DoveCot and WinBind configuration

My Linux system is running OpenSuse 13.2 64bit.
I am trying to setup an email server on my OpenSuse server and have Active Directory users mailboxes on the server.
My Windows Domain controller runs Windows Server 2008 R2 and I also have a secondary Windows Server 2012 R2 DC.
I have managed to get Winbind installed and configured and my Active Directory users are able to login to the console of my Linux server or login through SSH so I know this is working.
I have also tried creating a local login on the Linux server and this user is able to login and retrieve emails stored on the server using IMAP. My email client is Microsoft Outlook 2013.
The issue I am having is getting users to be able to authenticate to the OpenSuse email server.

I have tried entering my test user into the username field and this is rejected, the formats I have tried entering for the username are ‘DOMAIN est’ ‘test@domain.com’ and just ‘test’ on it’s own.

If I type service dovecot status the output is shown below. The error appears to be with pam.

Feb 23 20:22:32 hnetweb dovecot[927]: master: Warning: SIGHUP received - reloading configuration
Feb 23 20:22:54 hnetweb auth[25378]: gkr-pam: error looking up user information
Feb 23 20:22:54 hnetweb auth[25378]: pam_unix(dovecot:auth): check pass; user unknown
Feb 23 20:22:54 hnetweb auth[25378]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=test rhost=192.168.0.5
Feb 23 20:22:54 hnetweb auth[25378]: pam_winbind(dovecot:auth): getting password (0x00000190)
Feb 23 20:22:54 hnetweb auth[25378]: pam_winbind(dovecot:auth): pam_get_item returned a password
Feb 23 20:25:54 hnetweb dovecot[25363]: imap-login: Disconnected: Inactivity (auth failed, 1 attempts in 180 secs): user=<test>, method=PLAIN, rip=192.168.0.5, lip=192.168.0.22, session=<C7VTRbwPxwDAqAAF>

Can someone point me into the right place on how to configure Dovecot.

How did you implement the dovecot winbind authentication?

Can you copy paste the revelant section from your dovecot.conf? If you haven’t done it, take a peek here; http://wiki.dovecot.org/HowTo/ActiveDirectoryNtlm under Step 3.

I have configured Dovecot using that exact article you sent a link to but get errors when following step 3.
Dovecot throws errors when you put in the mechanisms line. See the output below the text is “Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 109: Unknown setting: mechanisms”

hnetweb:/etc/dovecot # service dovecot reload
Job for dovecot.service failed. See “systemctl status dovecot.service” and “journalctl -xn” for details.
hnetweb:/etc/dovecot # service dovecot status
dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled)
Active: active (running) (Result: exit-code) since Thu 2015-02-12 23:22:44 NZDT; 1 weeks 4 days ago
Process: 32096 ExecReload=/usr/bin/doveadm reload (code=exited, status=89)
Main PID: 927 (dovecot)
CGroup: /system.slice/dovecot.service
ââ 927 /usr/sbin/dovecot -F
ââ 968 dovecot/anvil
ââ25363 dovecot/logFeb 24 18:35:39 hnetweb dovecot[25363]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 109: Unknown setting: mechanisms
Feb 24 18:35:39 hnetweb dovecot[25363]: config: Error: managesieve-login: dump-capability process returned 89
Feb 24 18:35:39 hnetweb dovecot[25363]: config: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 109: Unknown setting: mechanisms
Feb 24 18:35:39 hnetweb dovecot[927]: master: Error: service(config): command startup failed, throttling for 2 secs
Feb 24 18:35:40 hnetweb doveadm[32096]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 109: Unknown setting: mechanisms

So I removed that line and still get errors when it comes to setting the userdb line message is - Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 113: Unknown setting: mail
See the log below.

Feb 24 20:48:12 hnetweb dovecot[25363]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 113: Unknown setting: mail
Feb 24 20:48:12 hnetweb dovecot[25363]: config: Error: managesieve-login: dump-capability process returned 89
Feb 24 20:48:12 hnetweb dovecot[25363]: config: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 113: Unknown setting: mail
Feb 24 20:48:12 hnetweb dovecot[927]: master: Error: service(config): command startup failed, throttling for 4 secs
Feb 24 20:48:12 hnetweb doveadm[32662]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 113: Unknown setting: mail
hnetweb:/etc/dovecot # nano dovecot.conf
hnetweb:/etc/dovecot # service dovecot status

So here is what I have added into the Dovecot.conf file what I have added in is at the end of the file.
Note I have no issues picking up email for a local user just an Active Directory user. The error message appears to be with PAM but can’t find anything on how to configure this.

hnetweb:/etc/dovecot # nano dovecot.conf
GNU nano 2.3.6 File: dovecot.conf Modified
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}

Most of the actual configuration gets included below. The filenames are

first sorted by their ASCII value and parsed in that order. The 00-prefixes

in filenames are intended to make it easier to understand the ordering.

