DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 25th May 2012
sparky's Avatar
sparky sparky is offline
Fdisk Soldier
 
Join Date: Mar 2012
Posts: 73
Default Connecting FreeBSD to Active Directory for Dovecot IMAP authentication

Hi,

I'm attempting to authenticate Dovecot to Active Directory, however,
I'm failing quite badly.


So far I have gone through the FreeBSD handbook on Kerberos authentication:

http://www.freebsd.org/doc/handbook/kerberos5.html


Additionally I have been through the Dovecot config:

http://wiki2.dovecot.org/Authenticat...anisms/Winbind

http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm


I am running FreeBSD 8.2 x64 RELEASE edition with the Dovecot2 port
installed, SAMBA 3.6, and the Heimdal version of Kerberos.


I pulled the krb5.conf and smb.conf files from one of our production
Linux boxes......

This is my dovecot.conf file:

Code:
# v1.1:
#auth_ntlm_use_winbind = yes
# v1.2+:
auth_use_winbind = yes

auth_winbind_helper_path = /usr/local/bin/ntlm_auth

protocols = imap

# It's nice to have separate log files for Dovecot. You could do this
# by changing syslog configuration also, but this is easier.
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot-info.log

# Disable SSL for now.
ssl = no
disable_plaintext_auth = no

# We're using Maildir format
#mail_location = maildir:~/Maildir
mail_location = mbox:/mail:INBOX=/mail/%u

# If you're using POP3, you'll need this:
#pop3_uidl_format = %g

# Authentication configuration:
auth_verbose = yes
auth_username_format = %n
#auth_mechanisms = plain
auth_mechanisms = plain ntlm login
#passdb {
#  driver = passwd-file
#  args = /usr/local/etc/dovecot/passwd
#}
#userdb {
#  driver = static
#  args = uid=root gid=root home=/root/
#  driver = static
#  args = uid=500 gid=500 home=/ZPOOL_1/%u
#}

#userdb static {
#   args= uid=501 gid=501 home=/mail/%1Ln/%Ln
#   mail=maildir:/mail/%d/%1Ln/%Ln:INBOX=/mail/%d/%1Ln/%Ln
#   allow_all_users=yes
#}

passdb {
 driver          = static
}

userdb {
 driver          = static
 args            = uid=501 gid=501 home=/mail/%1Ln/%Ln
}
This is ther krb5.conf file:


Code:
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = DOMAIN.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 DOMAIN.COM = {
 kdc = <IP>:88
 kdc = <IP>:88
 admin_server = <IP>:749
 kdc = DC.DOMAIN.COM
 }

[domain_realm]
 domain.com = DOMAIN.COM
 .domain.com = DOMAIN.COM
[appdefaults]
 pam = {
  debug = false
  ticket_lifetime = 36000
  renew_lifetime = 36000
  forwardable = true
  krb4_convert = false
 }
This is the smb.conf file:

Code:
[global]
#--authconfig--start-line--

# Generated by authconfig on 2011/04/11 15:41:02
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future

  workgroup = DOMAIN
  password server = DC.DOMAIN.COM
  realm = DOMAIN.COM
  security = ads
  idmap uid = 16777216-33554431
  idmap gid = 16777216-33554431
  template shell = /bin/bash
  winbind use default domain = true
  winbind offline logon = false
  winbind separator = +

#--authconfig--end-line--

  preferred master = no
  server string = FreeBSD IMAP Server
  encrypt passwords = yes
  log level = 3
  log file = /var/log/samba/%m
  max log size = 50
  printcap name = cups
  printing = cups
  unix extensions = no
  winbind enum users = Yes
  winbind enum groups = Yes
  winbind nested groups = Yes
  winbind cache time = 5
Running the command klist does give an output however, I am totally
stuck as to why the Dovecot authentication isn't working....


This is the output from the dovecot.log:

Code:
May 20 13:16:32 auth: Error: could not obtain winbind domain name!
May 20 13:16:32 auth: Error: could not obtain winbind netbios name!
May 20 13:16:32 auth: Error: could not obtain winbind domain name!
May 20 13:16:42 auth: Fatal: master: service(auth): child 15253 killed
with signal 11 (core not dumped - set service auth {
drop_priv_before_exec=yes })
May 20 13:16:42 imap-login: Warning: Auth connection closed with 1
pending requests (max 8 secs, pid=15254, EOF)
May 20 13:16:51 auth: Error: Ignoring unknown parameter "use kerberos keytab"
May 20 13:16:51 auth: Error: could not obtain winbind domain name!
May 20 13:16:51 auth: Error: could not obtain winbind netbios name!
May 20 13:16:51 auth: Error: could not obtain winbind domain name!
May 20 13:17:08 auth: Fatal: master: service(auth): child 15256 killed
with signal 11 (core not dumped - set service auth {
drop_priv_before_exec=yes })
May 20 13:17:08 imap-login: Warning: Auth connection closed with 1
pending requests (max 15 secs, pid=15257, EOF)
May 23 12:18:31 imap-login: Warning: Auth connection closed with 1
pending requests (max 0 secs, pid=25437, EOF)
May 23 12:18:31 auth: Fatal: master: service(auth): child 25439 killed
with signal 11 (core not dumped - set service auth {
drop_priv_before_exec=yes })
May 23 12:19:00 imap-login: Warning: Auth connection closed with 1
pending requests (max 0 secs, pid=25437, EOF)
May 23 12:19:00 auth: Fatal: master: service(auth): child 25440 killed
with signal 11 (core not dumped - set service auth {
drop_priv_before_exec=yes })
May 23 12:37:16 master: Warning: Killed with signal 15 (by pid=25630
uid=0 code=kill)
May 23 13:37:41 imap-login: Warning: Auth connection closed with 1
pending requests (max 0 secs, pid=1231, EOF)
May 23 13:37:41 auth: Fatal: master: service(auth): child 1232 killed
with signal 11 (core not dumped - set service auth {
drop_priv_before_exec=yes })
May 23 13:38:12 imap-login: Warning: Auth connection closed with 1
pending requests (max 0 secs, pid=1231, EOF)
May 23 13:38:12 auth: Fatal: master: service(auth): child 1233 killed
with signal 11 (core not dumped - set service auth {
drop_priv_before_exec=yes })
May 23 13:40:37 master: Warning: Killed with signal 15 (by pid=1384
uid=0 code=kill)
May 23 13:42:47 imap-login: Warning: Auth connection closed with 1
pending requests (max 0 secs, pid=1208, EOF)
May 23 13:42:47 auth: Fatal: master: service(auth): child 1209 killed
with signal 11 (core not dumped - set service auth {
drop_priv_before_exec=yes })

Can anybody help me figure this out?


Regards,


Kaya
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
freenas, vpnc, active directory labyrinth aschmidt OpenBSD General 0 14th June 2011 03:23 AM
Active Directory Authentication ComputerErik OpenBSD General 3 20th May 2011 03:21 AM
strange "~" directory in home directory gosha OpenBSD General 5 23rd February 2009 06:12 PM
Copy w/ active verification Weaseal FreeBSD General 4 5th February 2009 12:23 AM
openldap for authentication rajendra_nagi FreeBSD General 9 17th July 2008 06:43 PM


All times are GMT. The time now is 05:20 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick