On 09/12/10 15:41 +0100, Sebastian Hagedorn wrote: >Hi, > >today I became aware that apparently all our users with Windows Phone >7 phones can't login. There appears to be more than one problem. This >is what happens when you enable SSL on the phone: > >- the phone first attempts a successful connection to imaps and fails >when it tries to login using NTLM. It doesn't fall back to any other >SASL mechanism, and there's nothing to configure on the phone >- after that it connects to port 143 and issues the STARTTLS command, >but this results in the following: > >Dec 9 15:10:47 lvr13 imap[18998]: unknown protocol in SSL_accept() -> fail >Dec 9 15:10:47 lvr13 imap[18998]: STARTTLS negotiation failed: [redacted] > >When SSL is turned off on the phone, the NTLM error is a little more >explicit: > >Dec 9 14:59:10 lvr13 imap[786]: badlogin:[redacted] NTLM [SASL(0): >successful result: security flags do not match required] Are you offering digest-md5? What are your sasl and allowplaintext settings in imapd.conf? >My guess is that the phone tries to use NTLMv2, but of course the >SASL plug-in only supports NTLMv1. The worst part is that there >doesn't seem to be a client-side option to use another mechanism >instead. I'm hesitant to disable NTLM server-side, because a few of >our users use it successfully. What version of imapd and sasl are you using? >Has anyone else noticed this problem? Or do you have successful >logins using Windows Phone 7, If so, do you offer NTLM? What >mechanism does the phone use when it's successful? -- Dan White ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
