Re: [Samba] Samba4 AD and mail auth
Thank you Davor I will try this solution. --- Mit freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis [2] Am 2013-06-29 08:26, schrieb Davor Vusir: > Hi Carsten! > > Check out this how-to: > http://www.iredmail.org/wiki/index.php?title=Integration/Active.Directory.iRedMail > [1] > > Works like a charm! > > Regards > Davor > > ---------- > From: "Carsten Laun-De Lellis" > Sent: Friday, June 28, 2013 6:49 PM > To: "Achim Gottinger" > Cc: > Subject: Re: [Samba] Samba4 AD and mail auth > Hi Achim Don't wanna bothering you, but I still got error Messages. Jun 28 > 15:09:57 rv1325 dovecot: auth: Debug: auth client connected (pid=2157) Jun 28 > 15:09:57 rv1325 dovecot: auth: Debug: client in: > AUTH#0111#011NTLM#011service=imap#011session=KkN8mDbgGABUmsab#011lip=178.254.21.125#011rip=84.154.198.155#011lport=143#011rport=49432 > Jun 28 15:09:57 rv1325 dovecot: auth: Debug: client passdb out: > CONT#0111#011 Jun 28 15:09:57 rv1325 dovecot: auth: Debug: client in: > CONT#0111#011TlRMTVNTUAABB4IIogAGAvAjDw== > (previous base64 data may contain sensitive data) Jun 28 15:09:57 rv1325 > dovecot: auth: Debug: client passdb out: > CONT#0111#011TlRMTVNTUAACDAAMADAFAooAzlGLZuaYgz0AABQAFAA8cgB2ADEAMwAyADUAAwAMAHIAdgAxADMAMgA1AAA= > Jun 28 15:09:58 rv1325 dovecot: auth: Debug: client in: CONT#0111#011TlRMTVNTUAADGAAYAHYAAADAAMAAjgBYEAAQAFgOAA4AaABOAQAABQKIAgYC8CMP6HRQNL0+o3yODw5hHqFFvHQAZQBzAHQAdQBzAGUAcgBXADAAMAAwADAAMAA1ABnluuxW4N/hRueL6TyYm30BAQAAAB2Yjc4AdM4B6LKt7eH6AGUAAwAMAHIAdgAxADMAMgA1AAgAMAAwAAEAIAAABJBPeBFKFDBXIh0KoOgHioqV/yHKS7i3O2lbwelRVv4KABkAMABpAG0AYQBwAC8AcgB2ADEAMwAyADUALgBkAGUAbABlAGwAbABpAHMALgBuAGUAdA== (previous base64 data may contain sensitive data) Jun 28 15:09:58 rv1325 dovecot: auth: Debug: password(testuser,84.154.198.155,): passdb doesn't support credential lookups Jun 28 15:09:58 rv1325 dovecot: auth: Debug: password(testuser,84.154.198.155,): passdb doesn't support credential lookups Jun 28 15:10:00 rv1325 dovecot: auth: Debug: client passdb out: FAIL#0111#011user=testuser Jun 28 15:10:00 rv1325 dovecot: auth: Debug: client in: AUTH#0112#011DIGEST-MD5#011service=imap#011session=KkN8mDbgGABUmsab#011lip=178.254.21.125#011rip=84.154.198.155#011lport=143#011rport=49432 Jun 28 15:10:04 rv1325 dovecot: auth: Debug: client passdb out: CONT#0112#011cmVhbG09IiIsbm9uY2U9Ii9nZndwbWd1TTlDMlVkekhZRld0R0E9PSIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI= Jun 28 15:10:04 rv1325 dovecot: auth: Debug: client in: CONT#0112#011dXNlcm5hbWU9InRlc3R1c2VyIixyZWFsbT0iIixub25jZT0iL2dmd3BtZ3VNOUMyVWR6SFlGV3RHQT09IixkaWdlc3QtdXJpPSJpbWFwL3J2MTMyNS5kZWxlbGxpcy5uZXQiLGNub25jZT0iMjQ0NTRjZjAxNjVmOTE3YmVjMTJhMjk5OTc1ZGQ0MTYiLG5jPTAwMDAwMDAxLHJlc3BvbnNlPWVjZWI4MjJhZDFiZWY4NjU1OTYzMTk0YzhlZDQ0NmYxLHFvcD1hdXRoLGNoYXJzZXQ9dXRmLTg= (previous base64 data may contain sensitive data) Jun 28 15:10:04 rv1325 dovecot: auth: Debug: password(testuser,84.154.198.155,): passdb doesn't support credential lookups Jun 28 15:10:06 rv1325 dovecot: auth: Debug: client passdb out: FAIL#0112#011user=testuser Jun 28 15:10:06 rv1325 dovecot: auth: Debug: client in: AUTH#0113#011PLAIN#011service=imap#011session=KkN8mDbgGABUmsab#011lip=178.254.21.125#011rip=84.154.198.155#011lport=143#011rport=49432#011resp=AHRlc3R1c2VyAHRlc3R1c2Vy (previous base64 data may contain sensitive data) My auth.conf file Looks like: hosts = localhost auth_bind = yes auth_bind_userdn = sAMAccountName=%u,cn=Users,dc=delellis,dc=net base = cn=Users,dc=delellis,dc=net ldap_version = 3 pass_filter = (&(objectClass=user)(sAMAccoutName=%u)(mail=*)) And I have no idea why it doesn't work. --- Mit freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis [2][2] Am 2013-06-28 14:04, schrieb Achim Gottinger: Am 28.06.2013 13:55, schrieb Carsten Laun-De Lellis: Hi Achim Thankx a lot. I will try. Have a nice Weekend. NP take a look at this http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds [3] [1] --- Mit freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis [2] [2] Am 2013-06-28 13:35, schrieb Achim Gottinger: Am 28.06.2013 13:24, schrieb Carsten L
Re: [Samba] Samba4 AD and mail auth
Dear Achim Thank you very much for your Support so far. I think I am really close, but not there yet. I got the following log Messages: Jun 28 20:12:33 rv1325 dovecot: auth: Debug: client passdb out: FAIL#0115#011user=test Jun 28 20:12:33 rv1325 dovecot: auth: Debug: client in: AUTH#0116#011LOGIN#011service=smtp#011nologin#011lip=178.254.21.125#011rip=84.154.198.155#011secured Jun 28 20:12:37 rv1325 dovecot: auth: Debug: client passdb out: CONT#0116#011VXNlcm5hbWU6 Jun 28 20:12:37 rv1325 dovecot: auth: Debug: client in: CONT#0116#011dGVzdA== (previous base64 data may contain sensitive data) Jun 28 20:12:37 rv1325 dovecot: auth: Debug: client passdb out: CONT#0116#011UGFzc3dvcmQ6 Jun 28 20:12:37 rv1325 dovecot: auth: Debug: client in: CONT#0116#011dGVzdHVzZXI= (previous base64 data may contain sensitive data) Jun 28 20:12:37 rv1325 dovecot: auth: Debug: ldap(test,84.154.198.155): bind search: base=cn=Users, dc=delellis, dc=net filter=(&(objectClass=person)(sAMAccountName=test)) Jun 28 20:12:37 rv1325 dovecot: auth: Debug: ldap(test,84.154.198.155): result: sAMAccountName=test; sAMAccountName unused Jun 28 20:12:37 rv1325 dovecot: auth: Debug: ldap(test,84.154.198.155): result: sAMAccountName=test Jun 28 20:12:37 rv1325 dovecot: auth: Debug: client passdb out: OK#0116#011user=test#011u%=test As you can see the sAMAccountName is set to test, what is right, but what I don't understand is the line saying sAMAccountName is unused. Does anyone could give me the last push. I would really appreciate. Regards, --- Mit freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis [2] Am 2013-06-28 19:14, schrieb Achim Gottinger: > Am 28.06.2013 18:49, schrieb Carsten Laun-De Lellis: > >> Hi Achim >> >> Don't wanna bothering you, but I still got error Messages. > Never mind got curious by myself. replacing cn with sAMAccountNName can not > work because the dn's are defined with cn. > I mailed oyu that link before > http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds [1]. > It describes two ways for passdb lookups and you must use the "DN lookup" > type, which does an anonymous query with pass_filter for the dn first and > then tries to autheticate with that dn against samba4/ldap. > You can eighter configure samba4 to allow anonymous queries or use an samba > user account like i did with userpadd => dn/dnpass. > > Try this, worked here. > > hosts = localhost > dn = cn=ldap,cn=Users,dc=delellis,dc=net > dnpass = [password] > auth_bind = yes > ldap_version = 3 > > base = cn=Users,dc=delellis,dc=net pass_attrs = sAMAccountName=user > pass_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*)) > > My