Re: Cyrus IMAP GSSAPI for multiple AD domains

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/07/10 23:51 +0800, John Mok wrote:
>Hi,
>
>I have successfully setup Cyrus IMAP 2.2.12 with GSSAPI / Kerberos  as 
>authentication for an AD domain "grt.citizen.co.jp", which is the 
>default domain in /etc/imapd.conf. However, when I tried to add another 
>AD domain "pvd.citizen.co.jp" other the default domain. The AD users in 
>the latter domain, i.e. "pvd.citizen.co.jp", failed to authenticate from 
>the e-mail client (e.g. Thunderbird).
>
>The error message on the server log :-
>
>Jul  2 17:56:39 imapsv01 cyrus/imaps[3777]: GSSAPI Error: Miscellaneous 
>failure (Wrong principal in request)

The "Wrong principal in request" should be a message returned by your
installed kerberos libraries. A google search for that phrase found some
good links for trouble shooting.

>I checked with imtest and it passed successfully :-
>
> >imtest -m GSSAPI imapsv01.grt.citizen.co.jp

Is that from the same machine/user running thunderbird?

I've found wireshark to be invaluable in trouble shooting GSSAPI ticket
exchange problems. Of course, you'll want to use a non imaps connection for
the capture.

>The IMAP config. /etc/imapd.conf follows :-
>
>....
>altnamespace: yes
>sasl_mech_list: gssapi pam

'pam' is not a valid mech, although that's not contributing to your gssapi
problem.

>loginrealms: pvd.citizen.co.jp
>virtdomains: yes
>defaultdomain: grt.citizen.co.jp
>sasl_pwcheck_method: saslauthd
>....

-- 
Dan White
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html



[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux