Another sasl & postfix
Hi, I'm trying to setup sasl with my postfix-server, running Suse10.1. I have a virtual domain stored in MySql. The usernames are the e-mail addresses of the users : user@ace-electronics.be In /usr/lib/sasl2/smtpd.conf I have : pwcheck_method: saslauthd -a pam -n mech_list: plain login In /etc/pam.d/smtp I have : auth required pam_mysql.so user=postfixuser passwd=secret db=postfixdb table=usertable usercolumn=username passwordcolumn=password crypt=1 If I try testsaslauthd -s smtp -u 'k.lelong@ace-electronics.be' -p 'password' it fails. If I put verbosity on in /etc/pam.d/smtp, I see that pam_mysql authenticates, but pam itself seems to fail. In messages I get : Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - SELECT password FROM mailbox WHERE username = 'k.lelong@ace-electronics.be' Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_mysql_sql_log() called. Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_mysql_sql_log() returning 0. Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_mysql_check_passwd() returning 0. Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_sm_authenticate() returning 0. Oct 24 17:13:16 lace1 saslauthd[4145]: pam_warn(smtp:account): function=[pam_sm_acct_mgmt] service=[smtp] terminal=[<unknown>] user=[k.lelong@ace-electronics.be] ruser=[<unknown>] rhost=[<unknown>] Oct 24 17:13:16 lace1 saslauthd[4145]: DEBUG: auth_pam: pam_acct_mgmt failed: Authentication failure Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_mysql_release_ctx() called. Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_mysql_destroy_ctx() called. Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_mysql_close_db() called. Oct 24 17:13:16 lace1 saslauthd[4145]: do_auth : auth failure: [user=k.lelong@ace-electronics.be] [service=smtp] [realm=] [mech=pam] [reason=PAM acct error] Any suggestions to solve this ? If I try telnet smtp 25 auth plain <mimencoded username and password> it fails but in the mysql-log I see only k.lelong as the username, the domain name disappeared. In main.cf I have : smtpd_sasl_local_domain = postconf -n has no smtpd_sasl_local_domain. How can I recover the domainname ? Any help much appreciated. -- Met vriendelijke groeten, Koenraad Lelong R&D Manager ACE electronics n.v.
Koenraad Lelong wrote:
Hi, I'm trying to setup sasl with my postfix-server, running Suse10.1. I have a virtual domain stored in MySql. The usernames are the e-mail addresses of the users : user@ace-electronics.be In /usr/lib/sasl2/smtpd.conf I have : pwcheck_method: saslauthd -a pam -n
pwcheck_method: saslauthd The rest belongs in /etc/sysconfig/saslauthd
mech_list: plain login
In /etc/pam.d/smtp I have : auth required pam_mysql.so user=postfixuser passwd=secret db=postfixdb table=usertable usercolumn=username passwordcolumn=password crypt=1
If I try testsaslauthd -s smtp -u 'k.lelong@ace-electronics.be' -p 'password'
testsaslauthd -s smtpd -u k.lelong -r ace-electronics.be -p password
it fails. If I put verbosity on in /etc/pam.d/smtp, I see that pam_mysql authenticates, but pam itself seems to fail. In messages I get : Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - SELECT password FROM mailbox WHERE username = 'k.lelong@ace-electronics.be' Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_mysql_sql_log() called. Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_mysql_sql_log() returning 0. Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_mysql_check_passwd() returning 0. Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_sm_authenticate() returning 0. Oct 24 17:13:16 lace1 saslauthd[4145]: pam_warn(smtp:account): function=[pam_sm_acct_mgmt] service=[smtp] terminal=[<unknown>] user=[k.lelong@ace-electronics.be] ruser=[<unknown>] rhost=[<unknown>] Oct 24 17:13:16 lace1 saslauthd[4145]: DEBUG: auth_pam: pam_acct_mgmt failed: Authentication failure Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_mysql_release_ctx() called. Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_mysql_destroy_ctx() called. Oct 24 17:13:16 lace1 saslauthd[4145]: pam_mysql - pam_mysql_close_db() called. Oct 24 17:13:16 lace1 saslauthd[4145]: do_auth : auth failure: [user=k.lelong@ace-electronics.be] [service=smtp] [realm=] [mech=pam] [reason=PAM acct error]
You need to start saslauthd with the additional option -r for the realm, then also set the realm in your postfix config. For a test: rcsaslauthd stop /usr/sbin/saslauthd -r -a pam main.cf: # sasl realm smtpd_sasl_local_domain = ace-electronics.be execute "postfix reload" and test again.
