Cyrus IMAP GSSAPI for multiple AD domains
John Mok
jmok at attglobal.net
Sat Jul 3 11:51:26 EDT 2010
Hi,
I have successfully setup Cyrus IMAP 2.2.12 with GSSAPI / Kerberos as
authentication for an AD domain "grt.citizen.co.jp", which is the
default domain in /etc/imapd.conf. However, when I tried to add another
AD domain "pvd.citizen.co.jp" other the default domain. The AD users in
the latter domain, i.e. "pvd.citizen.co.jp", failed to authenticate from
the e-mail client (e.g. Thunderbird).
The error message on the server log :-
Jul 2 17:56:39 imapsv01 cyrus/imaps[3777]: GSSAPI Error: Miscellaneous
failure (Wrong principal in request)
I checked with imtest and it passed successfully :-
>imtest -m GSSAPI imapsv01.grt.citizen.co.jp
The IMAP config. /etc/imapd.conf follows :-
....
altnamespace: yes
sasl_mech_list: gssapi pam
loginrealms: pvd.citizen.co.jp
virtdomains: yes
defaultdomain: grt.citizen.co.jp
sasl_pwcheck_method: saslauthd
....
I hope someone could advise how I could make the IMAP to authenticate
users from two or more AD domains.
Thanks a lot.
John Mok
More information about the Info-cyrus
mailing list