Hi all,
i try to migrate my dovecot to a new server. While everything works fine
for my virtual mailbox domains via mysql, my system users for my main
domain cannot authenticate.
System users can login via ssh, can sudo etc.
root@bywater ~ # lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.4 LTS
Release: 22.04
Codename: jammy
root@bywater ~ # doveconf -n
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.16 (09c29328)
# OS: Linux 5.15.0-102-generic x86_64 Ubuntu 22.04.4 LTS
# Hostname: bywater.qno.de
auth_debug = yes
auth_debug_passwords = yes
listen = 65.21.136.15, [::]
mail_location = maildir:~/Maildir
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/tables.d/dovecot-sql.conf.ext
driver = sql
}
passdb {
args = dovecot
driver = pam
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
postmaster_address = postmas...@qno.de
protocols = " imap sieve"
service auth-worker {
user = vmail
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
user = dovecot
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
unix_listener lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl = required
ssl_cert = </etc/letsencrypt/live/imap2.qno.de/fullchain.pem
ssl_cipher_list =
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
syslog_facility = local0
userdb {
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%u
driver = static
}
userdb {
driver = passwd
}
verbose_proctitle = yes
/etc/pam.d/dovecot:
#%PAM-1.0
@include common-auth
@include common-account
@include common-session
root@bywater ~ # doveadm auth test qno 'xxxxxxx'
passdb: qno auth failed
extra fields:
user=qno
/var/log/auth.log:
Apr 12 18:19:16 bywater unix_chkpwd[611002]: check pass; user unknown
Apr 12 18:19:16 bywater unix_chkpwd[611003]: check pass; user unknown
Apr 12 18:19:16 bywater unix_chkpwd[611003]: password check failed for
user (qno)
Apr 12 18:19:16 bywater auth worker: PASSV: pam_unix(dovecot:auth):
authentication failure; logname= uid=5000 euid=5000 tty=dovecot
ruser=qno rhost= user=qno
/var/log/dovecot/dovecot.debug:
Apr 12 18:19:16 bywater dovecot: auth: Debug: auth client connected (pid=0)
Apr 12 18:19:16 bywater dovecot: auth: Debug: client in:
AUTH#0111#011PLAIN#011service=doveadm#011debug#011resp=cW5vAHFu
bwAhMTRKMDN6ODgu (previous base64 data may contain sensitive data)
Apr 12 18:19:16 bywater dovecot: auth: Debug: sql(qno): Performing
passdb lookup
Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: conn
unix:auth-worker (pid=610992,uid=110): auth-worker<5>:
Handling PASSV request
Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: conn
unix:auth-worker (pid=610992,uid=110): auth-worker<5>:
sql(qno): Performing passdb lookup
Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: conn
unix:auth-worker (pid=610992,uid=110): auth-worker<5>:
sql(qno): query: SELECT email as user, password FROM user WHERE
email='qno'
Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug:
mysql(localhost): Finished query 'SELECT email as user, pas
sword FROM user WHERE email='qno'' in 0 msecs
Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: conn
unix:auth-worker (pid=610992,uid=110): auth-worker<5>:
sql(qno): Finished passdb lookup
Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: conn
unix:auth-worker (pid=610992,uid=110): auth-worker<5>:
Finished: user_unknown
Apr 12 18:19:16 bywater dovecot: auth: Debug: sql(qno): Finished passdb
lookup
Apr 12 18:19:16 bywater dovecot: auth: Debug: pam(qno): Performing
passdb lookup
Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: conn
unix:auth-worker (pid=610992,uid=110): auth-worker<6>:
Handling PASSV request
Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: conn
unix:auth-worker (pid=610992,uid=110): auth-worker<6>:
pam(qno): Performing passdb lookup
Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: conn
unix:auth-worker (pid=610992,uid=110): auth-worker<6>:
pam(qno): lookup service=dovecot
Apr 12 18:19:16 bywater dovecot: auth-worker(610993): Debug: conn
unix:auth-worker (pid=610992,uid=110): auth-worker<6>: pam(qno): #1/1
style=1 msg=Password:
Apr 12 18:19:17 bywater dovecot: auth-worker(610993): Debug: conn
unix:auth-worker (pid=610992,uid=110): auth-worker<6>: pam(qno):
Finished passdb lookup
Apr 12 18:19:17 bywater dovecot: auth-worker(610993): Debug: conn
unix:auth-worker (pid=610992,uid=110): auth-worker<6>: Finished:
password_mismatch
Apr 12 18:19:17 bywater dovecot: auth: Debug: pam(qno): Finished passdb
lookup
Apr 12 18:19:17 bywater dovecot: auth: Debug: auth(qno): Auth request
finished
Same results with a real IMAP client.
I have no further ideas where to look for my fault. Can somebody help?
TIA
QNo
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
