2.2.15: /usr/local/etc/dovecot/dovecot.conf

3 Dec 2017


      Yes, you are right. This link: https://www.redips.net/linux/android-email-postfix-auth/#section2
shows:
passdb pam {
}
used for authenticating Android.  Problem #1 is that Slackware does not ship with PAM and the
AD/DC Samba4 does not use it. It is used on Slackware for a domain member, but I'm not sure I
should try configuring PAM on the AD/DC.
Is there some otherway I can get authentication using domain credentials besides pam? the phone
can send user and password.
--Mark
-----Original Message-----
...
Date: Sun, 03 Dec 2017 15:22:56 +0200
Subject: Re: Howto authenticate smartPhone via Active Directory
From: Aki Tuomi <aki.tuomi@dovecot.fi>
To: Mark Foley <mfoley@ohprs.org>, dovecot@dovecot.org
Actually you are authenticating gssapi clients from ad and everyone else from shadow. maybe you need to configure pam module?
---Aki TuomiDovecot oy
-------- Original message --------
From: Mark Foley <mfoley@ohprs.org>
Date: 03/12/2017  06:03  (GMT+02:00)
To: dovecot@dovecot.org
Subject: Howto authenticate smartPhone via Active Directory
...
I have a Samba4 Active Directory server. Dovecot authenticates AD Users with domain credentials
using GSSAPI (Thunderbird client). I believe I have Dovecot set to attempt authentication via
shadow first and. failing that, it does authenticate via GSSAPI.
Smartphones connect to Dovecot via port 143 and SSL.  They are not domain members so if the
shadow authentication fails, no other methods are tried and no connection is made.
What can I do with my dovecot config to fix this?
...
doveconf -n
2.2.15: /usr/local/etc/dovecot/dovecot.conf
OS: Linux 4.4.88 x86_64 Slackware 14.2
auth_debug = yes
auth_debug_passwords = yes
auth_gssapi_hostname = $ALL
auth_krb5_keytab = /etc/dovecot/dovecot.keytab
auth_mechanisms = plain login gssapi
auth_use_winbind = yes
auth_username_format = %n
auth_verbose = yes
auth_verbose_passwords = plain
disable_plaintext_auth = no
info_log_path = /var/log/dovecot_info
mail_location = maildir:~/Maildir
passdb {
driver = shadow
}
protocols = imap
ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/2016-08-10/54e789087d419b6e.crt
ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key
userdb {
driver = passwd
}
verbose_ssl = yes
Thanks, Mark

Re: Howto authenticate smartPhone via Active Directory

Mark Foley

2.2.15: /usr/local/etc/dovecot/dovecot.conf

OS: Linux 4.4.88 x86_64 Slackware 14.2

tags

participants (1)