similar to: Howto authenticate smartPhone via Active Directory

Yes, you are right. This link: https://www.redips.net/linux/android-email-postfix-auth/#section2 shows: passdb pam { } used for authenticating Android. Problem #1 is that Slackware does not ship with PAM and the AD/DC Samba4 does not use it. It is used on Slackware for a domain member, but I'm not sure I should try configuring PAM on the AD/DC. Is there some otherway I can get

Unfortunately, I tried for weeks to figure out passdb ldap without success. I guess I'm just not knowledgeable enough about how to use ldap and Active Directory. The dovecot wiki https://wiki2.dovecot.org/AuthDatabase/LDAPm doesn't help me much. All it says is: Active Directory When connecting to AD, you may need to use port 3268. Then again, not all LDAP fields are available in port

You might get better results with https://wiki.dovecot.org/HowTo/ActiveDirectoryNtlm It seems you'd have to configure OpenLDAP backend for Samba to have LDAP. Aki On 04.12.2017 02:38, Mark Foley wrote: > Unfortunately, I tried for weeks to figure out passdb ldap without success. I guess I'm just > not knowledgeable enough about how to use ldap and Active Directory. The dovecot

mj - thanks! That the first useful example I've received from any forum/list. I'm getting ready to try my config (have to do so after hours), but I have some probably simple-minded questions: Your example is not the complete dovecot-ldap.conf.ext file, right? Have you just given me differences in your config from the "original"? You've kept the hosts, base, ldap_version,

I have a Samba4 Active Directory server. Dovecot authenticates AD Users with domain credentials using GSSAPI (Thunderbird client). I believe I have Dovecot set to attempt authentication via shadow first and. failing that, it does authenticate via GSSAPI. Smartphones connect to Dovecot via port 143 and SSL. They are not domain members so if the shadow authentication fails, no other methods are

with passdb ldap i guess. ---Aki TuomiDovecot oy -------- Original message --------From: Mark Foley <mfoley at ohprs.org> Date: 03/12/2017 21:18 (GMT+02:00) To: dovecot at dovecot.org Subject: Re: Howto authenticate smartPhone via Active Directory Yes, you are right. This link: https://www.redips.net/linux/android-email-postfix-auth/#section2 shows: passdb pam { } used for

Hi Mark, Just to let you know that we are running dovecot with AD. (and I guess: *many* people are running that combination) It worked without issues, we are using in dovecot-ldap.conf.ext: > auth_bind = yes this user/passwd filter: > = (&(objectclass=person)(sAMAccountName=%n)(!(userAccountControl=514))) > dn = cn=search_dovecit,cn=users,dc=company,dc=com > dnpass =

On Tue, 5 Dec 2017 16:42:15 +0100 mj <lists at merit.unu.edu> wrote: > Hi, > > Not much time to reply now. > > On 12/05/2017 05:21 AM, Mark Foley wrote: > > mj - thanks! That the first useful example I've received from any forum/list. I'm getting ready > > to try my config (have to do so after hours), but I have some probably simple-minded questions: >

I've switched a user to being an active directory user. That user's email client authorizes just fine with dovecot using GSSAPI. However, now his iPhone won't authorize. In the dovecot log file I get: Dec 01 14:27:28 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=q4n3W0xfggBiZj9s lip=98.102.63.107 rip=98.102.63.108 lport=993

Rick, I extremely dislike Exchange as well. I have a long list of problems: near impossibility to monitor logs for trouble, poor configurable spam checking, no good way to archive and review emails ... I could go on for paragraphs, but the main reason we recently migrated away from SBS/Exchange is that Microsoft no longer sells Small Business Server and its replacement, Server Essentials, does

Rick et al, The link you gave was a start, but is targeted for Samba3 and is assuming a probably Windows [SBS]Server AD/DC separate from the DC hosting dovecot, and includes setting up kerberos. I'm using a Samba4 AD/DC with integrated kerberos (so I don't think there is any setup I can do there). Nevertheless I've followed the instructions otherwise; specifically adding to

Hmm.? I would expect to see 'mark at hprs.com'.? Whatever your full domain name is. It also won't look up /etc/shadow - Samba is doing the AD->Unix UID mapping.? Your AD users shouldn't be in there when all is said and done.? Well, at when I did a Samba4 install as a DC it still behaved like a Samba3 member, and there were no AD users in the local unix passwd files. What does

Also it seems we lack support for NTLMv2. If you want to use NTLM you need to permit use of NTLM(v1), which is usually not enabled by default. Aki > On June 25, 2016 at 7:43 PM Mark Foley <mfoley at ohprs.org> wrote: > > > I've asked this several times over the past year with essentially zero responses. I'll keep it simple: > > Does NTLM authentication work in

As to your suggested links, Samba4 uses Heimdal Kerberos which is part of the Samba4 installation: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Installation, so I don't know if the krb5 configs discussed in your link will apply. I'll revisit this if other things I'm trying don't work out. If that http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm link were on paper I've

More experimentation ... I tried removing userdb and passdb from the dovecot NTLM config. That didn't work. I then tried adding a static userdb as follows: userdb { driver = static # allow_all_users = yes args = gid=100 home=/home/HPRS/%n } (Interestingly, when I uncommented "allow_all_users" I got an "unsupported setting" [or something like that], even though that

It should work. Although if you are using linux server you might want to use gssapi instead. > On June 25, 2016 at 7:43 PM Mark Foley <mfoley at ohprs.org> wrote: > > > I've asked this several times over the past year with essentially zero responses. I'll keep it simple: > > Does NTLM authentication work in Dovecot? > > I'll post this one last time.

No, is that something that would make a difference between 2.2.15 and 2.2.32? --Mark On Fri, 24 Nov 2017 21:37:47 -0800 Gary <lists at lazygranch.com> wrote: > Out of curiosity, do you do a !SSLv3 in the conf file? > > > ? Original Message ? >> From: mfoley at ohprs.org >> Sent: November 24, 2017 9:04 PM >> To: dovecot at dovecot.org >> Subject:

Quoting Mark Foley <mfoley at ohprs.org>: > Rick, > > Samba4 AD/DC and Dovecot work perfectly for everything including access > from > SmartPhones.? I've got roaming domain logins, redirected folders, > calendars and > contacts work just fine with Outlook and WebDav for sharing calendars; > don't > need them in Dovecot.? > ? Do you have that documented

More on this ... I short-sheeted ntlm_auth to see what was being passed to it. It is getting as arg1: --helper-protocol=squid-2.5-ntlmssp I tried running ntlm_auth at the command line as: ntlm_auth --username=user --password=password --helper-protocol=squid-2.5-ntlmssp It did nothing, just hung there. The ntlm_auth man page says: --helper-protocol=PROTO Operate as a stdio-based helper.

If I had time I would be all over this - but IMHO the main problem is that Dovecot != Exchange.? Even in small environments - unless I'm out of date, there's no calendar, tasks or contact lists within Dovecot. Your next best best is to use something like Horde that would allow you to auth via ActiveSync (on Outlook 2013 clients) and manage everything else that the users will want, with