[Dovecot] dovecot + postfix + active directory

[Askar]

Paolo Basenghi wrote:

> Active Directory uses kerberos protocol for authentication, so you 
> need pam_krb5 module to authenticate.
> I don't know if it is possible to authenticate in A.D. without Kerberos.
>
> In the configuration I proposed to you, A.D. is required only for 
> authentication, the accounting information (uid, gid) is static (vmail 
> Linux user), the home dir. is determined by template (example: 
> /home/vmail/mailboxes/<A.D. username>).
> In other words, my config. works well if you can utilize virtual 
> mailboxes *AND* each mailbox dir. name equals to A.D. username.
>
> I heard that exists a Microsoft extension to A.D. LDAP schema to add 
> Unix accounting info, but I never used it.
>
> So I don't know if you *must* use pam+kerberos, but I suggest that you 
> *should* try it, leaving out dovecot-ldap.conf.
>
> Cheers
>
Hello,

I'm now trying with pam + kerbers , when I tries with "kinit abc" 
authentication to AD works which means my ker5.conf file is correct , 
however when I tries from mail client thunderbird I got error...

"dovecot-auth: PAM: pam_authenticate(rizwan) failed: unknown user"

I added "dovecot" file to /etc/pam.d/ with these lines (as you suggested)

account         required        pam_krb5.so no_user_check
account   required  pam_permit.so

It looks like that pam is not using kerbers thats why it giving me error 
of "unknown user", I treid with changing the module name eg, 
pam_kerb5.so to pam_kerb5.so.4 , which gives me errors .........

teacher dovecot-auth: in openpam_load_module(): no pam_krb5.so.4 found
Apr 12 19:04:24 teacher dovecot-auth: PAM: pam_start(abc) failed: system 
error
Apr 12 19:04:24 teacher dovecot-auth: in openpam_load_module(): no 
pam_krb5.so.4 found
Apr 12 19:04:24 teacher dovecot-auth: PAM: pam_start(abc) failed: system 
error


which mean pam do reading and loading the specified modules and 
complains if something misssing.

Regards

Askar