[Samba] Samba4 AD and mail auth
Davor Vusir
davor.vusir at live.se
Sat Jun 29 00:26:35 MDT 2013
Hi Carsten!
Check out this how-to:
http://www.iredmail.org/wiki/index.php?title=Integration/Active.Directory.iRedMail
Works like a charm!
Regards
Davor
--------------------------------------------------
From: "Carsten Laun-De Lellis" <carsten.delellis at delellis.net>
Sent: Friday, June 28, 2013 6:49 PM
To: "Achim Gottinger" <achim at ag-web.biz>
Cc: <samba at lists.samba.org>
Subject: Re: [Samba] Samba4 AD and mail auth
>
>
> Hi Achim
>
> Don't wanna bothering you, but I still got error Messages.
>
> Jun 28 15:09:57 rv1325 dovecot: auth: Debug: auth client connected
> (pid=2157)
> Jun 28 15:09:57 rv1325 dovecot: auth: Debug: client in:
> AUTH#0111#011NTLM#011service=imap#011session=KkN8mDbgGABUmsab#011lip=178.254.21.125#011rip=84.154.198.155#011lport=143#011rport=49432
> Jun 28 15:09:57 rv1325 dovecot: auth: Debug: client passdb out:
> CONT#0111#011
> Jun 28 15:09:57 rv1325 dovecot: auth: Debug: client in:
> CONT#0111#011TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw==
> (previous base64 data may contain sensitive data)
> Jun 28 15:09:57 rv1325 dovecot: auth: Debug: client passdb out:
> CONT#0111#011TlRMTVNTUAACAAAADAAMADAAAAAFAooAzlGLZuaYgz0AAAAAAAAAABQAFAA8AAAAcgB2ADEAMwAyADUAAwAMAHIAdgAxADMAMgA1AAAAAAA=
> Jun 28 15:09:58 rv1325 dovecot: auth: Debug: client in:
> CONT#0111#011TlRMTVNTUAADAAAAGAAYAHYAAADAAMAAjgAAAAAAAABYAAAAEAAQAFgAAAAOAA4AaAAAAAAAAABOAQAABQKIAgYC8CMAAAAP6HRQNL0+o3yODw5hHqFFvHQAZQBzAHQAdQBzAGUAcgBXADAAMAAwADAAMAA1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnluuxW4N/hRueL6TyYm30BAQAAAAAAAB2Yjc4AdM4B6LKt7eH6AGUAAAAAAwAMAHIAdgAxADMAMgA1AAgAMAAwAAAAAAAAAAEAAAAAIAAABJBPeBFKFDBXIh0KoOgHioqV/yHKS7i3O2lbwelRVv4KABAAAAAAAAAAAAAAAAAAAAAAAAkAMABpAG0AYQBwAC8AcgB2ADEAMwAyADUALgBkAGUAbABlAGwAbABpAHMALgBuAGUAdAAAAAAAAAAAAA==
> (previous base64 data may contain sensitive data)
> Jun 28 15:09:58 rv1325 dovecot: auth: Debug:
> password(testuser,84.154.198.155,<KkN8mDbgGABUmsab>): passdb doesn't
> support credential lookups
> Jun 28 15:09:58 rv1325 dovecot: auth: Debug:
> password(testuser,84.154.198.155,<KkN8mDbgGABUmsab>): passdb doesn't
> support credential lookups
> Jun 28 15:10:00 rv1325 dovecot: auth: Debug: client passdb out:
> FAIL#0111#011user=testuser
> Jun 28 15:10:00 rv1325 dovecot: auth: Debug: client in:
> AUTH#0112#011DIGEST-MD5#011service=imap#011session=KkN8mDbgGABUmsab#011lip=178.254.21.125#011rip=84.154.198.155#011lport=143#011rport=49432
> Jun 28 15:10:04 rv1325 dovecot: auth: Debug: client passdb out:
> CONT#0112#011cmVhbG09IiIsbm9uY2U9Ii9nZndwbWd1TTlDMlVkekhZRld0R0E9PSIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI=
> Jun 28 15:10:04 rv1325 dovecot: auth: Debug: client in:
> CONT#0112#011dXNlcm5hbWU9InRlc3R1c2VyIixyZWFsbT0iIixub25jZT0iL2dmd3BtZ3VNOUMyVWR6SFlGV3RHQT09IixkaWdlc3QtdXJpPSJpbWFwL3J2MTMyNS5kZWxlbGxpcy5uZXQiLGNub25jZT0iMjQ0NTRjZjAxNjVmOTE3YmVjMTJhMjk5OTc1ZGQ0MTYiLG5jPTAwMDAwMDAxLHJlc3BvbnNlPWVjZWI4MjJhZDFiZWY4NjU1OTYzMTk0YzhlZDQ0NmYxLHFvcD1hdXRoLGNoYXJzZXQ9dXRmLTg=
> (previous base64 data may contain sensitive data)
> Jun 28 15:10:04 rv1325 dovecot: auth: Debug:
> password(testuser,84.154.198.155,<KkN8mDbgGABUmsab>): passdb doesn't
> support credential lookups
> Jun 28 15:10:06 rv1325 dovecot: auth: Debug: client passdb out:
> FAIL#0112#011user=testuser
> Jun 28 15:10:06 rv1325 dovecot: auth: Debug: client in:
> AUTH#0113#011PLAIN#011service=imap#011session=KkN8mDbgGABUmsab#011lip=178.254.21.125#011rip=84.154.198.155#011lport=143#011rport=49432#011resp=AHRlc3R1c2VyAHRlc3R1c2Vy
> (previous base64 data may contain sensitive data)
>
> My auth.conf file Looks like:
>
> hosts = localhost auth_bind = yes auth_bind_userdn =
> sAMAccountName=%u,cn=Users,dc=delellis,dc=net base =
> cn=Users,dc=delellis,dc=net ldap_version = 3
>
> pass_filter = (&(objectClass=user)(sAMAccoutName=%u)(mail=*))
>
> And I have no idea why it doesn't work.
