sasl fails
Anne Ramey
anner at blast.com
Wed Aug 24 18:40:48 UTC 2005
I just cannot seem to get my smtp auth working. I've read, and re-read
the sasl_readme with no luck...I've followed those instructions. It
appears that sasl is trying to use sasldb2 (which it's not supposed to,
I'm trying to use pam). I'm running on fedora core 3. Someone on the
postfix list replied and said I can't use pwcheck_method: saslauthd on
FC3...is that true? I need to use pam/my passwd/shadow info for smtp
auth, so if that is true, what is the work around? Many thanks.
[root at hedwig readme]# ps aux|grep sasl
root 29058 0.0 0.0 19912 844 ? Ss 13:14 0:00
/usr/sbin/saslauthd -m /var/run/saslauthd -a pam
root 29059 0.0 0.0 20984 1264 ? S 13:14 0:00
/usr/sbin/saslauthd -m /var/run/saslauthd -a pam
root 29060 0.0 0.0 19912 844 ? S 13:14 0:00
/usr/sbin/saslauthd -m /var/run/saslauthd -a pam
root 29061 0.0 0.0 19912 844 ? S 13:14 0:00
/usr/sbin/saslauthd -m /var/run/saslauthd -a pam
root 29062 0.0 0.0 19912 844 ? S 13:14 0:00
/usr/sbin/saslauthd -m /var/run/saslauthd -a pam
root 29295 0.0 0.0 42400 668 pts/4 R+ 13:59 0:00 grep sasl
[root at hedwig readme]# testsaslauthd -u anner -p mypass
0: OK "Success."
[root at hedwig readme]# cat /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
[root at hedwig readme]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = /usr/share/doc/postfix-2.2.5-documentation/html
inet_interfaces = $myhostname, localhost, 66.45.100.233
mail_owner = postfix
mailbox_command = /usr/bin/procmail -a "$EXTENSION" -d "$USER"
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, emji.net, blast.com
mydomain = blast.com
myhostname = hedwig.blast.com
mynetworks = $config_directory/mynetworks,
$config_directory/my_acceptable_ips
mynetworks_style = subnet
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.5-documentation/readme
recipient_delimiter = +
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject
smtpd_sasl_auth_enable = yes
transport_maps = mysql:/etc/postfix/transport.cf
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/virtual.cf
When I try and use it with a standard mail client I get:
Aug 24 13:53:52 daredevil postfix/smtpd[29286]: connect from
h27.83.213.151.ip.alltel.net[151.213.83.27]
Aug 24 13:53:56 daredevil postfix/smtpd[29286]: warning: SASL
authentication problem: unable to open Berkeley db /etc/sasldb2: No such
file or directory
Aug 24 13:53:56 daredevil postfix/smtpd[29286]: warning: SASL
authentication problem: unable to open Berkeley db /etc/sasldb2: No such
file or directory
Aug 24 13:53:56 daredevil postfix/smtpd[29286]: warning: SASL
authentication failure: no secret in database
Aug 24 13:53:56 daredevil postfix/smtpd[29286]: warning:
h27.83.213.151.ip.alltel.net[151.213.83.27]: SASL CRAM-MD5
authentication failed
Aug 24 13:53:57 daredevil postfix/smtpd[29286]: warning: SASL
authentication problem: unable to open Berkeley db /etc/sasldb2: No such
file or directory
Aug 24 13:53:57 daredevil postfix/smtpd[29286]: warning: SASL
authentication problem: unable to open Berkeley db /etc/sasldb2: No such
file or directory
Aug 24 13:53:57 daredevil postfix/smtpd[29286]: warning: SASL
authentication failure: no secret in database
Aug 24 13:53:57 daredevil postfix/smtpd[29286]: warning:
h27.83.213.151.ip.alltel.net[151.213.83.27]: SASL NTLM authentication failed
Aug 24 13:53:57 daredevil postfix/smtpd[29286]: warning: SASL
authentication problem: unable to open Berkeley db /etc/sasldb2: No such
file or directory
Aug 24 13:53:57 daredevil last message repeated 4 times
Aug 24 13:53:57 daredevil postfix/smtpd[29286]: warning: SASL
authentication failure: Password verification failed
Aug 24 13:53:57 daredevil postfix/smtpd[29286]: warning:
h27.83.213.151.ip.alltel.net[151.213.83.27]: SASL PLAIN authentication
failed
Aug 24 13:53:57 daredevil postfix/smtpd[29286]: warning: SASL
authentication problem: unable to open Berkeley db /etc/sasldb2: No such
file or directory
Aug 24 13:53:57 daredevil last message repeated 5 times
Aug 24 13:53:57 daredevil postfix/smtpd[29286]: warning:
h27.83.213.151.ip.alltel.net[151.213.83.27]: SASL LOGIN authentication
failed
When I try through telnet, my telnet session looks like this:
[anner:~] anner% telnet 66.45.100.233 25
Trying 66.45.100.233...
Connected to 66.45.100.233.
Escape character is '^]'.
220 hedwig.blast.com ESMTP Postfix
EHLO anner.blast.com
250-hedwig.blast.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH CRAM-MD5 GSSAPI NTLM PLAIN DIGEST-MD5 LOGIN
250 8BITMIME
AUTH PLAIN myEncodedUser&Pass
535 Error: authentication failed
[root at hedwig readme]# saslfinger -s
saslfinger - postfix Cyrus sasl configuration Wed Aug 24 14:02:36 EDT 2005
version: 0.9.9.1
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.2.5
System: Fedora Core release 3 (Heidelberg)
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003c6db00000)
-- active SMTP AUTH and TLS parameters for smtpd --
smtpd_sasl_auth_enable = yes
-- listing of /usr/lib/sasl --
total 444
drwxr-xr-x 2 root root 4096 Aug 24 11:01 .
drwxr-xr-x 94 root root 65536 Aug 24 09:53 ..
-rwxr-xr-x 1 root root 871 Oct 7 2004 libanonymous.la
-rwxr-xr-x 1 root root 5748 Oct 7 2004 libanonymous.so
-rwxr-xr-x 1 root root 5748 Oct 7 2004 libanonymous.so.1
-rwxr-xr-x 1 root root 5748 Oct 7 2004 libanonymous.so.1.0.17
-rwxr-xr-x 1 root root 857 Oct 7 2004 libcrammd5.la
-rwxr-xr-x 1 root root 9884 Oct 7 2004 libcrammd5.so
-rwxr-xr-x 1 root root 9884 Oct 7 2004 libcrammd5.so.1
-rwxr-xr-x 1 root root 9884 Oct 7 2004 libcrammd5.so.1.0.19
-rwxr-xr-x 1 root root 880 Oct 7 2004 libdigestmd5.la
-rwxr-xr-x 1 root root 30804 Oct 7 2004 libdigestmd5.so
-rwxr-xr-x 1 root root 30804 Oct 7 2004 libdigestmd5.so.0
-rwxr-xr-x 1 root root 30804 Oct 7 2004 libdigestmd5.so.0.0.20
-rwxr-xr-x 1 root root 906 Oct 7 2004 libgssapiv2.la
-rwxr-xr-x 1 root root 11952 Oct 7 2004 libgssapiv2.so
-rwxr-xr-x 1 root root 11952 Oct 7 2004 libgssapiv2.so.1
-rwxr-xr-x 1 root root 11952 Oct 7 2004 libgssapiv2.so.1.0.19
-rwxr-xr-x 1 root root 847 Oct 7 2004 liblogin.la
-rwxr-xr-x 1 root root 7248 Oct 7 2004 liblogin.so
-rwxr-xr-x 1 root root 7248 Oct 7 2004 liblogin.so.0
-rwxr-xr-x 1 root root 7248 Oct 7 2004 liblogin.so.0.0.7
-rwxr-xr-x 1 root root 849 Oct 7 2004 libplain.la
-rwxr-xr-x 1 root root 7000 Oct 7 2004 libplain.so
-rwxr-xr-x 1 root root 7000 Oct 7 2004 libplain.so.1
-rwxr-xr-x 1 root root 7000 Oct 7 2004 libplain.so.1.0.16
-rw-r--r-- 1 root root 47 Aug 24 11:01 smtpd.conf
-- listing of /usr/lib/sasl2 --
total 3052
drwxr-xr-x 2 root root 4096 Aug 24 09:47 .
drwxr-xr-x 94 root root 65536 Aug 24 09:53 ..