auth.conf file Looks like: > > hosts = localhost auth_bind = yes auth_bind_userdn = > sAMAccountName=%u,cn=Users,dc=delellis,dc=net base = > cn=Users,dc=delellis,dc=net ldap_version = 3 > > pass_filter = (&(objectClass=user)(sAMAccoutName=%u)(mail=*)) > > And I have no idea why it doesn't work. > --- > > Mit freundlichem Gruß > > Carsten Laun-De Lellis > > Hauptstrasse 13 > D-67705 Trippstadt > > Phone: +49 6306 992140 > Fax: +49 6306 992142 > Mobile: +49 151 27530865 > email: carsten.delel...@delellis.net > > http://www.linkedin.com/in/carstenlaundelellis [2] > > Am 2013-06-28 14:04, schrieb Achim Gottinger: > Am 28.06.2013 13:55, schrieb Carsten Laun-De Lellis: > > Hi Achim > > Thankx a lot. I will try. > > Have a nice Weekend. NP take a look at this > > http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds [1] > > --- > > Mit freundlichem Gruß > > Carsten Laun-De Lellis > > Hauptstrasse 13 > D-67705 Trippstadt > > Phone: +49 6306 992140 > Fax: +49 6306 992142 > Mobile: +49 151 27530865 > email: carsten.delel...@delellis.net > > http://www.linkedin.com/in/carstenlaundelellis [2] > > Am 2013-06-28 13:35, schrieb Achim Gottinger: > > Am 28.06.2013 13:24, schrieb Carsten Laun-De Lellis: > Hi Achim First of all thankx for your input. The way you set it up was the > way I did it. But when I go thru your ldap configuration it doesn't really > solves my Problem or, maybe more likely, I don't understand it. For Auth I > want my users to connect to dovecot with user/Password token. In your config > I can't see where you match the Password to the AD Password. > > For authetification dovecot uses what is configured in passdb in the > corresponding ldap config you can see it uses auth_bind=yes and > auth_bind_userdn defines the dn used to auth agai
Re: [Samba] Samba4 AD and mail auth
Hi Achim Don't wanna bothering you, but I still got error Messages. Jun 28 15:09:57 rv1325 dovecot: auth: Debug: auth client connected (pid=2157) Jun 28 15:09:57 rv1325 dovecot: auth: Debug: client in: AUTH#0111#011NTLM#011service=imap#011session=KkN8mDbgGABUmsab#011lip=178.254.21.125#011rip=84.154.198.155#011lport=143#011rport=49432 Jun 28 15:09:57 rv1325 dovecot: auth: Debug: client passdb out: CONT#0111#011 Jun 28 15:09:57 rv1325 dovecot: auth: Debug: client in: CONT#0111#011TlRMTVNTUAABB4IIogAGAvAjDw== (previous base64 data may contain sensitive data) Jun 28 15:09:57 rv1325 dovecot: auth: Debug: client passdb out: CONT#0111#011TlRMTVNTUAACDAAMADAFAooAzlGLZuaYgz0AABQAFAA8cgB2ADEAMwAyADUAAwAMAHIAdgAxADMAMgA1AAA= Jun 28 15:09:58 rv1325 dovecot: auth: Debug: client in: CONT#0111#011TlRMTVNTUAADGAAYAHYAAADAAMAAjgBYEAAQAFgOAA4AaABOAQAABQKIAgYC8CMP6HRQNL0+o3yODw5hHqFFvHQAZQBzAHQAdQBzAGUAcgBXADAAMAAwADAAMAA1ABnluuxW4N/hRueL6TyYm30BAQAAAB2Yjc4AdM4B6LKt7eH6AGUAAwAMAHIAdgAxADMAMgA1AAgAMAAwAAEAIAAABJBPeBFKFDBXIh0KoOgHioqV/yHKS7i3O2lbwelRVv4KABkAMABpAG0AYQBwAC8AcgB2ADEAMwAyADUALgBkAGUAbABlAGwAbABpAHMALgBuAGUAdA== (previous base64 data may contain sensitive data) Jun 28 15:09:58 rv1325 dovecot: auth: Debug: password(testuser,84.154.198.155,): passdb doesn't support credential lookups Jun 28 15:09:58 rv1325 dovecot: auth: Debug: password(testuser,84.154.198.155,): passdb doesn't support credential lookups Jun 28 15:10:00 rv1325 dovecot: auth: Debug: client passdb out: FAIL#0111#011user=testuser Jun 28 15:10:00 rv1325 dovecot: auth: Debug: client