postfix, debian sasl and pam

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

postfix, debian sasl and pam

Michael Schwartzkopff
Hi,

I am quite despaired already. I am trying to install postfix with cyrus
saslauthd authenticating against pam. I installed evenything as described in
various howtos in the internet.

Now my setup gives my a problem while testing. I cannot authenticate a normal
user, but root can. I seems to be quite wired.

On the server I run:
saslauthd -a pam -d -m /var/spool/postfix/var/run/saslauthd

From my client I telnet to the server on port 25:
220 mail ESMTP Postfix (Debian/GNU)
ehlo sdfsdf
250-mail
250-PIPELINING
250-SIZE 51200000
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN xxxx
535 5.7.0 Error: authentication failed: authentication failure

saslauthd gives me:
saslauthd[1452] :do_auth         : auth failure: [user=misch] [service=smtp]
[realm=] [mech=pam] [reason=PAM auth error]

When I do the same with root as the user eveything works fine and saslauthd
says:
saslauthd[1466] :do_auth         : auth success: [user=root] [service=smtp]
[realm=] [mech=pam]

When I testsaslauthd I succeeds always:
testsaslauthd -u xxxx -p xxxx -f /var/spool/postfix/var/run/saslauthd/mux
testsaslauthd -u xxxx -p xxxx -s
smtp -f /var/spool/postfix/var/run/saslauthd/mux

always gives:
0: OK "Success"
if I enter the correct password.

I really tried to google for that error but no good answer. Any help here on
that list?

---
Setup:
debian etch
-
/etc/postfix/main.conf
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_path = smtpd

/etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
log_level: 3
mech_list: plain login

Any idea? Thanks for any help.


--
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany
Tel: +49 - 89 - 45 69 11 0
Fax: +49 - 89 - 45 69 11 21
mob: +49 - 174 - 343 28 75

mail: [hidden email]
web: www.multinet.de

Sitz der Gesellschaft: 85630 Grasbrunn
Registergericht: Amtsgericht München HRB 114375
Geschäftsführer: Günter Jurgeneit, Hubert Martens

---

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
Reply | Threaded
Open this post in threaded view
|

Re: postfix, debian sasl and pam

Scott Kitterman-4
On Wed, 16 Jul 2008 14:57:18 +0200 Michael Schwartzkopff
<[hidden email]> wrote:
>Hi,
>
>I am quite despaired already. I am trying to install postfix with cyrus
>saslauthd authenticating against pam. I installed evenything as described
in
>various howtos in the internet.
>
>Now my setup gives my a problem while testing. I cannot authenticate a
normal
>user, but root can. I seems to be quite wired.
>
>On the server I run:
saslauthd -a pam -d -m /var/spool/postfix/var/run/saslauthd

>
>From my client I telnet to the server on port 25:
>220 mail ESMTP Postfix (Debian/GNU)
>ehlo sdfsdf
>250-mail
>250-PIPELINING
>250-SIZE 51200000
>250-ETRN
>250-STARTTLS
>250-AUTH LOGIN PLAIN
>250-AUTH=LOGIN PLAIN
>250-ENHANCEDSTATUSCODES
>250-8BITMIME
>250 DSN
>AUTH PLAIN xxxx
>535 5.7.0 Error: authentication failed: authentication failure
>
>saslauthd gives me:
>saslauthd[1452] :do_auth         : auth failure: [user=misch]
[service=smtp]
>[realm=] [mech=pam] [reason=PAM auth error]
>
>When I do the same with root as the user eveything works fine and
saslauthd
>says:
>saslauthd[1466] :do_auth         : auth success: [user=root]
[service=smtp]

>[realm=] [mech=pam]
>
>When I testsaslauthd I succeeds always:
>testsaslauthd -u xxxx -p xxxx -f /var/spool/postfix/var/run/saslauthd/mux
>testsaslauthd -u xxxx -p xxxx -s
>smtp -f /var/spool/postfix/var/run/saslauthd/mux
>
>always gives:
>0: OK "Success"
>if I enter the correct password.
>
>I really tried to google for that error but no good answer. Any help here
on

>that list?
>
>---
>Setup:
>debian etch
>-
>/etc/postfix/main.conf
>smtpd_sasl_auth_enable = yes
>smtpd_sasl_security_options = noanonymous
>broken_sasl_auth_clients = yes
>smtpd_sasl_path = smtpd
>
>/etc/postfix/sasl/smtpd.conf
>pwcheck_method: saslauthd
>log_level: 3
>mech_list: plain login
>
>Any idea? Thanks for any help.

Is the user postfix in the sasl group?

