> On Feb 15, 2017, at 3:02 PM, luistkd4 <miguel_flores_san...@hotmail.com>
> wrote:
>
> Viktor I change my smtpd.com, follow:
>
> log_level: 7
> pwcheck_method: auxprop
> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
> saslauthd_path: /var/run/saslauthd/mux
> ntlm_v2: yes
> ntlm_server: serverad.local
>
> ntlm_server i set my active directory, so now I can connect but have new
> error:
> SASL NTLM authentication failed: generic failure
>
> Maybe like you tell I need be member of windows domain?
Well, that's why I said it. What's more even with the host a member of the
domain, the process doing the NTLM check needs to have sufficient privilege
to access appropriate Windows credentials so that the Windows DC will allow
it to perform what amount to online dictionary attacks. Presumably the
Cyrus saslauthd (likely running as root) will have the relevant access and
the NTLM SASL module will know where to find the credentials, assuming that
the software you use to join the domain sets everything up in the way that
SASL expects.
You're getting yourself into a rather advanced configuration that requires
interoperability between many independently designed systems. Good luck!
--
Viktor.
