[Dovecot] NTLM authentication woes
Adrian Gill
adrian at ssinternet.co.uk
Sun Dec 24 16:43:40 UTC 2006
Lars wrote:
[Re Outlook handling of SPA/NTLM]
> Turning on auth_debug and auth_verbose has led me to discover that MS
> Outlook uses the users full name as login, instead of whatever is entered
> in the account-information - if the user "John Doe" has the login
> "jd at domain.com", Outlook sends "John Doe" instead. This of course fails.
> Strangely enough, if I turn off "Use Secure Authentication" from within
> Outlook, the login-name from the account- information is used as it should
> be.
Not a solution I'm afraid, but just to let you know that I've been
experimenting with NTLM (actually with Exim for authenticated SMTP) for a
while with a few users and had the same problems - different versions of
Outlook behave slightly differently, but none (that I've found) seem to work
properly. Usually Outlook sends the users Windows Logon username and
password (which is often their name, but often something else too like
'Administrator') initially, and sometimes then retries automatically with
the correct details.
Things never seem to be that consistent though, except that they're
consistently bad. Frustratingly, the only option I have is to tell users
that have problems to use Thunderbird or something else and use cram-md5
instead.
As far as Outlook goes I think Microsoft seem to only bother testing NTLM
running with MS Exchange on a local network... v.annoying!
(Sorry not that helpful a post)
Adrian
More information about the dovecot
mailing list