[Dovecot] dovecot + postfix + active directory

Paolo Basenghi P.Basenghi at netribe.it
Mon Apr 11 12:44:12 EEST 2005


I don't know if there are any howto in the net, but I had it configured 
and working, so I will give you some little tips.

I tested this configuration on Fedora Core 3 and SuSE Prof. 9.2, with 
dovecot 0.99

- Create a Linux user named "vmail" or similar (all virtual mailboxes 
will be in a dir. under this user's home or under a directory owned by 
this user).

- Postfix side: you must use virtual mailbox delivery (one Linux user 
"vmail", multiple virtual mailboxes), see the Postfix distribution 
readme files (README_VIRTUAL if I remember well).

- Dovecot side: use pam as password database and use static as user 
database (with same uid and gid as Postfix virtual mailbox user).

- Pam side: in /etc/pam.d add/modify a "dovecot" file containing:

auth      required  pam_krb5.so no_user_check
account      required  pam_permit.so


- Last: you must verify that you have installed Kerberos 5 clients and 
libraries, then edit your /etc/krb5.conf like this (CASE SENSITIVE!):

[libdefaults]
 clockskew = 300
 default_realm = YOUR.AD.DOMAIN
# default_etypes = des-cbc-crc
#       default_etypes_des = des-cbc-crc
# dns_lookup_realm = false
# dns_lookup_kdc = false

[realms]
your.ad.domain = {
 kdc = your_dc_server.your.ad.domain
 default_domain = YOUR.AD.DOMAIN
 kpasswd_server = your_dc_server.your.ad.domain
}

[domain_realm]
 .your.ad.domain = YOUR.AD.DOMAIN

[logging]
 default = SYSLOG:NOTICE:DAEMON
 kdc = FILE:/var/log/kdc.log
 kadmind = FILE:/var/log/kadmind.log

[appdefaults]
pam = {
 ticket_lifetime = 1d
 renew_lifetime = 1d
 forwardable = true
 proxiable = false
 retain_after_close = false
 minimum_uid = 0
 debug = false
}

You can test Kerberos authentication with the command "kinit 
username at YOUR.AD.DOMAIN"

Good luck!

-- 
___________________________________________________________________

Ing. PAOLO BASENGHI :::: Systems & Networking Engineer
p.basenghi at netribe.it
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
NETRIBE srl :: Collaborative E-Business
42100 :: Reggio Emilia :: Italy :: Via della Costituzione, 27/4
ph. +39 0522 232378 :: fax +39 0522 232386 :: http://www.netribe.it
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Le informazioni contenute in questa comunicazione sono riservate e
destinate esclusivamente alla/e persona/e o all'ente sopra indicati.
È vietato ai soggetti diversi dai destinatari qualsiasi uso, copia,
diffusione di quanto in esso contenuto sia ai sensi dell'art. 616
c.p., sia ai sensi della legge 196/2003. Se questa comunicazione vi
è pervenuta per errore, vi preghiamo di rispondere a questa mail e
successivamente cancellarla dal vostro sistema.
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯



Askar wrote:

> hi list,
>
>
>          I'm just curious if someone succesfully done dovecot 
> authentication of Active directory and I will appreciage any link in 
> this regards
>
>
>
> Thanks
>
> Askar







More information about the dovecot mailing list