[Dovecot] NTLM failures with an interesting twist

Gavin Hamill gdh at acentral.co.uk
Sat Aug 29 02:25:17 EEST 2009


This is a tired old topic but I've at least got an angle on it:

Outlook Express works perfectly with IMAP / SPA for users logged into
our Windows domain; I just give the server address and username, and it
logs in without any password required; beautiful!

auth_ntlm_use_winbind = yes
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth default {
	mechanisms = ntlm 
	userdb static {
	args = uid=500 gid=500 home=/var/mail/%u allow_all_users=yes
	}
}

Dovecot is the 1.1.13-2~bpo50+1 package from backports.org on Debian
lenny, with winbind 3.2.5

Aug 28 23:49:38 ccimap dovecot: auth(default): client in:
AUTH#0111#011NTLM#011service=imap#011lip=10.6.1.82#011rip=10.6.1.81#011lport=143#011rport=1205
Aug 28 23:49:38 ccimap dovecot: auth(default): client out: CONT#0111#011
Aug 28 23:49:38 ccimap dovecot: auth(default): client in:
CONT#0111#011TlRMTVNTUAABAAAAB7IIogIAAgAvAAAABwAHACgAAAAFASgKAAAAD01SSklHR1NBRA==
Aug 28 23:49:38 ccimap dovecot: auth(default): client out:
CONT#0111#011TlRMTVNTUAACAAAABAAEADAAAAAFgominEGMs1Rz3YQAAAAAAAAAAGYAZgA0AAAAQQBEAAIABABBAEQAAQAMAEMAQwBJAE0AQQBQAAQAGgBsAGEAdABlAHIAbwBvAG0AcwAuAGMAbwBtAAMAKABjAGMAaQBtAGEAcAAuAGwAYQB0AGUAcgBvAG8AbQBzAC4AYwBvAG0AAAAAAA==
Aug 28 23:49:38 ccimap dovecot: auth(default): client in:
CONT#0111#011TlRMTVNTUAADAAAAGAAYAGYAAAAYABgAfgAAAAQABABIAAAADAAMAEwAAAAOAA4AWAAAAAAAAACWAAAABYKIogUBKAoAAAAPQQBEAG0AagBpAGcAZwBzAE0AUgBKAEkARwBHAFMAKYRSdfpULaQAAAAAAAAAAAAAAAAAAAAAj90Vff2FIU1+Gs/eei8bL8dMJFGZnzSg
Aug 28 23:49:38 ccimap dovecot: auth(default): client out:
OK#0111#011user=mjiggs
Aug 28 23:49:38 ccimap dovecot: auth(default): master in:
REQUEST#0112#0111869#0111
Aug 28 23:49:38 ccimap dovecot: auth(default): passwd(mjiggs,10.6.1.81):
lookup
Aug 28 23:49:38 ccimap dovecot: auth(default): master out:
USER#0112#011mjiggs#011system_user=mjiggs#011uid=10416#011gid=10000#011home=/home/AD/mjiggs
Aug 28 23:49:38 ccimap dovecot: imap-login: Login: user=<mjiggs>,
method=NTLM, rip=10.6.1.81, lip=10.6.1.82

So, Outlook Express works. Great. The worst email client I know and it
works fine with SPA.

Unfortunately Outlook 2007 doesn't work - it prompts me for a password,
and then obviously fails with NT_STATUS_WRONG_PASSWORD..

Aug 28 23:39:40 ccimap dovecot: auth(default): client in:
AUTH#0111#011NTLM#011service=imap#011lip=10.6.1.82#011rip=10.6.1.81#011lport=143#011rport=1162
Aug 28 23:39:40 ccimap dovecot: auth(default): client out: CONT#0111#011
Aug 28 23:39:40 ccimap dovecot: auth(default): client in:
CONT#0111#011TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
Aug 28 23:39:40 ccimap dovecot: auth(default): client out:
CONT#0111#011TlRMTVNTUAACAAAABAAEADAAAAAFgomiAN6hAS8XKA4AAAAAAAAAAGYAZgA0AAAAQQBEAAIABABBAEQAAQAMAEMAQwBJAE0AQQBQAAQAGgBsAGEAdABlAHIAbwBvAG0AcwAuAGMAbwBtAAMAKABjAGMAaQBtAGEAcAAuAGwAYQB0AGUAcgBvAG8AbQBzAC4AYwBvAG0AAAAAAA==
Aug 28 23:39:40 ccimap dovecot: auth(default): client in:
CONT#0111#011TlRMTVNTUAADAAAAGAAYAGIAAAAYABgAegAAAAAAAABIAAAADAAMAEgAAAAOAA4AVAAAAAAAAACSAAAABYKIogUBKAoAAAAPbQBqAGkAZwBnAHMATQBSAEoASQBHAEcAUwBVhYHxX9PdSQAAAAAAAAAAAAAAAAAAAAC0rohzeNXOHMxVHQkogW4ytyNC9hcpnCg=
Aug 28 23:39:40 ccimap dovecot: auth(default): winbind(?,10.6.1.81):
user not authenticated: NT_STATUS_WRONG_PASSWORD
Aug 28 23:39:40 ccimap dovecot: auth(default): new auth connection:
pid=1867
Aug 28 23:39:41 ccimap dovecot: auth(default): client out: FAIL#0111

Does anyone have any magic beans for Outlook 2007 (tried both original
release + SP2) ?

Cheers,
Gavin




More information about the dovecot mailing list