Re: Trouble setting up SASL authentication with postfix

Patrick Ben Koetter Thu, 02 Oct 2008 13:36:56 -0700

* Lists <[EMAIL PROTECTED]>:
>>> Not sure if this is the right place to post, apologies if it is not.
>>>
>>> This is my first MailScanner / Postfix install - on CentOS 5.2
>>>
>>> I have attempted to setup the smtp authentication using SASL 
>>> following various tutorials.
>>> When I attempted to authenticate I am getting the following error
>>> pam_succeed_if(smtp:auth):error retrieving information about user test


You are using the saslauthd daemon to connect via PAM to a password backend.
If the backend is the local shadow file, reconfigure saslauthd to use "shadow"
as method and not "pam".
If you need to use PAM to access credentials in e.g. a MySQL database, then
you need to fix your PAM setup /etc/pam.d/smtp.
Use the "testsaslauthd" command to test saslauthd SASL authentication. Proceed
to Postfix and mail clients only if testsaslauthd succeeds. A typical
testsaslauthd call using PAM looks like this:

$ testsaslauthd -s smtp -r /path/to/saslauthd/socket -u test -p password

[EMAIL PROTECTED]




>>>
>>> I have been searching the net for a couple of hours but havn't been 
>>> able to get it to work.
>>>     
>>
>> Start here:
>>
>> http://www.postfix.org/DEBUG_README.html#mail
>> http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
>> http://www.postfix.org/SASL_README.html
>>
>> Give more information; at least the output of 'postconf -n' and
>> saslfinger.
>>
>>   
>
>

