Re: Dovecot bsdauth(user): unknown user
Oof. I didn't notice this earlier, but you're running -current, and this has seen some changes in the last week. You might want to take a look at this thread: http://marc.info/?t=13910782254r=1w=2 I don't have an easy way to test (not running -current or using passwd/bsdauth), and it's not clear from the discussion whether the changes that fixed dovecot in Brad's testing were committed or not. However, it looks like one more fix to getpwent.c was committed after your last update, and it's probably worth trying. Based on the info you provided, today I made another `make release`. Now everything is working as it should be. Sorry for making a fuss and thanks for the help. Atanas Vladimirov
Re: Dovecot bsdauth(user): unknown user
# pwd_mkdb usage: pwd_mkdb [-c] [-p | -s] [-d directory] [-u username] file # pwd_mkdb -c /etc/master.passwd # It seems that everything is OK, isn't it?. Did the problems with unknown user persist afterward? Yes, the problem persist. $ sudo doveadm auth test vlado Password: passdb: vlado auth failed extra fields: user=vlado $ sudo pwd_mkdb usage: pwd_mkdb [-c] [-p | -s] [-d directory] [-u username] file $ sudo pwd_mkdb -c /etc/master.passwd $ sudo doveadm auth test vlado Password: passdb: vlado auth failed extra fields: user=vlado $ tail /var/log/maillog Mar 10 08:08:16 ns dovecot: auth-worker(21267): bsdauth(vlado): unknown user (given password: K4*x9) Mar 10 08:08:51 ns dovecot: auth-worker(21267): bsdauth(vlado): unknown user (given password: Qa*we00) Mar 10 08:09:41 ns dovecot: auth-worker(21267): bsdauth(vlado): unknown user (given password: K*rx9) Mar 10 08:10:18 ns dovecot: auth-worker(21267): bsdauth(vlado): unknown user (given password: K*x9) If I enter wrong password error for the account that is working normaly, error is password mismatch. With correct password for the same account the log is silent as it should to be. $ sudo doveadm auth test jul Password: passdb: jul auth failed extra fields: user=jul $ tail /var/log/maillog Mar 10 09:50:38 ns dovecot: auth-worker(836): bsdauth(jul): Password mismatch (given password: Qazxsw)
Re: Dovecot bsdauth(user): unknown user
On 03/10/2014 02:57 AM, Атанас Владимиров wrote: Yes, the problem persist. Oof. I didn't notice this earlier, but you're running -current, and this has seen some changes in the last week. You might want to take a look at this thread: http://marc.info/?t=13910782254r=1w=2 I don't have an easy way to test (not running -current or using passwd/bsdauth), and it's not clear from the discussion whether the changes that fixed dovecot in Brad's testing were committed or not. However, it looks like one more fix to getpwent.c was committed after your last update, and it's probably worth trying. -- Matthew Weigel hacker unique idempot . ent
Re: Dovecot bsdauth(user): unknown user
On 03/08/14 23:30, Атанас Владимиров wrote: Hi, I have a very strange problem with one user. After upgrade from home made release today dovecot stoped authenticating my account. Root and other accounts are working well. I also made two new accounts which worked as they should. It seems that for dovecot my account (vlado) not exists. Thanks for any help. Do the two new accounts have the same login class (=staff)? I would check the various auth= and auth-*= settings in /etc/login.conf. /Alexander In case the error message is a bit misleading # /var/log/maillog: Mar 8 23:40:20 ns dovecot: auth-worker(2646): bsdauth(vlado): unknown user (given password: Qazxswe00) Mar 8 23:42:12 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: Qzxswe00) Mar 8 23:42:40 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: Qawe00) Mar 8 23:43:15 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: Qaze00) Mar 8 23:43:36 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: dsd) # /etc/passwd _dovecot:*:518:518:Dovecot Account:/nonexistent:/sbin/nologin _dovenull:*:666:666:Dovecot Login User:/nonexistent:/sbin/nologin _netflow:*:575:575:flow-tools user:/var/empty:/sbin/nologin _nfcapd:*:649:649:nfcapd user:/nonexistent:/sbin/nologin vlado:*:1000:1000:Atanas Vladimirov:/home/vlado:/bin/ksh # /etc/master.passwd _netflow:*:575:575:daemon:0:0:flow-tools user:/var/empty:/sbin/nologin _nfcapd:*:649:649:daemon:0:0:nfcapd user:/nonexistent:/sbin/nologin vlado:$2a$06$iVr1p*hmfMLW:1000:1000:staff:0:0:Atanas Vladimirov:/home/vlado:/bin/ksh # $ dovecot -n # 2.2.10: /etc/dovecot/dovecot.conf # OS: OpenBSD 5.5 i386 auth_debug = yes auth_verbose = yes auth_verbose_passwords = plain first_valid_uid = 1000 imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags mail_debug = yes mbox_write_locks = fcntl mmap_disable = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = bsdauth } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh ssl = required ssl_cert = /etc/ssl/dovecotcert.pem ssl_key = /etc/ssl/private/dovecot.pem userdb { driver = passwd } # dmesg: OpenBSD 5.5-current (GENERIC.MP) #0: Sat Mar 8 14:41:24 EET 2014 r...@i386.bsdbg.net:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ (AuthenticAMD 686-class, 512KB L2 cache) 2.31 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,NXE,MMXX,FFXSR,LON G,3DNOW2,3DNOW,SSE3,CX16,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP real mem = 2129096704 (2030MB) avail mem = 2081988608 (1985MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 06/02/10, BIOS32 rev. 0 @ 0xf2030, SMBIOS rev. 2.4 @ 0xf (70 entries) bios0: vendor Phoenix Technologies, LTD version ASUS M2NPV-VM ACPI BIOS Revision 5005 date 06/02/2010 bios0: ASUSTek Computer INC. M2NPV-VM acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP MCFG APIC acpi0: wakeup devices HUB0(S5) XVRA(S5) XVRB(S5) XVRC(S5) UAR1(S5) UAR2(S5) PS2M(S4) PS2K(S4) USB0(S4) USB2(S4) AZAD(S5) MMAC (S5) MMCI(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 200MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ (AuthenticAMD 686-class, 512KB L2 cache) 2.31 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,NXE,MMXX,FFXSR,LON G,3DNOW2,3DNOW,SSE3,CX16,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP ioapic0 at mainbus0: apid 4 pa 0xfec0, version 11, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 4 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (HUB0) acpicpu0 at acpi0 acpicpu1 at acpi0 acpitz0 at acpi0: critical temperature is 75 degC acpibtn0 at acpi0: PWRB aibs0 at acpi0 RTMP RVLT RFAN aibs0: FSIF: misformed package: 3/5, assume 5 bios0: ROM list: 0xc/0xec00 0xd4000/0x1000 0xd5000/0x1000 pci0 at mainbus0 bus 0: configuration mode 1 (bios) NVIDIA C51 Host rev 0xa2 at pci0 dev 0 function 0 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 2 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 3 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0
Re: Dovecot bsdauth(user): unknown user
No, they had default login class. I'm still trying to find out some pattern when and why this behavior occurs. When I create new account with `useradd accountname` then set a password with `passwd accountname` and then `doveadm auth test accountname`, everything seems good. Then `usermod -L default accountname` and doveadm auth failed. When I created new account with adduser - doveadm failed. An old account on the system works fine no matter in which loggin class I move it. I tried to move my account to other class without any luck. Here is my login.conf. I can provide other info, too. Thanks for your time. $ cat /etc/login.conf # $OpenBSD: login.conf.in,v 1.6 2012/02/06 21:25:13 sobrado Exp $ # # Sample login.conf file. See login.conf(5) for details. # # # Standard authentication styles: # # krb5-or-pwd First try Kerberos V password, then local password file # passwdUse only the local password file # krb5 Use only the Kerberos V password # chpassDo not authenticate, but change users password (change # the YP password if the user has one, else change the # local password) # lchpass Do not login; change user's local password instead # radiusUse radius authentication # rejectUse rejected authentication # skey Use S/Key authentication # activ ActivCard X9.9 token authentication # cryptoCRYPTOCard X9.9 token authentication # snk Digital Pathways SecureNet Key authentication # tis TIS Firewall Toolkit authentication # token Generic X9.9 token authentication # yubikey YubiKey authentication # # Default allowed authentication styles auth-defaults:auth=passwd,skey: # Default allowed authentication styles for