On Jun 22, 2012 1:45 AM, "Kaya Saman" <kayasa...@gmail.com> wrote: > > Hi, > > I'm trying to authenticate Dovecot to Active Directory using the > SAMBA/Winbind method and so far my setup seems that everything is > working apart from the Dovecot authentication which I believe I have > traced to PAM. > > I can login using an AD account using: > > wbinfo -K <user> > > # wbinfo -K <user> > Enter <user>'s password: > plaintext kerberos password authentication for [<user>] succeeded > (requesting cctype: FILE) > > > This is the current Dovecot config: > > > # cat dovecot.conf > # v1.1: > #auth_ntlm_use_winbind = yes > # v1.2+: > auth_use_winbind = yes > > auth_winbind_helper_path = /usr/local/bin/ntlm_auth > > protocols = imap > > # It's nice to have separate log files for Dovecot. You could do this > # by changing syslog configuration also, but this is easier. > log_path = /var/log/dovecot.log > info_log_path = /var/log/dovecot-info.log > > # Disable SSL for now. > ssl = no > disable_plaintext_auth = no > > # We're using Maildir format > #mail_location = maildir:~/Maildir > mail_location = mbox:/mail:INBOX=/mail/%u > > # If you're using POP3, you'll need this: > #pop3_uidl_format = %g > > # Authentication configuration: > auth_verbose = yes > auth_debug = yes > auth_username_format = %n > auth_mechanisms = plain ntlm login > userdb { > driver = static > args = uid=501 gid=501 home=/mail/%u > driver = static > } > > passdb { > driver = pam > } > > > > Here is a "test" login attempt: > > > # telnet localhost 143 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE AUTH=PLAIN AUTH=NTLM AUTH=LOGIN] Dovecot ready. > a login <user> <password> > a NO [AUTHENTICATIONFAILED] Authentication failed. > b logout > * BYE Logging out > b OK Logout completed. > > > - of course the proper credentials were put in..... > > > Here is the details of pam.d/imap: > > > # cat imap > # > # $FreeBSD: src/etc/pam.d/imap,v 1.7.10.1.6.1 2010/12/21 17:09:25 kensmith Exp $ > # > # PAM configuration for the "imap" service > # > > # auth > auth sufficient pam_winbind.so no_warn > try_first_pass debug > #auth sufficient pam_ssh.so no_warn try_first_pass > auth required pam_unix.so no_warn try_first_pass > > # account > #account required pam_nologin.so > account required pam_unix.so > #account required pam_winbind.so > > > I also attempted a change in pam.d/system: > > > # cat system > # > # $FreeBSD: src/etc/pam.d/system,v 1.1.32.1.6.1 2010/12/21 17:09:25 > kensmith Exp $ > # > # System-wide defaults > # > > # auth > auth sufficient pam_opie.so no_warn no_fake_prompts > auth requisite pam_opieaccess.so no_warn allow_local > auth sufficient pam_krb5.so no_warn try_first_pass > #auth sufficient pam_ssh.so no_warn try_first_pass > auth required pam_unix.so no_warn > try_first_pass nullok > > # account > account required pam_krb5.so > account required pam_login_access.so > account required pam_unix.so > > # session > #session optional pam_ssh.so > session required pam_lastlog.so no_fail > > # password > password sufficient pam_krb5.so no_warn try_first_pass > password required pam_unix.so no_warn try_first_pass > > > > Which don't let me login to the Dovecot service :-( > > > > The dovecot.log file shows this: > > > Jun 20 11:30:40 master: Warning: Killed with signal 15 (by pid=4149 > uid=0 code=kill) > Jun 20 11:30:48 auth: Fatal: No passdbs specified in configuration > file. LOGIN mechanism needs one > Jun 20 11:30:48 master: Error: service(auth): command startup failed, > throttling for 2 secs > Jun 20 11:30:59 master: Warning: Killed with signal 15 (by pid=4182 > uid=0 code=kill) > Jun 20 11:31:13 auth: Fatal: No passdbs specified in configuration > file. LOGIN mechanism needs one > Jun 20 11:31:13 master: Error: service(auth): command startup failed, > throttling for 2 secs > Jun 20 11:32:38 master: Warning: Killed with signal 15 (by pid=4245 > uid=0 code=kill) > Jun 20 11:32:58 imap-login: Warning: Auth connection closed with 1 > pending requests (max 0 secs, pid=4265, EOF) > Jun 20 11:32:58 auth: Fatal: master: service(auth): child 4266 killed > with signal 11 (core not dumped - set service auth { > drop_priv_before_exec=yes }) > Jun 20 11:46:21 master: Warning: Killed with signal 15 (by pid=4318 > uid=0 code=kill) > Jun 20 11:46:42 auth-worker(4340): Error: pam(<user>,127.0.0.1): > pam_authenticate() failed: authentication error (/etc/pam.d/dovecot > missing?) > Jun 20 11:46:55 auth: Error: Got NTLMSSP neg_flags=0xa2088207 > Jun 20 11:46:55 auth: Error: Got user=[<user>] domain=[] > workstation=[WKS-42] len1=24 len2=270 > Jun 20 11:46:55 auth: Error: Login for user []\[<user>]@[WKS-42] > failed due to [Reading winbind reply failed!] > Jun 20 11:49:47 master: Warning: Killed with signal 15 (by pid=4400 > uid=0 code=kill) > Jun 20 11:49:53 auth: Fatal: passdb imap: Missing host parameter > Jun 20 11:49:53 master: Error: service(auth): command startup failed, > throttling for 2 secs > Jun 20 11:50:10 master: Warning: Killed with signal 15 (by pid=4439 > uid=0 code=kill) > Jun 20 11:50:22 auth-worker(4461): Error: pam(<user>,127.0.0.1): > pam_authenticate() failed: authentication error (/etc/pam.d/dovecot > missing?) > Jun 20 11:51:19 master: Warning: Killed with signal 15 (by pid=4479 > uid=0 code=kill) > Jun 20 11:52:14 master: Warning: Killed with signal 15 (by pid=4647 > uid=0 code=kill) > Jun 20 12:26:12 master: Warning: Killed with signal 15 (by pid=1349 > uid=0 code=kill) > Jun 20 12:26:32 auth-worker(1371): Error: pam(<user>,127.0.0.1): > pam_authenticate() failed: authentication error (/etc/pam.d/dovecot > missing?) > Jun 20 12:40:20 master: Warning: Killed with signal 15 (by pid=1436 > uid=0 code=kill) > Jun 20 12:40:39 auth-worker(1458): Error: pam(<user>,127.0.0.1): > pam_authenticate() failed: authentication error (/etc/pam.d/dovecot > missing?) > Jun 20 13:06:03 master: Warning: Killed with signal 15 (by pid=1653 > uid=0 code=kill) > Jun 20 13:07:37 auth-worker(1222): Error: pam(<user>,127.0.0.1): > pam_authenticate() failed: authentication error (/etc/pam.d/dovecot > missing?) > Jun 20 15:05:11 master: Warning: Killed with signal 15 (by pid=91263 > uid=0 code=kill) > Jun 22 10:02:03 master: Warning: Killed with signal 15 (by pid=38998 > uid=0 code=kill) > Jun 22 10:04:08 auth-worker(1229): Error: pam(<user>,127.0.0.1): > pam_authenticate() failed: authentication error (/etc/pam.d/dovecot > missing?) > Jun 22 10:10:47 master: Warning: Killed with signal 15 (by pid=1394 > uid=0 code=kill) > Jun 22 10:12:36 auth-worker(1218): Error: pam(<user>,127.0.0.1): > pam_authenticate() failed: authentication error (/etc/pam.d/dovecot > missing?) > Jun 22 10:20:57 auth-worker(1232): Error: pam(<user>,127.0.0.1): > pam_authenticate() failed: authentication error (/etc/pam.d/dovecot > missing?) > > > > Can anybody help me with this? > > > Regards, > > > Kaya > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " freebsd-questions-unsubscr...@freebsd.org"
hi, The log indicates its looking for /etc/pam.d/dovecot (instead of imap?) ..... maybe that's the issue. Waitman Gobble San Jose California USA _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"