Nice tutorials, consultant!

Have you ever been able to build a working Dovecot + Outlook2007 SSO using cached Windows credentials?

I’ve configured my dovecot server for winbind authentication. With outlook 2003, I’m able to authenticate without entering the domain password in Outlook; the cached windows credentials are used during the initial NTLM exchange.

However, with outlook 2007, things have changed and apparently cached credentials are not sent.. Users have to enter their domain password in the pop/imap password fields, which is a bit inconvenient for an SSO.

Any idea?

best regards,
SD

Are you using Vista? Try the steps below

- Close down Outlook 2007
- Go to C:\users\[user name]\AppData\Roaming\Microsoft\Protect and delete the Protect folder

“So i will have to fill up the email field for each user in the AD, correct.?”

That’s correct. I intentionally did it that way so I can control who gets a mail account.

“I like authenticating against krb5, but since i ll have to setup ldap, cant i just use ldap for authentication as well, instead of just for user mapping..?”

You can.

“How bad are this LDAP persistent connections..?”

I haven’t tried LDAP authentication because I started with CentOS 4 but I made this article because some readers were having problems with it. I did not encounter any problems with my CentOS 4 Kerberos authentication.

So i will have to fill up the email field for each user in the AD, correct.?

I like authenticating against krb5, but since i ll have to setup ldap, cant i just use ldap for authentication as well, instead of just for user mapping..?

Any benefits..?

I remember that you mentioned that it authenticating with pam_krb5 doesnt require persistent connections and that allows some sort of fail-over since it can ask other ADs if some are not available, but could i just add more servers to hosts in my dovecot-ldap.conf and achieve the same results..?

How bad are this LDAP persistent connections..?

Thanks..!

My question is do i need to do the section named: “Postfix Active Directory/LDAP Integration” so that the mail can arrive to the final destination..?

Yes, that is correct.

I got postfix+Dovecot working with pam+kerberos authentication and i am able to send mail by using mail clients or the console, but i am unable to receive emails. I get the following error:

postfix/smtpd[13741]: NOQUEUE: reject: ……… Recipient address rejected: User unknown in local recipient table;

My question is do i need to do the section named: “Postfix Active Directory/LDAP Integration” so that the mail can arrive to the final destination..?

Thanks

Please check /var/log/maillog to see the problem.

Nice tip. I’ve updated the text to allow case insensitive logins, thanks.

but when i do telnet i get error:

-ERR authentication Failed

and after some time it time out.

Please advise?

Thanks

A bit of research provided a simple solution.

userdb static {
args = uid=501 gid=501 home=/home/vmail/%Lu
}

Will still allow case insensitive logins, but will direct them to their lower case mail folder.