Daniel L. Miller escribió:
Alejandro Cabrera Obed wrote:
Dear all, I have a Debian Etch + Postfix 2.3.8 mail server with LDAP
2.3.30. TLS encryption work succesfully but SASL authentication don't.
I have these:
apt-get install sasl2-bin libsasl2-modules
/etc/default/saslauthd:
START=yes
MECHANISMS="ldap"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
/etc/saslauthd.conf:
ldap_servers: ldap://ldap.company.com/
ldap_search_base: ou=people,dc=company,dc=com
ldap_bind_dn: cn=admin,dc=company,dc=com
ldap_bind_pw: xyz
ldap_filter: (&(objectClass=CourierMailAccount)(cn=%U))
ldap_scope: sub
ldap_auth_method: bind
I execute:
dpkg-statoverride --add root sasl 710
/var/spool/postfix/var/run/saslauthd
adduser postfix sasl
/etc/postfix/sasl/smtpd.conf:
pwcheck_method: saslauthd
mech_list: plain login
log_level: 7
/etc/postfix/master.cf:
smtp inet n - n - - smtpd -o
content_filter=spamassassin # No chroot
/etc/postfix/main.cf:
# TLS
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/courier/smtpd.cert
smtpd_tls_key_file = /etc/courier/smtpd.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
# SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
# SMTP Restrictions
smtpd_recipient_restrictions = permit_sasl_authenticate,
permit_mynetworks
Restart postfix and saslauthd
After that:
$telnet mail 25
and I see:
250-STARTTLS
250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN
So TLS and SASL are OK.
Finally I configure my mail client (Iceweasel) and sens a mail,
asking me for the password, but I FAIL !!! I see this in
/var/log/auth.log:
Aug 13 15:25:45 mail postfix/cleanup[4182]: looking for plugins in
'/usr/lib/sasl2', failed to open directory, error: No such file or
directory
Aug 13 15:25:53 mail postfix/smtpd[4196]: looking for plugins in
'/usr/lib/sasl2', failed to open directory, error: No such file or
directory
Aug 13 15:27:15 mail postfix/cleanup[4222]: looking for plugins in
'/usr/lib/sasl2', failed to open directory, error: No such file or
directory
Aug 13 15:29:41 mail postfix/cleanup[4290]: looking for plugins in
'/usr/lib/sasl2', failed to open directory, error: No such file or
directory
Aug 13 15:29:57 mail postfix/smtpd[4303]: looking for plugins in
'/usr/lib/sasl2', failed to open directory, error: No such file or
directory
Aug 13 15:30:01 mail CRON[4306]: (pam_unix) session opened for user
vmail by (uid=0)
Aug 13 15:30:01 mail pam_limits[4306]: setrlimit limit #11 to
soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0
Aug 13 15:30:01 mail pam_limits[4306]: setrlimit limit #12 to
soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0
Aug 13 15:30:01 mail CRON[4306]: (pam_unix) session closed for user
vmail
How can I do to put SASL to work agains my LDAP ???
REALLY THANKS !!!
Alejandro
You need to install either the courier or dovecot packages to provide
the necessary utilities/libraries.
For the courier option, you'll need libsasl2-modules and sasl2-bin at
a minimum. I don't think the dovecot packages have broken out the
auth portion yet, so you would need to install dovecot-imapd and/or
dovecot-pop3d.
I had libsasl2-modules and sasl2-bin as I just said above.
What can I do ????
Thanks again
