Problem with LDAP-query (Active Directory) on filter by memberOf

Hi list! We have a Dovecot 2.3.4 (from Debian 10 repository) that should connect to our AD to authenticate the users. It works, but now we would like to restrict using IMAP to all users in the Group "Funktion - E-Mail-Konto". So I changed the query from: (&(sAMAccountName=%n)(objectClass=use

Re: Howto authenticate smartPhone via Active Directory

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 2 Dec 2017, Mark Foley wrote: I have a Samba4 Active Directory server. Dovecot authenticates AD Users with domain credentials using GSSAPI (Thunderbird client). I believe I have Dovecot set to attempt authentication via

Re: Howto authenticate smartPhone via Active Directory

Hi, ldap_bind: Strong(er) authentication required (8) additional info: BindSimple: Transport encryption required. If you are using recent (4.7) samba, your problem could be that it requires ssl ldap by default, unless you configure ldap server require strong auth = no in smb.con

Re: Howto authenticate smartPhone via Active Directory

ned externally through the firewall. > For the rest: my advise is that you *really* need to pay around with > this much more. Get yourself a test environment, and play and test. > > Plus: read some dovecot/ad howto's, and try things in your own environment. > > Quick g

Re: Howto authenticate smartPhone via Active Directory

ome dovecot/ad howto's, and try things in your own environment. Quick google returns: https://www.howtoforge.com/postfix-dovecot-authentication-against-active-directory-on-centos-5.x Enjoy :-) MJ

Re: Howto authenticate smartPhone via Active Directory

regular 389. > > Hope that helps. > > MJ > > > > On 12/04/2017 01:38 AM, Mark Foley wrote: > > Unfortunately, I tried for weeks to figure out passdb ldap without success. > > I guess I'm just > > not knowledgeable enough about how to use ldap and Activ

Re: Howto authenticate smartPhone via Active Directory

On 12/04/2017 09:01 AM, Aki Tuomi wrote: It seems you'd have to configure OpenLDAP backend for Samba to have LDAP. No. As far as I know, samba in AD mode always does ldap. (AD *is* just that: microsoft-ized ldap) And you should configure dovecot simply as a regular ldap client. That's wha

Re: Howto authenticate smartPhone via Active Directory

I'm just not knowledgeable enough about how to use ldap and Active Directory. The dovecot wiki https://wiki2.dovecot.org/AuthDatabase/LDAPm doesn't help me much. All it says is: Active Directory When connecting to AD, you may need to use port 3268. Then again, not all LDAP fields are

Re: Howto authenticate smartPhone via Active Directory

; guess I'm just > not knowledgeable enough about how to use ldap and Active Directory. The > dovecot wiki > https://wiki2.dovecot.org/AuthDatabase/LDAPm doesn't help me much. All it > says is: > > Active Directory > > When connecting to AD, you may need to use

Re: Howto authenticate smartPhone via Active Directory

Unfortunately, I tried for weeks to figure out passdb ldap without success. I guess I'm just not knowledgeable enough about how to use ldap and Active Directory. The dovecot wiki https://wiki2.dovecot.org/AuthDatabase/LDAPm doesn't help me much. All it says is: Active Direc

Re: Howto authenticate smartPhone via Active Directory

with passdb ldap i guess. ---Aki TuomiDovecot oy Original message From: Mark Foley Date: 03/12/2017 21:18 (GMT+02:00) To: dovecot@dovecot.org Subject: Re: Howto authenticate smartPhone via Active Directory Yes, you are right. This link: https://www.redips.net/linux/android

Re: Howto authenticate smartPhone via Active Directory

uthenticate smartPhone via Active Directory > From: Aki Tuomi > To: Mark Foley , dovecot@dovecot.org > > Actually you are authenticating gssapi clients from ad and everyone else from > shadow. maybe you need to configure pam module? > ---Aki TuomiDovecot oy > > Original

Re: Howto authenticate smartPhone via Active Directory

smartPhone via Active Directory I have a Samba4 Active Directory server. Dovecot authenticates AD Users with domain credentials using GSSAPI (Thunderbird client). I believe I have Dovecot set to attempt authentication via shadow first and. failing that, it does authenticate via GSSAPI. Smartphones

Howto authenticate smartPhone via Active Directory

I have a Samba4 Active Directory server. Dovecot authenticates AD Users with domain credentials using GSSAPI (Thunderbird client). I believe I have Dovecot set to attempt authentication via shadow first and. failing that, it does authenticate via GSSAPI. Smartphones connect to Dovecot via port

Re: how to make user iteration work (with active directory ldap)

Hi Aki, Wow that was a quick reply! :-) userdb { args = uid=vmail gid=vmail home=/var/vmail/%n allow_all_users=yes driver = static } This needs to use driver = ldap, static userdb's are not iteratable. Did that, and after changing args to point to a filename, everything popped into p

Re: how to make user iteration work (with active directory ldap)

d it, I need to set iterate_attrs and > iterate_filter for iteration to work. I have set it (see configs > below) and yet dovecot says "userdbs don't support it". What else do I > need to do to enable it? > > Our config is against samba Active Directory ldap and general

how to make user iteration work (with active directory ldap)

nfigs below) and yet dovecot says "userdbs don't support it". What else do I need to do to enable it? Our config is against samba Active Directory ldap and generally works fine. Can anyone here take a quick look at the configs below, and tell me how to make doveadm user -u "*

Re: Dovecot (LDAP) get the quota limitation from windows Active directory

Hi, Finally I found the root cause due to some specific fields are not in windows GC. I was use port:3268 to access windows active directory. For example, while I choose maxStorage to limit users' quota, it can't find the value from GC, but I changed to port:389, it works. Sorry to

Dovecot (LDAP) get the quota limitation from windows Active directory

Hi, I can't get the quota limitation from windows AD, I did read the dovecot wiki like http://wiki2.dovecot.org/Quota/Configuration and search from google, but failed. *doveadm -D quota get -u dogz:* ... doveadm(dogz): Debug: auth input: d...@mail.com home=/vmail/dogz/ mail=maildir:/vmail/dogz/

Active directory

Hello. I have a iRedmail server integrated with AD. I make it following theese instructions http://www.iredmail.org/docs/active.directory.html In my AD i have a user attributes: sAMAccountName = user1 userPrincipalName = c...@int.mdom.com proxyAddresses= ma...@out.lor.com

Re: My dovecot works fine against Active Directory 2003, but not against AD2008

anks, --Mark > > -Original Message- >> Subject: Re: My dovecot works fine against Active Directory 2003, but not >> against AD2008 >> To: dovecot@dovecot.org >> From: Fran >> Date: Thu, 10 Sep 2015 13:26:21 +0200 >> >> Hi Mark, >&g

Re: My dovecot works fine against Active Directory 2003, but not against AD2008

Exactly, that's what I meant. El 16/09/2015 a las 15:37, Shawn Heisey escribió: > On 9/12/2015 12:31 AM, Mark Foley wrote: >> Hmmm, I've not heard of "Active Directory 2003" or 2008. The year numbers >> indicated to me you might be talking about Windows Small

Re: My dovecot works fine against Active Directory 2003, but not against AD2008

On 9/12/2015 12:31 AM, Mark Foley wrote: > Hmmm, I've not heard of "Active Directory 2003" or 2008. The year numbers > indicated to me you might be talking about Windows Small Business Server 2003 > or > 2008. Is your AD Server Windows? Linux? Something else? I&#

Re: My dovecot works fine against Active Directory 2003, but not against AD2008

Original Message- > Subject: Re: My dovecot works fine against Active Directory 2003, but not > against AD2008 > To: dovecot@dovecot.org > From: Fran > Date: Thu, 10 Sep 2015 13:26:21 +0200 > > Hi Mark, > > when I say AD 2003/8 I mean Active Directory 2003/8.

Re: My dovecot works fine against Active Directory 2003, but not against AD2008

Thank again for the solution and for the explanation. Fran El 10/09/2015 a las 15:40, Matthias Lay escribió: > Hi Fran, > > > this is not a dovecot problem, thats a pure dns problem and can only > be fixed in your dns environment. > > > referrals are propagated in a "special" dns design in SRV re

Re: My dovecot works fine against Active Directory 2003, but not against AD2008

Hi Fran, this is not a dovecot problem, thats a pure dns problem and can only be fixed in your dns environment. referrals are propagated in a "special" dns design in SRV records. so the ldap client performs a dns lookup for this names and this is the point of hanging (as in most "hanging cases"

Re: My dovecot works fine against Active Directory 2003, but not against AD2008

Hi Mark, when I say AD 2003/8 I mean Active Directory 2003/8. My configuration is attached. I based my installation (dovecot+postfix) in the guides of this site: http://www.linuxmail.info The LDAP part is this: http://www.linuxmail.info/postfix-dovecot-ldap-centos-5/ You can also use PAM to

Re: My dovecot works fine against Active Directory 2003, but not against AD2008

Hi Matthias, thank you very much! that fixed the problem. I had workaround the problem by using "base = ou=, dc=dom", instead of "base = dc=dom" in the dovecot-ldap.conf.ext file, because that also worked (I don't know why, but the problem happen if you use as base just the domain, but not if

Re: My dovecot works fine against Active Directory 2003, but not against AD2008

riginal Message- > Date: Wed, 9 Sep 2015 17:22:34 +0200 > From: Matthias Lay > To: Dovecot Mailing List > Subject: Re: My dovecot works fine against Active Directory 2003, but not > against AD2008 > > > hi, > > check your > > /etc/openldap/ldap.conf &

Re: My dovecot works fine against Active Directory 2003, but not against AD2008

hi, check your /etc/openldap/ldap.conf for REFERRALS off I had this errors with "referrals on" in misconfigured dns environments. you can debug the dns packets by strace-ing the auth process On Tue, 8 Sep 2015 11:00:37 +0200 Fran wrote: > Hello, > > my dovecot installation has been

Re: My dovecot works fine against Active Directory 2003, but not against AD2008

I've logged a session using the option debug_level = -1. The log is attached. I still don't understand what is happening and why all my domain controllers are being used even when I just use one of them in "host" parameter in my /etc/dovecot/dovecot-ldap.conf.ext. Thanks in advance, Regards E

My dovecot works fine against Active Directory 2003, but not against AD2008

Hello, my dovecot installation has been working fine against AD till we upgrade from AD 2003 to AD 2008. As http://wiki2.dovecot.org/AuthDatabase/LDAP said, now I'm not able to connect AD through 389 port. The port 3268 works fine though. (...) Sep 7 19:02:05 dovecot: imap-login: Error: master(

Active directory bind and quota stuff

Hi list, first of all, please excuse me for any grammar mistake on my text, I'm still learning english. I'm making a Dovecot installation using my Active Directory like pass and user DB. I'm setting the per-user quota from an AD field (Initials) and everything seems to work fi

Re: Working with Active Directory on Windows Server 2012 R2

I’ve fixed the issue by using a slightly different configuration. Particularly the problem was due to mistaking %u (user@domain) vs %n (just user). Here are the configuration files for anyone looking to get it working with Active Directory on 2012 R2 on Dovecot 2.2.9 (or similar, whatever comes

Re: Working with Active Directory on Windows Server 2012 R2

I’ve removed the dn / dnpass. When attempting with new user: $ cat /var/log/dovecot-info.log Nov 27 00:09:29 imap-login: Info: Internal login failure (pid=5553 id=1) (internal failure, 1 successful auths): user=, method=PLAIN, rip=10.211.55.29, lip=10.211.55.33, mpid=5558, TLS, session= Nov 27

Re: Working with Active Directory on Windows Server 2012 R2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 26 Nov 2014, Aaron Jenkins wrote: I’ve attempted the user Mail with the same password with the same result (binding as my own user was a last-ditch attempt). OK, what about the: As I understand auth_bind_userdn, y

Re: Working with Active Directory on Windows Server 2012 R2

I’ve attempted the user Mail with the same password with the same result (binding as my own user was a last-ditch attempt). aaron@aaron-Parallels-Virtual-Platform:/etc/sssd$ ldapsearch -x -H ldap://dc1.ad.automaton.uk -D CN=aaron.jenkins,CN=users,DC=ad,DC=automaton,DC=uk -W - -b CN=aaron.jenk

Re: Working with Active Directory on Windows Server 2012 R2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 25 Nov 2014, Aaron Jenkins wrote: I’m having issues getting Dovecot to work with AD on 2012 R2 in a test environment. … Nov 19 09:22:23 auth: Debug: auth client connected (pid=10345) Nov 19 09:22:23 auth: Debug: client in: AUTH 1 PLAIN serv

Working with Active Directory on Windows Server 2012 R2

Hi all, I’m having issues getting Dovecot to work with AD on 2012 R2 in a test environment. Background: AD is running on dc1.ad.automaton.uk, the domain is ad.automaton.uk. The DNS server is running on ad.automaton.uk

Re: Dovecot authentication against active directory

sAMAccountName, at least in cases I am familiar with, does not match a full email address, try %n instead of %u, or filter on userPrincipal instead. do you have a mail attribute in your active directory? I would suggest start by getting it working with just the sAMAccountName in your user/pass_

Dovecot authentication against active directory

Hello, i´ve got a problem with the dovecot authentication against active directory. I´m using dovecot 2.0.19 and windows server 2008 R2. When I try to login via telnet I get the following error message: a NO [AUTHENTICATIONFAILED] Authentication failed. My dovecot configuration: # 2.0.19: /etc

[Dovecot] Active Directory LDAP userdb and dovecot

Hello everybody, I have a problem with LDAP userdb and dovecot. Let me first explain my LDAP configuration: I got three Active Directory LDAP servers (a.galliera.it, b.galliera.it, c.galliera.it) responding round robin to the name galliera.it. I want to use LDAP for the userdb lookup, so I

[Dovecot] Active Directory and Dovecot NTLM Authentication problem

Hello everyone... I have a problem when I use NTLM authentication with dovecot. The authentication is made only in PLAIN TEXT. The scenario is: Debian Squeeze 6.0.6 Dovecot 2.1.7 Samba 3.5.6. Samba is correctly configured into the domain. The error: (extract from syslog) Apr 2 09:4

[Dovecot] Active Directory 2003 user database and passwords with special characters

Hello everybody, As explained in the topic, i have troubles with authentication of my users. First of all, sorry for my poor english... I'm running dovecot v1.2.15 on a Debian 6 64bits server up to date. My users database is an Active Directory 2003 (it's important to know that beca

Re: [Dovecot] Active Directory : searches in root tree

On Mon, 2012-05-21 at 01:48 -0700, nicolasfo wrote: > base = ou=some_ou,dc=domain,dc=lan .. > With this configuration file, it works. BUT : > To allow Dovecot to find users in my AD database, I must specify an OU in > "base". If I only set "dc=domain,dc=lan" the research doesn't wo

[Dovecot] Active Directory : searches in root tree

Hello everyone ! I'm trying to make a mail server with dovecot and postfix. Users will authenticate with Active Directory server. I've got an problem with Dovecot. To make the mail server, I'm using IredMail, and I used this tutorial : http://www.iredmail.org/wiki/index.php?ti

Re: [Dovecot] second active directory

SOLVED. Problem solved. There was double users in both AD domains. 30.11.2011 10:57, Айдар Камалов пишет: Hello! There is dovecot authenticating through AD. All is working well, if authentication is just one of AD. But there is another AD, and working with 2 AD's dovecot don't recognizes last

[Dovecot] second active directory

Hello! There is dovecot authenticating through AD. All is working well, if authentication is just one of AD. But there is another AD, and working with 2 AD's dovecot don't recognizes last AD user's home directory. For example, if user name in the second AD - 1developer and Mail - it...@zakamye.

Re: [Dovecot] LDAP w/SASL "Active Directory" authentication failing.

On Tue, 2011-11-01 at 09:55 -0600, David Varela wrote: > I am running a Dovecot server (version 1.2.17) on FreeBSD 8.2, using > LDAP to authenticate Active Directory users. I can successfully bind and > authenticate using PLAIN and LDAP without SASL, but obviously passwords for > t

[Dovecot] LDAP w/SASL "Active Directory" authentication failing.

Hello, I am running a Dovecot server (version 1.2.17) on FreeBSD 8.2, using LDAP to authenticate Active Directory users. I can successfully bind and authenticate using PLAIN and LDAP without SASL, but obviously passwords for the bind user and the user being authenticated are being passed in

Re: [Dovecot] Dovecot 1.2.12+Postfix+Active Directory: virtual domain name dropped.

On Thu, 2010-12-23 at 16:53 -0700, Ran Talbott wrote: > I have the active directory query set as: > user_filter = (&(objectClass=user)(samaccountname=%n)) > user_attrs = =home=/var/mailstore/%d/%n. =uid=501, =gid=501, \ > =mail=maildir:/var/mailstore/%d/%n/Ma

[Dovecot] Dovecot 1.2.12+Postfix+Active Directory: virtual domain name dropped.

en in setting up front-ends (mostly Apache-based web interfaces) for the embedded systems I specialize in. The goal is to have an IMAP server where the users don't have Linux IDs, and only need to manually login to the Active Directory domain controller. The client has multiple Internet domains

Re: [Dovecot] dovecot with Active Directory problem

On Sun, 2010-11-14 at 21:31 +0900, marie ot wrote: > I am using dovecot-2.0.6 with NetBSD amd64. .. > hosts = xxx.xxx.xxx.xxx:389 > dn = cn=Mail Administrator, cn=Users, dc=example, dc=com > dnpass = * dn is set, so Dovecot does a bind before doing anything else. > Both dovecot and postf

[Dovecot] dovecot with Active Directory problem

Hello, I am using dovecot-2.0.6 with NetBSD amd64. Active Directory is used as an authentication server. (Windows Server 2008 R2) However, the message of "Operations error" was displayed first and it did not move. It solved it by understanding that this is because the authority of th

Re: [Dovecot] Samba4 Active Directory and Doveadm

On Fri, 2010-10-15 at 08:20 -0600, Trever L. Adams wrote: > dovecot: auth: Debug: ldap(?): result: sAMAccountName(user)=SOME_USER1 > dovecot: auth: Debug: ldap(?): result: sAMAccountName(user)=SOME_USER2 > dovecot: auth: Debug: ldap(?): result: sAMAccountName(user)=... These are the iterate res

Re: [Dovecot] Samba4 Active Directory and Doveadm

On 10/15/2010 07:46 AM, Timo Sirainen wrote: > On Fri, 2010-10-15 at 07:17 -0600, Trever L. Adams wrote: > >> Fantastic. I am not. Postfix, is validating user existence. I read >> somewhere I can turn off Dovecot LDA validation, but now I am unable to >> find the page. > http://wiki2.dovecot.org/U

Re: [Dovecot] Samba4 Active Directory and Doveadm

On Fri, 2010-10-15 at 07:17 -0600, Trever L. Adams wrote: > Fantastic. I am not. Postfix, is validating user existence. I read > somewhere I can turn off Dovecot LDA validation, but now I am unable to > find the page. http://wiki2.dovecot.org/UserDatabase/Static / allow_all_users > >>> Oct 15 05

Re: [Dovecot] Samba4 Active Directory and Doveadm

On 10/15/2010 06:22 AM, Timo Sirainen wrote: > On Fri, 2010-10-15 at 06:14 -0600, Trever L. Adams wrote: > >> Is there some global option like mail_location for homedirectory? That >> is one I am not finding one with google or with grep in the configuration. > That's exactly what the mail_home is.

Re: [Dovecot] Samba4 Active Directory and Doveadm

On Fri, 2010-10-15 at 06:14 -0600, Trever L. Adams wrote: > > mail_home = /home/vmail/%d/%n > I actually have that as well. .. > Is there some global option like mail_location for homedirectory? That > is one I am not finding one with google or with grep in the configuration. That's exactly what t

Re: [Dovecot] Samba4 Active Directory and Doveadm

On 10/14/2010 11:07 AM, Timo Sirainen wrote: > > This can be alternatively done by putting to dovecot.conf: > > mail_home = /home/vmail/%d/%n I actually have that as well. > Don't put this here, rather just do it like everyone else: > > mail_location = maildir:~/ > > But then again, you should al

Re: [Dovecot] Samba4 Active Directory and Doveadm

On Mon, 2010-10-11 at 11:13 -0600, Trever L. Adams wrote: > user_attrs = =homeDirectory=/home/vmail/%d/%n, This can be alternatively done by putting to dovecot.conf: mail_home = /home/vmail/%d/%n > =mail=maildir:/home/vmail/%d/%n, Don't put this here, rather just do it like everyone else: mai

[Dovecot] Samba4 Active Directory and Doveadm

When executing: doveadm search -A mailbox INBOX from SOMEBODY I am getting: doveadm(root): Error: user root: Invalid settings in userdb: userdb returned 0 as uid doveadm(root): Error: User lookup failed: Invalid user settings. Refer to server log for more information. doveadm(bin): Error: user bin

Re: [Dovecot] Dovecot and Active Directory separate domain data stores.

On Mon, 2010-08-09 at 11:24 +1200, Andrew Bruce wrote: > I've tried this, but it doesn't seem to work. I've set in > /etc/dovecot/dovecot-ldap.conf: > pass_attrs = mail=user > user_attrs = mail=user > > It's like the user part is getting cut off at the '@' and then the domain > part is just being

Re: [Dovecot] Dovecot and Active Directory separate domain data stores.

On Wed, 04 Aug 2010 17:31:09 +0100, Timo Sirainen wrote: > On Tue, 2010-07-27 at 16:35 +1200, Andrew Bruce wrote: > >> We run a flat domain for AD (lets call it newzealand.local), and then >> under each users account that gets email, in the E-mail field in AD, they >> have an email address like u

Re: [Dovecot] Dovecot and Active Directory separate domain data stores.

