[Dovecot] Can't get authentication for masterusers on Mac OS X Server 10.6.8
Hi dovecot masters,
This is my first post here, since I desperately need some advices from the dovecot community. I've tried to get an answer on the Apple Forums but til now no luck....here we go:
I've tried to sync our users emails (Mac OS X Server 10.6.8 Snow Leopard with dovecot 1.1.20-apple0.5) via imapsync to our new server by using the masterusers authentication method on the old 10.6.8 server...
The main problem on OS X Server 10.6.8 is that dovecot 1.1.20 uses the OD (OpenDirectory) driver (well I think), so that when following the directions of Master users/password from this page I can't login with the http://wiki1.dovecot.org/Authentication/MasterUsers
I couldn't find anything on the OD driver directive....the dovecot 1.1.20-apple build doesn't even have the shadow driver built in (see below the dovecot --build-options), so that passdb shadow {} won't work anyway
I always get NO Authentication failed, when trying the following:
telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
- OK Dovecot ready. 1 login user1*mailadmin PASSWORD 1 NO Authentication failed.
I've tried also to add a Post-login scripting like described here, but no luck either: http://www.stefanux.de/wiki/doku.php/server/dovecot
Does someone know how to fix my migration issue ?
Any help is greatly appreciated.
Gilles
Here's my dovecot :
dovecotd --build-options Build options: ioloop=kqueue notify=kqueue ipv6 openssl Mail storages: maildir mbox dbox cydir raw SQL drivers: Passdb: checkpassword od pam passwd passwd-file Userdb: od passwd passwd-file prefetch static
Here's my dovecot -n output:
dovecotd -n
# 1.1.20apple0.5: /private/etc/dovecot/dovecot.conf Warning: fd limit 256 is lower than what Dovecot can use under full load (more than 306). Either grow the limit or change login_max_processes_count and max_mail_processes settings # OS: Darwin 10.8.0 i386 hfs base_dir: /var/run/dovecot syslog_facility: local6 protocols: pop3 imap pop3s imaps ssl_ca_file: /etc/certificates/Default.DB14D82BF89A0DDCE123137BC94AEA0C94DDD838.chain.pem ssl_cert_file: /etc/certificates/Default.DB14D82BF89A0DDCE123137BC94AEA0C94DDD838.cert.pem ssl_key_file: /etc/certificates/Default.DB14D82BF89A0DDCE123137BC94AEA0C94DDD838.key.pem ssl_cipher_list: ALL:!LOW:!SSLv2:!aNULL:!ADH:!eNULL disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_user: _dovecot login_process_per_connection: no max_mail_processes: 50 mail_max_userip_connections(default): 20 mail_max_userip_connections(imap): 20 mail_max_userip_connections(pop3): 10 verbose_proctitle: yes first_valid_uid: 6 first_valid_gid: 6 mail_access_groups: mail mail_location: maildir:/var/spool/imap/dovecot/mail/%u mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_process_sharing: full mail_max_connections(default): 10 mail_max_connections(imap): 10 mail_max_connections(pop3): 5 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 lda: postmaster_address: postmaster@example.com hostname: mymailserver.example.com mail_plugins: quota quota_full_tempfail: yes sendmail_path: /usr/sbin/sendmail auth_socket_path: /var/run/dovecot/auth-master log_path: /var/log/mailaccess.log info_log_path: /var/log/mailaccess.log auth default: mechanisms: plain login gssapi apop cram-md5 master_user_separator: * verbose: yes passdb: driver: passwd-file args: /etc/dovecot/passwd.masterusers pass: yes master: yes passdb: driver: od userdb: driver: od args: partition=/etc/dovecot/partition_map.conf enforce_quotas=no socket: type: listen master: path: /var/run/dovecot/auth-master mode: 384 user: _dovecot group: mail plugin: quota_warning: storage=100%% /usr/libexec/dovecot/quota-exceeded.sh quota_warning2: storage=90%% /usr/libexec/dovecot/quota-warning.sh quota: maildir:User quota sieve: /var/spool/imap/dovecot/sieve-scripts/%u/dovecot.sieve
Since you've defined verbose auth logging you should get some interesting log files about your failed login attempts that could point us in the right direction.
