Unable to authenticate


(Mats) #1

NethServer Version: 7.6.1810
Module: WebTop5
I’ve installed WebTop5 and when I try to login it fails for both imap and Webtop5. I finally found out that it didn’t accept that I had a € as special character in my password.
In messages it logs [sssd[krb5_child[9642]]]: Preauthentication failed
In imap it logs dovecot: imap-login: Disconnected (auth failed, 1 attempts in 5 secs): user=, method=PLAIN, rip=192.168.y.y lip=192.168.x.x, TLS: Disconnected, session=

It uses a local Samba Active directory.


(Giacomo Sanchietti) #2

@webtop_team can you try to reproduce?


(Luca Gasparini) #3

Hi @mahaq and @giacomo,
I just replicated the problem with a local LDAP provider account: if the password contains the character ‘€’ you can not log in with some applications (tried with Roundcube and WebTop).

I could not do the same test with a local Samba AD, I can not set a password that contains the character ‘€’, the nethserver-dc-password-set event fails:

Feb 11 10:03:35 vmns7 esmith::event[1968]: Event: password-modify test@domain.org /tmp/ng-7nGput
Feb 11 10:03:35 vmns7 esmith::event[1968]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.022817]
Feb 11 10:03:36 vmns7 esmith::event[1968]: ERROR: Failed to set password for user 'test': 'ascii' codec can't decode byte 0xe2 in position 9: ordinal not in range(128)
Feb 11 10:03:36 vmns7 esmith::event[1968]: Action: /etc/e-smith/events/password-modify/S30nethserver-dc-password-set FAILED: 255 [1.616114]
Feb 11 10:03:37 vmns7 esmith::event[1968]: Enabled user 'test'
Feb 11 10:03:37 vmns7 esmith::event[1968]: Action: /etc/e-smith/events/password-modify/S40nethserver-dc-user-unlock SUCCESS [0.940534]
Feb 11 10:03:38 vmns7 esmith::event[1968]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.413987]
Feb 11 10:03:38 vmns7 esmith::event[1968]: Event: password-modify FAILED

(Giacomo Sanchietti) #4

So is this a problem related to the IMAP server? Does dovecot allow the login?


(Luca Gasparini) #5

If I try to authenticate directly on dovecot with

# doveadm auth test pippo
Password:
passdb: pippo auth succeeded
extra fields:
  user=pippo

the login is successful.

If I try logging on Roundcube I do not login and /var/log/secure reports this:

Feb 12 10:38:34 wt5dev auth: pam_sss(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=pippo@nethesis.it rhost=127.0.0.1 user=pippo@nethesis.it
Feb 12 10:38:34 wt5dev auth: pam_sss(dovecot:auth): received for user pippo@nethesis.it: 7 (Authentication failure)