Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Postfix + SASL problem "no SASL authentication mechanisms"

243 views
Skip to first unread message

Cliff Flood

unread,
Apr 22, 2005, 11:20:07 AM4/22/05
to
Hi,

I'm having a problem getting Postfix & SASL to work. I've read some of
the archives here and done some extensive googling, read lots of
articles and tried lots of things. None of the things I've done have
helped or prevented me from getting the "no SASL authentication
mechanisms" error.
I have what I believe are the relevant and correct packages installed.

The current status of my system is similar to the one described in this
document:

http://www.fatofthelan.com/articles/articles.php?pid=22

I have moved the saslauthd directory from /var/run to the Postfix chroot

The relevant parts of my main.cf are:

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated,
check_relay_domains

My /etc/postfix/sasl/smtpd.conf reads:

pwcheck_method: saslauthd
mech_list: plain login

(I notice the problem is the same whether that file is there or not, is
it possible it's not being read?)

My /etc/default/saslauthd reads:

START=yes
MECHANISMS="pam"

I can test sasl auth on the command line using `testsaslauthd
-u<username> -p<password>` successfully.

I also tried the suggestions from this page:

http://wiki.ev-15.com/debian:mail_system#sasl

With no success.

Could someone tell me more specifically what the error is indicating?

At this point I'm rather confused and annoyed and I'd appreciate any
help any one can give me!

Thanks :)

--
Cliph/ff
http://chicks-dig-unix.net/


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Radu Brumariu

unread,
Apr 22, 2005, 11:30:16 AM4/22/05
to
Cliff Flood wrote:

Do you have the postfix-tls package installed ?

Radu

--
"Stat rosa pristina nomine, nomina nuda tenemus"

Cliff Flood

unread,
Apr 22, 2005, 11:40:10 AM4/22/05
to
Cliff Flood wrote, on 04/22/05 15:56:

> Hi,
>
> I'm having a problem getting Postfix & SASL to work.

I forgot to mention, as usual, I'm running Debian "unstable". Since I
wrote my last mail I've un-chrooted the "smtp" processes and had the
same error.

Lech Karol Pawłaszek

unread,
Apr 22, 2005, 11:50:10 AM4/22/05
to
On Friday 22 of April 2005 16:56, Cliff Flood wrote:
[...]

>"no SASL authentication mechanisms" error.
[...]

> Could someone tell me more specifically what the error is indicating?
>
> At this point I'm rather confused and annoyed and I'd appreciate any
> help any one can give me!

I grant that you're using sarge... i think that you've installed most of
needed packages like postfix-tls and sasl2-bin, so...
Check if you have libsasl2-modules package installed.

> Thanks :)

You're welcome ;-]

--
Lech Karol Pawłaszek <ike>
"You will never see me fall from grace..." [KoRn]

Cliff Flood

unread,
Apr 22, 2005, 11:50:10 AM4/22/05
to
Radu Brumariu wrote, on 04/22/05 16:26:

> Do you have the postfix-tls package installed ?

I do:

ii postfix-tls 2.1.5-9 TLS and SASL support for Postfix

--
Cliph/ff
http://chicks-dig-unix.net/

Cliff Flood

unread,
Apr 22, 2005, 12:30:13 PM4/22/05
to
Lech Karol Pawłaszek wrote, on 04/22/05 16:46:

> On Friday 22 of April 2005 16:56, Cliff Flood wrote:
> [...]
>
>>"no SASL authentication mechanisms" error.
>
> [...]
>
>>Could someone tell me more specifically what the error is indicating?
>>
>>At this point I'm rather confused and annoyed and I'd appreciate any
>>help any one can give me!
>
>
> I grant that you're using sarge... i think that you've installed most of
> needed packages like postfix-tls and sasl2-bin, so...
> Check if you have libsasl2-modules package installed.
>
>
>>Thanks :)
>
>
> You're welcome ;-]

Great! Thank you! That worked, I didn't have that package installed and
now that I do I am no longer getting that error.

I am now getting another error however...

"warning: SASL authentication problem: unable to open Berkeley db
/etc/sasldb2: Permission denied"

In my /etc/postfix/sasl/smtpd.conf I have tried:

pwcheck_method: saslauthd

and

pwcheck_method: pwcheck

(Having first installed cyrus-common to provide pwcheck)

I want saslauthd to use pam to authenticate users against their regular
passwords, not to use a second database.

Where am I going wrong?

Cliff Flood

unread,
Apr 22, 2005, 12:50:10 PM4/22/05
to
Cliff Flood wrote, on 04/22/05 17:09:

> I am now getting another error however...
>
> "warning: SASL authentication problem: unable to open Berkeley db
> /etc/sasldb2: Permission denied"
>
> In my /etc/postfix/sasl/smtpd.conf I have tried:
>
> pwcheck_method: saslauthd
>
> and
>
> pwcheck_method: pwcheck
>
> (Having first installed cyrus-common to provide pwcheck)
>
> I want saslauthd to use pam to authenticate users against their regular
> passwords, not to use a second database.
>
> Where am I going wrong?

