ISPconfig user@domain email login HOW TO

Discussion in 'Tips/Tricks/Mods' started by desmondk, Nov 2, 2006.

  1. desmondk

    desmondk New Member

    For those that want to log into your email with user@domain here it is.
    In ispconfig control panel , log in as admin and go to Management -> system config -> settings -> ISP manager ; and change "User Prefix" to [DOMAIN]_

    We wil be using couriers userdb for authentication purposes.
    Users wil now be added to the system as domain_user using the ispconfig frontend.

    Edit authdaemonrc located at /etc/courier/ (on my ubuntu system) and change the line reading authmodulelist so it look like this

    Code:
    authmodulelist="authuserdb authpam"
    
    Save and restart courier authdaemon.

    Here is the code for the script that wil convert the text to user@domain that you would be able to login in with
    Code:
    #!/bin/bash
    
    delim="_"
    
    OIFS=$IFS
    IFS="
    "
    rm -rf /etc/courier/userdb
    touch /etc/courier/userdb
    chmod 600 /etc/courier/userdb
    for line in `pw2userdb2 | grep -ir user`
    do
            domain=$( echo $line | cut -d"$delim" -f1 )
            useruid=$( echo $line | cut -d"$delim" -f2 )
            username=$( echo $useruid | cut -d'     ' -f1 )
            uid=$( echo $useruid | cut -d'  ' -f2 )
            gid=$( echo $line | cut -d"$delim" -f3 )
            home=$( echo $line | cut -d"$delim" -f4 )
            shell=$( echo $line | cut -d"$delim" -f6 )
            password=$( echo $line | cut -d"$delim" -f7)
            echo "$username@$domain $uid|$gid|${home}_$username|$shell|$password|/var/www/www.$domain/user/${domain}_$username/Maildir" >> /etc/courier/userdb
            /usr/lib/courier/makeuserdb
    done
    
    IFS=$OIFS
    
    Also replace pw2userdb that is located in /usr/sbin on my system , it may be at a dif location to mine, in that case just use the following command to see where the file is located "which pw2userdb" and replace the code inside with this:
    Code:
    #! /usr/bin/perl
    #
    #  Convert /etc/passwd and /etc/shadow to userdb format.
    #
    #  $Id: pw2userdb.in,v 1.5 2000/07/19 11:55:15 mrsam Exp $
    #
    # Copyright 1998 - 1999 Double Precision, Inc.  See COPYING for
    # distribution information.
    
    use Getopt::Long;
    
    #
    #  Some undocumented options here (for vchkpw2userdb)
    #
    
    die "Invalid options.\n" unless
            GetOptions("passwd=s" => \$passwd, "shadow=s" => \$shadow,
                    "noshadow" => \$noshadow, "nouid" => \$nouid,
                    "domain=s" => \$domain, "vpopuid" => \$vpopuid );
    
    ($dummy, $dummy, $fixed_uid, $fixed_gid)=getpwnam("vpopmail")
            if $vpopuid;
    
    $passwd="/etc/passwd" unless $passwd =~ /./;
    $shadow="/etc/shadow" unless $shadow =~ /./;
    
    $domain="" unless $domain =~ /./;
    $domain="\@$domain" if $domain =~ /./;
    
    open(PASSWD, $passwd) || die "$!\n";
    
    while (<PASSWD>)
    {
            chop if /\n$/;
            next if /^#/;
            ($acct,$passwd,$uid,$gid,$name,$home,$shell)=split( /:/ );
    
            ($uid,$gid)=($fixed_uid,$fixed_gid) if $vpopuid;
    
            $PASSWORD{$acct}=$passwd if $passwd ne "x";
            $UID{$acct}=$uid;
            $GID{$acct}=$gid;
            $HOME{$acct}=$home;
            $SHELL{$acct}=$shell;
    
