Paolo Basenghi wrote:
Active Directory uses kerberos protocol for authentication, so you need pam_krb5 module to authenticate. I don't know if it is possible to authenticate in A.D. without Kerberos.
In the configuration I proposed to you, A.D. is required only for authentication, the accounting information (uid, gid) is static (vmail Linux user), the home dir. is determined by template (example: /home/vmail/mailboxes/
). In other words, my config. works well if you can utilize virtual mailboxes *AND* each mailbox dir. name equals to A.D. username. I heard that exists a Microsoft extension to A.D. LDAP schema to add Unix accounting info, but I never used it.
So I don't know if you *must* use pam+kerberos, but I suggest that you *should* try it, leaving out dovecot-ldap.conf.
Cheers
hi Paolo,
thanks for you reply, heh i'm trying with krb5 + pam from last 4 hours without any access when i treid to connect through mail client thunderbird i got this error....
dovecot-auth: PAM: pam_authenticate(abc) failed: unknown user user (abc) do exist in AD :(
even when i tried to confirm kinit abc@abc.com (my domain)
i got ........ kinit: krb5_get_init_creds: unable to reach any KDC in realm mail.xxxxxxxxxxx
Thanks and regards
Askar