!include conf.d/*.conf

A config file can also tried to be included without giving an error if

it’s not found:

!include_try local.conf
auth_use_winbind = yes
auth_username_format = %n
auth_winbind_helper_path = /usr/bin/ntlm_auth
disable_plaintext_auth = no

Please post your entire dovecot.conf and encase it in CODE tags;

Like this!

Remove any personally identifiable information first!

Config is as below, changes are added to the bottom of the file, otherwise everything else is pretty much the same as the default file. The protocols also would let me have the imaps or pops entries, saying they are now deprecated.



 
## Dovecot configuration file
# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
# "doveconf -n" command gives a clean output of the changed settings. Use it
# instead of copy&pasting files when posting to the Dovecot mailing list.
# '#' character and everything after it is treated as comments. Extra spaces
# and tabs are ignored. If you want to use either of these explicitly, put the
# value inside quotes, eg.: key = "# char and trailing whitespace  "
# Most (but not all) settings can be overridden by different protocols and/or
# source/destination IPs by placing the settings inside sections, for example:
# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
# Default values are shown for each setting, it's not required to uncomment
# those. These are exceptions to this though: No sections (e.g. namespace {})
# or plugin settings are added by default, they're listed only as examples.
# Paths are also just examples with the real defaults being based on configure
# options. The paths listed here are for configure --prefix=/usr
# --sysconfdir=/etc --localstatedir=/var
#mail_location = mbox:~/mail:INBOX=/var/mail/%u
#mail_debug = yes
# Protocols we want to be serving.
protocols = imap pop3 lmtp
# A comma separated list of IPs or hosts where to listen in for connections.
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
#listen = *, ::
# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/
# Name of this instance. In multi-instance setup doveadm and other commands
# can use -i <instance_name> to select which instance is used (an alternative
# to -c <config_path>). The instance name is also added to Dovecot processes
# in ps output.
#instance_name = dovecot
# Greeting message for clients.
#login_greeting = Dovecot ready.
# Space separated list of trusted network ranges. Connections from these
# IPs are allowed to override their IP addresses and ports (for logging and
# for authentication checks). disable_plaintext_auth is also ignored for
# these networks. Typically you'd specify your IMAP proxy servers here.
#login_trusted_networks =
# Space separated list of login access check sockets (e.g. tcpwrap) login_access_sockets =
# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
# proxying. This isn't necessary normally, but may be useful if the destination
# IP is e.g. a load balancer's IP.
#auth_proxy_self =
# Show more verbose process titles (in ps). Currently shows user name and
# IP address. Useful for seeing who are actually using the IMAP processes
# (eg. shared mailboxes or if same uid is used for multiple accounts).
#verbose_proctitle = no
# Should all processes be killed when Dovecot master process shuts down.
# Setting this to "no" means that Dovecot can be upgraded without
# forcing existing client connections to close (although that could also be
# a problem if the upgrade is e.g. because of a security fix).
#shutdown_clients = yes
# If non-zero, run mail commands via this many connections to doveadm server, instead of
#running them directly in the same process. doveadm_worker_count = 0
# UNIX socket or host:port used for connecting to doveadm server
#doveadm_socket_path = doveadm-server
# Space separated list of environment variables that are preserved on Dovecot
# startup and passed down to all of its child processes. You can also give
# key=value pairs to always set specific settings.
#import_environment = TZ
##
## Dictionary server settings
##
# Dictionary can be used to store key=value lists. This is used by several plugins. The
# dictionary can be accessed either directly or though a dictionary server. The following
# dict block maps dictionary names to URIs when the server is used. These can then be
# referenced using URIs in format "proxy::<name>".
dict {
  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
  #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
# Most of the actual configuration gets included below. The filenames are
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
# in filenames are intended to make it easier to understand the ordering.
!include conf.d/*.conf
# A config file can also tried to be included without giving an error if
# it's not found:
!include_try local.conf
auth_use_winbind = yes
auth_username_format = %n
auth_winbind_helper_path = /usr/bin/ntlm_auth
disable_plaintext_auth = no