Koenraad Lelong wrote:
Hi, I'm trying to setup sasl with my postfix-server, running Suse10.1. I have a virtual domain stored in MySql. The usernames are the e-mail addresses of the users : user@ace-electronics.be In /usr/lib/sasl2/smtpd.conf I have : pwcheck_method: saslauthd -a pam -n
pwcheck_method: saslauthd The rest belongs in /etc/sysconfig/saslauthd
mech_list: plain login
In /etc/pam.d/smtp I have : auth required pam_mysql.so user=postfixuser passwd=secret db=postfixdb table=usertable usercolumn=username passwordcolumn=password crypt=1
If I try testsaslauthd -s smtp -u 'k.lelong@ace-electronics.be' -p 'password'
testsaslauthd -s smtpd -u k.lelong -r ace-electronics.be -p password
it fails. If I put verbosity on in /etc/pam.d/smtp, I see that pam_mysql authenticates, but pam itself seems to fail. In messages I get : Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - SELECT password FROM mailbox WHERE username = 'k.lelong@ace-electronics.be' Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_mysql_sql_log() called. Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_mysql_sql_log() returning 0. Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_mysql_check_passwd() returning 0. Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_sm_authenticate() returning 0. Oct 24 17:13:16 lace1 saslauthd[4145]: pam_warn(smtp:account): function=[pam_sm_acct_mgmt] service=[smtp] terminal=[<unknown>] user=[k.lelong@ace-electronics.be] ruser=[<unknown>] rhost=[<unknown>] Oct 24 17:13:16 lace1 saslauthd[4145]: DEBUG: auth_pam: pam_acct_mgmt failed: Authentication failure Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_mysql_release_ctx() called. Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_mysql_destroy_ctx() called. Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_mysql_close_db() called. Oct 24 17:13:16 lace1 saslauthd[4145]: do_auth : auth failure: [user=k.lelong@ace-electronics.be] [service=smtp] [realm=] [mech=pam] [reason=PAM acct error]
You need to start saslauthd with the additional option -r for the realm, then also set the realm in your postfix config. For a test: rcsaslauthd stop /usr/sbin/saslauthd -r -a pam main.cf: # sasl realm smtpd_sasl_local_domain = ace-electronics.be execute "postfix reload" and test again.
Any suggestions to solve this ?
If I try telnet smtp 25 auth plain <mimencoded username and password> it fails but in the mysql-log I see only k.lelong as the username, the domain name disappeared. In main.cf I have : smtpd_sasl_local_domain = postconf -n has no smtpd_sasl_local_domain. How can I recover the domainname ?
See above. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com