Re: [Dovecot] Can't get authentication for masterusers on Mac OS X Server 10.6.8
Hi I'm esperiencing the same issue during the import from OSX Server to Zimbra. Did you succeded in your migration? can you share some suggestion about that? Thanks in advance for your help. -- Best regards, Giuseppe Chiesa
Re: [Dovecot] Can't get authentication for masterusers on Mac OS X Server 10.6.8
On Tue, 4 Mar 2014, dovecot-requ...@dovecot.org wrote: #telnet mailserv.example.com 143 Connected to mailserv.example.com. Escape character is '^]'. * OK Dovecot ready. 1 login myusername myPassword 1 OK Logged in. 1 logout * BYE Logging out 1 OK Logout completed. Connection closed by foreign host. This does not test what you want, which is trying to authenticate the master user, not the regular user. From what I remember of your config, you have another passdb which holds the credentials of your master user: you need to check that file to make sure the master user's password (hash) matches what you think the master password ought to be. Joseph Tam
Re: [Dovecot] Can't get authentication for masterusers on Mac OS X Server 10.6.8
Ok I've enabled dovecot's "auth_verbose" and "auth_debug" mode along with syslog facility to debug mode, so here's the output: 1. So first when trying to login with "myusername*master": #telnet mailserv.example.com 143 Connected to mailserv.example.com. Escape character is '^]'. * OK Dovecot ready. 1 login myusername*master myMasterPassword 1 NO Authentication failed. 1 logout * BYE Logging out 1 OK Logout completed. Connection closed by foreign host. It failshere's then the debug logout: Mar 4 16:09:14 mailserv dovecot[9253]: auth(default): client in: AUTH 14 PLAIN service=imapsecured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=63994 resp=AGdpbGxlcyplY2dzYWRtaW4AdGVzdA== Mar 4 16:09:14 mailserv dovecot[9253]: auth(default): passwd-file(master,127.0.0.1,master): lookup: user=master file=/etc/dovecot/passwd.masterusers Mar 4 16:09:14 mailserv dovecot[9253]: auth(default): passdb(master,127.0.0.1,master): Master user logging in as myusername Mar 4 16:09:14 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): mail SACL is enabled; overriding settings in user record Mar 4 16:09:14 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): found user in local table: user=myusername Mar 4 16:09:14 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): Credentials could not be verified username or password is invalid. Mar 4 16:09:16 mailserv dovecot[9253]: auth(default): client out: FAIL 14 user=myusername Mar 4 16:09:24 mailserv dovecot[9253]: imap-login: Aborted login (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 4 16:09:24 mailserv dovecot[9253]: auth(default): new auth connection: pid=9278 2. Well here's with "myusername" login, which is succesful: #telnet mailserv.example.com 143 Connected to mailserv.example.com. Escape character is '^]'. * OK Dovecot ready. 1 login myusername myPassword 1 OK Logged in. 1 logout * BYE Logging out 1 OK Logout completed. Connection closed by foreign host. Logout: Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): client in: AUTH 65 PLAIN service=imapsecured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=64184 resp=AGdpbGxlcwB0PWcxbGwzc3B3IQ== Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): mail SACL is enabled; overriding settings in user record Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): found user in local table: user=myusername Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): client out: OK 65 user=myusername Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): master in: REQUEST 80 927665 Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): lookup user=myusername Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): found user in local table: user=myusername Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): record name=myusername, uid=1030, gid=20 Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): user=myusername, quota=*:storage=1024 Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): data store location=maildir:/var/spool/imap/dovecot/mail/396B158B-27A9-4827-99AF-CBF65F85C407 Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): master out: USER 80 myusername uid=1030gid=20 quota=maildir:User quota:noenforcing quota_rule=*:storage=1024 mail=maildir:/var/spool/imap/dovecot/mail/396B158B-27A9-4827-99AF-CBF65F85C407 mail_location=maildir:/var/spool/imap/dovecot/mail/396B158B-27A9-4827-99AF-CBF65F85C407 sieve=/var/spool/imap/dovecot/sieve-scripts/396B158B-27A9-4827-99AF-CBF65F85C407/dovecot.sieve sieve_dir=/var/spool/imap/dovecot/sieve-scripts/396B158B-27A9-4827-99AF-CBF65F85C407 sieve_storage=/var/spool/imap/dovecot/sieve-scripts/396B158B-27A9-4827-99AF-CBF65F85C407 Mar 4 16:22:42 mailserv dovecot[9253]: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): new auth connection: pid=9276 Mar 4 16:22:46 mailserv dovecot[9253]: IMAP(*): User myusername: Disconnected: Logged out bytes=8/43 Any thoughts ? Cheers, Gilles On 03 Mar 2014, at 21:48, l...@grootstyr.eu wrote: > Try getting more verbose logs using dovecot's logging mechanisms. >auth_verbose=yes >auth_debug=yes > It seems that you aren't authenticating your master users against your > passwd file, instead you are authenticating against your OpenDirectory.
Re: [Dovecot] Can't get authentication for masterusers on Mac OS X Server 10.6.8
Try getting more verbose logs using dovecot's logging mechanisms. auth_verbose=yes auth_debug=yes It seems that you aren't authenticating your master users against your passwd file, instead you are authenticating against your OpenDirectory.
Re: [Dovecot] Can't get authentication for masterusers on Mac OS X Server 10.6.8
If I do a:
>telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK Dovecot ready.
1 login myusername*masterAdmin masterAdminPassword
1 NO Authentication failed.
1 logout
* BYE Logging out
1 OK Logout completed.
Connection closed by foreign host.
the only logging that I get is this one from /var/log/system.log
Mar 3 16:54:22 mymailserver dovecot[38455]: auth(default):
od(myusername,127.0.0.1): Credentials could not be verified username or
password is invalid.
On 03 Mar 2014, at 16:41, l...@grootstyr.eu wrote:
> Since you've defined verbose auth logging you should get some
> interesting log files about your failed login attempts that could point
> us in the right direction.
>
> Matthijs
>
> On Mon, Mar 03, 2014 at 03:37:31PM +0100, Gilles Celli wrote:
>> Hi dovecot masters,
>>
>> This is my first post here, since I desperately need some advices from the
>> dovecot community.
>> I've tried to get an answer on the Apple Forums but til now no luckhere
>> we go:
>>
>> I've tried to sync our users emails (Mac OS X Server 10.6.8 Snow Leopard
>> with dovecot 1.1.20-apple0.5) via imapsync
>> to our new server by using the masterusers authentication method on the old
>> 10.6.8 server...
>>
>> The main problem on OS X Server 10.6.8 is that dovecot 1.1.20 uses the OD
>> (OpenDirectory) driver (well I think),
>> so that when following the directions of Master users/password from this
>> page I can't login with the
>> http://wiki1.dovecot.org/Authentication/MasterUsers
>>
>> I couldn't find anything on the OD driver directivethe dovecot
>> 1.1.20-apple build doesn't even have the shadow driver built in (see below
>> the dovecot --build-options),
>> so that passdb shadow {} won't work anyway
>>
>>
>> I always get NO Authentication failed, when trying the following:
>>> telnet localhost 143
>> Trying 127.0.0.1...
>> Connected to localhost.
>> Escape character is '^]'.
>> * OK Dovecot ready.
>> 1 login user1*mailadmin PASSWORD
>> 1 NO Authentication failed.
>>
>> I've tried also to add a Post-login scripting like described here, but no
>> luck either:
>> http://www.stefanux.de/wiki/doku.php/server/dovecot
>>
>> Does someone know how to fix my migration issue ?
>>
>> Any help is greatly appreciated.
>>
>> Gilles
>>
>> Here's my dovecot :
>>
>>> dovecotd --build-options
>> Build options: ioloop=kqueue notify=kqueue ipv6 openssl
>> Mail storages: maildir mbox dbox cydir raw
>> SQL drivers:
>> Passdb: checkpassword od pam passwd passwd-file
>> Userdb: od passwd passwd-file prefetch static
>>
>>
>> Here's my dovecot -n output:
>>
>>> dovecotd -n
>>
>> # 1.1.20apple0.5: /private/etc/dovecot/dovecot.conf
>> Warning: fd limit 256 is lower than what Dovecot can use under full load
>> (more than 306). Either grow the limit or change login_max_processes_count
>> and max_mail_processes settings
>> # OS: Darwin 10.8.0 i386 hfs
>> base_dir: /var/run/dovecot
>> syslog_facility: local6
>> protocols: pop3 imap pop3s imaps
>> ssl_ca_file:
>> /etc/certificates/Default.DB14D82BF89A0DDCE123137BC94AEA0C94DDD838.chain.pem
>> ssl_cert_file:
>> /etc/certificates/Default.DB14D82BF89A0DDCE123137BC94AEA0C94DDD838.cert.pem
>> ssl_key_file:
>> /etc/certificates/Default.DB14D82BF89A0DDCE123137BC94AEA0C94DDD838.key.pem
>> ssl_cipher_list: ALL:!LOW:!SSLv2:!aNULL:!ADH:!eNULL
>> disable_plaintext_auth: no
>> login_dir: /var/run/dovecot/login
>> login_executable(default): /usr/libexec/dovecot/imap-login
>> login_executable(imap): /usr/libexec/dovecot/imap-login
>> login_executable(pop3): /usr/libexec/dovecot/pop3-login
>> login_user: _dovecot
>> login_process_per_connection: no
>> max_mail_processes: 50
>> mail_max_userip_connections(default): 20
>> mail_max_userip_connections(imap): 20
>> mail_max_userip_connections(pop3): 10
>> verbose_proctitle: yes
>> first_valid_uid: 6
>> first_valid_gid: 6
>> mail_access_groups: mail
>> mail_location: maildir:/var/spool/imap/dovecot/mail/%u
>> mail_executable(default): /usr/libexec/dovecot/imap
>> mail_executable(imap): /usr/libexec/dovecot/imap
>> mail_executable(pop3): /usr/libexec/dovecot/pop3
>> mail_process_sharing: full
>> mail_max_connections(default): 10
>> mail_max_connections(imap): 10
>> mail_max_connections(pop3): 5
>> mail_plugins(default): quota imap_quota
>> mail_plugins(imap): quota imap_quota
>> mail_plugins(pop3): quota
>> mail_plugin_dir(default): /usr/lib/dovecot/imap
>> mail_plugin_dir(imap): /usr/lib/dovecot/imap
>> mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
>> lda:
>> postmaster_address: postmas...@example.com
>> hostname: mymailserver.example.com
>> mail_plugins: quota
>> quota_full_tempfail: yes
>> sendmail_path: /usr/sbin/sendmail
>> auth_socket_path: /var/run/dovecot/auth-master
>> log_path: /var/log/mailaccess.log
>> info_log_path: /var/log/mailaccess.log
>> auth default:
>> mechanisms: plain login gssapi apop cram-md5
>> master_user_separator: *
>> verbose: yes
>> passdb:
>>dri
Re: [Dovecot] Can't get authentication for masterusers on Mac OS X Server 10.6.8
Since you've defined verbose auth logging you should get some
interesting log files about your failed login attempts that could point
us in the right direction.
Matthijs
On Mon, Mar 03, 2014 at 03:37:31PM +0100, Gilles Celli wrote:
> Hi dovecot masters,
>
> This is my first post here, since I desperately need some advices from the
> dovecot community.
> I've tried to get an answer on the Apple Forums but til now no luckhere
> we go:
>
> I've tried to sync our users emails (Mac OS X Server 10.6.8 Snow Leopard with
> dovecot 1.1.20-apple0.5) via imapsync
> to our new server by using the masterusers authentication method on the old
> 10.6.8 server...
>
> The main problem on OS X Server 10.6.8 is that dovecot 1.1.20 uses the OD
> (OpenDirectory) driver (well I think),
> so that when following the directions of Master users/password from this page
> I can't login with the
> http://wiki1.dovecot.org/Authentication/MasterUsers
>
> I couldn't find anything on the OD driver directivethe dovecot
> 1.1.20-apple build doesn't even have the shadow driver built in (see below
> the dovecot --build-options),
> so that passdb shadow {} won't work anyway
>
>
> I always get NO Authentication failed, when trying the following:
> >telnet localhost 143
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> * OK Dovecot ready.
> 1 login user1*mailadmin PASSWORD
> 1 NO Authentication failed.
>
> I've tried also to add a Post-login scripting like described here, but no
> luck either:
> http://www.stefanux.de/wiki/doku.php/server/dovecot
>
> Does someone know how to fix my migration issue ?
