Looks like you're using version 1.0-stable (judging by the passdb/authdb option format). I'd recommend upgrading to 1.0alpha5 (which, actually, is probably more stable!). One of the features added to 1.0 alphas is a "-session" option to PAM authentication
passdb pam { # [-session] [cache_key=<key>] [<service name>] # # -session makes Dovecot open and immediately close PAM session. Some # PAM plugins need this to work. # ... }
which ought to trigger your mkhomedir module.
Best Wishes, Chris
Stroller wrote:
Hi there,
Does anyone have Dovecot working correctly with pam_mkhomedir, please? I seem to be going through quite a number of IMAP servers this week, trying to find one that will not only authenticate against a Windows domain but which will also create home directories for users the first time they log in.
I'm using winbind to do the authentication & that seems to be doing the trick in the first instance - if I log in using Squirrelmail I see entries written to the system log saying:
Dec 16 11:58:35 baby pam_winbind[9319]: user 'ned' granted accessI have set Dovecot to log to /var/log/mail and in that I see only three entries saying:
imap-login: Dec 16 11:58:36 Info: Login: ned [127.0.0.1]But Squirrelmail gives:
ERROR: Could not complete request. Query: SELECT "INBOX" Reason Given:/etc/pam.d/imap says:
#%PAM-1.0 auth required /lib/security/pam_winbind.so account required /lib/security/pam_winbind.so session required /lib/security/pam_mkhomedir.soskel=/etc/skel umask=0022
If I use the same configuration for SSH then the user's home directory is created upon authenticaton, but not with Dovecot. I chose to try Dovecot because I understood it handled PAM session wossisnames, which Courier-IMAP doesn't. My dovecot.conf is attached - I'm wondering if the problem could be with the "auth_userdb" setting, but
getent passwddoes show an entry for the user:# grep ned /etc/passwd # getent passwd | grep ned ned:x:10012:10000:Ned Nedbody:/home/DOMAIN/ned:/bin/false #Many thanks in advance for any advice or suggestions - I'd really like to understand what's going on here. I believe I can authenticate against the domain using LDAP / Active Directory, but since I don't know if that'll help I'd rather not go that route yet.
If I first try to log in using ssh with pam_mkhomedir enabled then the users' home directory is created successfully & I can subsequently log on in Squirrelmail. But it's important to me that I shouldn't have to create users' home dirs for them - I should be able to add them on the Windows domain controller & just tell them to log in to their email - the home dir on the mailserver should be created automagically when they authenticate against the domain.
Stroller.
-- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d.wakelin@reading.ac.uk IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094