On Mon, 4 Jul 2016 08:54:27 +0300 Aki Tuomi <aki.tu...@dovecot.fi> wrote:
> > http://wiki2.dovecot.org/Authentication/Kerberos > > It has been now updated. Excellent! That was quick! Although, you used my actual local domain in your example: mail.hprs.local. Not that I care, no one can get to that, but it might be clearer to those of us who uncomprehendingly monkey-type things from wiki's when we don't fully understand. Perhaps something more generic would be clearer: myhost.myrealm, or myhost.mydom.local, or myLocalFDQN -- something like that. Not sure what is best; just don't want to imply that they HAVE TO use mail.hprs.local. > I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2. > I have to set up some kind of test environment to find out why it bugs. I'm going to give my brain a rest for a bit before I resume tilting at the NTML windmill! I'll check back with the list to see if you've come up with anything. > Aki Again, thanks for all your help. --Mark -----Original Message----- > Subject: Re: Configure Dovecot for GSSAPI [formerly: Looking for GSSAPI > config] > To: dovecot@dovecot.org > From: Aki Tuomi <aki.tu...@dovecot.fi> > Organization: Dovecot Oy > Date: Mon, 4 Jul 2016 08:54:27 +0300 > > On 04.07.2016 07:44, Mark Foley wrote: > > After a over a year and a half struggling to get Dovecot to do either NTLM > > or GSSAPI > > authentication with Samba4 AD/DC, I believe I've finally got it! Thanks to > > all those in this > > list who helped: Jan Jurkus, Edgar Pettijohn, Gregory Sloop, Tom Talpey > > especially Aki Tuomi; > > and infinite thanks to Achim Gottinger on the SambaList for his patience in > > working this > > through with me. Although my purpose was for Dovecot to authenticate mail > > clients, the > > configuration settings needed were on the Samba side. I hope a variation > > of these instructions > > can eventually make it into: > > > > http://wiki2.dovecot.org/Authentication/Kerberos > > > > > > It has been now updated. > > I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2. > I have to set up some kind of test environment to find out why it bugs. > > Aki >