New install of new domain. Have mail server running as VM on DomainController and installed as Domain Slave. Trying to connect with mail client and getting errors saying the password is wrong (which it is not). Also see connection errors in mail.info.
Not sure where to look. Any help?
Due to absence of detailed errror descriptions, just a shot in the dark:
You may want to check if univention-sasl is installed.
cheers,
Dirk
I realized afterward that I forgot to include that…but there is some mention of SASL. I assumed everything would have been installed when I selected the mail server so I will install that. If it still gives me problems I will repost with more info.
Thanks!
Made sure that univention-sasl was installed. Looks like it may have been already but possibly not configured or something. Here are 3 lines from my mail log:Jan 25 21:17:35 kure amavis[3147]: (03147-04) Passed, <nagios@xxx.local> -> <james@xxx.local>, quarantine qgKfLYU1cfME, Message-ID: <20150125175904.44C046C22A6@maui.xxx.local>, Hits: 2.531
Jan 25 21:17:35 kure postfix/smtp[14454]: AD0D9404E1: to=<james@xxx.local>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.6, delays=0.15/0.01/0/0.44, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3C7BF4050D)
Jan 25 21:17:35 kure postfix/qmgr[8972]: AD0D9404E1: removed
My Domain Controller (and first installed machine) is “Maui”. This is a bare-metal install of UCS 4.0. All computers and users were created there for the domain. My mail server is “Kure”. This is a KVM-based VM running on the “Maui” server. It is a Domain-Slave UCS 4.0 installation. I have configured the MX record to point to ‘kure.xxx.local’. As I said, all users are created on the domain on “Maui” and I know they exist…but for some reason 'Kure" does not know that. That would explain why I am unable to connect my mail client to kure as ‘james’.
Ideas?
Yes, by default the required sasl package is installed and configured if the mail server is installed.
The lines from the mail.log look good. Maybe you could post more from the log file. For example if the mail was delivered to the IMAP server.
But your main problem is that you can’t login as user james@xxx.local to the IMAP server, isn’t it? Do you use the email address as login user name?
I think the following log files could help to investigate this issue: /var/log/auth.log and /var/log/univention/listener.log
And the output of the command: /usr/lib/nagios/plugins/check_univention_replication
/usr/lib/nagios/plugins/check_univention_replication outputs a response of “OK”.
Zarafa is installed so I am trying to add email account on my client as both “Exchange” and regular email. I log into the domain as “james” and for the username on email I have tried both ‘james’ and 'james@xxx.local’
The auth.log contains the following about every 2 minutes. Nothing else of interest.Jan 30 07:02:01 maui CRON[930]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 30 07:02:01 maui CRON[931]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 30 07:02:06 maui CRON[930]: pam_unix(cron:session): session closed for user root
Jan 30 07:02:11 maui CRON[931]: pam_unix(cron:session): session closed for user root
Jan 30 07:02:29 maui nscd: nss_ldap: reconnecting to LDAP server...
Jan 30 07:02:29 maui nscd: nss_ldap: reconnected to LDAP server ldap://maui.xxx.local:7389 after 1 attempt
Here is the entirety of the listener.log:25.01.15 06:25:11.061 DEBUG_INIT
25.01.15 06:25:11.073 LISTENER ( ERROR ) : failed to connect to any notifier
25.01.15 06:25:11.073 LISTENER ( WARN ) : can not connect any server, retrying in 30 seconds
25.01.15 06:25:41.074 LISTENER ( WARN ) : chosen server: maui.xxx.local:7389
25.01.15 06:25:42.188 LISTENER ( WARN ) : replication: ldap server changed to maui.xxx.local
UNIVENTION_DEBUG_BEGIN : uldap.__open host=maui.xxx.local port=7389 base=dc=xxx,dc=local
UNIVENTION_DEBUG_END : uldap.__open host=maui.xxx.local port=7389 base=dc=xxx,dc=local
25.01.15 13:23:33.354 LISTENER ( WARN ) : Can't contact LDAP server: retrying
25.01.15 17:47:02.739 LISTENER ( WARN ) : received signal 15
25.01.15 17:48:39.714 DEBUG_INIT
25.01.15 17:48:40.742 LISTENER ( WARN ) : replication: ldap server changed to maui.xxx.local
UNIVENTION_DEBUG_BEGIN : uldap.__open host=maui.xxx.local port=7389 base=dc=xxx,dc=local
UNIVENTION_DEBUG_END : uldap.__open host=maui.xxx.local port=7389 base=dc=xxx,dc=local
25.01.15 20:27:19.051 LISTENER ( WARN ) : Can't contact LDAP server: retrying
25.01.15 21:02:22.892 LISTENER ( WARN ) : Can't contact LDAP server: retrying
zone refresh queued
zone refresh queued
zone reload successful
zone reload successful
26.01.15 06:51:15.971 LISTENER ( WARN ) : Can't contact LDAP server: retrying
26.01.15 15:56:14.649 LISTENER ( WARN ) : Can't contact LDAP server: retrying
26.01.15 16:20:06.260 LISTENER ( WARN ) : Can't contact LDAP server: retrying
26.01.15 21:20:04.287 LISTENER ( WARN ) : Can't contact LDAP server: retrying
26.01.15 21:24:18.162 LISTENER ( PROCESS ) : zarafa: initiating sync
Users and groups synchronized.
