Does the Dovecot NTLM mechanism work with MS Outlook?
[ ] YES [ ] NO
Please check one ... anybody.
--Mark
-----Original Message----- From: Mark Foley <mfoley@ohprs.org> Date: Sun, 13 Sep 2015 01:10:57 -0400 To: dovecot@dovecot.org Subject: Re: How to "Windows Authenticate"
I am running Dovecot 2.2.15 on Linux Slackware 14.1 and Samba 4.1.17 as the Active Directory/Domain Controller on the same host as Dovecot. Sendmail/procmail delivers mail to users' $HOME/Maildir. MS Outlook/IMAP is the client MTU used to connect with Dovecot to read mail on the Users' WIN7 workstations.
I believe I have confirmed that MS Outlook will either ...
- send the userid and password configured in the Outlook settings to Dovecot for authorizing. This mechanism has been working fine for months.
or ...
- Use NTML authorization if "Require login using Secure Password Authentication (SPA)" is checked: https://en.wikipedia.org/wiki/Secure_Password_Authentication
Those, I believe, are the only two choices with Outlook (other than Exchange). Therefore, in order not to configure a Domain-distinct password in Outlook, I need to use the NTLM auth_mechanism for AD "Windows Authentication" with Dovecot. I've tried the settings below (just trying one user at the moment):
$ doveconf -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.10.17 x86_64 Slackware 14.1 auth_debug_passwords = yes auth_mechanisms = plain ntlm auth_use_winbind = yes auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir protocols = imap ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key userdb { args = uid=3000026 gid=100 home=/home/HPRS/mark allow_all_users=yes driver = static } verbose_ssl = yes
Dovecot log results after setting my Outlook to SPA and clicking the 'Test Account Settings' give me:
Sep 13 00:53:12 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Sep 13 00:53:12 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=192.168.0.58, lip=98.102.63.107, session=<2PnkuZkfqADAqAA6>
Can someone tell me what this means and how to fix it?
Note that I have read http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm over and over, so simply referring me to that link will not help.
Thanks, Mark