Здравствуйте. Дано:
dpkg -l *dovecot* | grep ^ii ii dovecot-core 1:2.2.25-1 amd64 secure POP3/IMAP server - core files ii dovecot-gssapi 1:2.2.25-1 amd64 secure POP3/IMAP server - GSSAPI support ii dovecot-imapd 1:2.2.25-1 amd64 secure POP3/IMAP server - IMAP daemon ii dovecot-ldap 1:2.2.25-1 amd64 secure POP3/IMAP server - LDAP support ii dovecot-lmtpd 1:2.2.25-1 amd64 secure POP3/IMAP server - LMTP server ii dovecot-managesieved 1:2.2.25-1 amd64 secure POP3/IMAP server - ManageSieve server ii dovecot-pop3d 1:2.2.25-1 amd64 secure POP3/IMAP server - POP3 daemon ii dovecot-sieve 1:2.2.25-1 amd64 secure POP3/IMAP server - Sieve filters support dpkg -l *winbind* | grep ^ii ii winbind 2:4.4.5+dfsg-3 amd64 service to resolve user and group information from Windows NT servers Нужно сделать прозрачную NTLM-аутентификацию для MUA: Thunderbird, Outlook(2010), The Bat. настраивалось по документации http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm Сервер добавлен в AD $ net ads status ... distinguishedName: CN=imap,CN=Computers,DC=nsk,DC=lanta,DC=ru ... Авторизация работает: $ wbinfo -a john Enter john's password: plaintext password authentication succeeded Enter john's password: challenge/response password authentication succeeded Конфиги: /etc/samba/smb.conf [global] workgroup = LANTA realm = nsk.lanta.ru security = ADS local master = no domain master = no preferred master = no dns proxy = no idmap uid = 10000-20000 idmap gid = 10000-20000 password server = domain3.nsk.lanta.ru encrypt passwords = yes #use kerberos keytab = true winbind use default domain = yes winbind offline logon = false winbind separator = + /etc/dovecot/dovecot.conf ... auth_mechanisms = ntlm auth_use_winbind = yes auth_username_format = %Lu auth_winbind_helper_path = /usr/bin/ntlm_auth userdb { args = uid=vmail gid=vmail home=/srv/vmail/maildir/%Ln driver = static } ... Пришлось добавить: service auth { user = root } потому что: Sep 23 11:24:14 imap dovecot: auth: ntlm(?,192.168.66.236,<IgmkJiU9sdPAqELs>): ntlm_auth reports broken helper: NT_STATUS_UNSUCCESSFUL Sep 23 11:24:14 imap dovecot: auth: Error: winbind: ntlm_auth exited with exit code 0 При попытке подключится MUA c Windows станции, включенной в домен, почему-то запрашивается пароль, при этом в логах: DEBUG: Sep 23 11:29:29 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Sep 23 11:29:29 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Sep 23 11:29:29 auth: Debug: auth client connected (pid=15287) Sep 23 11:29:34 auth: Debug: client in: AUTH 1 NTLM service=imap session=iwGtOSU9xtPAqELs lip=192.168.66.50 rip=192.168.66.236 lport=143 rport=54214 Sep 23 11:29:34 auth: Debug: client passdb out: CONT 1 Sep 23 11:29:34 auth: Debug: client in: CONT 1 <SKIP> (previous base64 data may contain sensitive data) Sep 23 11:29:34 auth: Debug: client passdb out: CONT 1 <SKIP> Sep 23 11:29:34 auth: Debug: client in: CONT 1 <SKIP> (previo us base64 data may contain sensitive data) Sep 23 11:29:34 auth: Debug: client passdb out: OK 1 user=john Sep 23 11:29:34 auth: Debug: master in: REQUEST 3676962817 15287 1 26ff92e1a7584dd15f7569c89fd91da7 session_pid=15290 request_auth_token Sep 23 11:29:34 auth: Debug: master userdb out: USER 3676962817 john uid=5000 gid=5000 home=/srv/vmail/maildir/john auth_token=78c6c23482422521f8b08967682ddf631694b876 Sep 23 11:29:34 imap(john): Debug: Loading modules from directory: /usr/lib/dovecot/modules Sep 23 11:29:34 imap(john): Debug: Module loaded: /usr/lib/dovecot/modules/lib01_acl_plugin.so Sep 23 11:29:34 imap(john): Debug: Module loaded: /usr/lib/dovecot/modules/lib02_imap_acl_plugin.so Sep 23 11:29:34 imap(john): Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so Sep 23 11:29:34 imap(john): Debug: Module loaded: /usr/lib/dovecot/modules/lib11_imap_quota_plugin.so Sep 23 11:29:34 imap(john): Debug: Module loaded: /usr/lib/dovecot/modules/lib15_notify_plugin.so Sep 23 11:29:34 imap(john): Debug: Module loaded: /usr/lib/dovecot/modules/lib20_mail_log_plugin.so Sep 23 11:29:34 imap(john): Debug: Effective uid=5000, gid=5000, home=/srv/vmail/maildir/john Sep 23 11:29:34 imap(john): Debug: acl: No acl_shared_dict setting - shared mailbox listing is disabled Sep 23 11:29:34 imap(john): Debug: Quota root: name=user backend=dict args=:file:/srv/vmail/maildir/john/maildir/dovecot-quota Sep 23 11:29:34 imap(john): Debug: Quota rule: root=user mailbox=* bytes=1073741824 messages=0 Sep 23 11:29:34 imap(john): Debug: Quota rule: root=user mailbox=Trash bytes=+107374182 (10%) messages=0 Sep 23 11:29:34 imap(john): Debug: Quota grace: root=user bytes=107374182 (10%) Sep 23 11:29:34 imap(john): Debug: dict quota: user=john, uri=file:/srv/vmail/maildir/john/maildir/dovecot-quota, noenforcing=0 Sep 23 11:29:34 imap(john): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/maildir Sep 23 11:29:34 imap(john): Debug: maildir++: root=/srv/vmail/maildir/john/maildir, index=, indexpvt=, control=, inbox=/srv/vmail/maildir/john/maildir, alt= Sep 23 11:29:34 imap(john): Debug: acl: initializing backend with data: vfile:/srv/vmail/conf.d/acls:cache_secs=300 Sep 23 11:29:34 imap(john): Debug: acl: acl username = john Sep 23 11:29:34 imap(john): Debug: acl: owner = 1 Sep 23 11:29:34 imap(john): Debug: acl vfile: Global ACL file: /srv/vmail/conf.d/acls Sep 23 11:29:34 imap(john): Debug: quota: quota_over_flag check: STORAGE ret=1 value=4 limit=1048576 Sep 23 11:29:34 imap(john): Debug: quota: quota_over_flag check: MESSAGE ret=0 value=4 limit=0 Sep 23 11:29:34 imap(john): Debug: quota: quota_over_flag=0((null)) vs currently overquota=0 Sep 23 11:29:34 imap(john): Debug: acl vfile: file /srv/vmail/maildir/john/maildir/.&BB0ENQQ2BDUEOwQwBEIENQQ7BEwEPQQwBE8- &BD8EPgRHBEIEMA-/dovecot-acl not found Sep 23 11:29:34 imap(john): Debug: acl vfile: file /srv/vmail/maildir/john/maildir/.&BCMENAQwBDsENQQ9BD0ESwQ1-/dovecot-acl not found Sep 23 11:29:34 imap(john): Debug: acl vfile: file /srv/vmail/maildir/john/maildir/.&BB4EQgQ,BEAEMAQyBDsENQQ9BD0ESwQ1-/dovecot-acl not found Sep 23 11:29:34 imap(john): Debug: acl vfile: file /srv/vmail/maildir/john/maildir/.Trash/dovecot-acl not found Sep 23 11:29:34 imap(john): Debug: acl vfile: file /srv/vmail/maildir/john/maildir/dovecot-acl not found Sep 23 11:29:34 imap(john): Debug: acl vfile: file /srv/vmail/maildir/john/maildir/dovecot-acl not found ... Далее то же самое второй раз(Thunderbird) и третий раз если MUA Outlook. mail.log: Sep 23 11:29:34 imap dovecot: imap-login: Login: user=<john>, method=NTLM, rip=192.168.66.236, lip=192.168.66.50, mpid=15290, session=<iwGtOSU9xtPAqELs> Sep 23 11:29:44 imap dovecot: imap-login: Login: user=<john>, method=NTLM, rip=192.168.66.236, lip=192.168.66.50, mpid=15292, session=<pCtMOiU9ytPAqELs> Не могу разобраться, почему _каждый_ раз при подключении запрашивается пароль?