Hi, I have successfully setup Cyrus IMAP 2.2.12 with GSSAPI / Kerberos as authentication for an AD domain "grt.citizen.co.jp", which is the default domain in /etc/imapd.conf. However, when I tried to add another AD domain "go.citizen.co.jp" other the default domain. The AD users in the latter domain, i.e. "go.citizen.co.jp", failed to authenticate from the e-mail client (e.g. Thunderbird). The error message on the server log :- Oct 22 15:35:02 imapsv01 cyrus/imap[19466]: badlogin: John.sml.citizen.co.jp [10.144.1.192] GSSAPI [SASL(-13): authentication failure: user komatsuj@xxxxxxxxxxxxxxxx is not allowed to proxy] I checked with imtest and it passed successfully :- >imtest -m GSSAPI imapsv01.grt.citizen.co.jp The IMAP config. /etc/imapd.conf follows :- .... virtdomains: yes defaultdomain: grt.citizen.co.jp sasl_pwcheck_method: saslauthd .... I hope someone could advise how I could make the IMAP to authenticate users from two or more AD domains. Thanks a lot. John Mok ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
