[Dovecot] Permission problems
Hello. This is the first time I'm using Dovecot...
I'm using Debian Etch (updated), and all bundled (Postfix + OpenLDAP + Dovecot + SASL), and Jamm. This is the guide I'm using: http://wanderingbarque.com/howtos/mailserver/mailserver.html
# dovecot --version 1.0.rc15
# tail -4 /etc/passwd cyrus:x:107:8:Cyrus Mailsystem User,,,:/var/spool/cyrus:/bin/sh vmail:x:1001:1001::/home/vmail:/bin/sh dovecot:x:108:109:Dovecot mail server,,,:/usr/lib/dovecot:/bin/false dovecot-auth:x:1002:1002::/usr/lib/dovecot:/bin/sh
# tail -4 /etc/group postdrop:x:108: vmail:x:1001: dovecot:x:109: dovecot-auth:x:1002:
# id dovecot uid=108(dovecot) gid=109(dovecot) grupos=109(dovecot)
# id vmail uid=1001(vmail) gid=1001(vmail) grupos=1001(vmail)
# dovecot -n # /etc/dovecot/dovecot.conf log_path: /var/log/dovecot.log info_log_path: /var/log/dovecot-info.log log_timestamp: %Y-%m-%d %H:%M:%S ssl_disable: yes disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login valid_chroot_dirs: /home/vmail/domains verbose_proctitle: yes first_valid_uid: 108 last_valid_uid: 108 first_valid_gid: 109 last_valid_gid: 109 mail_privileged_group: vmail mail_location: maildir:/home/vmail/domains/%d/%n auth default: user: dovecot-auth verbose: yes debug: yes debug_passwords: yes passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf
# grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf hosts = localhost dn = cn=dovecot,dc=XXXXXX,dc=ce,dc=gov,dc=br dnpass = XXXXXX ldap_version = 3 base = o=hosting,dc=XXXXX,dc=ce,dc=gov,dc=br deref = never scope = subtree user_attrs = mail,homeDirectory,,,, user_filter = (&(objectClass=JammMailAccount)(mail=%u)(accountActive=TRUE)(delete=FALSE)) pass_attrs = mail,userPassword pass_filter = (&(objectClass=JammMailAccount)(mail=%u)(accountActive=TRUE)(delete=FALSE)) default_pass_scheme = CRYPT user_global_uid = 108 user_global_gid = 109
# testsaslauthd -u rodrigo2@XXXXXX.ce.gov.br -p XXXXXX 0: OK "Success."
Here is tha Dovecot log:
dovecot: 2008-07-17 11:31:30 Error: Logins with login process UID 108 (user rodrigo2@XXXXXX.ce.gov.br) not permitted (see login_user in config file). dovecot: 2008-07-17 11:31:30 Error: IMAP(rodrigo2@XXXXXX.ce.gov.br): mkdir(/home/vmail/domains/XXXXXX.ce.gov.br/rodrigo2/.Trash) failed: Permission denied dovecot: 2008-07-17 11:31:33 Error: IMAP(rodrigo2@XXXXXX.ce.gov.br): mkdir(/home/vmail/domains/XXXXXX.ce.gov.br/rodrigo2/.Trash) failed: Permission denied dovecot: 2008-07-17 11:31:34 Error: Logins with login process UID 108 (user rodrigo2@XXXXXX.ce.gov.br) not permitted (see login_user in config file). dovecot: 2008-07-17 11:31:34 Error: IMAP(rodrigo2@XXXXXX.ce.gov.br): file_dotlock_open() failed with file /home/vmail/domains/ XXXXXX.ce.gov.br/rodrigo2/dovecot.index.log: Permission denied dovecot: 2008-07-17 11:31:34 Error: IMAP(rodrigo2@XXXXXX.ce.gov.br): file_dotlock_open() failed with file /home/vmail/domains/ XXXXXX.ce.gov.br/rodrigo2/dovecot.index.log: Permission denied
As it says in the guide, I create the dir (domain/user - XXXXX.ce.gov.br/rodrigo2) and send an "greeting" e-mail for the creation of directories. Then I can login to the account, but can't retrieve mail from them. Can anyone help me?
Regards, Rodrigo.
ps: sorry about my english.