I've not added:

"saslauthd_path: /var/run/saslauthd/mux"

to my /etc/postfix/sasl/smtpd.conf and I get a different error:

"warning: SASL authentication failure: cannot connect to saslauthd
server: Permission denied"

/var/run/saslauthd is the right location I believe as my smtpd is not
chrooted

Cliff Flood

unread,
Apr 22, 2005, 1:10:09 PM4/22/05
to
Cliff Flood wrote, on 04/22/05 17:09:
> Where am I going wrong?

Ok, I figured it out mostly, postfix was unable to read the
/var/run/saslauthd dir so I added 'postfix' to the 'sasl' group and
'plain' login works now!

For some reason the *-md5 logins dont work but as the traffic is now
protected using TLS I'm not too worried about it.

Would anyone know why digest-md5 and cram-md5 as login mechanisms fail?

Lech Karol Pawłaszek

unread,
Apr 22, 2005, 1:20:10 PM4/22/05
to
On Friday 22 of April 2005 18:29, Cliff Flood wrote:
> Cliff Flood wrote, on 04/22/05 17:09:
> > I am now getting another error however...
> >
> > "warning: SASL authentication problem: unable to open Berkeley db
> > /etc/sasldb2: Permission denied"
> >
> > In my /etc/postfix/sasl/smtpd.conf I have tried:
> >
> > pwcheck_method: saslauthd
> >
> > and
> >
> > pwcheck_method: pwcheck
> >
> > (Having first installed cyrus-common to provide pwcheck)
> >
> > I want saslauthd to use pam to authenticate users against their regular
> > passwords, not to use a second database.
> >
> > Where am I going wrong?
>
> I've not added:
>
> "saslauthd_path: /var/run/saslauthd/mux"
>
> to my /etc/postfix/sasl/smtpd.conf and I get a different error:
>
> "warning: SASL authentication failure: cannot connect to saslauthd
> server: Permission denied"
>
> /var/run/saslauthd is the right location I believe as my smtpd is not
> chrooted

Are you sure that is not chrooted? AFAIR postfix is usually ran chrooted
in /var/spool/postfix. If it IS chrooted - solotion might look light this:

adduser postfix sasl
mkdir -p /var/spool/postfix/var/run/saslauthd/
mount --bind /var/run/saslauthd /var/spool/postfix/var/run/saslauthd
// or eventually do
echo "/var/run/saslauthd /var/spool/postfix/var/run/saslauthd none \
rw,bind 0 0" >> /etc/fstab


/etc/init.d/postfix reload

if it is NOT chrooted - you probably will have to just

adduser postfix sasl

should work.

ps: don't cc me since i am subscribed to debian-user.

regards. ;-)

Alberto Cabello Sanchez

unread,
Apr 22, 2005, 1:50:08 PM4/22/05
to
On Fri, Apr 22, 2005 at 05:09:45PM +0100, Cliff Flood wrote:
>
> Great! Thank you! That worked, I didn't have that package installed and
> now that I do I am no longer getting that error.
>
> I am now getting another error however...
>
> "warning: SASL authentication problem: unable to open Berkeley db
> /etc/sasldb2: Permission denied"
>
> In my /etc/postfix/sasl/smtpd.conf I have tried:
>
> pwcheck_method: saslauthd
>
> and
>
> pwcheck_method: pwcheck
>
> (Having first installed cyrus-common to provide pwcheck)
>
> I want saslauthd to use pam to authenticate users against their regular
> passwords, not to use a second database.
>
> Where am I going wrong?
>

I had the same, but I don't remember how I got rid of it. If you can barely
read spanish, you'll find detailed setup instructions that worked for me at
http://naranjo.unex.es/~alberto/smtp_auth.html


--
-----------------------
Alberto Cabello Sánchez
alb...@unex.es
Servicio de Informática
924 289 318
-----------------------

Mark Roach

unread,
Apr 22, 2005, 2:20:10 PM4/22/05
to
Cliff Flood wrote:
> Cliff Flood wrote, on 04/22/05 17:09:
>
> For some reason the *-md5 logins dont work but as the traffic is now
> protected using TLS I'm not too worried about it.
>
> Would anyone know why digest-md5 and cram-md5 as login mechanisms fail?

cram-md5 and basically every other mechanism besides plain require the
passwords to be stored either in sasldb, or some plain-text system. TLS
+ no worries is probably the right course of action.

-Mark

Cliff Flood

unread,
Apr 25, 2005, 6:30:16 AM4/25/05
to
Mark Roach wrote, on 04/22/05 19:11:

> Cliff Flood wrote:
>
>> Cliff Flood wrote, on 04/22/05 17:09:
>>
>> For some reason the *-md5 logins dont work but as the traffic is now
>> protected using TLS I'm not too worried about it.
>>
>> Would anyone know why digest-md5 and cram-md5 as login mechanisms fail?
>
>
> cram-md5 and basically every other mechanism besides plain require the
> passwords to be stored either in sasldb, or some plain-text system. TLS
> + no worries is probably the right course of action.

Thanks to every one who replied for all their help.

--
Cliph/ff
http://chicks-dig-unix.net/

0 new messages