authentication type ftp auth-ftp-defaults:auth-ftp=passwd: # # The default values # To alter the default authentication types change the line: # :tc=auth-defaults:\ # to be read something like: (enables passwd, myauth, and activ) # :auth=passwd,myauth,activ:\ # Any value changed in the daemon class should be reset in default # class. # default:\ :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\ :umask=022:\ :datasize-max=512M:\ :datasize-cur=512M:\ :maxproc-max=256:\ :maxproc-cur=128:\ :openfiles-cur=512:\ :stacksize-cur=4M:\ :localcipher=blowfish,6:\ :ypcipher=old:\ :tc=auth-defaults:\ :tc=auth-ftp-defaults: # # Settings used by /etc/rc and root # This must be set properly for daemons started as root by inetd as well. # Be sure reset these values back to system defaults in the default class! # daemon:\ :ignorenologin:\ :datasize=infinity:\ :maxproc=infinity:\ :openfiles-cur=128:\ :stacksize-cur=8M:\ :localcipher=blowfish,8:\ :tc=default: dovecot:\ :openfiles-cur=512:\ :openfiles-max=2048:\ :tc=daemon: # # Staff have fewer restrictions and can login even when nologins are set. # staff:\ :datasize-cur=2048M:\ :datasize-max=infinity:\ :maxproc-max=512:\ :maxproc-cur=128:\ :ignorenologin:\ :requirehome@:\ :tc=default: # # Authpf accounts get a special motd and shell # authpf:\ :welcome=/etc/motd.authpf:\ :shell=/usr/sbin/authpf:\ :tc=default: # # Override resource limits for certain daemons started by rc.d(8) # bgpd:\ :openfiles-cur=512:\ :tc=daemon: 2014-03-09 15:19 GMT+02:00 Alexander Hall alexan...@beard.se: On 03/08/14 23:30, Àòàíàñ Âëàäèìèðîâ wrote: Hi, I have a very strange problem with one user. After upgrade from home made release today dovecot stoped authenticating my account. Root and other accounts are working well. I also made two new accounts which worked as they should. It seems that for dovecot my account (vlado) not exists. Thanks for any help. Do the two new accounts have the same login class (=staff)? I would check the various auth= and auth-*= settings in /etc/login.conf. /Alexander In case the error message is a bit misleading # /var/log/maillog: Mar 8 23:40:20 ns dovecot: auth-worker(2646): bsdauth(vlado): unknown user (given password: Qazxswe00) Mar 8 23:42:12 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: Qzxswe00) Mar 8 23:42:40 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: Qawe00) Mar 8 23:43:15 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: Qaze00) Mar 8 23:43:36 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: dsd) # /etc/passwd _dovecot:*:518:518:Dovecot Account:/nonexistent:/sbin/nologin _dovenull:*:666:666:Dovecot Login User:/nonexistent:/sbin/nologin _netflow:*:575:575:flow-tools
Re: Dovecot bsdauth(user): unknown user
On 03/09/2014 12:47 PM, Атанас Владимиров wrote: No, they had default login class. I'm still trying to find out some pattern when and why this behavior occurs. When I create new account with `useradd accountname` then set a password with `passwd accountname` and then `doveadm auth test accountname`, everything seems good. Then `usermod -L default accountname` and doveadm auth failed. When I created new account with adduser - doveadm failed. An old account on the system works fine no matter in which loggin class I move it. I tried to move my account to other class without any luck. Here is my login.conf. I can provide other info, too. Thanks for your time. What happens if you just run pwd_mkdb -c /etc/master.passwd as root? What about just pwd_mkdb? It looks like the error you're seeing in the log (bsdauth(vlado): unknown user...) comes down to a failure in getpwent_r(), and would be causing problems before the user's login class is relevant. -- Matthew Weigel hacker unique idempot . ent
Re: Dovecot bsdauth(user): unknown user
What happens if you just run pwd_mkdb -c /etc/master.passwd as root? What about just pwd_mkdb? It looks like the error you're seeing in the log (bsdauth(vlado): unknown user...) comes down to a failure in getpwent_r(), and would be causing problems before the user's login class is relevant. # pwd_mkdb usage: pwd_mkdb [-c] [-p | -s] [-d directory] [-u username] file # pwd_mkdb -c /etc/master.passwd # It seems that everything is OK, isn't it?.
