[Dovecot] dovecot + postfix + active directory
Askar
askar at askarali.info
Tue Apr 12 17:08:09 EEST 2005
Paolo Basenghi wrote:
> Active Directory uses kerberos protocol for authentication, so you
> need pam_krb5 module to authenticate.
> I don't know if it is possible to authenticate in A.D. without Kerberos.
>
> In the configuration I proposed to you, A.D. is required only for
> authentication, the accounting information (uid, gid) is static (vmail
> Linux user), the home dir. is determined by template (example:
> /home/vmail/mailboxes/<A.D. username>).
> In other words, my config. works well if you can utilize virtual
> mailboxes *AND* each mailbox dir. name equals to A.D. username.
>
> I heard that exists a Microsoft extension to A.D. LDAP schema to add
> Unix accounting info, but I never used it.
>
> So I don't know if you *must* use pam+kerberos, but I suggest that you
> *should* try it, leaving out dovecot-ldap.conf.
>
> Cheers
>
Hello,
I'm now trying with pam + kerbers , when I tries with "kinit abc"
authentication to AD works which means my ker5.conf file is correct ,
however when I tries from mail client thunderbird I got error...
"dovecot-auth: PAM: pam_authenticate(rizwan) failed: unknown user"
I added "dovecot" file to /etc/pam.d/ with these lines (as you suggested)
account required pam_krb5.so no_user_check
account required pam_permit.so
It looks like that pam is not using kerbers thats why it giving me error
of "unknown user", I treid with changing the module name eg,
pam_kerb5.so to pam_kerb5.so.4 , which gives me errors .........
teacher dovecot-auth: in openpam_load_module(): no pam_krb5.so.4 found
Apr 12 19:04:24 teacher dovecot-auth: PAM: pam_start(abc) failed: system
error
Apr 12 19:04:24 teacher dovecot-auth: in openpam_load_module(): no
pam_krb5.so.4 found
Apr 12 19:04:24 teacher dovecot-auth: PAM: pam_start(abc) failed: system
error
which mean pam do reading and loading the specified modules and
complains if something misssing.
Regards
Askar
More information about the dovecot
mailing list