NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2006-04

problems with sasl ldap pam_login_attribute

From: Jimmy Ott (adminonnet.ch)
Date: Mon Apr 03 2006 - 15:43:11 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

i've got a problem with sasl smtpd authentication.
sasl is configured and following test is working:

testsaslauthd -u myemaildomain.com -p mysecret -s smtp -f
/var/run/saslauthd/mux

pam_ldap.conf looks as following:

host ldap.intra.onnet.ch
base ou=domains,dc=intra,dc=onnet,dc=ch
ldap_version 3
port 389
scope sub
pam_filter objectclass=CourierMailAccount
pam_login_attribute mail
pam_password crypt

if i'm trying to smtp authenticate via telnet or a mail client the error
shows up in mail.log: SASL PLAIN authentication failed

i've already figured out, where the problem is, but do not know how to
solve it: if i use for pam_login_attribute another attributed instead of
mail, e.g. cn, or sn, or another attribute with no sign in value the
authentication works great with postfix. the authentication is currently
for debuging PLAIN AUTH. is there a problem with base64encoding an sign?

tests so far with sn as pam_login_attribute
sn: asdf --> auth works
sn: asdf.asdf --> auth works
sn: asdfasdf --> auth does not work
sn: asdfasdf.com --> auth does not work

relevant data:
/etc/pam.d/smtp:
#%PAM-1.0
auth required pam_ldap.so
account required pam_ldap.so
password required pam_ldap.so use_authtok

/etc/default/saslauthd:
START=yes
MECHANISMS="pam"

/etc/postfix/sasl/smtpd.conf:
pwcheck_method: saslauthd
mech_list: plain login

versions:
postfix 2.2.9-1
libsasl2 2.1.19-1.9
libsasl2-modules 2.1.19-1.9
sasl2-bin 2.1.19-1.9

(postconf -n)
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
best_mx_transport = local
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
disable_vrfy_command = yes
ignore_mx_lookup_error = yes
inet_interfaces = localhost, mail.intra.onnet.ch
mailbox_command =
mailbox_size_limit = 0
mydestination = ares, ares.intra.onnet.ch, mail.intra.onnet.ch,
mail.onnet.ch, localhost
myhostname = ares
mynetworks = 127.0.0.0/8, 192.168.0.0/24
recipient_delimiter = +
relayhost =
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination, reject_rbl_client
blackholes.mail-abuse.org, reject_rbl_client relays.mail-abuse.org,
reject_rbl_client relays.ordb.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
virtual_alias_maps = ldap:valias, ldap:vgroup
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/spool/postfix/virtual
virtual_mailbox_domains = ldap:vdomain
virtual_mailbox_maps = ldap:vuser
virtual_minimum_uid = 100
virtual_uid_maps = static:5000

many thanks for your help, and sorry for my bad english
jimmy

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]