I've been using SASL NTLM auth with Cyrus IMAP and Postfix for months without any problem. The servers was Windows 2000 until the last weekend because our customer upgraded to 2003. After that, NTLM stopped working. The error in imapd.log is "NTLM: error in NEGPROT response parameters".
I think that this problem is related to "Default Domain Controller policy has Server Message Buffering (SMB) signing". There is a report about this on Mc Afee Product Knowledge Base with the same error. This reports says that you should disable that policy in the Windows server but our client doesn't like that.
Is there a way to fix or to work around this? I read the Cyrus SASL code but I don't see any option involved near the error message.
Regards,
Diego
--
Diego Woitasen