similar to: Picking a non-.local domain

On 08/08/2023 01:43, Mark Foley via samba wrote: > First off, thanks to Rowland Penny for his patience in working through my thread > "Joining a new Samba AD DC". > > I first attempted to upgrade my old Samba 4.8.2 AD/DC to a more recent version, > but that effort failed due to too many differences with the Samba version and > the latest Slackware OS version. Next I

Hello, i am facing the same problem right now. I start from scratch for an Samba AD. One question about this: I have registered a domain e.g. "bla.org" extra/unique for AD, to have an placeholder and there are no other external Services resolved over this, can i have an fqdn like "dc1.bla.org" or that also not recommended? The Domain is registred on a Nameserver from the

On 08/08/2023 14:15, Mark Foley via samba wrote: > My current AD domain is hprs.local. Per advice in this list I'm planning on > naming the new domain ad.ohprs.org. Currently, users login from Windows with > "HPRS\joe" as their login ID. What will they use for the ID on the new domain: > "OHPRS\joe" or will they have to use e.g. "ad.ohprs.org\joe"?

More info ... when I do MAIL=imap://mark at mail.ohprs.org/ mutt (using the domain of the registered certificate). I do not get the message "Certificate host check failed: certificate owner does not match hosthame ..." I do get the same (mutt?) edit screen shown below with the "(r)eject, accept (o)nce, (a)ccept always" action at the bottom. If I "accept (o)nce",

On Tue Aug 8 06:28:52 2023 Rowland Penny via samba <samba at lists.samba.org> > On 08/08/2023 11:20, Hans Schulze via samba wrote: > > Hello, > > > > i am facing the same problem right now. I start from scratch for an > > Samba AD. One question about this: I have registered a domain e.g. > > "bla.org" extra/unique for AD, to have an placeholder

Did a few test here "auth_gssapi_hostname = "$ALL"" is no longer required with dovecot (2.2.13 here). Add "auth_debug=yes" to your dovecor config. 192.168.100.1 is my clients ip 192.168.100.101 is the servers ag is the domain account username I use to login to windows and also the username configured in thunderbird. On my debian system an package named

Debug log output please! I think you still miss the gssapi module for dovecot. Am 03.07.2016 um 19:42 schrieb Mark Foley: > Achim, > > This is my most recent effort. If I cannot make progress from here I'm going to give this idea a rest. > > I used easy-rsa to create a cert. Files are: > > /etc/ssl/certs/OHPRS/easyrsa/ca.crt > /etc/ssl/certs/OHPRS/easyrsa/reqs/MAIL.req

On Tue Jun 4 14:08:30 2024 Rowland Penny <rpenny at samba.org> wrote: > On Tue, 4 Jun 2024 13:22:49 -0400 > Mark Foley via samba <samba at lists.samba.org> wrote: > > > I have a Linux file server that is an AD Domain Member. It shares the > > following (smb.conf): > > > > [public] > > path = /public > > store dos attributes = no >

More info ... My dovecot error log shows: Sep 05 16:45:19 auth: Debug: client in: AUTH 1 NTLM service=imap Sep 05 16:45:19 auth: Debug: client passdb out: OK 1 user=mark at hprs original_user=mark at HPRS Sep 05 16:45:19 auth: Debug: master in: REQUEST 998899713 10219 1 f56352c207cb8f6dea4d264b2c0f8dc1 session_pid=10220 request_auth_token Sep 05

On Tue, 4 Jun 2024 13:22:49 -0400 Mark Foley via samba <samba at lists.samba.org> wrote: > I have a Linux file server that is an AD Domain Member. It shares the > following (smb.conf): > > [public] > path = /public > store dos attributes = no > hide dot files = yes > readonly = no > force group = ohprs > create mask = 0660 > directory mask = 2770 >

Comments interspersed with yours ... --Mark -----Original Message----- > Date: Sun, 06 Sep 2015 20:00:11 -0500 > From: Rick Romero <rick at havokmon.com> > To: dovecot at dovecot.org > Subject: Re: How to "Windows Authenticate" > > Hmm. I would expect to see 'mark at hprs.com'. Whatever your full domain > name is. Full user at domain would be

If I had time I would be all over this - but IMHO the main problem is that Dovecot != Exchange.? Even in small environments - unless I'm out of date, there's no calendar, tasks or contact lists within Dovecot. Your next best best is to use something like Horde that would allow you to auth via ActiveSync (on Outlook 2013 clients) and manage everything else that the users will want, with

Hi Mark, I haven't done it, but I've played with the scenario enough to have an idea. What you want to do is have Outlook auth via NTLM to Dovecot.? First that means having the machine be a domain member (usually via Samba) in order to properly process NTLM/Kerberos handshake - which it appears you have. Second that means having Dovecot know how to accept NTLM authentication (SPA) to

Also it seems we lack support for NTLMv2. If you want to use NTLM you need to permit use of NTLM(v1), which is usually not enabled by default. Aki > On June 25, 2016 at 7:43 PM Mark Foley <mfoley at ohprs.org> wrote: > > > I've asked this several times over the past year with essentially zero responses. I'll keep it simple: > > Does NTLM authentication work in

Well, finally I found the recommendations against .local here: https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ However, still, the originating wiki should AFAIK be more verbose. https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller For now it only says "Make sure that you provision the AD using a DNS domain that will not need to be

with passdb ldap i guess. ---Aki TuomiDovecot oy -------- Original message --------From: Mark Foley <mfoley at ohprs.org> Date: 03/12/2017 21:18 (GMT+02:00) To: dovecot at dovecot.org Subject: Re: Howto authenticate smartPhone via Active Directory Yes, you are right. This link: https://www.redips.net/linux/android-email-postfix-auth/#section2 shows: passdb pam { } used for

I've been using Dovecot 2.2.15 as the IMAP server for Outlook (2010/2013) on Windows workstations for over 6 months with no problems. Dovecot is hosted on the office Samba4 AC/DC server. I have been using auth_mechanisms plain login, and passdb driver = shadow. What I'd like to do now is use the "Windows Authenticated" login so I don't have to have separate passwords for

I am running Dovecot 2.2.15 on Linux Slackware 14.1 and Samba 4.1.17 as the Active Directory/Domain Controller on the same host as Dovecot. Sendmail/procmail delivers mail to users' $HOME/Maildir. MS Outlook/IMAP is the client MTU used to connect with Dovecot to read mail on the Users' WIN7 workstations. I believe I have confirmed that MS Outlook will either ... 1) send the userid and

It should work. Although if you are using linux server you might want to use gssapi instead. > On June 25, 2016 at 7:43 PM Mark Foley <mfoley at ohprs.org> wrote: > > > I've asked this several times over the past year with essentially zero responses. I'll keep it simple: > > Does NTLM authentication work in Dovecot? > > I'll post this one last time.

On 08/08/2023 11:20, Hans Schulze via samba wrote: > Hello, > > i am facing the same problem right now. I start from scratch for an > Samba AD. One question about this: I have registered a domain e.g. > "bla.org" extra/unique for AD, to have an placeholder and there are no > other external Services resolved over this, can i have an fqdn like >