doveadm auth lookup fails for system user
Hi all,
next step with my auth problem with dovecot.
I want to authenticate a system user. The user exists, can log in, can sudo -i etc.pp. SASL with sql passdb and userdb works fine.
root@bywater /etc/dovecot/conf.d # doveadm user qno field value uid 1001 gid 1001 home /home/qno mail maildir:~/Maildir system_groups_user qno
But: root@bywater /etc/dovecot/conf.d # doveadm auth lookup qno passdb lookup: user qno doesn't exist
And no surprise: root@bywater /etc/dovecot/conf.d # doveadm auth test qno Password: passdb: qno auth failed extra fields: user=qno
root@bywater /etc/dovecot/conf.d # doveconf -n # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.16 (09c29328) # OS: Linux 5.15.0-113-generic x86_64 Ubuntu 22.04.4 LTS # Hostname: bywater.qno.de auth_debug = yes auth_debug_passwords = yes auth_verbose = yes auth_verbose_passwords = plain listen = 65.21.136.15, [::] mail_location = maildir:~/Maildir mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/tables.d/dovecot-sql.conf.ext driver = sql } passdb { args = blocking=no driver = passwd } passdb { driver = pam } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } postmaster_address = postmaster@qno.de protocols = " imap sieve" service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = dovecot } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert = </etc/letsencrypt/live/imap2.qno.de/fullchain.pem ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it syslog_facility = local0 userdb { args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%u driver = static } userdb { driver = passwd } verbose_proctitle = yes
How can it be that a user is found by userdb passwd, but not by passdb passwd or PAM?
TIA QNo
On 12/07/2024 21:47, Christian H. Kuhn via dovecot wrote:
Hi all,
next step with my auth problem with dovecot.
I want to authenticate a system user. The user exists, can log in, can sudo -i etc.pp. SASL with sql passdb and userdb works fine.
root@bywater /etc/dovecot/conf.d # doveadm user qno field value uid 1001 gid 1001 home /home/qno mail maildir:~/Maildir system_groups_user qno
But: root@bywater /etc/dovecot/conf.d # doveadm auth lookup qno passdb lookup: user qno doesn't exist
And no surprise: root@bywater /etc/dovecot/conf.d # doveadm auth test qno Password: passdb: qno auth failed extra fields: user=qno
Hi QNo
I can't see why this happening. Only suggestion I have is to run those commands with -D to get more detailed info.
John
I did. Do not know why all those dlopen() failed, but as i’m told to ignore those messages, i did ;-)
BTW: home dir is wrong now. I swear i didn’t change anything ...
root@bywater ~ # doveadm -D user qno Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message) Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_sieve_plugin.so Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_user_get_language_list (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol: mail_crypt_box_get_pvt_digests (this is usually intentional, so just ignore this message) Jul 15 19:45:29 Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Jul 15 19:45:29 Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) Jul 15 19:45:29 Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message) Jul 15 19:45:29 Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) Jul 15 19:45:29 Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_user_get_language_list (this is usually intentional, so just ignore this message) Jul 15 19:45:29 Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol: mail_crypt_box_get_pvt_digests (this is usually intentional, so just ignore this message) Jul 15 19:45:29 doveadm(qno)<3295><>: Debug: auth-master: userdb lookup(qno): Started userdb lookup Jul 15 19:45:29 doveadm(qno)<3295><>: Debug: auth-master: conn unix:/run/dovecot/auth-userdb: Connecting Jul 15 19:45:29 doveadm(qno)<3295><>: Debug: auth-master: conn unix:/run/dovecot/auth-userdb (pid=2542,uid=0): Client connected (fd=9) Jul 15 19:45:29 doveadm(qno)<3295><>: Debug: auth-master: userdb lookup(qno): auth USER input: qno uid=5000 gid=5000 home=/var/mail/vhosts//qno Jul 15 19:45:29 doveadm(qno)<3295><>: Debug: auth-master: userdb lookup(qno): Finished userdb lookup (username=qno uid=5000 gid=5000 home=/var/mail/vhosts//qno) Jul 15 19:45:29 doveadm(3295): Debug: auth-master: conn unix:/run/dovecot/auth-userdb (pid=2542,uid=0): Disconnected: Connection closed (fd=9) field value uid 5000 gid 5000 home /var/mail/vhosts//qno mail maildir:~/Maildir
root@bywater ~ # doveadm -D auth lookup qno Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message) Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_sieve_plugin.so Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_user_get_language_list (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol: mail_crypt_box_get_pvt_digests (this is usually intentional, so just ignore this message) Jul 15 19:45:44 Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Jul 15 19:45:44 Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) Jul 15 19:45:44 Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message) Jul 15 19:45:44 Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) Jul 15 19:45:44 Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_user_get_language_list (this is usually intentional, so just ignore this message) Jul 15 19:45:44 Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol: mail_crypt_box_get_pvt_digests (this is usually intentional, so just ignore this message) Jul 15 19:45:44 Debug: auth-master: passdb lookup(qno): Started passdb lookup Jul 15 19:45:44 Debug: auth-master: conn unix:/run/dovecot/auth-userdb: Connecting Jul 15 19:45:44 Debug: auth-master: conn unix:/run/dovecot/auth-userdb (pid=2542,uid=0): Client connected (fd=9) Jul 15 19:45:44 Debug: auth-master: passdb lookup(qno): auth PASS input: user=qno Jul 15 19:45:44 Debug: auth-master: passdb lookup(qno): Finished passdb lookup (user=qno ) passdb: qno user : qno
Jul 15 19:45:44 Debug: auth-master: conn unix:/run/dovecot/auth-userdb (pid=2542,uid=0): Disconnected: Connection closed (fd=9)
Am 13.07.2024 um 13:01 schrieb John Fawcett via dovecot:
On 12/07/2024 21:47, Christian H. Kuhn via dovecot wrote:
Hi all,
next step with my auth problem with dovecot.
