Love your "ASCII Ribbon Campaign" signature! I still use mailx myself.
I'll have to check out that "access denied" message for the email to mfoley@ohprs.org. I haven't seen that before. FreeBSD.org is not blocked in my access.db. Hmmm ...
Anyway, yes, I've been through those instructions over and over and they certainly do "suggest" it should work, but I haven't yet found anyone that has actually got it working. I assume you have not either, right?
The platform these instructions are targeted to are not quite my setup as the Dovecot host is also the AD/DC using Samba4, so the DC/join instructions don't apply, nor does the Kerberos: "Please note that you do not need to install or configure any other Kerberos KDC for Samba to work. Samba includes a AD-compatible KDC, currently based on an included copy of the Heimdal project."
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Contr...
Also, the instruction in the link you reference must be a bit out of date because the suggested userdb:
userdb static { args= uid=501 gid=501 home=/home/vmail/%1Ln/%Ln mail=maildir:/home/vmail/%d/%1Ln/%Ln:INBOX=/home/vmail/%d/%1Ln/%Ln allow_all_users=yes }
gives an error with my dovecot 2.2.15. The word "static" has to go inside the curly-braces as "driver static" and the "allow_all_users" has to be added to the 'args' string. Otherwise, Dovecot won't run the config as shown in the link.
Otherwise and with the above changes to the userdb, I believe I've followed all applicable instructions in that link. The error I get with my config in the Dovecot log is:
Sep 13 00:53:12 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Sep 13 00:53:12 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=192.168.0.58, lip=98.102.63.107, session=<2PnkuZkfqADAqAA6>
Any idea what would generate this message?
--Mark
-----Original Message-----
Subject: Re: How to "Windows Authenticate" From: Remko Lodder <remko@FreeBSD.org> Date: Wed, 16 Sep 2015 19:38:08 +0200 To: Mark Foley <mfoley@ohprs.org> Cc: dovecot@dovecot.org
On 16 Sep 2015, at 19:10, Mark Foley <mfoley@ohprs.org> wrote:
Does the Dovecot NTLM mechanism work with MS Outlook?
[ ] YES [ ] NO
Please check one ... anybody.
???Mark
The URL on the wiki, which had probably been shared before with you;
http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm
suggests it does.
The URL quotes:
Step 5. Passwordless authentication
If you have logged on from Windows to the AD domain, try leaving the password field, on the account, on the MUA, blank. The username / password, from the initial logon to the Windows machine, are seamlessly picked up and supplied to the challenge-response process between the MUA, Dovecot and AD. Employing this way of authentication we achieve single sign-on and we don't need to maintain MUA local passwords.
Did you follow the suggestions that are on that page? (all of them).
Thank you, Remko
-- /"\ Best regards, | remko@FreeBSD.org \ / Remko Lodder | remko@EFnet X http://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News