Yes, you are right. This link: https://www.redips.net/linux/android-email-postfix-auth/#section2 shows:
passdb pam { } used for authenticating Android. Problem #1 is that Slackware does not ship with PAM and the AD/DC Samba4 does not use it. It is used on Slackware for a domain member, but I'm not sure I should try configuring PAM on the AD/DC. Is there some otherway I can get authentication using domain credentials besides pam? the phone can send user and password. --Mark -----Original Message----- > Date: Sun, 03 Dec 2017 15:22:56 +0200 > Subject: Re: Howto authenticate smartPhone via Active Directory > From: Aki Tuomi <aki.tu...@dovecot.fi> > To: Mark Foley <mfo...@ohprs.org>, dovecot@dovecot.org > > Actually you are authenticating gssapi clients from ad and everyone else from > shadow. maybe you need to configure pam module? > ---Aki TuomiDovecot oy > > -------- Original message -------- > From: Mark Foley <mfo...@ohprs.org> > Date: 03/12/2017 06:03 (GMT+02:00) > To: dovecot@dovecot.org > Subject: Howto authenticate smartPhone via Active Directory > I have a Samba4 Active Directory server. Dovecot authenticates AD Users with > domain credentials > using GSSAPI (Thunderbird client). I believe I have Dovecot set to attempt > authentication via > shadow first and. failing that, it does authenticate via GSSAPI. > > Smartphones connect to Dovecot via port 143 and SSL. They are not domain > members so if the > shadow authentication fails, no other methods are tried and no connection is > made. > > What can I do with my dovecot config to fix this? > > > doveconf -n > # 2.2.15: /usr/local/etc/dovecot/dovecot.conf > # OS: Linux 4.4.88 x86_64 Slackware 14.2 > auth_debug = yes > auth_debug_passwords = yes > auth_gssapi_hostname = $ALL > auth_krb5_keytab = /etc/dovecot/dovecot.keytab > auth_mechanisms = plain login gssapi > auth_use_winbind = yes > auth_username_format = %n > auth_verbose = yes > auth_verbose_passwords = plain > disable_plaintext_auth = no > info_log_path = /var/log/dovecot_info > mail_location = maildir:~/Maildir > passdb { > driver = shadow > } > protocols = imap > ssl_cert = > </etc/ssl/certs/OHPRS/GoDaddy/Apache/2016-08-10/54e789087d419b6e.crt > ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key > userdb { > driver = passwd > } > verbose_ssl = yes > > Thanks, Mark