[Dovecot] PAM, Active Directory, all users mapped to uid=0
I'm having a problem with authentication using PAM, connected on the back end to Active Directory. PAM authentication itself works fine. We can log in to the machine using AD credentials without any problems. Each user is automatically mapped to uid's in the 10000+ range.
However, for some reason when the user logs in via dovecot, the user's uid and gid are showing up as 0. For example:
dovecot: May 01 11:22:47 Info: auth(default): master out: USER 3
mzukowski uid=0 gid=0 home=/home/URBACON/mzukowski
dovecot: May 01 11:22:47 Error: Logins with UID 0 not permitted (user
mzukowski)
Is there a reason why dovecot might not be resolving the uid and gid correctly? PAM itself seems to be doing this right, since when I log on to the machine as an AD user, their UID shows up correctly as 10000+.
Thanks, Matt.
This e-mail message is privileged, confidential and subject to copyright. Any unauthorized use or disclosure is prohibited. Le contenu du pr'esent courriel est privil'egi'e, confidentiel et soumis `a des droits d'auteur. Il est interdit de l'utiliser ou de le divulguer sans autorisation.
Ah nevermind, I'm a moron.... I had:
userdb static { args = uid=root gid=root home=/home/URBACON/%u }
I've commented that out and things are working great.
Matt Zukowski wrote:
I'm having a problem with authentication using PAM, connected on the back end to Active Directory. PAM authentication itself works fine. We can log in to the machine using AD credentials without any problems. Each user is automatically mapped to uid's in the 10000+ range.
However, for some reason when the user logs in via dovecot, the user's uid and gid are showing up as 0. For example:
dovecot: May 01 11:22:47 Info: auth(default): master out: USER
3 mzukowski uid=0 gid=0 home=/home/URBACON/mzukowski dovecot: May 01 11:22:47 Error: Logins with UID 0 not permitted (user mzukowski)Is there a reason why dovecot might not be resolving the uid and gid correctly? PAM itself seems to be doing this right, since when I log on to the machine as an AD user, their UID shows up correctly as 10000+.
Thanks, Matt.
This e-mail message is privileged, confidential and subject to copyright. Any unauthorized use or disclosure is prohibited. Le contenu du pr'esent courriel est privil'egi'e, confidentiel et soumis `a des droits d'auteur. Il est interdit de l'utiliser ou de le divulguer sans autorisation.
participants (1)
-
Matt Zukowski