[Freeipa-users] Introduction and question regarding SMTP/IMAP

Dave Gonzalez dgonzalezh at gmail.com
Mon Jun 23 22:26:13 UTC 2014 

Hi again martin,

Followed your advise with no luck either, I tried

  testsaslauthd -u david at domain.com -p pass
saslauthd[18405] :rel_accept_lock : released accept lock
saslauthd[18407] :get_accept_lock : acquired accept lock
saslauthd[18405] :do_auth         : auth failure: 
[user=david at domain.com] [service=imap] [realm=] [mech=ldap] [reason=Unknown]
saslauthd[18405] :do_request      : response: NO
0: NO "authentication failed"

Postfix doesn't even how any autrhentication attempts, but what I see as 
a weird things is that "service=imap"

I appreciate your help and prompt response, I've tried with ldap_table 
instructions from postfix site but no joy, also it's important to 
mention to all that this is a brand new install of CentOS so no tweaks 
or any weird thing.

Thanks everyone.

On 6/23/2014 8:12 AM, Martin Boese wrote:
> On Sun, 22 Jun 2014 11:41:36 -0500
> Dave Gonzalez <dgonzalezh at gmail.com> wrote:
>
>> Hello there everyone David here,
>>
>> I'm big time Red Hat fan, I work for a company where we have a small
>> 20+ people directory, I'm currently using Samba4 to offer
>> authentication to Openfire, Postfix, Dovecot (using GroupOffice); but
>> I want to switch ebcause samba is a hassle to setup and whenever
>> replication breaks it's nearly impossible to rebuild, anyways, My
>> current environment is Proxmox VE 3 as virtualization platform and
>> many CentOS/RedHat Servers holding my services.
>>
>> Please excuse me if this was already answered but after I went
>> trhough the archives I coulnd't find anyone facing the same issue,
>> please bear with me as I'm a newbie to FreeIPA and LDAP. I know I'm
>> missing something or doing it wrong but after a week struggling with
>> this setup I decided  to call for the help of the experts.
>>
>> My environment:
>> FreeIPA Server
>> CentOS 6.5 x86_64
>>
>> Mail Server
>> CentOS 6.5
>> postfix-2.6.6-6.el6_5.x86_64
>> dovecot-2.0.9-7.el6.x86_64
>> ipa-python-3.0.0-37.el6.x86_64
>> ipa-client-3.0.0-37.el6.x86_64
>> python-iniparse-0.3.1-2.1.el6.noarch
>> libipa_hbac-1.9.2-129.el6_5.4.x86_64
>> libipa_hbac-python-1.9.2-129.el6_5.4.x86_64
>>
>> I've followed these posts from Dale McCartney, whom I've also read
>> his posts around here
>>
>> https://www.dalemacartney.com/2013/03/14/deploying-postfix-with-ldap-freeipa-virtual-aliases-and-kerberos-authentication/
>>
>> http://www.freeipa.org/page/Dovecot_Integration
>>
>> None of them seem to work at the moment when using Thunderbird with
>> the server set up as STARTLS Kerberos/GSSAPI -- Thunderbird also
>> reports that
>>
>> <quote>
>> "The kerberos/GSSAPI ticket was not accepted by the IMAP server
>> david at domain.com. Please chack that you're logged in to the
>> Kerberos/GSSAPI realm"
>> </quote>
>>
>> with Dovecot I'm getting this
>>
>> <code>
>> Jun 22 11:01:25 imap-login: Info: Disconnected: Inactivity (no auth
>> attempts): rip=1.1.1.1, lip=217.1.2.3
>> </code>
>>
>> I tried manual telnet and use a authenticate gssapi which retuns "+"
>> which means module is indeed loading and the server is gssapi ready
>> for the challenge.
>>
>> If anyone of you could point me into the right direction I'd really
>> value that.
>>
>> Thanks
>>
>> --- Regards David G.
> I think the right direction is to just use LDAP for these things..
>
> Here's my LDAP+SASL on debian for Postfix. Seems like Dovecot can also
> authenticate against SASL.
>
> Create an unprivileged user for ldap-bind
>
> ** /etc/postfix/main.cf
>
> ...snip...
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = smtpd
> smtpd_sasl_local_domain = yourdomain.com
>
> ...add to:
> smtpd_recipient_restrictions =
>    permit_sasl_authenticated
>
> ** /etc/postfix/sasl/smtpd.conf
> pwcheck_method: saslauthd
> mech_list: PLAIN LOGIN
>
> ** /etc/saslauth.conf
> ldap_servers: ldap://your.ipa.server
> ldap_search_base: cn=users,cn=accounts,dc=yourdomain,dc=com
> ldap_filter: (|(uid=%u)(mail=%u))
> ldap_bind_dn:uid=your-unpriviledged-user,cn=users,cn=accounts,dc=yourdomain,dc=com
> ldap_bind_pw: password-of-the-user
>
> Martin
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140623/513932b6/attachment.htm>

More information about the Freeipa-users mailing list