[Dovecot] Samba4 and user auth
morpheus.ibis at gmail.com
Mon Jul 1 14:05:10 EEST 2013
On Monday 01 July 2013 12:36:39 Carsten Laun-De Lellis wrote:
> Hi Pavel
> Thankx for your reply.
> When you were setting up your ldap query what kind of password crypto
> did you specify plain ntlm gssapi or anything else? The password field
> in your query is userPassword or am I wrong here?
the password field is hidden (only the user can see it) by default, and not
stored as a unix-friendly value (anything a crypt() would understand)
what I use is auth_bind (which uses user-supplied password to bind to the LDAP
what it means is that on every login there are 2 lookups (first one using your
"service" DN to find the user DN, second one with your user DN to check the
that also means that you need a password format that your LDAP can understand
(mostly a plaintext password, or NTLM if your mail server is a Samba domain
member). As long as you only offer IMAP/SSL I dont think plaintext (as in
"auth_mechanisms = plain") is an issue, security wise.
as far as the service account (the one that is used to look up users) goes, I
am using the default option (setting "dn" and "dnpass" variables), which I
think is a simple bind. it is possible that it only works because Samba4 and
dovecot run on the same machine.
> I will try it again.
> Mit freundlichem Gruß
> Carsten Laun-De Lellis
> Hauptstrasse 13
> D-67705 Trippstadt
> Phone: +49 6306 992140
> Fax: +49 6306 992142
> Mobile: +49 151 27530865
> email: carsten.delellis at delellis.net
> http://www.linkedin.com/in/carstenlaundelellis 
> Am 2013-07-01 11:24, schrieb Pavel Herrmann:
> > Hi
> > On Friday 28 June 2013 07:17:39 Carsten Laun-De Lellis wrote:
> >> Hi all I am trying to set up an email Server with a Samba4 AD as user
> >> Directory. Does anybody know a good how-to to setup user auth against AD
> >> ? Or could anyone tell me how to do it? I am having an email Server up
> >> and running with openldap but want to change to Samba4 AD, because of
> >> the openchange Integration. I would appreciate any help on this topic.>
> > I have an AD/Samba4 auth for dovecot, it works the same as any LDAP would
> > (with authenticated lookups and auth_bind)
> > I would suggest you try it, and ask if there are any issues.
> > Pavel Herrmann
>  http://www.linkedin.com/in/carstenlaundelellis
More information about the dovecot