|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Postfix + SASL2 has some authentication errors...almost there...please help
From: Andreas Winkelmann (ml
awinkelmann.de)
Date: Tue Nov 25 2003 - 14:54:55 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am Dienstag, 25. November 2003 21:32 schrieb Jimmy Mensinger:
> I am very sorry about that, I started a new thread, I was not aware that I
> was corrupting an existing one.
> I realize that I have a lot of mechanisms enabled right now I will probably
> diasble smb-nt, lan-manager, otp at least.
Yes, that's better. If a client sees one of them and selects it, the
authentication will fail.
> Does setting the application name in saslpasswd2 really make a difference?
> Some tutorials I read had it, others didn't. So I included it just for
> completeness.
sasl does a select on the database with all informations, username, realm and
applicationname. If there is no entry matching to *all* of them, it gives you
"no user in db". Hmm, if you doesn't need the applicationname, it is best to
forget it. Create the user without "-a ...".
> I added the mech_list you suggested, but got the same result. I did a
> postfix reload but I'm not sure that was necessary.
Then your path to the smtpd.conf seems not to be correct.
> The S in:
> Smtpd_sasl_local_domain =
> Is lowercase, its this stupid microsoft email program that keeps
> capitalizing everything on me!!!!
>
> I can change the sasldb2 in /etc/ to be owned by postfix if you think that
> would help, before deployment I set it to 777 to insure that postfix could
> read it and that wasn't the problem. I will change this setting to see
> what happens.
>
> I should include exactly how I am adding my users so that you can see,
> another person replied that I should use an easier name:
> saslpasswd2 -c -u stmarkshs.net -a smtpauth jimmym
Please without "-a smtpauth".
> Then when I telnet into localhost smtp and do a
> AUTH PLAIN ...i paste in the result of:
> Perl -MMIME::Base64 -e 'print
>
> encode_base64("jimmymstmarkshs.net\0jimmymstmarkshs.net\0testpassword");'
>
> I still get the error, I have tried replacing jimmymstmarkshs.net with
> simply jimmy, still no luck.
If you change something on the one side, you have to do it on the other, too.
If you try only "jimmym" as username, you have to set
"smtpd_sasl_local_domain" with the domain-part ("stmarkshs.net").
Check the mime-encoded string with "hex" if it is correct. Or maybe better to
test it with an MUA.
> Is there anywhere where I can increase the log level of postfix or sasl ??
> I checked postfix's files and saw a peer logging setting, but was not sure
> that was what I wanted.
Add a "-v" behind the smtpd in master.cf.
smtp ..... smtpd -v
Or more "v"s to increase the Postfix-Debug-Level. "-vvvv"...
> Also, do you think that the "no user in db" means that there are no users
> at all, or that it could not find a user that matched the credentials I
> supplied in the base64 message?
See above. ... and check above the errors in your log, if there are other
errors depending on sasl.
And another problem with sasldb is a possible chroot-jail. Switch it off for
smtp in master.cf. Or you have to sync your sasldb with the one in /var/
spool/postfix/etc/...
--
Andreas
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]