Any suggestions to solve this ?
If I try telnet smtp 25 auth plain <mimencoded username and password> it fails but in the mysql-log I see only k.lelong as the username, the domain name disappeared. In main.cf I have : smtpd_sasl_local_domain = postconf -n has no smtpd_sasl_local_domain. How can I recover the domainname ?
See above. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
Sandy Drobic schreef:
Koenraad Lelong wrote:
Hi, I'm trying to setup sasl with my postfix-server, running Suse10.1. I have a virtual domain stored in MySql. The usernames are the e-mail addresses of the users : user@ace-electronics.be In /usr/lib/sasl2/smtpd.conf I have : pwcheck_method: saslauthd -a pam -n
pwcheck_method: saslauthd
The rest belongs in /etc/sysconfig/saslauthd
Oct 24 17:13:16 lace1 saslauthd[4145]: pam_warn(smtp:account): function=[pam_sm_acct_mgmt] service=[smtp] terminal=[<unknown>] ... [user=k.lelong@ace-electronics.be] [service=smtp] [realm=] [mech=pam] [reason=PAM acct error] Reading those lines again made me think : acct=account. Searching the
Could you clarify this ? I made : SASLAUTHD_AUTHMECH=pam -r but starting with rcsaslauthd start gives an error : line 9: -r: command not found. 'ps ax | grep saslauth' gives 'saslauthd -a pam'. ... pam_mysql archives I found someone who used an 'account required ...' line in a pam-file in /etc/pam.d I added account required pam_permit.so to /etc/pam.d/smtp, then my testsaslauth works. Any toughts about seurity ?
You need to start saslauthd with the additional option -r for the realm, then also set the realm in your postfix config.
AFAIK the realm does not need to be set in postfix. I don't want it either, because I have multiple domains on that server.
For a test: rcsaslauthd stop /usr/sbin/saslauthd -r -a pam
Like I said, this works fine, but how do I start it automatically, if not in /usr/lib/sasl2/smtpd.conf ? Thanks for your help, maybe I will need you again, for TLS. I have a problem with that too. But first I will google a little more. If needed I'll start a new thread. -- Met vriendelijke groeten, Koenraad Lelong R&D Manager ACE electronics n.v.
Sandy Drobic schreef:
Koenraad Lelong wrote:
Hi, I'm trying to setup sasl with my postfix-server, running Suse10.1. I have a virtual domain stored in MySql. The usernames are the e-mail addresses of the users : user@ace-electronics.be In /usr/lib/sasl2/smtpd.conf I have : pwcheck_method: saslauthd -a pam -n
pwcheck_method: saslauthd
The rest belongs in /etc/sysconfig/saslauthd
Could you clarify this ? I made : SASLAUTHD_AUTHMECH=pam -r but starting with rcsaslauthd start gives an error : line 9: -r: command not found. 'ps ax | grep saslauth' gives 'saslauthd -a pam'. ... Now I wrote : SASLAUTHD_AUTHMECH='pam -r'
Koenraad Lelong schreef: this seems to work. -- Met vriendelijke groeten, Koenraad Lelong R&D Manager ACE electronics n.v.
participants (2)
-
Koenraad Lelong -
Sandy Drobic