-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Erinn
I originally asked the question as I was thinking my auth attempts were failing when using ipa, however this was not the case. On closer inspection, i found that the authentication was successful yet dovecot was failing to read a "missing" mailbox. I found that dovecot was simply missing the mailbox_location directive, detailed below. mail_location = mbox:~/mail:INBOX=/var/mail/%u Once I restarted dovecot with this extra line, the authentication was again validated. I was then prompted to accept the self-signed certificate from dovecot and I was able to retrieve the mail as intended. Does this help clear things up? Dale On 01/30/2012 07:11 PM, Erinn Looney-Triggs wrote: > On 01/30/2012 07:42 AM, Dale Macartney wrote: >> >> Of course Dmitri >> >> Here you go. I was actually trying to resolve this for an automated >> kickstart process anyway. The details specific to dovecot are in the middle. >> >> # Connect server to IPA domain (ensure DNS is working correctly >> otherwise this step will fail) >> ipa-client-install -U -p admin -w mysecretpassword >> >> # install postfix if necessary (installed by default in rhel6) >> yum -y install postfix >> >> # set postfix to start on boot >> chkconfig postfix on >> >> # configure postfix with hostname, domain and origin details >> sed -i 's/#myhostname = host.domain.tld/myhostname = >> servername.example.com/g' /etc/postfix/main.cf >> sed -i 's/#mydomain = domain.tld/mydomain = example.com/g' >> /etc/postfix/main.cf >> sed -i 's/#myorigin = $mydomain/myorigin = $mydomain/g' /etc/postfix/main.cf >> >> # configure postfix to listen on all interfaces >> sed -i 's/#inet_interfaces = all/inet_interfaces = all/g' >> /etc/postfix/main.cf >> sed -i 's/inet_interfaces = localhost/#inet_interfaces = localhost/g' >> /etc/postfix/main.cf >> >> # apply postfix changes >> service postfix restart >> >> # Install dovecot >> yum -y install dovecot >> >> # set dovecot to start on boot >> chkconfig dovecot on >> >> # set dovecot to listen on imap and imaps only >> sed -i 's/#protocols = imap pop3 lmtp/protocols = imap imaps/g' >> /etc/dovecot/dovecot.conf >> >> # point dovecot to required mailbox directory (This is the section that >> was previously failing) >> echo "mail_location = mbox:~/mail:INBOX=/var/mail/%u" >> >> /etc/dovecot/dovecot.conf >> >> # reload dovecot to apply changes >> service dovecot restart >> >> # Apply working IPtables >> cat > /etc/sysconfig/iptables << EOF >> # Generated by iptables-save v1.4.7 on Tue Jan 10 12:17:41 2012 >> *filter >> :INPUT ACCEPT [0:0] >> :FORWARD ACCEPT [0:0] >> :OUTPUT ACCEPT [29:4596] >> -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT >> -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT >> -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT >> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT >> -A INPUT -p icmp -j ACCEPT >> -A INPUT -i lo -j ACCEPT >> -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT >> -A INPUT -j REJECT --reject-with icmp-host-prohibited >> -A FORWARD -j REJECT --reject-with icmp-host-prohibited >> COMMIT >> # Completed on Tue Jan 10 12:17:41 2012 >> EOF >> >> With the above details, I am able to replicate a 100% working IPA >> authenticated mail server, allowing IPA users to retrieve mail via >> imap/imaps. >> >> I hope this helps. >> >> >> Dale >> >> >> >> On 01/30/2012 01:46 PM, Dmitri Pal wrote: >>> On 01/30/2012 07:16 AM, Dale Macartney wrote: >>>> >>>> Hi all >>>> >>>> I'm working on a test lab setup at the moment with RHEL 6.2 running IPA >>>> 2.1 and experimenting with simple mail server setups. . >>>> >>>> I have mail being received base on pam lookups from IPA. The mail server >>>> is tapped into IPA via the ipa-client-install. >>>> >>>> I am using a default install of the dovecot rpm from RHN, and dovecot is >>>> listening via imap/imaps, however all authentication requests fail when >>>> attempting to login via imap.. >>>> >>>> I added the necessary keytabs for imap/mail.example.com and >>>> imaps/mail.example.com to /etc/krb5.keytab but this hasn't allowed >>>> authentication. >>>> >>>> has anyone set up dovecot through IPA before? Any recommendations? >>>> >>>> >>> Hi Dale, >> >>> Will you be so kind to share with the list a little bit more details >> about how to setup Dovecot with IPA? If you can provide step by step >> instructions we would publish them on the FreeIPA wiki. >> >>> Thank you >>> Dmitri >> >> >>>> thanks all >>>> >>>> Dale >>>> >>>> >> >>> _______________________________________________ >>> Freeipa-users mailing list >>> [email protected] <mailto:[email protected]> >>> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> >>> -- >>> Thank you, >>> Dmitri Pal >> >>> Sr. Engineering Manager IPA project, >>> Red Hat Inc. >> >> >>> ------------------------------- >>> Looking to carve out IT costs? >>> www.redhat.com/carveoutcosts/ <http://www.redhat.com/carveoutcosts/> >> >> >> >> >> >>> _______________________________________________ >>> Freeipa-users mailing list >>> [email protected] <mailto:[email protected]> >>> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> >> >> _______________________________________________ >> Freeipa-users mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/freeipa-users > > > So I am a bit confused here, is this working for you or not? It looked > like you were asking a question to begin with, but then at then end you > are saying it is 100% working? > > Just trying to figure out whether you need help, > -Erinn > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPJu1iAAoJEAJsWS61tB+qpT8P/Rwwf4tiKaJycKs93RoogUDh xxCOwA5nScV0aTBqDWqQweWR78DPeUXDAP1CtscmeCeyZnVyyh65ZfJHea9YcL0i o6BedZiZ1nBk3iESZSYnvIZ9Woz4GZwH6S7ZlJgoP8c74+9WwnT6VT6DfwP/8+c4 VYNLJyUNNJHffnCQu24toq4cm4wckKYTrErY6IAVQHgo+lBZMdstnUhWa2q6hRao kXchqFnj+NXNI5mOoEuG8ROqTVimX+PTLaBlkM1d3bErCweprJrybohVscK4WmDy wFELxHsO21YsClMI2BEJcjm0t+8U+EnLNGMTAYKTy3jqvdSOdNBCtz+95MoICdFD 7JcJcrGyyp4Njke0dg8Pe3zVwCFYyPEdccT+CLyVGlUcbByOz+JwFfCaAXLaggYa oQ1Z7Y7LNXEdWl2K9vC3h3kYH7gTItWUYOGUn6MrU6Kzidi2tqZJB8DNqwoH57jc VMNGyaNA3vH806RwbQKmWd5sUl/pWb2GF/5cMm/u+4CP8mdB6lb7D1m2CyNwSdKv 7YnxOPG0+YfhwbbNOyDfNOr0Ov0ldc5P2JzYzEbzH68UAhvnF1WED135oVP+t6q/ 180FDHbml2mlL5iOjJu86pYhBR0OWqOpTaINMsYWOWupMWwpkfoXD275o7rkFv+B VS0bfEtLNBXsRLMXqeIJ =d/X7 -----END PGP SIGNATURE-----
0xB5B41FAA.asc
Description: application/pgp-keys
0xB5B41FAA.asc.sig
Description: PGP signature
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