> saslfinger - postfix Cyrus sasl configuration Wed Oct  1 14:42:58 NZDT 2008
> version: 1.0.2
> mode: server-side SMTP AUTH
> 
> -- basics --
> Postfix: 2.3.3
> System: CentOS release 5.2 (Final)
> 
> -- smtpd is linked to --
>       libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x001f8000)
> 
> -- active SMTP AUTH and TLS parameters for smtpd --
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> 
> 
> -- listing of /usr/lib/sasl --
> total 56
> drwxr-xr-x  2 root root  4096 Oct  1 09:07 .
> drwxr-xr-x 68 root root 36864 Oct  1 10:02 ..
> -rw-r--r--  1 root root    47 Aug 15 09:06 smtpd.conf
> 
> -- listing of /usr/lib/sasl2 --
> total 3468
> drwxr-xr-x  2 root root   4096 Oct  1 12:52 .
> drwxr-xr-x 68 root root  36864 Oct  1 10:02 ..
> -rwxr-xr-x  1 root root    884 Jan  8  2007 libanonymous.la
> -rwxr-xr-x  1 root root  14372 Jan  8  2007 libanonymous.so
> -rwxr-xr-x  1 root root  14372 Jan  8  2007 libanonymous.so.2
> -rwxr-xr-x  1 root root  14372 Jan  8  2007 libanonymous.so.2.0.22
> -rwxr-xr-x  1 root root    870 Jan  8  2007 libcrammd5.la
> -rwxr-xr-x  1 root root  16832 Jan  8  2007 libcrammd5.so
> -rwxr-xr-x  1 root root  16832 Jan  8  2007 libcrammd5.so.2
> -rwxr-xr-x  1 root root  16832 Jan  8  2007 libcrammd5.so.2.0.22
> -rwxr-xr-x  1 root root    893 Jan  8  2007 libdigestmd5.la
> -rwxr-xr-x  1 root root  47204 Jan  8  2007 libdigestmd5.so
> -rwxr-xr-x  1 root root  47204 Jan  8  2007 libdigestmd5.so.2
> -rwxr-xr-x  1 root root  47204 Jan  8  2007 libdigestmd5.so.2.0.22
> -rwxr-xr-x  1 root root    933 Jan  8  2007 libgssapiv2.la
> -rwxr-xr-x  1 root root  26528 Jan  8  2007 libgssapiv2.so
> -rwxr-xr-x  1 root root  26528 Jan  8  2007 libgssapiv2.so.2
> -rwxr-xr-x  1 root root  26528 Jan  8  2007 libgssapiv2.so.2.0.22
> -rwxr-xr-x  1 root root    877 Jan  8  2007 libldapdb.la
> -rwxr-xr-x  1 root root  15472 Jan  8  2007 libldapdb.so
> -rwxr-xr-x  1 root root  15472 Jan  8  2007 libldapdb.so.2
> -rwxr-xr-x  1 root root  15472 Jan  8  2007 libldapdb.so.2.0.22
> -rwxr-xr-x  1 root root    856 Jan  8  2007 liblogin.la
> -rwxr-xr-x  1 root root  14752 Jan  8  2007 liblogin.so
> -rwxr-xr-x  1 root root  14752 Jan  8  2007 liblogin.so.2
> -rwxr-xr-x  1 root root  14752 Jan  8  2007 liblogin.so.2.0.22
> -rwxr-xr-x  1 root root    858 Jan  8  2007 libntlm.la
> -rwxr-xr-x  1 root root  31516 Jan  8  2007 libntlm.so
> -rwxr-xr-x  1 root root  31516 Jan  8  2007 libntlm.so.2
> -rwxr-xr-x  1 root root  31516 Jan  8  2007 libntlm.so.2.0.22
> -rwxr-xr-x  1 root root    856 Jan  8  2007 libplain.la
> -rwxr-xr-x  1 root root  14848 Jan  8  2007 libplain.so
> -rwxr-xr-x  1 root root  14848 Jan  8  2007 libplain.so.2
> -rwxr-xr-x  1 root root  14848 Jan  8  2007 libplain.so.2.0.22
> -rwxr-xr-x  1 root root    930 Jan  8  2007 libsasldb.la
> -rwxr-xr-x  1 root root 905200 Jan  8  2007 libsasldb.so
> -rwxr-xr-x  1 root root 905200 Jan  8  2007 libsasldb.so.2
> -rwxr-xr-x  1 root root 905200 Jan  8  2007 libsasldb.so.2.0.22
> -rwxr-xr-x  1 root root    878 Jan  8  2007 libsql.la
> -rwxr-xr-x  1 root root  23084 Jan  8  2007 libsql.so
> -rwxr-xr-x  1 root root  23084 Jan  8  2007 libsql.so.2
> -rwxr-xr-x  1 root root  23084 Jan  8  2007 libsql.so.2.0.22
> -rw-r--r--  1 root root     49 Oct  1 09:21 smtpd.conf
> 
> -- listing of /etc/sasl2 --
> total 24
> drwxr-xr-x  2 root root  4096 Jan  8  2007 .
> drwxr-xr-x 86 root root 12288 Oct  1 11:45 ..
> 
> 
> 
> 
> -- content of /usr/lib/sasl/smtpd.conf --
> pwcheck_method: saslauthd
> saslauthd_version: 2
> 
> -- content of /usr/lib/sasl2/smtpd.conf --
> pwcheck_method: saslauthd
> mech_list: plain login
> 
> 
> -- active services in /etc/postfix/master.cf --
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> smtp      inet  n       -       n       -       -       smtpd
> pickup    fifo  n       -       n       60      1       pickup
> cleanup   unix  n       -       n       -       0       cleanup
> qmgr      fifo  n       -       n       300     1       qmgr
> tlsmgr    unix  -       -       n       1000?   1       tlsmgr
> rewrite   unix  -       -       n       -       -       trivial-rewrite
> bounce    unix  -       -       n       -       0       bounce
> defer     unix  -       -       n       -       0       bounce
> trace     unix  -       -       n       -       0       bounce
> verify    unix  -       -       n       -       1       verify
> flush     unix  n       -       n       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> smtp      unix  -       -       n       -       -       smtp
> relay     unix  -       -       n       -       -       smtp
>       -o fallback_relay=
> showq     unix  n       -       n       -       -       showq
> error     unix  -       -       n       -       -       error
> discard   unix  -       -       n       -       -       discard
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       n       -       -       lmtp
> anvil     unix  -       -       n       -       1       anvil
> scache          unix  -       -       n       -       1       scache
> maildrop  unix  -       n       n       -       -       pipe
>   flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> old-cyrus unix  -       n       n       -       -       pipe
>   flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} 
> ${user}
> cyrus     unix  -       n       n       -       -       pipe
>   user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m 
> ${extension} ${user}
> uucp      unix  -       n       n       -       -       pipe
>   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail 
> ($recipient)
> ifmail    unix  -       n       n       -       -       pipe
>   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp     unix  -       n       n       -       -       pipe
>   flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
> 
> -- mechanisms on localhost --
> 250-AUTH LOGIN PLAIN
> 
> 
> -- end of saslfinger output --
> 


-- 
All technical answers asked privately will be automatically answered on
the list and archived for public access unless privacy is explicitely
required and justified.

saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

Re: Trouble setting up SASL authentication with postfix

Reply via email to