I can't logon to the mail server using an NIS user account

Question

Below is my configuration

# 2.0.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.0.0-17-server x86_64 Ubuntu 11.10
auth_mechanisms = plain login
mail_location = maildir:/nfs/users/%u/Maildir
passdb {
  args = scheme=CRYPT username_format=%u /etc/dovecot/users
  driver = passwd-file
}
protocols = " imap pop3"
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
ssl_cert = </etc/ssl/certs/mail.prisaltd.local.crt
ssl_key = </etc/ssl/private/prisa.key
userdb {
  args = username_format=%u /etc/dovecot/users
  driver = passwd-file
}
protocol imap {
  imap_client_workarounds = tb-extra-mailbox-sep
  imap_logout_format = bytes=%i/%o
  mail_plugins =
}

/etc/pam.d/common-password

# here are the per-package modules (the "Primary" block)
password    [success=1 default=ignore]  pam_unix.so obscure sha512 nis
# here's the fallback if no module succeeds
password    requisite           pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
password    required            pam_permit.so
# and here are more per-package modules (the "Additional" block)
password    optional    pam_ecryptfs.so 
# end of pam-auth-update config

dovecot logs

May 26 13:14:39 prisa-appserver ntpdate[574]: Can't find host ntp.ubuntu.com: Name or service not known (-2)
May 26 13:14:39 prisa-appserver ntpdate[574]: no servers can be used, exiting
May 26 13:14:48 prisa-appserver sudo: pam_ecryptfs: pam_sm_authenticate: /home/prisa is already mounted
May 26 13:14:50 prisa-appserver kernel: [   90.418686] CIFS: Unknown mount option -
May 26 13:14:50 prisa-appserver kernel: [   90.472004] CIFS VFS: default security mechanism requested.  The default security mechanism will be upgraded from ntlm to ntlmv2 in kernel release 3.1
May 26 13:15:44 prisa-appserver ntpdate[1571]: Can't find host ntp.ubuntu.com: Name or service not known (-2)
May 26 13:15:44 prisa-appserver ntpdate[1571]: no servers can be used, exiting
May 26 13:17:01 prisa-appserver CRON[1678]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
May 26 13:39:01 prisa-appserver CRON[1775]: (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete)
May 26 13:46:08 prisa-appserver dovecot: imap-login: Disconnected (auth failed, 3 attempts): user=<prisa>, method=PLAIN, rip=192.168.128.14, lip=192.168.128.15, TLS
May 26 13:46:59 prisa-appserver dovecot: imap-login: Aborted login (no auth attempts): rip=192.168.128.14, lip=192.168.128.15
May 26 13:46:59 prisa-appserver dovecot: imap-login: Aborted login (no auth attempts): rip=192.168.128.14, lip=192.168.128.15
May 26 13:46:59 prisa-appserver dovecot: imap-login: Disconnected (no auth attempts): rip=192.168.128.14, lip=192.168.128.15, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48
May 26 13:46:59 prisa-appserver dovecot: pop3-login: Aborted login (no auth attempts): rip=192.168.128.14, lip=192.168.128.15
May 26 13:46:59 prisa-appserver dovecot: pop3-login: Aborted login (no auth attempts): rip=192.168.128.14, lip=192.168.128.15
May 26 13:46:59 prisa-appserver dovecot: pop3-login: Disconnected (no auth attempts): rip=192.168.128.14, lip=192.168.128.15, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48
May 26 13:46:59 prisa-appserver dovecot: imap-login: Aborted login (no auth attempts): rip=192.168.128.14, lip=192.168.128.15, TLS
May 26 13:46:59 prisa-appserver dovecot: pop3-login: Disconnected (no auth attempts): rip=192.168.128.14, lip=192.168.128.15, TLS
May 26 13:47:04 prisa-appserver postfix/smtpd[1820]: connect from unknown[192.168.128.14]
May 26 13:47:04 prisa-appserver postfix/smtpd[1820]: improper command pipelining after EHLO from unknown[192.168.128.14]
May 26 13:47:04 prisa-appserver postfix/smtpd[1820]: disconnect from unknown[192.168.128.14]
May 26 13:47:04 prisa-appserver postfix/smtpd[1830]: connect from unknown[192.168.128.14]
May 26 13:47:04 prisa-appserver postfix/smtpd[1830]: lost connection after CONNECT from unknown[192.168.128.14]
May 26 13:47:04 prisa-appserver postfix/smtpd[1830]: disconnect from unknown[192.168.128.14]
May 26 13:47:22 prisa-appserver dovecot: imap-login: Disconnected (auth failed, 3 attempts): user=<femmy>, method=PLAIN, rip=192.168.128.14, lip=192.168.128.15, TLS
May 26 13:47:48 prisa-appserver dovecot: imap-login: Disconnected (auth failed, 3 attempts): user=<femmy@mail.prisaltd.local>, method=PLAIN, rip=192.168.128.14, lip=192.168.128.15, TLS
May 26 13:48:15 prisa-appserver dovecot: imap-login: Disconnected (auth failed, 3 attempts): user=<femmy>, method=PLAIN, rip=192.168.128.14, lip=192.168.128.15, TLS
May 26 13:48:21 prisa-appserver dovecot: imap-login: Disconnected (auth failed, 3 attempts): user=<femmy@mail.prisaltd.local>, method=PLAIN, rip=192.168.128.14, lip=192.168.128.15, TLS

Please what am I doing wrong? I've been on this for 2 weeks.

Thanks

BillThor · Answer 1 · 2012-05-26T16:58:49.527

Dovecot makes no assumption that you want to enable access for system users. This allows it to provide an environment where only virtual users have access. It appears you have only configured virtual users. You can combine multiple user and password databases. I use an additional password database to provide users with e-mail only passwords for from cyber-cafes and other remote locations.

You have made no provisions for logging in with system (NIS) users. Try adding a userdb specification using the passwd driver. Something like this should work.

userdb {
    driver = passwd
}

You will also need a corresponding passdb (password database) specification. Using passwd as the driver will use NSS lookups which should include NID data. As you have configured PAM you may want to try the pam driver.

passdb {
    driver = passwd
}

On Ubuntu these options are available but commented out in /etc/dovecot/conf.d/auth-system.conf.ext. You would need to uncomment the appropriate lines in this file as well as uncommenting the line including this file in /etc/dovecot/confd./10-auth.conf. This would be an appropriate file to add the configuration to if you have it. It has been my experience that dovecot will accept configuration data in any order as long as it is in a file that is included in the configuration. The command dovecot -n will display the configuration data after includes and comment removal.

Thanks. Where exactly does this go into? /etc/dovecot/conf.d/10-auth.conf? — drecute, May 26 '12 at 16:31

I can't logon to the mail server using an NIS user account

/etc/pam.d/common-password

dovecot logs

1 Answers1