            $name =~ s/\|/./g;      # Just in case
            $GECOS{$acct}=$name;
    }
    close (PASSWD);
    
    if ( -f $shadow && ! $noshadow)
    {
            open (SHADOW, $shadow) || die "$!\n";
            while (<SHADOW>)
            {
                    next if /^#/;
                    ($acct,$passwd,$dummy)=split(/:/);
                    $PASSWORD{$acct}=$passwd;
            }
            close (SHADOW);
    }
    
    while ( defined ($key=each %UID))
    {
            print "$key$domain\tuid=$UID{$key}|gid=$GID{$key}|home=$HOME{$key}" .
                    ( $SHELL{$key} =~ /./ ? "|shell=$SHELL{$key}":"") .
                    ( $PASSWORD{$key} =~ /./ ? "|systempw=$PASSWORD{$key}":"") .
                    ( $GECOS{$key} =~ /./ ? "|gecos=$GECOS{$key}":"") .
                    "\n";
            print "$UID{$key}=\t$key\n" unless $nouid;
    }
    


    Put he first script in a crontab to remake the userdb file. like this: run the command "crontab -e"
    Add into the file:
    Code:
    */5 * * * * /location_of_the_script/script_name
    
    And Save.



    I am busy changing the script so that it would check to see if there has been any changes made before rebuilding the userdb file and if there wasn't any changes it won't do anything.
    Hope this helps some people in the mean time. Still busy improving it.
     
    Last edited: Nov 2, 2006
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    This looks like a interesting solution.

    You may add a exec command to run the script e.g. at the end of /root/ispconfig/scripts/writeconf.php script right before the ispconfig_lock file is deleted.

    Have you solved this problem for smtp-auth in postfix too?
     
  3. desmondk

    desmondk New Member

    Thanks for the reply. No i can get rid of the crontab and that also solves my problem with the checking if the file have changed.

    i wil have a look at the smtp-auth and give a reply if i have a solution.
     
  4. IKShadow

    IKShadow New Member

    I just deleted User Prefix.(now is blank ) and had same effect. :)
     
  5. jwan

    jwan New Member

    Hi... do you mean you just leave the user prefix blank and didn't go through the how-tos on the courier and pw2userdb?
     
  6. Telesat

    Telesat ISPConfig Developer ISPConfig Developer

    Status review?

    Hello, I'd like to review the status of this patch. Is it working wih 2.2.10?

    I have tried it, but it didn't work as long as 'pw2userdb | grep -ir user' returns nothing. I only have a user with email, which is the admin for his domain, the username is domain.com_info.

    Does the patch apply only to normal users or it should work also with admins?

    I think there is a typo in:

    for line in `pw2userdb2 | grep -ir user`

    and it should be:

    for line in `pw2userdb | grep -ir user`

    I have put the exec sentence in /root/ispconfig/scripts/writeconf.php, as stated by till. I understand there is no more the need for the cron job.

    desmondk: did you solve the smtp-auth scenario?

    IKShadow: I guess that deleting the prefix is a solution when you intend to have only one domain, because you won't be able to have the same user for different domains (e.g. info). Please correct me in case I'm wrong.

    jwan: when you remove prefix, you only need the username to log in, there is no more need of attaching the domain name, but as stated above, I guess that it is good only when you only intend to have one domain.

    Thank you very much for your work and your replies, I'd really love to have this feature working.
     
    Last edited: Feb 27, 2007
  7. Telesat

    Telesat ISPConfig Developer ISPConfig Developer

  8. kainhofer

    kainhofer New Member

    Simpler script to create the userdb

    I setup my server similarly. However the first script of the original post can be considerably simplified using awk:

    Code:
    #!/bin/bash
    delim="_"
    
    rm -rf /etc/courier/userdb
    touch /etc/courier/userdb
    chmod 600 /etc/courier/userdb
    pw2userdb | grep -ir www/web | awk -F"\t" '
    {
      count = split($1,emailparts,"'$delim'");
      if ( count > 1 ) {
        print emailparts[2]"@"emailparts[1]"\t"$2;
      }
    }'  >> /etc/courier/userdb
    makeuserdb
    
    Of course, this assumes that courier is already setup correctly to look into $HOMEDIR/Maildir for the mailboxes...
    Also notice that I didn't grep for "user", but rather for the www/web part of the homedir. I had problems with other system users that also had the string "user" somewhere in their passwd entry.
     
