Hello Bob,
What state of ldapprebind file in qmail/control/ ?
Best wishes,
Gennady.
Bob Miller писал 30.03.2012 04:47:
Hi Nicolas,
Thank you for your response.
I have tried both SMTPAUTH="" and SMTPAUTH="TLSREQUIRED". In both
cases
the authentication failed, even though the correct search string
appears
to have been passed to samba4's ldb. it's as though qmail is able to
do
a lookup, but isn't able to verify that the password is correct...
On Fri, 2012-03-30 at 01:12 +0100, Nicolas de Bari Embriz Garcia
Rojas
wrote:
Hi, check that your /var/qmail/control/qmail-smtpd.rules have
something like
:allow,SMTPAUTH=""
On Fri, Mar 30, 2012 at 12:10 AM, Bob Miller <[email protected]>
wrote:
> greetings
>
> I have been trying to get qmail-ldap to work with samba4's Active
> Directory implementation. It seems that all parts are working
with the
> exception of smtpauth.
>
> WHAT WORKS: When I send a mail to the system, it successfully
verifies
> if a user exists and denies if the user doesn't exist.
qmail-ldaplookup
> -m/-u both run without error and report what I would expect to
see.
> When I set samba4 into a debug mode, I can see the ldb query
coming
> through in the logs. In fairness, those logs do not report
success or
> failure of the lookup, or the values returned, but the fact that
things
> work indicate the ldap communication to samba4 was a success. I
also
> take these successes to mean my ~controls/ldap* files are set up
> correctly. I can also use ldbsearch to verify my user/pass info
is
> correct.
>
> SMTPAUTH: I have compiled with TLS and enabled
SMTPAUTH="TLSREQUIRED", I
> can verify the encryption is working because when I rename the
cert, I
> get an error in qmail's logs when it is not working (presumably
thanks
> to TLSDEBUG). I gather from what I have read that that is all I
need to
> do. There were mentions in the life with qmail-ldap that some
extra
> arguments are required in the run script, but I found some mailing
list
> post that says that is not required.
>
> BROKEN:When I try to send a authenticated mail using thunderbird,
I see
> the following in qmail logs:
>
> auth login
> authentication failed: authentication failure
>
> However, the samba4 logs continue to indicate a valid search query
is
> being made. When I base64-encode my user/pass and use telnet to
test
> the smtp connection, I get the exact same symptoms as using
thunderbird;
> the samba4 logs indicate a good search string and the qmail logs
say
> authentication failure.
>
> TRIED: I have scoured the mailing lists, there are those who say
active
> directory works out of the box just by modifying qmail-ldap.h,
there are
> those who say you need to modify qldap.c and/or qmail-ldaplookup.c
in
> order to account for userAccountControl. Over the last days, I
have
> tried any patches/suggestions that could apply to samba4 (as
opposed to
> windows server), but not one of them has solved this problem.
>
> In the interest of not making this a novel nobody wants to read, I
will
> leave out the remaining details on what I have done and which
articles I
> have referenced, but I can make that info available.
>
> If anyone can get me pointed in the right direction, I would truly
> appreciate it...
>
> --
> Bob Miller
> 867-334-7117 / 867-633-3760
> http://computerisms.ca
> [email protected]
> Network, Internet, Server,
> and Open Source Solutions
>
--
Best wishes,
Gennady.
