[Dovecot] NTLM authentication woes

Lars Skovgaard lars at skovgaarddesign.dk
Sat Dec 23 17:13:13 UTC 2006


Hi all,

I have set up dovecot to use a number of different authentication- 
mechanisms, which are all working as expected from well-behaved  
clients. However, MS Outlook on Windows and MS Entourage X on Mac OS  
X refuse to connect using NTLM.

Outlook Express on Windows seems to be working fine, and NTLM  
authentication works from within OS X Mail.app as well.

Turning on auth_debug and auth_verbose has led me to discover that MS  
Outlook uses the users full name as login, instead of whatever is  
entered in the account-information - if the user "John Doe" has the  
login "jd at domain.com", Outlook sends "John Doe" instead. This of  
course fails. Strangely enough, if I turn off "Use Secure  
Authentication" from within Outlook, the login-name from the account- 
information is used as it should be.

 From MS Entourage, the problem is similar but not identical. Here,  
the login is sent as "jd at domain.com/jd".

I have worked around the problem for now by instructing my clients to  
use SSL-connections and disabling "Secure Authentication", but would  
like for everyone to be able to log on without using SSL (due to the  
returning questions regarding my self-signed certificate).

Can anyone shed some light on why the MS apps refuse to behave?

Thanks in advance!

/Lars

PS: I wish you all a merry christmas and a happy new year!  :o)



More information about the dovecot mailing list