Scalix Forums

Hi,

I have installed Scalix V10 on a SuSE 10 64Bit AMD Server. The problem is, there is no possibillity to connect to the scalix via IMAP. I have trieed several clients such as Evolution, Mozilla Thunderbird or MS Outlook. Nothing works well.

On the other hand, I could connect via POP3, Ooutlook Connector, Scalix Web Access and I authenticate Maia Mailguard from another server via LDAP against Scalix successfuly.

I am new to scalix, so please help me. Where should I start to debug?

Kind regards,
Uwe

The first test would be telnet localhost 143.

If that does not come back with a connection, IMAP is not running.

To make a long story shot, the installation guide is excellent reading ! It talks about our 32bit support for 64bit OS' s as well as disabling SELinux.

Cheers,

Sascha.

okay, let's test it:

telnet xxx 143

response:

* OK Scalix IMAP server 10.0.1.3 ready on xxxx

If I try to use any IMAP client, I get "login failure"

Uwe

PS: SElinux is disabled

I don't see any reason why you should not be able to authenticate against an account using IMAP vs. POP3. So are you saying that you can log into an account using POP3?

Cheers,

Sascha.

following works well:

pop3 authetication
webmail authetication
ldap authentication
ms outlook connector

following don't work:

imap authetication
evolution connector

currently I setup a vmware to test Fedora Core 4 and Scalix ...


Uwe

Please take a look through the fatal log in /var/opt/scalix/logs. Does this show anything ?

Cheers

Dave

There are nothing from IMAP.

asterix:/var/opt/scalix/logs # more fatal

SERIOUS ERROR Database Monit(Database Monit) Fri May 5 21:02:25 2006
[OM 17711] An omdbmon process is already running

Pid of logging process: 11597
Current errno value: 11


ERROR LDAP Daemon (LDAP Connectio) Fri May 5 21:18:39 2006
[OM 8010] The address contains a dot, which is an invalid character


Pid of logging process: 10638

Webmail authentication and IMAP authentication are controlled by the same file (/var/opt/scalix/sys/pam.d/ual.remote) and they are both using IMAP connections so to have one work and the other not seems strange.

Can you post the contents of that file ?

Cheers

Dave

here is the file:

asterix:~ # more /var/opt/scalix/sys/pam.d/ual.remote
# Standard Scalix Authenticationn
#
# Comment this out if you want to use one of the alternative authentication
# schemes below.
auth required om_auth nullok

#
# Kerberos authentication 1
#
# With this scheme we attempt local authentication first and, if that
# fails, we try kerberos authentication. Note that if we do it the other
# way around we run the risk of the KDC locking a principal account for
# users that are known to both Kerberos and Scalix. See om_krb5(8) for more
# information.
#
# auth sufficient om_auth nullok
# auth sufficient om_krb5 use_first_pass
# auth required pam_deny

# Kerberos authentication 2
#
# With this scheme, users that are known to the kerberos KDC, must
# authenticate using kerberos. Users not known to the kerberos KDC can log
# in using their Scalix password. See om_krb5(8) for more information.
#
# auth required om_krb5 user_unknown=ignore
# auth optional om_auth nullok use_first_pass

# LDAP Authentication.
# There are two possible schemes corresponding to the two Kerberos schemes.
# above See om_ldap(8) for more information.
#
# LDAP authentication 1
# auth sufficient om_auth nullok
# auth sufficient om_ldap use_first_pass
# auth required pam_deny
#
# LDAP authentication 2
# auth required om_ldap user_unknown=ignore
# auth optional om_auth nullok use_first_pass


# Combined authentication
#
# It is possible to combine Kerberos authentication 1 and LDAP
# authentication 1, although there is no good way to escape false negative
# authentication attempts with one or the other scheme. If users are known
# to either Kerberos or LDAP then we can extend scheme 2 for combined
# authentication:
#
# auth required om_krb5 user_unknown=ignore
# auth required om_ldap user_unknown=ignore
# auth optional om_auth nullok use_first_pass


account required om_auth
password required om_auth nullok
asterix:~ #

This indicates that you do not have external authentication configured which is good because it gives us one less thing to look at.

The next thing to check is the format of the user name that you have specified in your client logins. You can sign in with any one of:

• Last
• First Last
• Internet Address
• Authentication ID

provided that the one you choose is unique in the directory.

Is this the case ?

Cheers

Dave

Yes, this is the case. I have tried "First Last" and eMail Address. Both works with webmail and pop3. The auth id's are unique in the directory.

Uwe

[/list]

The next step is to get an tcpdump trace on the imap connection.

From the command line, type and hit return. Attempt your login and then hit Ctrl-C on the command line again. This should create the file /tmp/imap.dump which can be read by ethereal or tethereal.

Cheers

Dave

well, I have tried with KMail on Fedora Core 4 and MS Outlook on WinXP Home SP2 . In ethreal I saw following:

Request: AUTHENTICATE LOGIN
Response: + VXlcm5hSWU6
Request: SWhhMjJBNzdH
Response: OK AUTHENTICATE completed no connected to [server.name.dom]


Okay, doing the same with MS Outlook, the I saw:

Request: 32oh LOGING "username" "password" (both in plain text!)
Response: 32oh NO LOGIN authentication mechanism unimplemented



Now, is this a clinet or a server problem?



Uwe

.... we really need to see the complete trace, e.g. it is not clear if you just made a typo:

Did it respond "not" or "now" connected?

So please post the complete trace or send it to support at scalix dot com.

Also, I think you baybe doing secure authentication against another running IMAP server. Can we please see lsof -i tcp:143 and lsof -i tcp:993 ? Or, just lsof -i tcp

Thanks,

Sascha.

you're right.

If I use KMail on Fedora Core 4, the server respondes with "... now connected ..."

I will send two traces. One with MS Outlook and the other with KMail.


Uwe