sasl fails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I just cannot seem to get my smtp auth working. I've read, and re-read the sasl_readme with no luck...I've followed those instructions. It appears that sasl is trying to use sasldb2 (which it's not supposed to, I'm trying to use pam). I'm running on fedora core 3. Someone on the postfix list replied and said I can't use pwcheck_method: saslauthd on FC3...is that true? I need to use pam/my passwd/shadow info for smtp auth, so if that is true, what is the work around? Many thanks. 

[root@hedwig readme]# ps aux|grep sasl
root 29058 0.0 0.0 19912 844 ? Ss 13:14 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam root 29059 0.0 0.0 20984 1264 ? S 13:14 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam root 29060 0.0 0.0 19912 844 ? S 13:14 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam root 29061 0.0 0.0 19912 844 ? S 13:14 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam root 29062 0.0 0.0 19912 844 ? S 13:14 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam 
root     29295  0.0  0.0 42400  668 pts/4    R+   13:59   0:00 grep sasl

[root@hedwig readme]# testsaslauthd -u anner -p mypass
0: OK "Success."

[root@hedwig readme]# cat /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd

[root@hedwig readme]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = /usr/share/doc/postfix-2.2.5-documentation/html
inet_interfaces = $myhostname, localhost, 66.45.100.233
mail_owner = postfix
mailbox_command = /usr/bin/procmail -a "$EXTENSION" -d "$USER"
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, emji.net, blast.com
mydomain = blast.com
myhostname = hedwig.blast.com
mynetworks = $config_directory/mynetworks, $config_directory/my_acceptable_ips 
mynetworks_style = subnet
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.5-documentation/readme
recipient_delimiter = +
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject 
smtpd_sasl_auth_enable = yes
transport_maps = mysql:/etc/postfix/transport.cf
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/virtual.cf

When I try and use it with a standard mail client I get:
Aug 24 13:53:52 daredevil postfix/smtpd[29286]: connect from h27.83.213.151.ip.alltel.net[151.213.83.27] Aug 24 13:53:56 daredevil postfix/smtpd[29286]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Aug 24 13:53:56 daredevil postfix/smtpd[29286]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Aug 24 13:53:56 daredevil postfix/smtpd[29286]: warning: SASL authentication failure: no secret in database Aug 24 13:53:56 daredevil postfix/smtpd[29286]: warning: h27.83.213.151.ip.alltel.net[151.213.83.27]: SASL CRAM-MD5 authentication failed Aug 24 13:53:57 daredevil postfix/smtpd[29286]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Aug 24 13:53:57 daredevil postfix/smtpd[29286]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Aug 24 13:53:57 daredevil postfix/smtpd[29286]: warning: SASL authentication failure: no secret in database Aug 24 13:53:57 daredevil postfix/smtpd[29286]: warning: h27.83.213.151.ip.alltel.net[151.213.83.27]: SASL NTLM authentication failed Aug 24 13:53:57 daredevil postfix/smtpd[29286]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory 
Aug 24 13:53:57 daredevil last message repeated 4 times
Aug 24 13:53:57 daredevil postfix/smtpd[29286]: warning: SASL authentication failure: Password verification failed Aug 24 13:53:57 daredevil postfix/smtpd[29286]: warning: h27.83.213.151.ip.alltel.net[151.213.83.27]: SASL PLAIN authentication failed Aug 24 13:53:57 daredevil postfix/smtpd[29286]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory 
Aug 24 13:53:57 daredevil last message repeated 5 times
Aug 24 13:53:57 daredevil postfix/smtpd[29286]: warning: h27.83.213.151.ip.alltel.net[151.213.83.27]: SASL LOGIN authentication failed 

When I try through telnet, my telnet session looks like this:
[anner:~] anner% telnet 66.45.100.233 25
Trying 66.45.100.233...
Connected to 66.45.100.233.
Escape character is '^]'.
220 hedwig.blast.com ESMTP Postfix
EHLO anner.blast.com
250-hedwig.blast.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH CRAM-MD5 GSSAPI NTLM PLAIN DIGEST-MD5 LOGIN
250 8BITMIME
AUTH PLAIN myEncodedUser&Pass
535 Error: authentication failed

[root@hedwig readme]# saslfinger -s
saslfinger - postfix Cyrus sasl configuration Wed Aug 24 14:02:36 EDT 2005
version: 0.9.9.1
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.2.5
System: Fedora Core release 3 (Heidelberg)

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003c6db00000)

