Howto authenticate smartPhone via Active Directory
Mark Foley
mfoley at ohprs.org
Sun Dec 3 06:03:04 EET 2017
I have a Samba4 Active Directory server. Dovecot authenticates AD Users with domain credentials
using GSSAPI (Thunderbird client). I believe I have Dovecot set to attempt authentication via
shadow first and. failing that, it does authenticate via GSSAPI.
Smartphones connect to Dovecot via port 143 and SSL. They are not domain members so if the
shadow authentication fails, no other methods are tried and no connection is made.
What can I do with my dovecot config to fix this?
> doveconf -n
# 2.2.15: /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 4.4.88 x86_64 Slackware 14.2
auth_debug = yes
auth_debug_passwords = yes
auth_gssapi_hostname = $ALL
auth_krb5_keytab = /etc/dovecot/dovecot.keytab
auth_mechanisms = plain login gssapi
auth_use_winbind = yes
auth_username_format = %n
auth_verbose = yes
auth_verbose_passwords = plain
disable_plaintext_auth = no
info_log_path = /var/log/dovecot_info
mail_location = maildir:~/Maildir
passdb {
driver = shadow
}
protocols = imap
ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/2016-08-10/54e789087d419b6e.crt
ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key
userdb {
driver = passwd
}
verbose_ssl = yes
Thanks, Mark
More information about the dovecot
mailing list