MatthijsOn Mon, Mar 03, 2014 at 03:37:31PM +0100, Gilles Celli wrote:
Hi dovecot masters,
This is my first post here, since I desperately need some advices from the dovecot community. I've tried to get an answer on the Apple Forums but til now no luck....here we go:
I've tried to sync our users emails (Mac OS X Server 10.6.8 Snow Leopard with dovecot 1.1.20-apple0.5) via imapsync to our new server by using the masterusers authentication method on the old 10.6.8 server...
The main problem on OS X Server 10.6.8 is that dovecot 1.1.20 uses the OD (OpenDirectory) driver (well I think), so that when following the directions of Master users/password from this page I can't login with the http://wiki1.dovecot.org/Authentication/MasterUsers
I couldn't find anything on the OD driver directive....the dovecot 1.1.20-apple build doesn't even have the shadow driver built in (see below the dovecot --build-options), so that passdb shadow {} won't work anyway
I always get NO Authentication failed, when trying the following:
telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
- OK Dovecot ready. 1 login user1*mailadmin PASSWORD 1 NO Authentication failed.
I've tried also to add a Post-login scripting like described here, but no luck either: http://www.stefanux.de/wiki/doku.php/server/dovecot
Does someone know how to fix my migration issue ?
Any help is greatly appreciated.
Gilles
Here's my dovecot :
dovecotd --build-options Build options: ioloop=kqueue notify=kqueue ipv6 openssl Mail storages: maildir mbox dbox cydir raw SQL drivers: Passdb: checkpassword od pam passwd passwd-file Userdb: od passwd passwd-file prefetch static
Here's my dovecot -n output:
dovecotd -n
# 1.1.20apple0.5: /private/etc/dovecot/dovecot.conf Warning: fd limit 256 is lower than what Dovecot can use under full load (more than 306). Either grow the limit or change login_max_processes_count and max_mail_processes settings # OS: Darwin 10.8.0 i386 hfs base_dir: /var/run/dovecot syslog_facility: local6 protocols: pop3 imap pop3s imaps ssl_ca_file: /etc/certificates/Default.DB14D82BF89A0DDCE123137BC94AEA0C94DDD838.chain.pem ssl_cert_file: /etc/certificates/Default.DB14D82BF89A0DDCE123137BC94AEA0C94DDD838.cert.pem ssl_key_file: /etc/certificates/Default.DB14D82BF89A0DDCE123137BC94AEA0C94DDD838.key.pem ssl_cipher_list: ALL:!LOW:!SSLv2:!aNULL:!ADH:!eNULL disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_user: _dovecot login_process_per_connection: no max_mail_processes: 50 mail_max_userip_connections(default): 20 mail_max_userip_connections(imap): 20 mail_max_userip_connections(pop3): 10 verbose_proctitle: yes first_valid_uid: 6 first_valid_gid: 6 mail_access_groups: mail mail_location: maildir:/var/spool/imap/dovecot/mail/%u mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_process_sharing: full mail_max_connections(default): 10 mail_max_connections(imap): 10 mail_max_connections(pop3): 5 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 lda: postmaster_address: postmaster@example.com hostname: mymailserver.example.com mail_plugins: quota quota_full_tempfail: yes sendmail_path: /usr/sbin/sendmail auth_socket_path: /var/run/dovecot/auth-master log_path: /var/log/mailaccess.log info_log_path: /var/log/mailaccess.log auth default: mechanisms: plain login gssapi apop cram-md5 master_user_separator: * verbose: yes passdb: driver: passwd-file args: /etc/dovecot/passwd.masterusers pass: yes master: yes passdb: driver: od userdb: driver: od args: partition=/etc/dovecot/partition_map.conf enforce_quotas=no socket: type: listen master: path: /var/run/dovecot/auth-master mode: 384 user: _dovecot group: mail plugin: quota_warning: storage=100%% /usr/libexec/dovecot/quota-exceeded.sh quota_warning2: storage=90%% /usr/libexec/dovecot/quota-warning.sh quota: maildir:User quota sieve: /var/spool/imap/dovecot/sieve-scripts/%u/dovecot.sieve
If I do a:
telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
- OK Dovecot ready. 1 login myusername*masterAdmin masterAdminPassword 1 NO Authentication failed. 1 logout
- BYE Logging out 1 OK Logout completed. Connection closed by foreign host.
the only logging that I get is this one from /var/log/system.log Mar 3 16:54:22 mymailserver dovecot[38455]: auth(default): od(myusername,127.0.0.1): Credentials could not be verified username or password is invalid.
On 03 Mar 2014, at 16:41, list@grootstyr.eu wrote:
Since you've defined verbose auth logging you should get some interesting log files about your failed login attempts that could point us in the right direction.
Matthijs
On Mon, Mar 03, 2014 at 03:37:31PM +0100, Gilles Celli wrote:
Hi dovecot masters,
This is my first post here, since I desperately need some advices from the dovecot community. I've tried to get an answer on the Apple Forums but til now no luck....here we go:
I've tried to sync our users emails (Mac OS X Server 10.6.8 Snow Leopard with dovecot 1.1.20-apple0.5) via imapsync to our new server by using the masterusers authentication method on the old 10.6.8 server...
The main problem on OS X Server 10.6.8 is that dovecot 1.1.20 uses the OD (OpenDirectory) driver (well I think), so that when following the directions of Master users/password from this page I can't login with the http://wiki1.dovecot.org/Authentication/MasterUsers
I couldn't find anything on the OD driver directive....the dovecot 1.1.20-apple build doesn't even have the shadow driver built in (see below the dovecot --build-options), so that passdb shadow {} won't work anyway
I always get NO Authentication failed, when trying the following:
telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
- OK Dovecot ready. 1 login user1*mailadmin PASSWORD 1 NO Authentication failed.
I've tried also to add a Post-login scripting like described here, but no luck either: http://www.stefanux.de/wiki/doku.php/server/dovecot
Does someone know how to fix my migration issue ?
Any help is greatly appreciated.
Gilles
Here's my dovecot :
dovecotd --build-options Build options: ioloop=kqueue notify=kqueue ipv6 openssl Mail storages: maildir mbox dbox cydir raw SQL drivers: Passdb: checkpassword od pam passwd passwd-file Userdb: od passwd passwd-file prefetch static
Here's my dovecot -n output:
dovecotd -n
# 1.1.20apple0.5: /private/etc/dovecot/dovecot.conf Warning: fd limit 256 is lower than what Dovecot can use under full load (more than 306). Either grow the limit or change login_max_processes_count and max_mail_processes settings # OS: Darwin 10.8.0 i386 hfs base_dir: /var/run/dovecot syslog_facility: local6 protocols: pop3 imap pop3s imaps ssl_ca_file: /etc/certificates/Default.DB14D82BF89A0DDCE123137BC94AEA0C94DDD838.chain.pem ssl_cert_file: /etc/certificates/Default.DB14D82BF89A0DDCE123137BC94AEA0C94DDD838.cert.pem ssl_key_file: /etc/certificates/Default.DB14D82BF89A0DDCE123137BC94AEA0C94DDD838.key.pem ssl_cipher_list: ALL:!LOW:!SSLv2:!aNULL:!ADH:!eNULL disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_user: _dovecot login_process_per_connection: no max_mail_processes: 50 mail_max_userip_connections(default): 20 mail_max_userip_connections(imap): 20 mail_max_userip_connections(pop3): 10 verbose_proctitle: yes first_valid_uid: 6 first_valid_gid: 6 mail_access_groups: mail mail_location: maildir:/var/spool/imap/dovecot/mail/%u mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_process_sharing: full mail_max_connections(default): 10 mail_max_connections(imap): 10 mail_max_connections(pop3): 5 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 lda: postmaster_address: postmaster@example.com hostname: mymailserver.example.com mail_plugins: quota quota_full_tempfail: yes sendmail_path: /usr/sbin/sendmail auth_socket_path: /var/run/dovecot/auth-master log_path: /var/log/mailaccess.log info_log_path: /var/log/mailaccess.log auth default: mechanisms: plain login gssapi apop cram-md5 master_user_separator: * verbose: yes passdb: driver: passwd-file args: /etc/dovecot/passwd.masterusers pass: yes master: yes passdb: driver: od userdb: driver: od args: partition=/etc/dovecot/partition_map.conf enforce_quotas=no socket: type: listen master: path: /var/run/dovecot/auth-master mode: 384 user: _dovecot group: mail plugin: quota_warning: storage=100%% /usr/libexec/dovecot/quota-exceeded.sh quota_warning2: storage=90%% /usr/libexec/dovecot/quota-warning.sh quota: maildir:User quota sieve: /var/spool/imap/dovecot/sieve-scripts/%u/dovecot.sieve
Try getting more verbose logs using dovecot's logging mechanisms. auth_verbose=yes auth_debug=yes It seems that you aren't authenticating your master users against your passwd file, instead you are authenticating against your OpenDirectory.