Scott K
Reply | Threaded
Open this post in threaded view
|

Re: postfix, debian sasl and pam

Michael Schwartzkopff
Am Mittwoch, 16. Juli 2008 15:06 schrieb Scott Kitterman:

> On Wed, 16 Jul 2008 14:57:18 +0200 Michael Schwartzkopff
>
> <[hidden email]> wrote:
> >Hi,
> >
> >I am quite despaired already. I am trying to install postfix with cyrus
> >saslauthd authenticating against pam. I installed evenything as described
>
> in
>
> >various howtos in the internet.
> >
> >Now my setup gives my a problem while testing. I cannot authenticate a
>
> normal
>
> >user, but root can. I seems to be quite wired.
> >
> >On the server I run:
>
> saslauthd -a pam -d -m /var/spool/postfix/var/run/saslauthd
>
> >From my client I telnet to the server on port 25:
> >220 mail ESMTP Postfix (Debian/GNU)
> >ehlo sdfsdf
> >250-mail
> >250-PIPELINING
> >250-SIZE 51200000
> >250-ETRN
> >250-STARTTLS
> >250-AUTH LOGIN PLAIN
> >250-AUTH=LOGIN PLAIN
> >250-ENHANCEDSTATUSCODES
> >250-8BITMIME
> >250 DSN
> >AUTH PLAIN xxxx
> >535 5.7.0 Error: authentication failed: authentication failure
> >
> >saslauthd gives me:
> >saslauthd[1452] :do_auth         : auth failure: [user=misch]
>
> [service=smtp]
>
> >[realm=] [mech=pam] [reason=PAM auth error]
> >
> >When I do the same with root as the user eveything works fine and
>
> saslauthd
>
> >says:
> >saslauthd[1466] :do_auth         : auth success: [user=root]
>
> [service=smtp]
>
> >[realm=] [mech=pam]
> >
> >When I testsaslauthd I succeeds always:
> >testsaslauthd -u xxxx -p xxxx -f /var/spool/postfix/var/run/saslauthd/mux
> >testsaslauthd -u xxxx -p xxxx -s
> >smtp -f /var/spool/postfix/var/run/saslauthd/mux
> >
> >always gives:
> >0: OK "Success"
> >if I enter the correct password.
> >
> >I really tried to google for that error but no good answer. Any help here
>
> on
>
> >that list?
> >
> >---
> >Setup:
> >debian etch
> >-
> >/etc/postfix/main.conf
> >smtpd_sasl_auth_enable = yes
> >smtpd_sasl_security_options = noanonymous
> >broken_sasl_auth_clients = yes
> >smtpd_sasl_path = smtpd
> >
> >/etc/postfix/sasl/smtpd.conf
> >pwcheck_method: saslauthd
> >log_level: 3
> >mech_list: plain login
> >
> >Any idea? Thanks for any help.
>
> Is the user postfix in the sasl group?
>

Yes. Otherwise Authentication of root would not work.

--
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany
Tel: +49 - 89 - 45 69 11 0
Fax: +49 - 89 - 45 69 11 21
mob: +49 - 174 - 343 28 75

mail: [hidden email]
web: www.multinet.de

Sitz der Gesellschaft: 85630 Grasbrunn
Registergericht: Amtsgericht München HRB 114375
Geschäftsführer: Günter Jurgeneit, Hubert Martens

---

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
Reply | Threaded
Open this post in threaded view
|

Re: postfix, debian sasl and pam

Wietse Venema
Have you tried the trouble shooting section in SASL_README?
That's http://www.postfix.org/SASL_README.html#debugging.

Use this to talk to saslauthd through the same socket protocol as
Postfix. This provides more realistic tests than running saslauthd
by hand.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: postfix, debian sasl and pam

Michael Schwartzkopff
Am Mittwoch, 16. Juli 2008 15:47 schrieb Wietse Venema:
> Have you tried the trouble shooting section in SASL_README?
> That's http://www.postfix.org/SASL_README.html#debugging.
>
> Use this to talk to saslauthd through the same socket protocol as
> Postfix. This provides more realistic tests than running saslauthd
> by hand.
>
> Wietse

No. I have not tried this. But strange enough using a mail client (Kontact)
everything works. So let this be one of the great mysteries on the internet.

Thanks anyway.

--
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany
Tel: +49 - 89 - 45 69 11 0
Fax: +49 - 89 - 45 69 11 21
mob: +49 - 174 - 343 28 75

mail: [hidden email]
web: www.multinet.de

Sitz der Gesellschaft: 85630 Grasbrunn
Registergericht: Amtsgericht München HRB 114375
Geschäftsführer: Günter Jurgeneit, Hubert Martens

---

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42