[Dovecot] NTLM authentication from Outlook
lars at skovgaarddesign.dk
Mon Nov 13 22:50:51 UTC 2006
I've enabled ntlm authentication in dovecot, and use dovecot sasl in
postfix as well.
Authentication with ntlm works well from Mac OS X Mail.app, as well
as from Outlook Express, but fails with Outlook. Strangely enough,
ntml authentication works in Outlook when using smtp (via postfix),
but neither from imap or pop3 (both dovecot). As dovecot sasl handles
all authentication against a mysql userdb, this strikes me as very
I've instructed my clients with Outlook to fetch mail using a ssl-
encrypted connection, and to send using ntlm-authentication. This
works, but I would like to have ntlm available as an option to all my
clients, without forcing them to change mail-clients.
I've turned on auth_verbose, auth_debug and auth_debug_passwords, and
compared the passwordstring with the one calculated using dovecotpw,
and they match. The only odd thing is that the username is returned
from Outlook as an all-caps string, so user at domain.tld becomes
USER at DOMAIN.TLD. I don't know if it matters, but I don't think so, as
changing the user-login to an all-caps version doesn't solve the
Any hints will be most welcome.
More information about the dovecot