Hello! Help me, please, with such a wierd problem. I have a mail server on Linux Slackware 9.1 machine, connected to internet and corporate base of users in Active Directory on Windows 2000 server in local network. I want to authenticate users, that use mail (POP or IMAP) in AD. So, on Linux I have installed and configured all necessary software (openssl-0.9.7e, openldap-2.1.21, pam_ldap-176, nss-ldap-227). I can do 'getent passwd | grep <windows_user>', and get passwd-like info about that user. We opened port 636 on the firewall, because I have 'port 636' and 'ssl on' in /etc/ldap.conf. And moreover, windows users, that connect to Linux through FTP succesfully authenticate in AD. But they can't authenticate in imap, that's what telnet on linux says:
telnet localhost 143.
Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS AUTH=LOGIN] localhost IMAP4rev1 2004.352 at Fri, 24 Dec 2004 11:10:12 +0400 (SAMT) . login <windows_user> <windows_password> . NO LOGIN failed
Authentication fails, and in mail.log I see: -- Dec 24 11:24:15 web imapd[3408]: pam_ldap: ldap_simple_bind Can't contact LDAP server --
Here I must say, that when I built test Linux server in local network with the same configuration and test Windows AD server in the same network, I was able to authenticate in IMAP. The only difference between WAN and LAN servers is firewall. So - isn't it enough to open port 636 on it (although firewall log says that ldap packets go in both directions)?
-- Andrew
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
