On Sat, Feb 05, 2011 at 08:39:37PM -0700, Trever L. Adams wrote:
Set these things in the config
auth_use_winbind = yes
mechanisms = plain gssapi gss-spnego login ntlm
Ok, I do this step differently as I use gssapi directly and not with winbind.
This is also what this does. auth_use_winbind only affects gss-spnego and ntlm which call out to the ntlm_auth helper to make it go. IMHO, if you have AD you should set this up too.
I use postfix instead of exim. How do you know what user is valid and what isn't in exim. I don't see any LDAP. I use LDAP (both postfix and dovecot deliver... I have to use LDAP for the aliases to be setup the way they have been requested). I also don't see any mention of any other user database.
In my simple world everything rides on nss_winbind and winbindd. These instructions are just how to setup kerberos for authentication not the much sticker authorization..
Jason