in: AUTH#0112#011DIGEST-MD5#011service=imap#011session=KkN8mDbgGABUmsab#011lip=178.254.21.125#011rip=84.154.198.155#011lport=143#011rport=49432 Jun 28 15:10:04 rv1325 dovecot: auth: Debug: client passdb out: CONT#0112#011cmVhbG09IiIsbm9uY2U9Ii9nZndwbWd1TTlDMlVkekhZRld0R0E9PSIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI= Jun 28 15:10:04 rv1325 dovecot: auth: Debug: client in: CONT#0112#011dXNlcm5hbWU9InRlc3R1c2VyIixyZWFsbT0iIixub25jZT0iL2dmd3BtZ3VNOUMyVWR6SFlGV3RHQT09IixkaWdlc3QtdXJpPSJpbWFwL3J2MTMyNS5kZWxlbGxpcy5uZXQiLGNub25jZT0iMjQ0NTRjZjAxNjVmOTE3YmVjMTJhMjk5OTc1ZGQ0MTYiLG5jPTAwMDAwMDAxLHJlc3BvbnNlPWVjZWI4MjJhZDFiZWY4NjU1OTYzMTk0YzhlZDQ0NmYxLHFvcD1hdXRoLGNoYXJzZXQ9dXRmLTg= (previous base64 data may contain sensitive data) Jun 28 15:10:04 rv1325 dovecot: auth: Debug: password(testuser,84.154.198.155,): passdb doesn't support credential lookups Jun 28 15:10:06 rv1325 dovecot: auth: Debug: client passdb out: FAIL#0112#011user=testuser Jun 28 15:10:06 rv1325 dovecot: auth: Debug: client in: AUTH#0113#011PLAIN#011service=imap#011session=KkN8mDbgGABUmsab#011lip=178.254.21.125#011rip=84.154.198.155#011lport=143#011rport=49432#011resp=AHRlc3R1c2VyAHRlc3R1c2Vy (previous base64 data may contain sensitive data) My auth.conf file Looks like: hosts = localhost auth_bind = yes auth_bind_userdn = sAMAccountName=%u,cn=Users,dc=delellis,dc=net base = cn=Users,dc=delellis,dc=net ldap_version = 3 pass_filter = (&(objectClass=user)(sAMAccoutName=%u)(mail=*)) And I have no idea why it doesn't work. --- Mit freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis [2] Am 2013-06-28 14:04, schrieb Achim Gottinger: > Am 28.06.2013 13:55, schrieb Carsten Laun-De Lellis: > >> Hi Achim >> >> Thankx a lot. I will try. >> >> Have a nice Weekend. > NP take a look at this > > http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds [1] > > --- > > Mit freundlichem Gruß > > Carsten Laun-De Lellis > > Hauptstrasse 13 > D-67705 Trippstadt > > Phone: +49 6306 992140 > Fax: +49 6306 992142 > Mobile: +49 151 27530865 > email: carsten.delel...@delellis.net > > http://www.linkedin.com/in/carstenlaundelellis [2] > > Am 2013-06-28 13:35, schrieb Achim Gottinger: > > Am 28.06.2013 13:24, schrieb Carsten Laun-De Lellis: > Hi Achim First of all thankx for your input. The way you set it up was the > way I did it. But when I go thru your ldap configuration it doesn't really > solves my Problem or, maybe more likely, I don't understand it. For Auth I > want my users to connect to dovecot with user/Password token. In your config > I can't see where you match the Password to the AD Password. > > For authetification dovecot uses what is configured in passdb in the > corresponding ldap config you can see it uses auth_bind=yes and > auth_bind_userdn defines the dn used to auth against samb4 ldap. > As said on my side cn is identical with
Re: [Samba] Successful Mail Delivery Report
