Re: [Dovecot] How to bypass checking of system users by virtual users?
On Sun, 05 Oct 2008 19:31:20 +0300 Timo Sirainen <[EMAIL PROTECTED]> wrote: > You probably also moved userdb static before userdb passwd, causing > Dovecot to always use userdb static for everyone. So the order you want > is: > > 1. passdb passwd-file > 2. passdb pam > 3. userdb passwd > 4. userdb static Thank you very much! This order definitely solved the problem ;) --
Re: [Dovecot] How to bypass checking of system users by virtual users?
On Sun, 2008-10-05 at 13:27 -0300, Dâniel Fraga wrote: > On Sun, 05 Oct 2008 18:59:10 +0300 > Timo Sirainen <[EMAIL PROTECTED]> wrote: > > > If you don't set auth_debug=yes (and auth_verbose=yes? I'm not sure), > > you won't see any error messages when real users log in. > > Would you believe that when I switch the order of the > real/virtual users authentication configuration, the real users > do not receive email anymore? I mean, the mail is in the mailbox, but > dovecot returns 0 new messages. So I have to keep the real users > checking first, before virtual users, otherwise it won't work for real > users. > > Strange, isn't? You probably also moved userdb static before userdb passwd, causing Dovecot to always use userdb static for everyone. So the order you want is: 1. passdb passwd-file 2. passdb pam 3. userdb passwd 4. userdb static signature.asc Description: This is a digitally signed message part
Re: [Dovecot] How to bypass checking of system users by virtual users?
On Sun, 05 Oct 2008 18:59:10 +0300 Timo Sirainen <[EMAIL PROTECTED]> wrote: > If you don't set auth_debug=yes (and auth_verbose=yes? I'm not sure), > you won't see any error messages when real users log in. Would you believe that when I switch the order of the real/virtual users authentication configuration, the real users do not receive email anymore? I mean, the mail is in the mailbox, but dovecot returns 0 new messages. So I have to keep the real users checking first, before virtual users, otherwise it won't work for real users. Strange, isn't? ### real userdb passwd { } passdb pam { } virtual userdb static { args = uid=17 gid=17 home=/var/spool/virtual/%d/.home/%n mail=mbox:/var/spool/virtual/%d/home/%n:INBOX=/var/spool/virtual/%d/%n } passdb passwd-file { args = username_format=%n /etc/virtual/%d/passwd } *** The above works, but the opposite, no. --
Re: [Dovecot] How to bypass checking of system users by virtual users?
On Sun, 2008-10-05 at 12:52 -0300, Dâniel Fraga wrote: > On Sun, 05 Oct 2008 14:26:26 +0300 > Timo Sirainen <[EMAIL PROTECTED]> wrote: > > > You can't really tell that to Dovecot, but you could move passdb > > passwd-file {} before passdb pam {} so it'll first check the virtual > > users and you'll avoid the PAM messages. > > Ok, I would see less error messages, since there are more > virtual users than real ones, but do you agree with me that I would keep > seeing some error messages when real users try to authenticate? Because > then, real users would be checked first against virtual passwd, > giving the error. If you don't set auth_debug=yes (and auth_verbose=yes? I'm not sure), you won't see any error messages when real users log in. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] How to bypass checking of system users by virtual users?
On Sun, 05 Oct 2008 14:26:26 +0300 Timo Sirainen <[EMAIL PROTECTED]> wrote: > You can't really tell that to Dovecot, but you could move passdb > passwd-file {} before passdb pam {} so it'll first check the virtual > users and you'll avoid the PAM messages. Ok, I would see less error messages, since there are more virtual users than real ones, but do you agree with me that I would keep seeing some error messages when real users try to authenticate? Because then, real users would be checked first against virtual passwd, giving the error. Or not? Thanks. --
Re: [Dovecot] How to bypass checking of system users by virtual users?
On Fri, 2008-10-03 at 03:22 -0300, Dâniel Fraga wrote: > This messages happen because dovecot is trying to check virtual > users in the system password file (which just contains real users and > not virtual users). > > So is there a way to force it to check virtual users just on > the /etc/virtual/%d/passwd? I mean, if the domain is the real one, > abusar.org, or it doesn't have a domain, it will check in the system > passwords, but if it's some other domain except abusar.org, it should > skip checking system passwords and check directly in the > /etc/virtual/%d/passwd. You can't really tell that to Dovecot, but you could move passdb passwd-file {} before passdb pam {} so it'll first check the virtual users and you'll avoid the PAM messages. signature.asc Description: This is a digitally signed message part
[Dovecot] How to bypass checking of system users by virtual users?
Hi, I have one real domain (abusar.org) and the others are virtual. So I configured dovecot.conf as the following: # for abusar.org, real domain mail_location = mbox:~/.mail/:INBOX=/var/mail/%n # for the remaining virtual domains userdb static { args = uid=17 gid=17 home=/var/spool/virtual/%d/.home/%n mail=mbox:/var/spool/virtual/%d/home/%n:INBOX=/var/spool/virtual/%d/%n } passdb passwd-file { args = username_format=%n /etc/virtual/%d/passwd } *** Everything works perfectly except for the fact that when virtual users authenticate, dovecot uses the configuration for real users first and then authenticate succesfully with the virtual configuration, generating those annoying log error messages: Oct 3 03:11:40 teleporto dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown Oct 3 03:11:40 teleporto dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot [EMAIL PROTECTED] rhost=201.6.150.188 Oct 3 03:11:40 teleporto dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown Oct 3 03:11:40 teleporto dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot [EMAIL PROTECTED] rhost=201.6.150.188 Oct 3 03:11:40 teleporto dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown Oct 3 03:11:40 teleporto dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot [EMAIL PROTECTED] rhost=201.6.150.188 Oct 3 03:12:00 teleporto dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown Oct 3 03:12:00 teleporto dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot [EMAIL PROTECTED] rhost=200.204.124.212 This messages happen because dovecot is trying to check virtual users in the system password file (which just contains real users and not virtual users). So is there a way to force it to check virtual users just on the /etc/virtual/%d/passwd? I mean, if the domain is the real one, abusar.org, or it doesn't have a domain, it will check in the system passwords, but if it's some other domain except abusar.org, it should skip checking system passwords and check directly in the /etc/virtual/%d/passwd. I just don't know how to do that. Any hints? Thank you! -- Linux 2.6.27-rc8: Rotary Wombat http://u-br.net http://www.soninha23.can.br