  9. advinser

    advinser New Member

    Hi,

    I try the solutions of desmondk with some correction.

    If I run manualy the script (I put it in my /usr/sbin/ folder and I rename it my_email ) it doesn't return errors and it execute.

    But if I try to login with [email protected] i receive an error from my client.

    Can you explain me: I add a new user than I run the script, but the script from where take the user datails?
    The file /etc/courier/userdb is always empty (also if I comment the line makeuserdb in the script).

    Can you suggest me a debug solutions? I'm not able with linux but I have to understand.

    Thank you.

    Andrea
     
  10. kassie

    kassie New Member

    Hi All,

    I have applied this patch. It works great except for 1 thing. When i send(SMTP) through my server, the authentication requires domain_user and not [email protected]

    Can anybody please help me with this.:confused:
     
  11. Impi

    Impi New Member

    Hi kassi,

    i've found a possible Solution for this so Postfix can auth against Couriers userdb. But it doesn't work for me now because my Ubuntu create's a a tmpfs for /var/run directory and so i can't create a hardlink between 2 different filesystems. I didn't find out where ubuntu do this so i can't crate a real /var/run directory so this could work. Any suggestions?


    Your /etc/postfix/sasl/smtpd.conf, which you create should look as the following:

    pwcheck_method: authdaemond
    log_level: 3
    mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
    authdaemond_path: /var/run/courier/authdaemon/socket


    Because the postfix smtpd is running in a chroot enviroment, you have to link the authdaemon-socket to this.

    mkdir -p /var/spool/postfix/var/run/courier/authdaemon/
    ln /var/run/courier/authdaemon/socket /var/spool/postfix/var/run/courier/authdaemon/socket
    chown -R daemon:daemon /var/spool/postfix/var/run/courier

    Because the socket changes everytime you restart the courier-authdaemon you must refresh the hardlink above.
    Best do this with the authdaemon start-script /etc/init.d/courier-authdaemon.



    Edit the authdaemon start-script /etc/init.d/courier-authdaemon like this:

    start)

    # Start daemons.
    cd /
    if test -x /authlib/authdaemond
    then
    echo -n Starting Courier authdaemon:
    /authlib/authdaemond start
    sleep 3
    #new entry for creating hardlink to courier socket
    ln -f /var/run/courier/authdaemon/socket /var/spool/postfix/var/run/courier/authdaemon/socket
    echo done.
    fi
    ;;
     
  12. Telesat

    Telesat ISPConfig Developer ISPConfig Developer

    Did you find a solution Impi?

    I'd like to try to help you, I use ubuntu also.

    It would be great to have the chance of dual SMTP auth (user@domain and domain_user).

    Thanks for your efforts!
     
  13. xinefnarg

    xinefnarg New Member

    i put to work sptm-auth with user@domain

    I am using Ubuntu 7.04, i followed the steps in the perfect setup and set up everything to use Maildir, installed ISPConfig. Then used the script from kainhofer at the end of /root/ispconfig/scripts/writeconf.php, and the pw2userdb, and everything went fine up to that point.
    Now, to the smtp-auth with user@domain:
    Based on the post from imp, i made the following:
    modified /etc/postfix/sasl/smtpd.conf so that it looks this way:

    pwcheck_method: authdaemond
    log_level: 3
    mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
    authdaemond_path: /var/run/courier/authdaemon/socket

    Then i modified /etc/init.d/coutier-authdaemon with this changes:
    The line
    Code:
    run_dir="/var/run/courier/authdaemon"
    replaced with
    Code:
    run_dir="/var/spool/postfix/var/run/courier/authdaemon"
    and

    Code:
    # create  /var/run if it does not already exist
    if [ ! -d ${run_dir} ]; then
         mkdir -p ${run_dir}
         chown daemon:daemon ${run_dir} /var/run/courier
         chmod 750 ${run_dir}
    fi
    replaced with

