On Thursday 18 June 2009 11:21:51 Erik Norgaard wrote: > Mel Flynn wrote: > > On Wednesday 17 June 2009 21:51:03 Erik Norgaard wrote: > >>>> Jun 17 23:39:17 jail imap[8412]: badlogin: jail.example.com > >>>> [172.16.0.2] plaintext cy...@example.com SASL(-13): user not found: > >>>> checkpass failed > > > > So does the imap server know the domain name? How does it figure it out? > > Does it know to strip domain names because you configured the unix passwd > > backend? If it uses the domainname command to figure out the domainname, > > you may have it set on the working server, yet not on the jail. > > Any differences related to domains in /etc/rc.conf and /etc/resolv.conf > > that might shed some light? > > I added the line > > defaultdomain: example.com > > to imapd.conf, this line is not in my working server configuration, > however, it does make the realm part go away from the error message, not > that it solves the problem though: > > Jun 18 21:09:57 jail imap[22562]: badlogin: jail.example.com > [172.16.0.2] plaintext cyrus SASL(-1): generic failure: checkpass failed > > Now, adding debug mode to saslautd, I got some extra info in auth.log: > > Jun 18 21:13:21 jail saslauthd[21300]: DEBUG: auth_pam: pam_authenticate > failed: authentication error > Jun 18 21:13:21 jail saslauthd[21300]: do_auth : auth failure: > [user=cy...@example.com] [service=imap] [realm=] [mech=pam] [reason=PAM > auth error]
Can you add the same debug mode to the working server and do a failed login? Interesting point being if the user has the domain appended as well. > I have checked /etc/pam.d in the jail against the host and they are > identical, also /usr/local/etc/pam.d - both empty. Are there any known > problems with pam in jails? Not that I'm aware of. -- Mel _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
