Re: Dovecot and IPA

2015-09-08 Thread Benny Pedersen
Kanwar Ranbir Sandhu skrev den 2015-09-08 17:14: Thanks to everyone for the help! At least now I know it's not my fault. only fault if any you maked was to choice a precompiled problem, but try to make a bugreport at redhat on it, possible also on other distros that is precompiled, if you fi

Re: Dovecot and IPA

2015-09-08 Thread Kanwar Ranbir Sandhu
On Tue, 2015-09-08 at 19:27 +0300, Timo Sirainen wrote: > You can probably work around that by configuring something like: > > passdb { > driver = passwd-file > args = /etc/dovecot/passwd.master > master = yes > } > > The passwd.master file itself can be empty. Where do I add this config:

Re: Dovecot and IPA

2015-09-08 Thread Timo Sirainen
On 09/08/2015 06:14 PM, Kanwar Ranbir Sandhu wrote: > On Tue, 2015-09-08 at 13:11 +0300, Timo Sirainen wrote: >> I guess it's now crashing with this: >> >> auth: Panic: file auth-request.c: line 733 >> (auth_request_is_disabled_master_user): assertion failed: (request >> ->requested_login_user != N

Re: Dovecot and IPA

2015-09-08 Thread Kanwar Ranbir Sandhu
On Tue, 2015-09-08 at 13:11 +0300, Timo Sirainen wrote: > I guess it's now crashing with this: > > auth: Panic: file auth-request.c: line 733 > (auth_request_is_disabled_master_user): assertion failed: (request > ->requested_login_user != NULL) > > That's a bug in the Dovecot version you're using

Re: Dovecot and IPA

2015-09-08 Thread Timo Sirainen
> On 08 Sep 2015, at 06:16, Kanwar Ranbir Sandhu > wrote: > > On Mon, 2015-09-07 at 23:15 +0200, Benny Pedersen wrote: >> change password before debug logs >> >> then run debug >> >> change password >> >> paste it >> >> is safe > > Here's the in rawlog: > > 1441680001.046492 B1 AUTHEN

Re: Dovecot and IPA

2015-09-07 Thread Kanwar Ranbir Sandhu
On Mon, 2015-09-07 at 23:15 +0200, Benny Pedersen wrote: > change password before debug logs > > then run debug > > change password > > paste it > > is safe Here's the in rawlog: 1441680001.046492 B1 AUTHENTICATE GSSAPI 1441680001.051720 YIICZQYJKoZIhvcSAQICAQBuggJUMIICUKADAgEFoQMCAQ6iBwM

Re: Dovecot and IPA

2015-09-07 Thread Benny Pedersen
Kanwar Ranbir Sandhu skrev den 2015-09-07 22:58: Alright, I enabled it. I have some logs, but I'm not clear on what I should and shouldn't include here. Can I just copy and paste both in and out logs verbatim without inadvertently giving up my passwords or something?? change password before de

Re: Dovecot and IPA

2015-09-07 Thread Kanwar Ranbir Sandhu
On Mon, 2015-09-07 at 20:37 +0300, Timo Sirainen wrote: > It says "tried to use unsupported auth mechanism". In your later mail > you say that telnet shows AUTH=GSSAPI in capabilities. So that would > mean that the client isn't using AUTHENTICATE GSSAPI but something > else. I'd been considering t

Re: Dovecot and IPA

2015-09-07 Thread Benny Pedersen
Peter Chiochetti skrev den 2015-09-07 20:21: dovecot is buildt with security in mind... using namebased gid or uid is not secure it might just still works, but its not secure Benny, where did you learn all this? not here, since no one care :) time for my own coffee break after a long day

Re: Dovecot and IPA

2015-09-07 Thread Peter Chiochetti
Am 2015-09-07 um 19:47 schrieb Benny Pedersen: Kanwar Ranbir Sandhu skrev den 2015-09-07 19:29: I tried it for shits and giggles: no change. :( I'm still seeing the same problem. dovecot is buildt with security in mind... using namebased gid or uid is not secure it might just still works, b

Re: Dovecot and IPA

2015-09-07 Thread Benny Pedersen
Kanwar Ranbir Sandhu skrev den 2015-09-07 19:29: I tried it for shits and giggles: no change. :( I'm still seeing the same problem. dovecot is buildt with security in mind... using namebased gid or uid is not secure it might just still works, but its not secure

Re: Dovecot and IPA

2015-09-07 Thread Manuel Delgado
>From the first message I noted this: mailman02 dovecot: imap-login: Disconnected (tried to use unsupported auth > mechanism): user=<>, method=PLAIN, rip=1.1.1.1, lip=2.2.2.2, TLS, > session= It seems that your client is not using GSSAPI, but PLAIN instead. About your config: On Mon, Sep 7, 20

Re: Dovecot and IPA

2015-09-07 Thread Timo Sirainen
> On 07 Sep 2015, at 00:41, Kanwar Ranbir Sandhu > wrote: > > Hello, > > I'm trying to get Dovecot to use GSSAPI for authentication. I have an IPA > server on CentOS 7 with a bunch of my servers attached to the IPA domain, > including the server running Dovecot. > > I've followed official d

Re: Dovecot and IPA

2015-09-07 Thread Kanwar Ranbir Sandhu
On Mon, 2015-09-07 at 13:29 -0400, Kanwar Ranbir Sandhu wrote: > I tried it for shits and giggles: no change. :( I'm still seeing the > same problem. I forget to add some additional errors I've seen in the logs: http://pastebin.ca/3155329 -- Kanwar R.S. Sandhu

Re: Dovecot and IPA

2015-09-07 Thread Kanwar Ranbir Sandhu
On Mon, 2015-09-07 at 18:39 +0200, Benny Pedersen wrote: > Kanwar Ranbir Sandhu skrev den 2015-09-07 18:02: > > > args = uid=virtual gid=virtual home=/var/spool/mail/%d/%n/ > > uid and gid must be nummeric just like output from id > > id virtual > > make the args have same info I tried it fo

Re: Dovecot and IPA

2015-09-07 Thread Kanwar Ranbir Sandhu
On Mon, 2015-09-07 at 18:39 +0200, Benny Pedersen wrote: > Kanwar Ranbir Sandhu skrev den 2015-09-07 18:02: > > > args = uid=virtual gid=virtual home=/var/spool/mail/%d/%n/ > > uid and gid must be nummeric just like output from id > > id virtual > > make the args have same info That's never

Re: Dovecot and IPA

2015-09-07 Thread Benny Pedersen
Kanwar Ranbir Sandhu skrev den 2015-09-07 18:02: args = uid=virtual gid=virtual home=/var/spool/mail/%d/%n/ uid and gid must be nummeric just like output from id id virtual make the args have same info

Re: Dovecot and IPA

2015-09-07 Thread Kanwar Ranbir Sandhu
On Mon, 2015-09-07 at 17:07 +0200, Benny Pedersen wrote: > Kanwar Ranbir Sandhu skrev den 2015-09-07 16:47: > > > Kerberos + Dovecot apparently works really well, but not for > > me...yet. :( > > you choiced to use a precompiled problem from redhat, no ? Yes. Well, not Red Hat directly - I'm usi

Re: Dovecot and IPA

2015-09-07 Thread Kanwar Ranbir Sandhu
On Mon, 2015-09-07 at 09:14 -0600, Manuel Delgado wrote: > Hi Ranbir > > I've worked with freeIPA a little, but without your doveconf or some other > context information, it is difficult to identify the issue. Crap...I meant to include that. Here's what it looks like when I enable GSSAPI: # 2.

Re: Dovecot and IPA

2015-09-07 Thread Manuel Delgado
Hi Ranbir I've worked with freeIPA a little, but without your doveconf or some other context information, it is difficult to identify the issue. Regards, Manuel Delgado --- *Usuario Linux* *#520940 * Mag. Computaci

Re: Dovecot and IPA

2015-09-07 Thread Benny Pedersen
Kanwar Ranbir Sandhu skrev den 2015-09-07 16:47: Kerberos + Dovecot apparently works really well, but not for me...yet. :( you choiced to use a precompiled problem from redhat, no ? if you used freebsd or gentoo there whould only be learning curve left back to your problem, are you sure main

Re: Dovecot and IPA

2015-09-07 Thread Kanwar Ranbir Sandhu
On Sun, 2015-09-06 at 17:41 -0400, Kanwar Ranbir Sandhu wrote: > I've followed official documentation from Red Hat and read numerous wiki > articles on how to configure Dovecot to get it to use GSSAPI correctly. > I don't think I've done anything incorrectly, but it refuses to work. > This is th

Dovecot and IPA

2015-09-06 Thread Kanwar Ranbir Sandhu
Hello, I'm trying to get Dovecot to use GSSAPI for authentication. I have an IPA server on CentOS 7 with a bunch of my servers attached to the IPA domain, including the server running Dovecot. I've followed official documentation from Red Hat and read numerous wiki articles on how to configu