    Code:
    # create  /var/run if it does not already exist
    if [ ! -d ${run_dir} ]; then
         mkdir -p ${run_dir}
         chown daemon:daemon ${run_dir} /var/spool/postfix/var/run/courier
         chmod 750 ${run_dir}
    fi
    
    if [ ! -h /var/run/courier ]; then
         ln -s /var/spool/postfix/var/run/courier /var/run/courier
    fi
    
    This works because we can not link from the postfix environment to outside, but we can do the opposite :D
    I hope it helps find a common method for every distro (i can not understand why ispconfig developers do not set this up already, it's very obvious, everyone uses this standard)

    Regards!!
    Leonardo
     
    Last edited: Sep 10, 2007
  14. Telesat

    Telesat ISPConfig Developer ISPConfig Developer

    Thanks Xinefnarg!

    Thanks Xinefnarg!

    I'm also using ubuntu 7.04 and I'm considering this method for a server which is in production...

    So, I'd like to know if you recommend it (if users would be able lo log in using their 'real' name: domain_user).
     
  15. grant

    grant New Member

    I'm currently working on a better way to do it, as the above configuration breaks my system.

    Some of my users have very long (>50 characters) domain names, so prefixing their accounts with their domain name breaks stuff. Either ISPConfig or Ubuntu can't handle 60 character usernames. So I'm using the default prefix of web[WEBID]_.

    Instead, I'm modifying pw2userdb to look at /etc/postfix/virtusertable, and use that to associate each email address with a system user.

    I'm half way through writing the script, after I've tested it I'll post it here.
     
  16. grant

    grant New Member

    Ok, so here is my guide for setting this up. I'm pretty certain I've included all the steps. If I've forgotten any let me know help you fix it.

    Advantages of this method:
    • Works with long domain names
    • User can login to IMAP/POP3/SMTP with any of their associated email addresses
    • User can also login with their actual system username (ie. web1_grant)
    • Mailuser login still works.
    • Users are updated automatically, no cron jobs

    EDIT: Changed to that https://www.yourdomain.com:81/mailuser still works, people can still login in to change their mail settings.

    First, setup the perfect server setup for ubuntu, and install ISPConfig. Setup at least 1 email user so you can test that this works.

    Install my modified pw2userdb script. Save it as /root/ispconfig/scripts/custpw2userdb:
    Code:
    #! /usr/bin/perl
    #
    #  Convert /etc/passwd and /etc/shadow to userdb format.
    #
    #  Modified by Grant Emsley <[email protected]> for ISPConfig
    #
    #  Now takes usernames from postfix virtual user table
    #  so people can login with their email address
    #
    # Originally Copyright 1998 - 1999 Double Precision, Inc.
    #
    
    # Locations for files used
    $passwd="/etc/passwd";
    $shadow="/etc/shadow";
    $virtusertable = "/etc/postfix/virtusertable";
    $userdb = "/etc/courier/userdb";
    $userdbtmp = "/etc/courier/userdb.tmp";
    
    # Location of makeuserdb program
    $makeuserdb = "/usr/sbin/makeuserdb";
    
    open(PASSWD, $passwd) || die "$!\n";
    
    while (<PASSWD>)
    {
            chop if /\n$/;
            next if /^#/;
            ($acct,$passwd,$uid,$gid,$name,$home,$shell)=split( /:/ );
    
            $PASSWORD{$acct}=$passwd if $passwd ne "x";
            $UID{$acct}=$uid;
            $GID{$acct}=$gid;
            $HOME{$acct}=$home;
            $SHELL{$acct}=$shell;
    
            $name =~ s/\|/./g;      # Just in case
            $GECOS{$acct}=$name;
    }
    close (PASSWD);
    
    if ( -f $shadow && ! $noshadow)
    {
            open (SHADOW, $shadow) || die "$!\n";
            while (<SHADOW>)
            {
                    next if /^#/;
                    ($acct,$passwd,$dummy)=split(/:/);
                    $PASSWORD{$acct}=$passwd;
            }
            close (SHADOW);
    }
    
