-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Of course Dmitri
Here you go. I was actually trying to resolve this for an automated kickstart process anyway. The details specific to dovecot are in the middle. # Connect server to IPA domain (ensure DNS is working correctly otherwise this step will fail) ipa-client-install -U -p admin -w mysecretpassword # install postfix if necessary (installed by default in rhel6) yum -y install postfix # set postfix to start on boot chkconfig postfix on # configure postfix with hostname, domain and origin details sed -i 's/#myhostname = host.domain.tld/myhostname = servername.example.com/g' /etc/postfix/main.cf sed -i 's/#mydomain = domain.tld/mydomain = example.com/g' /etc/postfix/main.cf sed -i 's/#myorigin = $mydomain/myorigin = $mydomain/g' /etc/postfix/main.cf # configure postfix to listen on all interfaces sed -i 's/#inet_interfaces = all/inet_interfaces = all/g' /etc/postfix/main.cf sed -i 's/inet_interfaces = localhost/#inet_interfaces = localhost/g' /etc/postfix/main.cf # apply postfix changes service postfix restart # Install dovecot yum -y install dovecot # set dovecot to start on boot chkconfig dovecot on # set dovecot to listen on imap and imaps only sed -i 's/#protocols = imap pop3 lmtp/protocols = imap imaps/g' /etc/dovecot/dovecot.conf # point dovecot to required mailbox directory (This is the section that was previously failing) echo "mail_location = mbox:~/mail:INBOX=/var/mail/%u" >> /etc/dovecot/dovecot.conf # reload dovecot to apply changes service dovecot restart # Apply working IPtables cat > /etc/sysconfig/iptables << EOF # Generated by iptables-save v1.4.7 on Tue Jan 10 12:17:41 2012 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [29:4596] - -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT - -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT - -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT - -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT - -A INPUT -p icmp -j ACCEPT - -A INPUT -i lo -j ACCEPT - -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT - -A INPUT -j REJECT --reject-with icmp-host-prohibited - -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Tue Jan 10 12:17:41 2012 EOF With the above details, I am able to replicate a 100% working IPA authenticated mail server, allowing IPA users to retrieve mail via imap/imaps. I hope this helps. Dale On 01/30/2012 01:46 PM, Dmitri Pal wrote: > On 01/30/2012 07:16 AM, Dale Macartney wrote: > > >> Hi all >> >> I'm working on a test lab setup at the moment with RHEL 6.2 running IPA >> 2.1 and experimenting with simple mail server setups. . >> >> I have mail being received base on pam lookups from IPA. The mail server >> is tapped into IPA via the ipa-client-install. >> >> I am using a default install of the dovecot rpm from RHN, and dovecot is >> listening via imap/imaps, however all authentication requests fail when >> attempting to login via imap.. >> >> I added the necessary keytabs for imap/mail.example.com and >> imaps/mail.example.com to /etc/krb5.keytab but this hasn't allowed >> authentication. >> >> has anyone set up dovecot through IPA before? Any recommendations? >> >> > Hi Dale, > > Will you be so kind to share with the list a little bit more details about how to setup Dovecot with IPA? If you can provide step by step instructions we would publish them on the FreeIPA wiki. > > Thank you > Dmitri > > >> thanks all >> >> Dale >> >> > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IPA project, > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPJshWAAoJEAJsWS61tB+qN48P/RR7qGHnLAmfRT4dWm8b/fHp C4oC/PtYmlw4CXxUh2ILfnnMTuGAD9sJMWHC0NGqdvKF9j/+ahcdaDg1KJmZ2JxH C4OQKsBj5sBPcicJQIBVUzU77VbZR5ZVXidc1ixLaLETXnz48OhQy9SYu8IbuxIE V1LJKRltJQ54CthD7xExkofiuxDQr++4IMF8WSMtApDexemrGiQtP/bfmVn2oszN xypkaFyNk8n4oUznd8QncSo2PukxVL1Is3q+hnWwyMsQrIP0xlhVbF3YfeLmTMNv yHh41ehS2GwmXJguYAe/dnpxHkxqXzmGBjN3lYxekfFfeUlfrxPZCVC/S9J9lrwX rgqZFiqKdrBFINmwfqeN2MAzLggcc7sxK5cwBv9dw1wUeJxhm0junFEymrYXER3s +Ps4UlJmH4Hts0bDomQDZ3d7Cxf2V8JtXm1ux4HkEkiVA1cUkuvvqkmcEie1XhAH nNC7tVnJg3xYm5lTvC6WV9R9lxOWq+w4O1saJfjkqpNaqB/shoZCMv+JOQGPcaKm SCsbOrMtUITq4jjDo84I/LLaZg3LF91aPZSfs9lJIECh3GV1+rG70X3DtjWQ9ucq vlKG4GHRvdcTzCsb9/HOCM3aFsLOt5eb3/WQBvSWZ860xNDS6Gcd92OLkW8zainu idEItJm/ii0j+wwW6aiT =NvTn -----END PGP SIGNATURE-----
0xB5B41FAA.asc
Description: application/pgp-keys
0xB5B41FAA.asc.sig
Description: PGP signature
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
