Yes, you are right. This link: https://www.redips.net/linux/android-email-postfix-auth/#section2 shows:
passdb pam { }
used for authenticating Android. Problem #1 is that Slackware does not ship with PAM and the AD/DC Samba4 does not use it. It is used on Slackware for a domain member, but I'm not sure I should try configuring PAM on the AD/DC.
Is there some otherway I can get authentication using domain credentials besides pam? the phone can send user and password.
--Mark
-----Original Message-----
Date: Sun, 03 Dec 2017 15:22:56 +0200 Subject: Re: Howto authenticate smartPhone via Active Directory From: Aki Tuomi aki.tuomi@dovecot.fi To: Mark Foley mfoley@ohprs.org, dovecot@dovecot.org
Actually you are authenticating gssapi clients from ad and everyone else from shadow. maybe you need to configure pam module? ---Aki TuomiDovecot oy
-------- Original message -------- From: Mark Foley mfoley@ohprs.org Date: 03/12/2017 06:03 (GMT+02:00) To: dovecot@dovecot.org Subject: Howto authenticate smartPhone via Active Directory
I have a Samba4 Active Directory server. Dovecot authenticates AD Users with domain credentials using GSSAPI (Thunderbird client). I believe I have Dovecot set to attempt authentication via shadow first and. failing that, it does authenticate via GSSAPI.
Smartphones connect to Dovecot via port 143 and SSL. They are not domain members so if the shadow authentication fails, no other methods are tried and no connection is made.
What can I do with my dovecot config to fix this?
doveconf -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 4.4.88 x86_64 Slackware 14.2 auth_debug = yes auth_debug_passwords = yes auth_gssapi_hostname = $ALL auth_krb5_keytab = /etc/dovecot/dovecot.keytab auth_mechanisms = plain login gssapi auth_use_winbind = yes auth_username_format = %n auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } protocols = imap ssl_cert =
Thanks, Mark