Thank you Davor
I will try this solution. --- Mit freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis [2] Am 2013-06-29 08:26, schrieb Davor Vusir: > Hi Carsten! > > Check out this how-to: > http://www.iredmail.org/wiki/index.php?title=Integration/Active.Directory.iRedMail > [1] > > Works like a charm! > > Regards > Davor > > -------------------------------------------------- > From: "Carsten Laun-De Lellis" <carsten.delel...@delellis.net> > Sent: Friday, June 28, 2013 6:49 PM > To: "Achim Gottinger" <ac...@ag-web.biz> > Cc: <samba@lists.samba.org> > Subject: Re: [Samba] Samba4 AD and mail auth > Hi Achim Don't wanna bothering you, but I still got error Messages. Jun 28 > 15:09:57 rv1325 dovecot: auth: Debug: auth client connected (pid=2157) Jun 28 > 15:09:57 rv1325 dovecot: auth: Debug: client in: > AUTH#0111#011NTLM#011service=imap#011session=KkN8mDbgGABUmsab#011lip=178.254.21.125#011rip=84.154.198.155#011lport=143#011rport=49432 > Jun 28 15:09:57 rv1325 dovecot: auth: Debug: client passdb out: > CONT#0111#011 Jun 28 15:09:57 rv1325 dovecot: auth: Debug: client in: > CONT#0111#011TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw== > (previous base64 data may contain sensitive data) Jun 28 15:09:57 rv1325 > dovecot: auth: Debug: client passdb out: > CONT#0111#011TlRMTVNTUAACAAAADAAMADAAAAAFAooAzlGLZuaYgz0AAAAAAAAAABQAFAA8AAAAcgB2ADEAMwAyADUAAwAMAHIAdgAxADMAMgA1AAAAAAA= > Jun 28 15:09:58 rv1325 dovecot: auth: Debug: client in: CONT#0111#011TlRMTVNTUAADAAAAGAAYAHYAAADAAMAAjgAAAAAAAABYAAAAEAAQAFgAAAAOAA4AaAAAAAAAAABOAQAABQKIAgYC8CMAAAAP6HRQNL0+o3yODw5hHqFFvHQAZQBzAHQAdQBzAGUAcgBXADAAMAAwADAAMAA1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnluuxW4N/hRueL6TyYm30BAQAAAAAAAB2Yjc4AdM4B6LKt7eH6AGUAAAAAAwAMAHIAdgAxADMAMgA1AAgAMAAwAAAAAAAAAAEAAAAAIAAABJBPeBFKFDBXIh0KoOgHioqV/yHKS7i3O2lbwelRVv4KABAAAAAAAAAAAAAAAAAAAAAAAAkAMABpAG0AYQBwAC8AcgB2ADEAMwAyADUALgBkAGUAbABlAGwAbABpAHMALgBuAGUAdAAAAAAAAAAAAA== (previous base64 data may contain sensitive data) Jun 28 15:09:58 rv1325 dovecot: auth: Debug: password(testuser,84.154.198.155,<KkN8mDbgGABUmsab>): passdb doesn't support credential lookups Jun 28 15:09:58 rv1325 dovecot: auth: Debug: password(testuser,84.154.198.155,<KkN8mDbgGABUmsab>): passdb doesn't support credential lookups Jun 28 15:10:00 rv1325 dovecot: auth: Debug: client passdb out: FAIL#0111#011user=testuser Jun 28 15:10:00 rv1325 dovecot: auth: Debug: client in: AUTH#0112#011DIGEST-MD5#011service=imap#011session=KkN8mDbgGABUmsab#011lip=178.254.21.125#011rip=84.154.198.155#011lport=143#011rport=49432 Jun 28 15:10:04 rv1325 dovecot: auth: Debug: client passdb out: CONT#0112#011cmVhbG09IiIsbm9uY2U9Ii9nZndwbWd1TTlDMlVkekhZRld0R0E9PSIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI= Jun 28 15:10:04 rv1325 dovecot: auth: Debug: client in: CONT#0112#011dXNlcm5hbWU9InRlc3R1c2VyIixyZWFsbT0iIixub25jZT0iL2dmd3BtZ3VNOUMyVWR6SFlGV3RHQT09IixkaWdlc3QtdXJpPSJpbWFwL3J2MTMyNS5kZWxlbGxpcy5uZXQiLGNub25jZT0iMjQ0NTRjZjAxNjVmOTE3YmVjMTJhMjk5OTc1ZGQ0MTYiLG5jPTAwMDAwMDAxLHJlc3BvbnNlPWVjZWI4MjJhZDFiZWY4NjU1OTYzMTk0YzhlZDQ0NmYxLHFvcD1hdXRoLGNoYXJzZXQ9dXRmLTg= (previous base64 data may contain sensitive data) Jun 28 15:10:04 rv1325 dovecot: auth: Debug: password(testuser,84.154.198.155,<KkN8mDbgGABUmsab>): passdb doesn't support credential lookups Jun 28 15:10:06 rv1325 dovecot: auth: Debug: client passdb out: FAIL#0112#011user=testuser Jun 28 15:10:06 rv1325 dovecot: auth: Debug: client in: AUTH#0113#011PLAIN#011service=imap#011session=KkN8mDbgGABUmsab#011lip=178.254.21.125#011rip=84.154.198.155#011lport=143#011rport=49432#011resp=AHRlc3R1c2VyAHRlc3R1c2Vy (previous base64 data may contain sensitive data) My auth.conf file Looks like: hosts = localhost auth_bind = yes auth_bind_userdn = sAMAccountName=%u,cn=Users,dc=delellis,dc=net base = cn=Users,dc=delellis,dc=net ldap_version = 3 pass_filter = (&(objectClass=user)(sAMAccoutName=%u)(mail=*)) And I have no idea why it doesn't work. --- Mit freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis [2][2] Am 2013-06-28 14:04, schrieb Achim Gottinger: Am 28.06.2013 13:55, schrieb Carsten Laun-De Lellis: Hi Achim Thankx a lot. I will try. Have a nice Weekend. NP take a look at this http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds [3] [1] --- Mit freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis [2] [2] Am 2013-06-28 13:35, schrieb Achim Gottinger: Am 28.06.2013 13:24, schrieb Carsten Laun-De Lellis: Hi Achim First of all thankx for your input. The way you set it up was the way I did it. But when I go thru your ldap configuration it doesn't really solves my Problem or, maybe more likely, I don't understand it. For Auth I want my users to connect to dovecot with user/Password token. In your config I can't see where you match the Password to the AD Password. For authetification dovecot uses what is configured in passdb in the corresponding ldap config you can see it uses auth_bind=yes and auth_bind_userdn defines the dn used to auth against samb4 ldap. As said on my side cn is identical with sAMAccountName, if it's not on your side you may have to use cn/Password instead of sAMAccountName/Password . Maybe I wasn't specific enough, what I want to do. Or I don't understand where I you match again the user Password. And again there is a good Chance that the Problem is myself. Weinend Thankx again. --- Mit freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net <mailto:carsten.delel...@delellis.net> http://www.linkedin.com/in/carstenlaundelellis [2] [2]Am 2013-06-28 13:13, schrieb Achim Gottinger: Am 28.06.2013 10:31, schrieb Carsten Laun-De Lellis: Hi list Does anyone has experience in setting up dovecot or any other mail system with user auth against a Samba4 AD ? If yes could I get some advice on that Topic or even a link to a ressource where I can get some Information. Googled a lot but didn't find something yet. Thankx in advance. I did it with dovecot/postfix on debian wheezy, there is alot more info if you look for dovecot setup agains Microsoft AD. First create an user for ldap queries: >samta-tool user add ldap [password] Configure dovecot passdb against Samba4 AD, add or change this in your dovecot.conf bzw. auth-ldap-conf.ext (on wheezy) # Authentication for LDAP users passdb { driver = ldap args = /etc/dovecot/dovecot-ldap-passdb.conf.ext } Create /etc/dovecot/dovecot-ldap-passdb.conf.ext, can be you have to use sAMAccountName instead of cn for auth_bind_userdn and pass_filter. On my side these are identical because i migrated from samba3/openldap. Filter is looking for person classes with matchin cn and an exiting mail attribute. hosts = localhost auth_bind = yes auth_bind_userdn = cn=%u,cn=Users,dc=yourdomain,dc=local ldap_version = 3 base = cn=Users,dc=yourdomain,dc=local pass_filter = (&(objectClass=person)(cn=%u)(mail=*)) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba [4] [3] Links: ------ [1] http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds [3] [2] http://www.linkedin.com/in/carstenlaundelellis [2] [3] https://lists.samba.org/mailman/options/samba [4] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba [4] Links: ------ [1] http://www.iredmail.org/wiki/index.php?title=Integration/Active.Directory.iRedMail [2] http://www.linkedin.com/in/carstenlaundelellis [3] http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds [4] https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
