Op 29-8-2010 20:51, Egbert Jan van den Bussche schreef:
Hi,
I'm fighting all weekend on with auth and pam to authenticate local system users. testuser is such local user and is in passwd and shadow. I want to have local system users (testuser is one of them) and virtual users. The virtual part works fine but I cannot get the local user to connect. Still pam fails finding the user. The suggested password mismatch at the end is, in my eyes, because there is no user in the first place. I verified the password by interactive login to the account. The pam module (dovecot) is just the default file with three @includes in it.
Syslog: Aug 29 20:18:02 mail-dev dovecot: auth(default): client in: AUTH#0112#011LOGIN#011service=imap#011lip=2a02:968:1:2:212:72:224:16#011rip=2001:888:1740:10:250:daff:fe41:4d1c#011lport=143#011rport=1093
Aug 29 20:18:02 mail-dev dovecot: auth(default): client out: CONT#0112#011VXNlcm5hbWU6
Aug 29 20:18:02 mail-dev dovecot: auth(default): client in: CONT#0112#011dGVzdHVzZXI=
Aug 29 20:18:02 mail-dev dovecot: auth(default): client out: CONT#0112#011UGFzc3dvcmQ6
Aug 29 20:18:02 mail-dev dovecot: auth(default): client in: CONT#0112#011dmF4dm1z
Aug 29 20:18:02 mail-dev dovecot: auth-worker(default): pam(testuser,2001:888:1740:10:250:daff:fe41:4d1c): lookup service=dovecot
Aug 29 20:18:02 mail-dev dovecot: auth-worker(default): pam(testuser,2001:888:1740:10:250:daff:fe41:4d1c): #1/1 style=1 msg=Password:
Aug 29 20:18:02 mail-dev dovecot: auth(default): cache(testuser,2001:888:1740:10:250:daff:fe41:4d1c): miss
Aug 29 20:18:04 mail-dev dovecot: auth(default): cache(testuser,2001:888:1740:10:250:daff:fe41:4d1c): hit:
Aug 29 20:18:04 mail-dev dovecot: auth(default): cache(testuser,2001:888:1740:10:250:daff:fe41:4d1c): User unknown
Aug 29 20:18:04 mail-dev dovecot: auth-worker(default): pam(testuser,2001:888:1740:10:250:daff:fe41:4d1c): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: xxxxxxxx)
Aug 29 20:18:06 mail-dev dovecot: auth(default): client out: FAIL#0112#011user=testuser
Relevant settings in dovecot: root@mail-dev:/etc/dovecot# dovecot -n # 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-24-server x86_64 Ubuntu 10.04.1 LTS ext4 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve listen: *, [::] ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM disable_plaintext_auth: no verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_max_userip_connections(default): 10 mail_max_userip_connections(imap): 10 mail_max_userip_connections(pop3): 3 mail_max_userip_connections(managesieve): 10 mail_privileged_group: mail mail_location: maildir:/home/vmail/%d/%n:INDEX=/home/vmail/%d/%n mail_debug: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): lda: postmaster_address: postmaster deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth_socket_path: /var/run/dovecot/auth-master
auth default: mechanisms: plain login realms: kader.hcc.nl hobby.nl cache_size: 1024 user: vmail verbose: yes debug: yes debug_passwords: yes passdb: driver: pam args: setcred=yes failure_show_msg=yes cache_key=%u dovecot passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail
Where should I look further for this dovecot pam problem? Is there such a thing as pam debugging?
TIA Egbert Jan
Answering to myself:
Auth user needs to be root not vmail. Restrictions on shadow make it neccessary to do the auth and read shadow!!!!
Also needed to add mail=aildir:~/Maildir in the userdb passwd to override the default setting for virtual users (/home/vmail/domain/user/Maildir)
Egbert Jan