does not work :-/
Sep 05 13:49:41 auth: Debug: auth client connected (pid=31115)
Sep 05 13:49:41 auth: Debug: client in: AUTH 1 PLAIN
service=imap secured session=IFCT0m9Y0KjAqAFk
lip=192.168.1.100 rip=192.168.1.100 lport=143
rport=43216 resp=AHBvbGhhbGxlbkBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA==
(previous base64 data may contain sensitive data)
Sep 05 13:49:41 auth: Debug:
passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
lookup: user=user00@realdomain.org file=/etc/dovecot/users
Sep 05 13:49:41 auth: Debug:
static(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup
Sep 05 13:49:41 auth: Debug:
static(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): Allowing
any password
Sep 05 13:49:41 auth: Debug:
static(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): Not
performing authentication (noauthenticate set)
==> /var/log/dovecot.info <==
Sep 05 13:49:41 auth: Info:
passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
unknown user (given password: pass) - trying the next passdb
==> /var/log/dovecot.debug <==
Sep 05 13:49:41 auth-worker(31116): Debug: Loading modules from
directory: /usr/lib/dovecot/modules/auth
Sep 05 13:49:41 auth-worker(31116): Debug: passwd-file
/etc/dovecot/users: Read 4 users in 0 secs
Sep 05 13:49:41 auth-worker(31116): Debug:
pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup
service=dovecot
Sep 05 13:49:41 auth-worker(31116): Debug:
pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): #1/1
style=1 msg=Password:
==> /var/log/dovecot.info <==
Sep 05 13:49:42 auth-worker(31116): Info:
pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
pam_authenticate() failed: Authentication failure (password mismatch?)
(given password: pass)
==> /var/log/dovecot.debug <==
Sep 05 13:49:42 auth-worker(31116): Debug:
pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup
service=dovecot
Sep 05 13:49:42 auth-worker(31116): Debug:
pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): #1/1
style=1 msg=Password:
==> /var/log/dovecot.info <==
Sep 05 13:49:45 auth-worker(31116): Info:
pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
pam_authenticate() failed: Authentication failure (password mismatch?)
(given password: pass)
==> /var/log/dovecot.debug <==
Sep 05 13:49:45 auth: Debug:
passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
lookup: user=user00@realdomain.org file=/etc/dovecot/users
==> /var/log/dovecot.info <==
Sep 05 13:49:45 auth: Info:
passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
unknown user (given password: pass)
==> /var/log/dovecot.debug <==
Sep 05 13:49:47 auth: Debug: client passdb out: FAIL 1
user=user00@realdomain.org
Sep 05 13:49:47 imap-login: Debug: Ignoring unknown passdb extra field:
==> /var/log/dovecot.info <==
Sep 05 13:49:47 imap-login: Info: Disconnected (auth failed, 1 attempts
in 6 secs): user=user00@realdomain.org, method=PLAIN,
rip=192.168.1.100, lip=192.168.1.100, secured
On 2017-09-05 13:41, Aki Tuomi wrote:
No, you modify dovecot.conf
Aki
On 05.09.2017 14:40, Pol Hallen wrote: Do I modify auth-system.conf.ext only (sorry for the question)
if yes, I've same problem
Pol
On 2017-09-05 13:34, Aki Tuomi wrote:
Try configuring like this:
passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file }
passdb { driver = static args = username=%n noauthenticate skip = authenticated }
passdb { driver = pam skip = authenticated }
On 05.09.2017 14:29, Pol Hallen wrote: Sure :) thanks
cat /var/log/dovecot/[...]
Sep 05 13:26:02 auth: Debug: auth client connected (pid=30131) Sep 05 13:26:02 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=JK0Bfm9YuqfAqAFk lip=192.168.1.100 rip=192.168.1.100 lport=143 rport=42938 resp=AG1heEBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA== (previous base64 data may contain sensitive data) Sep 05 13:26:02 auth-worker(30088): Debug: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup service=username_format=user00 Sep 05 13:26:02 auth-worker(30088): Debug: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): #1/1 style=1 msg=Password: ==> /var/log/dovecot.info <== Sep 05 13:26:04 auth-worker(30088): Info: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:26:04 auth: Debug: passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup: user=user00@realsystem.org file=/etc/dovecot/users ==> /var/log/dovecot.info <== Sep 05 13:26:04 auth: Info: passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): unknown user (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:26:06 auth: Debug: client passdb out: FAIL 1 user=user00@realsystem.org ==> /var/log/dovecot.info <== Sep 05 13:26:06 imap-login: Info: Disconnected (auth failed, 1 attempts in 4 secs): user=user00@realsystem.org, method=PLAIN, rip=192.168.1.100, lip=192.168.1.100, secured
doveconf -n
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.9.0-3-amd64 x86_64 Debian 9.1 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = login plain auth_verbose = yes auth_verbose_passwords = yes debug_log_path = /var/log/dovecot.debug disable_plaintext_auth = no info_log_path = /var/log/dovecot.info login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_debug = yes mail_home = /home/vmail/%d/%n/Maildir mail_location = maildir:~/Maildir mail_plugins = " quota quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = subscriptions = yes type = private } passdb { args = username_format=%n driver = pam } passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename append flag_change mail_log_fields = uid box msgid size from subject vsize quota = maildir:User quota quota_rule = *:storage=10000M quota_rule2 = Junk:storage=+100M quota_rule3 = SPAM:storage=+100M quota_warning = storage=90%% quota-warning 90 %u sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +notify +imapflags } protocols = " imap sieve pop3 sieve" quota_full_tempfail = yes service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service quota-warning { executable = script /root/bin/quota-warning.sh unix_listener quota-warning { mode = 0666 user = vmail } user = root } ssl_cert =
On 2017-09-05 13:01, Aki Tuomi wrote:
Can you provide
doveconf -n (with the new config)
enable auth_debug=yes, auth_verbose=yes and provide logs from authentication attempt?
Aki
On 05.09.2017 13:37, Pol Hallen wrote: thanks Aki, but with all your advices I've same problem: in the logs always I see the authentication with user and domain name, so dovecot doesn't accept it
any idea?
thanks!
Pol
On 2017-09-05 10:58, Aki Tuomi wrote:
Oh right, you need to do it like this...
after the passwd-file drivers add
passdb { driver = static args = username=%n noauthenticate }
Aki
On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
I already tried with:
username_format=%n or auth_username_format=%n but I've same problem
Pol
passdb { driver = pam args = username_format=%n }
also you probably want to consider using driver=passwd instead, if you really don't need pam due to some special plugins.
Aki
-- Pol