LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices

Reply
 
Search this Thread
Old 10-19-2004, 05:21 PM   #1
k1e0x
LQ Newbie
 
Registered: Jul 2003
Posts: 7

Rep: Reputation: 0
Arrow Postfix SMTP AUTH, Problem using saslauthd + pam


Hi,

I'm at a loss as to what is wrong with my current mail server setup. I'm trying to setup postfix to use the saslauthd methos and check passwords against pam. Seams like a better method to me than using sasldb and copying the passwords into postfix's chroot everytime I add a new user. I have done this sevral times on other distros but.. for some reason I cant get it to work on Debian.

Currentaly here is what I have done.
installed postfix-tls, sasl2-bin + libs and modules)
edited /etc/default/saslauthd to start the daemon.
created var/run in the postfix chroot, moved the saslauthd directory from /var/run to /var/spool/postfix/var/run then linked it back to /var/run, added the postfix user to sasl group so it can read the files.
Created and copied /etc/pam.d/smtp to the directory /var/spool/postfix/etc/pam.d

My config's are as folows.


Code:
# START /etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_at_myorigin = yes
append_dot_mydomain = no
myhostname = hostname.domain.tld # system handles mail for *.domain.tld
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = domain.tld, hostname.domain.tld, localhost.localhost, localhost
relayhost =
transport_maps = hash:/etc/postfix/transport # system uses a smarthost
mynetworks = 127.0.0.0/8
home_mailbox = .maildir/
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 0
recipient_delimiter = +

# SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname  # wonderng about this..
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains

# TLS
smtpd_tls_auth_only = no
smtp_use_tls = no
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/postfix_key.pem
smtpd_tls_cert_file = /etc/postfix/ssl/postfix_cert.pem
smtpd_tls_CAfile = /etc/postfix/ssl/ca_cert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
# END

--

# START /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: PLAIN
minimum_layer: 0
auto_transition: no
# END

--

# START /var/spool/postfix/etc/pam.d/smtp (root:root,644)
auth            sufficient      pam_ldap.so
auth            required        pam_unix.so use_first_pass
account         sufficient      pam_ldap.so
account         required        pam_unix.so use_first_pass
password        sufficient      pam_ldap.so
password        required        pam_unix.so use_first_pass
session         required        pam_unix.so
# END

--

the logs say..

Oct 19 14:59:02 loki postfix/smtpd[2640]: connect from unknown[172.16.0.2]
Oct 19 14:59:06 loki postfix/smtpd[2640]: warning: SASL authentication failure: Password verification failed
I have tried username, username@domain.tld, and username@hostname.domain.tld and all of them fail.. The problem is either that saslauthd can't check against pam.. or that postfix cant check saslauthd.

Is there a way to test that saslauthd is actualy checking pam, without using postfix?
Are there any errors in my configs?

Thanks in advance.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix and smtp auth FragInHell Linux - Software 2 10-05-2005 06:23 AM
SuSE 9 Postfix SMTP-AUTH Probs... thetimp2003 Linux - Software 1 05-11-2004 02:33 PM
Postfix SMTP Auth Failure pembo13 Linux - Networking 1 02-09-2004 09:08 AM
Postfix 2.X SMTP AUTH Success Story ckmehta Fedora 0 01-23-2004 07:28 PM
Postfix SMTP AUTH NetScripter Linux - Software 0 10-23-2002 01:53 AM


All times are GMT -5. The time now is 08:53 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration