Date: Fri, 22 Jun 2012 08:14:19 -0700 From: Waitman Gobble <gobble.wa@gmail.com> To: Kaya Saman <kayasaman@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Could someone help me with Dovecot AD integration PAM setup? Message-ID: <CAFuo_fxxY655gkQdO71VRtwzqx6RZ=ahYv8f8T0--ouUYGK9TQ@mail.gmail.com> In-Reply-To: <CAPj0R5JCFskh0wczn%2BqKaVe_PCeZcn1eRc=bG4dSUO0JkzZ2tQ@mail.gmail.com> References: <CAPj0R5JCFskh0wczn%2BqKaVe_PCeZcn1eRc=bG4dSUO0JkzZ2tQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 22, 2012 1:45 AM, "Kaya Saman" <kayasaman@gmail.com> wrote:
>
> Hi,
>
> I'm trying to authenticate Dovecot to Active Directory using the
> SAMBA/Winbind method and so far my setup seems that everything is
> working apart from the Dovecot authentication which I believe I have
> traced to PAM.
>
> I can login using an AD account using:
>
> wbinfo -K <user>
>
> # wbinfo -K <user>
> Enter <user>'s password:
> plaintext kerberos password authentication for [<user>] succeeded
> (requesting cctype: FILE)
>
>
> This is the current Dovecot config:
>
>
> # cat dovecot.conf
> # v1.1:
> #auth_ntlm_use_winbind = yes
> # v1.2+:
> auth_use_winbind = yes
>
> auth_winbind_helper_path = /usr/local/bin/ntlm_auth
>
> protocols = imap
>
> # It's nice to have separate log files for Dovecot. You could do this
> # by changing syslog configuration also, but this is easier.
> log_path = /var/log/dovecot.log
> info_log_path = /var/log/dovecot-info.log
>
> # Disable SSL for now.
> ssl = no
> disable_plaintext_auth = no
>
> # We're using Maildir format
> #mail_location = maildir:~/Maildir
> mail_location = mbox:/mail:INBOX=/mail/%u
>
> # If you're using POP3, you'll need this:
> #pop3_uidl_format = %g
>
> # Authentication configuration:
> auth_verbose = yes
> auth_debug = yes
> auth_username_format = %n
> auth_mechanisms = plain ntlm login
> userdb {
> driver = static
> args = uid=501 gid=501 home=/mail/%u
> driver = static
> }
>
> passdb {
> driver = pam
> }
>
>
>
> Here is a "test" login attempt:
>
>
> # telnet localhost 143
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
> IDLE AUTH=PLAIN AUTH=NTLM AUTH=LOGIN] Dovecot ready.
> a login <user> <password>
> a NO [AUTHENTICATIONFAILED] Authentication failed.
> b logout
> * BYE Logging out
> b OK Logout completed.
>
>
> - of course the proper credentials were put in.....
>
>
> Here is the details of pam.d/imap:
>
>
> # cat imap
> #
> # $FreeBSD: src/etc/pam.d/imap,v 1.7.10.1.6.1 2010/12/21 17:09:25
kensmith Exp $
> #
> # PAM configuration for the "imap" service
> #
>
> # auth
> auth sufficient pam_winbind.so no_warn
> try_first_pass debug
> #auth sufficient pam_ssh.so no_warn
try_first_pass
> auth required pam_unix.so no_warn
try_first_pass
>
> # account
> #account required pam_nologin.so
> account required pam_unix.so
> #account required pam_winbind.so
>
>
> I also attempted a change in pam.d/system:
>
>
> # cat system
> #
> # $FreeBSD: src/etc/pam.d/system,v 1.1.32.1.6.1 2010/12/21 17:09:25
> kensmith Exp $
> #
> # System-wide defaults
> #
>
> # auth
> auth sufficient pam_opie.so no_warn
no_fake_prompts
> auth requisite pam_opieaccess.so no_warn
allow_local
> auth sufficient pam_krb5.so no_warn
try_first_pass
> #auth sufficient pam_ssh.so no_warn
try_first_pass
> auth required pam_unix.so no_warn
> try_first_pass nullok
>
> # account
> account required pam_krb5.so
> account required pam_login_access.so
> account required pam_unix.so
>
> # session
> #session optional pam_ssh.so
> session required pam_lastlog.so no_fail
>
> # password
> password sufficient pam_krb5.so no_warn
try_first_pass
> password required pam_unix.so no_warn
try_first_pass
>
>
>
> Which don't let me login to the Dovecot service :-(
>
>
>
> The dovecot.log file shows this:
>
>
> Jun 20 11:30:40 master: Warning: Killed with signal 15 (by pid=4149
> uid=0 code=kill)
> Jun 20 11:30:48 auth: Fatal: No passdbs specified in configuration
> file. LOGIN mechanism needs one
> Jun 20 11:30:48 master: Error: service(auth): command startup failed,
> throttling for 2 secs
> Jun 20 11:30:59 master: Warning: Killed with signal 15 (by pid=4182
> uid=0 code=kill)
> Jun 20 11:31:13 auth: Fatal: No passdbs specified in configuration
> file. LOGIN mechanism needs one
> Jun 20 11:31:13 master: Error: service(auth): command startup failed,
> throttling for 2 secs
> Jun 20 11:32:38 master: Warning: Killed with signal 15 (by pid=4245
> uid=0 code=kill)
> Jun 20 11:32:58 imap-login: Warning: Auth connection closed with 1
> pending requests (max 0 secs, pid=4265, EOF)
> Jun 20 11:32:58 auth: Fatal: master: service(auth): child 4266 killed
> with signal 11 (core not dumped - set service auth {
> drop_priv_before_exec=yes })
> Jun 20 11:46:21 master: Warning: Killed with signal 15 (by pid=4318
> uid=0 code=kill)
> Jun 20 11:46:42 auth-worker(4340): Error: pam(<user>,127.0.0.1):
> pam_authenticate() failed: authentication error (/etc/pam.d/dovecot
> missing?)
