From: Asaf Shakarchi (asafraytech.co.il)
Date: Tue Jan 10 2006 - 08:50:33 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello everybody,

Regarding my question,

I couldn’t figure out why postfix’s smtpd doesn’t even connect to saslauthd,
at the end, I found out that the encoded string was NOT VALID, I created it
by:

perl -MMIME::Base64 -e 'print encode_base64("rmoo.co.il\0rmoo.co.il\01");'

I spent hours on this, for some reason, the password ‘1’ caused the problem,
when I changed it to anything else it seems that smtpd connected to
saslauthd and I could successfully authenticate.

But still, I have a little question which probably is something that is
known,

Using a username as HYPERLINK "mailto:rmoo.co.il"rmoo.co.il with password
such as abc by:

perl -MMIME::Base64 -e 'print
encode_base64("rmoo.co.il\0rmoo.co.il\0abc");’ resulted:

ci5jby5pbAByLmNvLmlsAGFiYw==

while authenticating by “AUTH PLAIN ci5jby5pbAByLmNvLmlsAGFiYw==” it seems
that saslauthd receives the following:
saslauthd[29607] :do_auth : auth failure: [user=r.co.il]
[service=smtp] [realm=] [mech=ldap] [reason=Unknown]

saslauthd[29607] :do_request : response: NO

I’m not sure exactly what’s happening, but I truly do not understand the
‘r.co.il’ while the expected username should be ‘rmoo.co.il’,

Following is my saslauthd.conf, just in case:

ldap_servers: ldap://ip:390

ldap_bind_dn: cn=user

ldap_bind_pw: secret

ldap_search_base: dc=base

ldap_filter: (mail=%u)

I also tried mail=%u%r, but got the same result,

Can anyone help me with this?

Thanks in advanced,

Asaf.

   _____

From: owner-postfix-userspostfix.org
[mailto:owner-postfix-userspostfix.org] On Behalf Of Asaf Shakarchi
Sent: Monday, January 09, 2006 8:39 PM
To: postfix-userspostfix.org
Subject: Cyrus SASL + Postfix

Hey,

I'm trying to setup postfix with cyrus-sasl using saslauthd,

I'm positively sure that Postfix reads smtpd.conf (although I use the source
distribution it seeks smtpd.conf under /usr/lib/sasl2 and not
/usr/local/lib/sasl2)

Since if the file does not exist, I get the following error:

Jan 9 20:21:52 [postfix/smtpd] could not find auxprop plugin, was searching
for [all]

Jan 9 20:21:52 [postfix/smtpd] warning: SASL authentication failure: OTP:
auxprop backend can't store properties

Jan 9 20:21:52 [postfix/smtpd] connect from
IGLD-83-130-130-186.inter.net.il[83.130.130.186]

If the smtpd.conf exist with the following content, no error occures while
connecting to SMTPD port:

pwcheck_method: saslauthd

mech_list: LOGIN PLAIN

using 'testsaslauthd -u testdomain.com -p secret' I get an authentication
success and everything seems to work fine,

while trying to telnet smtpd port, I get the following error:

EHLO domain.com

250-mx2.alwaysup.co.il

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-AUTH PLAIN

250-AUTH=PLAIN

250 8BITMIME

as expected, AUTH IS only PLAIN, continuing by trying to authenticate with:

AUTH PLAIN ci1jby1pbAByLmNvLmlsAQ==

(Encrypted by the following command

perl -MMIME::Base64 -e 'print
encode_base64("rmoo.co.il\0rmoo.co.il\0secret");'

)

I recieve:

535 Error: authentication failed

On the log file, I see:

Jan 9 20:28:26 [postfix/smtpd] warning: SASL authentication failure: Can
only find author/en (no password)

Jan 9 20:28:26 [postfix/smtpd] warning:
IGLD-83-130-130-186.inter.net.il[83.130.130.186]: SASL PLAIN authentication
failed

Running saslauthd in debugging shows that postfix does not even try to do
anything,

I assume this since saslauthd does not result anything.

These are the relevant parameters regarding sasl in main.cf

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,check_relay_domains

I'll appriciate any help regarding this,

Thanks in advanced,

Asaf.

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.15/223 - Release Date: 1/6/2006

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.15/223 - Release Date: 1/6/2006

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.16/225 - Release Date: 1/9/2006
 

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]