26.01.15 21:24:23.896 LISTENER ( PROCESS ) : zarafa: updating uid=james,cn=users,dc=xxx,dc=local
User information updated.
User information updated.
User information updated.
26.01.15 21:24:46.788 LISTENER ( PROCESS ) : zarafa: initiating sync
Users and groups synchronized.
26.01.15 21:24:49.600 LISTENER ( PROCESS ) : zarafa: updating uid=lisa,cn=users,dc=xxx,dc=local
User information updated.
User information updated.
User information updated.
26.01.15 21:25:46.208 LISTENER ( PROCESS ) : zarafa: initiating sync
Users and groups synchronized.
26.01.15 21:25:49.341 LISTENER ( PROCESS ) : zarafa: updating uid=xxx,cn=users,dc=xxx,dc=local
User information updated.
User information updated.
User information updated.
26.01.15 21:26:13.681 LISTENER ( PROCESS ) : zarafa: initiating sync
Users and groups synchronized.
26.01.15 21:26:16.822 LISTENER ( PROCESS ) : zarafa: updating uid=james,cn=users,dc=xxx,dc=local
User information updated.
User information updated.
User information updated.
26.01.15 21:26:17.098 LISTENER ( PROCESS ) : zarafa: updating uid=grayson,cn=users,dc=xxx,dc=local
User information updated.
User information updated.
User information updated.
26.01.15 21:26:53.763 LISTENER ( PROCESS ) : zarafa: initiating sync
Users and groups synchronized.
26.01.15 21:26:56.622 LISTENER ( PROCESS ) : zarafa: updating uid=sophia,cn=users,dc=xxx,dc=local
User information updated.
User information updated.
User information updated.
27.01.15 21:42:40.551 LISTENER ( WARN ) : Can't contact LDAP server: retrying
27.01.15 22:06:02.811 LISTENER ( PROCESS ) : replication: rename phase I: cn=xxx.local,cn=domain,cn=mail,dc=xxx,dc=local (entryUUID=96b3f0fc-3752-1034-9a6e-4fba8b232437)
27.01.15 22:06:04.065 LISTENER ( PROCESS ) : replication: rename phase II: cn=none,cn=domain,cn=mail,dc=xxx,dc=local (entryUUID=96b3f0fc-3752-1034-9a6e-4fba8b232437)
27.01.15 22:06:04.066 LISTENER ( WARN ) : Can't contact LDAP server: retrying
27.01.15 22:06:04.067 LISTENER ( PROCESS ) : replication: rename phase II: cn=none,cn=domain,cn=mail,dc=xxx,dc=local (entryUUID=96b3f0fc-3752-1034-9a6e-4fba8b232437)
27.01.15 22:06:04.082 LISTENER ( PROCESS ) : replication: rename from cn=xxx.local,cn=domain,cn=mail,dc=xxx,dc=local to cn=none,cn=domain,cn=mail,dc=xxx,dc=local
zone refresh queued
zone refresh queued
zone reload successful
zone reload successful
27.01.15 22:09:36.866 LISTENER ( PROCESS ) : replication: rename phase I: cn=none,cn=domain,cn=mail,dc=xxx,dc=local (entryUUID=96b3f0fc-3752-1034-9a6e-4fba8b232437)
27.01.15 22:09:37.206 LISTENER ( PROCESS ) : replication: rename phase II: cn=xxx.local,cn=domain,cn=mail,dc=xxx,dc=local (entryUUID=96b3f0fc-3752-1034-9a6e-4fba8b232437)
27.01.15 22:09:37.207 LISTENER ( PROCESS ) : replication: rename from cn=none,cn=domain,cn=mail,dc=xxx,dc=local to cn=xxx.local,cn=domain,cn=mail,dc=xxx,dc=local
zone refresh queued
zone refresh queued
zone reload successful
zone reload successful
Stopping nagios-nrpe: nagios-nrpe.
Starting nagios-nrpe: nagios-nrpe.
28.01.15 15:50:56.552 LISTENER ( WARN ) : Can't contact LDAP server: retrying
zone refresh queued
zone refresh queued
zone reload successful
zone reload successful
Stopping nagios-nrpe: nagios-nrpe.
Starting nagios-nrpe: nagios-nrpe.
zone refresh queued
zone reload successful
28.01.15 18:06:56.542 LISTENER ( WARN ) : Can't contact LDAP server: retrying
Stopping nagios-nrpe: nagios-nrpe.
Starting nagios-nrpe: nagios-nrpe.
29.01.15 07:22:36.967 LISTENER ( WARN ) : received signal 15
29.01.15 07:24:03.789 DEBUG_INIT
29.01.15 07:24:04.811 LISTENER ( WARN ) : replication: ldap server changed to maui.xxx.local
UNIVENTION_DEBUG_BEGIN : uldap.__open host=maui.xxx.local port=7389 base=dc=xxx,dc=local
UNIVENTION_DEBUG_END : uldap.__open host=maui.xxx.local port=7389 base=dc=xxx,dc=local
29.01.15 17:23:19.416 LISTENER ( WARN ) : received signal 15
29.01.15 17:24:41.144 DEBUG_INIT
29.01.15 17:24:42.236 LISTENER ( WARN ) : replication: ldap server changed to maui.xxx.local
UNIVENTION_DEBUG_BEGIN : uldap.__open host=maui.xxx.local port=7389 base=dc=xxx,dc=local
UNIVENTION_DEBUG_END : uldap.__open host=maui.xxx.local port=7389 base=dc=xxx,dc=local
As a follow up, I can include the bulk of the mail.info file…is there a way to attach it?
Yes, you can use the “Upload attachment” tab or you can use upload.univention.de/. But if you use Zarafa the output wouldn’t help us to solve the issue. So, it is strange because it should work out of the box.
As far as I understand, the problem is that you can’t login in the Zarafa web interface or via Outlook, right?
Can you send the output of ‘univention-ldapsearch uid=james’?
Maybe that’s the cause. Do you know where the mail domain “none” comes from? Did you rename the mail domain after creating the users? Does it also happen with new users?
Thanks for the update. I actually CAN log into the Zarafa web interface. I CANNOT log in from Outlook (or any other mail client).
I have no idea where the ‘none’ came from. I did not change anything after install. The mail domain was created first and then the users.
Output of ‘univention-ldapsearch uid=james’ from the mail server ‘kure.xxx.local’ as follows (obviously the ‘xxx’ masks personal info):[code]# extended LDIF
dn: uid=james,cn=users,dc=xxx,dc=local
uid: james
krb5PrincipalName: james@XXX.LOCAL
uidNumber: 3000
sambaAcctFlags: [U ]
sambaPasswordHistory: 03AF6F59B88FA34295623B02349FCF2E472D810F341556C94F87F3E5
C4F64A44
krb5MaxLife: 86400
cn: James Lastname
univentionBirthday: 1970-05-15
gecos: James Lastname
userPassword:: e2NyeXB0fSQ2JE9pcXJvbEp4WjJTd3phanQkWGJwaDlxdkx1UVJPVUJ0Sk90NTZ
mY1U4ajJDYnk4ejF5RU1QNjNYLjROekVrdm9PZjEwN0ZpRHNHNy9ienlEd2tjSU5rdWROZy84TnBm
R2t5ZVZYOC8=
krb5Key:: MEuhKzApoAMCARKhIgQg0lFgxD2PvaGv7JtZ+vBJqxZuWmZiKkaopFqJv7L0S6WiHDAa
oAMCAQOhEwQRRFJBR0VSLkxPQ0FMamFtZXM=
krb5Key:: MDuhGzAZoAMCARGhEgQQJ8NsYc5wxEhePrRntJ/r4KIcMBqgAwIBA6ETBBFEUkFHRVIu
TE9DQUxqYW1lcw==
krb5Key:: MEOhIzAhoAMCARChGgQYRaKbxMQO5Q2of53NruULJa2oiux/gH83ohwwGqADAgEDoRME
EURSQUdFUi5MT0NBTGphbWVz
krb5Key:: MDuhGzAZoAMCARehEgQQrJMf7Z0Lks0Wv2p9R7S6xaIcMBqgAwIBA6ETBBFEUkFHRVIu
