Dear Achim
Thank you very much for your Support so far. I think I am really close, but not there yet. I got the following log Messages: Jun 28 20:12:33 rv1325 dovecot: auth: Debug: client passdb out: FAIL#0115#011user=test Jun 28 20:12:33 rv1325 dovecot: auth: Debug: client in: AUTH#0116#011LOGIN#011service=smtp#011nologin#011lip=178.254.21.125#011rip=84.154.198.155#011secured Jun 28 20:12:37 rv1325 dovecot: auth: Debug: client passdb out: CONT#0116#011VXNlcm5hbWU6 Jun 28 20:12:37 rv1325 dovecot: auth: Debug: client in: CONT#0116#011dGVzdA== (previous base64 data may contain sensitive data) Jun 28 20:12:37 rv1325 dovecot: auth: Debug: client passdb out: CONT#0116#011UGFzc3dvcmQ6 Jun 28 20:12:37 rv1325 dovecot: auth: Debug: client in: CONT#0116#011dGVzdHVzZXI= (previous base64 data may contain sensitive data) Jun 28 20:12:37 rv1325 dovecot: auth: Debug: ldap(test,84.154.198.155): bind search: base=cn=Users, dc=delellis, dc=net filter=(&(objectClass=person)(sAMAccountName=test)) Jun 28 20:12:37 rv1325 dovecot: auth: Debug: ldap(test,84.154.198.155): result: sAMAccountName=test; sAMAccountName unused Jun 28 20:12:37 rv1325 dovecot: auth: Debug: ldap(test,84.154.198.155): result: sAMAccountName=test Jun 28 20:12:37 rv1325 dovecot: auth: Debug: client passdb out: OK#0116#011user=test#011u%=test As you can see the sAMAccountName is set to test, what is right, but what I don't understand is the line saying sAMAccountName is unused. Does anyone could give me the last push. I would really appreciate. Regards, --- Mit freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis [2] Am 2013-06-28 19:14, schrieb Achim Gottinger: > Am 28.06.2013 18:49, schrieb Carsten Laun-De Lellis: > >> Hi Achim >> >> Don't wanna bothering you, but I still got error Messages. > Never mind got curious by myself. replacing cn with sAMAccountNName can not > work because the dn's are defined with cn. > I mailed oyu that link before > http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds [1]. > It describes two ways for passdb lookups and you must use the "DN lookup" > type, which does an anonymous query with pass_filter for the dn first and > then tries to autheticate with that dn against samba4/ldap. > You can eighter configure samba4 to allow anonymous queries or use an samba > user account like i did with userpadd => dn/dnpass. > > Try this, worked here. > > hosts = localhost > dn = cn=ldap,cn=Users,dc=delellis,dc=net > dnpass = [password] > auth_bind = yes > ldap_version = 3 > > base = cn=Users,dc=delellis,dc=net pass_attrs = sAMAccountName=user > pass_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*)) > > My auth.conf file Looks like: > > hosts = localhost auth_bind = yes auth_bind_userdn = > sAMAccountName=%u,cn=Users,dc=delellis,dc=net base = > cn=Users,dc=delellis,dc=net ldap_version = 3 > > pass_filter = (&(objectClass=user)(sAMAccoutName=%u)(mail=*)) > > And I have no idea why it doesn't work. > --- > > Mit freundlichem Gruß > > Carsten Laun-De Lellis > > Hauptstrasse 13 > D-67705 Trippstadt > > Phone: +49 6306 992140 > Fax: +49 6306 992142 > Mobile: +49 151 27530865 > email: carsten.delel...@delellis.net > > http://www.linkedin.com/in/carstenlaundelellis [2] > > Am 2013-06-28 14:04, schrieb Achim Gottinger: > Am 28.06.2013 13:55, schrieb Carsten Laun-De Lellis: > > Hi Achim > > Thankx a lot. I will try. > > Have a nice Weekend. NP take a look at this > > http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds [1] > > --- > > Mit freundlichem Gruß > > Carsten Laun-De Lellis > > Hauptstrasse 13 > D-67705 Trippstadt > > Phone: +49 6306 992140 > Fax: +49 6306 992142 > Mobile: +49 151 27530865 > email: carsten.delel...@delellis.net > > http://www.linkedin.com/in/carstenlaundelellis [2] > > Am 2013-06-28 13:35, schrieb Achim Gottinger: > > Am 28.06.2013 13:24, schrieb Carsten Laun-De Lellis: > Hi Achim First of all thankx for your input. The way you set it up was the > way I did it. But when I go thru your ldap configuration it doesn't really > solves my Problem or, maybe more likely, I don't understand it. For Auth I > want my users to connect to dovecot with user/Password token. In your config > I can't see where you match the Password to the AD Password. > > For authetification dovecot uses what is configured in passdb in the > corresponding ldap config you can see it uses auth_bind=yes and > auth_bind_userdn defines the dn used to auth against samb4 ldap. > As said on my side cn is identical with sAMAccountName, if it's not on > your side you may have to use cn/Password instead of > sAMAccountName/Password . > Maybe I wasn't specific enough, what I want to do. Or I don't understand > where I you match again the user Password. And again there is a good Chance > that the Problem is myself. Weinend Thankx again. --- Mit freundlichem Gruß > Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 > 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: > carsten.delel...@delellis.net <mailto:carsten.delel...@delellis.net> > http://www.linkedin.com/in/carstenlaundelellis [2]Am 2013-06-28 13:13, > schrieb Achim Gottinger: Am 28.06.2013 10:31, schrieb Carsten Laun-De Lellis: > Hi list Does anyone has experience in setting up dovecot or any other mail > system with user auth against a Samba4 AD ? If yes could I get some advice on > that Topic or even a link to a ressource where I can get some Information. > Googled a lot but didn't find something yet. Thankx in advance. I did it with > dovecot/postfix on debian wheezy, there is alot more info if you look for > dovecot setup agains Microsoft AD. First create an user for ldap queries: >samta-tool user add ldap [password] Configure dovecot passdb against Samba4 AD, add or change this in your dovecot.conf bzw. auth-ldap-conf.ext (on wheezy) # Authentication for LDAP users passdb { driver = ldap args = /etc/dovecot/dovecot-ldap-passdb.conf.ext } Create /etc/dovecot/dovecot-ldap-passdb.conf.ext, can be you have to use sAMAccountName instead of cn for auth_bind_userdn and pass_filter. On my side these are identical because i migrated from samba3/openldap. Filter is looking for person classes with matchin cn and an exiting mail attribute. hosts = localhost auth_bind = yes auth_bind_userdn = cn=%u,cn=Users,dc=yourdomain,dc=local ldap_version = 3 base = cn=Users,dc=yourdomain,dc=local pass_filter = (&(objectClass=person)(cn=%u)(mail=*)) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba [3] Links: ------ [1] http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds [2] http://www.linkedin.com/in/carstenlaundelellis [3] https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