> Jun 20 11:46:55 auth: Error: Got NTLMSSP neg_flags=0xa2088207
> Jun 20 11:46:55 auth: Error: Got user=[<user>] domain=[]
> workstation=[WKS-42] len1=24 len2=270
> Jun 20 11:46:55 auth: Error: Login for user []\[<user>]@[WKS-42]
> failed due to [Reading winbind reply failed!]
> Jun 20 11:49:47 master: Warning: Killed with signal 15 (by pid=4400
> uid=0 code=kill)
> Jun 20 11:49:53 auth: Fatal: passdb imap: Missing host parameter
> Jun 20 11:49:53 master: Error: service(auth): command startup failed,
> throttling for 2 secs
> Jun 20 11:50:10 master: Warning: Killed with signal 15 (by pid=4439
> uid=0 code=kill)
> Jun 20 11:50:22 auth-worker(4461): Error: pam(<user>,127.0.0.1):
> pam_authenticate() failed: authentication error (/etc/pam.d/dovecot
> missing?)
> Jun 20 11:51:19 master: Warning: Killed with signal 15 (by pid=4479
> uid=0 code=kill)
> Jun 20 11:52:14 master: Warning: Killed with signal 15 (by pid=4647
> uid=0 code=kill)
> Jun 20 12:26:12 master: Warning: Killed with signal 15 (by pid=1349
> uid=0 code=kill)
> Jun 20 12:26:32 auth-worker(1371): Error: pam(<user>,127.0.0.1):
> pam_authenticate() failed: authentication error (/etc/pam.d/dovecot
> missing?)
> Jun 20 12:40:20 master: Warning: Killed with signal 15 (by pid=1436
> uid=0 code=kill)
> Jun 20 12:40:39 auth-worker(1458): Error: pam(<user>,127.0.0.1):
> pam_authenticate() failed: authentication error (/etc/pam.d/dovecot
> missing?)
> Jun 20 13:06:03 master: Warning: Killed with signal 15 (by pid=1653
> uid=0 code=kill)
> Jun 20 13:07:37 auth-worker(1222): Error: pam(<user>,127.0.0.1):
> pam_authenticate() failed: authentication error (/etc/pam.d/dovecot
> missing?)
> Jun 20 15:05:11 master: Warning: Killed with signal 15 (by pid=91263
> uid=0 code=kill)
> Jun 22 10:02:03 master: Warning: Killed with signal 15 (by pid=38998
> uid=0 code=kill)
> Jun 22 10:04:08 auth-worker(1229): Error: pam(<user>,127.0.0.1):
> pam_authenticate() failed: authentication error (/etc/pam.d/dovecot
> missing?)
> Jun 22 10:10:47 master: Warning: Killed with signal 15 (by pid=1394
> uid=0 code=kill)
> Jun 22 10:12:36 auth-worker(1218): Error: pam(<user>,127.0.0.1):
> pam_authenticate() failed: authentication error (/etc/pam.d/dovecot
> missing?)
> Jun 22 10:20:57 auth-worker(1232): Error: pam(<user>,127.0.0.1):
> pam_authenticate() failed: authentication error (/etc/pam.d/dovecot
> missing?)
>
>
>
> Can anybody help me with this?
>
>
> Regards,
>
>
> Kaya
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
freebsd-questions-unsubscribe@freebsd.org"
hi,
The log indicates its looking for /etc/pam.d/dovecot (instead of imap?)
..... maybe that's the issue.
Waitman Gobble
San Jose California USA
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFuo_fxxY655gkQdO71VRtwzqx6RZ=ahYv8f8T0--ouUYGK9TQ>