Login Failed

Thomas Spuhler thomas.spuhler at btspuhler.com
Fri Apr 10 23:19:58 CEST 2015


On Friday, April 10, 2015 10:34:14 PM Mateusz Kijowski wrote:
> Hmm, seems that you have distro version on cyrus (which would also explain
> the missing date extension) - on my Centos 6 host:
> 
> # rpm -qa cyrus-imapd
> cyrus-imapd-2.5-108.1.el6.kolab_3.4.x86_64
> 
> Perhaps some other packages are in wrong version?
> 
> Regards,
> 
> 
> Mateusz.
> 
> 2015-04-10 21:29 GMT+02:00 Hector Tapia <htapia at csc.com>:
> > All,
> > 
> > I was recently testing out Kolab 3.4  on Centos 7 with a lot of success.
> > During testing I upgraded to Centos 7.1 and also applied the Roundcube
> > updates that recently appeared in the Kolab 3.4 repo. Everything worked
> > great, so I decided to wipe the server and start with a fresh install of
> > everything in preparation for a demo.  I immediately had problems with
> > Cyrus-IMAP not starting due to a sieve extension issue that was resolved in
> > another thread.
> > 
> > Unfortunately, I can't log into roundcube now.  I tried changing passwords
> > and creating new users, but they all fail.
> > 
> > This is what I see in cat /var/log/roundcubemail/errors:
> > 
> > [10-Apr-2015 13:40:44,000000 -0400]: <cukd2rcp> IMAP Error: Login failed
> > for test.user at example.com from ###.###.###.###. LOGIN: Login only
> > available under a layer in
> > /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 198
> > (POST /roundcubemail/?_task=login?_task=login&_action=login)
> > 
> > I used "kolab lm" to see if the mailbox had been created, but the command
> > just hangs until I press control-c at which point I get this:
> > 
> > 2015-04-10 13:44:15,274 pykolab.imap WARNING Could not connect to Cyrus
> > IMAP server 'imaps://localhost:993'
> > 
> > I used the command, "nmap -sT -O localhost" to confirm that 993/tcp is
> > open.
> > 
> > Here is the output from "systemctl -l status cyrus-imapd":
> > 
> > cyrus-imapd.service - Cyrus-imapd IMAP/POP3 email server
> > 
> >    Loaded: loaded (/usr/lib/systemd/system/cyrus-imapd.service; enabled)
> >    Active: active (running) since Fri 2015-04-10 10:25:34 EDT; 4h 42min ago
> >   
> >   Process: 1108 ExecStartPre=/usr/lib/cyrus-imapd/cyr_systemd_helper start
> > 
> > (code=exited, status=0/SUCCESS)
> > 
> >  Main PID: 3944 (cyrus-master)
> >  
> >    CGroup: /system.slice/cyrus-imapd.service
> >    
> >            ├─ 3944 /usr/lib/cyrus-imapd/cyrus-master
> >            ├─ 4002 idled
> >            ├─ 4008 lmtpd
> >            ├─ 4009 notifyd
> >            ├─ 4012 pop3d
> >            ├─ 4017 pop3d
> >            ├─ 4018 imapd
> >            ├─ 4019 pop3d
> >            ├─ 4023 pop3d
> >            ├─ 4028 imapd
> >            ├─ 4073 imapd
> >            ├─ 4690 pop3d
> >            ├─ 4691 imapd
> >            ├─ 7601 imapd
> >            ├─ 7603 pop3d
> >            ├─ 7632 imapd
> >            ├─ 7634 ptloader
> >            ├─12239 imapd
> >            ├─12987 imapd
> >            ├─16995 imapd
> >            ├─25250 [imapd]
> >            ├─25253 pop3d -s
> >            ├─25255 imapd -s
> >            └─30509 imapd
> > 
> > Apr 10 15:08:06 host.exmple.com pop3s[25241]: pop3s: required OpenSSL
> > options not present
> > Apr 10 15:08:06 host.exmple.com imaps[25242]: imaps: required OpenSSL
> > options not present
