NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2004-07

Re: Postfix with SASL and pam_ldap

From: Andreas Winkelmann (mlawinkelmann.de)
Date: Fri Jul 30 2004 - 15:08:15 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Freitag, 30. Juli 2004 21:35 schrieb Evangelos Souglakos:

> I have a strange problem with Postfix & SASL using pam modules (pam_ldap)
>
> Postfix has installed on a FreeBSD 5.2.1 with TLS and SASL 2 support.
> Of course I use saslauthd (saslauthd -a pam)
>
> When I use this ldap.conf file
>
> =======================
> host kerberos
> base o=test,c=gr
> port 389
> ldap_version 3
> pam_check_host_attr yes
> pam_filter objectclass=posixAccount
> pam_login_attribute uid
> pam_member_attribute memberuid
> pam_template_login_attribute uid
>
> =======================
>
> Everything is OK. I get a right authentication from saslauthd
>
> BUT when i use TLS, (ldaps)
>
> port 636
> ssl start_tls

Don't use start_tls on Port 636. Only ssl.

> ssl yes

And check if the ldap-server runs on this Port with ssl enabled.

> I always get this error from saslauthd
>
> -----------
> earth postfix/smtpd[21294]: connect from ppp29.forthnet.gr [193.92.154.206]
> earth postfix/smtpd[21294]: warning: SASL authentication failure: Password
> verification failed earth postfix/smtpd[21294]: warning:
> ppp29.ath.forthnet.gr[193.92.154.206]: SASL PLAIN authentication failed
> earth postfix/smtpd[21294]: warning:
> ppp29-206.ath.forthnet.gr[193.92.154.206]: SASL LOGIN authentication failed
> -----------
> I have to say that my system works perfectly with pam_ldap (using TLS or
> not) All the other services. (pop3, imap, ftp, openssh ) works perfectly.
>
> I use pam_ldap-1.6.5, nss_ldap-1.204_2, postfix-2.1.4,1, cyrus-sasl-2.1.19,
> (official ports for Freebsd 5.2.1)

I don't think this is a Postfix-Problem. You should inspect your ldap/
pam_ldap-Configuration.

You can start saslauthd with -d

# saslauthd -d -a pam

Then you will see a lot of debugging-output, when you try to authenticate
again.

Start slapd with a high loglevel. Look in this Log, too.

Try to enable debugging in pam_ldap...

--
Andreas

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]