TE9DQUxqYW1lcw==
krb5Key:: MDOhEzARoAMCAQOhCgQI30qkwTH+dtqiHDAaoAMCAQOhEwQRRFJBR0VSLkxPQ0FMamFt
ZXM=
krb5Key:: MDOhEzARoAMCAQKhCgQI30qkwTH+dtqiHDAaoAMCAQOhEwQRRFJBR0VSLkxPQ0FMamFt
ZXM=
krb5Key:: MDOhEzARoAMCAQGhCgQI30qkwTH+dtqiHDAaoAMCAQOhEwQRRFJBR0VSLkxPQ0FMamFt
ZXM=
sambaMungedDial: bQAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABkA
AEAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAUAAFABoACA
ABAEMAdAB4AEMAZgBnAFAAcgBlAHMAZQBuAHQANTUxZTBiYjAYAAgAAQBDAHQAeABDAGYAZwBGAGw
AYQBnAHMAMQAwMDAwMDAwMA==
krb5MaxRenew: 604800
mail: james@xxx.local
loginShell: /bin/bash
univentionObjectType: users/user
krb5KDCFlags: 126
gidNumber: 6000
sambaPwdLastSet: 1422021530
sambaPrimaryGroupSID: S-1-5-21-603792142-3417107124-802098132-1118
sambaNTPassword: AC931FED9D0B92CD16BF6A7D47B4BAC5
displayName: James Lastname
mailPrimaryAddress: james@xxx.local
o: The XXX Family
sambaSID: S-1-5-21-603792142-3417107124-802098132-1122
krb5KeyVersionNumber: 1
sn: XXX
pwhistory: $6$0oHE7IFEWaw7aBmm$nkHcPrQqK6nuokxCNimYlmH.2fXnaVFRWLjlMQkwijNXpWQ
OF7O07AByoAFTRM8v3n5giWITE8JGK/fqkX0Ip1
homeDirectory: /home/james
givenName: James
univentionUMCProperty: appcenterSeen=true
univentionUMCProperty: favorites=appcenter:appcenter,services,updater,udm:grou
ps/group,udm:users/user,udm:computers/computer,udm:nagios/nagios,udm:shares/s
hare,udm:dhcp/dhcp,udm:dns/dns,udm:mail/mail,ucr,uvmm:uvmm
univentionMailHomeServer: kure.xxx.local
objectClass: top
objectClass: person
objectClass: univentionPWHistory
objectClass: posixAccount
objectClass: shadowAccount
objectClass: univentionMail
objectClass: sambaSamAccount
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: krb5Principal
objectClass: krb5KDCEntry
objectClass: univentionPerson
objectClass: univentionObject
objectClass: zarafa-user
zarafaAccount: 1
zarafaSharedStoreOnly: 0
zarafa4ucsRole: user
zarafaAdmin: 0
search: 3
result: 0 Success
Hi NCDiveBum,
it reads a bit like you are trying to connect to Zarafa using the IMAP protocol. By default this is disabled for all accounts and can either be enabled on a per user base (although Univention currently has no ui for it) or for for all users.
But instead of connection Outlook via IMAP you should install the Zarafa windows client. The needed steps to install and configure Outlook with the client can be read on the user manual: doc.zarafa.com/trunk/User_Manual … re_outlook
You can find the latest version of ther client here:
download.zarafa.com/community/fi … 0/windows/
OK, gave up on Zarafa since I am not running Windows. Besides, I don’t think I should need a client to use Outlook…Outlook IS a client.
Switched back to straight Postfix/Cyrus. Making progress (I think) as the error has now changed. Now the only error I see is:
Unable to locate maildrop: Mailbox does not exist
Yes, the user exists, has kure.xxx.local set as primary mail server and the user has access perms to everything it should. I even checked for the existence of the mail folder in /var and its there (albeit buried several layers down).
Any clues?
It is really strange that it doesn’t work out-of-the-box.
