When adding new imap based accounts, don't check the box: User must change password on first login.
We're on the latest Scalix Community for Fedora Core 4. Whenever these accounts are created with that checkbox enabled, we couldn't login.
I enabled the imap log and saw the following:
------------------------------------------------------
3250 13:35:05.880 IMAP4 Server 9.4.0.8 on mail.domain.com at Tue Aug 23 13:35:05 2005
3250 13:35:05.881 S: * OK Scalix IMAP server 9.4.0.8 ready on mail.domain.com
3250 13:35:05.886 C: 1 capability
3250 13:35:05.959 S: * CAPABILITY IMAP4 IMAP4rev1 X-SCALIX-1 X-SCALIX-2 X-SCALIX-3 X-SCALIX-4 ID IDLE LOGIN-REFERRALS NAMESP
ACE UIDPLUS ACL AUTH=GSSAPI AUTH=CRAM-MD5 AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=LOGIN
3250 13:35:05.959 S: 1 OK CAPABILITY completed
3250 13:35:10.349 C: 2 authenticate plain
3250 13:35:10.350 S: +
3250 13:35:10.350 C: AHpob3hpZUB2b2ljZS1wbHVzLmNvbQBob3hpZQ==
3250 13:35:10.420 S: 2 NO AUTHENTICATE [X-SCALIX-EXPIRED] password expired, please change it
3250 13:35:10.425 C: 3 login "zhoxie@domain.com" "hoxie"
3250 13:35:10.535 S: 3 NO LOGIN [X-SCALIX-EXPIRED] password expired, please change it
3250 13:35:11.671 C: 4 authenticate plain
3250 13:35:11.672 S: +
3250 13:35:11.680 C: AHpob3hpZUB2b2ljZS1wbHVzLmNvbQBob3hpZQ==
3250 13:35:11.732 S: 4 NO AUTHENTICATE [X-SCALIX-EXPIRED] password expired, please change it
3250 13:35:11.739 C: 5 login "zhoxie@domain.com" "hoxie"
3250 13:35:11.779 S: 5 NO LOGIN [X-SCALIX-EXPIRED] password expired, please change it
3250 13:35:12.533 C: 6 logout
3250 13:35:12.533 S: * BYE Scalix IMAP Server logging out
3250 13:35:12.533 S: 6 OK LOGOUT completed
3250 13:35:12.533 IMAP4 server exiting.
----------------------------------------------------------------------------------------
OK- so we then login to the webmail and change the password and login to SAC to change the password (without enabling the require-password-change checkbox) but the account still wouldn't allow login. At that point we would get:
----------------------------------------------------------------------------------------
31215 14:38:33.809 IMAP4 Server 9.4.0.8 on mail.domain.com at Wed Aug 24 14:38:33 2005
31215 14:38:33.809 S: * OK Scalix IMAP server 9.4.0.8 ready on mail.domain.com
31215 14:38:36.799 C: 1 authenticate plain
31215 14:38:36.872 S: +
31215 14:38:36.876 C: AHpob3hpZUB2b2ljZS1wbHVzLmNvbQBob3hpZQ==
31215 14:38:36.948 S: 1 NO AUTHENTICATE failure, user name or password rejected
31215 14:38:36.949 C: 2 login "zhoxie@domain.com" "hoxie"
31215 14:38:37.060 S: 2 NO LOGIN failure, user name or password rejected
31215 14:38:40.938 C: 3 authenticate plain
31215 14:38:40.939 S: +
31215 14:38:40.972 C: AHpob3hpZUB2b2ljZS1wbHVzLmNvbQBob3hpZQ==
31215 14:38:41.027 S: 3 NO AUTHENTICATE failure, user name or password rejected
31215 14:38:41.030 C: 4 login "zhoxie@domain.com" "hoxie"
31215 14:38:41.071 S: 4 NO LOGIN failure, user name or password rejected
31215 14:38:41.882 C: 5 logout
31215 14:38:41.882 S: * BYE Scalix IMAP Server logging out
31215 14:38:41.883 S: 5 OK LOGOUT completed
31215 14:38:41.883 IMAP4 server exiting.
----------------------------------------------------------------------------------------
At this point the only way to get this account to authenticate is to reload Scalix with a "service scalix restart".
Unfortunately we setup 10+ accounts this way and for each one we've had to repeat a similar process that inevitably requires restarting the server. It's not a big deal if you know about it but we spent many hours trying to figure out why these accounts wouldn't login.