Problem with firewall?
Andrew Afliatunov
andy at taom.ru
Mon Jan 17 06:15:22 UTC 2005
Hello!
Help me, please, with such a wierd problem.
I have a mail server on Linux Slackware 9.1 machine, connected to
internet and corporate base of users in Active Directory on Windows 2000
server in local network.
I want to authenticate users, that use mail (POP or IMAP) in AD.
So, on Linux I have installed and configured all necessary software
(openssl-0.9.7e, openldap-2.1.21, pam_ldap-176, nss-ldap-227).
I can do 'getent passwd | grep <windows_user>', and get passwd-like info
about that user. We opened port 636 on the firewall, because I have
'port 636' and 'ssl on' in /etc/ldap.conf.
And moreover, windows users, that connect to Linux through FTP
succesfully authenticate in AD.
But they can't authenticate in imap, that's what telnet on linux says:
> telnet localhost 143.
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS AUTH=LOGIN]
localhost IMAP4rev1 2004.352 at Fri, 24 Dec 2004 11:10:12 +0400 (SAMT)
. login <windows_user> <windows_password>
. NO LOGIN failed
Authentication fails, and in mail.log I see:
--
Dec 24 11:24:15 web imapd[3408]: pam_ldap: ldap_simple_bind Can't
contact LDAP server
--
Here I must say, that when I built test Linux server in local network
with the same configuration and test Windows AD server in the same
network, I was able to authenticate in IMAP. The only difference between
WAN and LAN servers is firewall.
So - isn't it enough to open port 636 on it (although firewall log says
that ldap packets go in both directions)?
--
Andrew
More information about the Pam-list
mailing list