Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Postfix + SASL Authentication failed

0 views
Skip to first unread message

Davi Leal

unread,
Oct 30, 2002, 12:10:12 PM10/30/02
to
Hi,

The problem is I can not get authentication successful in my Postfix + SASL
server.

SASL is enabled in the server, as you can see in the attached syslog
fragment. It fails. I would like know what is the cause?.

Posibilities / Rationale
A) /etc/passwd, /etc/shadow Bad permisions.
B) /usr/lib/sasl/smtpd.conf Mistaken.
C) Bad configuration of main.cf? You can see it attached.
D) Bad configuration of master.cf? You can see it attached.

Any other posibility?.


Rationale:

A) I have set read access to all users, only to check it is not the cause.

B) I have realized serveral checks, with both shadow and pwcheck.
pwcheck_method: shadow
pwcheck_method: pwcheck

My host use /etc/shadow to keep the passwords.

I know I have to use 'shadow'. Anyway I have always checked both
shadow and pwcheck.

I have copied the file in both /usr/lib/sasl/ and /usr/local/lib/sasl/
directories.


A special thing which I have noted is that if I remove all the smtpd.conf
files in the system I get the same "Authentication failed" message!.


Note: I have removed the chrooted option in the master.cf file.

Regards,
Davi Leal

--
The system is a Debian GNU/Linux 3.0 (woody)

syslog.txt
etc-postfix-main.cf
etc-postfix-master.cf

Piotrek Marat

unread,
Nov 1, 2002, 2:50:12 PM11/1/02
to
On Wed, Oct 30, 2002 at 05:57:46PM +0100, Davi Leal wrote:
> Hi,
>
> The problem is I can not get authentication successful in my Postfix + SASL
> server.

I had the same problem on FreeBSD machine. If you use pwcheck method
check whether postfix user has access to /var/pwcheck directory ( I just
added postifx to cyrus group and everything works fine )

Cheers,
PM


--
To UNSUBSCRIBE, email to debian-is...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Davi Leal

unread,
Nov 7, 2002, 9:50:12 AM11/7/02
to
Hi,

The problem was bad permision on /etc/sasldb file. Now works.
chmod 600 /etc/sasldb
chown postfix.postfix /etc/sasldb

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 excalibur.ene.es ESMTP Postfix (Debian/GNU)
EHLO excalibur.ene.es
250-excalibur.ene.es
250-PIPELINING
250-SIZE 204800000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN CRAM-MD5 GSSAPI
250-AUTH=LOGIN PLAIN CRAM-MD5 GSSAPI
250-XVERP
250 8BITMIME
AUTH PLAIN aGVsbG8AaGVsbG8AaGVsbG8=
235 Authentication successful
quit
221 Bye
Connection closed by foreign host.
#

Anyway, the OutLook 5.50 and Netscape Comunitator 4.73 clients show that the
SMTP server does not reply. I use the same user and password (hello, hello).
I have enabled SMTP authentification and disabled SSL/TLS in OutLook and
Netscape. I do not understand why telnet works and OutLook & Netscape does
not work. Any comment?.

Note: Using telnet from any machine works.


Regards,
Davi Leal

--

Davi Leal

unread,
Nov 7, 2002, 12:20:10 PM11/7/02
to
Hi,

If I remove the /etc/sasldb file I get the below line in the
/var/log/auth.log file, though I have pw_check pam in the
/usr/lib/sasl/smtpd.conf file.
Nov 7 18:18:43 excalibur postfix/smtpd[391]: unable to open Berkeley
db /etc/sasldb: No such file or directory

If I copy or link the /usr/lib/sasl/smtpd.conf file to
/etc/postfix/sasl/smtpd.conf file I get:
Nov 7 18:18:48 excalibur PAM_unix[391]: authentication failure;
(uid=101) -> hello for smtp service

It fails too, but it is used the mechanism specified, that is to say, PAM.
Anyway, any idea what I have to do to get Postfix + SASL + PAM or shadow
working?. I do not want to use sasldb due to I don't know all the client
passwords.


Debian GNU/Linux 3.0 (woody)

Sami Haahtinen

unread,
Nov 10, 2002, 5:30:06 AM11/10/02
to
On Thu, Nov 07, 2002 at 05:58:53PM +0100, Davi Leal wrote:
> If I remove the /etc/sasldb file I get the below line in the
> /var/log/auth.log file, though I have pw_check pam in the
> /usr/lib/sasl/smtpd.conf file.
> Nov 7 18:18:43 excalibur postfix/smtpd[391]: unable to open Berkeley
> db /etc/sasldb: No such file or directory
>
> If I copy or link the /usr/lib/sasl/smtpd.conf file to
> /etc/postfix/sasl/smtpd.conf file I get:
> Nov 7 18:18:48 excalibur PAM_unix[391]: authentication failure;
> (uid=101) -> hello for smtp service

This actually broke my postfix installation in the past.. it took me a
while to track down that the location of the sasl configuration had
changed to /etc/postfix/sasl.

> It fails too, but it is used the mechanism specified, that is to say, PAM.
> Anyway, any idea what I have to do to get Postfix + SASL + PAM or shadow
> working?. I do not want to use sasldb due to I don't know all the client
> passwords.

have you configured PAM properly? also, if you are using the passwd and
shadow files you should have a copy lurking about where postfix can
reach them.. (remember postfix runs chrooted)

Sami

--
-< Sami Haahtinen >-
-[ Notify immediately if you do not receive this message ]-
-< 2209 3C53 D0FB 041C F7B1 F908 A9B6 F730 B83D 761C >-

0 new messages