Hi there,
Does anyone have Dovecot working correctly with pam_mkhomedir, please? I seem to be going through quite a number of IMAP servers this week, trying to find one that will not only authenticate against a Windows domain but which will also create home directories for users the first time they log in.
I'm using winbind to do the authentication & that seems to be doing the trick in the first instance - if I log in using Squirrelmail I see entries written to the system log saying:
Dec 16 11:58:35 baby pam_winbind[9319]: user 'ned' granted access
I have set Dovecot to log to /var/log/mail and in that I see only three entries saying:
imap-login: Dec 16 11:58:36 Info: Login: ned [127.0.0.1]
But Squirrelmail gives:
ERROR: Could not complete request.
Query: SELECT "INBOX"
Reason Given:
/etc/pam.d/imap says:
#%PAM-1.0
auth required /lib/security/pam_winbind.so
account required /lib/security/pam_winbind.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel
umask=0022
If I use the same configuration for SSH then the user's home directory
is created upon authenticaton, but not with Dovecot. I chose to try
Dovecot because I understood it handled PAM session wossisnames, which
Courier-IMAP doesn't. My dovecot.conf is attached - I'm wondering if
the problem could be with the "auth_userdb" setting, but getent passwd
does show an entry for the user:
# grep ned /etc/passwd
# getent passwd | grep ned
ned:x:10012:10000:Ned Nedbody:/home/DOMAIN/ned:/bin/false
#
Many thanks in advance for any advice or suggestions - I'd really like to understand what's going on here. I believe I can authenticate against the domain using LDAP / Active Directory, but since I don't know if that'll help I'd rather not go that route yet.
If I first try to log in using ssh with pam_mkhomedir enabled then the users' home directory is created successfully & I can subsequently log on in Squirrelmail. But it's important to me that I shouldn't have to create users' home dirs for them - I should be able to add them on the Windows domain controller & just tell them to log in to their email - the home dir on the mailserver should be created automagically when they authenticate against the domain.
Stroller.