[Dovecot] pam_start() failed: system error
Hi,
I'm using dovecot 1.1.3 on FreeBSD 6.3, x86, files are on NFS, except control and index files, which are local, on UFS2. It's moderately loaded, there are usually not more than 30 clients simultaneously.
dovecot runs fine for 3-10 days, then people can't connect any more, and dovecot says:
Nov 18 13:20:44 dizzy dovecot-auth: pam_ldap: ldap_simple_bind Can't contact LDAP server Nov 18 13:20:44 dizzy dovecot-auth: pam_ldap: reconnecting to LDAP server... Nov 18 13:20:44 dizzy dovecot-auth: pam_ldap: ldap_simple_bind Can't contact LDAP server Nov 18 13:20:44 dizzy dovecot-auth: pam_ldap: ldap_simple_bind Can't contact LDAP server Nov 18 13:20:44 dizzy dovecot-auth: pam_ldap: ldap_simple_bind Can't contact LDAP server Nov 18 13:21:46 dizzy dovecot: auth-worker(default): pam(xxxx,xxx.xxx.xxx.xxx): pam_start() failed: system error Nov 18 13:21:46 dizzy dovecot-auth: in openpam_load_module(): no pam_permit.so found Nov 18 13:22:12 dizzy dovecot-auth: in openpam_load_module(): no pam_login_access.so found Nov 18 13:22:31 dizzy dovecot-auth: in openpam_load_module(): no pam_unix.so found Nov 18 13:22:42 dizzy dovecot-auth: in openpam_load_module(): no /usr/local/lib/pam_ldap.so found
After restarting dovecot things are back to normal.
I have tried different settings for worker_max_count, and I had blocking=no in the passdb config until a few day ago; changing that didn't help either.
Here's my current config:
# 1.1.3: /usr/local/etc/dovecot.conf protocols: imaps pop3s ssl_cert_file: /etc/ssl/certs/mailitp-chain.pem ssl_key_file: /etc/ssl/certs/mailkey2.pem login_dir: /var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login verbose_proctitle: yes first_valid_gid: 0 mail_privileged_group: mail mail_location: mbox:~/mail/:INDEX=/srv/dovecot/indexes/%u.oldmail:INBOX=/var/mail/%u mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_plugins(default): zlib mail_plugins(imap): zlib mail_plugins(pop3): mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh namespace: type: private separator: / prefix: NEWmail/ location: maildir:~/Maildir/:INDEX=/srv/dovecot/indexes/%u:CONTROL=/srv/dovecot/control/%u list: yes subscriptions: yes namespace: type: private separator: / location: mbox:~/mail/:INBOX=/var/mail/%u:INDEX=/srv/dovecot/indexes/%u.oldmail:CONTROL=/srv/dovecot/control/%u.oldmail inbox: yes list: yes subscriptions: yes auth default: worker_max_count: 20 passdb: driver: pam args: blocking=yes userdb: driver: passwd
Greetings,
-- Peter Orlowski
On Tue, 2008-11-18 at 16:02 +0100, Peter Orlowski wrote:
dovecot runs fine for 3-10 days, then people can't connect any more, and dovecot says:
Nov 18 13:20:44 dizzy dovecot-auth: pam_ldap: ldap_simple_bind Can't contact LDAP server
Set to nonzero:
# Number of auth requests to handle before destroying the process. This may # be useful if PAM plugins leak memory. #auth_worker_max_request_count = 0
I have tried different settings for worker_max_count,
This only changes the max. number of worker processes, on a non-loaded server changing it does practically nothing.
and I had blocking=no in the passdb config
v1.1 no longer has blocking=no.
On Tue, Nov 18, 2008 at 06:20:14PM +0200, Timo Sirainen wrote:
On Tue, 2008-11-18 at 16:02 +0100, Peter Orlowski wrote:
Nov 18 13:20:44 dizzy dovecot-auth: pam_ldap: ldap_simple_bind Can't contact LDAP server
Set to nonzero:
# Number of auth requests to handle before destroying the process. This may # be useful if PAM plugins leak memory. #auth_worker_max_request_count = 0
I have tried different settings for worker_max_count,
Thank you. It seems I got those two confused, sorry.
(I'm not going to ask for the best setting of this variable, that's already in this thread: http://www.dovecot.org/list/dovecot/2008-October/034067.html)
Greetings,
-- Peter Orlowski
participants (2)
-
Peter Orlowski
-
Timo Sirainen