nis is so convienent yet such a pain. you don't need anything in the
local passwd file. what happens when you do a keylogin, are you getting
any errors from that? the only solaris 7 machine i have setup is running
solstice for adding user/groups ./etc. there where a punch of patches i
had to install to get solstice talking to nis+ correctly. the domainname
didn't translate correctly. i had to add the trailing "." to the
domainnmame in /etc/defauldomain, i.e. domain.com.
^
i also recall seeing that error from sendmail if it can't get the fully
qualified domainname from /etc/hosts, the correct format being:
ip hostname.domainname alias
-- ------------------- -----
172.168.109.24 imap.domain.com imap
just some thoughts.
my configs:
--- BEGIN /etc/imapd.conf ---
#
# configuration file for the Cyrus IMAP Daemon
#
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus root darinper
srvtab: /var/imap/srvtab
allowanonymouslogin: yes
allowplaintext: yes
sasl_pwcheck_method: passwd
sasl_passwd_check: passwd
--- END /etc/imapd.conf ---
-- BEGIN /etc/cyrus.conf --
# standard standalone server implementation
START {
# do not delete these entries!
mboxlist cmd="ctl_mboxlist -r"
deliver cmd="ctl_deliver -r"
# snmp cmd="tugowar"
# acappush cmd="acap_push"
# ptloader cmd="doptclient"
# this is only necessary if using idled for IMAP IDLE
# idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/imap/sockets
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps" prefork=0
pop3 cmd="pop3d" listen="pop3" prefork=1
pop3s cmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
# at least one LMTP is required for delivery
lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1
#lmtpunix cmd="lmtpd" listen="/lmtp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="ctl_mboxlist -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="ctl_deliver -E 3" period=1440
# reauth cmd="/usr/local/bin/ksrvtgt -l 3600 imap cyrus-dev
ANDREW.CMU.ED
U /var/imap/srvtab" period=30
}
--- END cyrus.conf ---
Benjamin Bacon wrote:
>
> Darin,
>
> Thanks for the reply.
> Keyserv is up and running. I checked that also. This server's OS is
> Solaris 2.7. I would be glad to take a look at your config to see what I
> might be missing. The one thing I was wondering might be a problem is that
> the users are not local in the passwd file but are all stored on the NIS
> master. I am not sure if this would affect the authentification process.
>
> Thanks
> Benjamin
>
> ----- Original Message -----
> From: "Darin Perusich" <[EMAIL PROTECTED]>
> To: "Benjamin Bacon" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Tuesday, August 28, 2001 1:46 PM
> Subject: Re: NIS+, Cyrus-IMAP, PAM and SASL
>
> > is the /usr/sbin/keyserv daemon running? from the error that you've
> > listed your user isn't able get user ben's private key. i'd fire up
> > keyserv and try it again, are you running this on solaris? i have cyrus
> > setup on a redhat 7.1 machine that's a nis client and everything running
> > fine. i can shoot you over the configs if you interested.
> >
> > --
> > Darin Perusich
> > Unix Administrator
> > Cognigen Corp.
> > [EMAIL PROTECTED]
> >
> > > Benjamin Bacon wrote:
> > >
> > > Hi everyone,
> > >
> > > I started setting up Cyrus IMAP server a few weeks ago and I had to
> > > take a break to setup a several NIS+ domains. Now the machine that I
> > > am planning on being the IMAP server is a NIS+ client. The problem I
> > > have run into is that I am not able to authenticate any users through
> > > imtest. I think this is because of NIS+. Here is the errors I am
> > > getting in the imapd.log file.
> > >
> > > Aug 28 13:00:00 regprod8 imapd[7849]: accepted connection
> > > Aug 28 13:00:05 regprod8 imapd[7849]: authdes_refresh: keyserv(1m) is
> > > unable to encrypt session key
> > > Aug 28 13:00:05 regprod8 imapd[7849]: User ben needs Secure RPC
> > > credentials to login.
> > > Aug 28 13:00:05 regprod8 imapd[7849]: pam_authenticate: error Error in
> > > underlying service module
> > > Aug 28 13:00:08 regprod8 master[7840]: process 7849 exited, status 0
> > > Aug 28 13:00:18 regprod8 master[7851]: about to exec
> > > /usr/cyrus/bin/imapd
> > > Aug 28 13:00:18 regprod8 service-imap[7851]: executed
> > > Aug 28 13:00:18 regprod8 imapd[7851]: accepted connection
> > > Aug 28 13:00:31 regprod8 imapd[7851]: authdes_refresh: keyserv(1m) is
> > > unable to encrypt session key
> > > Aug 28 13:00:31 regprod8 imapd[7851]: Permissions on the password
> > > database may be too restrictive
> > > Aug 28 13:00:31 regprod8 imapd[7851]: pam_authenticate: error
> > > Authentication failed
> > > Aug 28 13:00:34 regprod8 master[7840]: process 7851 exited, status 0
> > >
> > > Here is the output from /local/bin/imtest -m login -a ben localhost
> > > C: C01 CAPABILITY
> > > S: * OK regprod8 Cyrus IMAP4 v2.0.16 server ready
> > > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS
> > > ID NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
> > > THREAD=REFERENCES IDLE
> > > S: C01 OK Completed
> > > Password:
> > > C: L01 LOGIN ben {7}
> > > + go ahead
> > > C: <omitted>
> > > L01 NO Login failed: authentication failure
> > > Authentication failed. generic failure
> > > Security strength factor: 0
> > > select: Invalid argument
> > > failure: select
> > > Unfortunately I am new to both NIS+ and Cyrus IMAP so i may be missing
> > > something importent. I have a few ideas what might be wrong but if
> > > anyone out there has seen this problem let me know!
> > >
> > >
> > > Thanks a bunch!
> > > Benjamin
> > >
> > > Benjamin Bacon
> > > Senior Unix Administrator
> > > Omnipod
> > > 440 9th Ave. 8th Floor
> > > New York, NY 10001
> > > (212)404-3021
--
Darin Perusich
Unix Administrator
Cognigen Corp.
[EMAIL PROTECTED]
