On (12/09/17 09:24), Edouard Guigné wrote:
>Hello dear SSSD Users,
>
>I would like to get informations concerning postfix cyrus sasl vs sssd
>authentication.
>
>My goal is that users using my mail server (postfix and imap server cyrus) to
>be able to authenticate against AD.
>It suppose postfix and cyrus configured with sasl, and sasl configured to use
>pam.
>Pam should be configured to use SSSD against AD....
>
>[Postfix / Cyrus <==> sasl (pam) <==> SSSD] .... <===> [MY Microsoft Windows
>Server Active Directory]
>
>I would like to know if someone has already used this configuration. Does it
>work ?
>If yes, may you explain me the packages to install on centos 7, and the file
>configuration ?
>saslauthd.conf ? cyrusd.conf ? main.cf (postfix)
>
>I think I could as well use FreeIPA instead of Windows AD server, if SSSD is
>configured in this way.
>But I am not very used with FreeIPA and AD trust for the moment.
>
>Otherwise, I found this link
>http://linux-blog.anracom.com/2014/03/17/sasl-mit-pam-sssd-ldap-unter-opensuse-ii/
>This explains how to configure against ldap backend. I intend to do the same,
>with AD server instead of Ldap.
>
That blog post mentioned testsaslauthd utility which might and it works for me
quite good. (I had sssd already configured)
So I just started saslauthd.service and configure "imap" pam service
/etc/pam.d/imap
sh# systemctl start saslauthd
sh# vi /etc/pam.d/imap
sh$ testsaslauthd -u testuser -p SecretPassword
0: OK "Success."
and journald contained info about success
Sep 13 16:34:18 host.example.com saslauthd[30340]: pam_sss(imap:auth):
authentication success; logname= uid=0 euid=0 tty= ruser= rhost=
user=testuser
I am not sure how to help more
LS
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
