ISPconfig user@domain email login HOW TO

For those that want to log into your email with user@domain here it is.
In ispconfig control panel , log in as admin and go to Management -> system config -> settings -> ISP manager ; and change "User Prefix" to [DOMAIN]_

We wil be using couriers userdb for authentication purposes.
Users wil now be added to the system as domain_user using the ispconfig frontend.

Edit authdaemonrc located at /etc/courier/ (on my ubuntu system) and change the line reading authmodulelist so it look like this

Code:

authmodulelist="authuserdb authpam"

Save and restart courier authdaemon.

Here is the code for the script that wil convert the text to user@domain that you would be able to login in with

Code:

#!/bin/bash

delim="_"

OIFS=$IFS
IFS="
"
rm -rf /etc/courier/userdb
touch /etc/courier/userdb
chmod 600 /etc/courier/userdb
for line in `pw2userdb2 | grep -ir user`
do
        domain=$( echo $line | cut -d"$delim" -f1 )
        useruid=$( echo $line | cut -d"$delim" -f2 )
        username=$( echo $useruid | cut -d'     ' -f1 )
        uid=$( echo $useruid | cut -d'  ' -f2 )
        gid=$( echo $line | cut -d"$delim" -f3 )
        home=$( echo $line | cut -d"$delim" -f4 )
        shell=$( echo $line | cut -d"$delim" -f6 )
        password=$( echo $line | cut -d"$delim" -f7)
        echo "$username@$domain $uid|$gid|${home}_$username|$shell|$password|/var/www/www.$domain/user/${domain}_$username/Maildir" >> /etc/courier/userdb
        /usr/lib/courier/makeuserdb
done

IFS=$OIFS

Also replace pw2userdb that is located in /usr/sbin on my system , it may be at a dif location to mine, in that case just use the following command to see where the file is located "which pw2userdb" and replace the code inside with this:

Code:

#! /usr/bin/perl
#
#  Convert /etc/passwd and /etc/shadow to userdb format.
#
#  $Id: pw2userdb.in,v 1.5 2000/07/19 11:55:15 mrsam Exp $
#
# Copyright 1998 - 1999 Double Precision, Inc.  See COPYING for
# distribution information.

use Getopt::Long;

#
#  Some undocumented options here (for vchkpw2userdb)
#

die "Invalid options.\n" unless
        GetOptions("passwd=s" => \$passwd, "shadow=s" => \$shadow,
                "noshadow" => \$noshadow, "nouid" => \$nouid,
                "domain=s" => \$domain, "vpopuid" => \$vpopuid );

($dummy, $dummy, $fixed_uid, $fixed_gid)=getpwnam("vpopmail")
        if $vpopuid;

$passwd="/etc/passwd" unless $passwd =~ /./;
$shadow="/etc/shadow" unless $shadow =~ /./;

$domain="" unless $domain =~ /./;
$domain="\@$domain" if $domain =~ /./;

open(PASSWD, $passwd) || die "$!\n";

while (<PASSWD>)
{
        chop if /\n$/;
        next if /^#/;
        ($acct,$passwd,$uid,$gid,$name,$home,$shell)=split( /:/ );

        ($uid,$gid)=($fixed_uid,$fixed_gid) if $vpopuid;

        $PASSWORD{$acct}=$passwd if $passwd ne "x";
        $UID{$acct}=$uid;
        $GID{$acct}=$gid;
        $HOME{$acct}=$home;
        $SHELL{$acct}=$shell;

        $name =~ s/\|/./g;      # Just in case
        $GECOS{$acct}=$name;
}
close (PASSWD);

if ( -f $shadow && ! $noshadow)
{
        open (SHADOW, $shadow) || die "$!\n";
        while (<SHADOW>)
        {
                next if /^#/;
                ($acct,$passwd,$dummy)=split(/:/);
                $PASSWORD{$acct}=$passwd;
        }
        close (SHADOW);
}

while ( defined ($key=each %UID))
{
        print "$key$domain\tuid=$UID{$key}|gid=$GID{$key}|home=$HOME{$key}" .
                ( $SHELL{$key} =~ /./ ? "|shell=$SHELL{$key}":"") .
                ( $PASSWORD{$key} =~ /./ ? "|systempw=$PASSWORD{$key}":"") .
                ( $GECOS{$key} =~ /./ ? "|gecos=$GECOS{$key}":"") .
                "\n";
        print "$UID{$key}=\t$key\n" unless $nouid;
}

Put he first script in a crontab to remake the userdb file. like this: run the command "crontab -e"
Add into the file:

Code:

*/5 * * * * /location_of_the_script/script_name

And Save.



I am busy changing the script so that it would check to see if there has been any changes made before rebuilding the userdb file and if there wasn't any changes it won't do anything.
Hope this helps some people in the mean time. Still busy improving it.

 

Thanks for the reply. No i can get rid of the crontab and that also solves my problem with the checking if the file have changed.

i wil have a look at the smtp-auth and give a reply if i have a solution.

 

I just deleted User Prefix.(now is blank ) and had same effect.

 

Hi... do you mean you just leave the user prefix blank and didn't go through the how-tos on the courier and pw2userdb?

 

Status review?

Hello, I'd like to review the status of this patch. Is it working wih 2.2.10?

I have tried it, but it didn't work as long as 'pw2userdb | grep -ir user' returns nothing. I only have a user with email, which is the admin for his domain, the username is domain.com_info.

Does the patch apply only to normal users or it should work also with admins?

I think there is a typo in:

for line in `pw2userdb2 | grep -ir user`

and it should be:

for line in `pw2userdb | grep -ir user`

I have put the exec sentence in /root/ispconfig/scripts/writeconf.php, as stated by till. I understand there is no more the need for the cron job.

desmondk: did you solve the smtp-auth scenario?

IKShadow: I guess that deleting the prefix is a solution when you intend to have only one domain, because you won't be able to have the same user for different domains (e.g. info). Please correct me in case I'm wrong.

jwan: when you remove prefix, you only need the username to log in, there is no more need of attaching the domain name, but as stated above, I guess that it is good only when you only intend to have one domain.

Thank you very much for your work and your replies, I'd really love to have this feature working.

 

I've seen the other post

I've seen the other post:

http://www.howtoforge.com/forums/showthread.php?t=7881

 

Simpler script to create the userdb

I setup my server similarly. However the first script of the original post can be considerably simplified using awk:

Code:

#!/bin/bash
delim="_"

rm -rf /etc/courier/userdb
touch /etc/courier/userdb
chmod 600 /etc/courier/userdb
pw2userdb | grep -ir www/web | awk -F"\t" '
{
  count = split($1,emailparts,"'$delim'");
  if ( count > 1 ) {
    print emailparts[2]"@"emailparts[1]"\t"$2;
  }
}'  >> /etc/courier/userdb
makeuserdb

Of course, this assumes that courier is already setup correctly to look into $HOMEDIR/Maildir for the mailboxes...
Also notice that I didn't grep for "user", but rather for the www/web part of the homedir. I had problems with other system users that also had the string "user" somewhere in their passwd entry.

 

Hi,

I try the solutions of desmondk with some correction.

If I run manualy the script (I put it in my /usr/sbin/ folder and I rename it my_email ) it doesn't return errors and it execute.

But if I try to login with [email protected] i receive an error from my client.

Can you explain me: I add a new user than I run the script, but the script from where take the user datails?
The file /etc/courier/userdb is always empty (also if I comment the line makeuserdb in the script).

Can you suggest me a debug solutions? I'm not able with linux but I have to understand.

Thank you.

Andrea

 

Hi All,

I have applied this patch. It works great except for 1 thing. When i send(SMTP) through my server, the authentication requires domain_user and not [email protected]

Can anybody please help me with this.

 

Hi kassi,

i've found a possible Solution for this so Postfix can auth against Couriers userdb. But it doesn't work for me now because my Ubuntu create's a a tmpfs for /var/run directory and so i can't create a hardlink between 2 different filesystems. I didn't find out where ubuntu do this so i can't crate a real /var/run directory so this could work. Any suggestions?


Your /etc/postfix/sasl/smtpd.conf, which you create should look as the following:

pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
authdaemond_path: /var/run/courier/authdaemon/socket


Because the postfix smtpd is running in a chroot enviroment, you have to link the authdaemon-socket to this.

mkdir -p /var/spool/postfix/var/run/courier/authdaemon/
ln /var/run/courier/authdaemon/socket /var/spool/postfix/var/run/courier/authdaemon/socket
chown -R daemon:daemon /var/spool/postfix/var/run/courier

Because the socket changes everytime you restart the courier-authdaemon you must refresh the hardlink above.
Best do this with the authdaemon start-script /etc/init.d/courier-authdaemon.



