[Dovecot] Samba4 and user auth

Carsten Laun-De Lellis carsten.delellis at delellis.net
Mon Jul 1 14:53:44 EEST 2013


 

Hi Pavel 

Thankx for your explanations. 

Also in my scenario Samba, Postfix and Dovecot are running on the same
machine. I will try your config and then see if it works. 

But again kind regards and thankx to you and all others who came back to
me with suggestions how to find the right config. 

---

Mit freundlichem Gruß

Carsten Laun-De Lellis

Hauptstrasse 13
D-67705 Trippstadt

Phone: +49 6306 992140
Fax: +49 6306 992142
Mobile: +49 151 27530865
email: carsten.delellis at delellis.net

http://www.linkedin.com/in/carstenlaundelellis [1] 

Am 2013-07-01 13:05, schrieb Pavel Herrmann: 

> Hi
> 
> On Monday 01 July 2013 12:36:39 Carsten Laun-De Lellis wrote:
> 
>> Hi Pavel Thankx for your reply. When you were setting up your ldap query what kind of password crypto did you specify plain ntlm gssapi or anything else? The password field in your query is userPassword or am I wrong here?
> 
> the password field is hidden (only the user can see it) by default, and not 
> stored as a unix-friendly value (anything a crypt() would understand)
> what I use is auth_bind (which uses user-supplied password to bind to the LDAP 
> directory).
> 
> what it means is that on every login there are 2 lookups (first one using your 
> "service" DN to find the user DN, second one with your user DN to check the 
> password)
> 
> that also means that you need a password format that your LDAP can understand 
> (mostly a plaintext password, or NTLM if your mail server is a Samba domain 
> member). As long as you only offer IMAP/SSL I dont think plaintext (as in 
> "auth_mechanisms = plain") is an issue, security wise.
> 
> as far as the service account (the one that is used to look up users) goes, I 
> am using the default option (setting "dn" and "dnpass" variables), which I 
> think is a simple bind. it is possible that it only works because Samba4 and 
> dovecot run on the same machine.
> 
> Pavel Herrmann
> I will try it again. --- Mit freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delellis at delellis.net http://www.linkedin.com/in/carstenlaundelellis [1][1] Am 2013-07-01 11:24, schrieb Pavel Herrmann: Hi On Friday 28 June 2013 07:17:39 Carsten Laun-De Lellis wrote: Hi all I am trying to set up an email Server with a Samba4 AD as user Directory. Does anybody know a good how-to to setup user auth against AD ? Or could anyone tell me how to do it? I am having an email Server up and running with openldap but want to change to Samba4 AD, because of the openchange Integration. I would appreciate any help on this topic.> I have an AD/Samba4 auth for dovecot, it works the same as any LDAP would (with authenticated lookups and auth_bind) I would suggest you try it, and ask if there are any issues. Pavel Herrmann
 Links: ------ [1] http://www.linkedin.com/in/carstenlaundelellis [1] 

Links:
------
[1] http://www.linkedin.com/in/carstenlaundelellis


More information about the dovecot mailing list