[Dovecot] NTLM configuration
Hi all,
Im actually running samba 3 as a primary domain controller. The workstations of my network are all running windows (some xp, some vista) and use Outlook 2007 as a web client.
Samba is set up with the following parameters :
security = user
passdb backend = tdbsam
unix password sync = Yes
domain master = yes
domain logons = yes
Everything works fine on samba side, meaning that the machines are part of the domain, and users do authenticate correctly.
For the moment, the users are getting their mail (pop3 or imap) through dovecot (running on the same box as samba).
Dovecot is configured with mechanisms = plain.
I would like to secure it by using mechanisms = ntlm, but still using the system users.
I found much information on how to authenticate against an active directory, but nothing that allows me to keep my actual authentication against system users. Indeed, if I just change the mechanisms to ntlm, dovecot does not start anymore complaining that NTLM mechanism can't be supported with given passdbs
Any help would be much appreciated as I already tried the whole day yesterday to get it working
Best regards,
Cédric Laruelle
On 126, 05 06, 2009 at 11:18:52AM +0200, C?dric Laruelle wrote:
Hi all,
I?m actually running samba 3 as a primary domain controller. The workstations of my network are all running windows (some xp, some vista) and use Outlook 2007 as a web client.
Samba is set up with the following parameters :
security = user
passdb backend = tdbsam
unix password sync = Yes
domain master = yes
domain logons = yes
Everything works fine on samba side, meaning that the machines are part of the domain, and users do authenticate correctly.
For the moment, the users are getting their mail (pop3 or imap) through dovecot (running on the same box as samba).
Dovecot is configured with mechanisms = plain.
I would like to secure it by using mechanisms = ntlm, but still using the system users.
I found much information on how to authenticate against an active directory, but nothing that allows me to keep my actual authentication against system users. Indeed, if I just change the mechanisms to ntlm, dovecot does not start anymore complaining that ?NTLM mechanism can't be supported with given passdbs?
You can authenticate your users via Samba's winbind daemon. Read more here: http://wiki.dovecot.org/Authentication/Mechanisms/Winbind
Any help would be much appreciated as I already tried the whole day yesterday to get it working ?
Best regards,
C?dric Laruelle
Thank you for your fast answer. Actually, I already tried that yesterday, without any success. Here is the dovecot log I have if I enable winbind and ntlm mechanisms.
dovecot: May 06 14:52:37 Info: auth(default): new auth connection: pid=25828 dovecot: May 06 14:52:38 Info: auth(default): client in: AUTH 1 NTLM service=imap secured lip=192.168.0.1 rip=192.168.0.254 lport=143 rport=1084 dovecot: May 06 14:52:38 Info: auth(default): client out: CONT 1 dovecot: May 06 14:52:38 Info: auth(default): client in: CONT 1 TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw== dovecot: May 06 14:52:38 Info: auth(default): client out: CONT 1 TlRMTVNTUAACAAAADgAOADAAAAAFgomizPYc4ALWKQgAAAAAAAAAAIAAgAA+AAAAQQBMAFYAQQBS AFUATQACAA4AQQBMAFYAQQBSAFUATQABABAASQBOAFQARQBSAE4AQQBMAAQAHgBhAGkAZABlAHIA ZABvAG4AbgBlAHIALgBjAG8AbQADADAAaQBuAHQAZQByAG4AYQBsAC4AYQBpAGQAZQByAGQAbwBu AG4AZQByAC4AYwBvAG0AAAAAAA== dovecot: May 06 14:52:38 Info: auth(default): client in: CONT 1 TlRMTVNTUAADAAAAGAAYAF4AAAAYABgAdgAAAAAAAABIAAAABgAGAEgAAAAQABAATgAAAAAAAACO AAAABYKIogUBKAoAAAAPZgBmAHMAQQBMAFYAQQBSAFUATQAzABXRN5WNNwAgAAAAAAAAAAAAAAAA AAAAALm1ePVxjdOF1UPe8A/e1D6H0+jlJYQPUA== dovecot: May 06 14:52:38 Info: auth(default): winbind(?,192.168.0.254): user not authenticated: NT_STATUS_NO_LOGON_SERVERS dovecot: May 06 14:52:40 Info: auth(default): client out: FAIL 1
Thanks again in advance for any help you can provide.
Best regards,
Cédric Laruelle
-----Message d'origine----- De : dovecot-bounces+laruellec=aiderdonner.com@dovecot.org [mailto:dovecot-bounces+laruellec=aiderdonner.com@dovecot.org] De la part de Andrey Panin Envoyé : mercredi 6 mai 2009 14:38 À : C?dric Laruelle Cc : dovecot@dovecot.org Objet : Re: [Dovecot] NTLM configuration
Hi all,
I?m actually running samba 3 as a primary domain controller. The workstations of my network are all running windows (some xp, some vista) and use Outlook 2007 as a web client.
Samba is set up with the following parameters :
security = user
passdb backend = tdbsam
unix password sync = Yes
domain master = yes
domain logons = yes
Everything works fine on samba side, meaning that the machines are part of the domain, and users do authenticate correctly.
For the moment, the users are getting their mail (pop3 or imap) through dovecot (running on the same box as samba).
Dovecot is configured with mechanisms = plain.
I would like to secure it by using mechanisms = ntlm, but still using the system users.
I found much information on how to authenticate against an active
On 126, 05 06, 2009 at 11:18:52AM +0200, C?dric Laruelle wrote: directory,
but nothing that allows me to keep my actual authentication against system users. Indeed, if I just change the mechanisms to ntlm, dovecot does not start anymore complaining that ?NTLM mechanism can't be supported with given passdbs?
You can authenticate your users via Samba's winbind daemon. Read more here: http://wiki.dovecot.org/Authentication/Mechanisms/Winbind
Any help would be much appreciated as I already tried the whole day yesterday to get it working ?
Best regards,
C?dric Laruelle
participants (2)
-
Andrey Panin
-
Cédric Laruelle