Lars wrote: [Re Outlook handling of SPA/NTLM]
Turning on auth_debug and auth_verbose has led me to discover that MS Outlook uses the users full name as login, instead of whatever is entered in the account-information - if the user "John Doe" has the login "jd@domain.com", Outlook sends "John Doe" instead. This of course fails. Strangely enough, if I turn off "Use Secure Authentication" from within Outlook, the login-name from the account- information is used as it should be.
Not a solution I'm afraid, but just to let you know that I've been experimenting with NTLM (actually with Exim for authenticated SMTP) for a while with a few users and had the same problems - different versions of Outlook behave slightly differently, but none (that I've found) seem to work properly. Usually Outlook sends the users Windows Logon username and password (which is often their name, but often something else too like 'Administrator') initially, and sometimes then retries automatically with the correct details.
Things never seem to be that consistent though, except that they're consistently bad. Frustratingly, the only option I have is to tell users that have problems to use Thunderbird or something else and use cram-md5 instead.
As far as Outlook goes I think Microsoft seem to only bother testing NTLM running with MS Exchange on a local network... v.annoying!
(Sorry not that helpful a post)
Adrian