Howto authenticate smartPhone via Active Directory
Steffen Kaiser
skdovecot at inf.h-brs.de
Mon Dec 11 08:46:28 EET 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 2 Dec 2017, Mark Foley wrote:
> I have a Samba4 Active Directory server. Dovecot authenticates AD Users with domain credentials
> using GSSAPI (Thunderbird client). I believe I have Dovecot set to attempt authentication via
^^^^^^^^^^ ????
> shadow first and. failing that, it does authenticate via GSSAPI.
>
> Smartphones connect to Dovecot via port 143 and SSL. They are not domain members so if the
> shadow authentication fails, no other methods are tried and no connection is made.
>
> What can I do with my dovecot config to fix this?
If you are asking about how to auth against AD with plain credentials, see
https://wiki2.dovecot.org/AuthDatabase/LDAP
You can add another passdb {} . However, this enables any client to use
plain credentials, incl. Thunderbird.
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEVAwUBWi4pxMQnQQNheMxiAQJeKQf/UmSsc1YRSgPAJKEjB12lJCpCX2oj8Wfd
qV9by9tyU942gNsAArBzMaSxgRWYb8yr6lmuPer0/HZJCQyExchjGgzc/HDeMJPU
uxt0dOVvY4SXmfwv+phwlDO3UvDt5sagLNNx54v8nal+OIxAZ+juAxs/NiNPTlt+
78R7TGaRj6Fxoyc/Ssf1CbCVr2ECK6m1YtJ+Jpe6Zi5FPMndx9rwWj/MMp5CW93/
UDUMM2wWoYBavzBXIEVb8Xi9n7PYJH8kdA4YILQdNrYTQR5k6XDLsKH9UYc/n216
CjktUGSC75E3zUk8a665gDJ+D/CjPfJSz/DICgkIeGAzweUfvVZk3Q==
=L5oG
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list