Helo all!
I'm trying to set up a dovecot server so that it authenticates local user via /etc/passwd (I'm on a Freebsd 13.1) and via winbindd for those that it cannot find localy. The samba suite is alive and well, postfix gets happily mail from domain users and saves it with correct name and permissions from the windows domain. If I try to authenticate a domain user via wbinfo it works, with dovecot it doesn't. I guess I'v forgot something in the dovecot config... :)
Here is my doveconf -n:
# 2.3.20 (80a5ac675d): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.5.20 (149edcf2) # OS: FreeBSD 13.1-RELEASE-p5 powerpc ufs # Hostname: numeron.mcs.it auth_cache_size = 30 k auth_debug_passwords = yes auth_mechanisms = plain ntlm login auth_use_winbind = yes auth_username_format = %n auth_winbind_helper_path = /usr/local/bin/ntlm_auth default_client_limit = 1128 default_vsz_limit = 712 M disable_plaintext_auth = no first_valid_uid = 0 info_log_path = /var/log/dovecot/logfile.info listen = * lock_method = flock log_path = /var/log/dovecot/logfile login_greeting = Dovecot at Nameron Ready. mail_location = mbox:/var/spool/dovecot/%u:INBOX=/var/mail/%u mail_plugins = fts managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext passdb { driver = passwd } protocols = imap pop3 service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { user = root name = auth } service config { name = config } service dict-async { name = dict-async } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns-client } service doveadm-server { name = doveadm } service imap-hibernate { name = imap-hibernate } service imap { service_count = 0 name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service imap-master { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service sieve { name = managesieve-login } service login/sieve { name = managesieve } service old-stats-mail { name = old-stats } service pop3 { process_limit = 255 service_count = 1 name = pop3-login } service login/pop3 { name = pop3 } service replicator-doveadm { name = replicator } service login/stats-writer { unix_listener { group = mail mode = 0666 user = dovecot path = stats-reader } unix_listener { group = mail mode = 0666 user = dovecot path = stats-writer } name = stats } service submission { name = submission-login } service login/submission { name = submission } ssl = no userdb { driver = passwd } protocol pop3 { pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_enable_last = yes pop3_uidl_format = %08Xu%08Xv service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { name = auth } service config { name = config } service dict-async { name = dict-async } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns-client } service doveadm-server { name = doveadm } service imap-hibernate { name = imap-hibernate } service imap { name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service imap-master { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service sieve { name = managesieve-login } service login/sieve { name = managesieve } service old-stats-mail { name = old-stats } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator-doveadm { name = replicator } service login/stats-writer { name = stats } service submission { name = submission-login } service login/submission { name = submission } } protocol lda { debug_log_path = /var/log/dovecot/lda-debug.log info_log_path = /var/log/dovecot/lda.info log_path = /var/log/dovecot/lda.err mail_debug = yes postmaster_address = l@mcs.it service replication-notify-fifo { name = aggregator } service anvil-auth-penalty { name = anvil } service auth-worker { name = auth-worker } service auth-client { name = auth } service config { name = config } service dict-async { name = dict-async } service dict { name = dict } service login/proxy-notify { name = director } service dns-client { name = dns-client } service doveadm-server { name = doveadm } service imap-hibernate { name = imap-hibernate } service imap { name = imap-login } service imap-urlauth { name = imap-urlauth-login } service imap-urlauth-worker { name = imap-urlauth-worker } service token-login/imap-urlauth { name = imap-urlauth } service imap-master { name = imap } service indexer-worker { name = indexer-worker } service indexer { name = indexer } service ipc { name = ipc } service lmtp { name = lmtp } service log-errors { name = log } service sieve { name = managesieve-login } service login/sieve { name = managesieve } service old-stats-mail { name = old-stats } service pop3 { name = pop3-login } service login/pop3 { name = pop3 } service replicator-doveadm { name = replicator } service login/stats-writer { name = stats } service submission { name = submission-login } service login/submission { name = submission } } root@numeron:~#
Thanks for any hint,
Luciano.
/"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 02485781 FAX: +39 0248028247 X AGAINST HTML MAIL / E-MAIL: posthamster@sublink.sublink.ORG / \ AND POSTINGS / WWW: http://www.lesassaie.IT/
"Luciano" == Luciano Mannucci luciano@vespaperitivo.it writes:
I'm trying to set up a dovecot server so that it authenticates local user via /etc/passwd (I'm on a Freebsd 13.1) and via winbindd for those that it cannot find localy. The samba suite is alive and well, postfix gets happily mail from domain users and saves it with correct name and permissions from the windows domain. If I try to authenticate a domain user via wbinfo it works, with dovecot it doesn't. I guess I'v forgot something in the dovecot config... :)
I can't help you with your config, but I would *strongly* recommend that you just make all your users virtual ones, and all using the same backend. Now you don't say if your local user account works or not, but I'd work on getting just the AD part (really, you're using windind?) first.
Also, have you compared your postfix and dovecot setups? There are good docs out there on how you combine them to use the same authentication backend.
And the info you posted really don't help much, since you don't post any log messages from when the authentication fails. That will tell you more I'm sure.
John
On Fri, 10 Mar 2023 14:22:26 -0500 "John Stoffel" john@stoffel.org wrote:
Now you don't say if your local user account works or not, but I'd work on getting just the AD part (really, you're using windind?) first. Yes the local user works.
Also, have you compared your postfix and dovecot setups? There are good docs out there on how you combine them to use the same authentication backend. Well, postfix doesn't need to authenticate users: it accepts all if it comes from mynetworks. I know it is not wise; it is just a test to explore single sign on with didderent sources.
And the info you posted really don't help much, since you don't post any log messages from when the authentication fails. That will tell you more I'm sure. Apologies, you are absolutely right. Here they are:
Mar 10 14:59:12 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth
Mar 10 14:59:12 auth: Debug: Module loaded: /usr/local/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
Mar 10 14:59:12 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
Mar 10 14:59:12 auth: Debug: auth client connected (pid=4221)
Mar 10 14:59:25 auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=yQtBK4z2lOzAqIoP lip=192.168.138.18 rip=192.168.138.15 lport=110 rport=60564 resp=AG1jcwBrYXE5LnBpcA== (previous base64 data may contain sensitive data)
Mar 10 14:59:25 auth: Debug: passwd(mcs,192.168.138.15,<yQtBK4z2lOzAqIoP>): Performing passdb lookup
Mar 10 14:59:25 auth: Debug: passwd(mcs,192.168.138.15,<yQtBK4z2lOzAqIoP>): cache miss
Mar 10 14:59:25 auth-worker(4223): Debug: Loading modules from directory: /usr/local/lib/dovecot/auth
Mar 10 14:59:25 auth-worker(4223): Debug: Module loaded: /usr/local/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
Mar 10 14:59:25 auth-worker(4223): Debug: conn unix:auth-worker (uid=0): Server accepted connection (fd=13)
Mar 10 14:59:25 auth-worker(4223): Debug: conn unix:auth-worker (uid=0): Sending version handshake
Mar 10 14:59:25 auth-worker(4223): Debug: conn unix:auth-worker (uid=0): auth-worker<1>: Handling PASSV request
Mar 10 14:59:25 auth-worker(4223): Debug: conn unix:auth-worker (uid=0): auth-worker<1>: passwd(mcs,192.168.138.15,<yQtBK4z2lOzAqIoP>): Performing passdb lookup
Mar 10 14:59:25 auth-worker(4223): Debug: conn unix:auth-worker (uid=0): auth-worker<1>: passwd(mcs,192.168.138.15,<yQtBK4z2lOzAqIoP>): lookup
Mar 10 14:59:25 auth-worker(4223): Debug: conn unix:auth-worker (uid=0): auth-worker<1>: passwd(mcs,192.168.138.15,<yQtBK4z2lOzAqIoP>): Finished passdb lookup
Mar 10 14:59:25 auth-worker(4223): Debug: conn unix:auth-worker (uid=0): auth-worker<1>: Finished
Mar 10 14:59:25 auth: Debug: passwd(mcs,192.168.138.15,<yQtBK4z2lOzAqIoP>): Finished passdb lookup
Mar 10 14:59:25 auth: Debug: auth(mcs,192.168.138.15,<yQtBK4z2lOzAqIoP>): Auth request finished
Mar 10 14:59:25 auth: Debug: client passdb out: OK 1 user=mcs
Mar 10 14:59:25 auth: Debug: master in: REQUEST 980549633 4221 1 19c7b19fec4f0dee8512545a1ae27501 session_pid=4224
Mar 10 14:59:25 auth: Debug: passwd(mcs,192.168.138.15,<yQtBK4z2lOzAqIoP>): Performing userdb lookup
Mar 10 14:59:25 auth: Debug: passwd(mcs,192.168.138.15,<yQtBK4z2lOzAqIoP>): userdb cache miss
Mar 10 14:59:25 auth-worker(4223): Debug: conn unix:auth-worker (uid=0): auth-worker<2>: Handling USER request
Mar 10 14:59:25 auth-worker(4223): Debug: conn unix:auth-worker (uid=0): auth-worker<2>: passwd(mcs,192.168.138.15,<yQtBK4z2lOzAqIoP>): Performing userdb lookup
Mar 10 14:59:25 auth-worker(4223): Debug: conn unix:auth-worker (uid=0): auth-worker<2>: passwd(mcs,192.168.138.15,<yQtBK4z2lOzAqIoP>): lookup
Mar 10 14:59:25 auth-worker(4223): Debug: conn unix:auth-worker (uid=0): auth-worker<2>: passwd(mcs,192.168.138.15,<yQtBK4z2lOzAqIoP>): Finished userdb lookup
Mar 10 14:59:25 auth-worker(4223): Debug: conn unix:auth-worker (uid=0): auth-worker<2>: Finished
Mar 10 14:59:25 auth: Debug: passwd(mcs,192.168.138.15,<yQtBK4z2lOzAqIoP>): Finished userdb lookup
Mar 10 14:59:25 auth: Debug: master userdb out: USER 980549633 mcs system_groups_user=mcs uid=1001 gid=1001 home=/home/mcs auth_mech=PLAIN
Mar 10 14:59:25 pop3-login: Info: Login: user=<mcs>, method=PLAIN, rip=192.168.138.15, lip=192.168.138.18, mpid=4224, session=<yQtBK4z2lOzAqIoP>
Mar 10 14:59:32 pop3(mcs)<4224><yQtBK4z2lOzAqIoP>: Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 10 14:59:35 auth: Debug: auth client connected (pid=4225)
Mar 10 14:59:59 auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=q5FJLYz2n+zAqIoP lip=192.168.138.18 rip=192.168.138.15 lport=110 rport=60575 resp=************** (previous base64 data may contain sensitive data)
Mar 10 14:59:59 auth: Debug: passwd(geoplan,192.168.138.15,
Thanks for your answer,
Luciano.
/"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 02485781 FAX: +39 0248028247 X AGAINST HTML MAIL / E-MAIL: posthamster@sublink.sublink.ORG / \ AND POSTINGS / WWW: http://www.lesassaie.IT/
participants (2)
-
John Stoffel
-
Luciano Mannucci