I originally installed Debian 3.0 (stable) and Samba 3 to do some testing on adding a Linux based file server to a Windows 2000 domain. I'm pretty sure Samba is working correctly - joined it to our domain ADS style and winbind works good for using Windows usernames for Samba. However, I noticed you can use winbind and Linux's PAM to authenticate any PAM aware application, so I decided to try making a intranet email server that "automagically" has accounts available for any Windows account.

Debian defaults to installing Exim as the SMTP part, and I installed qpopper for the POP3 part because it supports pam. I could send and receive using standard Linux usernames with the default packages, so I altered qpopper's pam file as follows:

FILE: /etc/pam.d/qpopper
#%PAM-1.0
#auth required pam_unix_auth.so shadow
#account required pam_unix_acct.so

#jdt 12-16-2003
auth required /lib/security/pam_winbind.so
account required /lib/security/pam_winbind.so

Then I could successfully authenticate via POP3 using Windows usernames as winbind creates them ("DOMAIN+user"). Tested exim with "exim -bt DOMAIN+user" - it refused to accept that apparently because it doesn't see their home dir, so I reconfigured samba to use /home/DOMAIN as all Windows user's home dir, then exim successfully accepts mail for the Windows users and puts it in /var/spool/mail/domain+user files. However, qpopper says the users have 0 messages when they connect. (note I'm testing using netcat and manually issuing the POP3/SMTP commands, if that makes a difference) - which confuses me because qpopper worked fine when using local linux accounts before I changed its pam file.

So do I have a qpopper problem, or could this be an exim or a pam or a samba problem? qpopper and exim are pretty much at debian's defaults as I couldn't find anything obviously wrong with their config. Is what I am trying to do even feasible? Or will I have problems down the road even if I can get this to work because of the winbind dynamically setting UIDs for the Windows account.

Thanks ahead of time for any insight or tips anyone can provide.

Have you verified that Exim is actually writing data to the mboxes? Did you compile Qpopper for mbox, maildir, hashdirs, etc? The spool layout might be different than what Qpopper expects. Did you compile Qpopper with debugging support? If so you can enable debugging and increase the log level to see where it's trying to read from.

Well, I've been experimenting all morning with no luck...

Exim writes data to /var/spool/mail/ directory, as long as the user's home dir exists. Its single text file per user that starts with From, which should be mbox format.

I didn't compile qpopper - I used apt-get to install the package from Debian stable. Anyway, the default config seems to use the same format as exim - with the default pam config mail works fine for normal Linux accounts, but not Windows Domain accounts. I ran into trouble after I modified the pam file (/etc/pam.d/qpopper) to auth via winbind - I can successfully authenticate using Windows accounts, but they have no mail via POP3, even if exim put mail for them in /var/spool/mail. I tried enabling debugging - support seems to be compiled in, but I didn't see anything that really could help me.

I also tried replacing qpopper with the popa3d package - same result - works great by local Linux accounts by default - change its pam file, and Windows accounts can log in but don't get mail.

You could truss -p the qpopper process and see what syscalls it's making, i.e. what files it's trying to open. The point is, it's looking like qpopper is not opening the right mailspool file. Maybe it's opening just the "user" mbox rather than "domain+user".

Not sure what truss is, but I think strace will do the same thing. Looks like my problem is here - I'll Google to see what it means...


[pid 8581] lstat64("/var/mail/MYDOMAIN+hrx", 0xbfffdbec) = -1 ENOENT (No such file or directory)

Ok, it appears to be a case problem - Winbind uses capitals for the domain, but exim is lowercasing it when it makes the mbox (/var/mail/mydomain+hrx).

Got it solved - switched to popa3d (liked it better than qpopper), all I need to do is use all lowercase for the POP username and it works. Thanks for the help.

qpopper has a setting that will lower-case all. I can't remember if that's a compile time or run time option. It's in their PDF file at www.eudora.com/qpopper (I think that's where it redirects to, you can try www.qpopper.com too).

Ok - its downcase-user in the config file for qpopper. Thanks.