[Dovecot] NTLM authentication woes

Adrian Gill adrian at ssinternet.co.uk
Sun Dec 24 16:43:40 UTC 2006

Lars wrote:
[Re Outlook handling of SPA/NTLM]
> Turning on auth_debug and auth_verbose has led me to discover that MS 
> Outlook uses the users full name as login, instead of whatever is  entered 
> in the account-information - if the user "John Doe" has the  login 
> "jd at domain.com", Outlook sends "John Doe" instead. This of  course fails. 
> Strangely enough, if I turn off "Use Secure  Authentication" from within 
> Outlook, the login-name from the account- information is used as it should 
> be.

Not a solution I'm afraid, but just to let you know that I've been 
experimenting with NTLM (actually with Exim for authenticated SMTP) for a 
while with a few users and had the same problems - different versions of 
Outlook behave slightly differently, but none (that I've found) seem to work 
properly.  Usually Outlook sends the users Windows Logon username and 
password (which is often their name, but often something else too like 
'Administrator') initially, and sometimes then retries automatically with 
the correct details.

Things never seem to be that consistent though, except that they're 
consistently bad.  Frustratingly, the only option I have is to tell users 
that have problems to use Thunderbird or something else and use cram-md5 

As far as Outlook goes I think Microsoft seem to only bother testing NTLM 
running with MS Exchange on a local network... v.annoying!

(Sorry not that helpful a post)


More information about the dovecot mailing list