Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Postfix + Cyrus-Imapd via Kerberos with AD users.
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
SimbioS
n00b
n00b


Joined: 01 Mar 2011
Posts: 2
PostPosted: Tue Mar 01, 2011 7:47 am    Post subject: Postfix + Cyrus-Imapd via Kerberos with AD users. Reply with quote
Hi there.
SORRY, CAN I place the message in the wrong place, but I am desperate :(

I install on my gentoo OS, Postfix + Cyrus-Imapd +Cyrus-Sasl with Kerberos and ldap support.

1. Create keytab on my Windows srv 2008 (AD+KDC):
ktpass -princ host/srv-mydomain.local@MYDOMAIN.LOCAL -mapuser ldapmail@MYDOMAIN.LOCAL -crypto RC4-HMAC-NT -ptype KRB5_NT_SRV_INST -pass "mypasswd" -out c:\mail.keytab

2. Copy mail.keytab via SCP to linux server (srv-mydomain.local)
changed permission
chown root.kerberos /etc/mail/mail.keytab
where kerberos:
cat /etc/group | grep kerberos
kerberos::1100:root,postfix,cyrus
kinit this keytab:

kinit -V -k -t /etc/mail/mail.keytab host srv-mydomain.local@MYDOMAIN.LOCAL
Authenticated to Kerberos v5

3. saslauthd start with next option:
ps ax | grep sasl
27593 ? Ss 0:00 /usr/sbin/saslauthd -a kerberos5

cat smtp.conf
pwcheck_method: saslauthd
mech_list: gssapi

sasl_pwcheck_method: saslauthd
sasl_mech_list: gssapi
sasl_keytab: /etc/mail/mail.keytab

I want, my users to be held authenticated via Kerberos, without using a login & password.
Postfix & Cyrus-Imapd should verify the existence of these users in AD.

So what is my next steps ???

many thanks ALL for your help :)

--
Ross
Back to top
View user's profile Send private message
gerdesj
l33t
l33t


Joined: 29 Sep 2005
Posts: 622
Location: Yeovil, Somerset, UK
PostPosted: Wed Mar 02, 2011 1:49 am    Post subject: Re: Postfix + Cyrus-Imapd via Kerberos with AD users. Reply with quote
You have provided nearly the perfect query - lots of config details.

However, no logs - from anything.

Have you looked at any logs. For starters your KDCs should see something and report in Event Log. If they are not then either logging isn't configured or requests are not even being sent.

Dig out Wireshark.


Cheers
jon
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy