Timo,
Thanks for your response.
On Sun, 14 Dec 2008, Timo Sirainen wrote:
> On Thu, 2008-11-20 at 15:42 -0500, Alan Ferrency wrote:
> > Hello,
> >
> > In our configuration, we are using a "passdb passwd-file",
with
> > "user=" directives in each username, and a separate
"userdb
> > passwd-file" which contains the target usernames for the
"user="
> > directives. This works fine, for normal logins via POP and IMAP.
> >
> > For customer support testing purposes, we also set up a temporary
> > "master=yes" passwd-file. This works fine, for any passdb
username
> > that does not have a "user=" field.
> >
> > However, it seems that if we use the master user to log into a
> > username that is in the passdb with a "user=" field, dovecot
looks in
> > the userdb for the original username, and not for the
"user="
> > username specified in the passdb passwd-file.
> >
> > Is this a known bug? Maybe I'm doing something wrong?
>
> Works fine here with latest v1.1 code. Set auth_debug=yes and show me
> the logs when logging in? Also show dovecot -n output.
Here's a sample. I've included dovecot -n and log output below.
A passwd-file entry in virtual.ip.passwd (see dovecot -n for the
passdb/userdb config):
park at
10.2.1.1:<snip>:3393:1000::/usr/boxes/basicguy/basicguydomain.com::
user=park at basicguydomain.com
The corresponding passdb/userdb entry, in virtual.passwd:
park at basicguydomain.com:<snip- same
passwd>:3393:1000::/usr/boxes/basicguy/basicguydomain.com::userdb_mail=mbox:~/park^/.imap:INBOX=~/park
The master user entry:
staff:{crypt}<snip>::::::allow_nets=<snip>
A sample telnet session, attempting to log in to the IP based staff username:
* OK Dovecot ready.
a login park at 10.2.1.1*staff <snip>
* BYE Internal login failure. Refer to server log for more information.
The logs (below) indicate that the master user login succeeds, and then it
looks in both of the userdb files for the username "park at 10.2.1.1".
However, this username never appears in the userdb files; instead, it
has a "user=" entry in the passdb file.
In researching this problem I became aware of an unrelated
configuration problem: I should also have a passdb entry for
virtual.ip.passwd without the username_format parameter. However,
adding this entry makes no difference: after logging in with the
master user, dovecot still only checks in the userdb files and not the
passdb files anyway.
Should I include the virtual.ip.passwd file as a userdb file as well?
If I do, will dovecot follow the user= reference if it appears in a
userdb file?
Thank you for your help!
Alan Ferrency
pair Networks, Inc.
alan at pair.com
* Logs:
Dec 16 11:47:41 qenni dovecot: auth(default): client in: AUTH 1 PLAIN
service=imap lip=<snip> rip=<snip>
lport=143 rport=62216 resp=<hidden>
Dec 16 11:47:41 qenni dovecot: auth(default): passwd-file
/usr/boxes/.passwd/master.user: Read 1 users
Dec 16 11:47:41 qenni dovecot: auth(default):
passwd-file(staff,<snip>,master): lookup: user=staff
file=/usr/boxes/.passwd/master.user
Dec 16 11:47:41 qenni dovecot: auth(default): auth(staff,<snip>,master):
allow_nets: Matching for network <snip>
Dec 16 11:47:41 qenni dovecot: auth(default): passdb(staff,<snip>,master):
Master user logging in as park at 10.2.1.1
Dec 16 11:47:41 qenni dovecot: auth(default): client out: OK 1
user=park at 10.2.1.1
Dec 16 11:47:41 qenni dovecot: auth(default): master in: REQUEST 3
96912 1
Dec 16 11:47:41 qenni dovecot: auth(default): passwd-file(park at
10.2.1.1,<snip>): lookup: user=park at 10.2.1.1
file=/usr/boxes/.passwd/virtual.passwd
Dec 16 11:47:41 qenni dovecot: auth(default): passwd-file(park at
10.2.1.1,<snip>): unknown user
Dec 16 11:47:41 qenni dovecot: auth(default): passwd-file(park at
10.2.1.1,<snip>): lookup: user=park at 10.2.1.1
file=/usr/boxes/.passwd/master.passwd
Dec 16 11:47:41 qenni dovecot: auth(default): passwd-file(park at
10.2.1.1,<snip>): unknown user
Dec 16 11:47:41 qenni dovecot: auth(default): userdb(park at
10.2.1.1,<snip>): user not found from userdb
Dec 16 11:47:41 qenni dovecot: auth(default): master out: NOTFOUND 3
Dec 16 11:47:41 qenni dovecot: imap-login: Internal login failure (auth failed,
1 attempts): user=<park at 10.2.1.1>, method=PLAIN, rip=<snip>,
lip=<snip>
* dovecot -n
# 1.1.6: /etc/postfix/dovecot.conf
# OS: FreeBSD 6.2-RELEASE-p12 i386
base_dir: /var/run/dovecot
protocols: imap imaps pop3 pop3s
ssl_cert_file: /usr/local/ssl/certs/imapd-ssl.pem
ssl_key_file: /usr/local/ssl/certs/imapd-ssl.pem
ssl_cipher_list: ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:!SSLv2
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
fsync_disable: yes
mbox_read_locks: flock
mbox_write_locks: flock
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugins(default): pair_relay quota imap_quota
mail_plugins(imap): pair_relay quota imap_quota
mail_plugins(pop3): pair_relay quota
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
imap_client_workarounds(default): outlook-idle tb-extra-mailbox-sep
imap_client_workarounds(imap): outlook-idle tb-extra-mailbox-sep
imap_client_workarounds(pop3):
pop3_no_flag_updates: yes
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
mechanisms: plain login
master_user_separator: *
passdb:
driver: passwd-file
args: /usr/boxes/.passwd/virtual.passwd
passdb:
driver: passwd-file
args: username_format=%n@%l /usr/boxes/.passwd/virtual.ip.passwd
passdb:
driver: passwd-file
args: /usr/boxes/.passwd/master.passwd
passdb:
driver: passwd-file
args: /usr/boxes/.passwd/master.user
master: yes
userdb:
driver: passwd-file
args: /usr/boxes/.passwd/virtual.passwd
userdb:
driver: passwd-file
args: /usr/boxes/.passwd/master.passwd
socket:
type: listen
master:
path: /var/run/dovecot/auth-master
mode: 432
user: vmail
group: users
plugin:
PAIR_RELAY_PACKET: %u %l %r
PAIR_RELAY_INTERVAL: 1800