Ubuntu Auth Issues with new repository code..

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Ubuntu Auth Issues with new repository code..

Howard Leadmon
    Saw the new repository notification, and figured what the heck I
would try letting it upgrade me from the current v2.2.22 release that
apparently is in the Ubuntu 16.04 packages, to the new repository
release of v2.3.0.

  I followed the info on repo.dovecot.org, and first it started bitching
about lmtp (dovecot: master: Fatal: service(lmtp)
access(/usr/lib/dovecot/lmtp) failed: No such file or directory), so I
went back and installed the dovecot-lmtpd package and that seemed to fix
that issue.  Just FYI, I had dovecot-core, dovecot-imapd, and
dovecot-pop3d installed on the system.

  OK, so now it started up, said it was 2.3.0 and I thought all was
good, but now all authentication is failing.  I turned on some of the
logging debugging, and am seeing the below:

dovecot: auth-worker(19578): Debug:
pam(toss1,127.0.0.1,<IR3NJlZhFtZ/AAAB>): lookup service=dovecot
dovecot: auth-worker(19578): Debug:
pam(toss1,127.0.0.1,<IR3NJlZhFtZ/AAAB>): #1/1 style=1 msg=Password:
dovecot: auth-worker(19578): pam(toss1,127.0.0.1,<IR3NJlZhFtZ/AAAB>):
pam_authenticate() failed: System error
dovecot: auth: Debug: client passdb out: FAIL#0111#011user=toss1
dovecot: imap-login: Aborted login (auth failed, 1 attempts in 3 secs):
user=<toss1>, method=PLAIN, rip=127.0.0.1, lip=127.0.1.1,
session=<IR3NJlZhFtZ/AAAB>

  I took and compared my auth files like 10-auth.conf, and
auth-system.conf.ext, and they are identical between the two versions,
even though they were overwritten as part of the upgrade.

  If I just uninstall the 2.3.0 release, and install 2.2.22 back on the
server, it all just starts working again.    So for now I am back on
2.2, but was willing to give 2.3 a run if I can get it going.   Any
ideas as to what to look at to get this working, would be great.   As
stated above, this is Ubuntu Server 16.04.03, and I am also running
Postfix and amavis-new, but don't think they should really impact me
using dovecot for email over POP3 or IMAP..

---
Howard Leadmon
PBW Communications, LLC
http://www.pbwcomm.com

Reply | Threaded
Open this post in threaded view
|

Re: Ubuntu Auth Issues with new repository code..

Noel Butler
On 28/12/2017 07:38, Howard Leadmon wrote:

> Saw the new repository notification, and figured what the heck I would try letting it upgrade me from the current v2.2.22 release that apparently is in the Ubuntu 16.04 packages, to the new repository release of v2.3.0.
>
> I followed the info on repo.dovecot.org, and first it started bitching about lmtp (dovecot: master: Fatal: service(lmtp) access(/usr/lib/dovecot/lmtp) failed: No such file or directory), so I went back and installed the dovecot-lmtpd package and that seemed to fix that issue.  Just FYI, I had dovecot-core, dovecot-imapd, and dovecot-pop3d installed on the system.
>
> OK, so now it started up, said it was 2.3.0 and I thought all was good, but now all authentication is failing.  I turned on some of the logging debugging, and am seeing the below:
>
> dovecot: auth-worker(19578): Debug: pam(toss1,127.0.0.1,<IR3NJlZhFtZ/AAAB>): lookup service=dovecot
> dovecot: auth-worker(19578): Debug: pam(toss1,127.0.0.1,<IR3NJlZhFtZ/AAAB>): #1/1 style=1 msg=Password:
> dovecot: auth-worker(19578): pam(toss1,127.0.0.1,<IR3NJlZhFtZ/AAAB>): pam_authenticate() failed: System error
> dovecot: auth: Debug: client passdb out: FAIL#0111#011user=toss1
> dovecot: imap-login: Aborted login (auth failed, 1 attempts in 3 secs): user=<toss1>, method=PLAIN, rip=127.0.0.1, lip=127.0.1.1, session=<IR3NJlZhFtZ/AAAB>
>
> I took and compared my auth files like 10-auth.conf, and auth-system.conf.ext, and they are identical between the two versions, even though they were overwritten as part of the upgrade.
>
> If I just uninstall the 2.3.0 release, and install 2.2.22 back on the server, it all just starts working again.    So for now I am back on 2.2, but was willing to give 2.3 a run if I can get it going.   Any ideas as to what to look at to get this working, would be great.   As stated above, this is Ubuntu Server 16.04.03, and I am also running Postfix and amavis-new, but don't think they should really impact me using dovecot for email over POP3 or IMAP..
>
> ---
> Howard Leadmon
> PBW Communications, LLC
> http://www.pbwcomm.com

Why on earth you think you could upgrade versions by using two unrelated
and different repo's is beyond me.

This has always been a problem, even back in the 90's with the RPMs, RH
v say for example Fresh, because package maintainers will package
differently.

Its like trying to stick a cisco 1800 image on an ASR9K and expecting it
to work perfectly.

