[Dovecot] NTLM authentication does not work
Alexander Cherniak
Alexander.Cherniak at Autonomy.com
Tue Aug 31 21:14:25 EEST 2010
Thank you Timo,
I had a bad feeling that IMAP login always go for PLAIN authentication... What else can I use for debugging?
In my case both wbinfo and ntlm_auth do work, but Outlook doesn't.
I am new to Dovecot/Linux and running out of ideas. Can somebody recommend a good troubleshooting strategy?
Regards, Alex
-----Original Message-----
From: Timo Sirainen [mailto:tss at iki.fi]
Sent: Tuesday, August 31, 2010 1:55 PM
To: Alexander Cherniak
Cc: dovecot at dovecot.org
Subject: Re: [Dovecot] NTLM authentication does not work
On Mon, 2010-08-30 at 12:21 -0500, Alexander Cherniak wrote:
> Windbind seems to work:
> [root at aCentOs2 dovecot]# wbinfo -a wAlex%pass
> plaintext password authentication succeeded
> challenge/response password authentication succeeded
>
> Same is true for ntlm_auth helper:
> [root at aCentOs2 dovecot]# /usr/bin/ntlm_auth --username=wAlex --password=pass
> NT_STATUS_OK: Success (0x0)
I don't much know of NTLM, but..
> But I couldn't get into Dovecot (with or without auth_use_winbind option):
> . login wAlex pass
> . NO [ALERT] Unsupported authentication mechanism.
..
> auth_mechanisms = ntlm
This error happens because you enabled NTLM mechanism, but disabled
PLAIN mechanism (LOGIN command uses PLAIN mechanism). If you want both
to work, use:
auth_mechanisms = plain ntlm
And note that winbind authentication only works for NTLM mechanism, not
for anything else. Maybe you need to figure out some other passdb to use
like LDAP or maybe some PAM plugin?..
More information about the dovecot
mailing list