Auth fails for system users
Hi all,
i try to migrate my dovecot to a new server. While everything works fine for my virtual mailbox domains via mysql, my system users for my main domain cannot authenticate.
System users can login via ssh, can sudo etc.
root@bywater ~ # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 22.04.4 LTS Release: 22.04 Codename: jammy
root@bywater ~ # doveconf -n # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.16 (09c29328) # OS: Linux 5.15.0-102-generic x86_64 Ubuntu 22.04.4 LTS # Hostname: bywater.qno.de auth_debug = yes auth_debug_passwords = yes listen = 65.21.136.15, [::] mail_location = maildir:~/Maildir mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/tables.d/dovecot-sql.conf.ext driver = sql } passdb { args = dovecot driver = pam } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } postmaster_address = postmaster@qno.de protocols = " imap sieve" service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = dovecot } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert = </etc/letsencrypt/live/imap2.qno.de/fullchain.pem ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it syslog_facility = local0 userdb { args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%u driver = static } userdb { driver = passwd } verbose_proctitle = yes
/etc/pam.d/dovecot: #%PAM-1.0 @include common-auth @include common-account @include common-session
root@bywater ~ # doveadm auth test qno 'xxxxxxx' passdb: qno auth failed extra fields: user=qno
/var/log/auth.log: Apr 12 18:19:16 bywater unix_chkpwd[611002]: check pass; user unknown Apr 12 18:19:16 bywater unix_chkpwd[611003]: check pass; user unknown Apr 12 18:19:16 bywater unix_chkpwd[611003]: password check failed for user (qno) Apr 12 18:19:16 bywater auth worker: PASSV: pam_unix(dovecot:auth): authentication failure; logname= uid=5000 euid=5000 tty=dovecot ruser=qno rhost= user=qno
/var/log/dovecot/dovecot.debug: Apr 12 18:19:16 bywater dovecot: auth: Debug: auth client connected (pid=0) Apr 12 18:19:16 bywater dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=doveadm#011debug#011resp=cW5vAHFu bwAhMTRKMDN6ODgu (previous base64 data may contain sensitive data) Apr 12 18:19:16 bywater dovecot: auth: Debug: sql(qno): Performing passdb lookup Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: conn unix:auth-worker (pid=610992,uid=110): auth-worker<5>: Handling PASSV request Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: conn unix:auth-worker (pid=610992,uid=110): auth-worker<5>: sql(qno): Performing passdb lookup Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: conn unix:auth-worker (pid=610992,uid=110): auth-worker<5>: sql(qno): query: SELECT email as user, password FROM user WHERE email='qno' Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: mysql(localhost): Finished query 'SELECT email as user, pas sword FROM user WHERE email='qno'' in 0 msecs Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: conn unix:auth-worker (pid=610992,uid=110): auth-worker<5>: sql(qno): Finished passdb lookup Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: conn unix:auth-worker (pid=610992,uid=110): auth-worker<5>: Finished: user_unknown Apr 12 18:19:16 bywater dovecot: auth: Debug: sql(qno): Finished passdb lookup Apr 12 18:19:16 bywater dovecot: auth: Debug: pam(qno): Performing passdb lookup Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: conn unix:auth-worker (pid=610992,uid=110): auth-worker<6>: Handling PASSV request Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: conn unix:auth-worker (pid=610992,uid=110): auth-worker<6>: pam(qno): Performing passdb lookup Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: conn unix:auth-worker (pid=610992,uid=110): auth-worker<6>: pam(qno): lookup service=dovecot Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: conn unix:auth-worker (pid=610992,uid=110): auth-worker<6>: pam(qno): #1/1 style=1 msg=Password: Apr 12 18:19:17 bywater dovecot: auth-worker(610993): Debug: conn unix:auth-worker (pid=610992,uid=110): auth-worker<6>: pam(qno): Finished passdb lookup Apr 12 18:19:17 bywater dovecot: auth-worker(610993): Debug: conn unix:auth-worker (pid=610992,uid=110): auth-worker<6>: Finished: password_mismatch Apr 12 18:19:17 bywater dovecot: auth: Debug: pam(qno): Finished passdb lookup Apr 12 18:19:17 bywater dovecot: auth: Debug: auth(qno): Auth request finished
Same results with a real IMAP client.
I have no further ideas where to look for my fault. Can somebody help?
TIA QNo
Christian H. Kuhn via dovecot skrev den 2024-04-12 18:28:
I have no further ideas where to look for my fault. Can somebody help?
https://doc.dovecot.org/settings/core/#core_setting-auth_default_realm
its possible this one
use full email as login, not just system username
system-user@localhost if realm is localhost
participants (3)
-
Benny Pedersen
-
Christian H. Kuhn
-
Christian H. Kuhn