On Fri, 2010-10-15 at 07:17 -0600, Trever L. Adams wrote:
Fantastic. I am not. Postfix, is validating user existence. I read somewhere I can turn off Dovecot LDA validation, but now I am unable to find the page. http://wiki2.dovecot.org/UserDatabase/Static / allow_all_users
Oct 15 05:48:06 TeaSet dovecot: master: Error: service(auth-worker): child 16375 killed with signal 11 (core dumps disabled) Can you get a gdb backtrace? First enable core dumps with "ulimit -c unlimited" and once you have core file see http://dovecot.org/bugreport.html I am not sure this is necessary. A crash is a bug in any case that I'd like to fix. A good backtrace would make it easier for me to do that. Alright, I will try to get that to you by Monday. I have to finish my messing with things until after business hours. The problem seems to be in this dovecot: auth: Debug: ldap(?): result: sAMAccountName(?unknown?)=
I get that for all fields in the AD. It looks like I am going to have to do a bind of some kind. You mean the "?unknown?" part? I think the problem here is that I hadn't thought that LDAP attributes are case-insensitive. You should have used sAMAccountName, not samaccountname in the iterate_attrs. But I suppose I'll need to fix this myself too. That was the problem. It seems to have fixed the ldap problem. Below is
On 10/15/2010 07:46 AM, Timo Sirainen wrote: the auth log.
TeaSet dovecot: auth: Debug: ldap: iterate: base=dc=snowyriver,dc=sapphiresunday,dc=org scope=subtree filter=(objectClass=person) fields=sAMAccountName dovecot: auth: Debug: ldap(?): result: sAMAccountName(user)=SOME_USER1 dovecot: auth: Debug: ldap(?): result: sAMAccountName(user)=SOME_USER2 dovecot: auth: Debug: ldap(?): result: sAMAccountName(user)=... dovecot: auth: Debug: master in: USER#0112#011root#011service=doveadm dovecot: auth: Debug: passwd(root): lookup dovecot: auth: Debug: master out: USER#0112#011root#011system_groups_user=root#011uid=0#011gid=0#011home=/root dovecot: auth: Debug: master in: USER#0113#011bin#011service=doveadm dovecot: auth: Debug: passwd(bin): lookup dovecot: auth: Debug: master out: USER#0113#011bin#011system_groups_user=bin#011uid=1#011gid=1#011home=/bin
However, the problem is still there. I can't erase the root account. How do I use doveadm? I need the expunge command working. The below is why I wondered if the mail_uid and mail_gid were not being honored.
#doveadm search -A mailbox INBOX from VALID_FROM doveadm(root): Error: user root: Invalid settings in userdb: userdb returned 0 as uid doveadm(root): Error: User lookup failed: Invalid user settings. Refer to server log for more information. doveadm(bin): Error: user bin: Couldn't drop privileges: Mail access for users with UID 1 not permitted (see first_valid_uid in config file). doveadm(bin): Error: User init failed doveadm: Error: Failed to iterate through some users
If I can fix this, I only have two problems left.
If I have a auth_default_realm the plain/login users (smart phones and the like) cannot connect (via pam_krb5 kerberos method).
Second, using dovecot auth with postfix, kerberos logins do not work. The plain/login do.
I have been trying to figure out the FAIL code. I haven't been able to. I have the ticket in the right place, it has the right formats (imap one works from the same file). It has the right password. dovecot: auth: Debug: auth client connected (pid=9022) dovecot: auth: Debug: client in: AUTH#01111#011GSSAPI#011service=smtp#011nologin#011lip=10.0.1.13#011rip=IP_ADDR#011secured#011resp=<hidden> dovecot: auth: Debug: gssapi(?,IP_ADDR): Obtaining credentials for smtp@FQDN dovecot: auth: gssapi(?,IP_ADDR): While processing incoming data: Unspecified GSS failure. Minor code may provide more information dovecot: auth: gssapi(?,IP_ADDR): While processing incoming data: Invalid message type postfix/smtpd[9022]: warning: CLIENT_FQDN[IP_ADDR]: SASL GSSAPI authentication failed: dovecot: auth: Debug: client out: FAIL#01111 postfix/smtpd[9022]: disconnect from CLIENT_FQDN[IP_ADDR] postfix/smtpd[9022]: connect from CLIENT_FQDN[IP_ADDR] postfix/smtpd[9022]: warning: CLIENT_FQDN[IP_ADDR]: request longer than 2048: AUTH GSSAPI AUTH_DATA dovecot: auth: Debug: client in: AUTH#01112#011GSSAPI#011service=smtp#011nologin#011lip=10.0.1.13#011rip=IP_ADDR#011secured#011resp=<hidden> dovecot: auth: Debug: gssapi(?,IP_ADDR): Obtaining credentials for smtp@FQDN dovecot: auth: gssapi(?,IP_ADDR): While processing incoming data: Unspecified GSS failure. Minor code may provide more information dovecot: auth: gssapi(?,IP_ADDR): While processing incoming data: Invalid message type postfix/smtpd[9022]: warning: CLIENT_FQDN[IP_ADDR]: SASL GSSAPI authentication failed: dovecot: auth: Debug: client out: FAIL#01112
I cannot find the fail codes. What does 01112 mean?
Thank you, Trever
"Seize the day, put no trust in the morrow!" -- Quintus Horatius Flaccus (Horace)