'Re: Help with master user'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dovecot
Subject:    Re: Help with master user
From:       Marcio Merlone via dovecot <dovecot () dovecot ! org>
Date:       2019-11-04 12:33:27
Message-ID: 4d7252b1-e152-0db9-d4cb-fd4dfd0c08f9 () a1 ! ind ! br
[Download RAW message or body]

Pleeeease? :)

Em 01/11/2019 14:23, Marcio Merlone via dovecot escreveu:
> 
> Hi,
> 
> Trying to implement a master user (1) for auditing purposes without 
> luck. Ubuntu 18.04.3, canonical official repos only, no ppa nor 
> self-compiled anything. From the log below I understand the master 
> password succeeds but AD auth fails. I am pretty sure I missed 
> something here. Also, notice the messages "Ignoring unknown passdb 
> extra field: original_user".
> 
> Log:
> 
> Nov  1 14:02:32 netuno dovecot: auth: Debug: client in: 
> AUTH#0112#011PLAIN#011service=imap#011secured#011session=H2WM7kuWFKYKCQgI#011lip=10.9.8.8#011rip=10.9.8.8#011lport=143#011rport=42516#011resp=<hidden>
>                 
> Nov  1 14:02:32 netuno dovecot: auth: Debug: 
> passwd-file(master,10.9.8.8,master,<H2WM7kuWFKYKCQgI>): Master user 
> lookup for login: test.account
> Nov  1 14:02:32 netuno dovecot: auth: Debug: 
> passwd-file(master,10.9.8.8,master,<H2WM7kuWFKYKCQgI>): lookup: 
> user=master file=/etc/dovecot/master-users
> Nov  1 14:02:32 netuno dovecot: auth: 
> passwd-file(master,10.9.8.8,master,<H2WM7kuWFKYKCQgI>): Master user 
> logging in as test.account
> Nov  1 14:02:32 netuno dovecot: auth: 
> ldap(test.account,10.9.8.8,<H2WM7kuWFKYKCQgI>): invalid credentials
> Nov  1 14:02:34 netuno dovecot: auth: Debug: client passdb out: 
> FAIL#0112#011user=test.account#011authz#011original_user=master#011auth_user=master
> Nov  1 14:02:34 netuno dovecot: imap-login: Debug: Ignoring unknown 
> passdb extra field: original_user
> Nov  1 14:02:34 netuno dovecot: imap-login: Debug: Ignoring unknown 
> passdb extra field: auth_user
> Nov  1 14:02:42 netuno dovecot: imap-login: Aborted login (auth 
> failed, 1 attempts in 10 secs): user=<test.account>, method=PLAIN, 
> rip=10.9.8.8, lip=10.9.8.8, secured, session=<H2WM7kuWFKYKCQgI>
> 
> doveconf -n:
> 
> https://pastebin.com/3cAvfNqB
> 
> root@netuno:/etc/dovecot# grep -v "^\s*#\|^\s*$" 
> /etc/dovecot/dovecot-ldap.conf.ext
> hosts = ad.example.net
> auth_bind = yes
> auth_bind_userdn = cn=%Lu,CN=Users,DC=ad,DC=example,DC=net
> base = DC=ad,DC=example,DC=net
> scope = base
> user_attrs = \
> =home=/mnt/maildirs/%Lu, \
> =uid=vmail,\
> =gid=vmail
> user_filter = (&(objectClass=person)(uid=%Lu)(mail=*@example.net))
> root@netuno:/etc/dovecot#
> 
> root@netuno:/etc/dovecot# cat /etc/dovecot/global-acls
> * user=master lr
> root@netuno:/etc/dovecot#
> 
> (1) 
> https://doc.dovecot.org/configuration_manual/authentication/master_users/
> 
> Best regards
> 
> -- 
> *Marcio Merlone*
-- 
*Marcio Merlone*


[Attachment #3 (text/html)]

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Pleeeease? :)<br>
    </p>
    <div class="moz-cite-prefix">Em 01/11/2019 14:23, Marcio Merlone via
      dovecot escreveu:<br>
    </div>
    <blockquote type="cite"
      cite="mid:73c1364e-45e8-ad5b-143e-14d948844b24@a1.ind.br">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <p>Hi,</p>
      <p>Trying to implement a master user (1) for auditing purposes
        without luck. Ubuntu 18.04.3, canonical official repos only, no
        ppa nor self-compiled anything. From the log below I understand
        the master password succeeds but AD auth fails. I am pretty sure
        I missed something here. Also, notice the messages "Ignoring
        unknown passdb extra field: original_user".</p>
      <p>Log:</p>
      <p>Nov  1 14:02:32 netuno dovecot: auth: Debug: client in:
AUTH#0112#011PLAIN#011service=imap#011secured#011session=H2WM7kuWFKYKCQgI#011lip=10.9.8.8#011rip=10.9.8.8#011lport=143#011rport=42516#011resp=&lt;hidden&gt;<br>
                
        Nov  1 14:02:32 netuno dovecot: auth: Debug:
        passwd-file(master,10.9.8.8,master,&lt;H2WM7kuWFKYKCQgI&gt;):
        Master user lookup for login: test.account<br>
        Nov  1 14:02:32 netuno dovecot: auth: Debug:
        passwd-file(master,10.9.8.8,master,&lt;H2WM7kuWFKYKCQgI&gt;):
        lookup: user=master file=/etc/dovecot/master-users<br>
        Nov  1 14:02:32 netuno dovecot: auth:
        passwd-file(master,10.9.8.8,master,&lt;H2WM7kuWFKYKCQgI&gt;):
        Master user logging in as test.account<br>
        Nov  1 14:02:32 netuno dovecot: auth:
        ldap(test.account,10.9.8.8,&lt;H2WM7kuWFKYKCQgI&gt;): invalid
        credentials<br>
        Nov  1 14:02:34 netuno dovecot: auth: Debug: client passdb out:
FAIL#0112#011user=test.account#011authz#011original_user=master#011auth_user=master<br>
                
        Nov  1 14:02:34 netuno dovecot: imap-login: Debug: Ignoring
        unknown passdb extra field: original_user<br>
        Nov  1 14:02:34 netuno dovecot: imap-login: Debug: Ignoring
        unknown passdb extra field: auth_user<br>
        Nov  1 14:02:42 netuno dovecot: imap-login: Aborted login (auth
        failed, 1 attempts in 10 secs): user=&lt;test.account&gt;,
        method=PLAIN, rip=10.9.8.8, lip=10.9.8.8, secured,
        session=&lt;H2WM7kuWFKYKCQgI&gt;<br>
      </p>
      <p>doveconf -n:</p>
      <p><a href="https://pastebin.com/3cAvfNqB" \
moz-do-not-send="true">https://pastebin.com/3cAvfNqB</a></p>  \
<p>root@netuno:/etc/dovecot# grep -v "^\s*#\|^\s*$"  \
/etc/dovecot/dovecot-ldap.conf.ext<br>  hosts = ad.example.net<br>
        auth_bind = yes<br>
        auth_bind_userdn = cn=%Lu,CN=Users,DC=ad,DC=example,DC=net<br>
        base = DC=ad,DC=example,DC=net<br>
        scope = base<br>
        user_attrs = \<br>
                =home=/mnt/maildirs/%Lu, \<br>
                =uid=vmail,\<br>
                =gid=vmail<br>
        user_filter = (&amp;(objectClass=person)(uid=%Lu)(<a
          class="moz-txt-link-abbreviated"
          href="mailto:mail=*@example.net" \
moz-do-not-send="true">mail=*@example.net</a>))<br>  root@netuno:/etc/dovecot# <br>
      </p>
      <p>root@netuno:/etc/dovecot# cat /etc/dovecot/global-acls<br>
        * user=master lr<br>
        root@netuno:/etc/dovecot# <br>
        <br>
      </p>
      <p>(1) <a
href="https://doc.dovecot.org/configuration_manual/authentication/master_users/"
          moz-do-not-send="true">https://doc.dovecot.org/configuration_manual/authentication/master_users/</a></p>
  <p>Best regards<br>
      </p>
      <div class="moz-signature">-- <br>
        <style type="text/css">
	#a1AssinaturaEmail { font-family: Tahoma, Verdana, Arial; font-size: 10px; }
	#a1AssinaturaEmail * { font-family: Tahoma, Verdana, Arial; font-size: 10px; }
	#a1AssinaturaEmail a { text-decoration: none; color: #FF9900; }
</style>
        <div id="a1AssinaturaEmail"> <span style="font-size: 12px;"><b>Marcio
              Merlone</b></span><br>
        </div>
      </div>
    </blockquote>
    <div class="moz-signature">-- <br>
      <style type="text/css">
	#a1AssinaturaEmail { font-family: Tahoma, Verdana, Arial; font-size: 10px; }
	#a1AssinaturaEmail * { font-family: Tahoma, Verdana, Arial; font-size: 10px; }
	#a1AssinaturaEmail a { text-decoration: none; color: #FF9900; }
</style>
      <div id="a1AssinaturaEmail"> <span style="font-size: 12px;"><b>Marcio
            Merlone</b></span><br>
      </div>
    </div>
  </body>
</html>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic