I'm testing a migration to Virtualmin from an old Linuxconf vmail server. Linuxconf stores all the usernames and passwords for each domain in their own files. I've successfully migrated passwords from one machine to another simply by copying the the password hash from the shadow file and pasting it into the shadow file on the new server.
The problem now with Virtualmin is when I copy the password hash from the old server and past it into the current shadow file for that user, pop3 authentication fails. I've checked the setting in dovecot and I'm pretty sure it's using the /etc/shadow file for authentication. I've also noticed that there are 2 username entries for each user in the shadow file.
info@testdomain.com:$1$66606145$Lh9CtlIQybfOispFU7U6Y0:14659:::::: info-testdomain.com:$1$66606145$Lh9CtlIQybfOispFU7U6Y0:14659::::::
The old server is also using MD5 password hashes.
is there another file virtualmin keeps passwords in? What am I missing here? Any help would be greatly appreciated.
Howdy,
So just to clarify -- those users can login fine for most services, they're just having trouble with POP3 authentication?
I've also noticed that there are 2 username entries for each user in the shadow file
Yeah, there's some tricks involved when using the user@domain.com format for users. That's one of them :-)
You can read about the reasoning for that in the second question here:
http://www.virtualmin.com/documentation/email/faq
Now, as for why it's failing; are fairly certain it's POP that's failing, and not the SMTP authentication? SMTP auth can fail when using user@domain.com style emails, if the saslauthd daemon isn't using the -r parameter.
is there another file virtualmin keeps passwords in
Virtualmin isn't doing anything special there; by default, it should just use whatever the system was configured to use at installation time. And that's often going to be "PAM" -- which typically would use /etc/passwd and /etc/shadow for authentication. In my /etc/dovecot/dovecot.conf, the "passdb pam" section is uncommented.
However, what you may want to do is take a peek in your mail logs -- either /var/log/maillog or /var/log/mail.log, to see what kind of errors are showing up in there. It may contain some additional clues as to what's going on.
-Eric
Hi Eric,
Thanks for the response.
I've been searching the web and going in circles now for a while... I've done some testing that might reveal where I'm going wrong. If I reset a user password in the virtualmin web interface, the password is set and it works, I can also click the "show" link to see what the password is. If I use passwd from the command line and I reset both user ID's (the user@domain and the user-domain) I can't login to imap or pop3 with that user@domain account and there is no "show" link in the virtualmin web interface. The user-domain login works, but only for pop3?? not imap. Usermin logs in and gives the following error: "An error occurred listing mail in this folder : Failed to login to POP3 server : Authentication failed."
I have added the -r to the salsauthd FLAGS= section. Everything works fine from the virtualmin interface. So I think all I need to know is what does virtualmin do when you reset a user password? What files are updated? what auth mechanism it it using? I've set PAM to user system-auth and the system-auth settings use the shadow file.
I hope I've explained this ok, I tend to get lost in side track thoughts sometimes... -Steve
Yeah, it tends to work more straight forward by changing passwords from within Virtualmin... it updates the password Virtualmin has on file for that user (so that it shows up in the "Show Password" link.)
Also, when dealing with email users, it updates a file in the .usermin directory that contains some authentication information. That file being out of sync with the actual password could cause the trouble you're seeing.
Within Usermin, whenever you get those errors, you should be able to update the password... I believe there's a link on the top-left... something like "Change IMAP Login" -- see if running that allows you to log in correctly.
However, in the long-run -- it really does become a lot simpler to change passwords from within Virtualmin/Usermin, rather than using the command line :-)
-Eric