[Dovecot] Dovecot & pam_mkhomedir

Stroller linux.luser at myrealbox.com
Fri Dec 16 14:48:28 EET 2005


Hi there,

Does anyone have Dovecot working correctly with pam_mkhomedir, please? 
I seem to be going through quite a number of IMAP servers this week, 
trying to find one that will not only authenticate against a Windows 
domain but which will also create home directories for users the first 
time they log in.

I'm using winbind to do the authentication & that seems to be doing the 
trick in the first instance - if I log in using Squirrelmail I see 
entries written to the system log saying:

	Dec 16 11:58:35 baby pam_winbind[9319]: user 'ned' granted access

I have set Dovecot to log to /var/log/mail and in that I see only three 
entries saying:

	imap-login: Dec 16 11:58:36 Info: Login: ned [127.0.0.1]

But Squirrelmail gives:

	ERROR: Could not complete request.
	Query: SELECT "INBOX"
	Reason Given:

/etc/pam.d/imap says:

	#%PAM-1.0
	auth       required     /lib/security/pam_winbind.so
	account    required     /lib/security/pam_winbind.so
	session    required     /lib/security/pam_mkhomedir.so skel=/etc/skel 
umask=0022

If I use the same configuration for SSH then the user's home directory 
is created upon authenticaton, but not with Dovecot. I chose to try 
Dovecot because I understood it handled PAM session wossisnames, which 
Courier-IMAP doesn't. My dovecot.conf is attached - I'm wondering if 
the problem could be with the "auth_userdb" setting, but `getent 
passwd` does show an entry for the user:

	# grep ned /etc/passwd
	# getent passwd | grep ned
	ned:x:10012:10000:Ned Nedbody:/home/DOMAIN/ned:/bin/false
	#

Many thanks in advance for any advice or suggestions - I'd really like 
to understand what's going on here. I believe I can authenticate 
against the domain using LDAP / Active Directory, but since I don't 
know if that'll help I'd rather not go that route yet.

If I first try to log in using ssh with pam_mkhomedir enabled then the 
users' home directory is created successfully & I can subsequently log 
on in Squirrelmail. But it's important to me that I shouldn't have to 
create users' home dirs for them - I should be able to add them on the 
Windows domain controller & just tell them to log in to their email - 
the home dir on the mailserver should be created automagically when 
they authenticate against the domain.

Stroller.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: dovecot.conf
Type: application/octet-stream
Size: 20951 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20051216/9a5a08ab/dovecot-0001.obj


More information about the dovecot mailing list