-rwxr-xr-x 1 root root 875 Oct 7 2004 libanonymous.la
-rwxr-xr-x 1 root root 12820 Oct 7 2004 libanonymous.so
-rwxr-xr-x 1 root root 12820 Oct 7 2004 libanonymous.so.2
-rwxr-xr-x 1 root root 12820 Oct 7 2004 libanonymous.so.2.0.19
-rwxr-xr-x 1 root root 863 Oct 7 2004 libcrammd5.la
-rwxr-xr-x 1 root root 15216 Oct 7 2004 libcrammd5.so
-rwxr-xr-x 1 root root 15216 Oct 7 2004 libcrammd5.so.2
-rwxr-xr-x 1 root root 15216 Oct 7 2004 libcrammd5.so.2.0.19
-rwxr-xr-x 1 root root 884 Oct 7 2004 libdigestmd5.la
-rwxr-xr-x 1 root root 42964 Oct 7 2004 libdigestmd5.so
-rwxr-xr-x 1 root root 42964 Oct 7 2004 libdigestmd5.so.2
-rwxr-xr-x 1 root root 42964 Oct 7 2004 libdigestmd5.so.2.0.19
-rwxr-xr-x 1 root root 911 Oct 7 2004 libgssapiv2.la
-rwxr-xr-x 1 root root 22292 Oct 7 2004 libgssapiv2.so
-rwxr-xr-x 1 root root 22292 Oct 7 2004 libgssapiv2.so.2
-rwxr-xr-x 1 root root 22292 Oct 7 2004 libgssapiv2.so.2.0.19
-rwxr-xr-x 1 root root 851 Oct 7 2004 liblogin.la
-rwxr-xr-x 1 root root 13296 Oct 7 2004 liblogin.so
-rwxr-xr-x 1 root root 13296 Oct 7 2004 liblogin.so.2
-rwxr-xr-x 1 root root 13296 Oct 7 2004 liblogin.so.2.0.19
-rwxr-xr-x 1 root root 854 Oct 7 2004 libntlm.la
-rwxr-xr-x 1 root root 29104 Oct 7 2004 libntlm.so
-rwxr-xr-x 1 root root 29104 Oct 7 2004 libntlm.so.2
-rwxr-xr-x 1 root root 29104 Oct 7 2004 libntlm.so.2.0.19
-rwxr-xr-x 1 root root 851 Oct 7 2004 libplain.la
-rwxr-xr-x 1 root root 13360 Oct 7 2004 libplain.so
-rwxr-xr-x 1 root root 13360 Oct 7 2004 libplain.so.2
-rwxr-xr-x 1 root root 13360 Oct 7 2004 libplain.so.2.0.19
-rwxr-xr-x 1 root root 931 Oct 7 2004 libsasldb.la
-rwxr-xr-x 1 root root 784960 Oct 7 2004 libsasldb.so
-rwxr-xr-x 1 root root 784960 Oct 7 2004 libsasldb.so.2
-rwxr-xr-x 1 root root 784960 Oct 7 2004 libsasldb.so.2.0.19
-rw-r--r-- 1 root root 26 Aug 24 09:46 smtpd.conf
-- content of /usr/lib/sasl/smtpd.conf --
pwcheck_method: saslauthd
saslauthd_version: 2
-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method: saslauthd
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension}
${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
-- mechanisms on localhost --
250-AUTH CRAM-MD5 GSSAPI NTLM PLAIN DIGEST-MD5 LOGIN
-- end of saslfinger output --
I have over 1000 clients, so I can't ask them all to set up new
passwords. Please help,
Anne
More information about the fedora-list
mailing list