On 09/12/10 16:10 +0100, Sebastian Hagedorn wrote: >Hi, > >--On 9. Dezember 2010 08:52:24 -0600 Dan White <dwhite@xxxxxxx> wrote: > >>>When SSL is turned off on the phone, the NTLM error is a little more >>>explicit: >>> >>>Dec 9 14:59:10 lvr13 imap[786]: badlogin:[redacted] NTLM [SASL(0): >>>successful result: security flags do not match required] >> >>Are you offering digest-md5? > >yes, but it's not used by Windows Phone 7 clients. That's unfortunate. >>What are your sasl and allowplaintext >>settings in imapd.conf? > >allowplaintext: no >sasl_mech_list: DIGEST-MD5 CRAM-MD5 PLAIN NTLM LOGIN As you probably know, a work around would be to set allowplaintext to yes, but those phones would be transmitting passwords in the clear. >>>My guess is that the phone tries to use NTLMv2, but of course the >>>SASL plug-in only supports NTLMv1. The worst part is that there >>>doesn't seem to be a client-side option to use another mechanism >>>instead. I'm hesitant to disable NTLM server-side, because a few of >>>our users use it successfully. >> >>What version of imapd and sasl are you using? > >imapd is 2.3.14, SASL is 2.1.20. Documentation is a little slim on NTLM support. The Changelog for SASL (2003-09-02 entry) states that NTLM 2 support was added. The 'ntlm_v2' option states that it configures how sasl relays authentication when 'ntlm_server' is configured, which might be another work around - by configuring a samba server. -- Dan White ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
