1

Topic: Cannot authenticate to Cluebringer or AWStats

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
======== Required information ====
Running latest iRedEmail /iRedMail-0.8.7 on Ubuntu 14.0.0.4 / mySQL
====
Hello, has anyone an idea here?

[:error] [pid 2092] No requires line available

No matter what combination I used to login.  I followed the instructions in   Used the temporary solution shown here But problem remains.

Zhang asked me if I had a line like this in iRedMail.conf It says: "No requires line available", do you have something like this in config file? The answer is yes to that question.

Help appreciated.

Regards,

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Cannot authenticate to Cluebringer or AWStats

Could you please paste the full content of your config file?

3

Re: Cannot authenticate to Cluebringer or AWStats

ZhangHuangbin wrote:

Could you please paste the full content of your config file?

Here are the two files. 

First is cluebringer.conf from /etc/cluebringer

 #
# Server configuration
#
[server]

# Protocols to load
protocols=<<EOT
Postfix
Bizanga
EOT

# Modules to load
modules=<<EOT
Core
AccessControl
CheckHelo
CheckSPF
Greylisting
Quotas
EOT

# User to run this daemon as
user=cluebringer
group=cluebringer

# Filename to store pid of parent process
pid_file=/var/run/cluebringer/cbpolicyd.pid

# Uncommenting the below option will prevent cbpolicyd going into the background
#background=no

# Preforking configuration
#
# min_server        - Minimum servers to keep around
# min_spare_servers    - Minimum spare servers to keep around ready to 
#               handle requests
# max_spare_servers    - Maximum spare servers to have around doing nothing
# max_servers        - Maximum servers alltogether
# max_requests        - Maximum number of requests each child will serve
#
# One may want to use the following as a rough guideline...
# Small mailserver:  2, 2, 4, 10, 1000
# Medium mailserver: 4, 4, 12, 25, 1000
# Large mailserver: 8, 8, 16, 64, 1000
#
#min_servers=4
#min_spare_servers=4
#max_spare_servers=12
#max_servers=25
#max_requests=1000



# Log level:
# 0 - Errors only
# 1 - Warnings and errors
# 2 - Notices, warnings, errors
# 3 - Info, notices, warnings, errors
# 4 - Debugging 
log_level=0

# File to log to instead of stdout
log_file=/var/log/cbpolicyd.log

# Log destination for mail logs...
# main        - Default. Log to policyd's main log mechanism, accepts NO args
# syslog    - log mail via syslog
#            format: log_mail=facility@method,args
#
# Valid methods for syslog:
# native    - Let Sys::Syslog decide
# unix        - Unix socket
# udp        - UDP socket
# stream    - Stream (for Solaris)
#
# Example: unix native
#log_mail=mail@syslog:native
#
# Example: unix socket 
#log_mail=mail@syslog:unix
#
# Example: udp
#log_mail=mail@syslog:udp,127.0.0.1
#
# Example: Solaris 
#log_mail=local0@syslog:stream,/dev/log
#log_mail=maillog
log_mail=mail@syslog:native

# Things to log in extreme detail
# modules     - Log detailed module running information
# tracking     - Log detailed tracking information
# policies     - Log policy resolution
# protocols     - Log general protocol info, but detailed
# bizanga     - Log the bizanga protocol
#
# There is no default for this configuration option. Options can be
# separated by commas. ie. protocols,modules
#
#log_detail=

# IP to listen on, * for all
host=127.0.0.1
host=127.0.0.1

# Port to run on
port=10031

# Timeout in communication with clients
#timeout=120

# cidr_allow/cidr_deny
# Comma, whitespace or semi-colon separated. Contains a CIDR block to 
# compare the clients IP to.  If cidr_allow or cidr_deny options are 
# given, the incoming client must match a cidr_allow and not match a 
# cidr_deny or the client connection will be closed.
#cidr_allow=0.0.0.0/0
#cidr_deny=



