-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, 2 Dec 2017, Mark Foley wrote:
I have a Samba4 Active Directory server. Dovecot authenticates AD Users with domain credentials using GSSAPI (Thunderbird client). I believe I have Dovecot set to attempt authentication via ^^^^^^^^^^ ???? shadow first and. failing that, it does authenticate via GSSAPI.
Smartphones connect to Dovecot via port 143 and SSL. They are not domain members so if the shadow authentication fails, no other methods are tried and no connection is made.
What can I do with my dovecot config to fix this?
If you are asking about how to auth against AD with plain credentials, see https://wiki2.dovecot.org/AuthDatabase/LDAP
You can add another passdb {} . However, this enables any client to use plain credentials, incl. Thunderbird.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWi4pxMQnQQNheMxiAQJeKQf/UmSsc1YRSgPAJKEjB12lJCpCX2oj8Wfd qV9by9tyU942gNsAArBzMaSxgRWYb8yr6lmuPer0/HZJCQyExchjGgzc/HDeMJPU uxt0dOVvY4SXmfwv+phwlDO3UvDt5sagLNNx54v8nal+OIxAZ+juAxs/NiNPTlt+ 78R7TGaRj6Fxoyc/Ssf1CbCVr2ECK6m1YtJ+Jpe6Zi5FPMndx9rwWj/MMp5CW93/ UDUMM2wWoYBavzBXIEVb8Xi9n7PYJH8kdA4YILQdNrYTQR5k6XDLsKH9UYc/n216 CjktUGSC75E3zUk8a665gDJ+D/CjPfJSz/DICgkIeGAzweUfvVZk3Q== =L5oG -----END PGP SIGNATURE-----