Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- dovecot.conf (replication parts)
- service doveadm {
- user = vmail
- idle_kill = 0
- client_limit = 1
- process_limit = 0
- process_min_avail = 0
- inet_listener {
- port = 12345
- }
- }
- #doveadm user '*'
- #doveadm_port = 12345
- doveadm_password = P@ssword!
- plugin {
- #mail_replica = tcp:anotherhost.example.com # use doveadm_port
- mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
- mail_log_fields = uid box msgid size
- mail_replica = tcp:10.40.22.22:12345
- }
- service replicator {
- client_limit = 0
- drop_priv_before_exec = no
- idle_kill = 4294967295 secs
- process_limit = 1
- process_min_avail = 1
- service_count = 0
- unix_listener replicator-doveadm {
- group = vmail
- mode = 0666
- user = vmail
- }
- vsz_limit = 8192 M
- }
- replication_max_conns = 50
- service aggregator {
- fifo_listener replication-notify-fifo {
- user = vmail
- }
- unix_listener replication-notify {
- user = vmail
- }
- }
- service config {
- unix_listener config {
- user = vmail
- }
- }
- service aggregator {
- fifo_listener replication-notify-fifo {
- user = vmail
- mode = 0666
- }
- unix_listener replication-notify {
- user = vmail
- mode = 0666
- }
- }
- I get this error when i run the command "doveadm replicator replicate memberinfo -f"
- Dec 13 13:36:30 dc1-kmopfpr01 dovecot: auth: Error: userdb(memberinfo): client doesn't have lookup permissions for this user: userdb uid (1014) doesn't match peer uid (5000) (to bypass this check, set: service auth { unix_listener /var/run/dovecot/auth-userdb { mode=0777 } })
- Dec 13 13:36:30 dc1-kmopfpr01 dovecot: doveadm(memberinfo): Error: user memberinfo: Auth USER lookup failed
- Dec 13 13:36:30 dc1-kmopfpr01 dovecot: doveadm(memberinfo): Error: sync: User lookup failed: Internal error occurred. Refer to server log for more information.
- So based on this I looked for the service auth section, and found it in the 10-master.conf:
- service auth {
- # auth_socket_path points to this userdb socket by default. It's typically
- # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
- # full permissions to this socket are able to get a list of all usernames and
- # get the results of everyone's userdb lookups.
- #
- # The default 0666 mode allows anyone to connect to the socket, but the
- # userdb lookups will succeed only if the userdb returns an "uid" field that
- # matches the caller process's UID. Also if caller's uid or gid matches the
- # socket's uid or gid the lookup succeeds. Anything else causes a failure.
- #
- # To give the caller full permissions to lookup all users, set the mode to
- # something else than 0666 and Dovecot lets the kernel enforce the
- # permissions (e.g. 0777 allows everyone full permissions).
- unix_listener auth-userdb {
- mode = 0777
- user = vmail
- group = vmail
- }
- #Postfix smtp-auth
- #unix_listener /var/run/dovecot/auth-userdb {
- # mode = 0777
- #user = postfix
- #group = postfix
- #}
- # Auth process is run as this user.
- #user = $default_internal_user
- }
- When I set these settings, the error changes to this:
- Dec 13 13:41:30 dc1-kmopfpr01 dovecot: doveadm(memberinfo): Error: user memberinfo: Auth USER lookup failed
- Dec 13 13:41:30 dc1-kmopfpr01 dovecot: doveadm(memberinfo): Error: sync: User lookup failed: Internal error occurred. Refer to server log for more information.
- Dec 13 13:43:20 dc1-kmopfpr01 dovecot: doveadm(memberinfo): Error: doveadm server disconnected before handshake: EOF
- Dec 13 13:43:20 dc1-kmopfpr01 dovecot: doveadm(memberinfo): Error: sync: Disconnected from remote: EOF
- Dec 13 13:43:35 dc1-kmopfpr01 dovecot: doveadm: Fatal: setgid(1016(memberinfo) from userdb lookup) failed with euid=5000(vmail), gid=5000(vmail), egid=5000(vmail): Operation not permitted (This binary should probably be called with process group set to 1016(memberinfo) instead of 5000(vmail))
- Thanks,
- Rich
Add Comment
Please, Sign In to add comment