-- active SMTP AUTH and TLS parameters for smtpd --
smtpd_sasl_auth_enable = yes


-- listing of /usr/lib/sasl --
total 444
drwxr-xr-x   2 root root  4096 Aug 24 11:01 .
drwxr-xr-x  94 root root 65536 Aug 24 09:53 ..
-rwxr-xr-x   1 root root   871 Oct  7  2004 libanonymous.la
-rwxr-xr-x   1 root root  5748 Oct  7  2004 libanonymous.so
-rwxr-xr-x   1 root root  5748 Oct  7  2004 libanonymous.so.1
-rwxr-xr-x   1 root root  5748 Oct  7  2004 libanonymous.so.1.0.17
-rwxr-xr-x   1 root root   857 Oct  7  2004 libcrammd5.la
-rwxr-xr-x   1 root root  9884 Oct  7  2004 libcrammd5.so
-rwxr-xr-x   1 root root  9884 Oct  7  2004 libcrammd5.so.1
-rwxr-xr-x   1 root root  9884 Oct  7  2004 libcrammd5.so.1.0.19
-rwxr-xr-x   1 root root   880 Oct  7  2004 libdigestmd5.la
-rwxr-xr-x   1 root root 30804 Oct  7  2004 libdigestmd5.so
-rwxr-xr-x   1 root root 30804 Oct  7  2004 libdigestmd5.so.0
-rwxr-xr-x   1 root root 30804 Oct  7  2004 libdigestmd5.so.0.0.20
-rwxr-xr-x   1 root root   906 Oct  7  2004 libgssapiv2.la
-rwxr-xr-x   1 root root 11952 Oct  7  2004 libgssapiv2.so
-rwxr-xr-x   1 root root 11952 Oct  7  2004 libgssapiv2.so.1
-rwxr-xr-x   1 root root 11952 Oct  7  2004 libgssapiv2.so.1.0.19
-rwxr-xr-x   1 root root   847 Oct  7  2004 liblogin.la
-rwxr-xr-x   1 root root  7248 Oct  7  2004 liblogin.so
-rwxr-xr-x   1 root root  7248 Oct  7  2004 liblogin.so.0
-rwxr-xr-x   1 root root  7248 Oct  7  2004 liblogin.so.0.0.7
-rwxr-xr-x   1 root root   849 Oct  7  2004 libplain.la
-rwxr-xr-x   1 root root  7000 Oct  7  2004 libplain.so
-rwxr-xr-x   1 root root  7000 Oct  7  2004 libplain.so.1
-rwxr-xr-x   1 root root  7000 Oct  7  2004 libplain.so.1.0.16
-rw-r--r--   1 root root    47 Aug 24 11:01 smtpd.conf

-- listing of /usr/lib/sasl2 --
total 3052
drwxr-xr-x   2 root root   4096 Aug 24 09:47 .
drwxr-xr-x  94 root root  65536 Aug 24 09:53 ..
-rwxr-xr-x   1 root root    875 Oct  7  2004 libanonymous.la
-rwxr-xr-x   1 root root  12820 Oct  7  2004 libanonymous.so
-rwxr-xr-x   1 root root  12820 Oct  7  2004 libanonymous.so.2
-rwxr-xr-x   1 root root  12820 Oct  7  2004 libanonymous.so.2.0.19
-rwxr-xr-x   1 root root    863 Oct  7  2004 libcrammd5.la
-rwxr-xr-x   1 root root  15216 Oct  7  2004 libcrammd5.so
-rwxr-xr-x   1 root root  15216 Oct  7  2004 libcrammd5.so.2
-rwxr-xr-x   1 root root  15216 Oct  7  2004 libcrammd5.so.2.0.19

-rwxr-xr-x   1 root root    884 Oct  7  2004 libdigestmd5.la
-rwxr-xr-x   1 root root  42964 Oct  7  2004 libdigestmd5.so
-rwxr-xr-x   1 root root  42964 Oct  7  2004 libdigestmd5.so.2
-rwxr-xr-x   1 root root  42964 Oct  7  2004 libdigestmd5.so.2.0.19
-rwxr-xr-x   1 root root    911 Oct  7  2004 libgssapiv2.la
-rwxr-xr-x   1 root root  22292 Oct  7  2004 libgssapiv2.so
-rwxr-xr-x   1 root root  22292 Oct  7  2004 libgssapiv2.so.2
-rwxr-xr-x   1 root root  22292 Oct  7  2004 libgssapiv2.so.2.0.19
-rwxr-xr-x   1 root root    851 Oct  7  2004 liblogin.la
-rwxr-xr-x   1 root root  13296 Oct  7  2004 liblogin.so
-rwxr-xr-x   1 root root  13296 Oct  7  2004 liblogin.so.2
-rwxr-xr-x   1 root root  13296 Oct  7  2004 liblogin.so.2.0.19
-rwxr-xr-x   1 root root    854 Oct  7  2004 libntlm.la
-rwxr-xr-x   1 root root  29104 Oct  7  2004 libntlm.so
-rwxr-xr-x   1 root root  29104 Oct  7  2004 libntlm.so.2
-rwxr-xr-x   1 root root  29104 Oct  7  2004 libntlm.so.2.0.19
-rwxr-xr-x   1 root root    851 Oct  7  2004 libplain.la
-rwxr-xr-x   1 root root  13360 Oct  7  2004 libplain.so
-rwxr-xr-x   1 root root  13360 Oct  7  2004 libplain.so.2
-rwxr-xr-x   1 root root  13360 Oct  7  2004 libplain.so.2.0.19
-rwxr-xr-x   1 root root    931 Oct  7  2004 libsasldb.la
-rwxr-xr-x   1 root root 784960 Oct  7  2004 libsasldb.so
-rwxr-xr-x   1 root root 784960 Oct  7  2004 libsasldb.so.2
-rwxr-xr-x   1 root root 784960 Oct  7  2004 libsasldb.so.2.0.19
-rw-r--r--   1 root root     26 Aug 24 09:46 smtpd.conf




-- content of /usr/lib/sasl/smtpd.conf --
pwcheck_method: saslauthd
saslauthd_version: 2

-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method: saslauthd


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       n       -       -       smtpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus     unix  -       n       n       -       -       pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} 
uucp      unix  -       n       n       -       -       pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) 
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient 

-- mechanisms on localhost --
250-AUTH CRAM-MD5 GSSAPI NTLM PLAIN DIGEST-MD5 LOGIN


-- end of saslfinger output --
I have over 1000 clients, so I can't ask them all to set up new passwords. Please help, 

Anne
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux