POP3-Login-Problem on debian etch (pam_authenticate failed)

Discussion in 'Server Operation' started by kaschig, May 10, 2007.

  1. kaschig

    kaschig New Member

    Hello,

    I've followed the 'perfect setup' for Debian etch (new installation no upgrading) and afterwards installed ISPconfig from the scratch.

    But by now I have problems loggin in to mail accounts. 'Normal' accounts (like my admin) work fine, but via ISPconfig created user-accounts results in a 'login failure'. I've set the authdaemon-DEBUG to 2 - and here's the result from the syslog:

    May 10 08:39:43 server2 courierpop3login: Connection, ip=[::ffff:192.168.10.10]
    May 10 08:39:49 server2 authdaemond: received auth request, service=pop3, authtype=login
    May 10 08:39:49 server2 authdaemond: authpam: trying this module
    May 10 08:39:49 server2 authdaemond: authpam: sysusername=u2info, sysuserid=<null>, sysgroupid=10002, homedir=/var/www/web2/user/u2info, address=u2info, fullname=Christopher Kaschig - 2, maildir=<null>, quota=<null>, options=<null>
    May 10 08:39:49 server2 authdaemond: authpam: clearpasswd=<null>, passwd=x
    May 10 08:39:49 server2 authdaemond: pam_service=pop3, pam_username=u2info
    May 10 08:39:50 server2 authdaemond: pam_authenticate failed, result 7
    May 10 08:39:50 server2 authdaemond: authpam: REJECT - try next module
    May 10 08:39:50 server2 authdaemond: FAIL, all modules rejected


    A working "real" user-login looks like that:

    May 10 09:27:01 server2 courierpop3login: Connection, ip=[::ffff:192.168.10.10]
    May 10 09:27:01 server2 authdaemond: received auth request, service=pop3, authtype=login
    May 10 09:27:01 server2 authdaemond: authpam: trying this module
    May 10 09:27:01 server2 authdaemond: authpam: sysusername=ck, sysuserid=<null>, sysgroupid=1000, homedir=/home/ck, address=ck, fullname=Christopher Kaschig,,,, maildir=<null>, quota=<null>, options=<null>
    May 10 09:27:01 server2 authdaemond: authpam: clearpasswd=<null>, passwd=x
    May 10 09:27:01 server2 authdaemond: pam_service=pop3, pam_username=ck
    May 10 09:27:01 server2 authdaemond: dopam successful
    May 10 09:27:01 server2 authdaemond: Authenticated: sysusername=ck, sysuserid=<null>, sysgroupid=1000, homedir=/home/ck, address=ck, fullname=Christopher Kaschig,,,, maildir=<null>, quota=<null>, options=<null>
    May 10 09:27:01 server2 authdaemond: Authenticated: clearpasswd=..., passwd=...
    May 10 09:27:01 server2 courierpop3login: LOGIN, user=ck, ip=[::ffff:192.168.10.10]
    May 10 09:27:01 server2 courierpop3login: LOGOUT, user=ck, ip=[::ffff:192.168.10.10], top=0, retr=0, rcvd=12, sent=39, time=0


    Do You have any suggestions where or what I have to look for?

    Thanks in advance,
    Chris
     
  2. kaschig

    kaschig New Member

    futher data

    By now I've seen, that some "virtual" users can login either. It seems as if the "administrator"-users of each web-account could log in his mail-account (pop3/imap) but the other "normal" user (where 'administrator' is NOT selected on the first user-config-page) cannot do so.

    Some suggestions? Help :)

