I try to use windbind rule to authenticate users in dovecot login procedure.
/etc/nsswitch.conf file:
passwd: files winbind
shadow: files winbind
group: files winbind

I setup in PAM config file /etc/pam.d/dovecot
auth        required      pam_env.so debug
auth        sufficient    pam_unix.so likeauth nullok
auth        sufficient    pam_winbind.so use_first_pass
auth        required      pam_deny.so


when I try logon from my console to dovecot (pop3 server):

# telnet komp14 110
Trying 10.10.10.38...
Connected to komp.xxx.xxx (10.10.10.38).
Escape character is '^]'.
+OK Dovecot ready.
user tt1
+OK
pass xxxxxxxxx
-ERR Authentication failed.
quit
+OK Logging out
Connection closed by foreign host.

Of course password is corret.

In the logs files I can find log of the telnet command to dovecot. In the file /var/log/auth.log

Mar 23 10:37:50 komp14 dovecot-auth: pam_unix(dovecot:auth):
authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=
tt1 rhost=10.10.10.38  user=tt1
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] ENTER: pam_sm_authenticate (flags: 0x0000)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_SERVICE) = "dovecot" (0x15c
fe00)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_USER) = "tt1" (0x15cfe20)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_TTY) = "dovecot" (0x15cbfa0
)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_RHOST) = "10.10.10.38" (0x1
5cbf60)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_RUSER) = "tt1" (0x15cbf80)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_AUTHTOK) = 0x15cc070
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_CONV) = 0x15cfe40
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): getting
password (0x00001011)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth):
pam_get_item returned a password
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): Verify
user 'tt1'
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): request
wbcLogonUser succeeded
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): user 'tt1'
granted access
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): Returned
user was 'tt1'
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] LEAVE: pam_sm_authenticate returning 0 (PAM
_SUCCESS)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_SERVICE) = "dovecot" (0x15c
fe00)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_USER) = "tt1" (0x15d6d30)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_TTY) = "dovecot" (0x15cbfa0
)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_RHOST) = "10.10.10.38" (0x1
5cbf60)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_RUSER) = "tt1" (0x15cbf80)
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_AUTHTOK) = 0x15cc070
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: ITEM(PAM_CONV) = 0x15cfe40
Mar 23 10:37:50 komp14 dovecot-auth: pam_winbind(dovecot:auth): [pamh:
0x15cfc80] STATE: DATA(PAM_WINBIND_LOGONSERVER) = "WBP
4" (0x15d6ed0)
Mar 23 10:37:50 komp14 dovecot-auth: PAM [pamh: 0x15cfc80] CLEAN: cleaning
up PAM data 0x15d6ed0 (error_status = 7)

in the dovecot log file /var/log/dovecot/info.log we have
Mar 23 10:37:50 pop3-login: Info: Aborted login (auth failed, 1 attempts):
user=<tt1>, method=PLAIN, rip=10.10.10.38, lip=10.10.10.38, secured

but in dovecot error log file /var/log/dovecot/error.log we have:
Mar 23 10:37:50 auth-worker(default): Error: pam(tt1,10.10.10.38):
pam_acct_mgmt() failed: Authentication failure