Windows Phone 7 mail clients can't login
Dan White
dwhite at olp.net
Thu Dec 9 10:43:06 EST 2010
On 09/12/10 16:10 +0100, Sebastian Hagedorn wrote:
>Hi,
>
>--On 9. Dezember 2010 08:52:24 -0600 Dan White <dwhite at olp.net> wrote:
>
>>>When SSL is turned off on the phone, the NTLM error is a little more
>>>explicit:
>>>
>>>Dec 9 14:59:10 lvr13 imap[786]: badlogin:[redacted] NTLM [SASL(0):
>>>successful result: security flags do not match required]
>>
>>Are you offering digest-md5?
>
>yes, but it's not used by Windows Phone 7 clients.
That's unfortunate.
>>What are your sasl and allowplaintext
>>settings in imapd.conf?
>
>allowplaintext: no
>sasl_mech_list: DIGEST-MD5 CRAM-MD5 PLAIN NTLM LOGIN
As you probably know, a work around would be to set allowplaintext to yes,
but those phones would be transmitting passwords in the clear.
>>>My guess is that the phone tries to use NTLMv2, but of course the
>>>SASL plug-in only supports NTLMv1. The worst part is that there
>>>doesn't seem to be a client-side option to use another mechanism
>>>instead. I'm hesitant to disable NTLM server-side, because a few of
>>>our users use it successfully.
>>
>>What version of imapd and sasl are you using?
>
>imapd is 2.3.14, SASL is 2.1.20.
Documentation is a little slim on NTLM support.
The Changelog for SASL (2003-09-02 entry) states that NTLM 2 support was
added.
The 'ntlm_v2' option states that it configures how sasl relays
authentication when 'ntlm_server' is configured, which might be another
work around - by configuring a samba server.
--
Dan White
More information about the Info-cyrus
mailing list