Edit the authdaemon start-script /etc/init.d/courier-authdaemon like this:

start)

# Start daemons.
cd /
if test -x /authlib/authdaemond
then
echo -n Starting Courier authdaemon:
/authlib/authdaemond start
sleep 3
#new entry for creating hardlink to courier socket
ln -f /var/run/courier/authdaemon/socket /var/spool/postfix/var/run/courier/authdaemon/socket
echo done.
fi
;;

 

Did you find a solution Impi?

I'd like to try to help you, I use ubuntu also.

It would be great to have the chance of dual SMTP auth (user@domain and domain_user).

Thanks for your efforts!

 

i put to work sptm-auth with user@domain

I am using Ubuntu 7.04, i followed the steps in the perfect setup and set up everything to use Maildir, installed ISPConfig. Then used the script from kainhofer at the end of /root/ispconfig/scripts/writeconf.php, and the pw2userdb, and everything went fine up to that point.
Now, to the smtp-auth with user@domain:
Based on the post from imp, i made the following:
modified /etc/postfix/sasl/smtpd.conf so that it looks this way:

pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
authdaemond_path: /var/run/courier/authdaemon/socket

Then i modified /etc/init.d/coutier-authdaemon with this changes:
The line

Code:

run_dir="/var/run/courier/authdaemon"

replaced with

Code:

run_dir="/var/spool/postfix/var/run/courier/authdaemon"

and

Code:

# create  /var/run if it does not already exist
if [ ! -d ${run_dir} ]; then
     mkdir -p ${run_dir}
     chown daemon:daemon ${run_dir} /var/run/courier
     chmod 750 ${run_dir}
fi

replaced with

Code:

# create  /var/run if it does not already exist
if [ ! -d ${run_dir} ]; then
     mkdir -p ${run_dir}
     chown daemon:daemon ${run_dir} /var/spool/postfix/var/run/courier
     chmod 750 ${run_dir}
fi

if [ ! -h /var/run/courier ]; then
     ln -s /var/spool/postfix/var/run/courier /var/run/courier
fi

This works because we can not link from the postfix environment to outside, but we can do the opposite
I hope it helps find a common method for every distro (i can not understand why ispconfig developers do not set this up already, it's very obvious, everyone uses this standard)

Regards!!
Leonardo

 

Thanks Xinefnarg!

Thanks Xinefnarg!

I'm also using ubuntu 7.04 and I'm considering this method for a server which is in production...

So, I'd like to know if you recommend it (if users would be able lo log in using their 'real' name: domain_user).

 

I'm currently working on a better way to do it, as the above configuration breaks my system.

Some of my users have very long (>50 characters) domain names, so prefixing their accounts with their domain name breaks stuff. Either ISPConfig or Ubuntu can't handle 60 character usernames. So I'm using the default prefix of web[WEBID]_.

Instead, I'm modifying pw2userdb to look at /etc/postfix/virtusertable, and use that to associate each email address with a system user.

I'm half way through writing the script, after I've tested it I'll post it here.

 

Ok, so here is my guide for setting this up. I'm pretty certain I've included all the steps. If I've forgotten any let me know help you fix it.

Advantages of this method:

• Works with long domain names
• User can login to IMAP/POP3/SMTP with any of their associated email addresses
• User can also login with their actual system username (ie. web1_grant)
• Mailuser login still works.
• Users are updated automatically, no cron jobs

EDIT: Changed to that https://www.yourdomain.com:81/mailuser still works, people can still login in to change their mail settings.

First, setup the perfect server setup for ubuntu, and install ISPConfig. Setup at least 1 email user so you can test that this works.

Install my modified pw2userdb script. Save it as /root/ispconfig/scripts/custpw2userdb:

Code:

#! /usr/bin/perl
#
#  Convert /etc/passwd and /etc/shadow to userdb format.
#
#  Modified by Grant Emsley <[email protected]> for ISPConfig
#
#  Now takes usernames from postfix virtual user table
#  so people can login with their email address
#
# Originally Copyright 1998 - 1999 Double Precision, Inc.
#

# Locations for files used
$passwd="/etc/passwd";
$shadow="/etc/shadow";
$virtusertable = "/etc/postfix/virtusertable";
$userdb = "/etc/courier/userdb";
$userdbtmp = "/etc/courier/userdb.tmp";

