Find the answer to your Linux question:
Results 1 to 3 of 3
Hello All, Alright so I am going to need a vacuum to get all the hair out of my keyboard that I have ripped out of my head on this ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! parabuzzle's Avatar
    Join Date
    Jun 2007
    Location
    Oakland, CA
    Posts
    11

    SASLAUTHD and Postfix 2.4.1


    Hello All,

    Alright so I am going to need a vacuum to get all the hair out of my keyboard that I have ripped out of my head on this project. I have installed SASL2 and postfix 2.4.1 and I can't seem to get them to work. I have narrowed down the problem to the fact that for some reason Postfix is appending the realm on to the username. Here are all the dumps:

    Test the password:
    # /usr/sbin/testsaslauthd -r floppy.mydomain.com -u test -p mypassword
    0: OK "Success."
    start in debug mode:
    # /usr/sbin/saslauthd -d -a shadow
    saslauthd[11057] :main : num_procs : 5
    saslauthd[11057] :main : mech_option: NULL
    saslauthd[11057] :main : run_path : /var/run/saslauthd
    saslauthd[11057] :main : auth_mech : shadow
    saslauthd[11057] :ipc_init : using accept lock file: /var/run/saslauthd/mux.accept
    saslauthd[11057] :detach_tty : master pid is: 0
    saslauthd[11057] :ipc_init : listening on socket: /var/run/saslauthd/mux
    saslauthd[11057] :main : using process model
    saslauthd[11058] :get_accept_lock : acquired accept lock
    saslauthd[11057] :have_baby : forked child: 11058
    saslauthd[11057] :have_baby : forked child: 11059
    saslauthd[11057] :have_baby : forked child: 11060
    saslauthd[11057] :have_baby : forked child: 11061
    Telnet in to box and try to authenticate:
    220 CA Business and Professions Code Section 17538.45 forbids use of this system for unsolicited electronic mail advertisements.
    DEBUG SMTP: connected to host "xxx.xxx.xxx.xxx", port: 25

    EHLO pingability.com
    250-floppy.mydomain.com
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN GSSAPI
    250-AUTH=DIGEST-MD5 CRAM-MD5 PLAIN LOGIN GSSAPI
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    DEBUG SMTP: Found extension "PIPELINING", arg ""
    DEBUG SMTP: Found extension "SIZE", arg "10240000"
    DEBUG SMTP: Found extension "VRFY", arg ""
    DEBUG SMTP: Found extension "ETRN", arg ""
    DEBUG SMTP: Found extension "AUTH", arg "DIGEST-MD5 CRAM-MD5 PLAIN LOGIN GSSAPI"
    DEBUG SMTP: Found extension "AUTH=DIGEST-MD5", arg "CRAM-MD5 PLAIN LOGIN GSSAPI"
    DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
    DEBUG SMTP: Found extension "8BITMIME", arg ""
    DEBUG SMTP: Found extension "DSN", arg ""
    DEBUG SMTP: Attempt to authenticate
    AUTH LOGIN
    334 VXNlcm5hbWU6
    bWxoZWlqbQ==
    334 UGFzc3dvcmQ6
    b3BlbjIzMjM=
    535 5.7.0 Error: authentication failed: authentication failure

    Authentication Failed Exception
    I show this on the screen now:
    saslauthd[11057] :main : num_procs : 5
    saslauthd[11057] :main : mech_option: NULL
    saslauthd[11057] :main : run_path : /var/run/saslauthd
    saslauthd[11057] :main : auth_mech : shadow
    saslauthd[11057] :ipc_init : using accept lock file: /var/run/saslauthd/mux.accept
    saslauthd[11057] :detach_tty : master pid is: 0
    saslauthd[11057] :ipc_init : listening on socket: /var/run/saslauthd/mux
    saslauthd[11057] :main : using process model
    saslauthd[11058] :get_accept_lock : acquired accept lock
    saslauthd[11057] :have_baby : forked child: 11058
    saslauthd[11057] :have_baby : forked child: 11059
    saslauthd[11057] :have_baby : forked child: 11060
    saslauthd[11057] :have_baby : forked child: 11061
    saslauthd[11058] :rel_accept_lock : released accept lock
    saslauthd[11059] :get_accept_lock : acquired accept lock
    saslauthd[11058] :do_auth : auth failure: [user=test@floppy.mydomain.com] [service=smtp] [realm=floppy.mydomain.com] [mech=shadow] [reason=Unknown]
    saslauthd[11058] :do_request : response: NO
    The messages log shows:
    Jun 26 17:54:04 localhost saslauthd[11057]: detach_tty : master pid is: 0
    Jun 26 17:54:04 localhost saslauthd[11057]: ipc_init : listening on socket: /var/run/saslauthd/mux
    Jun 26 17:55:39 localhost saslauthd[11058]: do_auth : auth failure: [user=mlheijm@floppy.techtribe.com] [service=smtp] [realm=floppy.techtribe.com] [mech=shadow] [reason=Unknown]
    Jun 26 17:58:30 localhost saslauthd[11057]: server_exit : master exited: 0
    DOES ANYONE KNOW HOW TO DETACH THE DOMAIN FROM THE USERNAME?

  2. #2
    Just Joined! monitorjbl's Avatar
    Join Date
    May 2007
    Posts
    16
    I've only done it with a MySQL backend for the users, so I'm not entirely clear on how to do it using just SASL. This might help.

    Just to let you know, I sympathize with your plight. I spent a week trying to narrow down a problem with Postfix and SASL before discovering it was PAM issue. Hope it helps!

  3. #3
    Just Joined! parabuzzle's Avatar
    Join Date
    Jun 2007
    Location
    Oakland, CA
    Posts
    11
    I fixed it...Here is the dumb solution....lol

    In the main.cf file I needed to comment out the smtp_sasl_local_domain = X section...

    Old main.cf (relevent section)
    #AUTH FUNCTIONS
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    smtpd_sasl_local_domain = $myhostname
    broken_sasl_auth_clients = yes
    #Restrictions
    smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
    New main.cf (relevent section) - Notice the new comment
    #AUTH FUNCTIONS
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    #smtpd_sasl_local_domain = $myhostname
    broken_sasl_auth_clients = yes
    #Restrictions
    smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •