postfix and dovecot NTLM issue

Arokh

New member
Joined
Oct 15, 2015
Messages
1
Hi to all admins,

I am an administrator from germany. Sorry for my not so perfect English ;)

I have a problem regarding dovecot & postfix.
I am using dovecot for MS Active Directory NTLM authenticiation with postfix on port 25 and 587, which works very well. Users are able to authenticate and send emails:

Code:
Oct 14 12:14:49 postfix-test2 dovecot: auth(default): new auth connection: pid=28786
Oct 14 12:14:49 postfix-test2 dovecot: auth(default): client in: AUTH   1       NTLM    service=smtp    nologin lip=1.2.3.4        rip=1.2.3.4       resp=<hidden>
Oct 14 12:14:49 postfix-test2 dovecot: auth(default): client out: CONT  1       zAHQAMgAuAHMAbQBhAHMAbwAuAGQAYgAuAGQAZQAAAAAA
Oct 14 12:14:49 postfix-test2 dovecot: auth(default): client in: CONT<hidden>
Oct 14 12:14:49 postfix-test2 dovecot: auth(default): client out: OK    1       user=testuser

I used this recipe to configure postfix,dovecot and samba & kerberos client: http://www.tummy.com/software/vpostmaster/recipes/dovecotsasl.html

My problem is: I have to limit authenticated users to a specified AD group, let's say group "mail".

for example:

[email protected] uses NTLM authentication succesfull ,is member of AD group "mail" and therefore is allowed to send mails.
[email protected] uses NTLM authentication as well, but is NOT member of "mail" - this should lead to an "access denied" by dovecot / postfix.

How can I combine those 2 rules without touching the AD ?

Checking AD membership of a user can be solved by using an LDAP query like (memberOf=cn=mail) or by a script, which writes a db file for using in dovecot / postfix. The problem is to combine those query in dovecot / postfix with a succesful NTLM authentication.

If you need any further information like code snipets etc. please let me know.

thanks in advance for answers.
 
Back
Top