> > Apr 10 15:08:06 host.exmple.com pop3s[25243]: pop3s: required OpenSSL
> > options not present
> > Apr 10 15:08:06 host.exmple.com pop3s[25245]: pop3s: required OpenSSL
> > options not present
> > Apr 10 15:08:06 host.exmple.com imaps[25246]: imaps: required OpenSSL
> > options not present
> > Apr 10 15:08:06 host.exmple.com pop3s[25247]: pop3s: required OpenSSL
> > options not present
> > Apr 10 15:08:06 host.exmple.com imaps[25251]: imaps: required OpenSSL
> > options not present
> > Apr 10 15:08:06 host.exmple.com imaps[25251]: Fatal error: imaps:
> > required OpenSSL options not present
> > Apr 10 15:08:06 host.exmple.com imaps[25250]: imaps: required OpenSSL
> > options not present
> > Apr 10 15:08:06 host.exmple.com imaps[25250]: Fatal error: imaps:
> > required OpenSSL options not present
> > 
> > Here is the output for "rpm -qa | grep openssl":
> > 
> > openssl-libs-1.0.1e-42.el7.4.x86_64
> > openssl-1.0.1e-42.el7.4.x86_64
> > 
> > Here is the output for "rpm -qa | grep cyrus":
> > 
> > cyrus-sasl-plain-2.1.26-17.el7.x86_64
> > cyrus-sasl-lib-2.1.26-17.el7.x86_64
> > cyrus-imapd-utils-2.4.17-8.el7_1.x86_64
> > cyrus-sasl-2.1.26-17.el7.x86_64
> > cyrus-sasl-md5-2.1.26-17.el7.x86_64
> > cyrus-imapd-2.4.17-8.el7_1.x86_64
> > cyrus-sasl-gssapi-2.1.26-17.el7.x86_64
> > 
> > Finally, here is the output for "rpm -qa | grep php":
> > 
> > php-ldap-5.4.16-23.el7_0.3.x86_64
> > php-kolabformat-1.1.git.1422810799-29.1.el7.kolab_3.4.x86_64
> > php-pear-Auth-SASL-1.0.6-5.el7.noarch
> > php-Net-LDAP3-1.0.2-2.1.el7.kolab_3.4.noarch
> > php-pear-HTTP-Request2-2.2.1-1.el7.noarch
> > php-pear-DB-1.7.14-6.el7.noarch
> > php-pear-MDB2-Driver-mysqli-1.5.0-0.8.b4.el7.noarch
> > php-ZendFramework-1.12.5-11.1.el7.kolab_3.4.noarch
> > php-mbstring-5.4.16-23.el7_0.3.x86_64
> > php-cli-5.4.16-23.el7_0.3.x86_64
> > php-pear-Net-Socket-1.0.14-1.el7.noarch
> > php-pear-Net-LDAP2-2.0.12-20.1.el7.kolab_3.4.noarch
> > php-pear-Net-URL2-2.1.1-1.el7.noarch
> > php-pear-Net-Sieve-1.3.4-1.el7.noarch
> > php-mysql-5.4.16-23.el7_0.3.x86_64
> > php-bcmath-5.4.16-23.el7_0.3.x86_64
> > php-common-5.4.16-23.el7_0.3.x86_64
> > php-Smarty-3.1.21-1.el7.noarch
> > php-pear-1.9.4-21.el7.noarch
> > php-pear-Mail-Mime-1.8.9-1.el7.noarch
> > php-pear-Net-IDNA2-0.1.1-10.el7.noarch
> > php-pear-Mail-1.2.0-7.el7.noarch
> > php-pdo-5.4.16-23.el7_0.3.x86_64
> > php-kolab-0.6.0-3.el7.kolab_3.4.x86_64
> > php-mcrypt-5.4.16-3.el7.x86_64
> > php-xml-5.4.16-23.el7_0.3.x86_64
> > php-process-5.4.16-23.el7_0.3.x86_64
> > php-pear-Net-SMTP-1.6.2-1.el7.noarch
> > php-pear-MDB2-2.5.0-0.9.b5.el7.noarch
> > php-pear-Mail-mimeDecode-1.5.5-7.el7.noarch
> > php-5.4.16-23.el7_0.3.x86_64
> > php-gd-5.4.16-23.el7_0.3.x86_64
> > 
> > I'm also going to list the content of my /etc/imap.conf:
> > 
> > configdirectory: /var/lib/imap
> > partition-default: /var/spool/imap
> > admins: cyrus-admin
> > sievedir: /var/lib/imap/sieve
> > sendmail: /usr/sbin/sendmail
> > sasl_pwcheck_method: auxprop saslauthd
> > sasl_mech_list: PLAIN LOGIN
> > allowplaintext: no
> > tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> > tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.pem
I am also using
tls_ca_file: /etc/pki/tls/certs/cyrus-imapd.pem 
(for you tls_ca_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem)
otherwise I get complaints, but it shouldn't stop working.

> > # uncomment this if you're operating in a DSCP environment (RFC-4594)
> > # qosmarking: af13
> > auth_mech: pts
> > pts_module: ldap
> > ldap_servers: ldap://localhost:389
> > ldap_sasl: 0
> > ldap_base: dc=example,dc=com
> > ldap_bind_dn: uid=kolab-service,ou=Special Users,dc=example,dc=com
> > ldap_password: xxx
> > ldap_filter:
> > (|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=%U))(&(|(uid=%U)(mail=%U@
> > %d)(mail=%U@%r))(objectclass=kolabinetorgperson)))
> > ldap_user_attribute: mail
> > ldap_group_base: dc=example,dc=com
> > ldap_group_filter:
> > (&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition))
> > ldap_group_scope: one
> > ldap_member_base: ou=People,dc=example,dc=com
> > ldap_member_method: attribute
> > ldap_member_attribute: nsrole
> > ldap_restart: 1
> > ldap_timeout: 10
> > ldap_time_limit: 10
> > unixhierarchysep: 1
> > virtdomains: userid
> > annotation_definitions: /etc/imapd.annotations.conf
> > sieve_extensions: fileinto reject envelope body vacation imapflags notify
> > include regex subaddress relational copy
> > allowallsubscribe: 0
> > allowusermoves: 1
> > altnamespace: 1
> > hashimapspool: 1
> > anysievefolder: 1
> > fulldirhash: 0
> > sieveusehomedir: 0
> > sieve_allowreferrals: 0
> > lmtp_downcase_rcpt: 1
> > lmtp_fuzzy_mailbox_match: 1
> > username_tolower: 1
> > deletedprefix: DELETED
> > delete_mode: delayed
> > expunge_mode: delayed
> > postuser: shared
> > 
> > Am I missing an openssl package or is their something in a config file
> > that I should change?
> > 
> > Thanks!
> > 
> > Hector
> > _______________________________________________
> > users mailing list
> > users at lists.kolab.org
> > https://lists.kolab.org/mailman/listinfo/users

I think using the distro versions is the right thing to do. Then you will get security updates.
(often popping up on your desktop).
I have not seen any announcement of security updated from kolab for a long time and I think never 
for non kolab packages such as 389-admin or clamd

I see you are still using php-5.4.16 so this should not apply:
https://bbs.archlinux.org/viewtopic.php?id=187063

can you log-in receive and send e-mail using mozilla-thunderbird?

and BTW, why do we use port 993
(IMAP server 'imaps://localhost:993)
$rcmail_config['default_host'] = 'tls://localhost';
$rcmail_config['smtp_server'] = 'tls://localhost';

$rcmail_config['default_port'] = 143;


-- 
Best regards
Thomas Spuhler

All of my e-mails have a valid digital signature
ID 60114E63
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.kolab.org/pipermail/users/attachments/20150410/290759bf/attachment-0001.sig>


More information about the users mailing list