Working with Active Directory on Windows Server 2012 R2

Aaron Jenkins aaron at rsbuddy.com
Tue Nov 25 08:02:41 UTC 2014 

Hi all,

I’m having issues getting Dovecot to work with AD on 2012 R2 in a test environment.

Background:

AD is running on dc1.ad.automaton.uk<http://dc1.ad.automaton.uk>, the domain is ad.automaton.uk<http://ad.automaton.uk>. The DNS server is running on ad.automaton.uk<http://ad.automaton.uk> and the automaton.uk<http://automaton.uk> DNS is set up correctly in the test environment in that everything resolves to the correct IP address and I can authenticate with whichever LDAP clients (ldapsearch, ApacheDS, sssd). It refuses to bind on Dovecot for some reason.

aaron at mail:/var/log$ uname -a
Linux mail.ad.automaton.uk 3.16.0-23-generic #31-Ubuntu SMP Tue Oct 21 17:56:17 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
aaron at mail:/var/log$ dovecot --version
2.2.9
aaron at mail:/var/log$ dpkg -l | grep dovecot
ii  dovecot-core                          1:2.2.9-1ubuntu5                         amd64        secure POP3/IMAP server - core files
ii  dovecot-gssapi                        1:2.2.9-1ubuntu5                         amd64        secure POP3/IMAP server - GSSAPI support
ii  dovecot-imapd                         1:2.2.9-1ubuntu5                         amd64        secure POP3/IMAP server - IMAP daemon
ii  dovecot-ldap                          1:2.2.9-1ubuntu5                         amd64        secure POP3/IMAP server - LDAP support
aaron at mail:/var/log/$ cat dovecot-debug.log
…
Nov 19 09:22:23 auth: Debug: auth client connected (pid=10345)
Nov 19 09:22:23 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395
Nov 19 09:22:23 auth: Debug: client passdb out: CONT 1
Nov 19 09:22:23 auth: Debug: client in: CONT 1  (previous base64 data may contain sensitive data)
Nov 19 09:22:29 auth: Debug: client passdb out: FAIL 1 user=aaron.jenkins temp
Nov 19 09:22:29 auth: Debug: client in: AUTH 2 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 resp= (previous base64 data may contain sensitive data)
Nov 19 09:22:39 auth: Debug: client passdb out: FAIL 2 user=aaron.jenkins temp
Nov 19 09:22:40 auth: Debug: client in: AUTH 3 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395
Nov 19 09:22:44 auth: Debug: client passdb out: CONT 3
Nov 19 09:22:44 auth: Debug: client in: CONT 3  (previous base64 data may contain sensitive data)
Nov 19 09:22:50 auth: Debug: client passdb out: FAIL 3 user=aaron.jenkins temp
Nov 19 09:22:50 auth: Debug: client in: AUTH 4 PLAIN service=imap secured session=pkJxdDkISwAK0zcd lip=10.211.55.33 rip=10.211.55.29lport=993 rport=56395 resp= (previous base64 data may contain sensitive data)
Nov 19 09:22:56 auth: Debug: client passdb out: FAIL 4 user=aaron.jenkins temp

(I’ve removed the base64 as it might contain passwords I actually use, if it’s important I’ll re-run it with a different password unredacted)

Do you guys have any  ideas on how to get it working with 2012 R2? I know the LDAP is quite funky but I suspect that’s why it doesn’t work. Also, attached is my sssd config as it’s working fine in case it might provide any insights.





-------------- next part --------------
A non-text attachment was scrubbed...
Name: dovecot-ldap.conf.ext
Type: application/octet-stream
Size: 6269 bytes
Desc: dovecot-ldap.conf.ext
URL: <http://dovecot.org/pipermail/dovecot/attachments/20141125/649dd0de/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sssd.conf
Type: application/octet-stream
Size: 1277 bytes
Desc: sssd.conf
URL: <http://dovecot.org/pipermail/dovecot/attachments/20141125/649dd0de/attachment-0003.obj>

More information about the dovecot mailing list