[Freeipa-users] Introduction and question regarding SMTP/IMAP

Wed Jun 25 16:41:20 UTC 2014

Alexander, thank you very much for your config sample, I took some time 
and compared to mine and they're pretty much the same, I want to move 
mailboxes to Maildir style because the system I'm planning to migrate to 
this IPA deployment does use Maildir style mailboxes.

Thanks and cheers.

On 6/25/2014 10:54 AM, Alexander Bokovoy wrote:
> On Sun, 22 Jun 2014, Dave Gonzalez wrote:
>> Hello there everyone David here,
>>
>> I'm big time Red Hat fan, I work for a company where we have a small 
>> 20+ people directory, I'm currently using Samba4 to offer 
>> authentication to Openfire, Postfix, Dovecot (using GroupOffice); but 
>> I want to switch ebcause samba is a hassle to setup and whenever 
>> replication breaks it's nearly impossible to rebuild, anyways, My 
>> current environment is Proxmox VE 3 as virtualization platform and 
>> many CentOS/RedHat Servers holding my services.
>>
>> Please excuse me if this was already answered but after I went 
>> trhough the archives I coulnd't find anyone facing the same issue, 
>> please bear with me as I'm a newbie to FreeIPA and LDAP. I know I'm 
>> missing something or doing it wrong but after a week struggling with 
>> this setup I decided  to call for the help of the experts.
>>
>> My environment:
>> FreeIPA Server
>> CentOS 6.5 x86_64
>>
>> Mail Server
>> CentOS 6.5
>> postfix-2.6.6-6.el6_5.x86_64
>> dovecot-2.0.9-7.el6.x86_64
>> ipa-python-3.0.0-37.el6.x86_64
>> ipa-client-3.0.0-37.el6.x86_64
>> python-iniparse-0.3.1-2.1.el6.noarch
>> libipa_hbac-1.9.2-129.el6_5.4.x86_64
>> libipa_hbac-python-1.9.2-129.el6_5.4.x86_64
>>
>> I've followed these posts from Dale McCartney, whom I've also read 
>> his posts around here
>>
>> https://www.dalemacartney.com/2013/03/14/deploying-postfix-with-ldap-freeipa-virtual-aliases-and-kerberos-authentication/ 
>>
>>
>> http://www.freeipa.org/page/Dovecot_Integration
>>
>> None of them seem to work at the moment when using Thunderbird with 
>> the server set up as STARTLS Kerberos/GSSAPI -- Thunderbird also 
>> reports that
>>
>> <quote>
>> "The kerberos/GSSAPI ticket was not accepted by the IMAP server 
>> david at domain.com. Please chack that you're logged in to the 
>> Kerberos/GSSAPI realm"
>> </quote>
>>
>> with Dovecot I'm getting this
>>
>> <code>
>> Jun 22 11:01:25 imap-login: Info: Disconnected: Inactivity (no auth 
>> attempts): rip=1.1.1.1, lip=217.1.2.3
>> </code>
>>
>> I tried manual telnet and use a authenticate gssapi which retuns "+" 
>> which means module is indeed loading and the server is gssapi ready 
>> for the challenge.
>>
>> If anyone of you could point me into the right direction I'd really 
>> value that.
> Following configuration works for me (generated with 'dovecot -n' from
> my actual config files):
>
> # 2.2.13: /etc/dovecot/dovecot.conf
> # OS: Linux 3.14.4-200.fc20.x86_64 x86_64 Fedora release 20 
> (Heisenbug) auth_default_realm = VDA.LI
> auth_krb5_keytab = /etc/dovecot/dovecot.keytab
> auth_mechanisms = gssapi
> auth_realms = VDA.LI
> base_dir = /var/run/dovecot/
> mail_location = maildir:~/Maildir
> mbox_write_locks = fcntl
> namespace inbox {
>  inbox = yes
>  location =  mailbox Drafts {
>    special_use = \Drafts
>  }
>  mailbox Junk {
>    special_use = \Junk
>  }
>  mailbox Sent {
>    special_use = \Sent
>  }
>  mailbox "Sent Messages" {
>    special_use = \Sent
>  }
>  mailbox Trash {
>    special_use = \Trash
>  }
>  prefix = }
> passdb {
>  driver = pam
> }
> userdb {
>  driver = passwd
> }
> ssl = required
> ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
> ssl_key = </etc/pki/dovecot/private/dovecot.pem
>
>
> The /etc/dovecot/dovecot.keytab contains the keytab, obtained with
> # kinit  admin
> # ipa-getkeytab -s `hostname` -p imap/`hostname` -k 
> /etc/dovecot/dovecot.keytab
> # chown dovecot /etc/dovecot/dovecot.keytab
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140625/b17f3043/attachment.htm>