The problem is I can not get authentication successful in my Postfix + SASL
server.
SASL is enabled in the server, as you can see in the attached syslog
fragment. It fails. I would like know what is the cause?.
Posibilities / Rationale
A) /etc/passwd, /etc/shadow Bad permisions.
B) /usr/lib/sasl/smtpd.conf Mistaken.
C) Bad configuration of main.cf? You can see it attached.
D) Bad configuration of master.cf? You can see it attached.
Any other posibility?.
Rationale:
A) I have set read access to all users, only to check it is not the cause.
B) I have realized serveral checks, with both shadow and pwcheck.
pwcheck_method: shadow
pwcheck_method: pwcheck
My host use /etc/shadow to keep the passwords.
I know I have to use 'shadow'. Anyway I have always checked both
shadow and pwcheck.
I have copied the file in both /usr/lib/sasl/ and /usr/local/lib/sasl/
directories.
A special thing which I have noted is that if I remove all the smtpd.conf
files in the system I get the same "Authentication failed" message!.
Note: I have removed the chrooted option in the master.cf file.
Regards,
Davi Leal
--
The system is a Debian GNU/Linux 3.0 (woody)
I had the same problem on FreeBSD machine. If you use pwcheck method
check whether postfix user has access to /var/pwcheck directory ( I just
added postifx to cyrus group and everything works fine )
Cheers,
PM
--
To UNSUBSCRIBE, email to debian-is...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
The problem was bad permision on /etc/sasldb file. Now works.
chmod 600 /etc/sasldb
chown postfix.postfix /etc/sasldb
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 excalibur.ene.es ESMTP Postfix (Debian/GNU)
EHLO excalibur.ene.es
250-excalibur.ene.es
250-PIPELINING
250-SIZE 204800000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN CRAM-MD5 GSSAPI
250-AUTH=LOGIN PLAIN CRAM-MD5 GSSAPI
250-XVERP
250 8BITMIME
AUTH PLAIN aGVsbG8AaGVsbG8AaGVsbG8=
235 Authentication successful
quit
221 Bye
Connection closed by foreign host.
#
Anyway, the OutLook 5.50 and Netscape Comunitator 4.73 clients show that the
SMTP server does not reply. I use the same user and password (hello, hello).
I have enabled SMTP authentification and disabled SSL/TLS in OutLook and
Netscape. I do not understand why telnet works and OutLook & Netscape does
not work. Any comment?.
Note: Using telnet from any machine works.
Regards,
Davi Leal
--
If I remove the /etc/sasldb file I get the below line in the
/var/log/auth.log file, though I have pw_check pam in the
/usr/lib/sasl/smtpd.conf file.
Nov 7 18:18:43 excalibur postfix/smtpd[391]: unable to open Berkeley
db /etc/sasldb: No such file or directory
If I copy or link the /usr/lib/sasl/smtpd.conf file to
/etc/postfix/sasl/smtpd.conf file I get:
Nov 7 18:18:48 excalibur PAM_unix[391]: authentication failure;
(uid=101) -> hello for smtp service
It fails too, but it is used the mechanism specified, that is to say, PAM.
Anyway, any idea what I have to do to get Postfix + SASL + PAM or shadow
working?. I do not want to use sasldb due to I don't know all the client
passwords.
Debian GNU/Linux 3.0 (woody)
This actually broke my postfix installation in the past.. it took me a
while to track down that the location of the sasl configuration had
changed to /etc/postfix/sasl.
> It fails too, but it is used the mechanism specified, that is to say, PAM.
> Anyway, any idea what I have to do to get Postfix + SASL + PAM or shadow
> working?. I do not want to use sasldb due to I don't know all the client
> passwords.
have you configured PAM properly? also, if you are using the passwd and
shadow files you should have a copy lurking about where postfix can
reach them.. (remember postfix runs chrooted)
Sami
--
-< Sami Haahtinen >-
-[ Notify immediately if you do not receive this message ]-
-< 2209 3C53 D0FB 041C F7B1 F908 A9B6 F730 B83D 761C >-