I want to authenticate a system user. The user exists, can log in, can sudo -i etc.pp. SASL with sql passdb and userdb works fine.
root@bywater /etc/dovecot/conf.d # doveadm user qno field value uid 1001 gid 1001 home /home/qno mail maildir:~/Maildir system_groups_user qno
But: root@bywater /etc/dovecot/conf.d # doveadm auth lookup qno passdb lookup: user qno doesn't exist
And no surprise: root@bywater /etc/dovecot/conf.d # doveadm auth test qno Password: passdb: qno auth failed extra fields: user=qno
Hi QNo
I can't see why this happening. Only suggestion I have is to run those commands with -D to get more detailed info.
John
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Hi
Did you also run the "doveadm auth test quo" with debugging?
These commands with -D are giving different results to before. I'm not sure how to explain that.
If you do a new test with and without the debugging parameter, can you confirming that the debugging parameter influences the results? Or do you now see it working with both debugging and without debugging?
Thanks
John
On 15/07/2024 19:58, Christian H. Kuhn via dovecot wrote:
I did. Do not know why all those dlopen() failed, but as i’m told to ignore those messages, i did ;-)
BTW: home dir is wrong now. I swear i didn’t change anything ...
root@bywater ~ # doveadm -D user qno Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message) Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_sieve_plugin.so Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_user_get_language_list (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol: mail_crypt_box_get_pvt_digests (this is usually intentional, so just ignore this message) Jul 15 19:45:29 Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Jul 15 19:45:29 Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) Jul 15 19:45:29 Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message) Jul 15 19:45:29 Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) Jul 15 19:45:29 Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_user_get_language_list (this is usually intentional, so just ignore this message) Jul 15 19:45:29 Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol: mail_crypt_box_get_pvt_digests (this is usually intentional, so just ignore this message) Jul 15 19:45:29 doveadm(qno)<3295><>: Debug: auth-master: userdb lookup(qno): Started userdb lookup Jul 15 19:45:29 doveadm(qno)<3295><>: Debug: auth-master: conn unix:/run/dovecot/auth-userdb: Connecting Jul 15 19:45:29 doveadm(qno)<3295><>: Debug: auth-master: conn unix:/run/dovecot/auth-userdb (pid=2542,uid=0): Client connected (fd=9) Jul 15 19:45:29 doveadm(qno)<3295><>: Debug: auth-master: userdb lookup(qno): auth USER input: qno uid=5000 gid=5000 home=/var/mail/vhosts//qno Jul 15 19:45:29 doveadm(qno)<3295><>: Debug: auth-master: userdb lookup(qno): Finished userdb lookup (username=qno uid=5000 gid=5000 home=/var/mail/vhosts//qno) Jul 15 19:45:29 doveadm(3295): Debug: auth-master: conn unix:/run/dovecot/auth-userdb (pid=2542,uid=0): Disconnected: Connection closed (fd=9) field value uid 5000 gid 5000 home /var/mail/vhosts//qno mail maildir:~/Maildir
root@bywater ~ # doveadm -D auth lookup qno Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message) Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_sieve_plugin.so Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_user_get_language_list (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol: mail_crypt_box_get_pvt_digests (this is usually intentional, so just ignore this message) Jul 15 19:45:44 Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Jul 15 19:45:44 Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_user_module (this is usually intentional, so just ignore this message) Jul 15 19:45:44 Debug: Skipping module doveadm_quota_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so: undefined symbol: quota_user_module (this is usually intentional, so just ignore this message) Jul 15 19:45:44 Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) Jul 15 19:45:44 Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_user_get_language_list (this is usually intentional, so just ignore this message) Jul 15 19:45:44 Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol: mail_crypt_box_get_pvt_digests (this is usually intentional, so just ignore this message) Jul 15 19:45:44 Debug: auth-master: passdb lookup(qno): Started passdb lookup Jul 15 19:45:44 Debug: auth-master: conn unix:/run/dovecot/auth-userdb: Connecting Jul 15 19:45:44 Debug: auth-master: conn unix:/run/dovecot/auth-userdb (pid=2542,uid=0): Client connected (fd=9) Jul 15 19:45:44 Debug: auth-master: passdb lookup(qno): auth PASS input: user=qno Jul 15 19:45:44 Debug: auth-master: passdb lookup(qno): Finished passdb lookup (user=qno ) passdb: qno user : qno
Jul 15 19:45:44 Debug: auth-master: conn unix:/run/dovecot/auth-userdb (pid=2542,uid=0): Disconnected: Connection closed (fd=9)
Am 13.07.2024 um 13:01 schrieb John Fawcett via dovecot:
On 12/07/2024 21:47, Christian H. Kuhn via dovecot wrote:
Hi all,
next step with my auth problem with dovecot.
I want to authenticate a system user. The user exists, can log in, can sudo -i etc.pp. SASL with sql passdb and userdb works fine.
root@bywater /etc/dovecot/conf.d # doveadm user qno field value uid 1001 gid 1001 home /home/qno mail maildir:~/Maildir system_groups_user qno
But: root@bywater /etc/dovecot/conf.d # doveadm auth lookup qno passdb lookup: user qno doesn't exist
And no surprise: root@bywater /etc/dovecot/conf.d # doveadm auth test qno Password: passdb: qno auth failed extra fields: user=qno
Hi QNo
I can't see why this happening. Only suggestion I have is to run those commands with -D to get more detailed info.
John
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
participants (3)
-
Christian H. Kuhn
-
Christian H. Kuhn
-
John Fawcett