Hi Pavel
Thankx for your explanations.
Also in my scenario Samba, Postfix and Dovecot are running on the same machine. I will try your config and then see if it works.
But again kind regards and thankx to you and all others who came back to me with suggestions how to find the right config.
Mit freundlichem Gruß
Carsten Laun-De Lellis
Hauptstrasse 13 D-67705 Trippstadt
Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delellis@delellis.net
http://www.linkedin.com/in/carstenlaundelellis [1]
Am 2013-07-01 13:05, schrieb Pavel Herrmann:
Hi
On Monday 01 July 2013 12:36:39 Carsten Laun-De Lellis wrote:
Hi Pavel Thankx for your reply. When you were setting up your ldap query what kind of password crypto did you specify plain ntlm gssapi or anything else? The password field in your query is userPassword or am I wrong here?
the password field is hidden (only the user can see it) by default, and not stored as a unix-friendly value (anything a crypt() would understand) what I use is auth_bind (which uses user-supplied password to bind to the LDAP directory).
what it means is that on every login there are 2 lookups (first one using your "service" DN to find the user DN, second one with your user DN to check the password)
that also means that you need a password format that your LDAP can understand (mostly a plaintext password, or NTLM if your mail server is a Samba domain member). As long as you only offer IMAP/SSL I dont think plaintext (as in "auth_mechanisms = plain") is an issue, security wise.
as far as the service account (the one that is used to look up users) goes, I am using the default option (setting "dn" and "dnpass" variables), which I think is a simple bind. it is possible that it only works because Samba4 and dovecot run on the same machine.
Pavel Herrmann I will try it again. --- Mit freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delellis@delellis.net http://www.linkedin.com/in/carstenlaundelellis [1][1] Am 2013-07-01 11:24, schrieb Pavel Herrmann: Hi On Friday 28 June 2013 07:17:39 Carsten Laun-De Lellis wrote: Hi all I am trying to set up an email Server with a Samba4 AD as user Directory. Does anybody know a good how-to to setup user auth against AD ? Or could anyone tell me how to do it? I am having an email Server up and running with openldap but want to change to Samba4 AD, because of the openchange Integration. I would appreciate any help on this topic.> I have an AD/Samba4 auth for dovecot, it works the same as any LDAP would (with authenticated lookups and auth_bind) I would suggest you try it, and ask if there are any issues. Pavel Herrmann Links: ------ [1] http://www.linkedin.com/in/carstenlaundelellis [1]