similar to: sendmail getting domain\user as email userId

On Fri, 01 Dec 2017 03:47:26 -0500 Mark Foley via samba <samba at lists.samba.org> wrote: > > Yeah, I saw that, and I read the developer's comment. Frankly, I > don't get it. Seems to me winbind behaviour should be the same, AD/DC > or domain member. And it should deliver to programs the id they > expect (w/o domain name), regardless of the use being made. I don't

On Thu, 30 Nov 2017 11:34:54 -0500 Mark Foley via samba <samba at lists.samba.org> wrote: > I've figured out a work-around to the problem of "winbind use default > domain = yes" not working on the AD/DC. As mention below, in my > specific case procmail does not see HPRS\charmaine as the actual > owner 'charmaine' and I get a "Suspicious rcfile >

I've figured out a work-around to the problem of "winbind use default domain = yes" not working on the AD/DC. As mention below, in my specific case procmail does not see HPRS\charmaine as the actual owner 'charmaine' and I get a "Suspicious rcfile "/home/HPRS/charmaine/.procmailrc" message in maillog and the mail does not get delivered to her $HOME/Maildir

Hi Mark, Just to let you know that we are running dovecot with AD. (and I guess: *many* people are running that combination) It worked without issues, we are using in dovecot-ldap.conf.ext: > auth_bind = yes this user/passwd filter: > = (&(objectclass=person)(sAMAccountName=%n)(!(userAccountControl=514))) > dn = cn=search_dovecit,cn=users,dc=company,dc=com > dnpass =

Mike, If the DC returns "DOMAIN\username", but domain members (correctly?) return just "username", is this a bug in the DC? Is there some reason the DC essentially ignores the "winbind use default domain = yes" and returns DOMAIN\username? It would seem to me that sendmail would not be the only program stumbling on this. --Mark -----Original Message----- >

Aki - made your suggested changes, but no joy :( My /etc/krb5.conf: ------SNIP-------- [libdefaults] default_realm = HPRS.LOCAL dns_lookup_realm = false dns_lookup_kdc = true [libdefaults] default_realm = HPRS.LOCAL dns_lookup_kdc = true kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true fcc-mit-ticketflags = true [realms] HPRS.LOCAL = {

Hi Mark, I've had the same trouble with the DOMAIN\user on my DCs, and as Rowland has already pointed out, the "winbind use default domain = yes" configure option is not honored on a DC. My guess is that is because a Samba DC can only be a DC for one domain, so that is why it isn't honored. If I do "getent passwd username" on my DCs, they all return

Aki, you wrote: > Doh. Seems your dovecot isn't compiled with gssapi support? Can you compile it yourself? > > I'll try to check status of NTLM this week. I'm OK with continuing to try gssapi, esp. if NTLM is restricted to v1. I do have the Dovecot sources and will peruse the possible options after I send this. I am on version 2.2.15 and I see that the current downloadable

> On Jun 28, 2016, at 10:32 PM, Mark Foley <mfoley at ohprs.org> wrote: > > Aki - partial success! I rebuilt my dovecot with ./config --with-gssapi, and restarted. Now I > don't get that "Unknown authentication mechanism 'gssapi'" message in maillog, and mail is > delivered successfully to the other domain users having PLAIN authentication. That's a

Am 30.06.2016 um 23:16 schrieb Mark Foley: > Achim, thanks a lot! A couple of questions on your suggested settings: > >> 1. Create an user >> samba-tool create user dovcot > I did this (actually `samba-tool user create dovecot`), but it asked for a password. I > entered one. You didn't mention that, so I hope it's OK. Yes > > >> 2. Add the spn

with passdb ldap i guess. ---Aki TuomiDovecot oy -------- Original message --------From: Mark Foley <mfoley at ohprs.org> Date: 03/12/2017 21:18 (GMT+02:00) To: dovecot at dovecot.org Subject: Re: Howto authenticate smartPhone via Active Directory Yes, you are right. This link: https://www.redips.net/linux/android-email-postfix-auth/#section2 shows: passdb pam { } used for

Did a few test here "auth_gssapi_hostname = "$ALL"" is no longer required with dovecot (2.2.13 here). Add "auth_debug=yes" to your dovecor config. 192.168.100.1 is my clients ip 192.168.100.101 is the servers ag is the domain account username I use to login to windows and also the username configured in thunderbird. On my debian system an package named

More info ... when I do MAIL=imap://mark at mail.ohprs.org/ mutt (using the domain of the registered certificate). I do not get the message "Certificate host check failed: certificate owner does not match hosthame ..." I do get the same (mutt?) edit screen shown below with the "(r)eject, accept (o)nce, (a)ccept always" action at the bottom. If I "accept (o)nce",

On 21/07/16 06:08, Mark Foley wrote: > OK! I deleted the /etc/passwd entry for user mark and I modified my /etc/nsswitch.conf to: > > passwd: compat winbind > group: compat winbind > > I couldn't get sendmail working with this at first -- I didn't know what to [re]start to get > the new nsswitch config to take, so I rebooted. Probably I just had to restart sendmail,

Unfortunately, I tried for weeks to figure out passdb ldap without success. I guess I'm just not knowledgeable enough about how to use ldap and Active Directory. The dovecot wiki https://wiki2.dovecot.org/AuthDatabase/LDAPm doesn't help me much. All it says is: Active Directory When connecting to AD, you may need to use port 3268. Then again, not all LDAP fields are available in port

You might get better results with https://wiki.dovecot.org/HowTo/ActiveDirectoryNtlm It seems you'd have to configure OpenLDAP backend for Samba to have LDAP. Aki On 04.12.2017 02:38, Mark Foley wrote: > Unfortunately, I tried for weeks to figure out passdb ldap without success. I guess I'm just > not knowledgeable enough about how to use ldap and Active Directory. The dovecot

mj - thanks! That the first useful example I've received from any forum/list. I'm getting ready to try my config (have to do so after hours), but I have some probably simple-minded questions: Your example is not the complete dovecot-ldap.conf.ext file, right? Have you just given me differences in your config from the "original"? You've kept the hosts, base, ldap_version,

> Date: Thu, 21 Jul 2016 08:56:54 +0100 > From: Rowland penny <rpenny at samba.org> > On 21/07/16 06:08, Mark Foley wrote: > > OK! I deleted the /etc/passwd entry for user mark and I modified my /etc/nsswitch.conf to: > > > > passwd: compat winbind > > group: compat winbind > > > > I couldn't get sendmail working with this at first -- I

On 27.06.2016 07:31, Mark Foley wrote: > Thanks for the reply. When you say it [NTLM] "should" work, I understand you to be implying > you've not actually tried NTLM yourself, right? I've never gotten a response from someone > saying they have or are actually using it. Your subsequent messages about NTLM v[1|2] may be > the problem, but email clients I've tried

Thanks Mike. I'll investigate ssd although it shouldn't be too hard to have sendmail rewrite the userID to remove the domain. I'm investigating this now and will post results. --Mark -----Original Message----- > From: Data Control Systems - Mike Elkevizth <mike at datacontrolsystems.com> > Date: Thu, 21 Jul 2016 12:30:19 -0400 > Subject: Re: [Samba] sendmail getting