Sorry Achim I didn't want to be rude, but I forgot to answer on your last Suggestion. Using Kerberos is not really an Option for me, because I want to use smartphones as well with no Thunderbird and no Domain Membership. Regards, --- Mit freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis [2] Am 2013-06-28 13:24, schrieb mailer-dae...@samba.org: > This is the mail system at host mail.samba.org. > > Your message was successfully delivered to the destination(s) > listed below. If the message was delivered to mailbox you will > receive no further notifications. Otherwise you may still receive > notifications of mail delivery errors from other systems. > > The mail system > > : delivery via local: alias expanded > > Return-Path: > Received: from mail.samba.org (localhost [127.0.0.1]) > by mail.samba.org (Postfix) with ESMTP id DBA78AD303 > for ; Fri, 28 Jun 2013 05:24:12 -0600 (MDT) > Received: from www.delellis.biz [1] (www.delellis.biz [1] [178.254.18.116]) > by mail.samba.org (Postfix) with ESMTP id 450C4AD2EB > for ; Fri, 28 Jun 2013 05:24:09 -0600 (MDT) > Received: from localhost (localhost [127.0.0.1]) > by www.delellis.biz [1] (Postfix) with ESMTP id CDFEE45E0B15; > Fri, 28 Jun 2013 13:24:08 +0200 (CEST) > X-Virus-Scanned: Debian amavisd-new at v37143.1blu.de > Received: from www.delellis.biz [1] ([127.0.0.1]) > by localhost (v37143.1blu.de [127.0.0.1]) (amavisd-new, port 10024) > with ESMTP id 6P4RsfschdKY; Fri, 28 Jun 2013 13:24:06 +0200 (CEST) > Received: from www.delellis.biz [1] (localhost [127.0.0.1]) > by www.delellis.biz [1] (Postfix) with ESMTPSA; > Fri, 28 Jun 2013 13:24:06 +0200 (CEST) > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="=_17e6628ac7caeaac19c494af3e336995" > Date: Fri, 28 Jun 2013 13:24:01 +0200 > From: Carsten Laun-De Lellis > To: Achim Gottinger > Cc: samba@lists.samba.org > Subject: Re: [Samba] Samba4 AD and mail auth > Reply-To: carsten.delel...@delellis.net > Mail-Reply-To: carsten.delel...@delellis.net > In-Reply-To: <51cd6fd2.3000...@ag-web.biz> > References: <06261b763782810a773729e097fb3...@delellis.net> > <51cd6fd2.3000...@ag-web.biz> > Return-Receipt-To: Carsten Laun-De Lellis > Disposition-Notification-To: Carsten Laun-De Lellis > > Message-ID: <779dcb1b657cd532f8a8b4123f55b...@delellis.net> > X-Sender: carsten.delel...@delellis.net > User-Agent: Roundcube Webmail/RCMAIL_VERSION Links: -- [1] http://www.delellis.biz [2] http://www.linkedin.com/in/carstenlaundelellis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 AD and mail auth
Hi Achim
First of all thankx for your input.
The way you set it up was the way I did it. But when I go thru your ldap
configuration it doesn't really solves my Problem or, maybe more likely,
I don't understand it.
For Auth I want my users to connect to dovecot with user/Password token.
In your config I can't see where you match the Password to the AD
Password.
Maybe I wasn't specific enough, what I want to do. Or I don't understand
where I you match again the user Password. And again there is a good
Chance that the Problem is myself. :'(
Thankx again.
---
Mit freundlichem Gruß
Carsten Laun-De Lellis
Hauptstrasse 13
D-67705 Trippstadt
Phone: +49 6306 992140
Fax: +49 6306 992142
Mobile: +49 151 27530865
email: carsten.delel...@delellis.net
http://www.linkedin.com/in/carstenlaundelellis [2]
Am 2013-06-28 13:13, schrieb Achim Gottinger:
> Am 28.06.2013 10:31, schrieb Carsten Laun-De Lellis:
>
>> Hi list Does anyone has experience in setting up dovecot or any other mail
>> system with user auth against a Samba4 AD ? If yes could I get some advice
>> on that Topic or even a link to a ressource where I can get some
>> Information. Googled a lot but didn't find something yet. Thankx in advance.
>
> I did it with dovecot/postfix on debian wheezy, there is alot more info
> if you look for dovecot setup agains Microsoft AD.
