[Dovecot] virtual domains with SQL auth + ntlm (winbind) auth for one of them...

Tomasz Lutelmowski tomasz.lutelmowski at gmail.com
Mon Apr 6 15:35:11 EEST 2009


Hello !

Is it possible to configure dovecot so it can use SQL authentication
for set of domains, and ntlm authentication for one domain? In other
words, I would like to authenticate all users (with user at domain.com as
login) in SQL server, and if not found, then strip @windomain.com from
login and fallback to pam->winbind authentication. So far i have in my
dovecot.conf:

auth_default_realm = windomain.com
mechanisms = plain
passdb sql {
    args = /etc/dovecot/dovecot-sql.conf
}
passdb pam {
}
passdb passwd {
}
userdb sql {
  args = /etc/dovecot/dovecot-sql.conf
}
userdb passwd {
}
userdb prefetch {
}

in pam.d/dovecot :
auth       required     pam_nologin.so
auth       include      system-auth-winbind
account    include      system-auth-winbind
session    include      system-auth-winbind

With this configuration I can authenticate all users for virtual
domains with logins user at domain.com - ok, then it fallbacks to pam -
ok,
but then it returns error (winbind uses only "user" or "DOMAIN\user"
as login). After I set auth_username_format = %n I get opposite
situation - I can authenticate users with pam, but I can't with SQL
(it requires user at domain as login field). Unfortunately
auth_default_realm = windomain.com is a must have (and most of the
windows clients uses user at windomain.com as login anyway). Please help,
I'm banging my head against keyboard since 3 days but still no idea
how to do it.

Best regards,
Tomek


More information about the dovecot mailing list