Can you check on every server if the join scripts are executed: univention-run-join-scripts or UMC (web based management console) → Domain → Domain join → “Execute all pending join scripts”.
So if I understand it correctly, the IMAP login fails. But the mail box exists below /var/spool/cyrus/mail/domain/. I think you have already checked if the imapd process is up and running. The saslauthd must also be started, for example: root@master401:~# ps auwfx | grep imapd
cyrus 18904 0.0 0.4 56728 5104 ? Ss 00:04 0:00 /usr/sbin/cyrmaster -M /etc/imapd/cyrus.conf -C /etc/imapd/imapd.conf -d
cyrus 18911 0.0 0.3 85732 3788 ? S 00:04 0:00 idled -C /etc/imapd/imapd.conf
root@master401:~# ps aufwx | grep sasl
root 18800 0.0 0.3 56776 3288 ? Ss 00:04 0:00 /usr/sbin/saslauthd -a pam -c -r -m /var/run/saslauthd -n 5
root 18802 0.0 0.0 48364 536 ? S 00:04 0:00 \_ /usr/sbin/saslauthd -a pam -c -r -m /var/run/saslauthd -n 5
root 18803 0.0 0.0 48364 536 ? S 00:04 0:00 \_ /usr/sbin/saslauthd -a pam -c -r -m /var/run/saslauthd -n 5
root 18804 0.0 0.0 48364 536 ? S 00:04 0:00 \_ /usr/sbin/saslauthd -a pam -c -r -m /var/run/saslauthd -n 5
root 18805 0.0 0.6 60564 6936 ? S 00:04 0:00 \_ /usr/sbin/saslauthd -a pam -c -r -m /var/run/saslauthd -n 5
root@master401:~#
Can you try a login via cyradm, for example: root@master401:~# cyradm -u gohmann@deadlock40.intranet localhost
Password:
localhost> lm
INBOX (\HasChildren) INBOX/Spam (\HasNoChildren)
INBOX/Ham (\HasNoChildren)
localhost>
Please restart the saslauthd and the IMAP server before trying to login via cyradmin: /etc/init.d/saslauthd restart; /etc/init.d/cyrus-imapd restart
If you login via cyradm, you should see an output like the following in /var/log/auth.log: Jan 15 00:11:25 master401 saslauthd[21263]: pam_unix(imap:auth): check pass; user unknown
Jan 15 00:11:25 master401 saslauthd[21263]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jan 15 00:11:25 master401 PAM-univentionmailcyrus[21263]: continuing as user stefan
Jan 15 00:11:25 master401 PAM-runasroot[21263]: continuing as normal user
Please also check the messages in /var/log/mail.log.
If it doesn’t help, please send us an support info archive of the system and we will have a closer look: sdb.univention.de/1182
Just getting back to this after a lot of illness in our house 
You are right that its strange it doesn’t work out of the box. I did a bit more digging and everything works as expected. All join scripts are executed, impad and sasl are both running, and I can login via the command line with cyradm.
Now the interesting part. When I login with cyradm and use the “lm” command, I do NOT get INBOX returned. This is the output:
localhost> lm
shared/james (\HasNoChildren)
So I guess there is in fact NO inbox for my user? Why would that happen and how do I fix it?
Again, my DC is the machine ‘MAUI’ and the mail server is ‘KURE’ which is a domain slave. When I installed the mail server on KURE shouldnt it have created the inboxes?
Do you use the email address as login?
root@master421:~# cyradm -u stefan localhost
Password:
localhost> lm
localhost>
root@master421:~# cyradm -u gohmann@deadlock42.intranet localhost
Password:
localhost> lm
INBOX (\HasChildren) INBOX/Spam (\HasNoChildren)
INBOX/Ham (\HasNoChildren)
localhost>
Otherwise please post /etc/imapd/imapd.conf and the result of find /var/spool/cyrus/mail/. You can try to re-create the mail folders with the following command univention-directory-listener-ctrl resync cyrus.
Hope it helps.
I tried logging in as both “james” and “james@xxx.local” and I get the same inbox result each time.
I did the “univention-directory-listener-ctrl resync cyrus” and got the following result:
waiting for listener modules to finish
waiting for listener modules to finish
waiting for listener modules to finish
waiting for listener modules to finish
waiting for listener modules to finish
waiting for listener modules to finish
listener shutdown done
The resync seems to have done the trick! Thank you so much…hard to believe it was something so simple that resolved it.
