Cyrus IMAP GSSAPI for multiple AD domains
John Mok
jmok at attglobal.net
Thu Oct 22 10:38:49 EDT 2009
Hi,
I have successfully setup Cyrus IMAP 2.2.12 with GSSAPI / Kerberos as
authentication for an AD domain "grt.citizen.co.jp", which is the
default domain in /etc/imapd.conf. However, when I tried to add another
AD domain "go.citizen.co.jp" other the default domain. The AD users in
the latter domain, i.e. "go.citizen.co.jp", failed to authenticate from
the e-mail client (e.g. Thunderbird).
The error message on the server log :-
Oct 22 15:35:02 imapsv01 cyrus/imap[19466]: badlogin:
John.sml.citizen.co.jp [10.144.1.192] GSSAPI [SASL(-13): authentication
failure: user komatsuj at go.citizen.co.jp is not allowed to proxy]
I checked with imtest and it passed successfully :-
>imtest -m GSSAPI imapsv01.grt.citizen.co.jp
The IMAP config. /etc/imapd.conf follows :-
....
virtdomains: yes
defaultdomain: grt.citizen.co.jp
sasl_pwcheck_method: saslauthd
....
I hope someone could advise how I could make the IMAP to authenticate
users from two or more AD domains.
Thanks a lot.
John Mok
More information about the Info-cyrus
mailing list