Aki - comments interspersed below ...
--Mark
-Original Message-
> Subject: Re: Looking for GSSAPI config [was: Looking for NTLM config example]
> To: dovecot@dovecot.org
> From: Aki Tuomi
> Organization: Dovecot Oy
> Date: Fri, 1 Jul 2016 10:10:43 +0300
>
> Th
6 openssl io_block_size=8192
> Mail storages: shared mdbox sdbox maildir mbox cydir imapc pop3c raw fail
> SQL drivers:
> Passdb: checkpassword passwd passwd-file shadow
> Userdb: checkpassword nss passwd prefetch passwd-file
>
> should I see authentication methods there?
>
&
rdb: checkpassword nss passwd prefetch passwd-file
should I see authentication methods there?
--Mark
-Original Message-
Subject: Re: Looking for GSSAPI config [was: Looking for NTLM config example]
To: dovecot@dovecot.org
From: Aki Tuomi
Organization: Dovecot Oy
Date: Thu, 30 Jun 201
the list by
> repeating here. Check
> out that message and see what you think could be wrong.
>
> Thanks for your help! I'm sure this is solvable!
>
> --Mark
>
> -Original Message-
>> Date: Wed, 29 Jun 2016 08:03:14 -0400
>> Subject: Re: Looking for GS
gt;>> ccache_type = 4
>>>>> forwardable = true
>>>>> proxiable = true
>>>>> fcc-mit-ticketflags = true
>>>>>
>>>>> [realms]
>>>>> HPRS.LOCAL = {
>>>>> default_domain = hprs.local
>>&g
Looking for GSSAPI config [was: Looking for NTLM config example]
> From: brendan kearney
> To: Mark Foley
> Cc: dovecot@dovecot.org
>
> The last log line shows "user=<>". This indicates no credentials were
> presented. If the rip field matches the client ip you
gt;>> HPRS.LOCAL = {
> >>>default_domain = hprs.local
> >>> auth_to_local_names = {
> >>>Administrator = root
> >>> }
> >>> }
> >>>
> >>> [domain_realm]
> >>>hprs.local = HP
L alert: close notify [192.168.0.58]
> Jun 28 22:44:11 imap-login: Info: Disconnected (no auth attempts in 6
> secs): user=<>, rip=192.168.0.58, lip=98.102.63.107, TLS,
> session=
>
> Does this tell you anything? `doveconf -n` and krb5.conf are configured as
> shown in prev
> Does this tell you anything? `doveconf -n` and krb5.conf are configured as
> shown in previous
> messages below.
>
> Closer! --Mark
>
> -Original Message-
> From: Mark Foley
> Date: Tue, 28 Jun 2016 22:04:42 -0400
> To: dovecot@dovecot.org
> Subject: Re:
--Original Message-
From: Mark Foley
Date: Tue, 28 Jun 2016 22:04:42 -0400
To: dovecot@dovecot.org
Subject: Re: Looking for GSSAPI config [was: Looking for NTLM config example]
Aki, you wrote:
> Doh. Seems your dovecot isn't compiled with gssapi support? Can you compile
> it yourself
> Date: Tue, 28 Jun 2016 18:06:10 +0300 (EEST)
> From: aki.tu...@dovecot.fi
> To: dovecot@dovecot.org
> Subject: Re: Looking for GSSAPI config [was: Looking for NTLM config example]
>
> > On June 28, 2016 at 5:17 PM Mark Foley wrote:
> >
> >
> > Aki - mad
.27.161, lip=98.102.63.107, TLS, session=
>
> This looks pretty bad right off. Why "Unknown authentication mechanism
> 'gssapi'"?
>
> Do you have any idea from the configs I've posted? I'm rather depressed about
> this. I thought I'd
> finally a
---original Message-
> Subject: Re: Looking for GSSAPI config [was: Looking for NTLM config example]
> To: dovecot@dovecot.org
> From: Aki Tuomi
> Date: Tue, 28 Jun 2016 15:13:11 +0300
>
> On 28.06.2016 09:27, Mark Foley wrote:
> > Aki,
> >
> > To review you
On 28.06.2016 09:27, Mark Foley wrote:
Aki,
To review your 5 points:
On Mon, 27 Jun 2016 09:18:54 +0300 Aki Tuomi wrote:
1. Functional AD or Kerberos environment
2. Time synced against your KDC (which is your Domain Controller on Windows)
3. /etc/krb5.conf configured
4. Both forward / reve
Aki,
To review your 5 points:
On Mon, 27 Jun 2016 09:18:54 +0300 Aki Tuomi wrote:
> 1. Functional AD or Kerberos environment
> 2. Time synced against your KDC (which is your Domain Controller on Windows)
> 3. /etc/krb5.conf configured
> 4. Both forward / reverse DNS names correct for clients an
th gssapi? (providing I get other configs correct)
--Mark
-Original Message-
> Date: Tue, 28 Jun 2016 00:19:45 +0300 (EEST)
> From: aki.tu...@dovecot.fi
> To: dovecot@dovecot.org
> Subject: Re: Looking for GSSAPI config [was: Looking for NTLM config example]
>
> > On
Jan, thanks for your helpful reply. You wrote:
> With Dovecot I got the SSO working with Kerberos, and this part is
> working great. Other parts (shared mailboxes, that sort of stuff) aren't
> working for me yet. ...
I'm the opposite. My mailbox setup has been working great for a year and a
ha
> On June 28, 2016 at 12:02 AM Jan Jurkus wrote:
>
>
> Hi,
>
> I'm not entirely happy with the static userdb, because of the
> limitations with kerberos/pam, but this can of course be changed rather
> easily. The hardest part is to get the SSO working.
> One of the limitiations is stated her
Hi,
On 27-06-2016 08:58, Mark Foley wrote:
> So, I'm apparently lacking in the kerberos stuff. Here's the problem --
> Samba4 uses Heimdal
> Kerberos and when I provisioned my domain apparently none of these needed
> kerberos files were
> set up. I can, however, kerberos authenticate from domai
> On June 27, 2016 at 8:50 PM Gregory Sloop wrote:
>
>
>
>
> TT> On 6/27/2016 2:45 AM, Mark Foley wrote:
> >> While continuing to test gssapi, I thought I check out your suggestion on
> >> NTLM v1. I did set
> >> Thunderbird to NTLM v1 ...
>
> TT> You are aware, I hope, that NTLM v1 is well
TT> On 6/27/2016 2:45 AM, Mark Foley wrote:
>> While continuing to test gssapi, I thought I check out your suggestion on
>> NTLM v1. I did set
>> Thunderbird to NTLM v1 ...
TT> You are aware, I hope, that NTLM v1 is well over 20 years old and
TT> is trivially compromised today. Basically, it's
On 6/27/2016 2:45 AM, Mark Foley wrote:
While continuing to test gssapi, I thought I check out your suggestion on NTLM
v1. I did set
Thunderbird to NTLM v1 ...
You are aware, I hope, that NTLM v1 is well over 20 years old and
is trivially compromised today. Basically, it's about as secure as
s
sage
> Subject: Re: Looking for GSSAPI config [was: Looking for NTLM config example]
> To: dovecot@dovecot.org
> From: Aki Tuomi
> Organization: Dovecot Oy
> Date: Mon, 27 Jun 2016 09:18:54 +0300
>
> On 27.06.2016 07:31, Mark Foley wrote:
> > Thanks for the repl
ly
with Dovecot?
Please speak up! Let me know you exist!
--Mark
-Original Message-
> Date: Sun, 26 Jun 2016 15:08:03 +0300 (EEST)
> From: aki.tu...@dovecot.fi
> To: dovecot@dovecot.org, Mark Foley
> Subject: Re: Looking for NTLM config example
>
> Also it seems we lack supp
On 27.06.2016 07:31, Mark Foley wrote:
> Thanks for the reply. When you say it [NTLM] "should" work, I understand you
> to be implying
> you've not actually tried NTLM yourself, right? I've never gotten a response
> from someone
> saying they have or are actually using it. Your subsequent mess
Message-
> Date: Sun, 26 Jun 2016 14:00:49 +0300 (EEST)
> From: aki.tu...@dovecot.fi
> To: dovecot@dovecot.org
> Subject: Re: Looking for NTLM config example
>
> It should work. Although if you are using linux server you might want to use
> gssapi instead.
>
> &
work.
>
> Thanks, --Mark
>
> -Original Message-
> From: Mark Foley
> Date: Fri, 22 Apr 2016 02:07:24 -0400
> Organization: Ohio Highway Patrol Retirement System
> To: dovecot@dovecot.org
> Subject: Looking for NTLM config example
>
> > Now that I am running Thu
-
> From: Mark Foley
> Date: Fri, 22 Apr 2016 02:07:24 -0400
> Organization: Ohio Highway Patrol Retirement System
> To: dovecot@dovecot.org
> Subject: Looking for NTLM config example
>
> > Now that I am running Thunderbird on Linux and away from Windows/Outlook,
>
cation method and it therefore does not work.
Thanks, --Mark
-Original Message-
From: Mark Foley
Date: Fri, 22 Apr 2016 02:07:24 -0400
Organization: Ohio Highway Patrol Retirement System
To: dovecot@dovecot.org
Subject: Looking for NTLM config example
> Now that I am running Thunderbird
Now that I am running Thunderbird on Linux and away from Windows/Outlook, I'd
like to take
another run at setting up NTLM authentication from Thunderbird to my Samba4
AC/DC.
With the help of the samba maillist folks I was able to set up NTLM
authentication for domain
user login. I should be a
30 matches
Mail list logo
