> Simon,
> Thanks for the reply. After further experimenting ...
>
> I changed admin user, cyrus, in my LDAP database to an entry exactly like
> the one which allows me to auth. Still failed as before.
> I tried the non-problematic(but not an admin in imapd.conf) user, shelley,
> using cyradm, and I could auth. This led me to believe that the username
> cyrus was a problem. The rpm creates user cyrus and group cyrus in the
> /etc/{passwd,group} files. I changed imapd.conf to have a different admin
> name and created an ldap entry and this worked.
>
> I am using sasl_pwcheck_method: saslauthd and saslauthd -ldap, so why
> does it matter that user cyrus is in the passwd file?
Sorry, I have no idea what's going on here.
>
> Also, I added method LOGIN because this was necessary for Outlook to
> do SMTP auth on my old server.
>
> My imapd.conf has the imap/sieve directory structure modified to look
> like that of my old server. I understood this to be necessary in order
> to painlessly migrate mailboxes. True?
You could also move the directories to the new locations. I have never
tested whether my scripts in the rpm work with other directories - seems
they do, right?
Simon
>
> thanks
> Shelley
>
>
> On Mon, 23 Feb 2004, Simon Matter wrote:
>
> Hi,
>
> Make this 'sasl_mech_list: PLAIN' in imapd.conf, it's what you want.
>
> Then, check your LDAP tree. You told us that you can authenticate as
> another user but not as cyrus, so I'm quite sure there is a significant
> difference between those users in your tree.
>
> And then, you said that you are using my cyrus-imapd rpms but your
> imapd.conf tells me that you don't? How comes? Are you really sure
> which
> config you are running?
>
> Simon
>
> > more helpful information ...
> > I added allowplaintextlogins: 1 to impad.conf ...
> >
> > [EMAIL PROTECTED] etc]# cyradm --user cyrus --auth login localhost
> > IMAP Password:
> >
> > Login failed: authentication failure at
> > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm
> > line 118
> > cyradm: cannot authenticate to server with login as cyrus
> >
> > [EMAIL PROTECTED] etc]# tail /var/log/maillog
> > Feb 23 13:51:52 chipmunk master[22140]: about to exec
> > /usr/lib/cyrus-imapd/imapd
> > Feb 23 13:51:52 chipmunk master[22141]: about to exec
> > /usr/lib/cyrus-imapd/pop3d
> > Feb 23 13:51:52 chipmunk imap[22140]: executed
> > Feb 23 13:51:52 chipmunk imap[22139]: executed
> > Feb 23 13:51:52 chipmunk pop3[22141]: executed
> > Feb 23 13:51:52 chipmunk imap[22138]: executed
> > Feb 23 13:51:57 chipmunk imap[22131]: accepted connection
> > Feb 23 13:51:57 chipmunk master[22143]: about to exec
> > /usr/lib/cyrus-imapd/imapd
> > Feb 23 13:51:57 chipmunk imap[22143]: executed
> > Feb 23 13:52:04 chipmunk imap[22131]: badlogin: localhost.localdomain
> > [127.0.0.1] plaintext cyrus SASL(-13): authentication failure:
> checkpass
> > failed
> >
> >
> > [EMAIL PROTECTED] etc]# cyradm --user cyrus --auth plain localhost
> > Password:
> > IMAP Password:
> >
> > Login failed: authentication failure at
> > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm
> > line 118
> > cyradm: cannot authenticate to server with plain as cyrus
> > [EMAIL PROTECTED] etc]# tail /var/log/maillog
> > Feb 23 13:51:57 chipmunk imap[22131]: accepted connection
> > Feb 23 13:51:57 chipmunk master[22143]: about to exec
> > /usr/lib/cyrus-imapd/imapd
> > Feb 23 13:51:57 chipmunk imap[22143]: executed
> > Feb 23 13:52:04 chipmunk imap[22131]: badlogin: localhost.localdomain
> > [127.0.0.1] plaintext cyrus SASL(-13): authentication failure:
> checkpass
> > failed
> > Feb 23 13:52:56 chipmunk imap[22136]: accepted connection
> > Feb 23 13:53:01 chipmunk imap[22136]: badlogin: localhost.localdomain
> > [127.0.0.1] PLAIN [SASL(-4): no mechanism available: security flags
> do not
> > match required]
> > Feb 23 13:53:07 chipmunk master[22121]: process 22131 exited, status
> 0
> > Feb 23 13:53:07 chipmunk master[22153]: about to exec
> > /usr/lib/cyrus-imapd/imapd
> > Feb 23 13:53:07 chipmunk imap[22153]: executed
> > Feb 23 13:53:10 chipmunk imap[22136]: badlogin: localhost.localdomain
> > [127.0.0.1] plaintext cyrus SASL(-13): authentication failure:
> checkpass
> > failed
> >
> >
> > I have looked at similiar threads regarding this issue on this list.
> > It bounces back and forth bewtween config error and bug. The issue
> > has never been answered definitively - is ths a config error or a
> bug?
> > If I need to go back to a different version please let me know which
> one.
> > If it is a config error ??? what ???
> >
> > thanks
> > Shelley Waltz
> >
> >
> > On Mon, 23 Feb 2004, Shelley Waltz wrote:
> >
> > I cannot get the cyrus user to authenticate using either
> > imtest or cyradm. I can authenticate all other normal
> > users using imtest.
> >
> > I am using Simon's rpms for sasl and imap on RHES3.
> > cyrus-sasl-2.1.17-2
> > cyrus-imapd-2.2.3-4
> > openldap-2.0.27-11
> >
> > I am using LDAP authentication using saslauthd -ldap.
