LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 05-17-2002, 09:44 AM   #1
hardigunawan
Member
 
Registered: Dec 2001
Posts: 35

Rep: Reputation: 15
pam_ldap with tls and sasl


I've set up postfix in a chroot environment and have copied the necessary
files (not all though) into the chroot directory.


I've been able to do a smtp auth using sasl through pam, but when I turn on
the TLS option, this error appear:
May 9 21:06:17 thunderbolt postfix/smtpd[2714]: pam_ldap: ldap_starttls_s:
Connect error May 9 21:06:17 thunderbolt postfix/smtpd[2714]:
warning: thunderbolt.testing.com[192.168.1.7]: SASL LOGIN authentication
failed


I've already copied the right certificate and that certificate has been used
for other pam usage, such as login, etc. So from my deduction, there
shouldn't be any mistake about the hostname in the cert not matching the one
I'm about to connect to (in /etc/ldap.conf and
/var/spool/postfix/etc/ldap.conf, I've stated the ldap server is at
thunderbolt.testing.com).


There should be other thing that I had forgotten? Is it any library files
that I've not copied?


Thank you
 
Old 05-21-2002, 02:05 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,825
Blog Entries: 54

Rep: Reputation: 2992Reputation: 2992Reputation: 2992Reputation: 2992Reputation: 2992Reputation: 2992Reputation: 2992Reputation: 2992Reputation: 2992Reputation: 2992Reputation: 2992
If you say you stated "host thunderbolt.testing.com" in your ldpa.conf, can you recheck you *made* your certificate for "thunderbolt.testing.com"?
 
Old 05-21-2002, 08:13 PM   #3
hardigunawan
Member
 
Registered: Dec 2001
Posts: 35

Original Poster
Rep: Reputation: 15
Yes, I did. In fact, when I do telnet/su etc (as long as it's not chrooted), it works.

In chroot, I've copied the relevant certificates:
CA's cert, site's cert and site's key.
 
Old 05-21-2002, 09:29 PM   #4
hardigunawan
Member
 
Registered: Dec 2001
Posts: 35

Original Poster
Rep: Reputation: 15
I'm sorry. It's my own mistake. I feel like slapping myself

I mistook the CA certificate for the site's certificate and mixed up the whole thing. I did a whole reinstall of my linux box
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Building Postfix with SASL + TLS mcd Linux - Networking 0 10-08-2005 10:43 PM
how to install pam_ldap? mel82 Slackware - Installation 1 02-18-2005 02:21 PM
problem with pam_ldap and ssha elias5000 Linux - Software 0 09-20-2004 10:11 AM
need help for pam_ldap!!! ahshin Linux - Networking 0 10-08-2003 08:40 PM
PAM_LDAP and eDirectory Trucker Linux - Networking 2 02-25-2003 03:25 AM


All times are GMT -5. The time now is 09:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration