Forum Replies Created

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • November 21, 2008 at 7:44 pm in reply to: AD users canĀ“t use the 10.4 mail service #374832
    emailman
    Participant

    One difference in my case was I wasn’t using OD groups (although we do have an OD server). I just added the AD groups to the Mail SACL. We’re no longer using that mail system, so I can’t check the settings, but I remember reading in the OD/AD integration docs on afp548.com to put the AD group inside an OD group and grant access (SACL) to the OD group. Did you say you tried that? Some things to check: Do the AD users have the mail property filled in with their e-mail address? Can you open Terminal and run the id command against an AD user and see his/her group membership?

    $ id johndoe

    February 2, 2007 at 10:38 pm in reply to: Occasional mail auth failures for AD users in a service ACL #368195
    emailman
    Participant

    Upgrading to 10.4.8 seemed to fix the issue. Hallelujah!

    Apple’s notes included
    – directory service usage affecting Mail server performance

    November 14, 2006 at 8:02 pm in reply to: cyrus rehash script: from basic to full hash #367596
    emailman
    Participant

    Update…
    I ran my inefficiently modified rehash script and it worked.
    Sadly, I discovered that disk I/O isn’t the main problem but rather communication with one of our Windows DCs. The Xserve occasionally fails authentication when receiving mail for Active Directory users or when AD users log in to webmail. The AD user groups are listed in the mail SACL.
    /var/log/mailaccess.log shows some of the following types of entries [code]lmtpunix[8927]: warning: unable to post message for user: (user), service ACL is not enabled for this user

    imap[19322]: badlogin from: localhost [::1]. plaintext user: (user). service ACL is not enabled for this user[/code]If I don’t come to any conclusion after some more research, I may post that issue in the Active Directory forum.

    November 2, 2006 at 3:05 pm in reply to: cyrus reconstruct not reconstructing IMAP mailbox properly #367508
    emailman
    Participant

    I’m no pro and have no idea how/why there are extra hard links, but have you tried searching for the hard links and (if you think they’re not necessary) unlinking them?

    December 20, 2005 at 4:04 pm in reply to: 10.4 Tiger – Setup of Virtual Hosts for Mail #364488
    emailman
    Participant

    Take 3…

    postfix/lmtp[258]: 888E43F2B0: to=<[email protected]>, relay=/var/imap/socket/lmtp[/var/imap/socket/lmtp], delay=39, status=bounced (host /var/imap/socket/lmtp[/var/imap/socket/lmtp] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO command))

    December 20, 2005 at 4:02 pm in reply to: 10.4 Tiger – Setup of Virtual Hosts for Mail #364487
    emailman
    Participant

    Sorry, forgot to encode the angle brackets for the recipient address in the mail log entry I posted.

    postfix/lmtp[258]: 888E43F2B0: to=, relay=/var/imap/socket/lmtp[/var/imap/socket/lmtp], delay=39, status=bounced (host /var/imap/socket/lmtp[/var/imap/socket/lmtp] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO command))

    December 20, 2005 at 3:58 pm in reply to: 10.4 Tiger – Setup of Virtual Hosts for Mail #364486
    emailman
    Participant

    I have the same question.

    I’m at a roadblock trying to get the virtual host addresses mapped to my bound AD users. This wasn’t covered in the AD-OD whitepaper. I’m using a SACL on the Mail service (currently allowing only 1 AD group). Postfix receives mail fine, however it bounces when passing the mail off to Cyrus:

    postfix/lmtp[258]: 888E43F2B0: to=, relay=/var/imap/socket/lmtp[/var/imap/socket/lmtp], delay=39, status=bounced (host /var/imap/socket/lmtp[/var/imap/socket/lmtp] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO command))

    December 2, 2005 at 3:00 pm in reply to: Limit login on Server to AD Domain Admins #364271
    emailman
    Participant

    I rebooted the server and connected WGM and noticed that now the admins DO have “administer this server” checked.

    However, the program will often spin its wheels and the credential cache and/or WGM will often peg the processor and resource usage soars. I don’t know if it’s due to the quantity of AD users–it’s pulling over 7,000 entries. After talking with an Apple rep, he said 10.4’s AD integration works much better than 10.3’s. So he sent me a 60-day demo of Server. I’m going to give that a shot.

    (FYI: Our server room isn’t locked during the day. Any offenders simply get taken out back and shot. We have a clean record so far. :>)

    November 8, 2005 at 10:08 pm in reply to: Unable to bind OS X Server 10.3.9 to AD (Win2K3) #364012
    emailman
    Participant

    Thanks! I got it bound by using a Domain Admin’s credentials. Also, it didn’t like the OU in which I was attempting to put it, but it bound fine in the default OU (“CN=Computers,DC=ac2”). This might be due to policy/permissions on the other OU.

    > Have you entered your AD DNS ip-address as the only specified DNS server in your network preferences on the Mac OS X Server?

    I have 2 DNS servers in the prefs (both being Win2K3 DCs). I left that unchanged. I did however prefer a DC for the bind.

  • Author
    Posts
Viewing 9 posts - 1 through 9 (of 9 total)
Copyright © 2025 AFP548. All Rights Reserved.