Thanks for the detailed information aboute to use AUTH LOGIN, but I now found
out, whats the problem is.
Here we go:
For SMTP authentication don't use /usr/lib/sasl2/smtpd.conf
NOTE:
YOU HAVE TO USE /etc/sasl2/smtpd.conf and insert the following line:
Code:
pwcheck_method:saslauthd
Restart the needed deamons
Code:
/etc/init.d/postfix restart
/etc/init.d/saslauthd restart
/etc/init.d/cyrus restart
Now it will works. Fine
Thx,
Benjamin
> Hello,
>
> Domain server.linux-world.site
> Accountuser: 10001
> Passwort: test
>
> ###########################
> In 64-bit-based-code this should be MTAwMDEAMTAwMDEAdGVzdA==
>
> [EMAIL PROTECTED] benjamin # printf 'MTAwMDEAMTAwMDEAdGVzdA==' | mimencode -u
> ;
> echo
> 1000110001test
> [EMAIL PROTECTED] benjamin #
> ###########################
>
>
>
> Here some detailed login debugging:
> [EMAIL PROTECTED] sasl2 # testsaslauthd -u 10001 -p test -s smtp
> 0: OK "Success."
> [EMAIL PROTECTED] sasl2 #
>
> Log:
> Feb 16 13:17:29 server saslauthd[8527]: rel_accept_lock : released accept
> lock
> Feb 16 13:17:29 server saslauthd[8528]: get_accept_lock : acquired accept
> lock
> Feb 16 13:17:29 server saslauthd[8527]: insert into log (msg, user, host,
> pid, time) values('AUTH SUCCESSFUL', '10001', '', '8527', NOW())
> Feb 16 13:17:29 server saslauthd[8527]: do_auth : auth success:
> [user=10001] [service=smtp] [realm=] [mech=pam]
> Feb 16 13:17:29 server saslauthd[8527]: do_request : response: OK
>
>
>
> [EMAIL PROTECTED] sasl2 # testsaslauthd -u 10001 -p test -s imap
> 0: OK "Success."
> [EMAIL PROTECTED] sasl2 #
>
> Log:
> Feb 16 13:18:08 server saslauthd[8528]: rel_accept_lock : released accept
> lock
> Feb 16 13:18:08 server saslauthd[8529]: get_accept_lock : acquired accept
> lock
> Feb 16 13:18:08 server saslauthd[8528]: insert into log (msg, user, host,
> pid, time) values('AUTH SUCCESSFUL', '10001', '', '8528', NOW())
> Feb 16 13:18:08 server saslauthd[8528]: do_auth : auth success:
> [user=10001] [service=imap] [realm=] [mech=pam]
> Feb 16 13:18:08 server saslauthd[8528]: do_request : response: OK
>
>
>
> If I now use a mail-client, or get direct on the server, using telnet and
> try to authenticate myself with the 64-bit-based code
> “MTAwMDEAMTAwMDEAdGVzdA==” I get no always an failed login.
>
> My /usr/lib/sasl2/smtpd.conf have the following include:
> pwcheck_method: saslauthd
>
> My /etc/pam.d/smtp & pop & imap sieve have the following include:
> auth sufficient pam_mysql.so user=mailadmin passwd=geheim host=localhost
> db=mail table=accountuser usercolumn=username passwd$
>
> account required pam_mysql.so user=mailadmin passwd=geheim host=localhost
> db=mail table=accountuser usercolumn=username passw$
>
>
> Ok, now I try to connect using telnet:
>
> [EMAIL PROTECTED] sasl2 # telnet localhost 25
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 220 server.linux-world.site ESMTP Postfix
> ehlo bla
> 250-server.linux-world.site
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM
> 250-AUTH=CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM
> 250 8BITMIME
> AUTH PLAIN MTAwMDEAMTAwMDEAdGVzdA==
> 535 Error: authentication failed
>
>
>
> Log (telnet session and authentication error):
> Feb 16 13:26:34 server postfix/smtpd[8833]: < localhost[127.0.0.1]: ehlo
> bla
> Feb 16 13:26:34 server postfix/smtpd[8833]: > localhost[127.0.0.1]:
> 250-server.linux-world.site
> Feb 16 13:26:34 server postfix/smtpd[8833]: > localhost[127.0.0.1]:
> 250-PIPELINING
> Feb 16 13:26:34 server postfix/smtpd[8833]: > localhost[127.0.0.1]: 250-SIZE
> 10240000
