On 04/11/20 00:53 +0200, Michal Bruncko wrote:
I am trying to use NTLM autentication (using cyrus-sasl-ntlm) for
cyrus-imapd server for user authentication.
in imapd.conf:
sasl_ntlm_server: dc1.example.com
sasl_ntlm_v2: yes
sasl_mech_list: PLAIN NTLM LOGIN
dc1.example.com is samba 4 AD DC, I have tried also samba 4.2 in NT4
PDC mode, but with same results.
in maillog:
Apr 10 23:32:30 mail cyrus/imaps[10078]: NTLM server step 1
Apr 10 23:32:30 mail cyrus/imaps[10078]: client flags: ffff8207
Apr 10 23:32:33 mail cyrus/imaps[10078]: badlogin:
client.example.local [172.17.0.13] NTLM [SASL(0): successful result: ]
which corresponds to following samba log messages:
[2020/04/10 23:52:00.583266, 3] ../source3/smbd/process.c:1880(process_smb)
Transaction 0 of length 51 (0 toread)
[2020/04/10 23:52:00.583359, 3]
../source3/smbd/process.c:1489(switch_message)
switch message SMBnegprot (pid 28556) conn 0x0
[2020/04/10 23:52:00.586326, 3]
../source3/smbd/negprot.c:576(reply_negprot)
Requested protocol [NT LM 0.12]
[2020/04/10 23:52:00.586887, 3] ../source3/smbd/negprot.c:377(reply_nt1)
not using SPNEGO
[2020/04/10 23:52:00.586969, 3]
../source3/smbd/negprot.c:684(reply_negprot)
Selected protocol NT LM 0.12
[2020/04/10 23:52:00.591116, 3]
../source3/smbd/server_exit.c:249(exit_server_common)
Server exit (failed to receive smb request)
Hi Michal,
You can increase libsasl's logging with the following in your imapd.conf:
sasl_log_level: 7
See: https://github.com/cyrusimap/cyrus-sasl/blob/master/include/sasl.h for
a description of the available log levels. You may need to modify your
syslog configuration to accept more verbose auth.* levels.
--
Dan White
