[Dovecot] Unable to authenticate with Pam
Hi,
I'm trying to solve this problem for several weeks and this is a SOS!
I've 2 Debian server runing heartbeat and drbd for high availability. I'm using LDAP for user database, PAM for authentication and Dovecot for Pop3s access. On the master server all is fine. If dovecot is started on the slave server (instead of the master) it does not accept to authenticate with the pam/ldap.
Between the 2 servers there is just a release level of some filesets wich is different, but it do not concern dovecot, nor pam, nor ldap! I can provide a diff file.
The problem occur if the ldap server is on the same node _and_ if it is on the other node.
These are the messages :
Dec 20 15:39:18 dean pop3-login: unable to dlopen /usr/lib/sasl2/libanonymous.so.2: /usr/lib/sasl2/libanonymous.so.2: failed to map segment from shared object: Cannot allocate memory Dec 20 15:39:18 dean pop3-login: unable to dlopen /usr/lib/sasl2/libplain.so.2: /usr/lib/sasl2/libplain.so.2: failed to map segment from shared object: Cannot allocate memory Dec 20 15:39:18 dean pop3-login: unable to dlopen /usr/lib/sasl2/liblogin.so.2: /usr/lib/sasl2/liblogin.so.2: failed to map segment from shared object: Cannot allocate memory Dec 20 15:39:18 dean pop3-login: unable to dlopen /usr/lib/sasl2/libntlm.so.2: /usr/lib/sasl2/libntlm.so.2: failed to map segment from shared object: Cannot allocate memory Dec 20 15:39:28 dean dovecot-auth: (pam_unix) check pass; user unknown Dec 20 15:39:28 dean dovecot-auth: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=194.254.67.78
The library error messages occurs on the 2 servers wich have the same libsasl packages.libsaslA2, libsasl2-modules and sasl2-bin are at level 2.1.19-1.5sarge1
The tests I've ran:
=> The ldap server in runing (all computers of my network use it)
=> ldapsearch -x
-D "uid=begou,ou=People,........."
-W '(uid=begou)' userPassword
works fine on this host whith my password.
=> I'm runing sendmail on the same host with sasl to authenticate
on the ldap server and:
testsaslauthd -u begou -p my-password
works fine and sendmail authenticate.
=> I'm using PLAIN passwords with ssl. ssl is working with the test:
openssl s_client -connect mostha2.hmg.inpg.fr:pop3s:
CONNECTED(00000003)
depth=0
/C=FR/ST=RA/L=Grenoble/O=LEGI/OU=MoST/CN=Dovecot/emailAddress=Patrick.Begou@hmg.inpg.fr
verify error:num=18:self signed certificate
verify return:1
depth=0
/C=FR/ST=RA/L=Grenoble/O=LEGI/OU=MoST/CN=Dovecot/emailAddress=Patrick.Begou@hmg.inpg.fr
verify return:1
Certificate chain 0 s:/C=FR/ST=RA/L=Grenoble/O=LEGI/OU=MoST/CN=Dovecot/emailAddress=Patrick.Begou@hmg.inpg.fr
i:/C=FR/ST=RA/L=Grenoble/O=LEGI/OU=MoST/CN=Dovecot/emailAddress=Patrick.Begou@hmg.inpg.fr
Server certificate -----BEGIN CERTIFICATE----- MIIEgzCCA2ugAwIBAgIJAP3u4iOMcvbhMA0GCSqGSIb3DQEBBAUAMIGHMQswCQYD ..... cut ..... 5XFFP1f0AQ== -----END CERTIFICATE----- subject=/C=FR/ST=RA/L=Grenoble/O=LEGI/OU=MoST/CN=Dovecot/emailAddress=Patrick.Begou@hmg.inpg.fr issuer=/C=FR/ST=RA/L=Grenoble/O=LEGI/OU=MoST/CN=Dovecot/emailAddress=Patrick.Begou@hmg.inpg.fr
No client certificate CA names sent
SSL handshake has read 1321 bytes and written 468 bytes
New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: C2F2FFA0..... cut ......456C194EE3D5F Session-ID-ctx: Master-Key: 31D764620903C00A..... cut ......4B7101909B3A84F Key-Arg : None Krb5 Principal: None Start Time: 1166628727 Timeout : 300 (sec) Verify return code: 18 (self signed certificate)
+OK dovecot ready.
If I use: USER begou PASS my-password dovecot answer: -ERR Authentication failed.
If a use a local user (from /etc/passwd), ex: root , it works and dovecot connect the session.
/etc/dovecot.conf
protocols = imaps pop3s imaps_listen = xxx.xxx.xxx.xxx pop3s_listen = xxx.xxx.xxx.xxx login = imap login = pop3 first_valid_uid = 100 mail_extra_groups = mail default_mail_env = mbox:/services/_POP-IMAP/%d/%n/:INBOX=/var/mail/%u:INDEX=/services/_POP-IMAP/%d/%n/indexes/ auth = default auth_mechanisms = plain auth_userdb = passwd auth_passdb = pam dovecot auth_user = root auth_verbose = yes auth_debug = yes
/etc/pam.d/dovecot
auth required pam_ldap.so account required pam_ldap.so session required pam_ldap.so
dpkg -l \*dovecot\*
ii dovecot-common 0.99.14-1sarge0 ii dovecot-imapd 0.99.14-1sarge0 ii dovecot-pop3d 0.99.14-1sarge0
Thanks for your help
Patrick
=============================================================== | Equipe M.O.S.T. | http://most.hmg.inpg.fr | | Patrick BEGOU | ------------ | | LEGI | mailto:Patrick.Begou@hmg.inpg.fr | | BP 53 X | Tel 04 76 82 51 35 | | 38041 GRENOBLE CEDEX | Fax 04 76 82 52 71 |
participants (1)
-
Patrick Begou