NethServer Version: NethServer 7.7.1908, Linux myserver@mydomain.nl 3.10.0-1062.9.1.el7.x86_64 #1 SMP Fri Dec 6 15:49:49 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Module: Sogo / Dovecot, basic configuration with AD backend enabled.
Today I spent a few hours trying to find a fix for imap login failures.
Imap logins with a username and domain name fail, the username alone authenticates correctly. For some users.
I can reproduce the problem using doveadm auth:
[root@myserver sogo]# doveadm auth test user1@mydomain.nl
Password:
passdb: user1@mydomain.nl auth failed
extra fields:
user=user1@mydomain.nl
[root@myserver sogo]# doveadm auth test user1
Password:
passdb: user1 auth succeeded
extra fields:
user=user1
[root@myserver sogo]# doveadm auth test user2
Password:
passdb: user2 auth succeeded
extra fields:
user=user2
[root@myserver sogo]# doveadm auth test user2@mydomain.nl
Password:
passdb: user2@mydomain.nl auth succeeded
extra fields:
user=user2
The SOGO web interface shows a correct login for user1 in the journalctl log, followed by a auth deny of the Sogo imap client trying to authenticate user1@mydomain.nl
The findings:
- recreating the account of user1: I was able to login to the SOGO webclient successfully only once, the next logon failed.
- 3 of 25 users on this server have the same issue.
I don’t know how to find out what is wrong. It may be a bug.
Does passdb backend use AD authentication (kerberos)?, LDAP auth?
Any leads on how to troubleshoot this on the nsdc container?