Prev: looking for an SMTP testing tool
Next: postmaster problem with virtual and mysql
From: Victor Duchovni on 19 May 2010 14:36
On Wed, May 19, 2010 at 08:19:40AM +0200, Julien Vehent wrote:

> > What is in the IMAP server SASL configuration file?
>
> The following:
>
> ----
> # grep -E "sasl|ldap" /etc/imapd.conf |grep -v "^#"
> sasl_pwcheck_method: auxprop
> sasl_auxprop_plugin: ldapdb
> sasl_auto_transition: no
> sasl_ldapdb_uri: ldap://localhost
> sasl_ldapdb_id: cyrus
> sasl_ldapdb_pw: zzzzZZZZZzzzzzZZZZ

This looks different from my recollection of the the smtpd.conf you
posted, you may want to make sure that the "sasl_ldapdb_id" and
passwords are the same, and I don't know what "auto_transition"
does, but it may be pertinent also.

--
Viktor.

P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.

From: Julien Vehent on 19 May 2010 18:23
On Wed, 19 May 2010 14:36:24 -0400, Victor Duchovni
<Victor.Duchovni(a)morganstanley.com> wrote:
>
> This looks different from my recollection of the the smtpd.conf you
> posted, you may want to make sure that the "sasl_ldapdb_id" and
> passwords are the same, and I don't know what "auto_transition"
> does, but it may be pertinent also.

I tried the following 'smtpd.conf':

----
# cat smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: ldapdb
mech_list: DIGEST-MD5 PLAIN LOGIN
sasl_ldapdb_uri: ldap://localhost
sasl_ldapdb_id: postfix
sasl_ldapdb_pw: f4oi6u87j687qzer613bv867zq43o
sasl_ldapdb_mech: DIGEST-MD5
----

But it gives me the same error and the following logs:

----
May 20 00:11:07 samchiel postfix/smtpd[25547]: < localhost[127.0.0.1]:
auth plain xxxXXXXXxxxxxXXXXX
May 20 00:11:07 samchiel postfix/smtpd[25547]: xsasl_cyrus_server_first:
sasl_method plain, init_response xxxXXXXXxxxxxXXXXX
May 20 00:11:07 samchiel postfix/smtpd[25547]: xsasl_cyrus_server_first:
decoded initial response
May 20 00:11:07 samchiel postfix/smtpd[25547]: SASL authentication debug:
could not find auxprop plugin, was searching for 'ldapdb'
May 20 00:11:07 samchiel postfix/smtpd[25547]: SASL authentication debug:
could not find auxprop plugin, was searching for 'ldapdb'
May 20 00:11:07 samchiel postfix/smtpd[25547]: SASL authentication debug:
could not find auxprop plugin, was searching for 'ldapdb'
May 20 00:11:07 samchiel postfix/smtpd[25547]: warning: SASL
authentication failure: Password verification failed
May 20 00:11:07 samchiel postfix/smtpd[25547]: warning:
localhost[127.0.0.1]: SASL plain authentication failed: authentication
failure
May 20 00:11:07 samchiel postfix/smtpd[25547]: > localhost[127.0.0.1]: 535
5.7.8 Error: authentication failed: authentication failure
----

And if, in addition, I change 'pwcheck_method' to 'sasl_pwcheck_method',
it just skips the directives and goes back to the default value that looks
for a '/etc/sasldb2' file.

Once again, I checked all my packages, and I think I have everything
installed. Particularly 'ldapdb' for sasl2:

----
# ls -l /usr/lib/sasl2/ |grep ldapdb
-rw-r--r-- 1 root root 13748 Dec 29 01:10 libldapdb.a
-rw-r--r-- 1 root root 976 Dec 29 01:10 libldapdb.la
lrwxrwxrwx 1 root root 19 May 10 12:18 libldapdb.so ->
libldapdb.so.2.0.23
lrwxrwxrwx 1 root root 19 May 10 12:18 libldapdb.so.2 ->
libldapdb.so.2.0.23
-rw-r--r-- 1 root root 14556 Dec 29 01:10 libldapdb.so.2.0.23

----

I keep searching, but I really cannot find any piece of working
configuration... do you happen to have an example somewhere ???


Thanks a lot,
Julien

From: Victor Duchovni on 19 May 2010 19:35
On Thu, May 20, 2010 at 12:23:46AM +0200, Julien Vehent wrote:

> On Wed, 19 May 2010 14:36:24 -0400, Victor Duchovni
> <Victor.Duchovni(a)morganstanley.com> wrote:
> >
> > This looks different from my recollection of the the smtpd.conf you
> > posted, you may want to make sure that the "sasl_ldapdb_id" and
> > passwords are the same, and I don't know what "auto_transition"
> > does, but it may be pertinent also.
>
> I tried the following 'smtpd.conf':
>
> ----
> # cat smtpd.conf
> pwcheck_method: auxprop
> auxprop_plugin: ldapdb
> mech_list: DIGEST-MD5 PLAIN LOGIN
> sasl_ldapdb_uri: ldap://localhost
> sasl_ldapdb_id: postfix
> sasl_ldapdb_pw: f4oi6u87j687qzer613bv867zq43o
> sasl_ldapdb_mech: DIGEST-MD5
> ----

Why did you change "cyrus" to "postfix"? Does this "postfix"
user have the same rights as "cyrus" to do proxy authentication?

>
> auth plain xxxXXXXXxxxxxXXXXX
> May 20 00:11:07 samchiel postfix/smtpd[25547]: xsasl_cyrus_server_first:
> sasl_method plain, init_response xxxXXXXXxxxxxXXXXX
> May 20 00:11:07 samchiel postfix/smtpd[25547]: xsasl_cyrus_server_first:
> decoded initial response
> May 20 00:11:07 samchiel postfix/smtpd[25547]: SASL authentication debug:
> could not find auxprop plugin, was searching for 'ldapdb'
> May 20 00:11:07 samchiel postfix/smtpd[25547]: SASL authentication debug:
> could not find auxprop plugin, was searching for 'ldapdb'

Is your SMTP server chrooted? Have you configured a non-default
Cyrus plugin search path?

> Once again, I checked all my packages, and I think I have everything
> installed. Particularly 'ldapdb' for sasl2:
>
> ----
> # ls -l /usr/lib/sasl2/ |grep ldapdb
> -rw-r--r-- 1 root root 13748 Dec 29 01:10 libldapdb.a
> -rw-r--r-- 1 root root 976 Dec 29 01:10 libldapdb.la
> lrwxrwxrwx 1 root root 19 May 10 12:18 libldapdb.so ->
> libldapdb.so.2.0.23
> lrwxrwxrwx 1 root root 19 May 10 12:18 libldapdb.so.2 ->
> libldapdb.so.2.0.23
> -rw-r--r-- 1 root root 14556 Dec 29 01:10 libldapdb.so.2.0.23

Well, the SMTP server may be chrooted, or may be looking outside
/usr/lib/sasl2.

--
Viktor.

P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.

First  |  Prev  | 
Pages: 1 2
Prev: looking for an SMTP testing tool
Next: postmaster problem with virtual and mysql