<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font size="+2">Hello there everyone David here,<br>
<br>
I'm big time Red Hat fan, I work for a company where we have a
small 20+ people directory, I'm currently using Samba4 to offer
authentication to Openfire, Postfix, Dovecot (using GroupOffice);
but I want to switch ebcause samba is a hassle to setup and
whenever replication breaks it's nearly impossible to rebuild,
anyways, My current environment is Proxmox VE 3 as virtualization
platform and many CentOS/RedHat Servers holding my services.<br>
<br>
Please excuse me if this was already answered but after I went
trhough the archives I coulnd't find anyone facing the same issue,
please bear with me as I'm a newbie to FreeIPA and LDAP. I know
I'm missing something or doing it wrong but after a week struggling
with this setup I decided to call for the help of the experts.<br>
<br>
My environment:<br>
FreeIPA Server<br>
CentOS 6.5 x86_64<br>
<br>
Mail Server<br>
CentOS 6.5<br>
postfix-2.6.6-6.el6_5.x86_64<br>
dovecot-2.0.9-7.el6.x86_64<br>
ipa-python-3.0.0-37.el6.x86_64<br>
ipa-client-3.0.0-37.el6.x86_64<br>
python-iniparse-0.3.1-2.1.el6.noarch<br>
libipa_hbac-1.9.2-129.el6_5.4.x86_64<br>
libipa_hbac-python-1.9.2-129.el6_5.4.x86_64<br>
<br>
I've followed these posts from Dale McCartney, whom I've also read
his posts around here<br>
<br>
<a class="moz-txt-link-freetext" href="https://www.dalemacartney.com/2013/03/14/deploying-postfix-with-ldap-freeipa-virtual-aliases-and-kerberos-authentication/">https://www.dalemacartney.com/2013/03/14/deploying-postfix-with-ldap-freeipa-virtual-aliases-and-kerberos-authentication/</a><br>
<br>
<a class="moz-txt-link-freetext" href="http://www.freeipa.org/page/Dovecot_Integration">http://www.freeipa.org/page/Dovecot_Integration</a><br>
<br>
None of them seem to work at the moment when using Thunderbird
with the server set up as STARTLS Kerberos/GSSAPI -- Thunderbird
also reports that <br>
<br>
<quote><br>
"The kerberos/GSSAPI ticket was not accepted by the IMAP server
<a class="moz-txt-link-abbreviated" href="mailto:david@domain.com">david@domain.com</a>. Please chack that you're logged in to the
Kerberos/GSSAPI realm"<br>
</quote><br>
<br>
</font><font size="+2"><font size="+2">with Dovecot I'm getting this<br>
<br>
</font><code><br>
Jun 22 11:01:25 imap-login: Info: Disconnected: Inactivity (no
auth attempts): rip=1.1.1.1, lip=217.1.2.3<br>
</code><br>
<br>
I tried manual telnet and use a authenticate gssapi which retuns
"+" which means module is indeed loading and the server is gssapi
ready for the challenge.<br>
<br>
If anyone of you could point me into the right direction I'd
really value that.<br>
<br>
Thanks<br>
<br>
--- Regards David G.<br>
</font>
</body>
</html>