How to "Windows Authenticate"
Mark Foley
mfoley at ohprs.org
Sun Sep 13 05:10:57 UTC 2015
I am running Dovecot 2.2.15 on Linux Slackware 14.1 and Samba 4.1.17 as the
Active Directory/Domain Controller on the same host as Dovecot.
Sendmail/procmail delivers mail to users' $HOME/Maildir. MS Outlook/IMAP is the
client MTU used to connect with Dovecot to read mail on the Users' WIN7
workstations.
I believe I have confirmed that MS Outlook will either ...
1) send the userid and password configured in the Outlook settings to Dovecot
for authorizing. This mechanism has been working fine for months.
or ...
2) Use NTML authorization if "Require login using Secure Password Authentication
(SPA)" is checked: https://en.wikipedia.org/wiki/Secure_Password_Authentication
Those, I believe, are the only two choices with Outlook (other than Exchange).
Therefore, in order not to configure a Domain-distinct password in Outlook, I
need to use the NTLM auth_mechanism for AD "Windows Authentication" with
Dovecot. I've tried the settings below (just trying one user at the moment):
$ doveconf -n
# 2.2.15: /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 3.10.17 x86_64 Slackware 14.1
auth_debug_passwords = yes
auth_mechanisms = plain ntlm
auth_use_winbind = yes
auth_verbose = yes
auth_verbose_passwords = plain
disable_plaintext_auth = no
info_log_path = /var/log/dovecot_info
mail_location = maildir:~/Maildir
protocols = imap
ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt
ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key
userdb {
args = uid=3000026 gid=100 home=/home/HPRS/mark allow_all_users=yes
driver = static
}
verbose_ssl = yes
Dovecot log results after setting my Outlook to SPA and clicking the 'Test
Account Settings' give me:
Sep 13 00:53:12 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth
Sep 13 00:53:12 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=192.168.0.58, lip=98.102.63.107, session=<2PnkuZkfqADAqAA6>
Can someone tell me what this means and how to fix it?
Note that I have read http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm over and
over, so simply referring me to that link will not help.
Thanks, Mark
More information about the dovecot
mailing list