similar to: Samba AD/DC, Single-Sign-On, domain users cannot change password

On 14/01/16 05:54, Mark Foley wrote: > Hmmm, this message is a week old and nothing? > > I know many of you have domain member hosts in your domain and surely are logging in as domain > users authenticating with the Samba4 AD/DC, right? > > How do you change your password without having the domain Administrator do it for you? > > --Mark > > -----Original Message-----

On January 14, 2016 at 12:16 Rowland Penny wrote: > Using 'passwd' does work, but pam has to be setup correctly and you > cannot change the password on the first day unless you change the > minimum password age to '0' You answer piles of questions on this list, so you may not remember, but you helped me set this whole domain-member/single logon thing last October. The

On Thu, 14 Jan 2016, Mark Foley wrote: > Hmmm, this message is a week old and nothing? > > I know many of you have domain member hosts in your domain and surely are logging in as domain > users authenticating with the Samba4 AD/DC, right? > > How do you change your password without having the domain Administrator do it for you? > Trying to change the password from a terminal

On Thu, 8 Oct 2015 15:46 Sketch wrote: > It's easy in Linux with Samba as well. You basically just need to follow > the directions here: > > https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server Thanks for the feedback. OK, I'll check out your link ASAP. The "Server" bit in the link gives me pause. I *have* a Samba4 AD/DC "server" already.

with passdb ldap i guess. ---Aki TuomiDovecot oy -------- Original message --------From: Mark Foley <mfoley at ohprs.org> Date: 03/12/2017 21:18 (GMT+02:00) To: dovecot at dovecot.org Subject: Re: Howto authenticate smartPhone via Active Directory Yes, you are right. This link: https://www.redips.net/linux/android-email-postfix-auth/#section2 shows: passdb pam { } used for

I've been using Dovecot 2.2.15 as the IMAP server for Outlook (2010/2013) on Windows workstations for over 6 months with no problems. Dovecot is hosted on the office Samba4 AC/DC server. I have been using auth_mechanisms plain login, and passdb driver = shadow. What I'd like to do now is use the "Windows Authenticated" login so I don't have to have separate passwords for

Hi Mark, I haven't done it, but I've played with the scenario enough to have an idea. What you want to do is have Outlook auth via NTLM to Dovecot.? First that means having the machine be a domain member (usually via Samba) in order to properly process NTLM/Kerberos handshake - which it appears you have. Second that means having Dovecot know how to accept NTLM authentication (SPA) to

More info ... My dovecot error log shows: Sep 05 16:45:19 auth: Debug: client in: AUTH 1 NTLM service=imap Sep 05 16:45:19 auth: Debug: client passdb out: OK 1 user=mark at hprs original_user=mark at HPRS Sep 05 16:45:19 auth: Debug: master in: REQUEST 998899713 10219 1 f56352c207cb8f6dea4d264b2c0f8dc1 session_pid=10220 request_auth_token Sep 05

Comments interspersed with yours ... --Mark -----Original Message----- > Date: Sun, 06 Sep 2015 20:00:11 -0500 > From: Rick Romero <rick at havokmon.com> > To: dovecot at dovecot.org > Subject: Re: How to "Windows Authenticate" > > Hmm. I would expect to see 'mark at hprs.com'. Whatever your full domain > name is. Full user at domain would be

I myself have dovecot running and auth is against a samba4 dc running on the same host. Perhaps it can help you to let samba do the authentification. Greetings Daniel EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 Email: mueller at tropenklinik.de www.tropenklinik.de

> On Jun 28, 2016, at 10:32 PM, Mark Foley <mfoley at ohprs.org> wrote: > > Aki - partial success! I rebuilt my dovecot with ./config --with-gssapi, and restarted. Now I > don't get that "Unknown authentication mechanism 'gssapi'" message in maillog, and mail is > delivered successfully to the other domain users having PLAIN authentication. That's a

On Sat, 10 Oct 2015 16:07 Andrew Bartlett wrote > For the pain that you are about to endure, I can only offer my apologies. Apologies accepted! :) Seriously though, the Samba team has done a great job with the AD stuff. I was pretty much able to drop Samba4 in as a replacement for our SBS 2008 with virtually no issues. What issues I had were mostly Microsoft idiosyncracies (refer to my GPO

On Sat, 10 Oct 2015 08:23 Andrew Bartlett wrote: > The main difference between use as a file server vs use as a desktop, > is that pam_winbindd is mandatory for the Samba method (see elsewhere > for using sssd or other tools), as that will get you you the desktop > login. Yes, that does clarify and give me comfort with respect to naming. I understand that the office-central Samba4

I am running Dovecot 2.2.15 on Linux Slackware 14.1 and Samba 4.1.17 as the Active Directory/Domain Controller on the same host as Dovecot. Sendmail/procmail delivers mail to users' $HOME/Maildir. MS Outlook/IMAP is the client MTU used to connect with Dovecot to read mail on the Users' WIN7 workstations. I believe I have confirmed that MS Outlook will either ... 1) send the userid and

> ... you don't get the /etc/krb5.keytab by default on a DC, you will need > to create it: > > samba-tool domain exportkeytab /etc/krb5.keytab Excellent! Thank you. I've done that now, but I have more issues more appropriate to a reply to mathias' message following. --Mark -----Original Message----- > To: samba at lists.samba.org > From: Rowland penny <rpenny

I think the problem still is that your keytab file has no entry imap/hostname at DOMAIN and IMAP/hostname at DOMAIN you also have no host/hostname at DOMAIN Aki On 29.06.2016 18:40, Mark Foley wrote: > Yes, I think that's exactly correct. I just made a similar reply to Edgar Pettijohn about that. > The Thunderbird message is: > > "The Kerberos/GSSAPI ticket was not accepted

I'm very confused. I have a Samba4 AD/DC which works great for Windows Authentication with our Windows 7 workstations. Now, I am trying to implement single-sign-on for our coming-soon Linux workstations. All web documentation I've so far found on this references OpenLDAP as the server and describes server-side commands such as kadmin and slapd-config to get things set up on the

Hi Mark, I've had the same trouble with the DOMAIN\user on my DCs, and as Rowland has already pointed out, the "winbind use default domain = yes" configure option is not honored on a DC. My guess is that is because a Samba DC can only be a DC for one domain, so that is why it isn't honored. If I do "getent passwd username" on my DCs, they all return

Hi Mark, Just to let you know that we are running dovecot with AD. (and I guess: *many* people are running that combination) It worked without issues, we are using in dovecot-ldap.conf.ext: > auth_bind = yes this user/passwd filter: > = (&(objectclass=person)(sAMAccountName=%n)(!(userAccountControl=514))) > dn = cn=search_dovecit,cn=users,dc=company,dc=com > dnpass =

On 14/01/16 09:36, Rowland penny wrote: > On 14/01/16 05:54, Mark Foley wrote: >> Hmmm, this message is a week old and nothing? >> >> I know many of you have domain member hosts in your domain and surely >> are logging in as domain >> users authenticating with the Samba4 AD/DC, right? >> >> How do you change your password without having the domain