From: Patrick Ben Koetter (pstate-of-mind.de)
Date: Mon Apr 03 2006 - 17:31:11 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Jimmy Ott <adminonnet.ch>:
> Hello,
>
> i've got a problem with sasl smtpd authentication.
> sasl is configured and following test is working:
>
> testsaslauthd -u myemaildomain.com -p mysecret -s smtp -f
> /var/run/saslauthd/mux
>
> pam_ldap.conf looks as following:
>
> host ldap.intra.onnet.ch
> base ou=domains,dc=intra,dc=onnet,dc=ch
> ldap_version 3
> port 389
> scope sub
> pam_filter objectclass=CourierMailAccount
> pam_login_attribute mail
> pam_password crypt
>
> if i'm trying to smtp authenticate via telnet or a mail client the error
> shows up in mail.log: SASL PLAIN authentication failed
>
> i've already figured out, where the problem is, but do not know how to
> solve it: if i use for pam_login_attribute another attributed instead of
> mail, e.g. cn, or sn, or another attribute with no sign in value the
> authentication works great with postfix. the authentication is currently
> for debuging PLAIN AUTH. is there a problem with base64encoding an sign?
>
> tests so far with sn as pam_login_attribute
> sn: asdf --> auth works
> sn: asdf.asdf --> auth works
> sn: asdfasdf --> auth does not work
> sn: asdfasdf.com --> auth does not work

The problem ain't Postfix, but saslauthd!

Start saslauthd with the additional "-r" commandline option. If you don't it
will strip the domainpart, which is exactly what you describe as your problem.

> /etc/default/saslauthd:
> START=yes
> MECHANISMS="pam"

There's an OPTIONS parameter IIRC that you can add to /etc/default/saslauthd
and give it "-r" as option. You probably want to check the init-script for the
parameter name, though. I don't use Debian myself.

prick

--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]