[Dovecot] Dovecot2 vs. AD, "Inactivity during authentication"
Jeroen Scheerder
js at on2it.net
Thu Feb 27 11:38:14 UTC 2014
Hi,
I'm trying to setup Dovecot2 for
o IMAP client access
o LDA for postfix mail delivery (with SIEVE)
... on a FreeBSD host.
The FreeBSD server has no users (by intention), so I've set up a virtual mail domain, using LDAP lookups in Postfix. So far so good. Mail delivers into the proper mailbox.
But I'm stuck getting Dovecot to authenticate. User- and passwd DB's are set up for LDAP lookups to AD, using an authenticated bind (the AD server offers no anonymous binds, yet).
I've enabled all the debugging I can find, but my logs have little information to offer.
Any help in getting me a step further would be much appreciated. In particular, I'd like to learn how do diagnose these userdb/passdb issues properly.
Here's what I see in the logs:
Feb 27 12:25:49 <mail.info> ponyboy dovecot: imap-login: Disconnected: Inactivity during authentication (disconnected while authenticating, waited 172 secs): user=<>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<r/ERi2HzQAB/AAAB>
Feb 27 12:26:42 <mail.err> ponyboy dovecot: auth: Error: PLAIN(js,127.0.0.1,<r/ERi2HzQAB/AAAB>): Request 74099.1 timed out after 225 secs, state=1
This logging is related to the folloging IMAP session:
ponyboy% telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a login js suppressed
* OK Waiting for authentication process to respond..
* BYE Disconnected for inactivity during authentication.
Connection closed by foreign host.
Here's my config:
$ dovecot -n
# 2.2.10: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 10.0-RELEASE amd64 ufs
auth_debug = yes
auth_mechanisms = plain login
auth_username_format = %Ln
auth_verbose = yes
first_valid_gid = 1000
first_valid_uid = 1000
imap_client_workarounds = delay-newmail
last_valid_gid = 1000
last_valid_uid = 1000
mail_gid = 1000
mail_location = maildir:/var/mail/on2it/%Ln
mail_uid = 1000
maildir_very_dirty_syncs = yes
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /usr/local/etc/dovecot/on2it-ldap-users.cfg
driver = ldap
}
protocols = imap
service auth-worker {
user = root
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
unix_listener auth-userdb {
group = postfix
mode = 0666
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 143
}
}
shutdown_clients = no
ssl = no
userdb {
args = /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg
driver = ldap
}
valid_chroot_dirs = /var/mail/on2it
$ cat /usr/local/etc/dovecot/on2it-ldap-users.cfg
hosts = dc2.office.on2it.net
ldap_version = 3
base = dc=office,dc=on2it,dc=net
scope=subtree
auth_bind = yes
dn = [suppressed]
dnpass = [suppressed]
pass_attrs = sAMAccountName=user
user_attrs = \
=home=/var/mail/on2it/%{ldap:sAMAccountName}, \
=mail=maildir:/var/mail/on2it/%{ldap:sAMAccountName}
user_filter = (&(ObjectClass=person)(sAMAccountName=%u))
pass_filter = (&(ObjectClass=person)(sAMAccountName=%u))
iterate_attrs = sAMAccountName=user
iterate_filter = (objectClass=person)
$ ls -l /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg
lrwxr-xr-x 1 root wheel 20 Feb 27 12:07 /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg -> on2it-ldap-users.cfg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140227/f1528e50/attachment-0001.sig>
More information about the dovecot
mailing list