Hi Everyone,
I made some small changes in my dovecot setup to switch it from looking up users and passwords from a mix of ldap (i.e. freeipa) and password files. One of the changes was to switch from using one id for all authentication to using individual ids)
It's working fine with Evolution. I have one account authenticating with GSSAPI, which is my userid for logging into my desktop and for email. The other account in Evolution is logging in using PLAIN and is only used for email (it's shell is set to /sbin/nologin).
The problem is with roundcube: I can login with the second, email only account, but my personal ID always errors out. I never use the domain with either one.
auth worker: PASSV: pam_sss(dovecot:auth): authentication failure; logname= uid=97 euid=97 tty=dovecot ruser=ranbir rhost=1.2.3.4 user=ranbir auth worker: PASSV: pam_sss(dovecot:auth): received for user ranbir: 17 (Failure setting user credentials) It doesn't matter what user or group I use for unix_listener. If I use 0777 for the mode, I still see the failure and dovecot goes to try the name against the passwd-file, where it obviously fails.
This is the pam error:
auth-worker(4474): pam(ranbir,1.2.3.4,<oS10hHmv7qkKyAkP>): pam_authenticate() failed: Authentication failure (password mismatch?)
What have I misconfigured? Here's the "service auth" section:
service auth { chroot = client_limit = 0 drop_priv_before_exec = no executable = auth extra_groups = group = idle_kill = 0 inet_listener { address = 9.8.7.5 haproxy = no port = 17900 reuse_port = no ssl = no } privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener auth-client { group = mode = 0600 user = $default_internal_user } unix_listener auth-login { group = mode = 0600 user = $default_internal_user } unix_listener auth-master { group = mode = 0600 user = } unix_listener auth-userdb { group = mode = 0777 user = $default_internal_user } unix_listener login/login { group = mode = 0666 user = } unix_listener token-login/tokenlogin { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B }
Any guidance is appreciated.
-- Ranbir