On (12/09/17 09:24), Edouard Guigné wrote:
Hello dear SSSD Users,
I would like to get informations concerning postfix cyrus sasl vs sssd
authentication.
My goal is that users using my mail server (postfix and imap server cyrus) to
be able to authenticate against AD.
It suppose postfix and cyrus configured with sasl, and sasl configured to use
pam.
Pam should be configured to use SSSD against AD....
[Postfix / Cyrus <==> sasl (pam) <==> SSSD] .... <===> [MY Microsoft
Windows
Server Active Directory]
I would like to know if someone has already used this configuration. Does it
work ?
If yes, may you explain me the packages to install on centos 7, and the file
configuration ?
saslauthd.conf ? cyrusd.conf ? main.cf (postfix)
I think I could as well use FreeIPA instead of Windows AD server, if SSSD is
configured in this way.
But I am not very used with FreeIPA and AD trust for the moment.
Otherwise, I found this link
http://linux-blog.anracom.com/2014/03/17/sasl-mit-pam-sssd-ldap-unter-ope...
This explains how to configure against ldap backend. I intend to do the same,
with AD server instead of Ldap.
That blog post mentioned testsaslauthd utility which might and it works for me
quite good. (I had sssd already configured)
So I just started saslauthd.service and configure "imap" pam service
/etc/pam.d/imap
sh# systemctl start saslauthd
sh# vi /etc/pam.d/imap
sh$ testsaslauthd -u testuser -p SecretPassword
0: OK "Success."
and journald contained info about success
Sep 13 16:34:18
host.example.com saslauthd[30340]: pam_sss(imap:auth):
authentication success; logname= uid=0 euid=0 tty= ruser= rhost=
user=testuser
I am not sure how to help more
LS