Ok I've enabled dovecot's "auth_verbose" and "auth_debug" mode along with syslog facility to debug mode, so here's the output:
- So first when trying to login with "myusername*master":
#telnet mailserv.example.com 143 Connected to mailserv.example.com. Escape character is '^]'.
- OK Dovecot ready. 1 login myusername*master myMasterPassword 1 NO Authentication failed. 1 logout
- BYE Logging out 1 OK Logout completed. Connection closed by foreign host.
It fails....here's then the debug logout:
Mar 4 16:09:14 mailserv dovecot[9253]: auth(default): client in: AUTH 14 PLAIN service=imap secured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=63994 resp=AGdpbGxlcyplY2dzYWRtaW4AdGVzdA== Mar 4 16:09:14 mailserv dovecot[9253]: auth(default): passwd-file(master,127.0.0.1,master): lookup: user=master file=/etc/dovecot/passwd.masterusers Mar 4 16:09:14 mailserv dovecot[9253]: auth(default): passdb(master,127.0.0.1,master): Master user logging in as myusername Mar 4 16:09:14 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): mail SACL is enabled; overriding settings in user record Mar 4 16:09:14 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): found user in local table: user=myusername Mar 4 16:09:14 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): Credentials could not be verified username or password is invalid. Mar 4 16:09:16 mailserv dovecot[9253]: auth(default): client out: FAIL 14 user=myusername Mar 4 16:09:24 mailserv dovecot[9253]: imap-login: Aborted login (auth failed, 1 attempts): user=<myusername>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 4 16:09:24 mailserv dovecot[9253]: auth(default): new auth connection: pid=9278
- Well here's with "myusername" login, which is succesful:
#telnet mailserv.example.com 143 Connected to mailserv.example.com. Escape character is '^]'.
- OK Dovecot ready. 1 login myusername myPassword 1 OK Logged in. 1 logout
- BYE Logging out 1 OK Logout completed. Connection closed by foreign host.
Logout:
Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): client in: AUTH 65 PLAIN service=imap secured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=64184 resp=AGdpbGxlcwB0PWcxbGwzc3B3IQ== Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): mail SACL is enabled; overriding settings in user record Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): found user in local table: user=myusername Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): client out: OK 65 user=myusername Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): master in: REQUEST 80 9276 65 Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): lookup user=myusername Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): found user in local table: user=myusername Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): record name=myusername, uid=1030, gid=20 Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): user=myusername, quota=*:storage=10240000 Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): od(myusername,127.0.0.1): data store location=maildir:/var/spool/imap/dovecot/mail/396B158B-27A9-4827-99AF-CBF65F85C407 Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): master out: USER 80 myusername uid=1030 gid=20 quota=maildir:User quota:noenforcing quota_rule=*:storage=10240000 mail=maildir:/var/spool/imap/dovecot/mail/396B158B-27A9-4827-99AF-CBF65F85C407 mail_location=maildir:/var/spool/imap/dovecot/mail/396B158B-27A9-4827-99AF-CBF65F85C407 sieve=/var/spool/imap/dovecot/sieve-scripts/396B158B-27A9-4827-99AF-CBF65F85C407/dovecot.sieve sieve_dir=/var/spool/imap/dovecot/sieve-scripts/396B158B-27A9-4827-99AF-CBF65F85C407 sieve_storage=/var/spool/imap/dovecot/sieve-scripts/396B158B-27A9-4827-99AF-CBF65F85C407 Mar 4 16:22:42 mailserv dovecot[9253]: imap-login: Login: user=<myusername>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 4 16:22:42 mailserv dovecot[9253]: auth(default): new auth connection: pid=9276 Mar 4 16:22:46 mailserv dovecot[9253]: IMAP(*): User myusername: Disconnected: Logged out bytes=8/43
Any thoughts ?
Cheers,
Gilles
On 03 Mar 2014, at 21:48, list@grootstyr.eu wrote:
Try getting more verbose logs using dovecot's logging mechanisms. auth_verbose=yes auth_debug=yes It seems that you aren't authenticating your master users against your passwd file, instead you are authenticating against your OpenDirectory.
Hi I'm esperiencing the same issue during the import from OSX Server to Zimbra.
Did you succeded in your migration? can you share some suggestion about that?
Thanks in advance for your help.
Best regards, Giuseppe Chiesa
participants (3)
-
Gilles Celli
-
Giuseppe Chiesa
-
list@grootstyr.eu