-
-
Notifications
You must be signed in to change notification settings - Fork 447
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NO AUTHENTICATE failed on Exchange 2007 with impersonation, only for some users #417
Comments
I forgot I've already posted this issue here : #383. |
No real clue since I don't use Exchange. |
All permissions have been set, in many different ways (Powershell, graphic interface, at organization level, database level, personal level...) Nothing change. --debugimap1 doesn't give more information. |
Hi, I have exactly the same problem. Did you solve this issue? |
No, I've finally used a form to get and store securely user's password during the migration process. Impersonation was used on the dovecot side, but real user/password on the Exchange side. |
OK, thats for me not possible. I have 4300 Accounts to migrate. @gilleslamiral do you need some infos for helping us? |
I don't know Exchange but I know some users could do Admin authentication for the whole lineage Exchange 2003/2007/2010/2013/2016
I just reported what users told me, what worked for them. |
We are leaving an old Exchange 2007 server for a brand new postfix/dovecot one. I would like to use impersonation on both sides to prepare the migration.
I found a working syntax for a lots of users, despite of character encoding issue in the password, using a PHP script and utf8_decode function (if someone is interested by this part, call me !), the working syntax is :
imapsync --host1 10.30.50.5 --user1 formation-4 --authuser1 adminexch --password1 MASKED --host2 localhost --user2 formation-4+dovecotmaster --password2 MASKED --tls1 --nosslcheck --sslargs1 SSL_version=TLSv1 --delete2 --exclude ^Calendar$ --exclude ^Calendrier$ --exclude ^Contacts$ --exclude ^Flux RSS$ --exclude ^Journal$ --exclude ^Junk E-Mail$ --exclude ^Notes$ --exclude Probl* --exclude ^Tasks$ --exclude ^Tâches$ --exclude ^T&AOI-che$ --exclude ^Contacts sugg* --automap --f1f2 &AMk-l&AOk-ments supprim&AOk-s=Corbeille
It works like a charm with this user and many others. BUT !
For some users (most recently created in active directory ?), this very same command does not work at all, and I get the famous NO AUTHENTICATE :
I've double checked on the Exchange and Active Directory sides, all the properties are exactly the same for the working user "formation-4" and the non-workin user "bob". Impersonation rights for adminexch is set on the server scope (there is only one server, having all exchange roles), full access everywhere for adminexch.
Note that we also have troubles with Outlook Web Access for these most recent users. They can't connect to OWA. But another IMAP client is able to connect them with no issue. Not sure if it's related to the failing impersonation.
Edit : I've found at least one account which is working with OWA and not working with impersonation. I suppose this information is not relevant.
I've tried all the syntaxes proposed in the exchange faq (adminexch\domain\user and variants...) with no luck. I think the problem is not here, as I can sync many accounts with the syntax provided earlier.
If you have any idea, I'm stuck her since few days now...
The text was updated successfully, but these errors were encountered: