I've switched a user to being an active directory user. That user's email client authorizes just fine with dovecot using GSSAPI. However, now his iPhone won't authorize. In the dovecot log file I get:
Dec 01 14:27:28 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=q4n3W0xfggBiZj9s lip=98.102.63.107 rip=98.102.63.108 lport=993 rport=49538 resp=AG1wcmVzcwBEaW5va3JvbndhbGw0NQ== (previous base64 data may contain sensitive data) Dec 01 14:27:32 auth-worker(5988): Debug: shadow(mpress,98.102.xx.yyy): lookup Dec 01 14:27:32 auth-worker(5988): Info: shadow(mpress,98.102.xx.yyy): unknown user (given password: *******) Dec 01 14:27:34 auth: Debug: client passdb out: FAIL 1 user=mpress Dec 01 14:27:34 imap-login: Info: Aborted login (auth failed, 1 attempts in 6 secs): user=<mpress>, method=PLAIN, rip=98.102.xx.yyy, lip=98.102.63.107, TLS, session=<q4n3W0xfggBiZj9s> Dec 01 14:27:34 imap-login: Debug: SSL alert: close notify [98.102.xx.yyy]
This same user will authenticate OK from his local domain workstation:
Dec 01 14:28:52 auth: Debug: master userdb out: USER 1948516353 mpress system_groups_user=HPRS\mpress uid=10005gid=10000 home=/home/HPRS/mpress auth_token=ce3050035718ed0996af698400c4de1be453ec06 auth_user=mpress@HPRS.LOCAL Dec 01 14:28:52 imap-login: Info: Login: user=<mpress>, method=GSSAPI, rip=192.168.0.54, lip=192.168.0.2, mpid=9755, TLS, session=<6MT1YExftwDAqAA2>
I'm pretty sure the reason has to do with Active Directory authenication locally, but of course his iPhone is not a member of the domain, and he is no longer in /etc/passwd/shadow.
So, what is the best way to get the iPhone to authenticate?
Here's my current config:
doveconf -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 4.4.88 x86_64 Slackware 14.2 auth_debug = yes auth_debug_passwords = yes auth_gssapi_hostname = $ALL auth_krb5_keytab = /etc/dovecot/dovecot.keytab auth_mechanisms = plain login gssapi auth_use_winbind = yes auth_username_format = %n auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } protocols = imap ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/2016-08-10/54e789087d419b6e.crt ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key userdb { driver = passwd } verbose_ssl = yes
Thanks, --Mark