[Dovecot] Unable to authenticate with Pam

Patrick Begou Patrick.Begou at hmg.inpg.fr
Wed Dec 20 15:50:48 UTC 2006


Hi,

I'm trying to solve this problem for several weeks and this is a SOS!

I've 2 Debian server runing heartbeat and drbd for high availability.
I'm using LDAP for user database, PAM for authentication and Dovecot for 
Pop3s access. On the master server all is fine. If dovecot is started on 
the slave server (instead of the master) it does not accept to 
authenticate with the pam/ldap.

Between the 2 servers there is just a release level of some filesets 
wich is different, but it do not concern dovecot, nor pam, nor ldap!
I can provide a diff file.

The problem occur if the ldap server is on the same node _and_ if it is 
on the other node.

These are the messages :

Dec 20 15:39:18 dean pop3-login: unable to dlopen 
/usr/lib/sasl2/libanonymous.so.2: /usr/lib/sasl2/libanonymous.so.2: 
failed to map segment from shared object: Cannot allocate memory
Dec 20 15:39:18 dean pop3-login: unable to dlopen 
/usr/lib/sasl2/libplain.so.2: /usr/lib/sasl2/libplain.so.2: failed to 
map segment from shared object: Cannot allocate memory
Dec 20 15:39:18 dean pop3-login: unable to dlopen 
/usr/lib/sasl2/liblogin.so.2: /usr/lib/sasl2/liblogin.so.2: failed to 
map segment from shared object: Cannot allocate memory
Dec 20 15:39:18 dean pop3-login: unable to dlopen 
/usr/lib/sasl2/libntlm.so.2: /usr/lib/sasl2/libntlm.so.2: failed to map 
segment from shared object: Cannot allocate memory
Dec 20 15:39:28 dean dovecot-auth: (pam_unix) check pass; user unknown
Dec 20 15:39:28 dean dovecot-auth: (pam_unix) authentication failure; 
logname= uid=0 euid=0 tty= ruser= rhost=194.254.67.78

The library error messages occurs on the 2 servers wich have the same 
libsasl packages.libsaslA2, libsasl2-modules and sasl2-bin are at level 
2.1.19-1.5sarge1

The  tests I've ran:

=> The ldap server in runing (all computers of my network use it)
=> ldapsearch -x \
   -D "uid=begou,ou=People,........." \
   -W '(uid=begou)' userPassword
   works fine on this host whith my password.
=> I'm runing sendmail on the same host with sasl to authenticate
    on the ldap server and:
    testsaslauthd -u begou -p my-password
    works fine and sendmail authenticate.
=> I'm using PLAIN passwords with ssl. ssl is working with the test:
    openssl s_client -connect mostha2.hmg.inpg.fr:pop3s:
CONNECTED(00000003)
depth=0 
/C=FR/ST=RA/L=Grenoble/O=LEGI/OU=MoST/CN=Dovecot/emailAddress=Patrick.Begou at hmg.inpg.fr
verify error:num=18:self signed certificate
verify return:1
depth=0 
/C=FR/ST=RA/L=Grenoble/O=LEGI/OU=MoST/CN=Dovecot/emailAddress=Patrick.Begou at hmg.inpg.fr
verify return:1
---
Certificate chain
  0 
s:/C=FR/ST=RA/L=Grenoble/O=LEGI/OU=MoST/CN=Dovecot/emailAddress=Patrick.Begou at hmg.inpg.fr
 
i:/C=FR/ST=RA/L=Grenoble/O=LEGI/OU=MoST/CN=Dovecot/emailAddress=Patrick.Begou at hmg.inpg.fr
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEgzCCA2ugAwIBAgIJAP3u4iOMcvbhMA0GCSqGSIb3DQEBBAUAMIGHMQswCQYD
..... cut .....
5XFFP1f0AQ==
-----END CERTIFICATE-----
subject=/C=FR/ST=RA/L=Grenoble/O=LEGI/OU=MoST/CN=Dovecot/emailAddress=Patrick.Begou at hmg.inpg.fr
issuer=/C=FR/ST=RA/L=Grenoble/O=LEGI/OU=MoST/CN=Dovecot/emailAddress=Patrick.Begou at hmg.inpg.fr
---
No client certificate CA names sent
---
SSL handshake has read 1321 bytes and written 468 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
SSL-Session:
     Protocol  : TLSv1
     Cipher    : AES256-SHA
     Session-ID: C2F2FFA0..... cut ......456C194EE3D5F
     Session-ID-ctx:
     Master-Key: 31D764620903C00A..... cut ......4B7101909B3A84F
     Key-Arg   : None
     Krb5 Principal: None
     Start Time: 1166628727
     Timeout   : 300 (sec)
     Verify return code: 18 (self signed certificate)
---
+OK dovecot ready.

If I use:
USER begou
PASS my-password
dovecot answer:
-ERR Authentication failed.

If a use a local user (from /etc/passwd), ex: root , it works and 
dovecot connect the session.

------------------------------------------------
/etc/dovecot.conf
------------------------------------------------
protocols = imaps pop3s
imaps_listen = xxx.xxx.xxx.xxx
pop3s_listen = xxx.xxx.xxx.xxx
login = imap
login = pop3
first_valid_uid = 100
mail_extra_groups = mail
default_mail_env = 
mbox:/services/_POP-IMAP/%d/%n/:INBOX=/var/mail/%u:INDEX=/services/_POP-IMAP/%d/%n/indexes/
auth = default
auth_mechanisms = plain
auth_userdb = passwd
auth_passdb = pam dovecot
auth_user = root
auth_verbose = yes
auth_debug = yes
------------------------------------------------
/etc/pam.d/dovecot
------------------------------------------------
auth    required pam_ldap.so
account required pam_ldap.so
session required pam_ldap.so

------------------------------------------------
dpkg -l \*dovecot\*
------------------------------------------------
ii  dovecot-common              0.99.14-1sarge0
ii  dovecot-imapd               0.99.14-1sarge0
ii  dovecot-pop3d               0.99.14-1sarge0


Thanks for your help

Patrick
-- 
===============================================================
|  Equipe M.O.S.T.         | http://most.hmg.inpg.fr          |
|  Patrick BEGOU           |       ------------               |
|  LEGI                    | mailto:Patrick.Begou at hmg.inpg.fr |
|  BP 53 X                 | Tel 04 76 82 51 35               |
|  38041 GRENOBLE CEDEX    | Fax 04 76 82 52 71               |
===============================================================


More information about the dovecot mailing list