Howto authenticate smartPhone via Active Directory
Aki Tuomi
aki.tuomi at dovecot.fi
Sun Dec 3 15:22:56 EET 2017
Actually you are authenticating gssapi clients from ad and everyone else from shadow. maybe you need to configure pam module?
---Aki TuomiDovecot oy
-------- Original message --------From: Mark Foley <mfoley at ohprs.org> Date: 03/12/2017 06:03 (GMT+02:00) To: dovecot at dovecot.org Subject: Howto authenticate smartPhone via Active Directory
I have a Samba4 Active Directory server. Dovecot authenticates AD Users with domain credentials
using GSSAPI (Thunderbird client). I believe I have Dovecot set to attempt authentication via
shadow first and. failing that, it does authenticate via GSSAPI.
Smartphones connect to Dovecot via port 143 and SSL. They are not domain members so if the
shadow authentication fails, no other methods are tried and no connection is made.
What can I do with my dovecot config to fix this?
> doveconf -n
# 2.2.15: /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 4.4.88 x86_64 Slackware 14.2
auth_debug = yes
auth_debug_passwords = yes
auth_gssapi_hostname = $ALL
auth_krb5_keytab = /etc/dovecot/dovecot.keytab
auth_mechanisms = plain login gssapi
auth_use_winbind = yes
auth_username_format = %n
auth_verbose = yes
auth_verbose_passwords = plain
disable_plaintext_auth = no
info_log_path = /var/log/dovecot_info
mail_location = maildir:~/Maildir
passdb {
driver = shadow
}
protocols = imap
ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/2016-08-10/54e789087d419b6e.crt
ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key
userdb {
driver = passwd
}
verbose_ssl = yes
Thanks, Mark
More information about the dovecot
mailing list