[Dovecot] NTLM configuration

Cédric Laruelle laruellec at aiderdonner.com
Mon May 11 12:47:39 EEST 2009


Actually, I found the winbind problem : I was using samba 3.0.28 which is bugged on using winbind on a samba PDC.
I upgraded to 3.0.33 and now winbind is working correctly, meaning I can authenticate a user using ntlm_auth --username=xxx and I have "NT_STATUS_OK: Success (0x0)".
However, it is still failing when I try to authenticate with dovecot and ntlm.
Here is the log I have :

dovecot: May 11 11:40:35 Info: auth(default): client in: AUTH   1       NTLM    service=imap    secured lip=192.168.0.1 rip=192.168.0.254       lport=143       rport=1210
dovecot: May 11 11:40:35 Info: auth(default): client out: CONT  1
dovecot: May 11 11:40:35 Info: auth(default): client in: CONT   1       TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
dovecot: May 11 11:40:35 Info: auth(default): client out: CONT  1       TlRMTVNTUAACAAAADgAOADAAAAAFgomiYLxtMH3H1LwAAAAAAAAAAIAAgAA+AAAAQQBMAFYAQQBSAFUATQACAA4AQQBMAFYAQQBSAFUATQABABAASQBOAFQARQBSAE4AQQBMAAQAHgBhAGkAZABlAHIAZABvAG4AbgBlAHIALgBjAG8AbQADADAAaQBuAHQAZQByAG4AYQBsAC4AYQBpAGQAZQByAGQAbwBuAG4AZQByAC4AYwBvAG0AAAAAAA==
dovecot: May 11 11:40:35 Info: auth(default): client in: CONT   1       TlRMTVNTUAADAAAAGAAYAF4AAAAYABgAdgAAAAAAAABIAAAABgAGAEgAAAAQABAATgAAAAAAAACOAAAABYKIogUBKAoAAAAPZgBmAHMAQQBMAFYAQQBSAFUATQAzAH7tuJu/R/lTAAAAAAAAAAAAAAAAAAAAAB9dNIf6uB8KWG4KjG7hod/cNrCJsS5DpQ==
dovecot: May 11 11:40:35 Info: auth(default): winbind(?,192.168.0.254): user not authenticated: NT_STATUS_NO_SUCH_USER
dovecot: May 11 11:40:37 Info: auth(default): client out: FAIL  1


It says the user does not exist, but I use the same user as the one in command line with ntlm_auth.
Actually, I'm not sure which user is passed in, as it is Outlook that send the NTLM hash to dovecot. Is there a way to track ? Is it the auth_username_format which is incorrect ?

My parameters are :
auth_ntlm_use_winbind = yes
auth_username_format = %n
auth_winbind_helper_path = /usr/bin/ntlm_auth

Best regards,

Cédric Laruelle


-----Message d'origine-----
De : dovecot-bounces+laruellec=aiderdonner.com at dovecot.org [mailto:dovecot-bounces+laruellec=aiderdonner.com at dovecot.org] De la part de Cédric Laruelle
Envoyé : lundi 11 mai 2009 10:46
À : dovecot at dovecot.org
Objet : Re: [Dovecot] NTLM configuration

No, I haven't. The problem is I find nowhere explanations on how to configure winbind to authenticate against samba. All configurations I found were to configure it on AD.
In samba docs, I found "Winbind is targeted at organizations that have an existing NT-based domain infrastructure into which they wish to put UNIX workstations or servers", but that's not my case ...

If you have any clues where I could find or ask the info it would be mulch appreciated.

Best regards,

Cédric Laruelle


-----Message d'origine-----
De : dovecot-bounces+laruellec=aiderdonner.com at dovecot.org [mailto:dovecot-bounces+laruellec=aiderdonner.com at dovecot.org] De la part de Rob Coward
Envoyé : lundi 11 mai 2009 10:20
À : Cédric Laruelle
Cc : dovecot at dovecot.org
Objet : Re: [Dovecot] NTLM configuration

Have you confirmed winbind is configured and working correctly ?

"user not authenticated: NT_STATUS_NO_LOGON_SERVERS" suggests to me that
you havent got a working winbind setup.

