On 01/30/2012 07:42 AM, Dale Macartney wrote: > > Of course Dmitri > > Here you go. I was actually trying to resolve this for an automated > kickstart process anyway. The details specific to dovecot are in the middle. > > # Connect server to IPA domain (ensure DNS is working correctly > otherwise this step will fail) > ipa-client-install -U -p admin -w mysecretpassword > > # install postfix if necessary (installed by default in rhel6) > yum -y install postfix > > # set postfix to start on boot > chkconfig postfix on > > # configure postfix with hostname, domain and origin details > sed -i 's/#myhostname = host.domain.tld/myhostname = > servername.example.com/g' /etc/postfix/main.cf > sed -i 's/#mydomain = domain.tld/mydomain = example.com/g' > /etc/postfix/main.cf > sed -i 's/#myorigin = $mydomain/myorigin = $mydomain/g' /etc/postfix/main.cf > > # configure postfix to listen on all interfaces > sed -i 's/#inet_interfaces = all/inet_interfaces = all/g' > /etc/postfix/main.cf > sed -i 's/inet_interfaces = localhost/#inet_interfaces = localhost/g' > /etc/postfix/main.cf > > # apply postfix changes > service postfix restart > > # Install dovecot > yum -y install dovecot > > # set dovecot to start on boot > chkconfig dovecot on > > # set dovecot to listen on imap and imaps only > sed -i 's/#protocols = imap pop3 lmtp/protocols = imap imaps/g' > /etc/dovecot/dovecot.conf > > # point dovecot to required mailbox directory (This is the section that > was previously failing) > echo "mail_location = mbox:~/mail:INBOX=/var/mail/%u" >> > /etc/dovecot/dovecot.conf > > # reload dovecot to apply changes > service dovecot restart > > # Apply working IPtables > cat > /etc/sysconfig/iptables << EOF > # Generated by iptables-save v1.4.7 on Tue Jan 10 12:17:41 2012 > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [29:4596] > -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT > -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > -A INPUT -p icmp -j ACCEPT > -A INPUT -i lo -j ACCEPT > -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT > -A INPUT -j REJECT --reject-with icmp-host-prohibited > -A FORWARD -j REJECT --reject-with icmp-host-prohibited > COMMIT > # Completed on Tue Jan 10 12:17:41 2012 > EOF > > With the above details, I am able to replicate a 100% working IPA > authenticated mail server, allowing IPA users to retrieve mail via > imap/imaps. > > I hope this helps. > > > Dale > > > > On 01/30/2012 01:46 PM, Dmitri Pal wrote: >> On 01/30/2012 07:16 AM, Dale Macartney wrote: >> > >>> Hi all >>> >>> I'm working on a test lab setup at the moment with RHEL 6.2 running IPA >>> 2.1 and experimenting with simple mail server setups. . >>> >>> I have mail being received base on pam lookups from IPA. The mail server >>> is tapped into IPA via the ipa-client-install. >>> >>> I am using a default install of the dovecot rpm from RHN, and dovecot is >>> listening via imap/imaps, however all authentication requests fail when >>> attempting to login via imap.. >>> >>> I added the necessary keytabs for imap/mail.example.com and >>> imaps/mail.example.com to /etc/krb5.keytab but this hasn't allowed >>> authentication. >>> >>> has anyone set up dovecot through IPA before? Any recommendations? >>> >>> >> Hi Dale, > >> Will you be so kind to share with the list a little bit more details > about how to setup Dovecot with IPA? If you can provide step by step > instructions we would publish them on the FreeIPA wiki. > >> Thank you >> Dmitri > > >>> thanks all >>> >>> Dale >>> >>> > >> _______________________________________________ >> Freeipa-users mailing list >> [email protected] <mailto:[email protected]> >> https://www.redhat.com/mailman/listinfo/freeipa-users > > >> -- >> Thank you, >> Dmitri Pal > >> Sr. Engineering Manager IPA project, >> Red Hat Inc. > > >> ------------------------------- >> Looking to carve out IT costs? >> www.redhat.com/carveoutcosts/ <http://www.redhat.com/carveoutcosts/> > > > > > >> _______________________________________________ >> Freeipa-users mailing list >> [email protected] <mailto:[email protected]> >> https://www.redhat.com/mailman/listinfo/freeipa-users > > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users
So I am a bit confused here, is this working for you or not? It looked like you were asking a question to begin with, but then at then end you are saying it is 100% working? Just trying to figure out whether you need help, -Erinn
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