[database]
#DSN=DBI:SQLite:dbname=policyd.sqlite
DSN=DBI:mysql:host=127.0.0.1;database=cluebringer;user=cluebringer;password=4H9gZJDk07Q3ZN3eMJMlJ0cZQBMYKV
#DSN=DBI:Pg:database=policyd;host=localhost
#DSN=DBI:_DBC_DBTYPE_:dbname=_DBC_DBNAME_;host=_DBC_DBSERVER_
## Debian
# DB_Type can be one of - pgsql, mysql or sqlite3
# DB_Host is ignored for sqlite3. For pgsql and mysql it should be left 
#         unset or as 'localhost' if you wish to use unix sockets to communicate
#         with the database. To use TCP/IP to connect to a local database set 
#         '127.0.0.1' as the value. Otherwise use the hostname or IP address of 
#         the database server.
# DB_Port is ignored for sqlite3. For pgsql it will default to '5432' and 
#         for mysql the default is '3306'. If you are running your database server
#         on a non-standard port you should set it's value here.
# DB_Name defaults to '/var/lib/cluebringer/cluebringer.db' for sqlite3, if you 
#         wish to use another file for the database set it's full path here and 
#         ensure that the cluebringer user can read and write not only the file
#         but the directory it lives in. For pgsql and mysql this will 
#         default to 'cluebringer', otherwise you should set the name of the 
#         database here.

DB_Type=mysql
DB_Host=127.0.0.1
DB_Port=3306
DB_Name=cluebringer
Username=cluebringer
Password=4H9gZJDk07Q3ZN3eMJMlJ0cZQBMYKV


# What do we do when we have a database connection problem
# tempfail    - Return temporary failure
# pass        - Return success
bypass_mode=pass

# How many seconds before we retry a DB connection
bypass_timeout=10



# Access Control module
[AccessControl]
enable=1


# Greylisting module
[Greylisting]
enable=1


# CheckHelo module
[CheckHelo]
enable=1


# CheckSPF module
[CheckSPF]
enable=1


# Quotas module
[Quotas]
enable=1

And this is cluebringer.conf from /etc/apache2/conf-available - however it is now called zcluebringer.conf after the recommended changes mentioned in an earlier post

 
#
# File generated by iRedMail (2014.05.20.11.38.05):
#
# Version:  0.8.7
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

#
# SECURITY WARNING:
#
# Since libapache2-mod-auth-mysql doesn't support advance SQL query, both
# global admins and normal domain admins are able to login to this webui.

# Note: Please refer to /etc/apache2/sites-available/default-ssl.conf for SSL/TLS setting.

<Directory /usr/share/postfix-cluebringer-webui/webui/>
    DirectoryIndex index.php
    AuthType basic
    AuthName "Authorization Required"
     ## Added next three to test   
#    AuthBasicProvider dbd
#    AuthDBDUserPWQuery "SELECT password FROM mailbox WHERE username=%s"
#    AuthMYSQL on
    AuthBasicAuthoritative Off    
    AuthUserFile /dev/null

    # Database related.
    AuthMySQL_Password_Table mailbox
    Auth_MySQL_Username_Field username
    Auth_MySQL_Password_Field password

    # Password related.
    AuthMySQL_Empty_Passwords off
    AuthMySQL_Encryption_Types Crypt_MD5
    Auth_MySQL_Authoritative On
    Order allow,deny
    Allow from all
    Require valid-user
</Directory>

Hope this assists.  Cheers, Greg

4

Re: Cannot authenticate to Cluebringer or AWStats

==== Required information ====
- iRedMail version: 0.8.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Ubuntu server 14.04 (Trusty Tahr)
- Related log if you're reporting an issue: see below
====

Apache configuration for AWStats and Cluebringer uses "mod-auth-mysql", an apache module to authenticate users using an SQL database.
In Ubuntu server 14.04, there are that versions:
* apache2: 2.4.7-1ubuntu4
* libapache2-mod-auth-mysql: 4.3.9-13.1ubuntu3

User authentication on AWStats and Cluebringer webpage always fails with this error in apache error.log:

[Tue May 27] [:error] [pid 2582] No requires line available

"mod-auth-mysql" seems to not have updated since 2005 and it doesn't work with Apache 2.4. See these bug-reports:
* https://bugs.launchpad.net/ubuntu/+sour … ug/1278995
* http://osdir.com/ml/bugs-httpd/2014-04/msg00046.html

So, I change configuration of apache2.conf, awstats.conf, cluebringer.conf to use another apache module that handles user authentication using an SQL database: mod_authn_dbd.

To use it, you must enable two apache modules with this command:

root@my-iredmail-server:~#  a2enmod dbd authn_dbd

Also, in Ubuntu, you must install package libaprutil1-dbd-mysql via apt-get:

root@my-iredmail-server:~#  apt-get install libaprutil1-dbd-mysq

This is a snippet of my updated apache2.conf (see at the end of file):

# # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
# # MySQL auth (libapache2-mod-auth-apache2) - DEPRECATED!
# # Global config of MySQL server, username, password.
# Auth_MySQL_Info 127.0.0.1 vmail (SUBSTITUTE WITH YOUR PASSWORD: see in your iRedMail.tips file)
# Auth_MySQL_General_DB vmail

# MySQL auth (mod_dbd, libaprutil1-dbd-mysql).
<IfModule mod_dbd.c>
  DBDriver mysql
  DBDParams "host=127.0.0.1 dbname=vmail user=vmail pass=(SUBSTITUTE WITH YOUR PASSWORD: see in your iRedMail.tips file)"
  DBDMin 1
  DBDKeep 8
  DBDMax 20
  DBDExptime 300
</IfModule>

This is my updated awstats.conf:

#
# File generated by iRedMail:
#
# Version:  0.8.7
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

# Note: Please refer to /etc/apache2/sites-available/default-ssl.conf for SSL/TLS setting.
#Alias /awstats/icon "/usr/share/awstats/icon/"
#Alias /awstats/css "/usr/share/awstats/css/"
#Alias /awstats/js "/usr/share/awstats/js/"
#ScriptAlias /awstats "/usr/lib/cgi-bin/"

<Directory /usr/lib/cgi-bin/>
    DirectoryIndex awstats.pl
    Options ExecCGI
    AuthType Basic
    AuthName "Authorization Required"

    ##############################
    # mod_auth_mysql (deprecated)#
    ##############################
    # AuthMYSQL on
    # AuthBasicAuthoritative Off
    # AuthUserFile /dev/null
    #
    # # Database related.
    # AuthMySQL_Password_Table mailbox
    # Auth_MySQL_Username_Field username
    # Auth_MySQL_Password_Field password
    #
    # # Password related.
    # AuthMySQL_Empty_Passwords off
    # AuthMySQL_Encryption_Types Crypt_MD5
    # Auth_MySQL_Authoritative On
    # #AuthMySQLUserCondition "isglobaladmin=1"

    #################
    # mod_authn_dbd #
    #################
    # Password related.
    AuthBasicProvider dbd
    AuthDBDUserPWQuery "SELECT password FROM mailbox WHERE mailbox.username=%s"

    Order allow,deny
    Allow from all
    Require valid-user
</Directory>

This is my updated my updated cluebringer.conf:

#
# File generated by iRedMail:
#
# Version:  0.8.7
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

#
# SECURITY WARNING:
#
# Since libapache2-mod-auth-mysql doesn't support advance SQL query, both
# global admins and normal domain admins are able to login to this webui.

