1 (edited by snpz 2012-12-08 00:46:18)

Topic: Integration samba4 Dovecot can't login

Hello!

I'm trying to setup iredmail e-mail server and integrate it with Samba 4 domain controller.
So far, so good using this manual: http://www.iredmail.org/wiki/index.php? … y.iRedMail
First of all could not make dovecot start, because of vmail group was missing. So created a group called vmail (groupadd -g 5000 vmail).
I'm getting to the point where i should telnet to localhost on 143 port, but all the time i get an error message "* BYE Internal error occurred. Refer to server log for more information."
Have no idea where to look for some ideas sad

root@mail:/# ls -lan /var/vmail/vmail1/
total 8
drwxr-x--- 2 10000 5000 4096 dec  7 12:01 .
drwx------ 5     0    0 4096 dec  7 12:02 ..

Here's my setup and tail of dovecot.log

==== Required information ====
- iRedMail version: 0.8.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: Ubuntu 12.04.1
- Related log if you're reporting an issue: tail /var/log/dovecot.log
Dec 07 18:31:07 imap-login: Info: Login: user=<vmail@example.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid
Dec 07 18:31:07 imap(vmail@example.com): Error: chdir(/var/vmail/vmail1/example.com/vmail/Maildir//) failed: Pern users) missing +x perm: /var/vmail, dir owned by 0:0 mode=0700)
Dec 07 18:31:07 imap(vmail@example.com): Error: chdir(/var/vmail/vmail1/example.com/vmail/Maildir/) failed: Perm
Dec 07 18:31:07 imap(vmail@example.com): Error: user vmail@example.com: Initialization failed: Namespace '': stafailed: Permission denied (euid=10000(vmail) egid=10006(domain users) missing +x perm: /var/vmail, dir owned by 0:0 mo
Dec 07 18:31:07 imap(vmail@example.com): Error: Invalid user settings. Refer to server log for more information.
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Integration samba4 Dovecot can't login

snpz wrote:

I'm getting to the point where i should telnet to localhost on 143 port, but all the time i get an error message "* BYE Internal error occurred. Refer to server log for more information."

Port 143 is not enabled by default, please use port 993 (IMAP over TLS) instead.

snpz wrote:

missing +x perm: /var/vmail, dir owned by 0:0 mo

Directory /var/vmail must be owned by "vmail:vmail", permission 0700.

3

Re: Integration samba4 Dovecot can't login

ZhangHuangbin wrote:
snpz wrote:

I'm getting to the point where i should telnet to localhost on 143 port, but all the time i get an error message "* BYE Internal error occurred. Refer to server log for more information."

Port 143 is not enabled by default, please use port 993 (IMAP over TLS) instead.

snpz wrote:

missing +x perm: /var/vmail, dir owned by 0:0 mo

Directory /var/vmail must be owned by "vmail:vmail", permission 0700.

Thanks for your reply!
Permissions are:
root@mail:/var/vmail# ls -l
total 12
drwx------ 2 vmail vmail 4096 dec  7 12:02 backup
drwx------ 2 vmail vmail 4096 dec  7 12:02 sieve
drwx------ 2 vmail vmail 4096 dec  7 12:01 vmail1

Tryed too use port 993, but no success sad
dovecot .log says:
Dec 09 10:32:25 imap-login: Info: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

Looking in dovecot.conf and can't find out should these lines has to look like this:
auth_default_realm =

# Authentication mechanisms.
auth_mechanisms = PLAIN LOGIN

4

Re: Integration samba4 Dovecot can't login

Try to enable insecure IMAP connection by following this tutorial, then try again with port 143:
http://www.iredmail.org/wiki/index.php? … t.STARTTLS

5

Re: Integration samba4 Dovecot can't login

ZhangHuangbin wrote:

Try to enable insecure IMAP connection by following this tutorial, then try again with port 143:
http://www.iredmail.org/wiki/index.php? … t.STARTTLS

Thanks - it worked!
"OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA] Logged in"
But what does it mean to the mail system with enabled plain text auth?!

6 (edited by snpz 2012-12-11 05:53:00)

Re: Integration samba4 Dovecot can't login

snpz wrote:
ZhangHuangbin wrote:

Try to enable insecure IMAP connection by following this tutorial, then try again with port 143:
http://www.iredmail.org/wiki/index.php? … t.STARTTLS

Thanks - it worked!
"OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA] Logged in"
But what does it mean to the mail system with enabled plain text auth?!

Need assistance sad
I can log in to webmail using Samba 4 users, but the problem is with trying to send an email message:
1) auto-complete of To: doesnt work: - "Dec 10 21:51:42 mail roundcube: PHP Error: Addressbook source (ldap_global) not found! in /usr/share/apache2/roundcubemail-0.8.2/program/include/rcmail.php on line 463 (POST /mail/?_task=mail&_action=autocomplete?_task=&_action=)"
2) Dec 10 18:07:15 mail postfix/smtpd[2652]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <vmail@example.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<user1@example.com> to=<vmail@example.com> proto=ESMTP helo=<192.168.88.6>.
Any ideas where to look for?

7

Re: Integration samba4 Dovecot can't login

snpz wrote:

Addressbook source (ldap_global) not found!

You didn't define global ldap address book "ldap_global" in Roundcube config file.

snpz wrote:

2) Dec 10 18:07:15 mail postfix/smtpd[2652]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <vmail@example.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<user1@example.com> to=<vmail@example.com> proto=ESMTP helo=<192.168.88.6>.

Either create user "vmail@" or create an alias (in /etc/postfix/aliases) for vmail.

8

Re: Integration samba4 Dovecot can't login

ZhangHuangbin wrote:
snpz wrote:

Addressbook source (ldap_global) not found!

