Issues while integrating with Microsoft Active Directory

Goutam Baul goutam.baul at cesc.co.in
Fri Apr 30 08:38:03 EDT 2010


Hi List,

We are trying to configure a mail server on RHEL 4.4 using Postfix
2.2.10-1.RHEL4.2,Courier-imap-4.1.3-1.3ES,courier-authlib-0.59.3-10.rh3ES,
maildrop2.0.3, cyrus-sasl-2.1.19-5.EL4.

We intend to put all the user information in Microsoft Active Directory
(ver:-5.2.3790.3959 Windows server 2003 R2). We have enabled NIS and can
store Unix related attributes like home directory etc. in the AD.

So far we have been able to push mail using telnet and that mail is also
getting delivered to the respective mailbox whose information is present in
the active directory. This indicates that we can successfully query active
directory using openldap client. We have also tested a mail account using
outlook express and that successfully fetches mails from the server. The
only issue is with the SASL authentication. We have searched in the internet
and found few articles where kerberos has been advised to use for
encryption. We have followed the directions there to configure the Linux
box. The command

[root at mail ~]# kinit bonhi.sengupta

Produces the result

Password for bonhi.sengupta at TIBS.EDU.IN <mailto:bonhi.sengupta at TIBS.EDU.IN>:

[root at mail ~]#

We are not trying to implement SSL to communicate with the AD for SASL
authentication. Is it a must?

But when are checking the sasl authentication using the following command:-

testsaslauthd -u bonhi.sengupta -p cescnet_123

0: NO "authentication failed"

We are getting the above error.

The /var/log/messages for the above testing is as follows :-

Apr 30 20:46:27 mail saslauthd[15653]: do_auth         : auth failure:
[user=bonhi.sengupta] [service=imap] [realm=] [mech=ldap] [reason=Unknown]




the /etc/saslauthd file reads as follows:

[root at mail ~]# cat /etc/saslauthd.conf
# /etc/saslauthd.conf
#servers: ldap://127.0.0.1/
servers: ldap://10.50.81.250/
ldap_auth_method: fastbind
ldap_search_base: cn:users,dc=tibs,dc=edu,dc=in
#ldap_filter: (|(uid=%u)(uid=%U))
ldap_filter: uid=%u
ldap_timeout: 20
ldap_ssl: no
ldap_start_tls: no
ldap_debug: 255

May we request you to kindly give some pointer?

With regards,

Goutam






More information about the Cyrus-sasl mailing list