    May 10 14:11:47 server2 courierpop3login: Connection, ip=[::ffff:62.96.95.218]
    May 10 14:11:48 server2 authdaemond: received auth request, service=pop3, authtype=login
    May 10 14:11:48 server2 authdaemond: authpam: trying this module
    May 10 14:11:48 server2 authdaemond: authpam: sysusername=u16_admin, sysuserid=<null>, sysgroupid=10016, homedir=/var/www/web16, address=u16_admin, fullname=Administrator, maildir=<null>, quota=<null>, options=<null>
    May 10 14:11:48 server2 authdaemond: authpam: clearpasswd=<null>, passwd=x
    May 10 14:11:48 server2 authdaemond: pam_service=pop3, pam_username=u16_admin
    May 10 14:11:48 server2 authdaemond: dopam successful
    May 10 14:11:48 server2 authdaemond: Authenticated: sysusername=u16_admin, sysuserid=<null>, sysgroupid=10016, homedir=/var/www/web16, address=u16_admin, fullname=Administrator, maildir=<null>, quota=<null>, options=<null>
    May 10 14:11:48 server2 authdaemond: Authenticated: clearpasswd=..., passwd=...
    May 10 14:11:48 server2 courierpop3login: LOGIN, user=u16_admin, ip=[::ffff:62.96.95.218]
    May 10 14:11:48 server2 courierpop3login: LOGOUT, user=u16_admin, ip=[::ffff:62.96.95.218], top=0, retr=0, rcvd=12, sent=39, time=0
     
  3. kaschig

    kaschig New Member

    passwd helps

    Okay it's me, once again.

    Setting the passwords via passwd helps. I hope this wont be neccassary on all new accounts?! Are there some reasons known on this behaviour? Perhaps a stopped script?

    Greetings, Chris
     
  4. falko

    falko Super Moderator ISPConfig Developer

    Can you check /etc/passwd and /etc/shadow if the users that don't work are listed there?
    What's the value of $go_info["server"]["password_hash"] in /home/admispconfig/ispconfig/lib/config.inc.php?
     
  5. kaschig

    kaschig New Member

    In /etc/passwd the users appear
    In /etc/shadow I've forgotten to look - by now the misworking users where corrected - and so they're shown in shadow, but I cannot say whether they had an entry in there before. Sorry.
    $go_info["server"]["password_hash"] is 'crypt'.

    Greetings, Chris
     
  6. falko

    falko Super Moderator ISPConfig Developer

    You could create a new, non-admin user and see if it has the same problem, and then check both files.
     
  7. kaschig

    kaschig New Member

    only sometimes?!

    Hi Falko,
    sorry but this behaviour only appears sometimes.

    But by now I had another case:

    an admin-user which worked before cannot log in today. I now had a look in /etc/shadow - there was an entry on this user. I've save the new (old) password again with passwd - and mail log in was okay again. BUT: the crypted password in shadow lookes some kind different - it's a lot longer by now.

    Are there some problems according UTF-8 in etch? Is it possible to set different crypting methods on both ways (ISPconfig vs. passwd)?

    Greetings, Chris
     
  8. falko

    falko Super Moderator ISPConfig Developer

    Please set $go_info["server"]["password_hash"] to md5 in /home/admispconfig/ispconfig/lib/config.inc.php and try again.
     
  9. kaschig

    kaschig New Member

    differing password

    Hi Falko,

    sorry but I got once more a different crypted password.

    So, here we go:

    /etc/pam.d:
    password required pam_unix.so nullok obscure min=4 max=8 md5


    using passwd on the command line creates the hash/crypted password "$1$W90vsEPz$GuzTA2rmEmdLx6lLSab7w." in /etc/shadow
    using $go_info["server"]["password_hash"]='crypt' results in "~il.r2W6qKcEk"
    using $go_info["server"]["password_hash"]='md5' results in "b4ssqdY3RgYE"

    Both ISPconfig-saved-passwords result in a login error (POP3/IMAP-login and ISPconfig-Admin- and Mailuser-Login).
    If neccassary I can give You the clear-text-password for verification purposes - I can change it without problems (and it's a one-time-used password)

    BTW: which script do I have to run to get a faster user-update? I've tried several from the hourly crontab, but the correct one seems to be not included in my tryout. To produce a faster refresh I've selected the dustbin and selected the 'empty it' link - this results in a skript-run which updates the user-password in /etc/shadow - but which script is this?


    Greetings,
    Chris
     
  10. falko

    falko Super Moderator ISPConfig Developer

    The command to rewrite the configuration is
    Code:
    /root/ispconfig/php/php /root/ispconfig/scripts/writeconf.php
    and it is controlled by the /root/ispconfig/sv/ispconfig_wconf script which checks every 10 seconds if changes have been made and if it has to start the writeconf.php process.
     

Share This Page