Hi,
Trying to implement a master user (1) for auditing purposes without luck. Ubuntu 18.04.3, canonical official repos only, no ppa nor self-compiled anything. From the log below I understand the master password succeeds but AD auth fails. I am pretty sure I missed something here. Also, notice the messages "Ignoring unknown passdb extra field: original_user".
Log:
Nov 1 14:02:32 netuno dovecot: auth: Debug: client in:
AUTH#0112#011PLAIN#011service=imap#011secured#011session=H2WM7kuWFKYKCQgI#011lip=10.9.8.8#011rip=10.9.8.8#011lport=143#011rport=42516#011resp=<hidden>
Nov 1 14:02:32 netuno dovecot: auth: Debug:
passwd-file(master,10.9.8.8,master,<H2WM7kuWFKYKCQgI>): Master user
lookup for login: test.account
Nov 1 14:02:32 netuno dovecot: auth: Debug:
passwd-file(master,10.9.8.8,master,<H2WM7kuWFKYKCQgI>): lookup:
user=master file=/etc/dovecot/master-users
Nov 1 14:02:32 netuno dovecot: auth:
passwd-file(master,10.9.8.8,master,<H2WM7kuWFKYKCQgI>): Master user
logging in as test.account
Nov 1 14:02:32 netuno dovecot: auth:
ldap(test.account,10.9.8.8,<H2WM7kuWFKYKCQgI>): invalid credentials
Nov 1 14:02:34 netuno dovecot: auth: Debug: client passdb out:
FAIL#0112#011user=test.account#011authz#011original_user=master#011auth_user=master
Nov 1 14:02:34 netuno dovecot: imap-login: Debug: Ignoring unknown
passdb extra field: original_user
Nov 1 14:02:34 netuno dovecot: imap-login: Debug: Ignoring unknown
passdb extra field: auth_user
Nov 1 14:02:42 netuno dovecot: imap-login: Aborted login (auth failed,
1 attempts in 10 secs): user=
doveconf -n:
root@netuno:/etc/dovecot# grep -v "^\s*#\|^\s*$"
/etc/dovecot/dovecot-ldap.conf.ext
hosts = ad.example.net
auth_bind = yes
auth_bind_userdn = cn=%Lu,CN=Users,DC=ad,DC=example,DC=net
base = DC=ad,DC=example,DC=net
scope = base
user_attrs =
=home=/mnt/maildirs/%Lu,
=uid=vmail,
=gid=vmail
user_filter = (&(objectClass=person)(uid=%Lu)(mail=*@example.net))
root@netuno:/etc/dovecot#
root@netuno:/etc/dovecot# cat /etc/dovecot/global-acls
- user=master lr root@netuno:/etc/dovecot#
(1) https://doc.dovecot.org/configuration_manual/authentication/master_users/
Best regards
-- *Marcio Merlone*
Pleeeease? :)
Em 01/11/2019 14:23, Marcio Merlone via dovecot escreveu:
Hi,
Trying to implement a master user (1) for auditing purposes without luck. Ubuntu 18.04.3, canonical official repos only, no ppa nor self-compiled anything. From the log below I understand the master password succeeds but AD auth fails. I am pretty sure I missed something here. Also, notice the messages "Ignoring unknown passdb extra field: original_user".
Log:
Nov 1 14:02:32 netuno dovecot: auth: Debug: client in: AUTH#0112#011PLAIN#011service=imap#011secured#011session=H2WM7kuWFKYKCQgI#011lip=10.9.8.8#011rip=10.9.8.8#011lport=143#011rport=42516#011resp=<hidden> Nov 1 14:02:32 netuno dovecot: auth: Debug: passwd-file(master,10.9.8.8,master,<H2WM7kuWFKYKCQgI>): Master user lookup for login: test.account Nov 1 14:02:32 netuno dovecot: auth: Debug: passwd-file(master,10.9.8.8,master,<H2WM7kuWFKYKCQgI>): lookup: user=master file=/etc/dovecot/master-users Nov 1 14:02:32 netuno dovecot: auth: passwd-file(master,10.9.8.8,master,<H2WM7kuWFKYKCQgI>): Master user logging in as test.account Nov 1 14:02:32 netuno dovecot: auth: ldap(test.account,10.9.8.8,<H2WM7kuWFKYKCQgI>): invalid credentials Nov 1 14:02:34 netuno dovecot: auth: Debug: client passdb out: FAIL#0112#011user=test.account#011authz#011original_user=master#011auth_user=master Nov 1 14:02:34 netuno dovecot: imap-login: Debug: Ignoring unknown passdb extra field: original_user Nov 1 14:02:34 netuno dovecot: imap-login: Debug: Ignoring unknown passdb extra field: auth_user Nov 1 14:02:42 netuno dovecot: imap-login: Aborted login (auth failed, 1 attempts in 10 secs): user=
, method=PLAIN, rip=10.9.8.8, lip=10.9.8.8, secured, session=<H2WM7kuWFKYKCQgI> doveconf -n:
root@netuno:/etc/dovecot# grep -v "^\s*#\|^\s*$" /etc/dovecot/dovecot-ldap.conf.ext hosts = ad.example.net auth_bind = yes auth_bind_userdn = cn=%Lu,CN=Users,DC=ad,DC=example,DC=net base = DC=ad,DC=example,DC=net scope = base user_attrs =
=home=/mnt/maildirs/%Lu,
=uid=vmail,
=gid=vmail user_filter = (&(objectClass=person)(uid=%Lu)(mail=*@example.net)) root@netuno:/etc/dovecot#root@netuno:/etc/dovecot# cat /etc/dovecot/global-acls
- user=master lr root@netuno:/etc/dovecot#
(1) https://doc.dovecot.org/configuration_manual/authentication/master_users/
Best regards
-- *Marcio Merlone*
-- *Marcio Merlone*
participants (1)
-
Marcio Merlone