You mean SBS2003/8 and are therefore using Outlook? --Mark -----Original Message----- > Date: Wed, 9 Sep 2015 17:22:34 +0200 > From: Matthias Lay <matthias.lay at

Hi all, I think I've found a small bug in how Dovecot logs SSL/TLS info. Basically, if I connect to the server using TLS, the logs have a lot of entries saying I used SSLv3 (which is not allowed). Here's my system info: OSX Yosemite (x86_64, HFS+) Dovecot 2.2.15 (via Homebrew) OpenSSL 0.9.8zd The configuration (see below) disallows SSLv3, and if I try and connect with OpenSSL to test

Hello I am using dovecot 2.2.10 on CentOS 7 Any Outlook versions (2007, 2010, 2013...) hang if I tried to use TLS, it works if I switch in client TLS to SSL. Thunderbird works perfect both scenarios Please find debug log mail dovecot[24287]: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [X.X.X.X] mail dovecot[24287]: imap-login: Debug: SSL: where=0x2001, ret=1:

Rick, I extremely dislike Exchange as well. I have a long list of problems: near impossibility to monitor logs for trouble, poor configurable spam checking, no good way to archive and review emails ... I could go on for paragraphs, but the main reason we recently migrated away from SBS/Exchange is that Microsoft no longer sells Small Business Server and its replacement, Server Essentials, does

More experimentation ... I tried removing userdb and passdb from the dovecot NTLM config. That didn't work. I then tried adding a static userdb as follows: userdb { driver = static # allow_all_users = yes args = gid=100 home=/home/HPRS/%n } (Interestingly, when I uncommented "allow_all_users" I got an "unsupported setting" [or something like that], even though that

Hello, my dovecot installation has been working fine against AD till we upgrade from AD 2003 to AD 2008. As http://wiki2.dovecot.org/AuthDatabase/LDAP said, now I'm not able to connect AD through 389 port. The port 3268 works fine though. (...) Sep 7 19:02:05 <dovecotServer> dovecot: imap-login: Error: master(imap): Auth request timed out (received 0/12 bytes) Sep 7 19:02:05

Hi, I enabled rawlog. Everything seems to be OK but the dovecot-log shows a fatal error and core dump. (created a core file) Arvid Rawlog in <<< STAT >>> <<< LIST >>> <<< UIDL 1 >>> <<< UIDL >>> <<< QUIT >>> Rawlog out <<< +OK Logged in. >>> <<< +OK 22 17589388

Rick et al, The link you gave was a start, but is targeted for Samba3 and is assuming a probably Windows [SBS]Server AD/DC separate from the DC hosting dovecot, and includes setting up kerberos. I'm using a Samba4 AD/DC with integrated kerberos (so I don't think there is any setup I can do there). Nevertheless I've followed the instructions otherwise; specifically adding to

Hmm.? I would expect to see 'mark at hprs.com'.? Whatever your full domain name is. It also won't look up /etc/shadow - Samba is doing the AD->Unix UID mapping.? Your AD users shouldn't be in there when all is said and done.? Well, at when I did a Samba4 install as a DC it still behaved like a Samba3 member, and there were no AD users in the local unix passwd files. What does

mark at ohprs.org > My last message probably contained too much information. This one is more succient. "Succint" may not be the right adjective, because I think this is the third copy I've seen. > Here is the dovecot log when user dsmith attempts to connect to dovecot > from the Tbird client: What I see is ... > Jul 11 19:29:46 imap-login: Info: Disconnected (no

If I had time I would be all over this - but IMHO the main problem is that Dovecot != Exchange.? Even in small environments - unless I'm out of date, there's no calendar, tasks or contact lists within Dovecot. Your next best best is to use something like Horde that would allow you to auth via ActiveSync (on Outlook 2013 clients) and manage everything else that the users will want, with