|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
smtp auth with sasl and ldap
From: Karl Meisterheim (kmeister
the-jci.org)
Date: Tue Sep 02 2003 - 07:43:18 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello,
I'm trying to setup smpt auth in postfix using sasl to talk to my ldap
server, all on RH 8.
I've done this successfully in the past, but am now running into an
error I cannot find my way around.
When I try sending a message, after sending in the password I get this
message in maillog:
Sep 1 21:29:07 newmail postfix/smtpd[9328]: < MY.IP.ADDRESS: AUTH PLAIN
AGttZWlzdGVyAGpvaG4=
Sep 1 21:29:07 newmail postfix/smtpd[9328]: smtpd_sasl_authenticate:
sasl_method PLAIN, init_response AGttZWlzdGVyAGpvaG4=
Sep 1 21:29:07 newmail postfix/smtpd[9328]: smtpd_sasl_authenticate:
decoded initial response
Sep 1 21:29:07 newmail postfix/smtpd[9328]: pam_ldap: ldap_simple_bind
Can't contact LDAP server
Sep 1 21:29:10 newmail smtpd[9328]: warning: MY.IP.ADDRESS: SASL PLAIN
authentication failed
Sep 1 21:29:10 newmail smtpd[9328]: > MY.IP.ADDRESS: 535 Error:
authentication failed
Here's what's in /var/log/messages
Sep 1 21:29:07 newmail smtp(pam_unix)[9328]: authentication failure;
logname= uid=89 euid=89 tty= ruser= rhost= user=USERNAME
LDAP seems to be working fine. I can search it using ldapsearch, and
cyrus-imap is using it correctly. Also, postfix is using ldap correctly
for translating aliases, so it seems it is just sasl that is having a
problem connecting with the ldap server.
I've tried packet sniffing while trying to send an email and I cannot
see anything obvious.
The ldap log contains no information, even when running slapd from the
command line I get no output during this connection.
Postfix is not running chrooted. Again, I've had this same exact setup
workign correctly on a different machine (same exact software) about a
month ago and now am quite stuck.
Thanks,
Here's my config info:
postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases ldap:email-ldap
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
inet_interfaces = all
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, newmail.$mydomain
mydomain = MY.DOMAIN.NAME
myhostname = MY.HOST.NAME
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-1.1.11/README_FILES
sample_directory = /usr/share/doc/postfix-1.1.11/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_sasl_auth_enable = yes
/etc/pam.d/smtp
auth sufficient /lib/security/pam_ldap.so debug
auth required /lib/security/pam_unix_auth.so try_first_pass debug
account sufficient /lib/security/pam_ldap.so debug
account required /lib/security/pam_unix_acct.so debug
/usr/lib/sasl/smtp
pwcheck_method: pam
/etc/ldap.conf
host MY.DOMAIN.NAME
base ou=People,dc=the-jci,dc=org
uri ldaps://MY.DOMAIN.NAME/
rootbinddn cn=MYADMIN,dc=the-jci,dc=org
pam_password exop
ssl start_tls
ssl on
tls_ciphers TLSv1
tls_cert /etc/openldap/slapd.pem
tls_key /etc/openldap/slapd.pem
saslauthd -v
saslauthd 2.1.10
authentication mechanisms: getpwent kerberos5 pam rimap shadow
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]