[Dovecot] Unable to authenticate with Pam
Patrick Begou
Patrick.Begou at hmg.inpg.fr
Wed Dec 20 15:50:48 UTC 2006
Hi,
I'm trying to solve this problem for several weeks and this is a SOS!
I've 2 Debian server runing heartbeat and drbd for high availability.
I'm using LDAP for user database, PAM for authentication and Dovecot for
Pop3s access. On the master server all is fine. If dovecot is started on
the slave server (instead of the master) it does not accept to
authenticate with the pam/ldap.
Between the 2 servers there is just a release level of some filesets
wich is different, but it do not concern dovecot, nor pam, nor ldap!
I can provide a diff file.
The problem occur if the ldap server is on the same node _and_ if it is
on the other node.
These are the messages :
Dec 20 15:39:18 dean pop3-login: unable to dlopen
/usr/lib/sasl2/libanonymous.so.2: /usr/lib/sasl2/libanonymous.so.2:
failed to map segment from shared object: Cannot allocate memory
Dec 20 15:39:18 dean pop3-login: unable to dlopen
/usr/lib/sasl2/libplain.so.2: /usr/lib/sasl2/libplain.so.2: failed to
map segment from shared object: Cannot allocate memory
Dec 20 15:39:18 dean pop3-login: unable to dlopen
/usr/lib/sasl2/liblogin.so.2: /usr/lib/sasl2/liblogin.so.2: failed to
map segment from shared object: Cannot allocate memory
Dec 20 15:39:18 dean pop3-login: unable to dlopen
/usr/lib/sasl2/libntlm.so.2: /usr/lib/sasl2/libntlm.so.2: failed to map
segment from shared object: Cannot allocate memory
Dec 20 15:39:28 dean dovecot-auth: (pam_unix) check pass; user unknown
Dec 20 15:39:28 dean dovecot-auth: (pam_unix) authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=194.254.67.78
The library error messages occurs on the 2 servers wich have the same
libsasl packages.libsaslA2, libsasl2-modules and sasl2-bin are at level
2.1.19-1.5sarge1
The tests I've ran:
=> The ldap server in runing (all computers of my network use it)
=> ldapsearch -x \
-D "uid=begou,ou=People,........." \
-W '(uid=begou)' userPassword
works fine on this host whith my password.
=> I'm runing sendmail on the same host with sasl to authenticate
on the ldap server and:
testsaslauthd -u begou -p my-password
works fine and sendmail authenticate.
=> I'm using PLAIN passwords with ssl. ssl is working with the test:
openssl s_client -connect mostha2.hmg.inpg.fr:pop3s:
CONNECTED(00000003)
depth=0
/C=FR/ST=RA/L=Grenoble/O=LEGI/OU=MoST/CN=Dovecot/emailAddress=Patrick.Begou at hmg.inpg.fr
verify error:num=18:self signed certificate
verify return:1
depth=0
/C=FR/ST=RA/L=Grenoble/O=LEGI/OU=MoST/CN=Dovecot/emailAddress=Patrick.Begou at hmg.inpg.fr
verify return:1
---
Certificate chain
0
s:/C=FR/ST=RA/L=Grenoble/O=LEGI/OU=MoST/CN=Dovecot/emailAddress=Patrick.Begou at hmg.inpg.fr
i:/C=FR/ST=RA/L=Grenoble/O=LEGI/OU=MoST/CN=Dovecot/emailAddress=Patrick.Begou at hmg.inpg.fr
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEgzCCA2ugAwIBAgIJAP3u4iOMcvbhMA0GCSqGSIb3DQEBBAUAMIGHMQswCQYD
..... cut .....
5XFFP1f0AQ==
-----END CERTIFICATE-----
subject=/C=FR/ST=RA/L=Grenoble/O=LEGI/OU=MoST/CN=Dovecot/emailAddress=Patrick.Begou at hmg.inpg.fr
issuer=/C=FR/ST=RA/L=Grenoble/O=LEGI/OU=MoST/CN=Dovecot/emailAddress=Patrick.Begou at hmg.inpg.fr
---
No client certificate CA names sent
---
SSL handshake has read 1321 bytes and written 468 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: C2F2FFA0..... cut ......456C194EE3D5F
Session-ID-ctx:
Master-Key: 31D764620903C00A..... cut ......4B7101909B3A84F
Key-Arg : None
Krb5 Principal: None
Start Time: 1166628727
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
+OK dovecot ready.
If I use:
USER begou
PASS my-password
dovecot answer:
-ERR Authentication failed.
If a use a local user (from /etc/passwd), ex: root , it works and
dovecot connect the session.
------------------------------------------------
/etc/dovecot.conf
------------------------------------------------
protocols = imaps pop3s
imaps_listen = xxx.xxx.xxx.xxx
pop3s_listen = xxx.xxx.xxx.xxx
login = imap
login = pop3
first_valid_uid = 100
mail_extra_groups = mail
default_mail_env =
mbox:/services/_POP-IMAP/%d/%n/:INBOX=/var/mail/%u:INDEX=/services/_POP-IMAP/%d/%n/indexes/
auth = default
auth_mechanisms = plain
auth_userdb = passwd
auth_passdb = pam dovecot
auth_user = root
auth_verbose = yes
auth_debug = yes
------------------------------------------------
/etc/pam.d/dovecot
------------------------------------------------
auth required pam_ldap.so
account required pam_ldap.so
session required pam_ldap.so
------------------------------------------------
dpkg -l \*dovecot\*
------------------------------------------------
ii dovecot-common 0.99.14-1sarge0
ii dovecot-imapd 0.99.14-1sarge0
ii dovecot-pop3d 0.99.14-1sarge0
Thanks for your help
Patrick
--
===============================================================
| Equipe M.O.S.T. | http://most.hmg.inpg.fr |
| Patrick BEGOU | ------------ |
| LEGI | mailto:Patrick.Begou at hmg.inpg.fr |
| BP 53 X | Tel 04 76 82 51 35 |
| 38041 GRENOBLE CEDEX | Fax 04 76 82 52 71 |
===============================================================
More information about the dovecot
mailing list