Try configuring like this:
passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file }
passdb { driver = static args = username=%n noauthenticate skip = authenticated }
passdb { driver = pam skip = authenticated }
On 05.09.2017 14:29, Pol Hallen wrote:
Sure :) thanks
cat /var/log/dovecot/[...]
Sep 05 13:26:02 auth: Debug: auth client connected (pid=30131) Sep 05 13:26:02 auth: Debug: client in: AUTH 1 PLAIN
service=imap secured session=JK0Bfm9YuqfAqAFk
lip=192.168.1.100 rip=192.168.1.100 lport=143
rport=42938 resp=AG1heEBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA== (previous base64 data may contain sensitive data) Sep 05 13:26:02 auth-worker(30088): Debug: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup service=username_format=user00 Sep 05 13:26:02 auth-worker(30088): Debug: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): #1/1 style=1 msg=Password: ==> /var/log/dovecot.info <== Sep 05 13:26:04 auth-worker(30088): Info: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:26:04 auth: Debug: passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup: user=user00@realsystem.org file=/etc/dovecot/users ==> /var/log/dovecot.info <== Sep 05 13:26:04 auth: Info: passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): unknown user (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:26:06 auth: Debug: client passdb out: FAIL 1
user=user00@realsystem.org ==> /var/log/dovecot.info <== Sep 05 13:26:06 imap-login: Info: Disconnected (auth failed, 1 attempts in 4 secs): user=<user00@realsystem.org>, method=PLAIN, rip=192.168.1.100, lip=192.168.1.100, secureddoveconf -n
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.9.0-3-amd64 x86_64 Debian 9.1 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = login plain auth_verbose = yes auth_verbose_passwords = yes debug_log_path = /var/log/dovecot.debug disable_plaintext_auth = no info_log_path = /var/log/dovecot.info login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_debug = yes mail_home = /home/vmail/%d/%n/Maildir mail_location = maildir:~/Maildir mail_plugins = " quota quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = subscriptions = yes type = private } passdb { args = username_format=%n driver = pam } passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename append flag_change mail_log_fields = uid box msgid size from subject vsize quota = maildir:User quota quota_rule = *:storage=10000M quota_rule2 = Junk:storage=+100M quota_rule3 = SPAM:storage=+100M quota_warning = storage=90%% quota-warning 90 %u sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +notify +imapflags } protocols = " imap sieve pop3 sieve" quota_full_tempfail = yes service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service quota-warning { executable = script /root/bin/quota-warning.sh unix_listener quota-warning { mode = 0666 user = vmail } user = root } ssl_cert = </etc/dovecot/dovecot.pem ssl_dh_parameters_length = 2048 ssl_key = # hidden, use -P to show it userdb { driver = passwd } userdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file } userdb { args = uid=vmail gid=vmail home=/home/vmail/%d/%n driver = static } verbose_proctitle = yes protocol lda { mail_plugins = " quota quota sieve quota" } protocol imap { mail_plugins = " quota quota imap_quota" }
On 2017-09-05 13:01, Aki Tuomi wrote:
Can you provide
doveconf -n (with the new config)
enable auth_debug=yes, auth_verbose=yes and provide logs from authentication attempt?
Aki
On 05.09.2017 13:37, Pol Hallen wrote: thanks Aki, but with all your advices I've same problem: in the logs always I see the authentication with user and domain name, so dovecot doesn't accept it
any idea?
thanks!
Pol
On 2017-09-05 10:58, Aki Tuomi wrote:
Oh right, you need to do it like this...
after the passwd-file drivers add
passdb { driver = static args = username=%n noauthenticate }
Aki
On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
I already tried with:
username_format=%n or auth_username_format=%n but I've same problem
Pol
passdb { driver = pam args = username_format=%n }
also you probably want to consider using driver=passwd instead, if you really don't need pam due to some special plugins.
Aki