Re: Dovecot bsdauth(user): unknown user
On 03/09/2014 03:25 PM, Атанас Владимиров wrote: What happens if you just run pwd_mkdb -c /etc/master.passwd as root? What about just pwd_mkdb? It looks like the error you're seeing in the log (bsdauth(vlado): unknown user...) comes down to a failure in getpwent_r(), and would be causing problems before the user's login class is relevant. # pwd_mkdb usage: pwd_mkdb [-c] [-p | -s] [-d directory] [-u username] file # pwd_mkdb -c /etc/master.passwd # It seems that everything is OK, isn't it?. Did the problems with unknown user persist afterward? -- Matthew Weigel hacker unique idempot . ent
Dovecot bsdauth(user): unknown user
Hi, I have a very strange problem with one user. After upgrade from home made release today dovecot stoped authenticating my account. Root and other accounts are working well. I also made two new accounts which worked as they should. It seems that for dovecot my account (vlado) not exists. Thanks for any help. # /var/log/maillog: Mar 8 23:40:20 ns dovecot: auth-worker(2646): bsdauth(vlado): unknown user (given password: Qazxswe00) Mar 8 23:42:12 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: Qzxswe00) Mar 8 23:42:40 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: Qawe00) Mar 8 23:43:15 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: Qaze00) Mar 8 23:43:36 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: dsd) # /etc/passwd _dovecot:*:518:518:Dovecot Account:/nonexistent:/sbin/nologin _dovenull:*:666:666:Dovecot Login User:/nonexistent:/sbin/nologin _netflow:*:575:575:flow-tools user:/var/empty:/sbin/nologin _nfcapd:*:649:649:nfcapd user:/nonexistent:/sbin/nologin vlado:*:1000:1000:Atanas Vladimirov:/home/vlado:/bin/ksh # /etc/master.passwd _netflow:*:575:575:daemon:0:0:flow-tools user:/var/empty:/sbin/nologin _nfcapd:*:649:649:daemon:0:0:nfcapd user:/nonexistent:/sbin/nologin vlado:$2a$06$iVr1p*hmfMLW:1000:1000:staff:0:0:Atanas Vladimirov:/home/vlado:/bin/ksh # $ dovecot -n # 2.2.10: /etc/dovecot/dovecot.conf # OS: OpenBSD 5.5 i386 auth_debug = yes auth_verbose = yes auth_verbose_passwords = plain first_valid_uid = 1000 imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags mail_debug = yes mbox_write_locks = fcntl mmap_disable = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = bsdauth } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh ssl = required ssl_cert = /etc/ssl/dovecotcert.pem ssl_key = /etc/ssl/private/dovecot.pem userdb { driver = passwd } # dmesg: OpenBSD 5.5-current (GENERIC.MP) #0: Sat Mar 8 14:41:24 EET 2014 r...@i386.bsdbg.net:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ (AuthenticAMD 686-class, 512KB L2 cache) 2.31 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,NXE,MMXX,FFXSR,LON G,3DNOW2,3DNOW,SSE3,CX16,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP real mem = 2129096704 (2030MB) avail mem = 2081988608 (1985MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 06/02/10, BIOS32 rev. 0 @ 0xf2030, SMBIOS rev. 2.4 @ 0xf (70 entries) bios0: vendor Phoenix Technologies, LTD version ASUS M2NPV-VM ACPI BIOS Revision 5005 date 06/02/2010 bios0: ASUSTek Computer INC. M2NPV-VM acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP MCFG APIC acpi0: wakeup devices HUB0(S5) XVRA(S5) XVRB(S5) XVRC(S5) UAR1(S5) UAR2(S5) PS2M(S4) PS2K(S4) USB0(S4) USB2(S4) AZAD(S5) MMAC (S5) MMCI(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 200MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ (AuthenticAMD 686-class, 512KB L2 cache) 2.31 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,NXE,MMXX,FFXSR,LON G,3DNOW2,3DNOW,SSE3,CX16,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP ioapic0 at mainbus0: apid 4 pa 0xfec0, version 11, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 4 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (HUB0) acpicpu0 at acpi0 acpicpu1 at acpi0 acpitz0 at acpi0: critical temperature is 75 degC acpibtn0 at acpi0: PWRB aibs0 at acpi0 RTMP RVLT RFAN aibs0: FSIF: misformed package: 3/5, assume 5 bios0: ROM list: 0xc/0xec00 0xd4000/0x1000 0xd5000/0x1000 pci0 at mainbus0 bus 0: configuration mode 1 (bios) NVIDIA C51 Host rev 0xa2 at pci0 dev 0 function 0 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 2 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 3 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 4 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 5 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 6 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 7 not configured vga1 at pci0 dev 5 function 0 NVIDIA