LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 12-15-2008, 07:57 PM   #1
linuxpyro
Member
 
Registered: Apr 2004
Distribution: Gentoo
Posts: 134

Rep: Reputation: 16
Postfix SASL Authentication Failure


I am having an issue getting Postfix to do SMTP authentication via SASL and PAM on Debian Etch. First of all, here are the SASL-related lines in main.cf:

Code:
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains
#smtpd_recipient_restrictions = permit_mynetworks,check_relay_domains
inet_interfaces = all
Next, here is my /etc/postfix/sasl/smtpd.conf:

[code]
pwcheck_method: saslauthd
mech_list: plain login
[code]

In /etc/default/saslauthd:

Code:
# Should saslauthd run automatically on startup? (default: no)
START=yes

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
#MECHANISMS="rimap -O localhost"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c"

PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
Now, given this I can use testsaslauthd to successfully authenticate my username and password with saslauthd running. However, when I try to send Email through Postfix with the same credentials Evolution gives me a "Bad authentication response from server" error, and in /var/log/maillog I find this:

Code:
Dec 16 09:01:57 clamato postfix/smtpd[16619]: warning: SASL authentication failure: Password verification failed
Dec 16 09:01:57 clamato postfix/smtpd[16619]: warning: fishingcat.rit.edu[129.21.97.207]: SASL PLAIN authentication failed: authentication failure
Meanwhile, in /var/log/auth.log all I get is this:

Code:
Dec 16 08:55:10 clamato saslauthd[16517]: detach_tty      : master pid is: 16517
Dec 16 08:55:10 clamato saslauthd[16517]: ipc_init        : listening on socket: /var/run/saslauthd/mux
I am not running Postfix in a chroot, so it should be able to see /var/run/saslauthd/mux. Since I can authenticate against SASL via the command line I'm pretty sure it's not the problem. I was getting an error about not being able to find /usr/lib/sasl2, but that stopped after I added the smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2 line to main.cf.

Anyone have any ideas?
 
Old 12-15-2008, 09:29 PM   #2
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Perhaps a snippet from my startup in CentOS will help
Code:
SOCKETDIR=/var/run/saslauthd
MECH=shadow
FLAGS=
if [ -f /etc/sysconfig/saslauthd ] ; then
        . /etc/sysconfig/saslauthd
fi

RETVAL=0

# Set up some common variables before we launch into what might be
# considered boilerplate by now.
prog=saslauthd
path=/usr/sbin/saslauthd

# Ugh. Switch to a specific copy of saslauthd if there's one with $MECH
# in its name, in case it wasn't included in the base cyrus-sasl package
# because it would have dragged in too many undesirable dependencies.
if test -x ${path}.${MECH} ; then
        path=/usr/sbin/saslauthd.$MECH
fi

start() {
        echo -n $"Starting $prog: "
        daemon $path -m $SOCKETDIR -a $MECH $FLAGS
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
        return $RETVAL
}
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SMTP authentication with postfix using sasl GuyWood13 Linux - Server 23 05-03-2011 03:29 PM
Postfix + SASL Authentication problem on Ubuntu Server 8.04 beusekom Linux - Server 3 11-14-2008 04:05 PM
Temporary sasl authentication from outside network. Postfix. alex6666 Linux - Server 0 10-30-2008 09:25 AM
Postfix/SASL/MySQL "SASL LOGIN authentication failed" Temujin_12 Linux - Server 8 10-04-2008 10:37 PM
Postfix - SASL LOGIN authentication failed micko_escalade Linux - Networking 1 02-03-2006 01:53 AM


All times are GMT -5. The time now is 05:19 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration