Sorry for all the consecutive emails, but thought I'd mention I'm using PostfixAdmin to create my users and mailboxes on virtual domains. Should I leave PAM authentication for another type of authentication, maybe SQL based ?
On Sun, Jan 2, 2011 at 8:40 PM, Seasoul seasoul@gmail.com wrote:
Thinking I should look into PAM , this is my config:
in /etc/pam.d/dovecot:
#%PAM-1.0
@include common-auth @include common-account @include common-session
in common-auth:
auth required pam_unix.so nullok_secure
in common-account
account required pam_unix.so
in common-session
session required pam_unix.so
-> All looks good to me, yeah ?
Now, when I try to log to Dovecot via telnet using "user1@domain.com" as username, authentication fails and Dovecot log shows:
auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth auth: Debug: auth client connected (pid=23604) auth: Debug: client in: AUTH 1 PLAIN service=pop3 secured lip=*.*.*.* rip=*.*.*.* lport=110 rport=38812 resp=<hidden>
auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth auth: Debug: pam(user1@domain.com,*.*.*.*): lookup service=dovecot auth: Debug: pam(user1@domain.com,*.*.*.*): #1/1 style=1 msg=Password: auth: Info: pam(user1@domain.com,*.*.*.*): unknown user auth: Debug: client out: FAIL 1 user=user1@domain.com pop3-login: Info: Aborted login (auth failed, 1 attempts): user=< user1@domain.com>, method=PLAIN, rip=*.*.*.*, lip=*.*.*.*, secured
Which makes sense because I don't have a "user1@domain.com" set up as a user on my server. Only "user1" Should I have one ? I'm confused, I thought creating just the user par of user@domain.com would be enough, is it not ?
On Sun, Jan 2, 2011 at 8:13 PM, Seasoul seasoul@gmail.com wrote:
Thanks Timo, set the dovecot log as suggested, and this is what a telnet session gives me now on dovecot.log:
ssl-params: Info: Generating SSL parameters ssl-params: Info: SSL parameters regeneration completed auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Debug: auth client connected (pid=23352) Debug: client in: AUTH 1 PLAIN service=pop3 secured lip=*.*.*.* rip=*.*.*.* lport=110 rport=59691 resp=<hidden> auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Debug: pam(user1,*.*.*.*): lookup service=dovecot Debug: pam(user1,*.*.*.*): #1/1 style=1 msg=Password: Debug: client out: OK 1 user=user1 Debug: master in: REQUEST 3611557889 23352 1 769f960369c716c7bd71072c0e Debug: passwd(user1,*.*.*.*): lookup Debug: master out: USER 3611557889 user1 system_groups_user=user1 uid=1000 gid=0 home=/ pop3-login: Info: Login: user=<user1>, method=PLAIN, rip=*.*.*.*, lip=*.*.*.*, mpid=23355, secured pop3(user1): Debug: Effective uid=1000, gid=0, home=/ pop3(user1): Debug: maildir++: root=/var/mail/vmail/user1, index=, control=, inbox=/var/mail/vmail/user1 pop3(user1): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
When I send an email, Postfix still stores the email in /var/mail/vmail/ user1@domain.com , and Dovecot still looks for that email in /var/mail/vmail/user1
Seriously, what am I not seeing here ? Feels like it's a very simple thing I'm missing.. Could it be that for Postfix the "user" is the whole "user1@domain.com" while for Dovecot it's just "user1" ? Don't they both work on the same variables ? Could this be related to the fact that I have a system user called user1, and I have to tell Dovecot to not look for that one but for user1@domain/com ?
On Fri, Dec 31, 2010 at 3:49 PM, Timo Sirainen tss@iki.fi wrote:
On 31.12.2010, at 6.55, Seasoul wrote:
auth_debug = yes auth_verbose = yes .. When I try to login to dovecot via telnet, here's what the log records:
dovecot: pop3-login: Login: user=<user>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=20333, secured
Do you really not get any auth debug logs before this message? If not, maybe your syslog is redirecting them elsewhere. Try setting:
log_path = /var/log/dovecot.log
There's no point in guessing what the problem is, because the auth debug logs would tell exactly what goes wrong.