AFP548

Mail Service ACL problems – users intermittently cannot authenticate to mail

jdyck
Hey all, I'm really hoping someone out there can offer me some advice or direction to look into... As per instructions in both the AD-OD Integration guide on AFP548 and I believe the AD-OD guide on Mike Bombich's site, I have setup a new OS X Mail server, bound to AD and using the Service ACLs to define which AD groups get access to email. For the most part it is working very well, but I'm getting failures to authenticate from the client email programs, and when I check the logs I'm getting a note that the service ACL is not enabled for the user. If you try again in a few minutes it's fine, so I think this is something to do with the server... [b]Logs look like: [/b] Jul 4 12:55:56 mail imaps[13951]: badlogin from: [IPAddress]. plaintext user: username. service ACL is not enabled for this user Jul 4 12:55:59 mail imaps[13951]: badlogin from: [IPAddress]. plaintext user: username. service ACL is not enabled for this user Jul 4 12:56:06 mail imaps[14542]: badlogin from: [IPAddress]. plaintext user: username. service ACL is not enabled for this user Jul 4 12:56:13 mail imaps[11942]: badlogin from: [IPAddress]. plaintext user: username. service ACL is not enabled for this user Jul 4 12:56:45 mail imaps[14542]: badlogin from: bda150.bis.na.blackberry.com [216.9.249.150]. plaintext user: username. service ACL is not enabled for this user Jul 4 12:56:52 mail imaps[11942]: badlogin from: [IPAddress]. plaintext user: username. service ACL is not enabled for this user Jul 4 12:57:02 mail imaps[11942]: badlogin from: [IPAddress]. plaintext user: username. service ACL is not enabled for this user Jul 4 12:57:07 mail imaps[11942]: badlogin from: [IPAddress]. plaintext user: username. service ACL is not enabled for this user [b]More details of my setup: [/b] Intel X-Serve with X-Serve RAID for data storage. The machine is bound to Active Directory, forward and reverse DNS all look good and test fine if I do one of the changeip -checkhostname commands. In the local NetInfo DB on the server I have defined a group called EMAIL, to which I have added all the Active Directory groups I wish to have email accounts on this server. I am running OS X Server 10.4.10, although this was also happening with 10.4.9 before I updated. Thanks in advance for any assistance anyone can offer. Jeff
Exit mobile version