Cyrus IMAP GSSAPI for multiple AD domains

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I have successfully setup Cyrus IMAP 2.2.12 with GSSAPI / Kerberos  as 
authentication for an AD domain "grt.citizen.co.jp", which is the 
default domain in /etc/imapd.conf. However, when I tried to add another 
AD domain "pvd.citizen.co.jp" other the default domain. The AD users in 
the latter domain, i.e. "pvd.citizen.co.jp", failed to authenticate from 
the e-mail client (e.g. Thunderbird).

The error message on the server log :-

Jul  2 17:56:39 imapsv01 cyrus/imaps[3777]: GSSAPI Error: Miscellaneous 
failure (Wrong principal in request)

I checked with imtest and it passed successfully :-

 >imtest -m GSSAPI imapsv01.grt.citizen.co.jp

The IMAP config. /etc/imapd.conf follows :-

....
altnamespace: yes
sasl_mech_list: gssapi pam
loginrealms: pvd.citizen.co.jp
virtdomains: yes
defaultdomain: grt.citizen.co.jp
sasl_pwcheck_method: saslauthd
....

I hope someone could advise how I could make the IMAP to authenticate 
users from two or more AD domains.

Thanks a lot.

John Mok

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux