Issues while integrating with Microsoft Active Directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi List,

We are trying to configure a mail server on RHEL 4.4 using Postfix
2.2.10-1.RHEL4.2,Courier-imap-4.1.3-1.3ES,courier-authlib-0.59.3-10.rh3ES,
maildrop2.0.3, cyrus-sasl-2.1.19-5.EL4.

We intend to put all the user information in Microsoft Active Directory
(ver:-5.2.3790.3959 Windows server 2003 R2). We have enabled NIS and can
store Unix related attributes like home directory etc. in the AD.

So far we have been able to push mail using telnet and that mail is also
getting delivered to the respective mailbox whose information is present in
the active directory. This indicates that we can successfully query active
directory using openldap client. We have also tested a mail account using
outlook express and that successfully fetches mails from the server. The
only issue is with the SASL authentication. We have searched in the internet
and found few articles where kerberos has been advised to use for
encryption. We have followed the directions there to configure the Linux
box. The command

[root@mail ~]# kinit bonhi.sengupta

Produces the result

Password for bonhi.sengupta@xxxxxxxxxxx <mailto:bonhi.sengupta@xxxxxxxxxxx>:

[root@mail ~]#

We are not trying to implement SSL to communicate with the AD for SASL
authentication. Is it a must?

But when are checking the sasl authentication using the following command:-

testsaslauthd -u bonhi.sengupta -p cescnet_123

0: NO "authentication failed"

We are getting the above error.

The /var/log/messages for the above testing is as follows :-

Apr 30 20:46:27 mail saslauthd[15653]: do_auth         : auth failure:
[user=bonhi.sengupta] [service=imap] [realm=] [mech=ldap] [reason=Unknown]




the /etc/saslauthd file reads as follows:

[root@mail ~]# cat /etc/saslauthd.conf
# /etc/saslauthd.conf
#servers: ldap://127.0.0.1/
servers: ldap://10.50.81.250/
ldap_auth_method: fastbind
ldap_search_base: cn:users,dc=tibs,dc=edu,dc=in
#ldap_filter: (|(uid=%u)(uid=%U))
ldap_filter: uid=%u
ldap_timeout: 20
ldap_ssl: no
ldap_start_tls: no
ldap_debug: 255

May we request you to kindly give some pointer?

With regards,

Goutam
[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux