Hi,
I have setup samba4 as AD and hoping to have dovecot authenticate users against it. I am facing challenges though and I am unable to figure it out. I could do with a third eye to help me spot what is wrong.
root@adc0:/etc# doveadm auth test -x service=imap odhiambo@newideatest.local Password: passdb: odhiambo@newideatest.local auth failed extra fields: temp Warning: auth-client: conn unix:/var/run/dovecot/auth-client: Auth connection closed with 1 pending requests (max 0 secs, pid=10537, EOF) Fatal: Couldn't connect to auth socket
A test against IMAP gives the following debug information: Nov 22 14:31:01 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Nov 22 14:31:01 auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so Nov 22 14:31:01 auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so Nov 22 14:31:01 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Nov 22 14:31:01 auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libauthdb_ldap.so Nov 22 14:31:01 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Nov 22 14:31:01 auth: Debug: auth client connected (pid=10979) Nov 22 14:31:08 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=uPLvabC0RIh/AAAB lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=34884 resp=<hidden> Nov 22 14:31:08 auth: Debug: ldap(odhiambo@newideatest.local,127.0.0.1,<uPLvabC0RIh/AAAB>): Performing passdb lookup Nov 22 14:31:08 auth: Debug: ldap(odhiambo@newideatest.local,127.0.0.1,<uPLvabC0RIh/AAAB>): bind search: base=cn=Users,dc=NEWIDEATEST,dc=LOCAL filter=(&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(sAMAccountName=odhiambo@newideatest.local )) Nov 22 14:31:08 auth: Debug: ldap(odhiambo@newideatest.local,127.0.0.1,<uPLvabC0RIh/AAAB>): no fields returned by the server *< ====================* Nov 22 14:31:08 auth: Debug: ldap(odhiambo@newideatest.local,127.0.0.1,<uPLvabC0RIh/AAAB>): Finished passdb lookup Nov 22 14:31:08 auth: Debug: auth(odhiambo@newideatest.local,127.0.0.1,<uPLvabC0RIh/AAAB>): Auth request finished Nov 22 14:31:10 auth: Debug: client passdb out: FAIL 1 user=odhiambo@newideatest.local
info.log:
Nov 22 14:31:08 auth: Info: ldap(odhiambo@newideatest.local ,127.0.0.1,<uPLvabC0RIh/AAAB>):* unknown user* (given password: XXXXXXX) Nov 22 14:31:15 imap-login: Info: Aborted login (auth failed, 1 attempts in 7 secs): user=<odhiambo@newideatest.local>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<uPLvabC0RIh/AAAB>
Here is my doveconf -n:
https://paste.ubuntu.com/p/SPmrxZxHPx/
My dovecot-ldap.cont.ext:
uris = ldap://localhost/ dn = "dovecot@newideatest.local" dnpass = "XXXXXXXX" sasl_bind = no tls = no ldap_version = 3 deref = never scope = subtree base = cn=Users,dc=NEWIDEATEST,dc=LOCAL auth_bind = yes user_filter = (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(|(mail=%u)(sAMAccountName=%u)(otherMailbox=%u))) user_attrs = sAMAccountName=user,userPassword=password,=mail=maildir:/home/%n/Maildir/ pass_filter = (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(sAMAccountName=%u)) pass_attrs = sAMAccountName=user,userPassword=password
The use exists in the database:
*root@adc0:/var/log/dovecot# samba-tool user show odhiambo* ldb_wrap open of secrets.ldb dn: CN=Odhiambo Washington,CN=Users,DC=newideatest,DC=local objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: Odhiambo Washington sn: Washington givenName: Odhiambo instanceType: 4 whenCreated: 20201120101420.0Z displayName: Odhiambo Washington uSNCreated: 4086 name: Odhiambo Washington objectGUID: e6969596-8b28-41af-b5d8-cea63cc97f98 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 primaryGroupID: 513 objectSid: S-1-5-21-701866827-3355127779-3787685610-1106 accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: odhiambo sAMAccountType: 805306368 userPrincipalName: odhiambo@newideatest.local objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=newideatest,DC=local mail: odhiambo@newideatest.local loginShell: /bin/bash userAccountControl: 512 pwdLastSet: 132505181852397220 whenChanged: 20201122112945.0Z uSNChanged: 4104 distinguishedName: CN=Odhiambo Washington,CN=Users,DC=newideatest,DC=local
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-)