Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 10th May 2007, 09:30
kaschig kaschig is offline
Junior Member
 
Join Date: May 2007
Posts: 12
Thanks: 0
Thanked 3 Times in 1 Post
Default POP3-Login-Problem on debian etch (pam_authenticate failed)

Hello,

I've followed the 'perfect setup' for Debian etch (new installation no upgrading) and afterwards installed ISPconfig from the scratch.

But by now I have problems loggin in to mail accounts. 'Normal' accounts (like my admin) work fine, but via ISPconfig created user-accounts results in a 'login failure'. I've set the authdaemon-DEBUG to 2 - and here's the result from the syslog:

May 10 08:39:43 server2 courierpop3login: Connection, ip=[::ffff:192.168.10.10]
May 10 08:39:49 server2 authdaemond: received auth request, service=pop3, authtype=login
May 10 08:39:49 server2 authdaemond: authpam: trying this module
May 10 08:39:49 server2 authdaemond: authpam: sysusername=u2info, sysuserid=<null>, sysgroupid=10002, homedir=/var/www/web2/user/u2info, address=u2info, fullname=Christopher Kaschig - 2, maildir=<null>, quota=<null>, options=<null>
May 10 08:39:49 server2 authdaemond: authpam: clearpasswd=<null>, passwd=x
May 10 08:39:49 server2 authdaemond: pam_service=pop3, pam_username=u2info
May 10 08:39:50 server2 authdaemond: pam_authenticate failed, result 7
May 10 08:39:50 server2 authdaemond: authpam: REJECT - try next module
May 10 08:39:50 server2 authdaemond: FAIL, all modules rejected


A working "real" user-login looks like that:

May 10 09:27:01 server2 courierpop3login: Connection, ip=[::ffff:192.168.10.10]
May 10 09:27:01 server2 authdaemond: received auth request, service=pop3, authtype=login
May 10 09:27:01 server2 authdaemond: authpam: trying this module
May 10 09:27:01 server2 authdaemond: authpam: sysusername=ck, sysuserid=<null>, sysgroupid=1000, homedir=/home/ck, address=ck, fullname=Christopher Kaschig,,,, maildir=<null>, quota=<null>, options=<null>
May 10 09:27:01 server2 authdaemond: authpam: clearpasswd=<null>, passwd=x
May 10 09:27:01 server2 authdaemond: pam_service=pop3, pam_username=ck
May 10 09:27:01 server2 authdaemond: dopam successful
May 10 09:27:01 server2 authdaemond: Authenticated: sysusername=ck, sysuserid=<null>, sysgroupid=1000, homedir=/home/ck, address=ck, fullname=Christopher Kaschig,,,, maildir=<null>, quota=<null>, options=<null>
May 10 09:27:01 server2 authdaemond: Authenticated: clearpasswd=..., passwd=...
May 10 09:27:01 server2 courierpop3login: LOGIN, user=ck, ip=[::ffff:192.168.10.10]
May 10 09:27:01 server2 courierpop3login: LOGOUT, user=ck, ip=[::ffff:192.168.10.10], top=0, retr=0, rcvd=12, sent=39, time=0


Do You have any suggestions where or what I have to look for?

Thanks in advance,
Chris
Reply With Quote
Sponsored Links
  #2  
Old 10th May 2007, 15:59
kaschig kaschig is offline
Junior Member
 
Join Date: May 2007
Posts: 12
Thanks: 0
Thanked 3 Times in 1 Post
Default futher data

By now I've seen, that some "virtual" users can login either. It seems as if the "administrator"-users of each web-account could log in his mail-account (pop3/imap) but the other "normal" user (where 'administrator' is NOT selected on the first user-config-page) cannot do so.

Some suggestions? Help :-)

May 10 14:11:47 server2 courierpop3login: Connection, ip=[::ffff:62.96.95.218]
May 10 14:11:48 server2 authdaemond: received auth request, service=pop3, authtype=login
May 10 14:11:48 server2 authdaemond: authpam: trying this module
May 10 14:11:48 server2 authdaemond: authpam: sysusername=u16_admin, sysuserid=<null>, sysgroupid=10016, homedir=/var/www/web16, address=u16_admin, fullname=Administrator, maildir=<null>, quota=<null>, options=<null>
May 10 14:11:48 server2 authdaemond: authpam: clearpasswd=<null>, passwd=x
May 10 14:11:48 server2 authdaemond: pam_service=pop3, pam_username=u16_admin
May 10 14:11:48 server2 authdaemond: dopam successful
May 10 14:11:48 server2 authdaemond: Authenticated: sysusername=u16_admin, sysuserid=<null>, sysgroupid=10016, homedir=/var/www/web16, address=u16_admin, fullname=Administrator, maildir=<null>, quota=<null>, options=<null>
May 10 14:11:48 server2 authdaemond: Authenticated: clearpasswd=..., passwd=...
May 10 14:11:48 server2 courierpop3login: LOGIN, user=u16_admin, ip=[::ffff:62.96.95.218]
May 10 14:11:48 server2 courierpop3login: LOGOUT, user=u16_admin, ip=[::ffff:62.96.95.218], top=0, retr=0, rcvd=12, sent=39, time=0
Reply With Quote
  #3  
Old 10th May 2007, 16:25
kaschig kaschig is offline
Junior Member
 
Join Date: May 2007
Posts: 12
Thanks: 0
Thanked 3 Times in 1 Post
Default passwd helps

Okay it's me, once again.