>
> First create an user for ldap queries:
>
>>samta-tool user add ldap [password]
>
> Configure dovecot passdb against Samba4 AD, add or change this in your
> dovecot.conf bzw. auth-ldap-conf.ext (on wheezy)
>
> # Authentication for LDAP users
>
> passdb {
> driver = ldap
> args = /etc/dovecot/dovecot-ldap-passdb.conf.ext
> }
>
> Create /etc/dovecot/dovecot-ldap-passdb.conf.ext, can be you have to use
> sAMAccountName instead of cn for auth_bind_userdn and pass_filter. On my
> side these are identical because i migrated from samba3/openldap. Filter
> is looking for person classes with matchin cn and an exiting mail attribute.
>
> hosts = localhost
> auth_bind = yes
> auth_bind_userdn = cn=%u,cn=Users,dc=yourdomain,dc=local
> ldap_version = 3
>
> base = cn=Users,dc=yourdomain,dc=local
> pass_filter = (&(objectClass=person)(cn=%u)(mail=*))
>
> Use differen ldap settings for other user lookups, this goes again into
> dovecot.conf
>
> # Users
> userdb {
> driver = ldap
> args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
> }
>
> Create /etc/dovecot/dovecot-ldap-uesrdb.conf.ext, again you may have to
> change cn to sAMAccountName in user_filter and iter_attrs. On my side I
> use one system user vmail (uid:999, gid:999) for all maildirs and those
> are stored under /var/lib/vmail. With such an setup attributes like
> uidNumber and gidNumber are not required for every user entry in ldap so
> i can hardcode all neccesary userdb lookup variables.
> I use /var/lib/vmail/[cn] as the dovecot user homedir (for things like
> sieve settings etc.) and /var/lib/vmail/[cn]/mail for the maildir.
>
> hosts = localhost
> dn = cn=ldap,cn=Users,DC=yourdomain,DC=local
> dnpass = [password]
> ldap_version = 3
> base = cn=Users,DC=yourdomain,DC=local
>
> user_attrs =
> =uid=999,=gid=999,=home=/var/lib/vmail/%u,mail=/var/lib/vmail/%u/mail
> user_filter = (&(objectClass=person)(cn=%u)(mail=*))
>
> # Attributes and filter to get a list of all users
> iterate_attrs = cn=user
> iterate_filter = (objectClass=person)
>
> For refernce these are my maildir settings in dovecot.conf (10-mail.conf
> on wheezy).
>
> ## Maildir locations and settings
>
> mail_plugins = acl
> mail_home = /var/lib/vmail/%u
> mail_location = maildir:/var/lib/vmail/%u/mail
> mail_uid = 999
> mail_gid = 999
>
> first_valid_uid = 999
> first_valid_gid = 999
>
> #mail_full_filesystem_access = no
> mail_shared_explicit_inbox = no
> maildir_very_dirty_syncs = yes
>
> namespace {
> list = no
> location =
> maildir:/var/lib/vmail/%%u/mail:INDEX=/var/lib/vmail/%u/mail/shared/%%u
> prefix = shared/%%u/
> separator = /
> subscriptions = no
> type = shared
> }
>
> namespace inbox {
> inbox = yes
> location = maildir:/var/lib/vmail/%u/mail
> prefix =
> separator = /
> type = private
> }
>
> If you want to use kerberos with dovecot (works well with thunderbird on
> domain meber workstations) you have to create an spn and an keytab.
>
> samba-tool spn add imap/server.yourdomain.local@YOURDOMAIN.LOCAL ldap
>
> I had trouble with the keytab but this worked so far (use ldap users
> password if asked).
>
> cd /etc/dovecot
> ktutil
> addent -password -p imap/server.yourdomain.local@YOURDOMAIN.LOCAL -k 1
>
[Samba] Samba4 AD and mail auth
Hi list Does anyone has experience in setting up dovecot or any other mail system with user auth against a Samba4 AD ? If yes could I get some advice on that Topic or even a link to a ressource where I can get some Information. Googled a lot but didn't find something yet. Thankx in advance. -- Mit freundlichem Gruß Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis [1] Links: -- [1] http://www.linkedin.com/in/carstenlaundelellis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 8 and Samba 4 - network path not found
Hi As you can see from the emails before I installed Samba4 from the Ubuntu rep but recompiled it. When I now rund smbclient -L localhost -U% I always get Unknown parameter encountered: "server role" Ignoring unknown parameter "server role" Unknown parameter encountered: "server services" Ignoring unknown parameter "server services" Domain=[DELELLIS] OS=[Unix] Server=[Samba 4.0.1] Sharename Type Comment - --- netlogonDisk sysvol Disk IPC$IPC IPC Service (Samba 4.0.1) Domain=[DELELLIS] OS=[Unix] Server=[Samba 4.0.1] Server Comment ---- WorkgroupMaster ---- Telling me that there are 2 unknown parameters "server role" and "server services" in smb.conf. The file was generated as output of the samba-tool provision command. I still can't logon to my server. Could this has something to do with the unknown entries ? Mit freundlichem Gruß Carsten Laun-De Lellis Dipl.-Ing. Elektrotechnik Certified Information Systems Auditor (CISA) Hauptstrasse 13 D-67705 Trippstadt Phone: +49 (6306) 992140 Mobile: +49 (151) 27530865 Fax: +49 (6306) 992142 email: carsten.delel...@delellis.net -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Carsten Laun-De Lellis Sent: Samstag, 11. Mai 2013 00:27 To: samba@lists.samba.org Subject: [Samba] Windows 8 and Samba 4 - network path not found Hi list I have a problem and I hope anyone here can provide me a solution to my problem. I have a Samba4 Server installed on a hosted platform with bind9 flatfile backend. The OS is Ubuntu 12.04 LTS. All tests on the server succeeded. Name resolution works fine and also the sambaclient -L localhost -U% is successful. Whenever I try to join the domain with my Win8 machine I get the error message: "Network path not found". Does Win8 works with Samba4 in general ? Where to look at when getting the error message ? Thankx in advance. My smb.conf file looks at follows: [global] workgroup = DELELLIS realm = DELELLIS.LAN netbios name = RV1325 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate [netlogon] path = /var/lib/samba/sysvol/delellis.lan/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No Regards, Carsten Laun-De Lellis Dipl.-Ing. Elektrotechnik Certified Information Systems Auditor (CISA) Hauptstrasse 13 D-67705 Trippstadt Phone: +49 (6306) 992140 Mobile: +49 (151) 27530865 Fax: +49 (6306) 992142 email:<mailto:carsten.delel...@delellis.net> carsten.delel...@delellis.net <http://www.linkedin.com/in/carstenlaundelellis> http://www.linkedin.com/in/carstenlaundelellis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 8 and Samba 4 - network path not found
Hi Hisham First of all thankx for your reply to my post. I Installed Samba with the repo package but then updated it and rebuild it with the new source package from Ubuntu repo. Regarding DNS. I did all the queries on the server itself as well as on my Win8 Box. Everything worked fine. All services were available. Regards, Carsten Laun-De Lellis Dipl.-Ing. Elektrotechnik Certified Information Systems Auditor (CISA) Hauptstrasse 13 D-67705 Trippstadt Phone: +49 (6306) 992140 Mobile: +49 (151) 27530865 Fax: +49 (6306) 992142 email:<mailto:carsten.delel...@delellis.net> carsten.delel...@delellis.net <http://www.linkedin.com/in/carstenlaundelellis> http://www.linkedin.com/in/carstenlaundelellis From: Hisham Attar [mailto:hashi...@gmail.com] Sent: Samstag, 11. Mai 2013 03:34 To: seme...@syndetics.net Cc: carsten.delel...@delellis.net; samba@lists.samba.org Subject: Re: [Samba] Windows 8 and Samba 4 - network path not found on windows this generally means it cant access the share of the DC, you'll find if you try to go to the network pather in explorer you will get the same message, if you can map to it on the DC, try reinstalling Simple file sharing and Client for microsoft networks on the adapter for the Windows 8 box On Sat, May 11, 2013 at 9:58 AM, Nick Semenkovich mailto:seme...@alum.mit.edu> > wrote: I've been using Windows 8 with samba4 as an AD DC for a while (on ubuntu 13.04) with no big issues. Did you install using the git repo or apt? My biggest issues were with DNS -- perhaps double-check that DNS entries are correct and clients are also using the DNS server (https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS ) On Fri, May 10, 2013 at 5:26 PM, Carsten Laun-De Lellis mailto:carsten.delel...