>
> Any help is greatly appreciated.
>
> Gilles
>
> Here's my dovecot :
>
> >dovecotd --build-options
> Build options: ioloop=kqueue notify=kqueue ipv6 openssl
> Mail storages: maildir mbox dbox cydir raw
> SQL drivers:
> Passdb: checkpassword od pam passwd passwd-file
> Userdb: od passwd passwd-file prefetch static
>
>
> Here's my dovecot -n output:
>
> >dovecotd -n
>
> # 1.1.20apple0.5: /private/etc/dovecot/dovecot.conf
> Warning: fd limit 256 is lower than what Dovecot can use under full load
> (more than 306). Either grow the limit or change login_max_processes_count
> and max_mail_processes settings
> # OS: Darwin 10.8.0 i386 hfs
> base_dir: /var/run/dovecot
> syslog_facility: local6
> protocols: pop3 imap pop3s imaps
> ssl_ca_file:
> /etc/certificates/Default.DB14D82BF89A0DDCE123137BC94AEA0C94DDD838.chain.pem
> ssl_cert_file:
> /etc/certificates/Default.DB14D82BF89A0DDCE123137BC94AEA0C94DDD838.cert.pem
> ssl_key_file:
> /etc/certificates/Default.DB14D82BF89A0DDCE123137BC94AEA0C94DDD838.key.pem
> ssl_cipher_list: ALL:!LOW:!SSLv2:!aNULL:!ADH:!eNULL
> disable_plaintext_auth: no
> login_dir: /var/run/dovecot/login
> login_executable(default): /usr/libexec/dovecot/imap-login
> login_executable(imap): /usr/libexec/dovecot/imap-login
> login_executable(pop3): /usr/libexec/dovecot/pop3-login
> login_user: _dovecot
> login_process_per_connection: no
> max_mail_processes: 50
> mail_max_userip_connections(default): 20
> mail_max_userip_connections(imap): 20
> mail_max_userip_connections(pop3): 10
> verbose_proctitle: yes
> first_valid_uid: 6
> first_valid_gid: 6
> mail_access_groups: mail
> mail_location: maildir:/var/spool/imap/dovecot/mail/%u
> mail_executable(default): /usr/libexec/dovecot/imap
> mail_executable(imap): /usr/libexec/dovecot/imap
> mail_executable(pop3): /usr/libexec/dovecot/pop3
> mail_process_sharing: full
> mail_max_connections(default): 10
> mail_max_connections(imap): 10
> mail_max_connections(pop3): 5
> mail_plugins(default): quota imap_quota
> mail_plugins(imap): quota imap_quota
> mail_plugins(pop3): quota
> mail_plugin_dir(default): /usr/lib/dovecot/imap
> mail_plugin_dir(imap): /usr/lib/dovecot/imap
> mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
> lda:
> postmaster_address: postmas...@example.com
> hostname: mymailserver.example.com
> mail_plugins: quota
> quota_full_tempfail: yes
> sendmail_path: /usr/sbin/sendmail
> auth_socket_path: /var/run/dovecot/auth-master
> log_path: /var/log/mailaccess.log
> info_log_path: /var/log/mailaccess.log
> auth default:
> mechanisms: plain login gssapi apop cram-md5
> master_user_separator: *
> verbose: yes
> passdb:
> driver: passwd-file
> args: /etc/dovecot/passwd.masterusers
> pass: yes
> master: yes
> passdb:
> driver: od
> userdb:
> driver: od
> args: partition=/etc/dovecot/partition_map.conf enforce_quotas=no
> socket:
> type: listen
> master:
> path: /var/run/dovecot/auth-master
> mode: 384
> user: _dovecot
> group: mail
> plugin:
> quota_warning: storage=100%% /usr/libexec/dovecot/quota-exceeded.sh
> quota_warning2: storage=90%% /usr/libexec/dovecot/quota-warning.sh
> quota: maildir:User quota
> sieve: /var/spool/imap/dovecot/sieve-scripts/%u/dovecot.sieve
pgpVhy91fLKsH.pgp
Description: PGP signature
[Dovecot] Can't get authentication for masterusers on Mac OS X Server 10.6.8
Hi dovecot masters,
This is my first post here, since I desperately need some advices from the
dovecot community.