> ---
>
> Mit freundlichem Gruß
>
> Carsten Laun-De Lellis
>
> Hauptstrasse 13
> D-67705 Trippstadt
>
> Phone: +49 6306 992140
> Fax: +49 6306 992142
> Mobile: +49 151 27530865
> email: carsten.delellis at delellis.net
>
> http://www.linkedin.com/in/carstenlaundelellis [2]
>
> Am 2013-06-28 14:04, schrieb Achim Gottinger:
>
>> Am 28.06.2013 13:55, schrieb Carsten Laun-De Lellis:
>>
>>> Hi Achim
>>>
>>> Thankx a lot. I will try.
>>>
>>> Have a nice Weekend.
>> NP take a look at this
>>
>> http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds [1]
>>
>> ---
>>
>> Mit freundlichem Gruß
>>
>> Carsten Laun-De Lellis
>>
>> Hauptstrasse 13
>> D-67705 Trippstadt
>>
>> Phone: +49 6306 992140
>> Fax: +49 6306 992142
>> Mobile: +49 151 27530865
>> email: carsten.delellis at delellis.net
>>
>> http://www.linkedin.com/in/carstenlaundelellis [2]
>>
>> Am 2013-06-28 13:35, schrieb Achim Gottinger:
>>
>> Am 28.06.2013 13:24, schrieb Carsten Laun-De Lellis:
>> Hi Achim First of all thankx for your input. The way you set it up was
>> the way I did it. But when I go thru your ldap configuration it doesn't
>> really solves my Problem or, maybe more likely, I don't understand it.
>> For Auth I want my users to connect to dovecot with user/Password token.
>> In your config I can't see where you match the Password to the AD
>> Password.
>>
>> For authetification dovecot uses what is configured in passdb in the
>> corresponding ldap config you can see it uses auth_bind=yes and
>> auth_bind_userdn defines the dn used to auth against samb4 ldap.
>> As said on my side cn is identical with sAMAccountName, if it's not on
>> your side you may have to use cn/Password instead of
>> sAMAccountName/Password .
>> Maybe I wasn't specific enough, what I want to do. Or I don't understand
>> where I you match again the user Password. And again there is a good
>> Chance that the Problem is myself. Weinend Thankx again. --- Mit
>> freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705
>> Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151
>> 27530865 email: carsten.delellis at delellis.net
>> <mailto:carsten.delellis at delellis.net>
>> http://www.linkedin.com/in/carstenlaundelellis [2]Am 2013-06-28 13:13,
>> schrieb Achim Gottinger: Am 28.06.2013 10:31, schrieb Carsten Laun-De
>> Lellis: Hi list Does anyone has experience in setting up dovecot or any
>> other mail system with user auth against a Samba4 AD ? If yes could I get
>> some advice on that Topic or even a link to a ressource where I can get
>> some Information. Googled a lot but didn't find something yet. Thankx in
>> advance. I did it with dovecot/postfix on debian wheezy, there is alot
>> more info if you look for dovecot setup agains Microsoft AD.
> First create an user for ldap queries: >samta-tool user add ldap
> [password] Configure dovecot passdb against Samba4 AD, add or change this
> in your dovecot.conf bzw. auth-ldap-conf.ext (on wheezy) # Authentication
> for LDAP users passdb { driver = ldap args =
> /etc/dovecot/dovecot-ldap-passdb.conf.ext } Create
> /etc/dovecot/dovecot-ldap-passdb.conf.ext, can be you have to use
> sAMAccountName instead of cn for auth_bind_userdn and pass_filter. On my
> side these are identical because i migrated from samba3/openldap. Filter
> is looking for person classes with matchin cn and an exiting mail
> attribute. hosts = localhost auth_bind = yes auth_bind_userdn =
> cn=%u,cn=Users,dc=yourdomain,dc=local ldap_version = 3 base =
> cn=Users,dc=yourdomain,dc=local pass_filter =
> (&(objectClass=person)(cn=%u)(mail=*))
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba [3]
>
>
>
> Links:
> ------
> [1] http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds
> [2] http://www.linkedin.com/in/carstenlaundelellis
> [3] https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list