[Dovecot] Problem with pam-auth and winbind

pk10 at ksiaznica.torun.pl pk10 at ksiaznica.torun.pl
Fri Mar 18 10:46:34 EET 2011

I try to use windbind rule to authenticate users in dovecot login procedure.
/etc/nsswitch.conf file:
passwd: files winbind
shadow: files winbind
group: files winbind
Configuration of the dovecot is follows:
log_path: /var/log/dovecot/error.log
info_log_path: /var/log/dovecot/info.log
protocols: imap imaps pop3 pop3s
ssl_cert_file: /etc/pki/tls/certs/dovecot.pem
ssl_key_file: /etc/pki/tls/private/dovecot.pem
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib64/dovecot/imap-login
login_executable(imap): /usr/lib64/dovecot/imap-login
login_executable(pop3): /usr/lib64/dovecot/pop3-login
mail_executable(default): /usr/lib64/dovecot/imap
mail_executable(imap): /usr/lib64/dovecot/imap
mail_executable(pop3): /usr/lib64/dovecot/pop3
mail_plugin_dir(default): /usr/lib64/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib64/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib64/dovecot/modules/pop3
auth default:
mechanisms: plain login
use_winbind: yes
driver: pam
args: dovecot
driver: passwd
type: listen
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
and configuration of the /etc/pam.d/dovecot is follows:
auth required pam_env.so debug
auth sufficient pam_winbind.so
#auth sufficient pam_unix.so likeauth nullok use_first_pass
auth required pam_deny.so
when I try logon from my console:
# telnet komp14 110
Connected to komp.xxx.xxx (
Escape character is '^]'.
+OK Dovecot ready.
user tt1
pass xxxxxxxxx
-ERR Authentication failed.
+OK Logging out
Connection closed by foreign host.

Of course password is corret becouse
#wbinfo -K tt1
Enter tt1's password:
plaintext kerberos password authentication for [tt1] succeeded (requesting
cctype: FILE)
credentials were put in: FILE:/tmp/krb5cc_0
In the logs files I can find coresponding to the telnet command to dovecot:
Mar 14 09:43:22 komp14 dovecot-auth: pam_winbind(dovecot:auth): getting
password (0x00000000)
Mar 14 09:43:22 komp14 dovecot-auth: pam_winbind(dovecot:auth): user 'tt1'
granted access
Mar 14 09:43:29 pop3-login: Info: Aborted login (auth failed, 1 attempts):
user=<tt1>, method=PLAIN, rip=, lip=, secured
I'll be apreciate for any hints.
but in /var/log/dovecot/error.log we have information:
Mar 14 09:43:29 auth-worker(default): Error: pam(tt1,
pam_acct_mgmt() failed: Authentication failure

This test was done with windbindd Version 3.5.3.
When I test it on another machine with windbind Version 3.0.24 (config
file are the same) authentication prosess is done properly.
Any HINTS????

More information about the dovecot mailing list