dovecot and ntlm_auth through winbind
Jason Gunthorpe
jgunthorpe at obsidianresearch.com
Sun Jan 4 04:41:48 UTC 2015
Hi all,
I am upgrading a dovecot 1.2 installation to a 2.2 installation and
have found and fixed a number of problems..
I've seen several postings in the archive about ntlm_auth not working,
and it is true, there are several regressions in dovecot here.
The first and simplest is that the enablement instructions in the
wikki are wrong. ntlm_auth must be called as root, which is what 1.2
did.
2.2 defaults to calling it as the auth user which subtly doesn't work:
Dec 30 20:30:21 quartz dovecot[8439]: auth: Error: Login for user []\[jgg]@[wakko] failed due to [Reading winbind reply failed!]
Dec 30 20:30:21 quartz dovecot[8439]: auth: Error: ../auth/ntlmssp/ntlmssp_server.c:454: Checking NTLMSSP password for \jgg failed: NT_STATUS_UNSUCCESSFUL
Dec 30 20:30:21 quartz dovecot[8439]: auth: Error: GENSEC login failed: NT_STATUS_UNSUCCESSFUL
Dec 30 20:30:21 quartz dovecot[8439]: auth: Error: winbind: ntlm_auth exited with exit code 0
The fix is simple, run auth as root:
service auth {
user = root
}
This ended up as debian bug #774263 which has a few more details.
Regards,
Jason
More information about the dovecot
mailing list