LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 05-17-2002, 08:44 AM   #1
hardigunawan
Member
 
Registered: Dec 2001
Posts: 35

Rep: Reputation: 15
pam_ldap with tls and sasl


I've set up postfix in a chroot environment and have copied the necessary
files (not all though) into the chroot directory.


I've been able to do a smtp auth using sasl through pam, but when I turn on
the TLS option, this error appear:
May 9 21:06:17 thunderbolt postfix/smtpd[2714]: pam_ldap: ldap_starttls_s:
Connect error May 9 21:06:17 thunderbolt postfix/smtpd[2714]:
warning: thunderbolt.testing.com[192.168.1.7]: SASL LOGIN authentication
failed


I've already copied the right certificate and that certificate has been used
for other pam usage, such as login, etc. So from my deduction, there
shouldn't be any mistake about the hostname in the cert not matching the one
I'm about to connect to (in /etc/ldap.conf and
/var/spool/postfix/etc/ldap.conf, I've stated the ldap server is at
thunderbolt.testing.com).


There should be other thing that I had forgotten? Is it any library files
that I've not copied?


Thank you
 
Old 05-21-2002, 01:05 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,518
Blog Entries: 51

Rep: Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598
If you say you stated "host thunderbolt.testing.com" in your ldpa.conf, can you recheck you *made* your certificate for "thunderbolt.testing.com"?
 
Old 05-21-2002, 07:13 PM   #3
hardigunawan
Member
 
Registered: Dec 2001
Posts: 35

Original Poster
Rep: Reputation: 15
Yes, I did. In fact, when I do telnet/su etc (as long as it's not chrooted), it works.

In chroot, I've copied the relevant certificates:
CA's cert, site's cert and site's key.
 
Old 05-21-2002, 08:29 PM   #4
hardigunawan
Member
 
Registered: Dec 2001
Posts: 35

Original Poster
Rep: Reputation: 15
I'm sorry. It's my own mistake. I feel like slapping myself

I mistook the CA certificate for the site's certificate and mixed up the whole thing. I did a whole reinstall of my linux box
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Building Postfix with SASL + TLS mcd Linux - Networking 0 10-08-2005 09:43 PM
how to install pam_ldap? mel82 Slackware - Installation 1 02-18-2005 01:21 PM
problem with pam_ldap and ssha elias5000 Linux - Software 0 09-20-2004 09:11 AM
need help for pam_ldap!!! ahshin Linux - Networking 0 10-08-2003 07:40 PM
PAM_LDAP and eDirectory Trucker Linux - Networking 2 02-25-2003 02:25 AM


All times are GMT -5. The time now is 05:49 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration