LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices


Reply
  Search this Thread
Old 02-14-2005, 12:08 AM   #1
acker
Member
 
Registered: Apr 2004
Location: Timisoara, Romania
Distribution: Debian
Posts: 90

Rep: Reputation: 15
Angry cyrus + mysql + postfix + me extremly tired and angry


hello,

I am so tired of trying to make it work...
I won't try to paste every configuration i've got related with this... cause maybe you won't help me. Anyone with debian sarge has cyrus working with postfix and mysql? (not plain text passwords)

I'm using pam and I see that it connects to the MySQL table and it makes a query but all I got is this:
Code:
Feb 14 06:34:34 c9tm saslauthd[15613]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=aaa.ccc.dd
us
Feb 14 06:34:36 c9tm saslauthd[15613]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
Feb 14 06:34:36 c9tm saslauthd[15613]: do_auth         : auth failure: [user=aaa.ccc.dd] [service=imap] [realm=] [mech=pam] [reas
on=PAM auth error]
The table is ok, the user exists. I don't know what to f. do..



I've searched google, I've seen similar problems, but can't figure what is wrong...

regards,
acker
 
Old 02-14-2005, 01:30 AM   #2
bastard23
Member
 
Registered: Mar 2003
Distribution: Debian
Posts: 275

Rep: Reputation: 30
I've not setup saslauth w/ mysql, but you shouldn't need PAM at all. There should be a mysql plugin w/ saslauthd.

(not plain text passwords)

Are you trying to do DIGEST-MD5? Then the pw need to be in clear text in the database, and saslauthd needs to see that password (i.e. PAM won't work). That also means you have to secure your transport and access controls in mysql.

Please post your pam config for IMAP (/etc/pam.d/imap) and sasl config, as I don't think you should be using pam_unix here.

That's my stabs in the dark,
chris
 
Old 02-14-2005, 09:42 AM   #3
acker
Member
 
Registered: Apr 2004
Location: Timisoara, Romania
Distribution: Debian
Posts: 90

Original Poster
Rep: Reputation: 15
/etc/pam.d/imap
Code:
# PAM configuration file for Cyrus IMAP service
# $Id: imap.pam,v 1.3 2003/10/02 04:58:38 hmh Exp $
#
# If you want to use Cyrus in a setup where users don't have
# accounts on the local machine, you'll need to make sure
# you use something like pam_permit for account checking.
#
# Remember that SASL (and therefore Cyrus) accesses PAM
# modules through saslauthd, and that SASL can only deal with
# plaintext passwords if PAM is used.
#

@include common-auth
@include common-account

auth sufficient pam_mysql.so user=mail passwd=asdfghj host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time

##auth sufficient pam_unix_auth.so

account required pam_mysql.so user=mail passwd=asdfghj host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time

##account sufficient pam_unix_acct.so
# Remember that SASL (and therefore Cyrus) accesses PAM
# modules through saslauthd, and that SASL can only deal with
# plaintext passwords if PAM is used.
???
What exactly does it mean?

/usr/lib/sasl2/smtpd.conf
Code:
pwcheck_method: saslauthd
Is this where is should be?

Code:
root@camin9:~# ps aux | grep sasl
root     15613  0.0  2.2  7404 1396 ?        Ss   06:03   0:00 /usr/sbin/saslauthd -a pam
root     15614  0.0  2.3  7404 1440 ?        S    06:03   0:00 /usr/sbin/saslauthd -a pam
root     15615  0.0  2.4  7404 1488 ?        S    06:03   0:00 /usr/sbin/saslauthd -a pam
root     15616  0.0  2.4  7404 1488 ?        S    06:03   0:00 /usr/sbin/saslauthd -a pam
root     15617  0.0  1.5  6468  968 ?        S    06:03   0:00 /usr/sbin/saslauthd -a pam
/etc/imapd-local.conf
Code:
postmaster: postmaster
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: PLAIN
servername: aaa.xxx.rr
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sievedir: /usr/sieve
sendmail: /usr/sbin/sendmail
sieve_maxscriptsize: 32
sieve_maxscripts: 5
#unixhierarchysep: yes
/etc/imapd.conf
Code:
postmaster: postmaster
servername: aaa.xxx.rr
quotawarn: 90
timeout: 30
poptimeout: 10
sieve_maxscriptsieze: 32
sieve_maxscripts: 5
reject8bit: no

configdirectory: /var/imap

defaultpartition: default
partition-default: /var/spool/imap

partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news

altnamespace: no

unixhierarchysep: yes

#admins: cyrus
#imap_admins: cyrus

allowanonymouslogin: no

popminpoll: 1

autocreatequota: 10000

umask: 077

sendmail: /usr/sbin/sendmail

sieveusehomedir: false
sievedir: /var/spool/sieve

dracinterval: 0
drachost: localhost

hashimapspool: true

allowplaintext: yes
# ?? ^ problem with this? hmm..

sasl_mech_list: PLAIN
# Do note that, since sasl will be run as user cyrus, you may have a lot of
# trouble to set this up right.
#sasl_pwcheck_method: auxprop
sasl_pwcheck_method: saslauthd

sasl_auto_transition: no

tls_ca_path: /etc/ssl/certs
tls_session_timeout: 1440
tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH

# Unix domain socket that lmtpd listens on.
lmtpsocket: /var/run/cyrus/socket/lmtp

# Unix domain socket that idled listens on.
idlesocket: /var/run/cyrus/socket/idle

# Unix domain socket that the new mail notification daemon listens on.
notifysocket: /var/run/cyrus/socket/notify

tls_ca_file: /var/imap/server.pem
tls_cert_file: /var/imap/server.pem
tls_key_file: /var/imap/server.pem
from /etc/cyrus.conf :
Code:
        imap            cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100
        imaplocal       cmd="imapd -C /etc/imapd-local.conf" listen="127.0.0.1:imap" prefork=0
        imaps           cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
        imapslocal      cmd="imapd -C /etc/imapd-local.conf" listen="127.0.0.1:imaps" prefork=0
        pop3            cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50
        pop3s           cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=50

if i use the program smtptest -u .. -a .. localhost i've got this in syslog
Code:
Feb 14 16:32:48 c9tm postfix/smtpd[18121]: connect from localhost[127.0.0.1]
Feb 14 16:32:53 c9tm postfix/smtpd[18121]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No
 such file or directory
Feb 14 16:32:53 c9tm postfix/smtpd[18121]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No
 such file or directory
Feb 14 16:32:53 c9tm postfix/smtpd[18121]: warning: SASL authentication failure: no secret in database
Feb 14 16:32:53 c9tm postfix/smtpd[18121]: warning: localhost[127.0.0.1]: SASL DIGEST-MD5 authentication failed
Feb 14 16:32:57 c9tm postfix/smtpd[18121]: disconnect from localhost[127.0.0.1]
Why is it trying to use sasldb2? Shouldn't it use mysql?

I had /etc/pam.d/cyrus but I've renamed and no longer can be used and mess up things.

More info to come... just ask

I'm so dizzy...

acker
 
Old 02-15-2005, 11:58 AM   #4
acker
Member
 
Registered: Apr 2004
Location: Timisoara, Romania
Distribution: Debian
Posts: 90

Original Poster
Rep: Reputation: 15
I knew this would happen...

as always.
 
Old 02-15-2005, 10:21 PM   #5
bastard23
Member
 
Registered: Mar 2003
Distribution: Debian
Posts: 275

Rep: Reputation: 30
Well, what do you expect with free advice?

Anyways, /etc/pam.d/imap looks fine, but I've never used pam w/ mysql. The comment means you can't use DIGEST-MD5 will pam. I believe you can use the sql plugin for the auxprop. Not saslauthd. Something like
/usr/lib/sasl/imap.conf:
Code:
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: login plain CRAM-MD5 DIGEST-MD5

sql_engine: mysql
sql_user: someone
sql_passwd: someonespassword
sql_hostnames: localhost
sql_database: mail
sql_select: SELECT %p FROM user_table WHERE username = '%u' and realm = '%r'
If you keep on with pam, log the mysql select statement to see what it is looking for (and getting) in the db.

Postfix has it's own location for the sasl config. Mine is /etc/postfix/sasl/smtpd.conf.

Use the testsaslauthd -u test -p pw -s imap to figure out if saslauthd is working.

Try the Cyrus-SASL mailing list at http://asg.web.cmu.edu/sasl/, and search the archives.
 
Old 02-16-2005, 10:46 AM   #6
acker
Member
 
Registered: Apr 2004
Location: Timisoara, Romania
Distribution: Debian
Posts: 90

Original Poster
Rep: Reputation: 15
Thanks,

I've searched more on net and i've seen something like auxprop and some more stuff. I'll try tonight cause i've got some free time...
I'll keep you posted. If it's not going to work I'll try to learn more... I've start reading a little bit from sasl code to figure out what it's going on.

acker
 
Old 05-10-2005, 05:03 PM   #7
jim_boy
LQ Newbie
 
Registered: Oct 2001
Location: netherlands
Distribution: redhat
Posts: 8

Rep: Reputation: 0
acker ..
I did have the same simptoms,
After working on it for a week . I droppped debain and switched to suse.

But still questioning what the problem was . So if you did find a solution please let me now !!
 
Old 05-10-2005, 06:13 PM   #8
acker
Member
 
Registered: Apr 2004
Location: Timisoara, Romania
Distribution: Debian
Posts: 90

Original Poster
Rep: Reputation: 15
Wow! A reply!

Never fixed it. After I've started to learn more about it (some by reading some cyrus code cause documentation was contradictory and different variables were named different ) hard drive crashed... Lots of errors.
After this I went home on holiday (from school) and when I returned and managed to fix the damn hard-drive we've lost the Internet connection (freaking changes; this was a secondary connection on which we tested some things, a low bandwidth one). This sounds pretty weird, I know.

As a matter of fact today we set the server again, but there is no time for it. Exams, stuff, etc.

The problem is that I didn't get the big picture of how all stuff interacts in mail systems. Documentation consisted mainly in 'tutorials' or 'follow this to do that' but with that if you get an error you won't go far. I'll study more when time will be in my hands

Switching from Debian is not a solution . You're using now Distribution: redhat. Hmmm... you started with Debian and ended up with RedHat... My path was the other way around.

Mail systems are pretty complex and they should be studied carefully. Unfortunately that requires some time and we don't always have time. I haven't found at the time a super complete documentation, only tutorials and stuff. I wanted some references that would explain every aspect of a thing and the way it interacts with other. (maybe there is but i was to shorthanded on time to see it)


Best regards,
acker
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Cyrus IMAP/Postfix novaprime Linux - Networking 0 01-19-2005 03:28 AM
postfix+cyrus gammar Linux - Networking 0 12-30-2004 12:34 PM
MySQL install -- tried everything -- tired of Linux steedvlx Linux - Newbie 10 07-01-2004 08:38 AM
Problems installing mail system (mysql, cyrus, postfix) cirofren Linux - Newbie 2 12-11-2003 01:38 AM
ok, tired of my postfix troubles hotrodowner Linux - Networking 17 06-18-2003 03:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian

All times are GMT -5. The time now is 06:45 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration