Hi all,
I’m having issues getting Dovecot to work with AD on 2012 R2 in a test environment.
Background:
AD is running on dc1.ad.automaton.uk<http://dc1.ad.automaton.uk>, the domain is ad.automaton.uk<http://ad.automaton.uk>. The DNS server is running on ad.automaton.uk<http://ad.automaton.uk> and the automaton.uk<http://automaton.uk> DNS is set up correctly in the test environment in that everything resolves to the correct IP address and I can authenticate with whichever LDAP clients (ldapsearch, ApacheDS, sssd). It refuses to bind on Dovecot for some reason.
aaron@mail:/var/log$ uname -a Linux mail.ad.automaton.uk 3.16.0-23-generic #31-Ubuntu SMP Tue Oct 21 17:56:17 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux aaron@mail:/var/log$ dovecot --version 2.2.9 aaron@mail:/var/log$ dpkg -l | grep dovecot ii dovecot-core 1:2.2.9-1ubuntu5 amd64 secure POP3/IMAP server - core files ii dovecot-gssapi 1:2.2.9-1ubuntu5 amd64 secure POP3/IMAP server - GSSAPI support ii dovecot-imapd 1:2.2.9-1ubuntu5 amd64 secure POP3/IMAP server - IMAP daemon ii dovecot-ldap 1:2.2.9-1ubuntu5 amd64 secure POP3/IMAP server - LDAP support aaron@mail:/var/log/$ cat dovecot-debug.log … Nov 19 09:22:23 auth: Debug: auth client connected (pid=10345) Nov 19 09:22:23 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 Nov 19 09:22:23 auth: Debug: client passdb out: CONT 1 Nov 19 09:22:23 auth: Debug: client in: CONT 1 (previous base64 data may contain sensitive data) Nov 19 09:22:29 auth: Debug: client passdb out: FAIL 1 user=aaron.jenkins temp Nov 19 09:22:29 auth: Debug: client in: AUTH 2 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 resp= (previous base64 data may contain sensitive data) Nov 19 09:22:39 auth: Debug: client passdb out: FAIL 2 user=aaron.jenkins temp Nov 19 09:22:40 auth: Debug: client in: AUTH 3 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 Nov 19 09:22:44 auth: Debug: client passdb out: CONT 3 Nov 19 09:22:44 auth: Debug: client in: CONT 3 (previous base64 data may contain sensitive data) Nov 19 09:22:50 auth: Debug: client passdb out: FAIL 3 user=aaron.jenkins temp Nov 19 09:22:50 auth: Debug: client in: AUTH 4 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 resp= (previous base64 data may contain sensitive data) Nov 19 09:22:56 auth: Debug: client passdb out: FAIL 4 user=aaron.jenkins temp
(I’ve removed the base64 as it might contain passwords I actually use, if it’s important I’ll re-run it with a different password unredacted)
Do you guys have any ideas on how to get it working with 2012 R2? I know the LDAP is quite funky but I suspect that’s why it doesn’t work. Also, attached is my sssd config as it’s working fine in case it might provide any insights.