Alexander, thank you very much for your config sample, I took some time and compared to mine and they're pretty much the same, I want to move mailboxes to Maildir style because the system I'm planning to migrate to this IPA deployment does use Maildir style mailboxes.

Thanks and cheers.

On 6/25/2014 10:54 AM, Alexander Bokovoy wrote:
On Sun, 22 Jun 2014, Dave Gonzalez wrote:
Hello there everyone David here,

I'm big time Red Hat fan, I work for a company where we have a small 20+ people directory, I'm currently using Samba4 to offer authentication to Openfire, Postfix, Dovecot (using GroupOffice); but I want to switch ebcause samba is a hassle to setup and whenever replication breaks it's nearly impossible to rebuild, anyways, My current environment is Proxmox VE 3 as virtualization platform and many CentOS/RedHat Servers holding my services.

Please excuse me if this was already answered but after I went trhough the archives I coulnd't find anyone facing the same issue, please bear with me as I'm a newbie to FreeIPA and LDAP. I know I'm missing something or doing it wrong but after a week struggling with this setup I decided to call for the help of the experts.

My environment:
FreeIPA Server
CentOS 6.5 x86_64

Mail Server
CentOS 6.5

I've followed these posts from Dale McCartney, whom I've also read his posts around here

None of them seem to work at the moment when using Thunderbird with the server set up as STARTLS Kerberos/GSSAPI -- Thunderbird also reports that

"The kerberos/GSSAPI ticket was not accepted by the IMAP server Please chack that you're logged in to the Kerberos/GSSAPI realm"

with Dovecot I'm getting this

Jun 22 11:01:25 imap-login: Info: Disconnected: Inactivity (no auth attempts): rip=, lip=

I tried manual telnet and use a authenticate gssapi which retuns "+" which means module is indeed loading and the server is gssapi ready for the challenge.

If anyone of you could point me into the right direction I'd really value that.
Following configuration works for me (generated with 'dovecot -n' from
my actual config files):

# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.14.4-200.fc20.x86_64 x86_64 Fedora release 20 (Heisenbug) auth_default_realm = VDA.LI
auth_krb5_keytab = /etc/dovecot/dovecot.keytab
auth_mechanisms = gssapi
auth_realms = VDA.LI
base_dir = /var/run/dovecot/
mail_location = maildir:~/Maildir
mbox_write_locks = fcntl
namespace inbox {
 inbox = yes
 location =  mailbox Drafts {
   special_use = \Drafts
 mailbox Junk {
   special_use = \Junk
 mailbox Sent {
   special_use = \Sent
 mailbox "Sent Messages" {
   special_use = \Sent
 mailbox Trash {
   special_use = \Trash
 prefix = }
passdb {
 driver = pam
userdb {
 driver = passwd
ssl = required
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem

The /etc/dovecot/dovecot.keytab contains the keytab, obtained with
# kinit  admin
# ipa-getkeytab -s `hostname` -p imap/`hostname` -k /etc/dovecot/dovecot.keytab
# chown dovecot /etc/dovecot/dovecot.keytab

Manage your subscription for the Freeipa-users mailing list:
Go To for more info on the project

Reply via email to