[Samba] Samba4 AD and mail auth

Achim Gottinger achim at ag-web.biz
Fri Jun 28 05:35:13 MDT 2013 

Am 28.06.2013 13:24, schrieb Carsten Laun-De Lellis:
>
> Hi Achim
>
> First of all thankx for your input.
>
> The way you set it up was the way I did it. But when I go thru your 
> ldap configuration it doesn't really solves my Problem or, maybe more 
> likely, I don't understand it.
>
> For Auth I want my users to connect to dovecot with user/Password 
> token. In your config I can't see where you match the Password to the 
> AD Password.
>
For authetification dovecot uses what is configured in passdb in the 
corresponding ldap config you can see it uses auth_bind=yes and 
auth_bind_userdn defines the dn used to auth against samb4 ldap.
As said on my side cn is identical with sAMAccountName, if it's not on 
your side you may have to use cn/Password instead of 
sAMAccountName/Password .

> Maybe I wasn't specific enough, what I want to do. Or I don't 
> understand where I you match again the user Password. And again there 
> is a good Chance that the Problem is myself. Weinend
>
> Thankx again.
>
> ---
>
> Mit freundlichem Gruß
>
> Carsten Laun-De Lellis
>
> Hauptstrasse 13
> D-67705 Trippstadt
>
> Phone: +49 6306 992140
> Fax:     +49 6306 992142
> Mobile: +49 151 27530865
> email: carsten.delellis at delellis.net 
> <mailto:carsten.delellis at delellis.net>
>
> http://www.linkedin.com/in/carstenlaundelellis
>
> Am 2013-06-28 13:13, schrieb Achim Gottinger:
>
>> Am 28.06.2013 10:31, schrieb Carsten Laun-De Lellis:
>>> Hi list Does anyone has experience in setting up dovecot or any 
>>> other mail system with user auth against a Samba4 AD ? If yes could 
>>> I get some advice on that Topic or even a link to a ressource where 
>>> I can get some Information. Googled a lot but didn't find something 
>>> yet. Thankx in advance.
>> I did it with dovecot/postfix on debian wheezy, there is alot more info
>> if you look for dovecot setup agains Microsoft AD.
>>
>>
>> First create an user for ldap queries:
>>
>>   >samta-tool user add ldap [password]
>>
>> Configure dovecot passdb against Samba4 AD, add or change this in your
>> dovecot.conf bzw. auth-ldap-conf.ext (on wheezy)
>>
>> # Authentication for LDAP users
>>
>> passdb {
>>     driver = ldap
>>     args = /etc/dovecot/dovecot-ldap-passdb.conf.ext
>> }
>>
>> Create /etc/dovecot/dovecot-ldap-passdb.conf.ext, can be you have to use
>> sAMAccountName instead of cn for auth_bind_userdn and pass_filter. On my
>> side these are identical because i migrated from samba3/openldap. Filter
>> is looking for person classes with matchin cn and an exiting mail attribute.
>>
>> hosts = localhost
>> auth_bind = yes
>> auth_bind_userdn = cn=%u,cn=Users,dc=yourdomain,dc=local
>> ldap_version = 3
>>
>> base = cn=Users,dc=yourdomain,dc=local
>> pass_filter = (&(objectClass=person)(cn=%u)(mail=*))
>>
>>

More information about the samba mailing list