NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2005-05

Re: cyrus-sasl w/ldap map problem

From: Patrick Ben Koetter (pstate-of-mind.de)
Date: Tue May 03 2005 - 03:32:24 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Chris Paul <postfixersentinare.net>:
> OS info: I had this working on an OpenBSD 3.5 box but haven't been able to
> get it to work since then. I'm trying now on OpenBSD 3.7.
>
> - SASL is running with LDAP as the map:
>
> [rootdonut:/root]# ps -ax|grep sasl
> 25762 ?? Is 0:00.02 /usr/local/sbin/saslauthd -m /var/spool/postfix/var/sasl2/ -a ldap -O /etc/saslauthd.conf
> 28777 ?? I 0:00.01 /usr/local/sbin/saslauthd -m /var/spool/postfix/var/sasl2/ -a ldap -O /etc/saslauthd.conf
> 27046 ?? I 0:00.00 /usr/local/sbin/saslauthd -m /var/spool/postfix/var/sasl2/ -a ldap -O /etc/saslauthd.conf
> 3741 ?? I 0:00.01 /usr/local/sbin/saslauthd -m /var/spool/postfix/var/sasl2/ -a ldap -O /etc/saslauthd.conf
> 29628 ?? I 0:00.00 /usr/local/sbin/saslauthd -m /var/spool/postfix/var/sasl2/ -a ldap -O /etc/saslauthd.conf
>
> - SASL works:
>
> testsaslauthd -u <user> -p <password> -f /var/spool/postfix/var/sasl2/mux
> 0: OK "Success."
>
> - But Postfix isn't happy with it, though mux in the postfix chroot:
> /var/spool/postfix/var/sasl2/mux (this is the right place from before):

Have you tried without running Postfix chrooted and the socket at the regular
place? It makes sense to check that before you go for a chroot setup.

> Apr 15 00:36:25 donut postfix/smtpd[19927]: warning: SASL authentication failure: Password verification failed
> Apr 15 00:36:25 donut postfix/smtpd[19927]: warning: unknown[10.7.5.50]: SASL PLAIN authentication failed
> Apr 15 00:37:05 donut postfix/smtpd[19927]: warning: unknown[10.7.5.50]: SASL LOGIN authentication failed
>
> - Just fooling with things, I stopped SASL to see if I would get a different
> error. I did and it indicates that at least in the above failure, the socket
> is in the correct place (as it isn't found, as expected, when the saslauthd
> daemon is not running)
>
> Apr 15 00:27:56 donut postfix/smtpd[21008]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
> Apr 15 00:27:56 donut postfix/smtpd[21008]: warning: SASL authentication failure: Password verification failed
> Apr 15 00:27:56 donut postfix/smtpd[21008]: warning: unknown[10.7.5.50]: SASL PLAIN authentication failed
>
> - here is the perms on the socket:
>
> [rootdonut:/root]# ls -l /var/spool/postfix/var/sasl2
> total 2
> srwxrwxrwx 1 root _postfix 0 May 3 01:25 mux
> -rw------- 1 root _postfix 0 May 3 01:25 mux.accept
> -rw------- 1 root _postfix 6 May 3 01:25 saslauthd.pid
>
> Any clues?

What's in your smtpd.conf?
Can you send output from saslfinger (see below)?

prick

--
The Book of Postfix
<http://www.postfix-book.com>
SMTP AUTH debug utility:
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]