Though we don't use deb or rpm based systems and haven't for about 15
years, if I was to, I think I'd be using the creators version, and not a
distro's version.

--
Kind Regards,

Noel Butler

  This Email, including any attachments, may contain legally privileged
information, therefore remains confidential and subject to copyright
protected under international law. You may not disseminate, discuss, or
reveal, any part, to anyone, without the authors express written
authority to do so. If you are not the intended recipient, please notify
the sender then delete all copies of this message including attachments,
immediately. Confidentiality, copyright, and legal privilege are not
waived or lost by reason of the mistaken delivery of this message. Only
PDF [1] and ODF [2] documents accepted, please do not send proprietary
formatted documents

 

Links:
------
[1] http://www.adobe.com/
[2] http://en.wikipedia.org/wiki/OpenDocument
Reply | Threaded
Open this post in threaded view
|

Re: Ubuntu Auth Issues with new repository code..

Howard Leadmon
   I hear what your saying, but if you read and follow the repo page, it
says run update, and then upgrade.   Also as a test, I did remove the
old 2.2 code, and installed the new 2.3 code, and again authentication
fails.

  I am sure I may be missing something stupid, but the bottom line is,
how can I track down why it will not auth using PAM under the newer
code, when even looking at the auth modules, the configs appear to be
the same on 2.2 and 2.3, so I didn't see any adjustments I could
actually make..


---
Howard Leadmon
PBW Communications, LLC
http://www.pbwcomm.com

On 12/27/2017 5:39 PM, Noel Butler wrote:

> Why on earth you think you could upgrade versions by using two unrelated
> and different repo's is beyond me.
>
> This has always been a problem, even back in the 90's with the RPMs, RH
> v say for example Fresh, because package maintainers will package
> differently.
>
> Its like trying to stick a cisco 1800 image on an ASR9K and expecting it
> to work perfectly.
>
> Though we don't use deb or rpm based systems and haven't for about 15
> years, if I was to, I think I'd be using the creators version, and not a
> distro's version.
>

Reply | Threaded
Open this post in threaded view
|

Re: Ubuntu Auth Issues with new repository code..

Aki Tuomi-2
The problem would appear that pam is reporting a system error, which fails your authentication. Are you supposed to be using pam?

Aki

> On December 28, 2017 at 12:50 AM Howard Leadmon <[hidden email]> wrote:
>
>
>    I hear what your saying, but if you read and follow the repo page, it
> says run update, and then upgrade.   Also as a test, I did remove the
> old 2.2 code, and installed the new 2.3 code, and again authentication
> fails.
>
>   I am sure I may be missing something stupid, but the bottom line is,
> how can I track down why it will not auth using PAM under the newer
> code, when even looking at the auth modules, the configs appear to be
> the same on 2.2 and 2.3, so I didn't see any adjustments I could
> actually make..
>
>
> ---
> Howard Leadmon
> PBW Communications, LLC
> http://www.pbwcomm.com
>
> On 12/27/2017 5:39 PM, Noel Butler wrote:
> > Why on earth you think you could upgrade versions by using two unrelated
> > and different repo's is beyond me.
> >
> > This has always been a problem, even back in the 90's with the RPMs, RH
> > v say for example Fresh, because package maintainers will package
> > differently.
> >
> > Its like trying to stick a cisco 1800 image on an ASR9K and expecting it
> > to work perfectly.
> >
> > Though we don't use deb or rpm based systems and haven't for about 15
> > years, if I was to, I think I'd be using the creators version, and not a
> > distro's version.
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Ubuntu Auth Issues with new repository code..

Kenneth Porter
Another thing to check is the RPM scripts that run during an upgrade.
Compare the output of "rpm -q --scripts dovecot" for the old and new
package. See if the new package is doing all the necessary things
expected by Ubuntu. Scripts are the most platform-specific part of the
package and the hardest to make portable.
Reply | Threaded
Open this post in threaded view
|

Re: Ubuntu Auth Issues with new repository code..

Michael Marley
In reply to this post by Howard Leadmon
On 12/27/17 4:38 PM, Howard Leadmon wrote:

>    Saw the new repository notification, and figured what the heck I
> would try letting it upgrade me from the current v2.2.22 release that
> apparently is in the Ubuntu 16.04 packages, to the new repository
> release of v2.3.0.
>
>  I followed the info on repo.dovecot.org, and first it started
> bitching about lmtp (dovecot: master: Fatal: service(lmtp)
> access(/usr/lib/dovecot/lmtp) failed: No such file or directory), so I
> went back and installed the dovecot-lmtpd package and that seemed to
> fix that issue.  Just FYI, I had dovecot-core, dovecot-imapd, and
> dovecot-pop3d installed on the system.
>
>  OK, so now it started up, said it was 2.3.0 and I thought all was
> good, but now all authentication is failing.  I turned on some of the
> logging debugging, and am seeing the below:
>
> dovecot: auth-worker(19578): Debug:
> pam(toss1,127.0.0.1,<IR3NJlZhFtZ/AAAB>): lookup service=dovecot
> dovecot: auth-worker(19578): Debug:
> pam(toss1,127.0.0.1,<IR3NJlZhFtZ/AAAB>): #1/1 style=1 msg=Password:
> dovecot: auth-worker(19578): pam(toss1,127.0.0.1,<IR3NJlZhFtZ/AAAB>):
> pam_authenticate() failed: System error
> dovecot: auth: Debug: client passdb out: FAIL#0111#011user=toss1
> dovecot: imap-login: Aborted login (auth failed, 1 attempts in 3
> secs): user=<toss1>, method=PLAIN, rip=127.0.0.1, lip=127.0.1.1,
> session=<IR3NJlZhFtZ/AAAB>
>
>  I took and compared my auth files like 10-auth.conf, and
> auth-system.conf.ext, and they are identical between the two versions,
> even though they were overwritten as part of the upgrade.
>
>  If I just uninstall the 2.3.0 release, and install 2.2.22 back on the
> server, it all just starts working again.    So for now I am back on
> 2.2, but was willing to give 2.3 a run if I can get it going.   Any
> ideas as to what to look at to get this working, would be great.   As
> stated above, this is Ubuntu Server 16.04.03, and I am also running
> Postfix and amavis-new, but don't think they should really impact me
> using dovecot for email over POP3 or IMAP..
>
> ---
> Howard Leadmon
> PBW Communications, LLC
> http://www.pbwcomm.com
>
Try adding "CAP_AUDIT_WRITE" to CapabilityBoundingSet in
/lib/systemd/system/dovecot.service.  I had the same problem when I
upgraded to 2.3.0.

Michael

Reply | Threaded
Open this post in threaded view
|

Re: Ubuntu Auth Issues with new repository code..

Aki Tuomi-2
In reply to this post by Noel Butler

> On December 28, 2017 at 12:39 AM Noel Butler <[hidden email]> wrote:
>
>
> On 28/12/2017 07:38, Howard Leadmon wrote:
>
> > Saw the new repository notification, and figured what the heck I would try letting it upgrade me from the current v2.2.22 release that apparently is in the Ubuntu 16.04 packages, to the new repository release of v2.3.0.
> >
> > I followed the info on repo.dovecot.org, and first it started bitching about lmtp (dovecot: master: Fatal: service(lmtp) access(/usr/lib/dovecot/lmtp) failed: No such file or directory), so I went back and installed the dovecot-lmtpd package and that seemed to fix that issue.  Just FYI, I had dovecot-core, dovecot-imapd, and dovecot-pop3d installed on the system.
> >
> > OK, so now it started up, said it was 2.3.0 and I thought all was good, but now all authentication is failing.  I turned on some of the logging debugging, and am seeing the below:
> >
> > dovecot: auth-worker(19578): Debug: pam(toss1,127.0.0.1,<IR3NJlZhFtZ/AAAB>): lookup service=dovecot
> > dovecot: auth-worker(19578): Debug: pam(toss1,127.0.0.1,<IR3NJlZhFtZ/AAAB>): #1/1 style=1 msg=Password:
> > dovecot: auth-worker(19578): pam(toss1,127.0.0.1,<IR3NJlZhFtZ/AAAB>): pam_authenticate() failed: System error
> > dovecot: auth: Debug: client passdb out: FAIL#0111#011user=toss1
> > dovecot: imap-login: Aborted login (auth failed, 1 attempts in 3 secs): user=<toss1>, method=PLAIN, rip=127.0.0.1, lip=127.0.1.1, session=<IR3NJlZhFtZ/AAAB>
> >
> > I took and compared my auth files like 10-auth.conf, and auth-system.conf.ext, and they are identical between the two versions, even though they were overwritten as part of the upgrade.
> >
> > If I just uninstall the 2.3.0 release, and install 2.2.22 back on the server, it all just starts working again.    So for now I am back on 2.2, but was willing to give 2.3 a run if I can get it going.   Any ideas as to what to look at to get this working, would be great.   As stated above, this is Ubuntu Server 16.04.03, and I am also running Postfix and amavis-new, but don't think they should really impact me using dovecot for email over POP3 or IMAP..
> >
> > ---
> > Howard Leadmon
> > PBW Communications, LLC
> > http://www.pbwcomm.com
>
> Why on earth you think you could upgrade versions by using two unrelated
> and different repo's is beyond me.
>
> This has always been a problem, even back in the 90's with the RPMs, RH
> v say for example Fresh, because package maintainers will package
> differently.
>
> Its like trying to stick a cisco 1800 image on an ASR9K and expecting it
> to work perfectly.
>
> Though we don't use deb or rpm based systems and haven't for about 15
> years, if I was to, I think I'd be using the creators version, and not a
> distro's version.
>
> --
> Kind Regards,
>
> Noel Butler

Noel, we have actually tried to make the packages compatible with distros so that the upgrade would work. In general I agree with you, but in this case we did actually take the extra effort to see that they would be reasonably compatible with debian/ubuntu/centos packages.

That said, the upgrade is a major version change, so things might be different. Expecting that things "Just Work" is bit too much.

https://wiki2.dovecot.org/Upgrading/2.3 should help figuring out what needs to be checked.

Aki