similar to: Can passdb be bypassed for non-plaintext authentication mechanisms

Also it seems we lack support for NTLMv2. If you want to use NTLM you need to permit use of NTLM(v1), which is usually not enabled by default. Aki > On June 25, 2016 at 7:43 PM Mark Foley <mfoley at ohprs.org> wrote: > > > I've asked this several times over the past year with essentially zero responses. I'll keep it simple: > > Does NTLM authentication work in

Now that I am running Thunderbird on Linux and away from Windows/Outlook, I'd like to take another run at setting up NTLM authentication from Thunderbird to my Samba4 AC/DC. With the help of the samba maillist folks I was able to set up NTLM authentication for domain user login. I should be able to do the same for email! But, I need help. I went to

It should work. Although if you are using linux server you might want to use gssapi instead. > On June 25, 2016 at 7:43 PM Mark Foley <mfoley at ohprs.org> wrote: > > > I've asked this several times over the past year with essentially zero responses. I'll keep it simple: > > Does NTLM authentication work in Dovecot? > > I'll post this one last time.

with passdb ldap i guess. ---Aki TuomiDovecot oy -------- Original message --------From: Mark Foley <mfoley at ohprs.org> Date: 03/12/2017 21:18 (GMT+02:00) To: dovecot at dovecot.org Subject: Re: Howto authenticate smartPhone via Active Directory Yes, you are right. This link: https://www.redips.net/linux/android-email-postfix-auth/#section2 shows: passdb pam { } used for

I am running Dovecot 2.2.15 on Linux Slackware 14.1 and Samba 4.1.17 as the Active Directory/Domain Controller on the same host as Dovecot. Sendmail/procmail delivers mail to users' $HOME/Maildir. MS Outlook/IMAP is the client MTU used to connect with Dovecot to read mail on the Users' WIN7 workstations. I believe I have confirmed that MS Outlook will either ... 1) send the userid and

I've switched a user to being an active directory user. That user's email client authorizes just fine with dovecot using GSSAPI. However, now his iPhone won't authorize. In the dovecot log file I get: Dec 01 14:27:28 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=q4n3W0xfggBiZj9s lip=98.102.63.107 rip=98.102.63.108 lport=993

I've posted questions on this before, but now I really, really need a solution. Using Dovecot 2.2.33.2 We've been using Dovecot as IMAP server for several years on a Linux host which is also the Active Directory / Domain Controller. We have both Thunderbird and Outlook clients. The Thunderbird clients authenticate w/o problem with AD credentials using Kerberos/GSSAPI. I've never

Quoting Mark Foley <mfoley at ohprs.org>: > Rick, > > Samba4 AD/DC and Dovecot work perfectly for everything including access > from > SmartPhones.? I've got roaming domain logins, redirected folders, > calendars and > contacts work just fine with Outlook and WebDav for sharing calendars; > don't > need them in Dovecot.? > ? Do you have that documented

Hello, I could have several password databases in dovecot. And according to http://wiki.dovecot.org/PasswordDatabase these passwdbs could allow or deny users and they could have different result_failure and result_sucess behaviors. So the order in which they are evaluated may be significant. So, how do I define this order? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de

Refer to https://dovecot.org/pipermail/dovecot/2015-March/099971.html https://wiki.dovecot.org/PasswordDatabase I tried to repeat the same thing. Set these passdb: passdb { args = /myscript.sh ip=%r driver = checkpassword result_failure = return-fail result_success = continue } passdb { args = /etc/dovecot/dovecot-sql.conf.ext ( my working auth method ) driver = sql } Created

More info ... My dovecot error log shows: Sep 05 16:45:19 auth: Debug: client in: AUTH 1 NTLM service=imap Sep 05 16:45:19 auth: Debug: client passdb out: OK 1 user=mark at hprs original_user=mark at HPRS Sep 05 16:45:19 auth: Debug: master in: REQUEST 998899713 10219 1 f56352c207cb8f6dea4d264b2c0f8dc1 session_pid=10220 request_auth_token Sep 05

Hi Mark, Just to let you know that we are running dovecot with AD. (and I guess: *many* people are running that combination) It worked without issues, we are using in dovecot-ldap.conf.ext: > auth_bind = yes this user/passwd filter: > = (&(objectclass=person)(sAMAccountName=%n)(!(userAccountControl=514))) > dn = cn=search_dovecit,cn=users,dc=company,dc=com > dnpass =

If I had time I would be all over this - but IMHO the main problem is that Dovecot != Exchange.? Even in small environments - unless I'm out of date, there's no calendar, tasks or contact lists within Dovecot. Your next best best is to use something like Horde that would allow you to auth via ActiveSync (on Outlook 2013 clients) and manage everything else that the users will want, with

I'm trying to implement the password grant flow, as specified at https://wiki2.dovecot.org/PasswordDatabase/oauth2, but am getting an error message. Can you please help? auth: Fatal: oauth2 /etc/dovecot/dovecot-oauth2.token.conf.ext: Error in configuration file /etc/dovecot/dovecot-oauth2.token.conf.ext line 1: Unknown setting: grant_url $ dovecot -n # 2.3.5.2 (38c8f1daf):

Comments interspersed with yours ... --Mark -----Original Message----- > Date: Sun, 06 Sep 2015 20:00:11 -0500 > From: Rick Romero <rick at havokmon.com> > To: dovecot at dovecot.org > Subject: Re: How to "Windows Authenticate" > > Hmm. I would expect to see 'mark at hprs.com'. Whatever your full domain > name is. Full user at domain would be

Hi Mark, I haven't done it, but I've played with the scenario enough to have an idea. What you want to do is have Outlook auth via NTLM to Dovecot.? First that means having the machine be a domain member (usually via Samba) in order to properly process NTLM/Kerberos handshake - which it appears you have. Second that means having Dovecot know how to accept NTLM authentication (SPA) to

Dear Experts, I configured Samba, Kerberos, etc., can login to my CentOS using ADS account, but missing something in my Dovecot config. Windbind seems to work: [root at aCentOs2 dovecot]# wbinfo -a wAlex%pass plaintext password authentication succeeded challenge/response password authentication succeeded Same is true for ntlm_auth helper: [root at aCentOs2 dovecot]# /usr/bin/ntlm_auth

Situation: one front-facing server running Dovecot as IMAP/POP3/ ManageSieve proxy, a mixture of IMAP servers (Dovecot, Exchange, ...) in the back-end. Dovecot's passdb does lookups against MySQL which contains a simple user/host mapping, the actual authentication happens on the back-end IMAP servers. The configuration is more or less as described here:

On 15 May 2018, at 12.06, Timo Sirainen <tss at iki.fi> wrote: > > If you look at .176's error log, do you see an error about "director_consistent_hashing settings differ between directors"? Have you set director_consistent_hashing=yes in the old directors? That is needed now, because the old non-consistent-hashing method is obsoleted. Unfortunately there's no easy

Hi all, I am interested in running a Dovecot Proxy(with Director) on the same server as the main Dovecot IMAP/POP3 service. I have a basic Proxy/Director configuration working, however I am struggling with getting the Proxy and IMAP/POP3 service to coexist on the same server. I plan to use three IMAP/POP3 servers with a NFS/maildir backend, and I am playing with Dovecot 2.1.5 at the moment. I