Re: help with samba4 settings

23 Sep 2014 · *Problem 1:*


      Hi robert,
Have done something a little different  to integrate AD users into
dovecot. Here i use sssd  to integrate AD users into pam
and use standard dovecot pam identification. Maybe not the solution you
want ( i.e it provide full user access ...
if you want only  mail )
But sssd is simple to setup and easy to integrate into nsswitch / pam
Moreover sssd provided you with failover ( in case your ad server is not
the same as your mail server )
Maybe it could be an idea ..
Vincent ETIENNE
Le 22/09/2014 23:50, Robert Watson a écrit :
...
I'm having a great deal of difficulty with integrating dovecot 2.0.9 with a
new installation of samba4 4.1.11 and would appreciate anyones help who has
this working.
*Problem 1:*
if dn= cn=Administrator,dc=ourhome,dc=net with dnpass = *****
---------------I get NT_STATUS_LOGON_FAILURE
but dn = "Administrator@ourhome.net" with dnpass = **** works
I guess I shouldn't complain but why doesn't the first one work?
*Problem 2:*
can't seem to get a working set of
usr_attrs/user_filter,pass_attrs/pass_filter to authenticate
*dovecot-ldap.conf :*
uris = ldap://localhost:389
dn = "Administrator@ourhome.net"
dnpass = ****
tls = no
ldap_version = 3
base = cn=Users,dc=ourhome,dc=net
scope = subtree
user_filter = (&(objectClass=user)(sAMAccountName=%u))
user_attrs =
sAMAccountName=user,userPassword=password,=mail=maildir:/var/vmail/%Ld/%n,
=home=/var$
pass_filter = (&(objectClass=user)(sAMAccountName=%u))
pass_attrs = sAMAccountName=user,userPassword=password
*dovecont.message log output:*
*2014-09-22 14:44:50 auth: Debug: Loading modules from directory:
/usr/lib64/dovecot/auth*
*2014-09-22 14:44:50 auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libauthdb_ldap.so*
*2014-09-22 14:44:50 auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_mysql.so*
*2014-09-22 14:44:50 auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_pgsql.so*
*2014-09-22 14:44:50 auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so*
*2014-09-22 14:44:50 auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libmech_gssapi.so*
*2014-09-22 14:44:50 auth: Debug: auth client connected (pid=5316)*
*2014-09-22 14:45:00 auth: Debug: client in: AUTH 1 PLAIN service=imap
secured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=35148
resp=AEpvaG5Eb2UASm9obkRvZQ==*
*2014-09-22 14:45:00 auth: Debug: ldap(JohnDoe,127.0.0.1): pass search:
base=cn=Users,dc=ourhome,dc=net scope=subtree
filter=(&(objectClass=user)(sAMAccountName=JohnDoe))
fields=sAMAccountName,userPassword*
*2014-09-22 14:45:00 auth: Debug: ldap(JohnDoe,127.0.0.1): result:
sAMAccountName(user)=JohnDoe*
*2014-09-22 14:45:00 auth: Info: ldap(JohnDoe,127.0.0.1): No password
returned (and no nopassword)*
*2014-09-22 14:45:00 auth: Debug: Loading modules from directory:
/usr/lib64/dovecot/auth*
*2014-09-22 14:45:00 auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libauthdb_ldap.so*
*2014-09-22 14:45:00 auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_mysql.so*
*2014-09-22 14:45:00 auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_pgsql.so*
*2014-09-22 14:45:00 auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so*
*2014-09-22 14:45:00 auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libmech_gssapi.so*
*2014-09-22 14:45:00 auth: Debug: pam(JohnDoe,127.0.0.1): lookup
service=dovecot*
*2014-09-22 14:45:00 auth: Debug: pam(JohnDoe,127.0.0.1): #1/1 style=1
msg=Password: *
*2014-09-22 14:45:02 auth: Info: pam(JohnDoe,127.0.0.1): unknown user*
*2014-09-22 14:45:04 auth: Debug: client out: FAIL 1 user=JohnDoe*