dovecot - Oct 2005 - Dovecot on FC3 with Active Directory authentication

I am building an IMAP server that uses Dovecot/Sendmail on FC3 to  
replace our POP server that uses Dovecot (via POP)/Sendmail on FC2.  
My new server is authenticating users via winbind/smb against my  
WIndows 2003 Active Directory. The authentication is working great.  
The problem come up when a user gets an email and has not ever logged  
into the IMAP server via SSH, local, or GDM, therefore that user has  
no home directory.

/etc/pam.d/ssh, /etc/pam.d/login, and /etc/pam.d/gdm all have a line  
calling mkhomedir.so, which is using the /etc/skel home directory  
skeleton to create the user's home dir upon successful login,  
however, when I add that line to /etc/pam.d/dovecot, I get a  
permission denied error in /var/log/maillog. I'm assuming this is  
because dovecot is running as the user at this point, and therefore  
does not have the necessary permissions to create a folder under / 
home/DOMAIN/, which is where the home dir is supposed to be. If I  
manually create the folder, and set it's permissions, or if the user  
logs in via any of the before-mentioned methods, dovecot and sendmail  
work great.

Does anyone else run a similar setup? If so, how did you overcome  
this problem?

If not, can some Linux gurus recommend either altering the write  
permissions on the /home/DOMAIN directory, or should I try to call  
the mkhomdir app earlier in the process somehow?

Any help would be appreciated. I'm trying to make this as seamless as  
possible. Basically, I can manually create all the home dirs well  
enough, but when I add a new user to the Active Directory, it would  
be nice if this part was automated as much as possible.

Thanks,

Jeff Ramsey
MIS Administrator
Tubafor Mill, Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20051006/58090ab3/attachment.bin>

On Thu, 2005-10-06 at 10:28 -0700, Jeff Ramsey wrote:
> /etc/pam.d/ssh, /etc/pam.d/login, and /etc/pam.d/gdm all have a line  
> calling mkhomedir.so, which is using the /etc/skel home directory  
> skeleton to create the user's home dir upon successful login,  
> however, when I add that line to /etc/pam.d/dovecot, I get a  
> permission denied error in /var/log/maillog. I'm assuming this is  
> because dovecot is running as the user at this point, and therefore  
> does not have the necessary permissions to create a folder under / 
> home/DOMAIN/, which is where the home dir is supposed to be. If I  
> manually create the folder, and set it's permissions, or if the user  
> logs in via any of the before-mentioned methods, dovecot and sendmail  
> work great.
Which section did you add it to?

-- 
Ignacio Vazquez-Abrams <ivazquez at ivazquez.net>
http://fedora.ivazquez.net/

gpg --keyserver hkp://subkeys.pgp.net --recv-key 38028b72
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20051006/48359d38/attachment.bin>

On Thu, 2005-10-06 at 10:28 -0700, Jeff Ramsey wrote:
> /etc/pam.d/ssh, /etc/pam.d/login, and /etc/pam.d/gdm all have a line  
> calling mkhomedir.so, which is using the /etc/skel home directory  
> skeleton to create the user's home dir upon successful login,  
> however, when I add that line to /etc/pam.d/dovecot, I get a  
> permission denied error in /var/log/maillog. I'm assuming this is  
> because dovecot is running as the user at this point, 
No. PAM calls are made by dovecot-auth process, and it runs as auth_user
specified in config file. Have you changed that to be non-root? Another
reason why it could be denied is because of SELinux if you have it
enabled.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20051016/637f6da7/attachment.bin>