Agile Tortoise
Greg Pierce’s blog
« Faster DSL Thunderbird 0.8 »
RE: Panther Server mail services and Active Directory
Per my previous post, I’ve been working on getting Active Directory integrated with Panther’s mail services. My prior setup notes work, almost completely…but there’s one hurdle I can’t seem to get past. After puzzling over the exact sequence for awhile, I’ve discovered the problem.
Cyrus won’t let you login until you have received an email on the server. I knew this. Even though I had enabled email for AD accounts, Cyrus was refusing to accept mail for them. Postfix identified the accounts as local and passed the mail on to Cyrus, but it choked claim mail was not enabled for the user.
It appears that, in my current setup, the AD user has to be a member of an AD group with rights to Administer the Panther box at the time they first receive email. After that, I can remove admin privileges and everything works fine, but I guess Cyrus drops privs to the user level and is unable to create the appropriate mailboxes, or authenticate the user at that level.
This is an annoyance, though one I can live with since I don’t have to create all that many new email accounts, but it is quite odd to me. Local users on the Panther box don’t need any special rights to be setup with new mail accounts, so I’m not sure what’s different about the AD users.
