Gennedy, Thank you so much, enabling ldaprebind solved the problem
On Fri, 2012-03-30 at 07:54 +0400, Геннадий Марченко wrote: > Hello Bob, > > What state of ldapprebind file in qmail/control/ ? > > Best wishes, > Gennady. > > Bob Miller писал 30.03.2012 04:47: > > Hi Nicolas, > > > > Thank you for your response. > > > > I have tried both SMTPAUTH="" and SMTPAUTH="TLSREQUIRED". In both > > cases > > the authentication failed, even though the correct search string > > appears > > to have been passed to samba4's ldb. it's as though qmail is able to > > do > > a lookup, but isn't able to verify that the password is correct... > > > > > > On Fri, 2012-03-30 at 01:12 +0100, Nicolas de Bari Embriz Garcia > > Rojas > > wrote: > >> Hi, check that your /var/qmail/control/qmail-smtpd.rules have > >> something like > >> > >> :allow,SMTPAUTH="" > >> > >> > >> > >> On Fri, Mar 30, 2012 at 12:10 AM, Bob Miller <b...@computerisms.ca> > >> wrote: > >> > greetings > >> > > >> > I have been trying to get qmail-ldap to work with samba4's Active > >> > Directory implementation. It seems that all parts are working > >> with the > >> > exception of smtpauth. > >> > > >> > WHAT WORKS: When I send a mail to the system, it successfully > >> verifies > >> > if a user exists and denies if the user doesn't exist. > >> qmail-ldaplookup > >> > -m/-u both run without error and report what I would expect to > >> see. > >> > When I set samba4 into a debug mode, I can see the ldb query > >> coming > >> > through in the logs. In fairness, those logs do not report > >> success or > >> > failure of the lookup, or the values returned, but the fact that > >> things > >> > work indicate the ldap communication to samba4 was a success. I > >> also > >> > take these successes to mean my ~controls/ldap* files are set up > >> > correctly. I can also use ldbsearch to verify my user/pass info > >> is > >> > correct. > >> > > >> > SMTPAUTH: I have compiled with TLS and enabled > >> SMTPAUTH="TLSREQUIRED", I > >> > can verify the encryption is working because when I rename the > >> cert, I > >> > get an error in qmail's logs when it is not working (presumably > >> thanks > >> > to TLSDEBUG). I gather from what I have read that that is all I > >> need to > >> > do. There were mentions in the life with qmail-ldap that some > >> extra > >> > arguments are required in the run script, but I found some mailing > >> list > >> > post that says that is not required. > >> > > >> > BROKEN:When I try to send a authenticated mail using thunderbird, > >> I see > >> > the following in qmail logs: > >> > > >> > auth login > >> > authentication failed: authentication failure > >> > > >> > However, the samba4 logs continue to indicate a valid search query > >> is > >> > being made. When I base64-encode my user/pass and use telnet to > >> test > >> > the smtp connection, I get the exact same symptoms as using > >> thunderbird; > >> > the samba4 logs indicate a good search string and the qmail logs > >> say > >> > authentication failure. > >> > > >> > TRIED: I have scoured the mailing lists, there are those who say > >> active > >> > directory works out of the box just by modifying qmail-ldap.h, > >> there are > >> > those who say you need to modify qldap.c and/or qmail-ldaplookup.c > >> in > >> > order to account for userAccountControl. Over the last days, I > >> have > >> > tried any patches/suggestions that could apply to samba4 (as > >> opposed to > >> > windows server), but not one of them has solved this problem. > >> > > >> > In the interest of not making this a novel nobody wants to read, I > >> will > >> > leave out the remaining details on what I have done and which > >> articles I > >> > have referenced, but I can make that info available. > >> > > >> > If anyone can get me pointed in the right direction, I would truly > >> > appreciate it... > >> > > >> > -- > >> > Bob Miller > >> > 867-334-7117 / 867-633-3760 > >> > http://computerisms.ca > >> > b...@computerisms.ca > >> > Network, Internet, Server, > >> > and Open Source Solutions > >> > > >> > >> > >> > -- Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca b...@computerisms.ca Network, Internet, Server, and Open Source Solutions