How to "Windows Authenticate"

Mark Foley mfoley at ohprs.org
Wed Sep 16 17:10:46 UTC 2015 

Does the Dovecot NTLM mechanism work with MS Outlook?

[ ] YES
[ ] NO

Please check one ... anybody.

--Mark

-----Original Message-----
From: Mark Foley <mfoley at ohprs.org>
Date: Sun, 13 Sep 2015 01:10:57 -0400
To: dovecot at dovecot.org
Subject: Re: How to "Windows Authenticate"

I am running Dovecot 2.2.15 on Linux Slackware 14.1 and Samba 4.1.17 as the
Active Directory/Domain Controller on the same host as Dovecot.
Sendmail/procmail delivers mail to users' $HOME/Maildir. MS Outlook/IMAP is the
client MTU used to connect with Dovecot to read mail on the Users' WIN7
workstations.

I believe I have confirmed that MS Outlook will either ...

1) send the userid and password configured in the Outlook settings to Dovecot
for authorizing. This mechanism has been working fine for months.

or ...

2) Use NTML authorization if "Require login using Secure Password Authentication
(SPA)" is checked: https://en.wikipedia.org/wiki/Secure_Password_Authentication

Those, I believe, are the only two choices with Outlook (other than Exchange). 
Therefore, in order not to configure a Domain-distinct password in Outlook, I
need to use the NTLM auth_mechanism for AD "Windows Authentication" with
Dovecot.  I've tried the settings below (just trying one user at the moment):

$ doveconf -n
# 2.2.15: /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 3.10.17 x86_64 Slackware 14.1
auth_debug_passwords = yes
auth_mechanisms = plain ntlm
auth_use_winbind = yes
auth_verbose = yes
auth_verbose_passwords = plain
disable_plaintext_auth = no
info_log_path = /var/log/dovecot_info
mail_location = maildir:~/Maildir
protocols = imap
ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt
ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key
userdb {
  args = uid=3000026 gid=100 home=/home/HPRS/mark allow_all_users=yes
  driver = static
}
verbose_ssl = yes

Dovecot log results after setting my Outlook to SPA and clicking the 'Test
Account Settings' give me:

Sep 13 00:53:12 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth
Sep 13 00:53:12 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=192.168.0.58, lip=98.102.63.107, session=<2PnkuZkfqADAqAA6>

Can someone tell me what this means and how to fix it?

Note that I have read http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm over and
over, so simply referring me to that link will not help.

Thanks, Mark

More information about the dovecot mailing list