From owner-freebsd-questions@FreeBSD.ORG Fri Jun 22 15:14:21 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CB1E4106566C for ; Fri, 22 Jun 2012 15:14:21 +0000 (UTC) (envelope-from gobble.wa@gmail.com) Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) by mx1.freebsd.org (Postfix) with ESMTP id 50F878FC08 for ; Fri, 22 Jun 2012 15:14:21 +0000 (UTC) Received: by wibhm11 with SMTP id hm11so605497wib.13 for ; Fri, 22 Jun 2012 08:14:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=K5y1u30EVpx+hPllFO5VQmCL1pWAHUQLJKouL1/3Ugk=; b=BICb7uxHUs69xgBOj15a9d+mAYs7LJAUe8VTLykdwYkUw0/gxYOwq4yKW7DExSFrIs sT7D+y8LgOZwAwp3xhseiRWJSmbM/87leqc3RGsrLQmHQla/f05bGc3BWgswEh4Iyeel HPbMEYsKrlBcJOxF0sT8EEpxCfM82Tufy1RcGw3+f5g2Voq+hL4/kDe2rH9EZkFEUy5V VKhI56qf5F802HwP6rAhGiT9Tx5GVX7mLnEWK+VYnwETXdcQyuT2lytHB0g8o0Nol/j8 dSr0TUrHUjQi8eETncC4X/z2qBZwe3eL4NEEiqFDJdyKbO4mVATwWBtB3Y4fuwJBnU4n Sv0g== MIME-Version: 1.0 Received: by 10.216.193.166 with SMTP id k38mr1297270wen.200.1340378059347; Fri, 22 Jun 2012 08:14:19 -0700 (PDT) Received: by 10.216.138.220 with HTTP; Fri, 22 Jun 2012 08:14:19 -0700 (PDT) Received: by 10.216.138.220 with HTTP; Fri, 22 Jun 2012 08:14:19 -0700 (PDT) In-Reply-To: References: Date: Fri, 22 Jun 2012 08:14:19 -0700 Message-ID: From: Waitman Gobble To: Kaya Saman Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions Subject: Re: Could someone help me with Dovecot AD integration PAM setup? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 15:14:21 -0000 On Jun 22, 2012 1:45 AM, "Kaya Saman" wrote: > > Hi, > > I'm trying to authenticate Dovecot to Active Directory using the > SAMBA/Winbind method and so far my setup seems that everything is > working apart from the Dovecot authentication which I believe I have > traced to PAM. > > I can login using an AD account using: > > wbinfo -K > > # wbinfo -K > Enter 's password: > plaintext kerberos password authentication for [] succeeded > (requesting cctype: FILE) > > > This is the current Dovecot config: > > > # cat dovecot.conf > # v1.1: > #auth_ntlm_use_winbind = yes > # v1.2+: > auth_use_winbind = yes > > auth_winbind_helper_path = /usr/local/bin/ntlm_auth > > protocols = imap > > # It's nice to have separate log files for Dovecot. You could do this > # by changing syslog configuration also, but this is easier. > log_path = /var/log/dovecot.log > info_log_path = /var/log/dovecot-info.log > > # Disable SSL for now. > ssl = no > disable_plaintext_auth = no > > # We're using Maildir format > #mail_location = maildir:~/Maildir > mail_location = mbox:/mail:INBOX=/mail/%u > > # If you're using POP3, you'll need this: > #pop3_uidl_format = %g > > # Authentication configuration: > auth_verbose = yes > auth_debug = yes > auth_username_format = %n > auth_mechanisms = plain ntlm login > userdb { > driver = static > args = uid=501 gid=501 home=/mail/%u > driver = static > } > > passdb { > driver = pam > } > > > > Here is a "test" login attempt: > > > # telnet localhost 143 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE AUTH=PLAIN AUTH=NTLM AUTH=LOGIN] Dovecot ready. > a login > a NO [AUTHENTICATIONFAILED] Authentication failed. > b logout > * BYE Logging out > b OK Logout completed. > > > - of course the proper credentials were put in..... > > > Here is the details of pam.d/imap: > > > # cat imap > # > # $FreeBSD: src/etc/pam.d/imap,v 1.7.10.1.6.1 2010/12/21 17:09:25 kensmith Exp $ > # > # PAM configuration for the "imap" service > # > > # auth > auth sufficient pam_winbind.so no_warn > try_first_pass debug > #auth sufficient pam_ssh.so no_warn try_first_pass > auth required pam_unix.so no_warn try_first_pass > > # account > #account required pam_nologin.so > account required pam_unix.so > #account required pam_winbind.so > > > I also attempted a change in pam.d/system: > > > # cat system > # > # $FreeBSD: src/etc/pam.d/system,v 1.1.32.1.6.1 2010/12/21 17:09:25 > kensmith Exp $ > # > # System-wide defaults > # > > # auth > auth sufficient pam_opie.so no_warn no_fake_prompts > auth requisite pam_opieaccess.so no_warn allow_local > auth sufficient pam_krb5.so no_warn try_first_pass > #auth sufficient pam_ssh.so no_warn try_first_pass > auth required pam_unix.so no_warn > try_first_pass nullok > > # account > account required pam_krb5.so > account required pam_login_access.so > account required pam_unix.so > > # session > #session optional pam_ssh.so > session required pam_lastlog.so no_fail > > # password > password sufficient pam_krb5.so no_warn try_first_pass > password required pam_unix.so no_warn try_first_pass > > > > Which don't let me login to the Dovecot service :-( > > > > The dovecot.log file shows this: > > > Jun 20 11:30:40 master: Warning: Killed with signal 15 (by pid=4149 > uid=0 code=kill) > Jun 20 11:30:48 auth: Fatal: No passdbs specified in configuration > file. LOGIN mechanism needs one > Jun 20 11:30:48 master: Error: service(auth): command startup failed, > throttling for 2 secs > Jun 20 11:30:59 master: Warning: Killed with signal 15 (by pid=4182 > uid=0 code=kill) > Jun 20 11:31:13 auth: Fatal: No passdbs specified in configuration > file. LOGIN mechanism needs one > Jun 20 11:31:13 master: Error: service(auth): command startup failed, > throttling for 2 secs > Jun 20 11:32:38 master: Warning: Killed with signal 15 (by pid=4245 > uid=0 code=kill) > Jun 20 11:32:58 imap-login: Warning: Auth connection closed with 1 > pending requests (max 0 secs, pid=4265, EOF) > Jun 20 11:32:58 auth: Fatal: master: service(auth): child 4266 killed > with signal 11 (core not dumped - set service auth { > drop_priv_before_exec=yes }) > Jun 20 11:46:21 master: Warning: Killed with signal 15 (by pid=4318 > uid=0 code=kill) > Jun 20 11:46:42 auth-worker(4340): Error: pam(,127.0.0.1): > pam_authenticate() failed: authentication error (/etc/pam.d/dovecot > missing?) > Jun 20 11:46:55 auth: Error: Got NTLMSSP neg_flags=0xa2088207 > Jun 20 11:46:55 auth: Error: Got user=[] domain=[] > workstation=[WKS-42] len1=24 len2=270 > Jun 20 11:46:55 auth: Error: Login for user []\[]@[WKS-42] > failed due to [Reading winbind reply failed!] > Jun 20 11:49:47 master: Warning: Killed with signal 15 (by pid=4400 > uid=0 code=kill) > Jun 20 11:49:53 auth: Fatal: passdb imap: Missing host parameter > Jun 20 11:49:53 master: Error: service(auth): command startup failed, > throttling for 2 secs > Jun 20 11:50:10 master: Warning: Killed with signal 15 (by pid=4439 > uid=0 code=kill) > Jun 20 11:50:22 auth-worker(4461): Error: pam(,127.0.0.1): > pam_authenticate() failed: authentication error (/etc/pam.d/dovecot > missing?) > Jun 20 11:51:19 master: Warning: Killed with signal 15 (by pid=4479 > uid=0 code=kill) > Jun 20 11:52:14 master: Warning: Killed with signal 15 (by pid=4647 > uid=0 code=kill) > Jun 20 12:26:12 master: Warning: Killed with signal 15 (by pid=1349 > uid=0 code=kill) > Jun 20 12:26:32 auth-worker(1371): Error: pam(,127.0.0.1): > pam_authenticate() failed: authentication error (/etc/pam.d/dovecot > missing?) > Jun 20 12:40:20 master: Warning: Killed with signal 15 (by pid=1436 > uid=0 code=kill) > Jun 20 12:40:39 auth-worker(1458): Error: pam(,127.0.0.1): > pam_authenticate() failed: authentication error (/etc/pam.d/dovecot > missing?) > Jun 20 13:06:03 master: Warning: Killed with signal 15 (by pid=1653 > uid=0 code=kill) > Jun 20 13:07:37 auth-worker(1222): Error: pam(,127.0.0.1): > pam_authenticate() failed: authentication error (/etc/pam.d/dovecot > missing?) > Jun 20 15:05:11 master: Warning: Killed with signal 15 (by pid=91263 > uid=0 code=kill) > Jun 22 10:02:03 master: Warning: Killed with signal 15 (by pid=38998 > uid=0 code=kill) > Jun 22 10:04:08 auth-worker(1229): Error: pam(,127.0.0.1): > pam_authenticate() failed: authentication error (/etc/pam.d/dovecot > missing?) > Jun 22 10:10:47 master: Warning: Killed with signal 15 (by pid=1394 > uid=0 code=kill) > Jun 22 10:12:36 auth-worker(1218): Error: pam(,127.0.0.1): > pam_authenticate() failed: authentication error (/etc/pam.d/dovecot > missing?) > Jun 22 10:20:57 auth-worker(1232): Error: pam(,127.0.0.1): > pam_authenticate() failed: authentication error (/etc/pam.d/dovecot > missing?) > > > > Can anybody help me with this? > > > Regards, > > > Kaya > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " freebsd-questions-unsubscribe@freebsd.org" hi, The log indicates its looking for /etc/pam.d/dovecot (instead of imap?) ..... maybe that's the issue. Waitman Gobble San Jose California USA