greetings I have been trying to get qmail-ldap to work with samba4's Active Directory implementation. It seems that all parts are working with the exception of smtpauth.
WHAT WORKS: When I send a mail to the system, it successfully verifies if a user exists and denies if the user doesn't exist. qmail-ldaplookup -m/-u both run without error and report what I would expect to see. When I set samba4 into a debug mode, I can see the ldb query coming through in the logs. In fairness, those logs do not report success or failure of the lookup, or the values returned, but the fact that things work indicate the ldap communication to samba4 was a success. I also take these successes to mean my ~controls/ldap* files are set up correctly. I can also use ldbsearch to verify my user/pass info is correct. SMTPAUTH: I have compiled with TLS and enabled SMTPAUTH="TLSREQUIRED", I can verify the encryption is working because when I rename the cert, I get an error in qmail's logs when it is not working (presumably thanks to TLSDEBUG). I gather from what I have read that that is all I need to do. There were mentions in the life with qmail-ldap that some extra arguments are required in the run script, but I found some mailing list post that says that is not required. BROKEN:When I try to send a authenticated mail using thunderbird, I see the following in qmail logs: auth login authentication failed: authentication failure However, the samba4 logs continue to indicate a valid search query is being made. When I base64-encode my user/pass and use telnet to test the smtp connection, I get the exact same symptoms as using thunderbird; the samba4 logs indicate a good search string and the qmail logs say authentication failure. TRIED: I have scoured the mailing lists, there are those who say active directory works out of the box just by modifying qmail-ldap.h, there are those who say you need to modify qldap.c and/or qmail-ldaplookup.c in order to account for userAccountControl. Over the last days, I have tried any patches/suggestions that could apply to samba4 (as opposed to windows server), but not one of them has solved this problem. In the interest of not making this a novel nobody wants to read, I will leave out the remaining details on what I have done and which articles I have referenced, but I can make that info available. If anyone can get me pointed in the right direction, I would truly appreciate it... -- Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca b...@computerisms.ca Network, Internet, Server, and Open Source Solutions
