[Dovecot] Problem with pam-auth and winbind

Timo Sirainen tss at iki.fi
Mon Mar 21 19:01:29 EET 2011

On Fri, 2011-03-18 at 09:46 +0100, pk10 at ksiaznica.torun.pl wrote:
> auth default:
> mechanisms: plain login
> use_winbind: yes

This use_winbind setting doesn't do anything. It's only used for
authentication with NTLM mechanisms.

> passdb:
> driver: pam
> args: dovecot

So Dovecot only knows that it's using PAM.

Setting auth_debug=yes may also show up something useful in logs.

> Mar 14 09:43:22 komp14 dovecot-auth: pam_winbind(dovecot:auth): user 'tt1'
> granted access

So pam_authenticate() succeeded. This is where it fails if password is

> Mar 14 09:43:29 auth-worker(default): Error: pam(tt1,
> pam_acct_mgmt() failed: Authentication failure

But pam_acct_mgmt() doesn't like the user. I have no idea why. I've
never used winbind. Maybe you could find some winbind mailing list or
something. But man page of pam_acct_mgmt() may help you do guesses:

       The pam_acct_mgmt function is used to determine if the users account is
       valid. It checks for authentication token and account expiration and
       verifies access restrictions. It is typically called after the user has
       been authenticated.

More information about the dovecot mailing list