|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Postfix+MYSQL Authentication problems
From: Aaron P. Martinez (ml
proficuous.com)
Date: Wed Jun 08 2005 - 09:56:51 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 2005-06-07 at 21:25 -0700, Postmaster wrote:
> Quoting "Aaron P. Martinez" <mlproficuous.com>:
>
> > On Mon, 2005-06-06 at 15:38 -0700, Postmaster wrote:
> > > I've read what I can. I've given userid 'postfix' ALL priveleges
> > for
> > > 127.0.0.1, localhost, and the "real" IP address - yet I continue
> > to
> > > get:
> > >
> > > Jun 6 15:30:40 dns1 imapd: authdaemon: starting client module
> > > Jun 6 15:30:40 dns1 authdaemond.mysql: failed to connect to mysql
> > > server (server=localhost, userid=postfix)
> > > Jun 6 15:30:40 dns1 imapd: authdaemon: TEMPFAIL - no more modules
> > will
> > > be tried
> > >
> > > tcpdump has yielded nothing for me.
> > > The firewall is showing nothing being dropped or rejected.
> > >
> > > Yes, Ralf, I KNOW it's an authentication problem - But WHERE do I
> > have
> > > to go to find out how to debug the authentication ? What can I
> > post to
> > > get some help from the list...I've been stuck for the last 4 days.
> > Is
> > > there something I need to post ? Anyone ?
> >
> > You need to post your authmysqlrc for courier, because as you know,
> > it's
> > an authentication problem and the logs tell you it's an imapd
> > problem
> > which isn't postfix. I don't see any error however about failed
> > authentication, just a failure to connect to the mysql server, is it
> > running?
> >
> > have you tried connecting to the sql server with the credentials in
> > the
> > authmysqlrc from the command line?
> >
> > Aaron Martinez
>
> =========================================
>
> Thanks for looking at it Aaron...
>
> The system says mysql is running.
> I can log onto sql with either my userid or userid=postfix and
> set/update anything I want.
>
> Hopefully helpful lines from a netstat:
> unix 2 [ ACC ] STREAM LISTENING 151500
> /var/run/authdaemon.courier-imap/socket.tmp
> unix 2 [ ACC ] STREAM LISTENING 151619 /var/lib/mysql/mysql.sock
> tcp 0 0 :::143 :::* LISTEN
> unix 2 [ ACC ] STREAM LISTENING 151500
> /var/run/authdaemon.courier-imap/socket.tmp
> unix 2 [ ACC ] STREAM LISTENING 151619/var/lib/mysql/mysql.sock
>
> ------------------------- authmysqlrc file -----------------
> ##VERSION: $Id: authmysqlrc,v 1.1 2005/05/31 05:15:01 root Exp root $
> #
> # Copyright 2000-2004 Double Precision, Inc. See COPYING for
> # distribution information.
> #
> # Do not alter lines that begin with ##, they are used when upgrading
> # this configuration.
> #
> # authmysqlrc created from authmysqlrc.dist by sysconftool
> #
> # DO NOT INSTALL THIS FILE with world read permissions. This file
> # might contain the MySQL admin password!
> #
> # Each line in this file must follow the following format:
> #
> # field[spaces|tabs]value
> #
> # That is, the name of the field, followed by spaces or tabs, followed
> by
> # field value. Trailing spaces are prohibited.
>
>
> ##NAME: LOCATION:0
> #
> # The server name, userid, and password used to log in.
>
> MYSQL_SERVER localhost
> MYSQL_USERNAME postfix
> MYSQL_PASSWORD postfix
>
> ##NAME: MYSQL_SOCKET:0
> #
> # MYSQL_SOCKET can be used with MySQL version 3.22 or later, it
> specifies the
> # filesystem pipe used for the connection
> #
> # MYSQL_SOCKET /var/mysql/mysql.sock
> #Changed 3:20 PM 6/2/2005
> MYSQL_SOCKET /var/lib/mysql.sock
I would guess that this is the problem. From above netstat output:
unix 2 [ ACC ] STREAM LISTENING 151619/var/lib/mysql/mysql.sock
You're trying to connect to /var/lib/mysql.sock,
not /var/lib/mysql/mysql.sock.
>
> ##NAME: MYSQL_PORT:0
> #
> # MYSQL_PORT can be used with MySQL version 3.22 or later to specify a
> port to
> # connect to.