-- M. Rodrigo Monteiro falecom@rodrigomonteiro.net "Free as in Freedom, not free as in free beer" Linux User # 403730
2008/7/17 Charles Marcus CMarcus@media-brokers.com:
On 7/17/2008, M. Rodrigo Monteiro (falecom@rodrigomonteiro.net) wrote:
# dovecot --version 1.0.rc15
Upgrade please... this is very old...
--
Best regards,
Charles
If there is no problem with whis version (ie: just a configuration problem), I won't upgrade for now.
Regards, Rodrigo
-- M. Rodrigo Monteiro falecom@rodrigomonteiro.net "Free as in Freedom, not free as in free beer" Linux User # 403730
On Thu, 2008-07-17 at 12:51 -0300, M. Rodrigo Monteiro wrote:
dovecot: 2008-07-17 11:31:30 Error: Logins with login process UID 108 (user rodrigo2@XXXXXX.ce.gov.br) not permitted (see login_user in config file).
Don't try to log in using "dovecot" user's UID. http://wiki.dovecot.org/UserIds
dovecot: 2008-07-17 11:31:30 Error: IMAP(rodrigo2@XXXXXX.ce.gov.br): mkdir(/home/vmail/domains/XXXXXX.ce.gov.br/rodrigo2/.Trash) failed: Permission denied
This directory or one of its parent directories isn't owned by the user that logged in. So if you're using UID 108, chown -R 108 /home/vmail should do it.
On Thu, July 17, 2008 20:20, Timo Sirainen wrote:
This directory or one of its parent directories isn't owned by the user that logged in. So if you're using UID 108, chown -R 108 /home/vmail should do it.
currect if id 108 gives 108
if i am wroung tell me
-- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
2008/7/17 Benny Pedersen me@junc.org:
On Thu, July 17, 2008 20:20, Timo Sirainen wrote:
This directory or one of its parent directories isn't owned by the user that logged in. So if you're using UID 108, chown -R 108 /home/vmail should do it.
currect if id 108 gives 108
if i am wroung tell me
-- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
I'm reinstalling it. I'll upgrade dovecot to the latest version...
Thanks for now, Rodrigo.
-- M. Rodrigo Monteiro falecom@rodrigomonteiro.net "Free as in Freedom, not free as in free beer" Linux User # 403730
2008/7/18 M. Rodrigo Monteiro falecom@rodrigomonteiro.net:
2008/7/17 Benny Pedersen me@junc.org:
On Thu, July 17, 2008 20:20, Timo Sirainen wrote:
This directory or one of its parent directories isn't owned by the user that logged in. So if you're using UID 108, chown -R 108 /home/vmail should do it.
currect if id 108 gives 108
if i am wroung tell me
-- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
I'm reinstalling it. I'll upgrade dovecot to the latest version...
Thanks for now, Rodrigo.
-- M. Rodrigo Monteiro falecom@rodrigomonteiro.net "Free as in Freedom, not free as in free beer" Linux User # 403730
Now it's a fresh installation with all the packages updated. The problem is that I can't login with any user. When I send an test e-mail to a new user, the directory domain.ce.gov.br/user is created ok...
