On 10/15/2010 07:46 AM, Timo Sirainen wrote: > On Fri, 2010-10-15 at 07:17 -0600, Trever L. Adams wrote: > >> Fantastic. I am not. Postfix, is validating user existence. I read >> somewhere I can turn off Dovecot LDA validation, but now I am unable to >> find the page. > http://wiki2.dovecot.org/UserDatabase/Static / allow_all_users > >>>>> Oct 15 05:48:06 TeaSet dovecot: master: Error: service(auth-worker): >>>>> child 16375 killed with signal 11 (core dumps disabled) >>> Can you get a gdb backtrace? First enable core dumps with "ulimit -c >>> unlimited" and once you have core file see >>> http://dovecot.org/bugreport.html >> I am not sure this is necessary. > A crash is a bug in any case that I'd like to fix. A good backtrace > would make it easier for me to do that. Alright, I will try to get that to you by Monday. I have to finish my messing with things until after business hours. >> The problem seems to be in this >> dovecot: auth: Debug: ldap(?): result: sAMAccountName(?unknown?)= >> >> I get that for all fields in the AD. It looks like I am going to have to >> do a bind of some kind. > You mean the "?unknown?" part? I think the problem here is that I hadn't > thought that LDAP attributes are case-insensitive. You should have used > sAMAccountName, not samaccountname in the iterate_attrs. But I suppose > I'll need to fix this myself too. That was the problem. It seems to have fixed the ldap problem. Below is the auth log.
TeaSet dovecot: auth: Debug: ldap: iterate: base=dc=snowyriver,dc=sapphiresunday,dc=org scope=subtree filter=(objectClass=person) fields=sAMAccountName dovecot: auth: Debug: ldap(?): result: sAMAccountName(user)=SOME_USER1 dovecot: auth: Debug: ldap(?): result: sAMAccountName(user)=SOME_USER2 dovecot: auth: Debug: ldap(?): result: sAMAccountName(user)=... dovecot: auth: Debug: master in: USER#0112#011root#011service=doveadm dovecot: auth: Debug: passwd(root): lookup dovecot: auth: Debug: master out: USER#0112#011root#011system_groups_user=root#011uid=0#011gid=0#011home=/root dovecot: auth: Debug: master in: USER#0113#011bin#011service=doveadm dovecot: auth: Debug: passwd(bin): lookup dovecot: auth: Debug: master out: USER#0113#011bin#011system_groups_user=bin#011uid=1#011gid=1#011home=/bin However, the problem is still there. I can't erase the root account. How do I use doveadm? I need the expunge command working. The below is why I wondered if the mail_uid and mail_gid were not being honored. #doveadm search -A mailbox INBOX from VALID_FROM doveadm(root): Error: user root: Invalid settings in userdb: userdb returned 0 as uid doveadm(root): Error: User lookup failed: Invalid user settings. Refer to server log for more information. doveadm(bin): Error: user bin: Couldn't drop privileges: Mail access for users with UID 1 not permitted (see first_valid_uid in config file). doveadm(bin): Error: User init failed doveadm: Error: Failed to iterate through some users If I can fix this, I only have two problems left. If I have a auth_default_realm the plain/login users (smart phones and the like) cannot connect (via pam_krb5 kerberos method). Second, using dovecot auth with postfix, kerberos logins do not work. The plain/login do. I have been trying to figure out the FAIL code. I haven't been able to. I have the ticket in the right place, it has the right formats (imap one works from the same file). It has the right password. dovecot: auth: Debug: auth client connected (pid=9022) dovecot: auth: Debug: client in: AUTH#01111#011GSSAPI#011service=smtp#011nologin#011lip=10.0.1.13#011rip=IP_ADDR#011secured#011resp=<hidden> dovecot: auth: Debug: gssapi(?,IP_ADDR): Obtaining credentials for s...@fqdn dovecot: auth: gssapi(?,IP_ADDR): While processing incoming data: Unspecified GSS failure. Minor code may provide more information dovecot: auth: gssapi(?,IP_ADDR): While processing incoming data: Invalid message type postfix/smtpd[9022]: warning: CLIENT_FQDN[IP_ADDR]: SASL GSSAPI authentication failed: dovecot: auth: Debug: client out: FAIL#01111 postfix/smtpd[9022]: disconnect from CLIENT_FQDN[IP_ADDR] postfix/smtpd[9022]: connect from CLIENT_FQDN[IP_ADDR] postfix/smtpd[9022]: warning: CLIENT_FQDN[IP_ADDR]: request longer than 2048: AUTH GSSAPI AUTH_DATA dovecot: auth: Debug: client in: AUTH#01112#011GSSAPI#011service=smtp#011nologin#011lip=10.0.1.13#011rip=IP_ADDR#011secured#011resp=<hidden> dovecot: auth: Debug: gssapi(?,IP_ADDR): Obtaining credentials for s...@fqdn dovecot: auth: gssapi(?,IP_ADDR): While processing incoming data: Unspecified GSS failure. Minor code may provide more information dovecot: auth: gssapi(?,IP_ADDR): While processing incoming data: Invalid message type postfix/smtpd[9022]: warning: CLIENT_FQDN[IP_ADDR]: SASL GSSAPI authentication failed: dovecot: auth: Debug: client out: FAIL#01112 I cannot find the fail codes. What does 01112 mean? Thank you, Trever -- "Seize the day, put no trust in the morrow!" -- Quintus Horatius Flaccus (Horace)
signature.asc
Description: OpenPGP digital signature