# Note: Please refer to /etc/apache2/sites-available/default-ssl.conf for SSL/TLS setting.

<Directory /usr/share/postfix-cluebringer-webui/webui/>
    DirectoryIndex index.php
    AuthType basic
    AuthName "Authorization Required"

    ##############################
    # mod_auth_mysql (deprecated)#
    ##############################
    # AuthMYSQL on
    # AuthBasicAuthoritative Off
    # AuthUserFile /dev/null
    #
    # # Database related.
    # AuthMySQL_Password_Table mailbox
    # Auth_MySQL_Username_Field username
    # Auth_MySQL_Password_Field password
    #
    # # Password related.
    # AuthMySQL_Empty_Passwords off
    # AuthMySQL_Encryption_Types Crypt_MD5
    # Auth_MySQL_Authoritative On

    #################
    # mod_authn_dbd #
    #################
    # Password related.
    AuthBasicProvider dbd
    AuthDBDUserPWQuery "SELECT password FROM mailbox WHERE mailbox.username=%s"

    Order allow,deny
    Allow from all
    Require valid-user
</Directory>

After editing these files, you must restart apache:

root@my-iredmail-server:~#  service apache2 restart

et voilà... now authentication works for both AWStats and Cluebringer! wink

Now, you can safely remove package libapache2-mod-auth-mysql.

5

Re: Cannot authenticate to Cluebringer or AWStats

Thanks very much for your input Much0.  Firstly, the extra updated ok.

 The following NEW packages will be installed:                                   
  libaprutil1-dbd-mysql                                                         
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.                  
Need to get 12.2 kB of archives.                                                
After this operation, 75.8 kB of additional disk space will be used.            
Get:1 http://ap-southeast-2.ec2.archive.ubuntu.com/ubuntu/ trusty/universe libap
rutil1-dbd-mysql amd64 1.5.3-1 [12.2 kB]                                        
Fetched 12.2 kB in 0s (123 kB/s)                                                
Selecting previously unselected package libaprutil1-dbd-mysql:amd64.            
(Reading database ... 114355 files and directories currently installed.)        
Preparing to unpack .../libaprutil1-dbd-mysql_1.5.3-1_amd64.deb ...             
Unpacking libaprutil1-dbd-mysql:amd64 (1.5.3-1) ...                             
Setting up libaprutil1-dbd-mysql:amd64 (1.5.3-1) ...                            
root@VBoX:/root# 

Then I did all of the changes to conf files, but unfortunately the changes have cause Apache2 to fail.  Errors below

 root@VBoX:/root# service apache2 restart                                        
 * Restarting web server apache2                                         [fail] 
 * The apache2 configtest failed.                                               
Output of config test was:                                                      
AH00526: Syntax error on line 47 of /etc/apache2/conf-enabled/zawstats.conf:    
Unknown Authn provider: dbd                                                     
Action 'configtest' failed.                                                     
The Apache error log may have more information.                                 
root@VBoX:/root#  

root@VBoX:/root# service apache2 restart                                        
 * Restarting web server apache2                                         [fail] 
 * The apache2 configtest failed.                                               
Output of config test was:                                                      
AH00526: Syntax error on line 47 of /etc/apache2/conf-enabled/zawstats.conf:    
Unknown Authn provider: dbd                                                     
Action 'configtest' failed.                                                     
The Apache error log may have more information.                                                                                              
root@VBoX:/root#                                

root@VBoX:/root# service apache2 restart                                        
 * Restarting web server apache2                                         [fail] 
 * The apache2 configtest failed.                                               
Output of config test was:                                                      
AH00526: Syntax error on line 46 of /etc/apache2/conf-enabled/zcluebringer.conf:
Unknown Authn provider: dbd                                                     
Action 'configtest' failed.                                                     
The Apache error log may have more information.                                 
root@VBoX:/root# 

