On 2020-09-17 20:20, Ranbir wrote:
This is the pam error:
auth-worker(4474): pam(ranbir,1.2.3.4,<oS10hHmv7qkKyAkP>): pam_authenticate() failed: Authentication failure (password mismatch?)
Replying to myself here...
I managed to fix the pam problem once I realized that Roundcube didn't know what to do with the second factor auth dovecot (namely the pam module) was presenting to it. I removed the OTP requirement from the ID that couldn't login. Login still didn't work until I also modified the user's ldap entry directly to remove an extra attribute (krbExtraData).
Here's the link to the post in the freeipa user list that explains the OTP removal problem and fix:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Now the user id is successfully looked up via dovecot and roundcube logins are working again.
-- Ranbir