[Dovecot] virtual domains with SQL auth + ntlm (winbind) auth for one of them...
Tomasz Lutelmowski
tomasz.lutelmowski at gmail.com
Mon Apr 6 15:35:11 EEST 2009
Hello !
Is it possible to configure dovecot so it can use SQL authentication
for set of domains, and ntlm authentication for one domain? In other
words, I would like to authenticate all users (with user at domain.com as
login) in SQL server, and if not found, then strip @windomain.com from
login and fallback to pam->winbind authentication. So far i have in my
dovecot.conf:
auth_default_realm = windomain.com
mechanisms = plain
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
passdb pam {
}
passdb passwd {
}
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
userdb passwd {
}
userdb prefetch {
}
in pam.d/dovecot :
auth required pam_nologin.so
auth include system-auth-winbind
account include system-auth-winbind
session include system-auth-winbind
With this configuration I can authenticate all users for virtual
domains with logins user at domain.com - ok, then it fallbacks to pam -
ok,
but then it returns error (winbind uses only "user" or "DOMAIN\user"
as login). After I set auth_username_format = %n I get opposite
situation - I can authenticate users with pam, but I can't with SQL
(it requires user at domain as login field). Unfortunately
auth_default_realm = windomain.com is a must have (and most of the
windows clients uses user at windomain.com as login anyway). Please help,
I'm banging my head against keyboard since 3 days but still no idea
how to do it.
Best regards,
Tomek
More information about the dovecot
mailing list