# Location of makeuserdb program
$makeuserdb = "/usr/sbin/makeuserdb";

open(PASSWD, $passwd) || die "$!\n";

while (<PASSWD>)
{
        chop if /\n$/;
        next if /^#/;
        ($acct,$passwd,$uid,$gid,$name,$home,$shell)=split( /:/ );

        $PASSWORD{$acct}=$passwd if $passwd ne "x";
        $UID{$acct}=$uid;
        $GID{$acct}=$gid;
        $HOME{$acct}=$home;
        $SHELL{$acct}=$shell;

        $name =~ s/\|/./g;      # Just in case
        $GECOS{$acct}=$name;
}
close (PASSWD);

if ( -f $shadow && ! $noshadow)
{
        open (SHADOW, $shadow) || die "$!\n";
        while (<SHADOW>)
        {
                next if /^#/;
                ($acct,$passwd,$dummy)=split(/:/);
                $PASSWORD{$acct}=$passwd;
        }
        close (SHADOW);
}

# Grab users out of the virtusertable
# Write it to a temp file
open (USERTABLE, $virtusertable) || die "$!\n";
open (USERDBTMP,">$userdbtmp") || die "$!\n";
while (<USERTABLE>) {
        chop if /\n$/;
        next if /^#/;  # skip lines that start with #
        ($email,$username)=split();

        print USERDBTMP "$email\tuid=$UID{$username}|gid=$GID{$username}|gecos=$GECOS{$username}|home=$HOME{$username}|shell=$SHELL{$username}|systempw=$PASSWORD{$username}\n";
}

# Let them also login with their real system username
while ( defined ($key=each %UID)) {
        print USERDBTMP "$key\tuid=$UID{$key}|gid=$GID{$key}|gecos=$GECOS{$key}|home=$HOME{$key}|shell=$SHELL{$key}|systempw=$PASSWORD{$key}\n";
}

close (USERTABLE);
close (USERDBTMP);

# Move the temp file to the real one
rename $userdbtmp, $userdb;
# Set the proper permissions on it
system("chmod 600 $userdb");

# Run makeuserdb
system($makeuserdb);

Edit /root/ispconfig/scripts/writeconf.php. Right BEFORE echo "ende\n"; add the line:

Code:

exec("/root/ispconfig/scripts/custpw2userdb &> /dev/null");

Edit /etc/courier/authdaemonrc. Find the line authmodulelist="authpam"
Change it to:

Code:

authmodulelist="authuserdb"

Edit /etc/postfix/sasl/smtpd.conf to say:

Code:

pwcheck_method: authdaemond
mech_list: plain login
log_level: 3
authdaemond_path:/var/run/courier/authdaemon/socket

Edit /etc/init.d/courier-authdaemon. Change the top of the file to look like this:

Code:

#! /bin/sh -e

prefix="/usr"
exec_prefix=${prefix}
sysconfdir="/etc/courier"
sbindir="${exec_prefix}/sbin"
daemonscript="${sbindir}/authdaemond"
run_dir="/var/spool/postfix/var/run/courier/authdaemon"

# create  /var/run if it does not already exist
if [ ! -d ${run_dir} ]; then
        mkdir -p ${run_dir}
        chown daemon:daemon ${run_dir} /var/spool/postfix/var/run/courier
        chmod 755 ${run_dir}
fi

if [ ! -h /var/run/courier ]; then
        ln -s /var/spool/postfix/var/run/courier /var/run/courier
fi

. /lib/lsb/init-functions

Add local system accounts that AREN'T managed by ISPConfig to Virtusertable

Reboot the system (or shutdown postfix/courier/authdaemond, rm -r /var/run/courier, and restart them all).

 

Can this be ported to Mandriva? And can the whole ISPConfig system be modified to use this script for login, and other functions that requier login's?

 

Hi grand,
I have some questions to ask.
1- Do I have to create a new folder /home/root/ispconfig/scripts/ or it is same existing folder /root/ispconfig/scripts/?
2- When you say:
a. “Edit /etc/postfix/sasl/” = Edit /etc/postfix/sasl/smtpd.conf?
b. “authdaemond_path:/var/run/courier/authdaemon/socke” = soket?

If all 3 are OK may be en error in other place that I don’t know how to find it, because my knowledge is very poor.
After I was unavailable to login.

May some one check if it works?

Thnaks,
tony

 

I apologized, all three of those were typos on my part. I've edited my post to correct them.

If you still can't login, check /var/log/mail.log and see what errors are in there.

 

Hi Grant,
Again Thanks!
Tony