On Tue, 2010-07-27 at 16:35 +1200, Andrew Bruce wrote: > We run a flat domain for AD (lets call it newzealand.local), and then > under each users account that gets email, in the E-mail field in AD, they > have an email address like us...@auckland, us...@wellington, us...@chch > and > so on. So I

[Dovecot] Dovecot and Active Directory separate domain data stores.

Hi, I've got Dovecot setup to auth my AD users fine via Winbind and I've also tried it using LDAP and can get this working also. The problem lies in the way we store our email for our virtual users in this setup. We run a flat domain for AD (lets call it newzealand.local), and then under each us

[Dovecot] dovecot + Active Directory + LDA

Hi there, I´m working on a setup with postfix (2.5.5) + dovecot (1.2.11) using a Active Directory user backend. At first, I used the instructions found here[1] to do the base configuration. As I understand, I need to use dovecot as a LDA to be able to use the quota plugin and have a per-user

Re: [Dovecot] Outlook 2007 w/SPA, Active Directory (was NTLM failures with an interesting twist)

On Mon, Aug 31, 2009 at 11:20:18PM +0100, Gavin Hamill wrote: > > Ok.. this is not too good, you should have many other entries too, > > several starting with host/ and CCIMAP$. > > The suggestion to remove the computer object (and the 'imapCcimap' user > I bound the SPN to using ktpass) and 'net

Re: [Dovecot] Outlook 2007 w/SPA, Active Directory (was NTLM failures with an interesting twist)

On Mon, 2009-08-31 at 15:35 -0600, Jason Gunthorpe wrote: > NP, if you have success consider making a HOWTO for the dovcot wikki > :) For sure. > Ok.. this is not too good, you should have many other entries too, > several starting with host/ and CCIMAP$. The suggestion to remove the computer o

Re: [Dovecot] Outlook 2007 w/SPA, Active Directory (was NTLM failures with an interesting twist)

On Mon, Aug 31, 2009 at 10:21:47PM +0100, Gavin Hamill wrote: > On Mon, 2009-08-31 at 13:24 -0600, Jason Gunthorpe wrote: > > > > Ouch, can you go a little more slowly, please? I think I've joined the > > > domain OK: > > > Sure.. > > Many thanks for taking the time on this - it is appreciated.

Re: [Dovecot] Outlook 2007 w/SPA, Active Directory (was NTLM failures with an interesting twist)

com kvno: Server not found in Kerberos database while getting credentials for imap/ccimap.ad.laterooms@ad.laterooms.com However, before I received your message I had been following the 'old-school' ktpass.exe method and I think I have poisoned the 'imap' name as a result: http://

Re: [Dovecot] Outlook 2007 w/SPA, Active Directory (was NTLM failures with an interesting twist)

On Mon, Aug 31, 2009 at 07:23:22PM +0100, Gavin Hamill wrote: > On Sun, 2009-08-30 at 14:29 -0600, Jason Gunthorpe wrote: > > > The kerberos setup is pretty easy.. 'net ads join' your server, go > > into the adsi editor and provide a imap and smtp SPN for the host, use > > 'net ads keytab' to put

Re: [Dovecot] Outlook 2007 w/SPA, Active Directory (was NTLM failures with an interesting twist)

On Sun, 2009-08-30 at 14:29 -0600, Jason Gunthorpe wrote: > The kerberos setup is pretty easy.. 'net ads join' your server, go > into the adsi editor and provide a imap and smtp SPN for the host, use > 'net ads keytab' to put the imap and smtp SPNs in the system keytab, > and then you are good to

Re: [Dovecot] Outlook 2007 w/SPA, Active Directory (was NTLM failures with an interesting twist)

On Sun, Aug 30, 2009 at 08:38:20PM +0100, Gavin Hamill wrote: > On Sat, 2009-08-29 at 21:55 -0600, Jason Gunthorpe wrote: > > On Sun, Aug 30, 2009 at 01:50:02AM +0100, Gavin Hamill wrote: > > > Has anyone successfully configured the above to enable Single Sign-On? I > > > would love to move away fr

Re: [Dovecot] Outlook 2007 w/SPA, Active Directory (was NTLM failures with an interesting twist)

On Sat, 2009-08-29 at 21:55 -0600, Jason Gunthorpe wrote: > On Sun, Aug 30, 2009 at 01:50:02AM +0100, Gavin Hamill wrote: > > Has anyone successfully configured the above to enable Single Sign-On? I > > would love to move away from Exchange but SSO is a corporate > > requirement. > > I looked at t

Re: [Dovecot] Outlook 2007 w/SPA, Active Directory (was NTLM failures with an interesting twist)

On Sun, Aug 30, 2009 at 01:50:02AM +0100, Gavin Hamill wrote: > Has anyone successfully configured the above to enable Single Sign-On? I > would love to move away from Exchange but SSO is a corporate > requirement. I looked at this in some detail and concluded that the NTLM support on Outlook 2007

[Dovecot] Outlook 2007 w/SPA, Active Directory (was NTLM failures with an interesting twist)

Has anyone successfully configured the above to enable Single Sign-On? I would love to move away from Exchange but SSO is a corporate requirement. Outlook Express works fine with it, but not OL2007, and the latteris the only client I can realistically use. Cheers, Gavin.

[Dovecot] SASL Dovecot, Active Directory, LDAP

My configuration : - a smtp server with Postfix 2.6 and Dovcot 1.1.11. - a windows 2003 server with active directory for accounts and boxes I would like to use SMTP / SASL on my postfix 2.6 to authenticate my remote laptop users (allow legitimate users to relay mail). To do that, I need to

Re: [Dovecot] Active Directory LDAP authentication fails after a time

On 4/17/2009, noahisaac (n...@miller.cc) wrote: I've got Dovecot version 1.0.7 Best bet is to upgrade... lits of fixes and improvements since this version... 1.1.14 is current stable version, and is available (well, maybe not quite yet since it was only released yesterday, but at least 1.1.13

Re: [Dovecot] Active Directory LDAP authentication fails after a time

On 4/17/2009, noahisaac (n...@miller.cc) wrote: > I've got Dovecot version 1.0.7 Best bet is to upgrade... lits of fixes and improvements since this version... 1.1.14 is current stable version, and is available (well, maybe not quite yet since it was only released yesterday, but at least 1.1.13 i

Re: [Dovecot] Active Directory LDAP authentication fails after a time

would say it may be time for you to update... On Apr 17, 2009, at 12:40 PM, noahisaac wrote: Hi - I've got Dovecot version 1.0.7 running on a CentOS 5.2 machine. It's serving pop, imap and imaps and authenticating against an Active Directory machine. This all works fine at first,

[Dovecot] Active Directory LDAP authentication fails after a time

Hi - I've got Dovecot version 1.0.7 running on a CentOS 5.2 machine. It's serving pop, imap and imaps and authenticating against an Active Directory machine. This all works fine at first, but after about two weeks or so, dovecot's authentication against AD starts to fail. A

Re: [Dovecot] Active Directory authentication

On Wed, Jan 21, 2009 at 08:26:37AM +0200, Dimitrios Karapiperis wrote: > I would like to ask if there is adequate mechanism to authenticate users > through POP3 against Active Directory by Outlook Express so that users will > authenticate seamlessly using logon credentials. &g

[Dovecot] Active Directory authentication

Hello all I would like to ask if there is adequate mechanism to authenticate users through POP3 against Active Directory by Outlook Express so that users will authenticate seamlessly using logon credentials. I have implemented LDAP authentication but users must supply their credentials to

Re: [Dovecot] Dovecot authenticating---> Active Directory Win2003

On Tue, Dec 09, 2008 at 01:57:43PM +0100, Thomas Siebert wrote: > > That works but has 3 main drawbacks: > > 1) It is a pain to setup SSL LDAP on both windows and linux. If you > > don't do this then it is massively insecure > > Agreed, if you don't it is massively insecure. But I don't see

Re: [Dovecot] Dovecot authenticating---> Active Directory Win2003

The only problem with that is that then all of the AD users will have a virtual account. This includes built-in accounts in AD. I would take the take to do LDAP queries against AD and do it so that it searches the "mail" attribute for the objectClass person. Then in order to (lets call it activat

Re: [Dovecot] Dovecot authenticating---> Active Directory Win2003

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Jason Gunthorpe > Sent: Tuesday, December 09, 2008 12:13 AM > To: Thomas Siebert; Michel Vega Fuenzalida > Cc: 'Dovecot Mailing List' > Subject: Re: [Dovecot]

Re: [Dovecot] Dovecot authenticating---> Active Directory Win2003

On Mon, Dec 08, 2008 at 02:43:53PM +0100, Thomas Siebert wrote: > You have to use LDAP as Authentication Backend with Port 3268. > > http://wiki.dovecot.org/AuthDatabase/LDAP That works but has 3 main drawbacks: 1) It is a pain to setup SSL LDAP on both windows and linux. If you don't do thi

Re: [Dovecot] Dovecot authenticating---> Active Directory Win2003

Tomasz Suchodolski wrote: 2008/12/8 Charles Marcus <[EMAIL PROTECTED]>: On 12/8/2008, Michel Vega Fuenzalida ([EMAIL PROTECTED]) wrote: I have installed 4 Etch, with dovecot 1.0.rc15-2 Please upgrade... it really isn't worth trying to troubleshoot something so old (and known to have many issue

Re: [Dovecot] Dovecot authenticating---> Active Directory Win2003

You have to use LDAP as Authentication Backend with Port 3268. http://wiki.dovecot.org/AuthDatabase/LDAP

Re: [Dovecot] Dovecot authenticating---> Active Directory Win2003

2008/12/8 Charles Marcus <[EMAIL PROTECTED]>: > On 12/8/2008, Michel Vega Fuenzalida ([EMAIL PROTECTED]) wrote: >> I have installed 4 Etch, with dovecot 1.0.rc15-2 > > Please upgrade... it really isn't worth trying to troubleshoot something > so old (and known to have many issues)... > > Use a diff

Re: [Dovecot] Dovecot authenticating---> Active Directory Win2003

On 12/8/2008, Michel Vega Fuenzalida ([EMAIL PROTECTED]) wrote: > I have installed 4 Etch, with dovecot 1.0.rc15-2 Please upgrade... it really isn't worth trying to troubleshoot something so old (and known to have many issues)... Use a different repo if you have to... -- Best regards, Charles

[Dovecot] Dovecot authenticating---> Active Directory Win2003

Hello list, I have installed 4 Etch, with dovecot 1.0.rc15-2, and I wanted that when the users make IMAP/POP3, the dovecot verifies the user/passwd in a Active Directory of Windows 2003. Greetings -- Usemos el Software Libre "Con todos y para el bien de todos" Michel Vega

Re: [Dovecot] Quotas from Active Directory LDAP

On Mar 22, 2008, at 1:32 PM, Mohammad Shami Al-Shami wrote: user_attrs = sAMAccountName=home,title=quota user_filter = (&(ObjectClass=person)(sAMAccountName=%u)) pass_filter = (&(ObjectClass=person)(sAMAccountName=%u)) user_global_uid = 1001 user_global_gid = 1001 I'm storing the quota in the t

[Dovecot] Quotas from Active Directory LDAP

Hi Guys, I've been trying to get this to work for 3 days now, but no luck. I have Dovecot set with an Active Directory back-end. Everything is working properly but I can't get user specific quotas.I tried with both 1.0.13 and 1.0-rc7. All users have the same quota which is set in do

Re: [Dovecot] What's the best way to authenticate against Active Directory?

* Chris Johnson <[EMAIL PROTECTED]>: > Hi all, > I'm working on a replacement for a legacy linux mail server: courier > POP/IMAP, Postfix, OpenLDAP. One of the requirements of the new mail > server is to authenticate against our AD infrastructure (I'll still > keep a

[Dovecot] What's the best way to authenticate against Active Directory?

Hi all, I'm working on a replacement for a legacy linux mail server: courier POP/IMAP, Postfix, OpenLDAP. One of the requirements of the new mail server is to authenticate against our AD infrastructure (I'll still keep a userdb in OpenLDAP). SSO is not required since most of the clients

Re: [Dovecot] PAM, Active Directory, all users mapped to uid=0

Ah nevermind, I'm a moron I had: userdb static { args = uid=root gid=root home=/home/URBACON/%u } I've commented that out and things are working great. Matt Zukowski wrote: I'm having a problem with authentication using PAM, connected on the back end to Active

[Dovecot] PAM, Active Directory, all users mapped to uid=0

I'm having a problem with authentication using PAM, connected on the back end to Active Directory. PAM authentication itself works fine. We can log in to the machine using AD credentials without any problems. Each user is automatically mapped to uid's in the 1+ range. However

Re: [Dovecot] Authenticaton in Active Directory(again)

Hi, I run dovecot on Solaris 10, with authentication to Active Directory, just fine. I make my Solaris system a Kerberos client to AD, then then use PAM to allow authentication of users to AD. For information on how to kerberize a Sun box (the same idea should work with Linux and other

  1   2   >