[imp] AD group restrictions give "Too many login failures"

Tom Lisjac netdxr at gmail.com
Sun Mar 13 23:46:32 PST 2005


I'm using the FRAMEWORK_3 cvs version of imp from last week with
cyrus-imap and saslauthd->pam->winbind/Active Directory for
authentication .  Everything was working fine... any domain user could
log in and I could administer the imap mailboxes with
Administration->Users.

A final production step was to restrict domain logins to members of
the AD group "webmail"... so I added the following line to the imap
service in /etc/pam.d:

account required /lib/security/$ISA/pam_succeed_if.so user ingroup webmail

This worked and restricted the logins... but now Administration->Users
throws the following error:

A fatal error has occurred
Too many login failures
[line 236 of /var/www/html/webmail/admin/user.php]

I don't understand this error or how to approach fixing it. All of the
mailboxes are owned by valid local or AD accounts. It is also possible
in the future that the user's AD account could be disabled by removing
them from the webmail group.

I can live without the user management function... but it's nice and
I'd like to fix it if possible. Any suggestions would be appreciated.

Thanks,

-Tom


More information about the imp mailing list