Here is the config.:
~# id dovecot uid=201(dovecot) gid=201(dovecot) grupos=201(dovecot)
# id dovecot-auth uid=202(dovecot-auth) gid=202(dovecot-auth) grupos=202(dovecot-auth)
# id vmail uid=200(vmail) gid=200(vmail) grupos=200(vmail)
# /usr/local/dovecot/sbin/dovecot -n # 1.1.1: /usr/local/dovecot/etc/dovecot.conf log_path: /var/log/dovecot.log info_log_path: /var/log/dovecot-info.log ssl_disable: yes disable_plaintext_auth: no login_dir: /usr/local/dovecot/var/run/dovecot/login login_executable: /usr/local/dovecot/libexec/dovecot/imap-login valid_chroot_dirs: /home/vmail/domains first_valid_uid: 201 last_valid_uid: 201 first_valid_gid: 201 last_valid_gid: 201 mail_location: maildir:/home/vmail/domains/%d/%n auth default: user: dovecot-auth verbose: yes debug: yes debug_passwords: yes passdb: driver: ldap args: /usr/local/dovecot/etc/dovecot-ldap.conf userdb: driver: ldap args: /usr/local/dovecot/etc/dovecot-ldap.conf
# grep -v '^ *\(#.*\)\?$' /usr/local/dovecot/etc/dovecot-ldap.conf hosts = localhost dn = cn=dovecot,dc=XXXX,dc=ce,dc=gov,dc=br dnpass = XXXXXXXX ldap_version = 3 base = o=mail, dc=XXXX, dc=ce, dc=gov, dc=br deref = never scope = subtree user_attrs = mail,homeDirectory,,,, user_filter = (&(objectClass=JammMailAccount)(mail=%u)(accountActive=TRUE)(delete=FALSE)) pass_attrs = mail,userPassword pass_filter = (&(objectClass=JammMailAccount)(mail=%u)(accountActive=TRUE)(delete=FALSE)) default_pass_scheme = CRYPT
# tail -f /var/log/dovecot.log dovecot: Jul 18 14:21:28 Error: auth(default): ldap(rodrigo@XXXX.ce.gov.br,XXX.XXX.XXX.XXX): No password in reply
# cat /etc/saslauthd.conf ldap_servers: ldap://127.0.0.1 ldap_search_base: o=mail,dc=XXXXX,dc=ce,dc=gov,dc=br ldap_filter: (&(objectClass=JammMailAccount)(mail=%u@ %r)(accountActive=TRUE)(delete=FALSE))
# tail -f /var/log/dovecot-info.log dovecot: Jul 18 14:21:26 Info: auth(default): client in: AUTH 1 PLAIN service=imap lip=172.31.4.43 rip=XXX.XXX.XXX.XXX lport=143 rport=3860 dovecot: Jul 18 14:21:26 Info: auth(default): client out: CONT 1 dovecot: Jul 18 14:21:26 Info: auth(default): client in: CONT 1 AHJvZHJpZ29Ac2VkdWMuY2UuZ292LmJyAHRlc3Rl dovecot: Jul 18 14:21:26 Info: auth(default): ldap(rodrigo@XXXX.ce.gov.br,XXX.XXX.XXX.XXX): pass search: base=o=mail, dc=XXXX, dc=ce, dc=gov, dc=br scope=subtree filter=(&(objectClass=JammMailAccount)(mail=rodrigo@XXXX.ce.gov.br)(accountActive=TRUE)(delete=FALSE)) fields=mail,userPassword dovecot: Jul 18 14:21:26 Info: auth(default): ldap(rodrigo@XXXX.ce.gov.br,XXX.XXX.XXX.XXX): result: mail(mail)=rodrigo@XXXX.ce.gov.bruserPassword(userPassword)={CRYPT}YZJZNkBk381gg dovecot: Jul 18 14:21:28 Info: auth(default): client out: FAIL 1 user=rodrigo@XXXX.ce.gov.br temp mail=rodrigo@XXXX.ce.gov.bruserPassword={CRYPT}YZJZNkBk381gg
# tail -f /var/log/syslog Jul 18 14:21:26 sedsrv043 slapd[1888]: conn=0 op=1 SRCH base="o=mail,dc=XXXX,dc=ce,dc=gov,dc=br" scope=2 deref=0 filter="(&(objectClass=JammMailAccount)(mail=rodrigo@XXXX.ce.gov.br )(accountActive=TRUE)(delete=FALSE))" Jul 18 14:21:26 sedsrv043 slapd[1888]: conn=0 op=1 SRCH attr=mail userPassword Jul 18 14:21:26 sedsrv043 slapd[1888]: <= bdb_equality_candidates: (mail) not indexed Jul 18 14:21:26 sedsrv043 slapd[1888]: <= bdb_equality_candidates: (accountActive) not indexed Jul 18 14:21:26 sedsrv043 slapd[1888]: <= bdb_equality_candidates: (delete) not indexed Jul 18 14:21:26 sedsrv043 slapd[1888]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul 18 14:21:28 sedsrv043 slapd[1888]: conn=0 op=2 SRCH base="o=mail,dc=XXXX,dc=ce,dc=gov,dc=br" scope=2 deref=0 filter="(&(objectClass=JammMailAccount)(mail=rodrigo@XXXX.ce.gov.br )(accountActive=TRUE)(delete=FALSE))"
In phpLDAPadmin the userPassword attribute is {CRYPT}YZJZNkBk381gg
Regards, Rodrigo.