> > The cyrus user in in the LDAP database as simpleSecurityObject
> > which has uid and userPassword attributes. The password
> > has been entered as clear,crypt and md5 and none work.
> >
> > Here are the outputs and config files ...
> >
> > user shelley ... an imap user works ...
> > [EMAIL PROTECTED] text]# imtest -t "" -a shelley localhost
> > S: * OK chipmunk.cabm.rutgers.edu Cyrus IMAP4
> v2.2.3-Invoca-RPM-2.2.3-4
> > server ready
> > C: C01 CAPABILITY
> > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+
> MAILBOX-REFERRALS
> > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN
> MULTIAPPEND
> > BINARY
> > SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
> STARTTLS
> > LISTEXT LIST-SUBSCRIBED X-NETSCAPE
> > S: C01 OK Completed
> > C: S01 STARTTLS
> > S: S01 OK Begin TLS negotiation now
> > verify error:num=18:self signed certificate
> > TLS connection established: TLSv1 with cipher AES256-SHA (256/256
> bits)
> > C: C01 CAPABILITY
> > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+
> MAILBOX-REFERRALS
> > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN
> MULTIAPPEND
> > BINARY
> > SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
> > AUTH=PLAIN
> > AUTH=LOGIN SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
> > S: C01 OK Completed
> > Please enter your password:
> > C: A01 AUTHENTICATE PLAIN c2hlbGxleQBzaGVsbGV5AGxvbi8vbGF0
> > S: A01 OK Success (tls protection)
> > Authenticated.
> > Security strength factor: 256
> > C: Q01 LOGOUT
> > Connection closed.
> >
> >
> > user cyrus does not ...
> >
> > [EMAIL PROTECTED] text]# imtest -t "" -a cyrus localhost
> > S: * OK chipmunk.cabm.rutgers.edu Cyrus IMAP4
> v2.2.3-Invoca-RPM-2.2.3-4
> > server ready
> > C: C01 CAPABILITY
> > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+
> MAILBOX-REFERRALS
> > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN
> MULTIAPPEND
> > BINARY
> > SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
> STARTTLS
> > LISTEXT LIST-SUBSCRIBED X-NETSCAPE
> > S: C01 OK Completed
> > C: S01 STARTTLS
> > S: S01 OK Begin TLS negotiation now
> > verify error:num=18:self signed certificate
> > TLS connection established: TLSv1 with cipher AES256-SHA (256/256
> bits)
> > C: C01 CAPABILITY
> > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+
> MAILBOX-REFERRALS
> > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN
> MULTIAPPEND
> > BINARY
> > SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
> > AUTH=PLAIN
> > AUTH=LOGIN SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
> > S: C01 OK Completed
> > Please enter your password:
> > C: A01 AUTHENTICATE PLAIN Y3lydXMAY3lydXMAbnV0c0BjYWJt
> > S: A01 NO authentication failure
> > Authentication failed. generic failure
> > Security strength factor: 256
> >
> > Feb 23 11:53:50 chipmunk saslauthd[21680]: do_auth : auth
> > failure:
> > [user=cyrus] [service=imap] [realm=] [mech=ldap] [reason=Unknown]
> > Feb 23 11:53:50 chipmunk imap[21637]: Password verification failed
> >
> >
> > [EMAIL PROTECTED] text]# cyradm -u cyrus -a plain localhost
> > Password:
> > IMAP Password:
> >
> > Login failed: authentication failure at
> > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm
> > line 118
> > cyradm: cannot authenticate to server with plain as cyrus
> >
> > Feb 23 11:54:48 chipmunk perl: No worthy mechs found
> > Feb 23 11:54:52 chipmunk saslauthd[21681]: do_auth : auth
> > failure:
> > [user=cyrus] [service=imap] [realm=] [mech=ldap] [reason=Unknown]
> >
> > I am confused here - why does it ask twice for a
> password????????????
> >
> >
> > [EMAIL PROTECTED] etc]# more saslauthd.conf
> > ldap_servers: ldap://localhost/
> > ldap_search_base: dc=cabm.rutgers,dc=edu
> > ldap_bind_dn: cn=chipmunk,dc=cabm.rutgers,dc=edu
> > ldap_bind_pw: xxxxx
> > ldap_version: 3
> > ldap_timeout: 5
> > ldap_timelimit: 5
> > ldap_restart: yes
> > ldap_scope: sub
> > ldap_search_base: dc=cabm.rutgers,dc=edu
> > ldap_auth_method: bind
> > #ldap_filter: (|(uid=%u)(mail=%u)(alias=%u))
> > ldap_filter: (uid=%u)
> > ldap_debug: 9
> > ldap_verbose: 1
> > ldap_ssl: no
> >
> >
> > [EMAIL PROTECTED] etc]# more imapd.conf
> > configdirectory: /usr/cyrus/imap
> > partition-default: /usr/cyrus/spool/imap
> > admins: cyrus
> > sievedir: /usr/sieve
> > sendmail: /usr/sbin/sendmail
> > hashimapspool: true
> > sasl_pwcheck_method: saslauthd
> > sasl_mech_list: PLAIN LOGIN MD5
> > #tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
> > tls_cert_file: /usr/share/ssl/certs/server.pem
> > #tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
> > tls_key_file: /usr/share/ssl/certs/server.pem
> > #tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt
> >
> >
> > A clue as to what I am doing wrong is appreciated. I have seen
> > similar threads, but no resolution.
> > Shelley Waltz
> >
> > ---
> > Home Page: http://asg.web.cmu.edu/cyrus
> > Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> >
> >
> > ---
> > Home Page: http://asg.web.cmu.edu/cyrus
> > Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> >
>
>
>
>
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
