[Dovecot] Authentication with AD and quick mbox question
Hi,
I'm attempting to implement Dovecot 2.1.3 built on a FreeBSD 8.2 64 bit system from ports.
I had the servicve up and running on a local vbox demo which did a very simple Maildir format sytem which was situated in ~/Maildir.
I would now like to expand the system and tie it to a Windows domain. What is the best way to go about doing this?
Can Dovecot be directly tied in or do I need to tie the server in to the domain?
This is my current dovecot.conf file - which of course I will tweak but as I am currently in the stage of building this is what I have so far:
protocols = imap
# It's nice to have separate log files for Dovecot. You could do this # by changing syslog configuration also, but this is easier. log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot-info.log
# Disable SSL for now. ssl = no disable_plaintext_auth = no
# We're using Maildir format #mail_location = maildir:~/Maildir mail_location = mbox:/mail:INBOX=/mail/%u
# If you're using POP3, you'll need this: #pop3_uidl_format = %g
# Authentication configuration: auth_verbose = yes auth_mechanisms = plain passdb { driver = passwd-file args = /usr/local/etc/dovecot/passwd } userdb { # driver = static # args = uid=root gid=root home=/root/ driver = static args = uid=500 gid=500 home=/ZPOOL_1/%u }
Is this correct to use mbox++ format and store under /mail/%u ??
Can anybody give me some advice?
Regards,
Kaya
On Tue, May 15, 2012 at 12:31 PM, Kaya Saman kayasaman@gmail.com wrote:
Hi,
I'm attempting to implement Dovecot 2.1.3 built on a FreeBSD 8.2 64 bit system from ports.
I had the servicve up and running on a local vbox demo which did a very simple Maildir format sytem which was situated in ~/Maildir.
I would now like to expand the system and tie it to a Windows domain. What is the best way to go about doing this?
Can Dovecot be directly tied in or do I need to tie the server in to the domain?
[...]
I managed to find this on the wiki:
http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm
and followed it - though I don't think it's for Dovecot2 even though it's on the portion of the Wiki for Dovecot v2..... lot's of references to Dovecot v1 are mentioned and additionally some of the syntax is not the same as Dovecot v2.
The Kerberos portion is up and running and tested! I'm using Kerberos Heimdal instead of Kerberos5
This is what I've managed to hack together currently:
dovecot.conf:
# v1.1: auth_ntlm_use_winbind = yes # v1.2+: auth_use_winbind = yes
auth_winbind_helper_path = /usr/bin/ntlm_auth protocols = imap imaps
#protocols = imap
# It's nice to have separate log files for Dovecot. You could do this # by changing syslog configuration also, but this is easier. log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot-info.log
# Disable SSL for now. ssl = no disable_plaintext_auth = no
# We're using Maildir format #mail_location = maildir:~/Maildir mail_location = mbox:/mail:INBOX=/mail/%u
# If you're using POP3, you'll need this: #pop3_uidl_format = %g
# Authentication configuration: auth_verbose = yes auth_username_format = %Lu #auth_mechanisms = plain auth_mechanisms = plain ntlm login #passdb { # driver = passwd-file # args = /usr/local/etc/dovecot/passwd #} #userdb { # driver = static # args = uid=root gid=root home=/root/ # driver = static # args = uid=500 gid=500 home=/ZPOOL_1/%u #}
userdb static { args= uid=501 gid=501 home=/mail/%1Ln/%Ln mail=maildir:/mail/%d/%1Ln/%Ln:INBOX=/mail/%d/%1Ln/%Ln allow_all_users=yes }
If I try to start the dovecot service I get this error:
/usr/local/etc/rc.d/dovecot restart doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/dovecot.conf line 2: Unknown setting: auth_ntlm_use_winbind dovecot not running? (check /master.pid). doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/dovecot.conf line 2: Unknown setting: auth_ntlm_use_winbind usage: install [-bCcpSsv] [-B suffix] [-f flags] [-g group] [-m mode] [-o owner] file1 file2 install [-bCcpSsv] [-B suffix] [-f flags] [-g group] [-m mode] [-o owner] file1 ... fileN directory install -d [-v] [-g group] [-m mode] [-o owner] directory ... /usr/local/etc/rc.d/dovecot: WARNING: failed precmd routine for dovecot
Why doesn't Dovecot know about the auth_ntlm_use_winbind string?
Even from this link: http://wiki2.dovecot.org/Authentication/Mechanisms/Winbind
it shows that the string should work for version 2.....
Can anybody help?
Regards,
Kaya
On Wed, 2012-05-16 at 09:32 +0100, Kaya Saman wrote:
I managed to find this on the wiki:
http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm
and followed it - though I don't think it's for Dovecot2 even though it's on the portion of the Wiki for Dovecot v2..... lot's of references to Dovecot v1 are mentioned and additionally some of the syntax is not the same as Dovecot v2.
wiki2 was originally a copy of wiki1, and I haven't updated the HowTos for v2.x. Feel free to update it yourself. :)
Why doesn't Dovecot know about the auth_ntlm_use_winbind string?
Even from this link: http://wiki2.dovecot.org/Authentication/Mechanisms/Winbind
it shows that the string should work for version 2.....
auth_use_winbind=yes is for v2 (and v1.2). auth_ntlm_use_winbind is only for v1.1.
participants (2)
-
Kaya Saman
-
Timo Sirainen