[Dovecot] Active Directory and Dovecot NTLM Authentication problem
Hello everyone...
I have a problem when I use NTLM authentication with dovecot. The
authentication is made only in PLAIN TEXT.
The scenario is:
Debian Squeeze 6.0.6
Dovecot 2.1.7
Samba 3.5.6. Samba is correctly configured into the domain.
The error: (extract from syslog)
Apr 2 09:47:41 sirprdsvcmsg02 dovecot: auth: Error: Login for user
[]\[test2]@
[SIRP0733] failed due to [winbind client not authorized to use
winbindd_pam
_auth_crap. Ensure permissions on /var/run/samba/winbindd_privileged are
set cor
rectly.]
Apr 2 09:47:41 sirprdsvcmsg02 dovecot: auth: Error: [2013/04/02
09:47:41.832579
, 0] utils/ntlm_auth.c:888(manage_squid_ntlmssp_request)
Apr 2 09:47:41 sirprdsvcmsg02 dovecot: auth: Error: NTLMSSP BH:
NT_STATUS_ACC
ESS_DENIED
Apr 2 09:47:41 sirprdsvcmsg02 dovecot: auth: Error: winbind: ntlm_auth
exited w
ith exit code 0
Dovecot configuration: (dovecot -n)
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-686 i686 Debian 6.0.6 ext3
auth_mechanisms = plain login ntlm
auth_use_winbind = yes
disable_plaintext_auth = no
mail_location = maildir:/mailboxes/Administrativos/%Lu
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = " imap pop3"
ssl_cert = ,
method=
PLAIN, rip=10.50.2.150, lip=10.50.30.90, mpid=23706,
session=
PLAIN, rip=10.50.2.150, lip=10.50.30.90, mpid=23706,
session=
Apr 2 09:47:47 sirprdsvcmsg02 dovecot: auth: Error: [2013/04/02
09:47:47.408887
, 0] utils/ntlm_auth.c:598(winbind_pw_check)
Apr 2 09:47:47 sirprdsvcmsg02 dovecot: auth: Error: Login for user
[]\[test2]
@[SIRP0733] failed due to [winbind client not authorized to use
winbindd_pam
_auth_crap. Ensure permissions on /var/run/samba/winbindd_privileged are
set cor
rectly.]
Apr 2 09:47:47 sirprdsvcmsg02 dovecot: auth: Error: [2013/04/02
09:47:47.409203
, 0] utils/ntlm_auth.c:888(manage_squid_ntlmssp_request)
Apr 2 09:47:47 sirprdsvcmsg02 dovecot: auth: Error: NTLMSSP BH:
NT_STATUS_ACC
ESS_DENIED
Apr 2 09:47:47 sirprdsvcmsg02 dovecot: auth: Error: winbind: ntlm_auth
exited w
ith exit code 0
Apr 2 09:47:48 sirprdsvcmsg02 postfix/postfix-script[23819]: the
Postfix mail s
ystem is running: PID: 2390
Apr 2 09:47:53 sirprdsvcmsg02 dovecot: imap-login: Login: user=,
method=
PLAIN, rip=10.50.2.150, lip=10.50.30.90, mpid=23820,
session=
Auth.log
Apr 2 09:52:35 sirprdsvcmsg02 auth: pam_krb5(dovecot:auth): user test2
authenti
cated as te...@sidor.net
I hope someone could help me.
Thanks in advance,
Best Regards,
Luis
" Notificacion Automatica:
Este mensaje y cualquier archivo que se adjunte contiene informacion
privilegiada y confidencial. Es para uso exclusivo del destinatario. Si usted
ha recibido esta comunicacion por error, por favor avisenos inmediatamente.
Automatic notification:
This e-mail and any file transmitted with it are confidential and may be
legally privileged. It is intended solely for the addressee and may not be
disclosed to or used by anyone other than the addressee. If you have received
this e-mail by mistake , please advise the sender immediately"
[Dovecot] Delete_to_Trash plugin problem
Hello list... I am new at dovecot and I have a problem with it; any help will be very grateful We have a exchange server with outlook at the client side, and we are migrating the exchange server to postfix/dovecot(1.2.15) solution. I enabled the "deleted-to-trash" plugin (v0.3) to move the messages to the Trash folder automatically when it is deleted. Also, I am using quota and quota_imap plugins to maintain the quota for users. The quota rule for Trash folder is unlimit. The problem is, when the client reach their maximum quota and try to delete a mail in the inbox to release space. The delete to trash plugin effectively copy it to the Trash folder, but the original mail still remain (marked for delete) at the inbox folder and the quota does not released. Am I doing something wrong? Thanking you in anticipation Luis Binotto. " Notificacion Automatica: Este mensaje y cualquier archivo que se adjunte contiene informacion privilegiada y confidencial. Es para uso exclusivo del destinatario. Si usted ha recibido esta comunicacion por error, por favor avisenos inmediatamente. Automatic notification: This e-mail and any file transmitted with it are confidential and may be legally privileged. It is intended solely for the addressee and may not be disclosed to or used by anyone other than the addressee. If you have received this e-mail by mistake , please advise the sender immediately"
[Dovecot] Delete_to_Trash plugin and quota problem
Hello list... I am new at dovecot and I have a problem with it; any help will be very grateful We have a exchange server with outlook at the client side, and we are migrating the exchange server to postfix/dovecot(1.2.15) solution. I enabled the "deleted-to-trash" plugin (v0.3) to move the messages to the Trash folder automatically when it is deleted. Also, I am using quota and quota_imap plugins to maintain the quota for users. The quota rule for Trash folder is unlimit. The problem is, when the client reach their maximum quota and try to delete a mail in the inbox to release space. The delete to trash plugin effectively copy it to the Trash folder, but the original mail still remain (marked for delete) at the inbox folder and the quota does not released. This is my Configuration: Dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-686 i686 Debian 6.0.6 log_path: /var/log/dovecot.log protocols: imap imaps pop3 pop3s login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_uid: 16343 mail_gid: 16343 mail_location: maildir:mailboxes/mail mail_debug: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugins(default): autocreate deleted_to_trash quota imap_quota mail_plugins(imap): autocreate deleted_to_trash quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh lda: postmaster_address: sir...