@delellis.net> > wrote: > Hi list > > > > I have a problem and I hope anyone here can provide me a solution to my > problem. > > > > I have a Samba4 Server installed on a hosted platform with bind9 flatfile > backend. The OS is Ubuntu 12.04 LTS. All tests on the server succeeded. > > Name resolution works fine and also the sambaclient -L localhost -U% is > successful. > > > > Whenever I try to join the domain with my Win8 machine I get the error > message: "Network path not found". > > > > Does Win8 works with Samba4 in general ? > > Where to look at when getting the error message ? > > > > Thankx in advance. > > > > My smb.conf file looks at follows: > > > > [global] > > workgroup = DELELLIS > > realm = DELELLIS.LAN > > netbios name = RV1325 > > server role = active directory domain controller > > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate > > > > [netlogon] > > path = /var/lib/samba/sysvol/delellis.lan/scripts > > read only = No > > > > [sysvol] > > path = /var/lib/samba/sysvol > > read only = No > > > > > > > > Regards, > > > > > > > > Carsten Laun-De Lellis > > Dipl.-Ing. Elektrotechnik > > Certified Information Systems Auditor (CISA) > > > > Hauptstrasse 13 > > D-67705 Trippstadt > > > > Phone: +49 (6306) 992140 > > Mobile: +49 (151) 27530865 > > Fax: +49 (6306) 992142 > > email:<mailto:carsten.delel...@delellis.net <mailto:carsten.delel...@delellis.net> > > carsten.delel...@delellis.net <mailto:carsten.delel...@delellis.net> > > > > <http://www.linkedin.com/in/carstenlaundelellis> > http://www.linkedin.com/in/carstenlaundelellis > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 8 and Samba 4 - network path not found
Hi list I have a problem and I hope anyone here can provide me a solution to my problem. I have a Samba4 Server installed on a hosted platform with bind9 flatfile backend. The OS is Ubuntu 12.04 LTS. All tests on the server succeeded. Name resolution works fine and also the sambaclient -L localhost -U% is successful. Whenever I try to join the domain with my Win8 machine I get the error message: "Network path not found". Does Win8 works with Samba4 in general ? Where to look at when getting the error message ? Thankx in advance. My smb.conf file looks at follows: [global] workgroup = DELELLIS realm = DELELLIS.LAN netbios name = RV1325 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate [netlogon] path = /var/lib/samba/sysvol/delellis.lan/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No Regards, Carsten Laun-De Lellis Dipl.-Ing. Elektrotechnik Certified Information Systems Auditor (CISA) Hauptstrasse 13 D-67705 Trippstadt Phone: +49 (6306) 992140 Mobile: +49 (151) 27530865 Fax: +49 (6306) 992142 email:<mailto:carsten.delel...@delellis.net> carsten.delel...@delellis.net <http://www.linkedin.com/in/carstenlaundelellis> http://www.linkedin.com/in/carstenlaundelellis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 on hosted root server
Hi list I am trying to install Samba4 on a hosted server but haven't been successful yet. Environment: Hosted Server with official .net domain. OS is Ubuntu 12.04 LTS Server 64-bit. DNS for domain is registred with provider's name servers. Installed Samba with Bind backend following the how-to on http://www.matrix44.net/cms/notes/gnulinux/samba-4-ad-domain-with-ubuntu-12-04 [1] . When I tried to join the domain I got an error message that SRV _ldap._tcp.dc.msdcs.official.domain not found. No DC can't be located. I checked if name service is working properly on the server itself: > host -t SRV _ldap._tcp.dc.msdcs.official.domain _ldap._tcp.dc.msdcs.official.domain has SRV record 0 0 389 rv1325.official.domain. >host -t SRV _kerberos._udp.official.domain _kerberos._udp.official.domain has SRV record 0 0 88 rv1325.official.domain. >host -t SRV _ldap._tcp.official.domain _ldap._tcp.official.domain has SRV record 0 100 389 rv1325.official.domain. Everything looks fine I tried the same from another linux server with: >host -t SRV _ldap._tcp.dc.msdcs.official.domain [server-ip] Also everything works fine. I've got the same replys. But whenever I try to join the domain it doesn't work. I would appreciate any help and ideas. -- Regards, Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49 6306 992140 Fax: +49 6306 992142 Mobile: +49 151 27530865 email: carsten.delel...@delellis.net http://www.linkedin.com/in/carstenlaundelellis [2] Links: -- [1] http://www.matrix44.net/cms/notes/gnulinux/samba-4-ad-domain-with-ubuntu-12-04 [2] http://www.linkedin.com/in/carstenlaundelellis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
