Re: [Dovecot] NTLM authentication from Outlook
Greetings, everyone
I'm sorry, but I seem to have made a mistake regarding the
passwordstring from Outlook – seems like the string I looked at was
from MS Entourage... (that's what you get from trying to debug
something when you're too tired to think straight).
I've now enabled debugging again, and have tried logging in from
Outlook with ntlm-authentication. The log-entries are as follows:
Nov 16 23:29:09 SD-Server dovecot: auth(default): client in: AUTH 1 NTLM service=IMAP lip=192.168.2.2 rip=192.168.2.13 Nov 16 23:29:09 SD-Server dovecot: auth(default): client out: CONT 1 Nov 16 23:29:09 SD-Server dovecot: auth(default): client in: CONT 1 TlRM7IIog0ADQAuAAAFASgKAAAAD0AABgATVNTUAABYUEFSQkVKRFNHUlVQUAAAABGACgAAA lNQUNEU= Nov 16 23:29:09 SD-Server dovecot: auth(default): client out: CONT 1 TlRMTVNAAAAFAHgAeAAAAAAAADAA +H1XooTUAACAAAAyZ9yMNkAAdgBlAHIALgBsAG8AACYAJgBOAAAAUwBEAC0AUwBlAHIAYwBh AGwAAwAeAFMAyAC4AbABvsAAAAAGMAYRAAtAFMAZQByAHYAZQBQBAAA= Nov 16 23:29:09 SD-Server dovecot: auth(default): client in: CONT 1 TlRMAYAHwAAAAYABgAlAAAAAwADTVNTUAFQAAAAMAAAAAAAAEAH3ZyprYRPWIAAAAAAcgBkA EkATQBBAEMAWABQAAAAACsAAADAAAAGAABIAqMx1XpiwbAAAHAAcwAcABQNAEEAQwBYAFAAT ABpAHMAYQAgAFMAawBvAHYAZwBhAGAAAAAKIAgUBKAoAAAAPSQBAAAAAAAAAAAJILBz4x4RA Ixsp2rhFi8VB6g== Nov 16 23:29:09 SD-Server dovecot: auth(default): ntlm(?, 192.168.2.13): Username contains disallowed characters Nov 16 23:29:10 SD-Server dovecot: auth(default): client out: FAIL 1
The same account logs in without problems if I use a plaintext
password (SSL-encrypted, since plaintext-login is disabled).
in dovecot.conf I have the following:
auth default { mechanisms = plain digest-md5 cram-md5 ntlm rpa }
The authentication is done against a mysql-db, which until now has
worked with every client I've tested (except Outlook).
I have set up postfix to use dovecot-sasl, and use the same userdb
for smtp-authentication. Strangely enough the exact same data is
accepted when using ntml-authentication with smtp, though a warning
is added to my logs. This is an example of a log-entry from an
Outlook-user sending a mail:
Nov 14 16:40:49 SD-Server postfix/smtpd[8354]: connect from unknown
[hid.den.ip.adr]
Nov 14 16:40:49 SD-Server dovecot: auth-worker(default): mysql:
Connected to localhost (dovecot_auth)
Nov 14 16:40:51 SD-Server postfix/smtpd[8354]: warning: unknown
[hid.den.ip.adr]: SASL NTLM authentication failed:
TlRMTVNTUAACAAMAZYAAQByAHAFAooAOINYZ//
+97QAAAAAAAAUwBEAC0AUwBlAHIAdgBlAHIALgBsAG8AYwBhAGwAAwAeAFMARAAtAFAbABvA
GMAYAAAAHgAeADAQAAAAAACYAJgBOBZQByAC4sAAAAAAA=
Nov 14 16:40:51 SD-Server postfix/smtpd[8354]: AC6402D668E:
client=unknown[hid.den.ip.adr], sasl_method=NTLM,
sasl_username=user@domain.dk
Nov 14 16:40:51 SD-Server postfix/cleanup[8358]: AC6402D668E: message-
id=<006a01c70803$4dcd1b00$0200a8c0@acerce5220052b>
Nov 14 16:41:13 SD-Server postfix/qmgr[8494]: AC6402D668E:
from=<user@domain.dk>, size=819330, nrcpt=1 (queue active)
Nov 14 16:41:16 SD-Server postfix/smtpd[8354]: disconnect from unknown
[hid.den.ip.adr]
Nov 14 16:41:29 SD-Server postfix/smtp[8361]: AC6402D668E:
to=<user@otherdomain.dk>, relay=smtp.domain.dk[hid.den.ip.adr]:25,
delay=37, delays=22/0.08/0.06/15, dsn=2.0.0, status=sent (250
156794624 mailfe12 Message accepted for delivery)
Nov 14 16:41:29 SD-Server postfix/qmgr[8494]: AC6402D668E: removed
The same warning is issued from postfix when a user sends mail from
Outlook Express, but not when the same user sends from Thunderbird or
Mail.app. In fact, I've only seen these problems when the users are
using MS products. I really hope someone can shed some light on what
is going on.
Best regards Lars
On Fri, 2006-11-17 at 00:15 +0100, Lars Skovgaard wrote:
Nov 16 23:29:09 SD-Server dovecot: auth(default): ntlm(?, 192.168.2.13): Username contains disallowed characters
This means that the client sent some character which wasn't in auth_username_chars list. Unfortunately Dovecot doesn't show what the username is in that case, but I fixed that now in CVS:
http://dovecot.org/list/dovecot-cvs/2006-November/006907.html
participants (2)
-
Lars Skovgaard
-
Timo Sirainen