@sidor.com mail_plugins: quota log_path: /var/log/dovecot.log auth default: mechanisms: gssapi gss-spnego login ntlm username_format: %Ln use_winbind: yes passdb: driver: pam userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail plugin: autocreate: Trash autosubscribe: Trash deleted_to_trash_folder: Trash quota: maildir:User quota quota_rule: *:storage=100M quota_rule2: Trash:storage=1G quota_warning: storage=80%% /etc/dovecot/scripts/quota-warning.sh 80 quota_warning2: storage=90%% /etc/dovecot/scripts/quota-warning.sh 90 quota_warning3: storage=96%% /etc/dovecot/scripts/quota-exceeded.sh 100 quota_exceeded_message: Ha exedido el tamano del buzon /etc/dovecot/dovecot-ldap.conf: ... user_attrs = postalCode=mail=maildir:/mailboxes/%$/,title=quota_rule=*:storage=%$M ... Am I doing something wrong? Thanking you in anticipation L. Binotto " Notificacion Automatica: Este mensaje y cualquier archivo que se adjunte contiene informacion privilegiada y confidencial. Es para uso exclusivo del destinatario. Si usted ha recibido esta comunicacion por error, por favor avisenos inmediatamente. Automatic notification: This e-mail and any file transmitted with it are confidential and may be legally privileged. It is intended solely for the addressee and may not be disclosed to or used by anyone other than the addressee. If you have received this e-mail by mistake , please advise the sender immediately"
Multiple user attributes in LDAP userdb query strings
Hello list, I have an issue with dovecot and Ldap... Any help will be grateful... I have my virtual users stored in an Active Directory database. I am using 2 attributes in AD to locate the user account: mail (their primary email address) and proxyAddresses (a multivalue attribute containing their mail aliases). I also control the mount point in which the mail is located with another attribute in AD, in this case I used "pager". I have dovecot 1.2.15 and there are no immediate plans to upgrade it. I configured Dovecot's deliver process in order to integrate sieve capability. I have configured userdb ldap and passdb ldap in Dovecot and have set up master and client sockets. I am using maildir format for directory layout. The problem is to set the variables home and mail that will define the mail location. The format must be like this: home: /Mailboxes/// mail: /Mailboxes///Maildir So, for a particular user (Login: user1, smtp: us...@domain1.com, alias smtp: user1_al...@domain1.com) the variables will be: home: /Mailboxes/AdmUsers/user1/ mail: /Mailboxes/AdmUsers/user1/Maildir Active Directory has the values in: mail:(us...@domain1.com), proxyAddresses:(user1_al...@domain1.com), sAMAaccountName(user1). I have defined home and mail in dovecot-ldap.conf. # User attributes are given in LDAP-name=dovecot-internal-name list. The # internal names are: # uid - System UID # gid - System GID # home - Home directory # mail - Mail location # # There are also other special fields which can be returned, see # http://wiki.dovecot.org/UserDatabase/ExtraFields user_attrs = pager=home=/mailboxes/%$/%u,mobile=quota_rule=*:storage=%$M If the mail is sent to the Principal SMTP (us...@domain1.com) in which the user part (%u) is the same as sAMAccountName, it works. The variable home is set correctly (home: /Mailboxes/AdmUsers/user1/). The problem is when the mail is sent to the smtp alias, in which the variable home is set incorrectly (home: /Mailboxes/AdmUsers/user1_alias/). There is a way to set two values to user_attrs?, in this case I would need to set pager and sAMAccountName (instead of %u), to it. Thanking you in anticipation... Attached is the out of dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-686 i686 Debian 6.0.7 log_path: /var/log/dovecot.log protocols: imap imaps pop3 pop3s disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_uid: 16343 mail_gid: 16343 mail_location: maildir:~/Maildir mail_debug: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugins(default): autocreate deleted_to_trash quota imap_quota expire mail_plugins(imap): autocreate deleted_to_trash quota imap_quota expire mail_plugins(pop3): quota expire mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh lda: postmaster_address: postmas...@domain1.com mail_plugins: quota expire log_path: /var/log/dovecot.log auth default: mechanisms: gssapi gss-spnego login ntlm plain username_format: %Ln use_winbind: yes passdb: driver: pam userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail plugin: autocreate: Deleted Items autocreate: Sent Items autosubscribe: Deleted Items autosubscribe: Sent Items deleted_to_trash_folder: Sent Items quota: maildir:User quota quota_rule: *:storage=100M quota_rule2: Deleted Items:ignore quota_warning: storage=80%% /etc/dovecot/scripts/quota-warning.sh 80 quota_warning2: storage=90%% /etc/dovecot/scripts/quota-warning.sh 90 quota_warning3: storage=99%% /etc/dovecot/scripts/quota-exceeded.sh 100 expire: "Deleted Items" 1 "Deleted Items/*" 1 expire_dict: proxy::expire dict: expire: pgsql:/etc/dovecot/dovecot-dict-expire.conf " Notificacion Automatica: Este mensaje y cualquier archivo que se adjunte contiene informacion privilegiada y confidencial. Es para uso exclusivo del destinatario. Si usted ha recibido esta comunicacion por error, por favor avisenos inmediatamente. Automatic notification: This e-mail and any file transmitted with it are confidential and may be legally privileged.