-- M. Rodrigo Monteiro falecom@rodrigomonteiro.net "Free as in Freedom, not free as in free beer" Linux User # 403730
On Fri, July 18, 2008 19:39, M. Rodrigo Monteiro wrote:
# id vmail uid=200(vmail) gid=200(vmail) grupos=200(vmail)
first_valid_uid: 201 last_valid_uid: 201 first_valid_gid: 201 last_valid_gid: 201
200 vs 201 ?
thay must match to work
-- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
2008/7/19 Benny Pedersen me@junc.org:
On Fri, July 18, 2008 19:39, M. Rodrigo Monteiro wrote:
# id vmail uid=200(vmail) gid=200(vmail) grupos=200(vmail)
first_valid_uid: 201 last_valid_uid: 201 first_valid_gid: 201 last_valid_gid: 201
200 vs 201 ?
thay must match to work
-- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Now it's 200, and it's the same error. Why is this message "No password in reply"? In the dovecot-info.log, the password (crypt) is the same in the OpenLDAP. What's wrong?
# tail devecot.log dovecot: Jul 21 09:15:08 Error: auth(default): ldap(rodrigo@seduc.ce.gov.br, 172.31.4.55): No password in reply
# tail dovedot-info.log dovecot: Jul 21 09:15:06 Info: auth(default): client in: AUTH 1 PLAIN service=imap lip=XXX.XXX.XXX.XXX rip=XXX.XXX.XXX.XXX lport=143 rport=1835 dovecot: Jul 21 09:15:06 Info: auth(default): client out: CONT 1 dovecot: Jul 21 09:15:06 Info: auth(default): client in: CONT 1 AHJvZHJpZ29Ac2VkdWMuY2UuZ292LmJyAHRlc3Rl dovecot: Jul 21 09:15:06 Info: auth(default): ldap(rodrigo@XXXXX.ce.gov.br,XXX.XXX.XXX.XXX): pass search: base=o=mail, dc=XXXXX, dc=ce, dc=gov, dc=br scope=subtree filter=(&(objectClass=JammMailAccount)(mail=rodrigo@XXXXX.ce.gov.br)(accountActive=TRUE)(delete=FALSE)) fields=mail,userPassword dovecot: Jul 21 09:15:06 Info: auth(default): ldap(rodrigo@XXXXX.ce.gov.br,XXX.XXX.XXX.XXX): result: mail(mail)=rodrigo@XXXXX.ce.gov.bruserPassword(userPassword)={CRYPT}YZJZNkBk381gg dovecot: Jul 21 09:15:08 Info: auth(default): client out: FAIL 1 user=rodrigo@XXXXX.ce.gov.br temp mail=rodrigo@XXXXX.ce.gov.bruserPassword={CRYPT}YZJZNkBk381gg
# /usr/local/dovecot/sbin/dovecot -n # 1.1.1: /usr/local/dovecot/etc/dovecot.conf log_path: /var/log/dovecot.log info_log_path: /var/log/dovecot-info.log ssl_disable: yes disable_plaintext_auth: no login_dir: /usr/local/dovecot/var/run/dovecot/login login_executable: /usr/local/dovecot/libexec/dovecot/imap-login valid_chroot_dirs: /home/vmail/domains first_valid_uid: 200 last_valid_uid: 200 first_valid_gid: 200 last_valid_gid: 200 mail_location: maildir:/home/vmail/domains/%d/%n auth default: user: dovecot-auth verbose: yes debug: yes debug_passwords: yes passdb: driver: ldap args: /usr/local/dovecot/etc/dovecot-ldap.conf userdb: driver: ldap args: /usr/local/dovecot/etc/dovecot-ldap.conf
Regards, Rodrigo.
-- M. Rodrigo Monteiro falecom@rodrigomonteiro.net "Free as in Freedom, not free as in free beer" Linux User # 403730
On Mon, July 21, 2008 14:20, M. Rodrigo Monteiro wrote:
args: /usr/local/dovecot/etc/dovecot-ldap.conf
i am unsure how to debug ldap from here, but show this conf and i hope others can help last thing here, the logs show me now that dovecot works, but the ldap auth is still not working
-- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
participants (4)
-
Benny Pedersen
-
Charles Marcus
-
M. Rodrigo Monteiro
-
Timo Sirainen