Setting the passwords via passwd helps. I hope this wont be neccassary on all new accounts?! Are there some reasons known on this behaviour? Perhaps a stopped script?

Greetings, Chris
Reply With Quote
  #4  
Old 11th May 2007, 12:19
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Can you check /etc/passwd and /etc/shadow if the users that don't work are listed there?
What's the value of $go_info["server"]["password_hash"] in /home/admispconfig/ispconfig/lib/config.inc.php?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 11th May 2007, 12:26
kaschig kaschig is offline
Junior Member
 
Join Date: May 2007
Posts: 12
Thanks: 0
Thanked 3 Times in 1 Post
Default

In /etc/passwd the users appear
In /etc/shadow I've forgotten to look - by now the misworking users where corrected - and so they're shown in shadow, but I cannot say whether they had an entry in there before. Sorry.
$go_info["server"]["password_hash"] is 'crypt'.

Greetings, Chris
Reply With Quote
  #6  
Old 11th May 2007, 12:32
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Quote:
Originally Posted by kaschig
In /etc/passwd the users appear
In /etc/shadow I've forgotten to look - by now the misworking users where corrected - and so they're shown in shadow, but I cannot say whether they had an entry in there before. Sorry.
You could create a new, non-admin user and see if it has the same problem, and then check both files.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 13th May 2007, 09:40
kaschig kaschig is offline
Junior Member
 
Join Date: May 2007
Posts: 12
Thanks: 0
Thanked 3 Times in 1 Post
Default only sometimes?!

Hi Falko,
sorry but this behaviour only appears sometimes.

But by now I had another case:

an admin-user which worked before cannot log in today. I now had a look in /etc/shadow - there was an entry on this user. I've save the new (old) password again with passwd - and mail log in was okay again. BUT: the crypted password in shadow lookes some kind different - it's a lot longer by now.

Are there some problems according UTF-8 in etch? Is it possible to set different crypting methods on both ways (ISPconfig vs. passwd)?

Greetings, Chris
Reply With Quote
  #8  
Old 14th May 2007, 16:39
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Please set $go_info["server"]["password_hash"] to md5 in /home/admispconfig/ispconfig/lib/config.inc.php and try again.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 15th May 2007, 00:02
kaschig kaschig is offline
Junior Member
 
Join Date: May 2007
Posts: 12
Thanks: 0
Thanked 3 Times in 1 Post
Default differing password

Hi Falko,

sorry but I got once more a different crypted password.

So, here we go:

/etc/pam.d:
password required pam_unix.so nullok obscure min=4 max=8 md5


using passwd on the command line creates the hash/crypted password "$1$W90vsEPz$GuzTA2rmEmdLx6lLSab7w." in /etc/shadow
using $go_info["server"]["password_hash"]='crypt' results in "~il.r2W6qKcEk"
using $go_info["server"]["password_hash"]='md5' results in "b4ssqdY3RgYE"

Both ISPconfig-saved-passwords result in a login error (POP3/IMAP-login and ISPconfig-Admin- and Mailuser-Login).
If neccassary I can give You the clear-text-password for verification purposes - I can change it without problems (and it's a one-time-used password)

BTW: which script do I have to run to get a faster user-update? I've tried several from the hourly crontab, but the correct one seems to be not included in my tryout. To produce a faster refresh I've selected the dustbin and selected the 'empty it' link - this results in a skript-run which updates the user-password in /etc/shadow - but which script is this?


Greetings,
Chris
Reply With Quote
  #10  
Old 15th May 2007, 14:45
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
 
Default

Quote:
Originally Posted by kaschig
BTW: which script do I have to run to get a faster user-update? I've tried several from the hourly crontab, but the correct one seems to be not included in my tryout. To produce a faster refresh I've selected the dustbin and selected the 'empty it' link - this results in a skript-run which updates the user-password in /etc/shadow - but which script is this?
The command to rewrite the configuration is
Code:
/root/ispconfig/php/php /root/ispconfig/scripts/writeconf.php
and it is controlled by the /root/ispconfig/sv/ispconfig_wconf script which checks every 10 seconds if changes have been made and if it has to start the writeconf.php process.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to authenticate to SMTP server ashkev Installation/Configuration 15 6th February 2007 17:46
Systemimager (rsync) doesn't copy all comedit HOWTO-Related Questions 11 19th January 2007 17:17
How to install BFD (Brute Force Detection) domino Tips/Tricks/Mods 9 31st March 2006 22:40
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 14:42
Total Frustration-HELP palkat Installation/Configuration 17 3rd September 2005 17:28


All times are GMT +2. The time now is 07:08.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.