On 2022-12-14 14:19, Alexander Bokovoy via FreeIPA-users wrote:
Could you please share your Dovecot and krb5 configuration on that
Dovecot server?
It is hard to help without seeing anything.
Sure mate. This was what I could think of that was relevant. If there's
anything missing just ask.
# egrep -v "^#|^$" /etc/dovecot/conf.d/10-auth.conf
auth_realms =
INT.R3PEK.ORG
auth_default_realm =
INT.R3PEK.ORG
auth_username_format = %Ln
auth_gssapi_hostname =
mail01.int.r3pek.org
auth_krb5_keytab = /etc/dovecot/mail.keytab
auth_mechanisms = gssapi plain
!include auth-system.conf.ext
# egrep -v "^\s*#|^$" /etc/dovecot/conf.d/auth-system.conf.ext
passdb {
driver = pam
}
userdb {
driver = passwd
override_fields = home=/email/%Lu
}
# klist -k /etc/dovecot/mail.keytab
Keytab name: FILE:mail.keytab
KVNO Principal
----
--------------------------------------------------------------------------
1 smtp/mail01.int.r3pek.org(a)INT.R3PEK.ORG
1 smtp/mail01.int.r3pek.org(a)INT.R3PEK.ORG
1 smtp/mail01.int.r3pek.org(a)INT.R3PEK.ORG
1 smtp/mail01.int.r3pek.org(a)INT.R3PEK.ORG
1 imap/mail01.int.r3pek.org(a)INT.R3PEK.ORG
1 imap/mail01.int.r3pek.org(a)INT.R3PEK.ORG
1 imap/mail01.int.r3pek.org(a)INT.R3PEK.ORG
1 imap/mail01.int.r3pek.org(a)INT.R3PEK.ORG
# klist -k /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
1 host/mail01.int.r3pek.org(a)INT.R3PEK.ORG
1 host/mail01.int.r3pek.org(a)INT.R3PEK.ORG
1 host/mail01.int.r3pek.org(a)INT.R3PEK.ORG
1 host/mail01.int.r3pek.org(a)INT.R3PEK.ORG
# cat /etc/sssd/sssd.conf
[
domain/int.r3pek.org]
id_provider = ipa
ipa_server = _srv_,
ipa01.int.r3pek.org
ipa_domain =
int.r3pek.org
ipa_hostname =
mail01.int.r3pek.org
auth_provider = ipa
chpass_provider = ipa
access_provider = ipa
cache_credentials = True
ldap_tls_cacert = /etc/ipa/ca.crt
dyndns_update = True
dyndns_iface = enp6s18
krb5_store_password_if_offline = True
[sssd]
services = nss, pam, ssh, sudo
domains =
int.r3pek.org
[nss]
homedir_substring = /home
Thanks.