>
> MYSQL_PORT 0
>
> ##NAME: MYSQL_OPT:0
> #
> # Leave MYSQL_OPT as 0, unless you know what you're doing.
>
> MYSQL_OPT 0
>
> ##NAME: MYSQL_DATABASE:0
> #
> # The name of the MySQL database we will open:
>
> MYSQL_DATABASE maildb
>
> ##NAME: MYSQL_USER_TABLE:0
> #
> # The name of the table containing your user data. See
> README.authmysqlrc
> # for the required fields in this table.
>
> MYSQL_USER_TABLE users
>
> ##NAME: MYSQL_CRYPT_PWFIELD:0
> #
> # Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined.
> Both
> # are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext
> # passwords go into MYSQL_CLEAR_PWFIELD. Cleartext passwords allow
> # CRAM-MD5 authentication to be implemented.
>
> MYSQL_CRYPT_PWFIELD crypt
>
> ##NAME: MYSQL_CLEAR_PWFIELD:0
> #
> #
> MYSQL_CLEAR_PWFIELD clear
>
> ##NAME: MYSQL_DEFAULT_DOMAIN:0
> #
> # If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',
> # we will look up 'userDEFAULT_DOMAIN' instead.
> #
> #
> # DEFAULT_DOMAIN example.com
>
> ##NAME: MYSQL_UID_FIELD:0
> #
> # Other fields in the mysql table:
> #
> # MYSQL_UID_FIELD - contains the numerical userid of the account
> #
> MYSQL_UID_FIELD uid
>
> ##NAME: MYSQL_GID_FIELD:0
> #
> # Numerical groupid of the account
>
> MYSQL_GID_FIELD gid
>
> ##NAME: MYSQL_LOGIN_FIELD:0
> #
> # The login id, default is id. Basically the query is:
> #
> # SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid'
> #
>
> MYSQL_LOGIN_FIELD id
>
> ##NAME: MYSQL_HOME_FIELD:0
> #
>
> MYSQL_HOME_FIELD home
>
> ##NAME: MYSQL_NAME_FIELD:0
> #
> # The user's name (optional)
>
> MYSQL_NAME_FIELD name
>
> ##NAME: MYSQL_MAILDIR_FIELD:0
> #
> # This is an optional field, and can be used to specify an arbitrary
> # location of the maildir for the account, which normally defaults to
> # $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD).
> #
> # You still need to provide a MYSQL_HOME_FIELD, even if you uncomment
> this
> # out.
> #
> # MYSQL_MAILDIR_FIELD maildir
>
> ##NAME: MYSQL_DEFAULTDELIVERY:0
> #
> # Courier mail server only: optional field specifies custom mail
> delivery
> # instructions for this account (if defined) -- essentially overrides
> # DEFAULTDELIVERY from ${sysconfdir}/courierd
> #
> # MYSQL_DEFAULTDELIVERY defaultdelivery
>
> ##NAME: MYSQL_QUOTA_FIELD:0
> #
> # Define MYSQL_QUOTA_FIELD to be the name of the field that can
> optionally
> # specify a maildir quota. See README.maildirquota for more information
>
> #
> # MYSQL_QUOTA_FIELD quota
>
> ##NAME: MYSQL_AUXOPTIONS:0
> #
> # Auxiliary options. The MYSQL_AUXOPTIONS field should be a char field
> that
> # contains a single string consisting of comma-separated
> "ATTRIBUTE=NAME"
> # pairs. These names are additional attributes that define various
> per-account
> # "options", as given in INSTALL's description of the "Account OPTIONS"
> # setting.
> #
> # MYSQL_AUXOPTIONS_FIELD auxoptions
> #
> # You might want to try something like this, if you'd like to use a
> bunch
> # of individual fields, instead of a single text blob:
> #
> #
> MYSQL_AUXOPTIONS_FIELD CONCAT("disableimap=",disableimap,",disablepop3=",disablepop3,",disablewebmail=",disablewebmail,",sharedgroup=",sharedgroup)
> #
> # This will let you define fields called "disableimap", etc, with the
> end result
> # being something that the OPTIONS parser understands.
>
> MYSQL_AUXOPTIONS_FIELD CONCAT("mailhost=",mailhost)
>
> ##NAME: MYSQL_WHERE_CLAUSE:0
> #
> # This is optional, MYSQL_WHERE_CLAUSE can be basically set to an
> arbitrary
> # fixed string that is appended to the WHERE clause of our query
> #
> # MYSQL_WHERE_CLAUSE server='mailhost.example.com'
> MYSQL_WHERE_CLAUSE imapok=1 AND bool1=1 AND bool2 = 1
>
> ##NAME: MYSQL_SELECT_CLAUSE:0
> #
> # (EXPERIMENTAL)
> # This is optional, MYSQL_SELECT_CLAUSE can be set when you have a
> database,
> # which is structuraly different from proposed. The fixed string will
> # be used to do a SELECT operation on database, which should return
> fields
> # in order specified bellow:
> #
> # username, cryptpw, clearpw, uid, gid, home, maildir, quota, fullname,
> options
> #
> # The username field should include the domain (see example below).
> #
> # Enabling this option causes ignorance of any other field-related
> # options, excluding default domain.
> #
> # There are two variables, which you can use. Substitution will be made
> # for them, so you can put entered username (local part) and domain
> name
> # in the right place of your query. These variables are:
> # $(local_part), $(domain), $(service)
> #
> # If a $(domain) is empty (not given by the remote user) the default
> domain
> # name is used in its place.
> #
> # $(service) will expand out to the service being authenticated: imap,
> imaps,
> # pop3 or pop3s. Courier mail server only: service will also expand out
> to
> # "courier", when searching for local mail account's location. In this
> case,
> # if the "maildir" field is not empty it will be used in place of
> # DEFAULTDELIVERY. Courier mail server will also use esmtp when doing
> # authenticated ESMTP.
> #
> # This example is a little bit modified adaptation of vmail-sql
> # database scheme:
> #
> # MYSQL_SELECT_CLAUSE SELECT CONCAT(popbox.local_part, '',
> popbox.domain_name), \
> # CONCAT('{MD5}', popbox.password_hash), \
> # popbox.clearpw, \
> # domain.uid, \
> # domain.gid, \
> # CONCAT(domain.path, '/', popbox.mbox_name), \
> # '', \
> # domain.quota, \
> # '', \
> # CONCAT("disableimap=",disableimap,",disablepop3=", \
> #
> disablepop3,",disablewebmail=",disablewebmail, \
> # ",sharedgroup=",sharedgroup)
> \
> # FROM popbox, domain \
> # WHERE popbox.local_part = '$(local_part)' \
> # AND popbox.domain_name = '$(domain)' \
> # AND popbox.domain_name = domain.domain_name
>
>
> ##NAME: MYSQL_ENUMERATE_CLAUSE:0
> #
> # {EXPERIMENTAL}
> # Optional custom SQL query used to enumerate accounts for
> authenumerate,
> # in order to compile a list of accounts for shared folders. The query
> # should return the following fields: name, uid, gid, homedir, maildir
> #
> # Example:
> # MYSQL_ENUMERATE_CLAUSE SELECT CONCAT(popbox.local_part, '',
> popbox.domain_name), \
> # domain.uid, \
> # domain.gid, \
> # CONCAT(domain.path, '/', popbox.mbox_name), \
> # '' \
> # FROM popbox, domain \
> # WHERE popbox.local_part = '$(local_part)' \
> # AND popbox.domain_name = '$(domain)' \
> # AND popbox.domain_name = domain.domain_name
>
>
>
> ##NAME: MYSQL_CHPASS_CLAUSE:0
> #
> # (EXPERIMENTAL)
> # This is optional, MYSQL_CHPASS_CLAUSE can be set when you have a
> database,
> # which is structuraly different from proposed. The fixed string will
> # be used to do an UPDATE operation on database. In other words, it is
> # used, when changing password.
> #
> # There are four variables, which you can use. Substitution will be
> made
> # for them, so you can put entered username (local part) and domain
> name
> # in the right place of your query. There variables are:
> # $(local_part) , $(domain) , $(newpass) , $(newpass_crypt)
> #
> # If a $(domain) is empty (not given by the remote user) the default
> domain
> # name is used in its place.
> # $(newpass) contains plain password
> # $(newpass_crypt) contains its crypted form
> #
> # MYSQL_CHPASS_CLAUSE UPDATE popbox \
> # SET clearpw='$(newpass)', \
> # password_hash='$(newpass_crypt)' \
> # WHERE local_part='$(local_part)' \
> # AND domain_name='$(domain)'
> #
> ------------------------- end of file -----------------
>
> I thought I copied the entry from Ralf's book pretty closely...but I'm
> willing to accept that I did it wrong...
>
> Please excuse the wrapping...
Aaron Martinez
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]