Op 29-8-2010 20:51, Egbert Jan van den Bussche schreef:
Hi,
I'm fighting all weekend on with auth and pam to authenticate local
system users. testuser is such local user and is in passwd and shadow. I
want to have local system users (testuser is one of them) and virtual
users. The virtual part works fine but I cannot get the local user to
connect.
Still pam fails finding the user. The suggested password mismatch at the
end is, in my eyes, because there is no user in the first place. I
verified the password by interactive login to the account. The pam
module (dovecot) is just the default file with three @includes in it.
Syslog:
Aug 29 20:18:02 mail-dev dovecot: auth(default): client in:
AUTH#0112#011LOGIN#011service=imap#011lip=2a02:968:1:2:212:72:224:16#011rip=2001:888:1740:10:250:daff:fe41:4d1c#011lport=143#011rport=1093
Aug 29 20:18:02 mail-dev dovecot: auth(default): client out:
CONT#0112#011VXNlcm5hbWU6
Aug 29 20:18:02 mail-dev dovecot: auth(default): client in:
CONT#0112#011dGVzdHVzZXI=
Aug 29 20:18:02 mail-dev dovecot: auth(default): client out:
CONT#0112#011UGFzc3dvcmQ6
Aug 29 20:18:02 mail-dev dovecot: auth(default): client in:
CONT#0112#011dmF4dm1z
Aug 29 20:18:02 mail-dev dovecot: auth-worker(default):
pam(testuser,2001:888:1740:10:250:daff:fe41:4d1c): lookup service=dovecot
Aug 29 20:18:02 mail-dev dovecot: auth-worker(default):
pam(testuser,2001:888:1740:10:250:daff:fe41:4d1c): #1/1 style=1
msg=Password:
Aug 29 20:18:02 mail-dev dovecot: auth(default):
cache(testuser,2001:888:1740:10:250:daff:fe41:4d1c): miss
Aug 29 20:18:04 mail-dev dovecot: auth(default):
cache(testuser,2001:888:1740:10:250:daff:fe41:4d1c): hit:
Aug 29 20:18:04 mail-dev dovecot: auth(default):
cache(testuser,2001:888:1740:10:250:daff:fe41:4d1c): User unknown
Aug 29 20:18:04 mail-dev dovecot: auth-worker(default):
pam(testuser,2001:888:1740:10:250:daff:fe41:4d1c): pam_authenticate()
failed: Authentication failure (password mismatch?) (given password:
xxxxxxxx)
Aug 29 20:18:06 mail-dev dovecot: auth(default): client out:
FAIL#0112#011user=testuser
Relevant settings in dovecot:
r...@mail-dev:/etc/dovecot# dovecot -n
# 1.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-24-server x86_64 Ubuntu 10.04.1 LTS ext4
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imap pop3 imaps pop3s managesieve
listen: *, [::]
ssl_cert_file: /etc/ssl/certs/ssl-mail.pem
ssl_key_file: /etc/ssl/private/ssl-mail.key
ssl_cipher_list:
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
disable_plaintext_auth: no
verbose_ssl: yes
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
login_executable(managesieve): /usr/lib/dovecot/managesieve-login
mail_max_userip_connections(default): 10
mail_max_userip_connections(imap): 10
mail_max_userip_connections(pop3): 3
mail_max_userip_connections(managesieve): 10
mail_privileged_group: mail
mail_location: maildir:/home/vmail/%d/%n:INDEX=/home/vmail/%d/%n
mail_debug: yes
mbox_write_locks: fcntl dotlock
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_executable(managesieve): /usr/lib/dovecot/managesieve
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
imap_client_workarounds(default): outlook-idle delay-newmail
imap_client_workarounds(imap): outlook-idle delay-newmail
imap_client_workarounds(pop3):
imap_client_workarounds(managesieve):
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
pop3_client_workarounds(managesieve):
lda:
postmaster_address: postmaster
deliver_log_format: msgid=%m: %$
rejection_reason: Your message to <%t> was automatically rejected:%n%r
auth_socket_path: /var/run/dovecot/auth-master
auth default:
mechanisms: plain login
realms: kader.hcc.nl hobby.nl
cache_size: 1024
user: vmail
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: pam
args: setcred=yes failure_show_msg=yes cache_key=%u dovecot
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
userdb:
driver: passwd
userdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/dovecot-auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
group: vmail
Where should I look further for this dovecot pam problem? Is there such
a thing as pam debugging?
TIA
Egbert Jan
Answering to myself:
Auth user needs to be root not vmail. Restrictions on shadow make it
neccessary to do the auth and read shadow!!!!
Also needed to add mail=aildir:~/Maildir in the userdb passwd to
override the default setting for virtual users
(/home/vmail/domain/user/Maildir)
Egbert Jan
