Active Directory uses kerberos protocol for authentication, so you need pam_krb5 module to authenticate. I don't know if it is possible to authenticate in A.D. without Kerberos.
In the configuration I proposed to you, A.D. is required only for
authentication, the accounting information (uid, gid) is static (vmail
Linux user), the home dir. is determined by template (example:
/home/vmail/mailboxes/
I heard that exists a Microsoft extension to A.D. LDAP schema to add Unix accounting info, but I never used it.
So I don't know if you *must* use pam+kerberos, but I suggest that you *should* try it, leaving out dovecot-ldap.conf.
Cheers
--
Ing. PAOLO BASENGHI :::: Systems & Networking Engineer p.basenghi@netribe.it ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ NETRIBE srl :: Collaborative E-Business 42100 :: Reggio Emilia :: Italy :: Via della Costituzione, 27/4 ph. +39 0522 232378 :: fax +39 0522 232386 :: http://www.netribe.it ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Le informazioni contenute in questa comunicazione sono riservate e destinate esclusivamente alla/e persona/e o all'ente sopra indicati. È vietato ai soggetti diversi dai destinatari qualsiasi uso, copia, diffusione di quanto in esso contenuto sia ai sensi dell'art. 616 c.p., sia ai sensi della legge 196/2003. Se questa comunicazione vi è pervenuta per errore, vi preghiamo di rispondere a questa mail e successivamente cancellarla dal vostro sistema. ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Askar wrote:
Hi Paolo,
Thank you for you quick reply, atm i'm trying with postfix +dovecot +ad with no luck. Yes i'm using the virtual user for postfix vmail:vmail. however I'm getting authentication errors. I duno If PAM is *must* in my case (i'm not using pam right now). when I tries to connect with mail client "thunderbird" I also get login failure. Here is the portion from dove-ldap.conf ....
hosts = xxx.abc.edu.pk (domain name crypted(changed) for security reason) :P dn = cn=abc,cn=Users,dc=abc,dc=edu,dc=pk
dnpass = xxxx
ldap_version = 3
base = dc=abc,dc=edu,dc=pk
deref = never
scope = subtree #user_attrs = uid,,,,, (i'm trying with different settings for user_attrs here) #user_attrs = uid,homeDirectory,,uid,, #user_filter = (&(objectClass=posixAccount)(uid=%u)) user_filter = (sAMAccountName=%u) #user_filter = (&(objectClass=sAMACcountName)(cn=%u)) # Password checking attributes in order: # Virtual user name (user@domain) # Password, may optionally start with {type}, eg. {crypt} pass_attrs = uid,userPassword
# Filter for password lookups #pass_filter = (&(objectClass=posixAccount)(uid=%u)) pass_filter = (sAMAccountName=%u) #user_filter = (&(objectClass=sAMACcountName)(cn=%u))
# Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, CRYPT default_pass_scheme = PLAIN user_global_uid = 1009 user_global_gid = 1003
I can see that I can't get any error while starting dovecot, however while trying to login via mail client it fails to authenticate.
Note: is PAM is *MUST* for postfix + dovecot + Active directory ?
Thanks and regards
Askar