Kolab authenticating through Active Directory (Windows AD)

Lucas Hendricks LHendricks at austinent.com
Fri May 8 19:06:17 CEST 2009


OK thanks for that information.  It does say AD prohibits password queries
so the simple setup I was envisioning where Kolab simply queries AD for
authentication seems unlikely.  I played with the saslauthd.conf and got it
to bind but as expected the user logins failed.  That would just be icing on
the cake, I suppose anyway.

Now that I have imapsync working I think I can start pushing people onto
Kolab and make them use horde or outlook(imap)/horde until the production
release of kontact/win is out.  I'm very excited and I hope as I learn new
things I can contribute more to the wiki and maybe eventually the code of
the project (I have a lot of learning to do before that).

Lucas 

-----Original Message-----
From: Ingo Steuwer [mailto:steuwer at univention.de] 
Sent: Friday, May 08, 2009 2:21 AM
To: kolab-users at kolab.org
Subject: Re: Kolab authenticating through Active Directory (Windows AD)

Hi,

Am Freitag, 8. Mai 2009 schrieb Alain Spineux:
> On Thu, May 7, 2009 at 8:03 PM, Lucas Hendricks
>
> <LHendricks at austinent.com> wrote:
> > I have been digging around for the next step in integrating our network
> > with Kolab which would be to have Kolab authenticate against our windows
> > domain. I have been digging in the wiki and around the web, but this is
> > the closest thing I've found from the list in 2004:
> >
> > http://www.kolab.org/pipermail/kolab-users/2004-April/000081.html

I didn't read the post, but you should find tons of informations about 
configuring PAM against AD, either by pam-ldap or by pam-kerberos (I'd
prefer 
the first one). You need to do that for all user-related parts of Kolab,
like 
cyrus, postfix and others. That will need very much testing.

> Another idea :
>
> use pwdump to extract lanman password from your windows SAM.
>
> http://www.openwall.com/passwords/microsoft-windows-nt-2000-xp-2003-vista
>
> compile openldap to support lanman password
> sync your window password into your ldap
>
> I I did it for one user, it works ! But I have no scripts to automate
> the job :-(

Our Active Directory Connector does it exactly that way and works very well 
with our kolab integration. It's open source software:
http://www.univention.de/fileadmin/download/dokumentation_2.2/ucs-ad-connect
or_en.pdf

You may download the deb-source here:
http://apt.univention.de/2.2/maintained/2.2-0/

Maybe the windows-part (password-service) is helpfull for you, the 
Linux-daemon makes heavy use of other parts of our product (Univention 
Directory Manager); they are also open source software but porting them to 
native kolab would be very much work.

Regards,
Ingo

-- 
Ingo Steuwer
Head of Professional Services

Univention GmbH
Linux for your business
Mary-Somerville-Str.1
28359 Bremen
Tel.: +49 421 22232-43
Fax : +49 421 22232-99
Mob : +49 173 2112971

steuwer at univention.de>
http://www.univention.de

Geschäftsführer: Peter H. Ganten
HRB 20755 Amtsgericht Bremen
Steuer-Nr.: 71-597-02876 

_______________________________________________
Kolab-users mailing list
Kolab-users at kolab.org
https://kolab.org/mailman/listinfo/kolab-users




More information about the users mailing list