    # Grab users out of the virtusertable
    # Write it to a temp file
    open (USERTABLE, $virtusertable) || die "$!\n";
    open (USERDBTMP,">$userdbtmp") || die "$!\n";
    while (<USERTABLE>) {
            chop if /\n$/;
            next if /^#/;  # skip lines that start with #
            ($email,$username)=split();
    
            print USERDBTMP "$email\tuid=$UID{$username}|gid=$GID{$username}|gecos=$GECOS{$username}|home=$HOME{$username}|shell=$SHELL{$username}|systempw=$PASSWORD{$username}\n";
    }
    
    # Let them also login with their real system username
    while ( defined ($key=each %UID)) {
            print USERDBTMP "$key\tuid=$UID{$key}|gid=$GID{$key}|gecos=$GECOS{$key}|home=$HOME{$key}|shell=$SHELL{$key}|systempw=$PASSWORD{$key}\n";
    }
    
    close (USERTABLE);
    close (USERDBTMP);
    
    # Move the temp file to the real one
    rename $userdbtmp, $userdb;
    # Set the proper permissions on it
    system("chmod 600 $userdb");
    
    # Run makeuserdb
    system($makeuserdb);
    
    Edit /root/ispconfig/scripts/writeconf.php. Right BEFORE echo "ende\n"; add the line:
    Code:
    exec("/root/ispconfig/scripts/custpw2userdb &> /dev/null");
    Edit /etc/courier/authdaemonrc. Find the line authmodulelist="authpam"
    Change it to:
    Code:
    authmodulelist="authuserdb"
    Edit /etc/postfix/sasl/smtpd.conf to say:
    Code:
    pwcheck_method: authdaemond
    mech_list: plain login
    log_level: 3
    authdaemond_path:/var/run/courier/authdaemon/socket
    
    Edit /etc/init.d/courier-authdaemon. Change the top of the file to look like this:
    Code:
    #! /bin/sh -e
    
    prefix="/usr"
    exec_prefix=${prefix}
    sysconfdir="/etc/courier"
    sbindir="${exec_prefix}/sbin"
    daemonscript="${sbindir}/authdaemond"
    run_dir="/var/spool/postfix/var/run/courier/authdaemon"
    
    # create  /var/run if it does not already exist
    if [ ! -d ${run_dir} ]; then
            mkdir -p ${run_dir}
            chown daemon:daemon ${run_dir} /var/spool/postfix/var/run/courier
            chmod 755 ${run_dir}
    fi
    
    if [ ! -h /var/run/courier ]; then
            ln -s /var/spool/postfix/var/run/courier /var/run/courier
    fi
    
    . /lib/lsb/init-functions
    
    Add local system accounts that AREN'T managed by ISPConfig to Virtusertable

    Reboot the system (or shutdown postfix/courier/authdaemond, rm -r /var/run/courier, and restart them all).
     
    Last edited: Oct 30, 2007
  17. Hotwire

    Hotwire New Member

    Can this be ported to Mandriva? And can the whole ISPConfig system be modified to use this script for login, and other functions that requier login's?
     
  18. AsDsL

    AsDsL New Member

    Hi grand,
    I have some questions to ask.
    1- Do I have to create a new folder /home/root/ispconfig/scripts/ or it is same existing folder /root/ispconfig/scripts/?
    2- When you say:
    a. “Edit /etc/postfix/sasl/” = Edit /etc/postfix/sasl/smtpd.conf?
    b. “authdaemond_path:/var/run/courier/authdaemon/socke” = soket?

    If all 3 are OK may be en error in other place that I don’t know how to find it, because my knowledge is very poor.
    After I was unavailable to login.

    May some one check if it works?

    Thnaks,
    tony
     
  19. grant

    grant New Member

    I apologized, all three of those were typos on my part. I've edited my post to correct them.

    If you still can't login, check /var/log/mail.log and see what errors are in there.
     
  20. AsDsL

    AsDsL New Member

    Hi Grant,
    Again Thanks!
    Tony
     

Share This Page