[Dovecot] NTLM configuration

Cédric Laruelle laruellec at aiderdonner.com
Wed May 6 15:53:47 EEST 2009 

Thank you for your fast answer.
Actually, I already tried that yesterday, without any success.
Here is the dovecot log I have if I enable winbind and ntlm mechanisms.

dovecot: May 06 14:52:37 Info: auth(default): new auth connection: pid=25828
dovecot: May 06 14:52:38 Info: auth(default): client in: AUTH   1       NTLM
service=imap    secured lip=192.168.0.1 rip=192.168.0.254       lport=143
rport=1084
dovecot: May 06 14:52:38 Info: auth(default): client out: CONT  1
dovecot: May 06 14:52:38 Info: auth(default): client in: CONT   1
TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
dovecot: May 06 14:52:38 Info: auth(default): client out: CONT  1
TlRMTVNTUAACAAAADgAOADAAAAAFgomizPYc4ALWKQgAAAAAAAAAAIAAgAA+AAAAQQBMAFYAQQBS
AFUATQACAA4AQQBMAFYAQQBSAFUATQABABAASQBOAFQARQBSAE4AQQBMAAQAHgBhAGkAZABlAHIA
ZABvAG4AbgBlAHIALgBjAG8AbQADADAAaQBuAHQAZQByAG4AYQBsAC4AYQBpAGQAZQByAGQAbwBu
AG4AZQByAC4AYwBvAG0AAAAAAA==
dovecot: May 06 14:52:38 Info: auth(default): client in: CONT   1
TlRMTVNTUAADAAAAGAAYAF4AAAAYABgAdgAAAAAAAABIAAAABgAGAEgAAAAQABAATgAAAAAAAACO
AAAABYKIogUBKAoAAAAPZgBmAHMAQQBMAFYAQQBSAFUATQAzABXRN5WNNwAgAAAAAAAAAAAAAAAA
AAAAALm1ePVxjdOF1UPe8A/e1D6H0+jlJYQPUA==
dovecot: May 06 14:52:38 Info: auth(default): winbind(?,192.168.0.254): user
not authenticated: NT_STATUS_NO_LOGON_SERVERS
dovecot: May 06 14:52:40 Info: auth(default): client out: FAIL  1

Thanks again in advance for any help you can provide.

Best regards,

Cédric Laruelle


-----Message d'origine-----
De : dovecot-bounces+laruellec=aiderdonner.com at dovecot.org
[mailto:dovecot-bounces+laruellec=aiderdonner.com at dovecot.org] De la part de
Andrey Panin
Envoyé : mercredi 6 mai 2009 14:38
À : C?dric Laruelle
Cc : dovecot at dovecot.org
Objet : Re: [Dovecot] NTLM configuration

On 126, 05 06, 2009 at 11:18:52AM +0200, C?dric Laruelle wrote:
> Hi all,
> 
>  
> 
> I?m actually running samba 3 as a primary domain controller. The
> workstations of my network are all running windows (some xp, some vista)
and
> use Outlook 2007 as a web client.
> 
> Samba is set up with the following parameters :
> 
>   security = user
> 
>   passdb backend = tdbsam
> 
>   unix password sync = Yes
> 
>   domain master = yes
> 
>   domain logons = yes
> 
>  
> 
> Everything works fine on samba side, meaning that the machines are part of
> the domain, and users do authenticate correctly.
> 
>  
> 
> For the moment, the users are getting their mail (pop3 or imap) through
> dovecot (running on the same box as samba).
> 
> Dovecot is configured with mechanisms = plain.
> 
> I would like to secure it by using mechanisms = ntlm, but still using the
> system users.
>
> I found much information on how to authenticate against an active
directory,
> but nothing that allows me to keep my actual authentication against system
> users. Indeed, if I just change the mechanisms to ntlm, dovecot does not
> start anymore complaining that ?NTLM mechanism can't be supported with
given
> passdbs?

You can authenticate your users via Samba's winbind daemon. Read more here:
http://wiki.dovecot.org/Authentication/Mechanisms/Winbind

> Any help would be much appreciated as I already tried the whole day
> yesterday to get it working ?
> 
>  
> 
> Best regards,
> 
>  
> 
> C?dric Laruelle
>

More information about the dovecot mailing list