Apache2 error log

 [Fri May 30 09:12:56.084113 2014] [mpm_prefork:notice] [pid 2099] AH00169: caught SIGTERM, shutting down 

apache2.conf added part

 ## // Changes marked with advised by iRedEmail admin 30 May 2014 //
## Commented out marked by #/

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
# MySQL auth (libapache2-mod-auth-apache2). #/ DEPECIATED
# Global config of MySQL server, username, password.
#/Auth_MySQL_Info 127.0.0.1 vmail tAJRMLRoLjfyGe671q7W9HAUyoSkD3
#/Auth_MySQL_General_DB vmail

# MySQL auth (mod_dbd, libaprutil1-dbd-mysql).
<IfModule mod_dbd.c>
  DBDriver mysql
  DBDParams "host=127.0.0.1 dbname=vmail user=vmail pass=tAJRMLRoLjfyGe671q7W9HAUyoSkD3"
  DBDMin 1
  DBDKeep 8
  DBDMax 20
  DBDExptime 300
</IfModule>
#/ End add code 

zawstats.conf edits

 ## // Changes marked with advised by iRedEmail admin 30 May 2014 //
## Commented out marked by #/

<Directory /usr/lib/cgi-bin/>
    DirectoryIndex awstats.pl
    Options ExecCGI

    AuthName "Authorization Required"
    AuthType Basic
#/    ##############################
#/    # mod_auth_mysql (deprecated)#
#/    ##############################
#/    AuthMYSQL on
#/    AuthBasicAuthoritative Off
#/    AuthUserFile /dev/null
#/
#/    # Database related.
#/    AuthMySQL_Password_Table mailbox
#/    Auth_MySQL_Username_Field username
#/   Auth_MySQL_Password_Field password
#/
#/    # Password related.
#/    AuthMySQL_Empty_Passwords off
#/    AuthMySQL_Encryption_Types Crypt_MD5
#/    Auth_MySQL_Authoritative On
#/    #AuthMySQLUserCondition "isglobaladmin=1"
#/
    #################
    # mod_authn_dbd #
    #################
    # Password related.
    AuthBasicProvider dbd
    AuthDBDUserPWQuery "SELECT password FROM mailbox WHERE mailbox.username=%s"
#/ End add in

    Order allow,deny
    Allow from all
    Require valid-user
</Directory> 

zcluebringer.conf added part

 <Directory /usr/share/postfix-cluebringer-webui/webui/>
    DirectoryIndex index.php
    AuthType basic
    AuthName "Authorization Required"

## // Changes marked with advised by iRedEmail admin 30 May 2014 //
## Commented out marked by #/
#/    ##############################
#/  # mod_auth_mysql (deprecated)#
#/    ##############################
#/
#/    AuthBasicAuthoritative Off    
#/   AuthUserFile /dev/null
#/
#/    # Database related.
#/    AuthMySQL_Password_Table mailbox
#/    Auth_MySQL_Username_Field username
#/    Auth_MySQL_Password_Field password
#/
#/    # Password related.
#/    AuthMySQL_Empty_Passwords off
#/    AuthMySQL_Encryption_Types Crypt_MD5
#/    Auth_MySQL_Authoritative On
#/
#/    #################
#/    # mod_authn_dbd #
#/    #################
#/    # Password related.
    AuthBasicProvider dbd
    AuthDBDUserPWQuery "SELECT password FROM mailbox WHERE mailbox.username=%s"
#/ End add code

    Order allow,deny
    Allow from all
    Require valid-user
</Directory> 

I put back the original conf files and all is well with apache starting.

Any ideas?  Thanks, Greg

6

Re: Cannot authenticate to Cluebringer or AWStats

Did you enable the Apache module?

# a2enmod dbd authn_dbd

7

Re: Cannot authenticate to Cluebringer or AWStats

Thanks Zhang and Much0.  I checked this but it had been enabled already.  What I had done is rebooted the server after changing the conf files back as I was getting some funny errors.

So after changing the old confs. to the new ones as recommended and trying again I now can login to web for both AWStats and Cluebringer. cool

I feel Much0 original solution was ok, but wasn't enabled until the reboot.

Much appreciated.