iPhone no longer authenticating

Fri, 01 Dec 2017 11:36:03 -0800 

I've switched a user to being an active directory user. That user's email 
client authorizes
just fine with dovecot using GSSAPI. However, now his iPhone won't authorize. 
In the dovecot
log file I get:

Dec 01 14:27:28 auth: Debug: client in: AUTH    1       PLAIN   service=imap    
secured session=q4n3W0xfggBiZj9s        lip=98.102.63.107 rip=98.102.63.108     
  lport=993       rport=49538     resp=AG1wcmVzcwBEaW5va3JvbndhbGw0NQ== 
(previous base64 data may contain sensitive data)
Dec 01 14:27:32 auth-worker(5988): Debug: shadow(mpress,98.102.xx.yyy): lookup
Dec 01 14:27:32 auth-worker(5988): Info: shadow(mpress,98.102.xx.yyy): unknown 
user (given password: *******)
Dec 01 14:27:34 auth: Debug: client passdb out: FAIL    1       user=mpress
Dec 01 14:27:34 imap-login: Info: Aborted login (auth failed, 1 attempts in 6 
secs): user=<mpress>, method=PLAIN, rip=98.102.xx.yyy, lip=98.102.63.107, TLS, 
session=<q4n3W0xfggBiZj9s>
Dec 01 14:27:34 imap-login: Debug: SSL alert: close notify [98.102.xx.yyy]

This same user will authenticate OK from his local domain workstation:

Dec 01 14:28:52 auth: Debug: master userdb out: USER    1948516353      mpress  
system_groups_user=HPRS\mpress  uid=10005gid=10000        
home=/home/HPRS/mpress  auth_token=ce3050035718ed0996af698400c4de1be453ec06     
auth_user=mpress@HPRS.LOCAL
Dec 01 14:28:52 imap-login: Info: Login: user=<mpress>, method=GSSAPI, 
rip=192.168.0.54, lip=192.168.0.2, mpid=9755, TLS, session=<6MT1YExftwDAqAA2>

I'm pretty sure the reason has to do with Active Directory authenication 
locally, but of course
his iPhone is not a member of the domain, and he is no longer in 
/etc/passwd/shadow.

So, what is the best way to get the iPhone to authenticate?

Here's my current config:

> doveconf -n
# 2.2.15: /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 4.4.88 x86_64 Slackware 14.2 
auth_debug = yes
auth_debug_passwords = yes
auth_gssapi_hostname = $ALL
auth_krb5_keytab = /etc/dovecot/dovecot.keytab
auth_mechanisms = plain login gssapi
auth_use_winbind = yes
auth_username_format = %n
auth_verbose = yes
auth_verbose_passwords = plain
disable_plaintext_auth = no
info_log_path = /var/log/dovecot_info
mail_location = maildir:~/Maildir
passdb {
  driver = shadow
}
protocols = imap
ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/2016-08-10/54e789087d419b6e.crt
ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key
userdb {
  driver = passwd
}
verbose_ssl = yes


Thanks, --Mark

Reply via email to