> Feb 16 13:26:34 server postfix/smtpd[8833]: > localhost[127.0.0.1]:
> 250-VRFY
> Feb 16 13:26:34 server postfix/smtpd[8833]: > localhost[127.0.0.1]:
> 250-ETRN
> Feb 16 13:26:34 server postfix/smtpd[8833]: > localhost[127.0.0.1]: 250-AUTH
> CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM
> Feb 16 13:26:34 server postfix/smtpd[8833]: > localhost[127.0.0.1]:
> 250-AUTH=CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM
> Feb 16 13:26:34 server postfix/smtpd[8833]: match_list_match: localhost: no
> match
> Feb 16 13:26:34 server postfix/smtpd[8833]: match_list_match: 127.0.0.1: no
> match
> Feb 16 13:26:34 server postfix/smtpd[8833]: > localhost[127.0.0.1]: 250
> 8BITMIME
> Feb 16 13:26:34 server postfix/smtpd[8833]: watchdog_pat: 0x80a9b78
> Feb 16 13:26:53 server postfix/smtpd[8833]: < localhost[127.0.0.1]: AUTH
> PLAIN MTAwMDEAMTAwMDEAdGVzdA==
> Feb 16 13:26:53 server postfix/smtpd[8833]: smtpd_sasl_authenticate:
> sasl_method PLAIN, init_response MTAwMDEAMTAwMDEAdGVzdA==
> Feb 16 13:26:53 server postfix/smtpd[8833]: smtpd_sasl_authenticate: decoded
> initial response 10001
> Feb 16 13:26:53 server postfix/smtpd[8833]: warning: SASL authentication
> failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=3
> Feb 16 13:26:53 server postfix/smtpd[8833]: warning: SASL authentication
> failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=3
> Feb 16 13:26:53 server postfix/smtpd[8833]: warning: SASL authentication
> failure: Password verification failed
> Feb 16 13:26:53 server postfix/smtpd[8833]: warning: localhost[127.0.0.1]:
> SASL PLAIN authentication failed
> Feb 16 13:26:53 server postfix/smtpd[8833]: > localhost[127.0.0.1]: 535
> Error: authentication failed
> Feb 16 13:26:53 server postfix/smtpd[8833]: watchdog_pat: 0x80a9b78
>
>
>
> Any suggestion how to solve this issue? Should I post some more information
> for debug – what does you need?
>
>
> Thanks,
> Benjamin
>
>
>
>
>
> > [EMAIL PROTECTED] wrote:
> > > Feb 15 10:49:24 server postfix/smtpd[23837]: sql_select option missing
> > [...]
> > > sql_select: select password from accountuser where username='[EMAIL
> > > PROTECTED]'
> >
> > I guess your config line is somehow wrong. :)
> >
> > > But I get always the same errors. It doesn’t work. Could you help.
> > > Should I give you more information – what does you need?
> >
> > I don't have experience with mysql auth, I use sasldb2. I think reading
> > details on the sql auxprop plugin and the sql_engine mysql may reveal
> > how this string is supposed to be, or googling after other howtos may be
> > a first step.
> >
> > > P.S:
> > > Saslauth works:
> > >
> > > [EMAIL PROTECTED] sasl2 # testsaslauthd -u 10001 -p test
> > > 0: OK "Success."
> > > [EMAIL PROTECTED] sasl2 #
> >
> > I may be wrong, but it then should work with the first version with
> > pwcheck_method: saslauthd or at least give different log output.
> >
> > Yours, Uwe
> >
> > --
> > Uwe Menges, PGP Key ID 0x29F2841F
> > Encrypted e-mail preferred, see [http://gnupg.org] or [http://pgpi.org]
> > ---
> > Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> >
>
> Arcor-DSL: die echte Flatrate für alle Bandbreiten. Jetzt ohne
> Einrichtungspreis
> einsteigen oder wechseln. Arcor-DSL ist in vielen Anschlussgebieten
> verfügbar.
> http://www.arcor.de/home/redir.php/emf-dsl-1
>
Arcor-DSL: die echte Flatrate für alle Bandbreiten. Jetzt ohne Einrichtungspreis
einsteigen oder wechseln. Arcor-DSL ist in vielen Anschlussgebieten verfügbar.
http://www.arcor.de/home/redir.php/emf-dsl-1
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