I've tried to get an answer on the Apple Forums but til now no luckhere we
go:
I've tried to sync our users emails (Mac OS X Server 10.6.8 Snow Leopard with
dovecot 1.1.20-apple0.5) via imapsync
to our new server by using the masterusers authentication method on the old
10.6.8 server...
The main problem on OS X Server 10.6.8 is that dovecot 1.1.20 uses the OD
(OpenDirectory) driver (well I think),
so that when following the directions of Master users/password from this page I
can't login with the
http://wiki1.dovecot.org/Authentication/MasterUsers
I couldn't find anything on the OD driver directivethe dovecot 1.1.20-apple
build doesn't even have the shadow driver built in (see below the dovecot
--build-options),
so that passdb shadow {} won't work anyway
I always get NO Authentication failed, when trying the following:
>telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK Dovecot ready.
1 login user1*mailadmin PASSWORD
1 NO Authentication failed.
I've tried also to add a Post-login scripting like described here, but no luck
either:
http://www.stefanux.de/wiki/doku.php/server/dovecot
Does someone know how to fix my migration issue ?
Any help is greatly appreciated.
Gilles
Here's my dovecot :
>dovecotd --build-options
Build options: ioloop=kqueue notify=kqueue ipv6 openssl
Mail storages: maildir mbox dbox cydir raw
SQL drivers:
Passdb: checkpassword od pam passwd passwd-file
Userdb: od passwd passwd-file prefetch static
Here's my dovecot -n output:
>dovecotd -n
# 1.1.20apple0.5: /private/etc/dovecot/dovecot.conf
Warning: fd limit 256 is lower than what Dovecot can use under full load (more
than 306). Either grow the limit or change login_max_processes_count and
max_mail_processes settings
# OS: Darwin 10.8.0 i386 hfs
base_dir: /var/run/dovecot
syslog_facility: local6
protocols: pop3 imap pop3s imaps
ssl_ca_file:
/etc/certificates/Default.DB14D82BF89A0DDCE123137BC94AEA0C94DDD838.chain.pem
ssl_cert_file:
/etc/certificates/Default.DB14D82BF89A0DDCE123137BC94AEA0C94DDD838.cert.pem
ssl_key_file:
/etc/certificates/Default.DB14D82BF89A0DDCE123137BC94AEA0C94DDD838.key.pem
ssl_cipher_list: ALL:!LOW:!SSLv2:!aNULL:!ADH:!eNULL
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
login_user: _dovecot
login_process_per_connection: no
max_mail_processes: 50
mail_max_userip_connections(default): 20
mail_max_userip_connections(imap): 20
mail_max_userip_connections(pop3): 10
verbose_proctitle: yes
first_valid_uid: 6
first_valid_gid: 6
mail_access_groups: mail
mail_location: maildir:/var/spool/imap/dovecot/mail/%u
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_process_sharing: full
mail_max_connections(default): 10
mail_max_connections(imap): 10
mail_max_connections(pop3): 5
mail_plugins(default): quota imap_quota
mail_plugins(imap): quota imap_quota
mail_plugins(pop3): quota
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
lda:
postmaster_address: postmas...@example.com
hostname: mymailserver.example.com
mail_plugins: quota
quota_full_tempfail: yes
sendmail_path: /usr/sbin/sendmail
auth_socket_path: /var/run/dovecot/auth-master
log_path: /var/log/mailaccess.log
info_log_path: /var/log/mailaccess.log
auth default:
mechanisms: plain login gssapi apop cram-md5
master_user_separator: *
verbose: yes
passdb:
driver: passwd-file
args: /etc/dovecot/passwd.masterusers
pass: yes
master: yes
passdb:
driver: od
userdb:
driver: od
args: partition=/etc/dovecot/partition_map.conf enforce_quotas=no
socket:
type: listen
master:
path: /var/run/dovecot/auth-master
mode: 384
user: _dovecot
group: mail
plugin:
quota_warning: storage=100%% /usr/libexec/dovecot/quota-exceeded.sh
quota_warning2: storage=90%% /usr/libexec/dovecot/quota-warning.sh
quota: maildir:User quota
sieve: /var/spool/imap/dovecot/sieve-scripts/%u/dovecot.sieve
