Hello dear SSSD Users,
I would like to get informations concerning postfix cyrus sasl vs sssd authentication.
My goal is that users using my mail server (postfix and imap server cyrus) to be able to authenticate against AD. It suppose postfix and cyrus configured with sasl, and sasl configured to use pam. Pam should be configured to use SSSD against AD....
[Postfix / Cyrus <==> sasl (pam) <==> SSSD] .... <===> [MY Microsoft Windows Server Active Directory]
I would like to know if someone has already used this configuration. Does it work ? If yes, may you explain me the packages to install on centos 7, and the file configuration ? saslauthd.conf ? cyrusd.conf ? main.cf (postfix)
I think I could as well use FreeIPA instead of Windows AD server, if SSSD is configured in this way. But I am not very used with FreeIPA and AD trust for the moment.
Otherwise, I found this link http://linux-blog.anracom.com/2014/03/17/sasl-mit-pam-sssd-ldap-unter-opensu... This explains how to configure against ldap backend. I intend to do the same, with AD server instead of Ldap.
Best Regards
On (12/09/17 09:24), Edouard Guigné wrote:
Hello dear SSSD Users,
I would like to get informations concerning postfix cyrus sasl vs sssd authentication.
My goal is that users using my mail server (postfix and imap server cyrus) to be able to authenticate against AD. It suppose postfix and cyrus configured with sasl, and sasl configured to use pam. Pam should be configured to use SSSD against AD....
[Postfix / Cyrus <==> sasl (pam) <==> SSSD] .... <===> [MY Microsoft Windows Server Active Directory]
I would like to know if someone has already used this configuration. Does it work ? If yes, may you explain me the packages to install on centos 7, and the file configuration ? saslauthd.conf ? cyrusd.conf ? main.cf (postfix)
I think I could as well use FreeIPA instead of Windows AD server, if SSSD is configured in this way. But I am not very used with FreeIPA and AD trust for the moment.
Otherwise, I found this link http://linux-blog.anracom.com/2014/03/17/sasl-mit-pam-sssd-ldap-unter-opensu... This explains how to configure against ldap backend. I intend to do the same, with AD server instead of Ldap.
That blog post mentioned testsaslauthd utility which might and it works for me quite good. (I had sssd already configured) So I just started saslauthd.service and configure "imap" pam service /etc/pam.d/imap
sh# systemctl start saslauthd sh# vi /etc/pam.d/imap
sh$ testsaslauthd -u testuser -p SecretPassword 0: OK "Success."
and journald contained info about success
Sep 13 16:34:18 host.example.com saslauthd[30340]: pam_sss(imap:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=testuser
I am not sure how to help more
LS
sssd-users@lists.fedorahosted.org