You didn't define global ldap address book "ldap_global" in Roundcube config file.

snpz wrote:

2) Dec 10 18:07:15 mail postfix/smtpd[2652]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <vmail@example.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<user1@example.com> to=<vmail@example.com> proto=ESMTP helo=<192.168.88.6>.

Either create user "vmail@" or create an alias (in /etc/postfix/aliases) for vmail.

There is an alias already in aliases - vmail: root

In /usr/share/apache2/roundcubemail/config/main.inc.php i have:
$rcmail_config['ldap_public']["example.com"] = array(
    'name'          => 'Global Address Book',
etc.
Still the same error messages! sad

9

Re: Integration samba4 Dovecot can't login

Well, it's ldap_public, not ldap_global.

10

Re: Integration samba4 Dovecot can't login

ZhangHuangbin wrote:

Well, it's ldap_public, not ldap_global.

Sorry - my bad smile

But have no idea what to do with this postfix error sad
Dec 11 17:19:01 mail roundcube: LDAP Error: Bind failed for dn=mail=user1@example.com,ou=Users,domainName=example.com,o=domains,dc=domain,dc=example,dc=com: Invalid credentials in /usr/share/apache2/roundcubemail-0.8.2/program/include/rcube_ldap.php on line 433 (GET /mail/?_task=mail&_action=list-contacts&_source=ldap_global&_page=1&_remote=1&_unlock=loading1355239152427&_=1355239152430)

11

Re: Integration samba4 Dovecot can't login

snpz wrote:

LDAP Error: Bind failed for dn=mail=user1@example.com,ou=Users,domainName=example.com,o=domains,dc=domain,dc=example,dc=com: Invalid credentials

"invalid credentials" always means incorrect bind dn or bind password. So please check them in your Roundcube config file. If you aren't quite sure what the root cause is, show us your address book related settings here to help troubleshoot.

12

Re: Integration samba4 Dovecot can't login

ZhangHuangbin wrote:
snpz wrote:

LDAP Error: Bind failed for dn=mail=user1@example.com,ou=Users,domainName=example.com,o=domains,dc=domain,dc=example,dc=com: Invalid credentials

"invalid credentials" always means incorrect bind dn or bind password. So please check them in your Roundcube config file. If you aren't quite sure what the root cause is, show us your address book related settings here to help troubleshoot.

Address book related part looks like this!
ldap_public in webmail is usable and works!
/usr/share/apache2/roundcubemail/config/main.inc.php
$rcmail_config['ldap_public']["ldap_global"] = array(
    'name'          => 'Global LDAP Address Book',
    'hosts'         => array('127.0.0.1'),
    'port'          => 389,
    'use_tls'       => false,
    'ldap_version'  => '3',
    'user_specific' => true, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.

    // Search accounts in the same domain.
    'base_dn'       => 'domainName=%d,o=domains,dc=domain,dc=example,dc=com',
    'bind_dn'       => 'mail=%u@%d,ou=Users,domainName=%d,o=domains,dc=domain,dc=example,dc=com',
    'hidden'        => false,
    'searchonly'    => false,
    'writable'      => false,
    'search_fields' => array('mail', 'cn', 'sn', 'givenName', 'street', 'telephoneNumber', 'mobile', 'stree', 'postalCode'),

    // mapping of contact fields to directory attributes
    //   for every attribute one can specify the number of values (limit) allowed.
    //   default is 1, a wildcard * means unlimited
    'fieldmap' => array(
       // Roundcube  => LDAP:limit
        'name'        => 'cn',
        'surname'     => 'sn',
        'firstname'   => 'givenName',
        'title'       => 'title',
        'email'       => 'mail:*',
        'phone:work'  => 'telephoneNumber',
       'phone:mobile' => 'mobile',
        'street'      => 'street',
        'zipcode'     => 'postalCode',
       //'region'      => 'st',
        'locality'    => 'l',
        'department'  => 'departmentNumber',
        'notes'       => 'description',
        // these currently don't work:
        //'phone:workfax' => 'facsimileTelephoneNumber',
        //'photo'        => 'jpegPhoto',
        //'organization' => 'o',
        //'manager'      => 'manager',
        //'assistant'    => 'secretary',
    ),
    'sort'          => 'cn',
    'scope'         => 'sub',
    'filter'        => '(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailList)(objectClass=mailAlias)(objectClass=mailUser)))',
    'fuzzy_search'  => true,
    'vlv'           => false,   // Enable Virtual List View to more efficiently fetch paginated data (if server supports it)
    'sizelimit'     => '0',     // Enables you to limit the count of entries fetched. Setting this to 0 means no limit.
    'timelimit'     => '0',     // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.
    'referrals'     => false,  // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups
);

13

Re: Integration samba4 Dovecot can't login

snpz wrote:

    'user_specific' => true, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.
    ...
    'bind_dn'       => 'mail=%u@%d,ou=Users,domainName=%d,o=domains,dc=domain,dc=example,dc=com',
   

Dear snpz,

This bind_dn format is default one used in iRedMail + OpenLDAP. Do you have the same structure in Active Directory? I'm afraid not.
So, please modify it to fit your Active Directory structure, or, follow our wiki tutorial to use a global bind dn instead.
http://www.iredmail.org/wiki/index.php? … be_webmail

P.S. If there's a tutorial, please follow it strictly first. if it doesn't work for you, then tune it.
Many users reported this or that issue, all are caused by not following our wiki tutorial STRICTLY. Don't make me feel i'm wasting time to write detailed wiki tutorials.
[THIS IS NOT A BLAME, PLEASE CONSIDER IT AS A REMINDER.]