Discussion:
Master user and invalid credentials dovecot-2.2.13
Götz Reinicke - IT Koordinator
2014-09-29 08:08:41 UTC
Permalink
Hi,

I followed the docs from the dovecot wiki
(http://wiki2.dovecot.org/Authentication/MasterUsers) and still have
some problem:

1. uncommented "!include auth-ldap.conf.ext" in 10-auth.conf
2. htpasswd -b -c -s .... to create user/password for a masteruseruser
3. checked auth-master.conf.ext

When I try to test the login, I always get an "invalid credentials" in
the logs with auth_debug=yes set.

dovecot can read /etc/dovecot/master-users

The users are in ldap.

The example wiki shows the passwords {SHA1}...., in my password file
they are {SHA}....

The "master user" posting in september gave some clues what might be
wrong, but did not help to solve my problem.


Any suggestions are welcome! Thanks and regards. G?tz
--
G?tz Reinicke
IT-Koordinator

Tel. +49 7141 969 82 420
E-Mail goetz.reinicke at filmakademie.de

Filmakademie Baden-W?rttemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016

Vorsitzender des Aufsichtsrats: J?rgen Walter MdL
Staatssekret?r im Ministerium f?r Wissenschaft,
Forschung und Kunst Baden-W?rttemberg

Gesch?ftsf?hrer: Prof. Thomas Schadt

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5481 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140929/e1b4bd0c/attachment.p7s>
Robert Schetterer
2014-09-29 08:19:37 UTC
Permalink
Post by Götz Reinicke - IT Koordinator
Hi,
I followed the docs from the dovecot wiki
(http://wiki2.dovecot.org/Authentication/MasterUsers) and still have
1. uncommented "!include auth-ldap.conf.ext" in 10-auth.conf
2. htpasswd -b -c -s .... to create user/password for a masteruseruser
3. checked auth-master.conf.ext
When I try to test the login, I always get an "invalid credentials" in
the logs with auth_debug=yes set.
dovecot can read /etc/dovecot/master-users
The users are in ldap.
The example wiki shows the passwords {SHA1}...., in my password file
they are {SHA}....
The "master user" posting in september gave some clues what might be
wrong, but did not help to solve my problem.
Any suggestions are welcome! Thanks and regards. G?tz
hm perhaps this helps

https://sys4.de/de/blog/2013/02/11/master-user-dovecot-isp-layout-mit-postfixadmin/

but looks like some password problem what do you use plain/login etc ?


http://wiki2.dovecot.org/Authentication/Mechanisms
http://wiki2.dovecot.org/Authentication/PasswordSchemes

Best Regards
MfG Robert Schetterer
--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstra?e 15, 81669 M?nchen

Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Clovis Tristao
2014-09-29 13:04:27 UTC
Permalink
Hi,

As you are performing the tests?
Would post the debug log?
Cheers,

Cl?vis
Post by Götz Reinicke - IT Koordinator
Hi,
I followed the docs from the dovecot wiki
(http://wiki2.dovecot.org/Authentication/MasterUsers) and still have
1. uncommented "!include auth-ldap.conf.ext" in 10-auth.conf
2. htpasswd -b -c -s .... to create user/password for a masteruseruser
3. checked auth-master.conf.ext
When I try to test the login, I always get an "invalid credentials" in
the logs with auth_debug=yes set.
dovecot can read /etc/dovecot/master-users
The users are in ldap.
The example wiki shows the passwords {SHA1}...., in my password file
they are {SHA}....
The "master user" posting in september gave some clues what might be
wrong, but did not help to solve my problem.
Any suggestions are welcome! Thanks and regards. G?tz
--
Clovis Tristao - UNICAMP/Faculdade de Engenharia Agricola
Administrador de Redes - Secao de Informatica (SINFO)
E-mail: clovis at feagri.unicamp.br http://www.feagri.unicamp.br
MSN: clovis_tristao33 at hotmail.com
Fone: 55(19) 35211031-35211038-35211047-91173116
Götz Reinicke - IT Koordinator
2014-09-30 07:01:03 UTC
Permalink
Hi,

on the console:

telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.


in the logs:


Sep 30 08:56:23 auth: Debug: client in: AUTH 2936 PLAIN service=imap
secured session=fOCd4UIEMAB/AAAB lip=127.0.0.1 rip=127.0.0.1
lport=143 rport=54320 resp=<hidden>
Sep 30 08:56:23 auth: Debug:
passwd-file(user,127.0.0.1,master,<fOCd4UIEMAB/AAAB>): Master user
lookup for login: testma
Sep 30 08:56:23 auth: Debug:
passwd-file(user,127.0.0.1,master,<fOCd4UIEMAB/AAAB>): lookup: user=user
file=/etc/dovecot/master-users
Sep 30 08:56:23 auth: Info:
passwd-file(user,127.0.0.1,master,<fOCd4UIEMAB/AAAB>): Master user
logging in as testma
Sep 30 08:56:23 auth: Info: ldap(testma,127.0.0.1,<fOCd4UIEMAB/AAAB>):
invalid credentials


/G?tz
Post by Clovis Tristao
Hi,
As you are performing the tests?
Would post the debug log?
Cheers,
Cl?vis
Post by Götz Reinicke - IT Koordinator
Hi,
I followed the docs from the dovecot wiki
(http://wiki2.dovecot.org/Authentication/MasterUsers) and still have
1. uncommented "!include auth-ldap.conf.ext" in 10-auth.conf
2. htpasswd -b -c -s .... to create user/password for a masteruseruser
3. checked auth-master.conf.ext
When I try to test the login, I always get an "invalid credentials" in
the logs with auth_debug=yes set.
dovecot can read /etc/dovecot/master-users
The users are in ldap.
The example wiki shows the passwords {SHA1}...., in my password file
they are {SHA}....
The "master user" posting in september gave some clues what might be
wrong, but did not help to solve my problem.
Any suggestions are welcome! Thanks and regards. G?tz
--
G?tz Reinicke
IT-Koordinator

Tel. +49 7141 969 82 420
E-Mail goetz.reinicke at filmakademie.de

Filmakademie Baden-W?rttemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016

Vorsitzender des Aufsichtsrats: J?rgen Walter MdL
Staatssekret?r im Ministerium f?r Wissenschaft,
Forschung und Kunst Baden-W?rttemberg

Gesch?ftsf?hrer: Prof. Thomas Schadt

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5481 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140930/ae5660c5/attachment-0001.p7s>
Phil Carmody
2014-09-30 12:20:16 UTC
Permalink
Post by Götz Reinicke - IT Koordinator
The example wiki shows the passwords {SHA1}...., in my password file
they are {SHA}....
You don't need to worry about that part, {SHA} and {SHA1} are aliases that
map to the same behaviour:

src/auth/password-scheme.c#0805
0805 static const struct password_scheme builtin_schemes[] = {
...
0810 { "SHA", PW_ENCODING_BASE64, SHA1_RESULTLEN, NULL, sha1_generate },
0811 { "SHA1", PW_ENCODING_BASE64, SHA1_RESULTLEN, NULL, sha1_generate },

Phil

Loading...