Howto authenticate smartPhone via Active Directory
Mark Foley
mfoley at ohprs.org
Sun Dec 3 21:18:06 EET 2017
Yes, you are right. This link: https://www.redips.net/linux/android-email-postfix-auth/#section2
shows:
passdb pam {
}
used for authenticating Android. Problem #1 is that Slackware does not ship with PAM and the
AD/DC Samba4 does not use it. It is used on Slackware for a domain member, but I'm not sure I
should try configuring PAM on the AD/DC.
Is there some otherway I can get authentication using domain credentials besides pam? the phone
can send user and password.
--Mark
-----Original Message-----
> Date: Sun, 03 Dec 2017 15:22:56 +0200
> Subject: Re: Howto authenticate smartPhone via Active Directory
> From: Aki Tuomi <aki.tuomi at dovecot.fi>
> To: Mark Foley <mfoley at ohprs.org>, dovecot at dovecot.org
>
> Actually you are authenticating gssapi clients from ad and everyone else from shadow. maybe you need to configure pam module?
> ---Aki TuomiDovecot oy
>
> -------- Original message --------
> From: Mark Foley <mfoley at ohprs.org>
> Date: 03/12/2017 06:03 (GMT+02:00)
> To: dovecot at dovecot.org
> Subject: Howto authenticate smartPhone via Active Directory
> I have a Samba4 Active Directory server. Dovecot authenticates AD Users with domain credentials
> using GSSAPI (Thunderbird client). I believe I have Dovecot set to attempt authentication via
> shadow first and. failing that, it does authenticate via GSSAPI.
>
> Smartphones connect to Dovecot via port 143 and SSL. They are not domain members so if the
> shadow authentication fails, no other methods are tried and no connection is made.
>
> What can I do with my dovecot config to fix this?
>
> > doveconf -n
> # 2.2.15: /usr/local/etc/dovecot/dovecot.conf
> # OS: Linux 4.4.88 x86_64 Slackware 14.2
> auth_debug = yes
> auth_debug_passwords = yes
> auth_gssapi_hostname = $ALL
> auth_krb5_keytab = /etc/dovecot/dovecot.keytab
> auth_mechanisms = plain login gssapi
> auth_use_winbind = yes
> auth_username_format = %n
> auth_verbose = yes
> auth_verbose_passwords = plain
> disable_plaintext_auth = no
> info_log_path = /var/log/dovecot_info
> mail_location = maildir:~/Maildir
> passdb {
> driver = shadow
> }
> protocols = imap
> ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/2016-08-10/54e789087d419b6e.crt
> ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key
> userdb {
> driver = passwd
> }
> verbose_ssl = yes
>
> Thanks, Mark
More information about the dovecot
mailing list