Rob

On Mon, 2009-05-11 at 10:01 +0200, Cédric Laruelle wrote:
> Hi again everybody !
> 
>  
> 
> I’m still stuck with the dovecot ntlm authentication… I configured dovecot
> to use winbind, and I would like winbind to authenticate against samba
> (samba, winbind and dovecot are running on the same box).
> 
> Here is the log I have (192.168.0.1 is the server box, 192.168.0.254 the
> client box)
> 
>  
> 
> dovecot: May 06 14:52:37 Info: auth(default): new auth connection: pid=25828
> 
> dovecot: May 06 14:52:38 Info: auth(default): client in: AUTH   1       NTLM
> 
> service=imap    secured lip=192.168.0.1 rip=192.168.0.254       lport=143
> 
> rport=1084
> 
> dovecot: May 06 14:52:38 Info: auth(default): client out: CONT  1
> 
> dovecot: May 06 14:52:38 Info: auth(default): client in: CONT   1
> 
> TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
> 
> dovecot: May 06 14:52:38 Info: auth(default): client out: CONT  1
> 
> TlRMTVNTUAACAAAADgAOADAAAAAFgomizPYc4ALWKQgAAAAAAAAAAIAAgAA+AAAAQQBMAFYA
> 
> TlRMTVNTUAACAAAADgAOADAAAAAFgomizPYc4ALWKQgAAAAAAAAAAIAAgAA+QQBS
> 
> AFUATQACAA4AQQBMAFYAQQBSAFUATQABABAASQBOAFQARQBSAE4AQQBMAAQAHgBhAGkAZABlAHIA
> 
> ZABvAG4AbgBlAHIALgBjAG8AbQADADAAaQBuAHQAZQByAG4AYQBsAC4AYQBpAGQAZQByAGQAbwBu
> 
> AG4AZQByAC4AYwBvAG0AAAAAAA==
> 
> dovecot: May 06 14:52:38 Info: auth(default): client in: CONT   1
> 
> TlRMTVNTUAADAAAAGAAYAF4AAAAYABgAdgAAAAAAAABIAAAABgAGAEgAAAAQABAATgAAAAAAAACO
> 
> AAAABYKIogUBKAoAAAAPZgBmAHMAQQBMAFYAQQBSAFUATQAzABXRN5WNNwAgAAAAAAAAAAAAAAAA
> 
> AAAAALm1ePVxjdOF1UPe8A/e1D6H0+jlJYQPUA==
> 
> dovecot: May 06 14:52:38 Info: auth(default): winbind(?,192.168.0.254): user
> not authenticated: NT_STATUS_NO_LOGON_SERVERS
> 
> dovecot: May 06 14:52:40 Info: auth(default): client out: FAIL  1
> 
>  
> 
> Please help, I really need to set this up and it begins to drive me really
> crazy …
> 
>  
> 
> Cédric Laruelle
> 
Please consider the environment before printing this email. 


GAME Group plc, winners of:

2009 Retail Week Awards - Speciality Retailer of the Year
2009 National Sales Awards - Sales Training Programme/Initiative of the Year
2008 Econsultancy Innovation Awards - Innovation in Online Acquisition
2008 MCV Awards - Specialist Retailer of the Year
2007 Golden Joystick Awards - Retailer of the Year
2007 MCV Awards - Specialist Retailer of the Year
2006 Golden Joystick Awards - Retailer of the Year

This e-mail and any files transmitted with it are confidential and intended solely for the use of the 
individual or entity to whom they are addressed. If you have received this e-mail in error please 
notify the system manager at:  
 
        mailto:postmaster at game.co.uk
 
The recipient acknowledges that the transmissions made via the Internet can be corrupted and therefore 
THE GAME GROUP PLC and any of its subsidiaries do not give any warranty as to the quality or accuracy of 
any information contained in the message or assume any liability for it or for its transmission, reception or storage.  

This footnote also confirms that this e-mail message has been swept by anti-virus software for the presence of computer viruses.
 
http://www.game.co.uk
http://www.gamegroup.plc.uk 

Registered Number: 1937170
Registered Office: Unity House, Telford Road, Basingstoke, Hampshire. RG21 6YJ Registered in England and Wales.




More information about the dovecot mailing list