Hullo users,
I am having problems with smtp authenticating to the virtual domains mysql
database through pam-mysql module 0.7 and i am using cyrus sasl2.1.23 on
slackware linux 13.1. Below are the commands executed and the
configurations.
root@xxxx:/# ps aux | grep saslauthd
root 3443 0.0 0.0 34524 752 pts/0 S 10:53 0:00 saslauthd
-a pam -d
root 3507 0.0 0.0 34524 1096 ? Ss 11:22 0:00 saslauthd
-a pam
root 3508 0.0 0.0 34524 644 ? S 11:22 0:00 saslauthd
-a pam
root 3509 0.0 0.0 34524 596 ? S 11:22 0:00 saslauthd
-a pam
root 3510 0.0 0.0 34524 596 ? S 11:22 0:00 saslauthd
-a pam
root 3511 0.0 0.0 34524 596 ? S 11:22 0:00 saslauthd
-a pam
root 3518 0.0 0.0 4116 604 pts/0 S+ 11:26 0:00 grep
saslauthd
root@xxxx:/# saslauthd -v
saslauthd 2.1.23
authentication mechanisms: getpwent pam rimap shadow ldap
root@xxxx:/# perl -MMIME::Base64 -e 'print
encode_base64("\000xxx\@xxx\000xxxxxxx")'
AG1ra0Bta2sAbWtrMTIz
root@xxxx:/# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 xxx.xxx.xx.xx ESMTP Postfix
ehlo localhost
250-xxx.xxx.xx.xx
250-PIPELINING
250-SIZE 15000000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN AG1ra0Bta2sAbWtrMTIz
Connection closed by foreign host.
root@xxxx:/# tail -f var/log/auth
postfix/smtpd[3437]: sql_select option missing
postfix/smtpd[3437]: auxpropfunc error no mechanism available
postfix/smtpd[3437]: _sasl_plugin_load failed on sasl_auxprop_plug_init for
plugin: sql
postfix/smtpd[3437]: auxpropfunc error invalid parameter supplied
postfix/smtpd[3437]: _sasl_plugin_load failed on sasl_auxprop_plug_init for
plugin: ldapdb
root@xxxx:/etc/pam.d# cat smtp
auth required /lib/security/pam_mysql.so user=mailnew passwd=post2011new
host=127.0.0.1 db=postfix table=mailbox usercolumn=username
passwdcolumn=password crypt=1
account sufficient /lib/security/pam_mysql.so user=mailnew
passwd=post2011new host=127.0.0.1 db=postfix table=mailbox
usercolumn=username passwdcolumn=password crypt=1
root@xxxx:/etc/default# cat saslauthd
# This needs to be uncommented before saslauthd will be run automatically
START=yes
PWDIR="/var/state/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"
#PIDFILE="${PWDIR}/saslauthd.pid"
# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"
MECHANISMS="pam"
# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/state/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c"
THREADS=5
#make sure you set the options here otherwise it ignores params above and
will not work
OPTIONS="-c -m /var/state/saslauthd"
root@xxxx:/etc/sysconfig# cat saslauthd
SOCKETDIR=/var/state/saslauthd
MECH=pam
FLAGS="-r"
SMTP configurstions in main.cf
smtp_sasl_mechanism_filter = plain, login
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = /usr/lib64/sasl2
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
root@xxxx:/usr/share/doc/cyrus-sasl-2.1.23/doc# testsaslauthd -u <username>
-p <password>
0: NO "authentication failed"
root@xxxx:/var/log# testsaslauthd -u <username> -p <password> -f
/var/state/saslauthd/
connect() : Connection refused
root@xxxx:# tail -f /var/log/auth
saslauthd[3508]: DEBUG: auth_pam: pam_start failed: Critical error -
immediate abort
saslauthd[3508]: do_auth : auth failure: [user=<username@domain>]
[service=imap] [realm=] [mech=pam] [reason=PAM start error]
testsaslauthd -u username@domain -p xxxx -f /var/state/saslauthd/mux -s smtp
root@mailbackup:/# saslfinger -s
saslfinger - postfix Cyrus sasl configuration Fri May 6 07:37:11 EAT 2011
version: 1.0.2
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.7.2
System: Slackware 13.1.0
-- smtpd is linked to --
libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x00007f970335e000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = /usr/lib64/sasl2
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
-- listing of /usr/lib64/sasl2 --
total 1444
drwxr-xr-x 2 root root 4096 May 5 16:27 .
drwxr-xr-x 9 root root 4096 May 4 16:27 ..
-rw-r--r-- 1 root root 493 Apr 15 11:09 1smtpw
-rwxr-xr-x 1 root root 800 May 4 16:27 libanonymous.la
-rwxr-xr-x 1 root root 65096 May 4 16:27 libanonymous.so
-rwxr-xr-x 1 root root 65096 May 4 16:27 libanonymous.so.2
-rwxr-xr-x 1 root root 65096 May 4 16:27 libanonymous.so.2.0.23
-rwxr-xr-x 1 root root 796 May 4 16:27 libldapdb.la
-rwxr-xr-x 1 root root 65960 May 4 16:27 libldapdb.so
-rwxr-xr-x 1 root root 65960 May 4 16:27 libldapdb.so.2
-rwxr-xr-x 1 root root 65960 May 4 16:27 libldapdb.so.2.0.23
-rwxr-xr-x 1 root root 776 May 4 16:27 liblogin.la
-rwxr-xr-x 1 root root 67354 May 4 16:27 liblogin.so
-rwxr-xr-x 1 root root 67354 May 4 16:27 liblogin.so.2
-rwxr-xr-x 1 root root 67354 May 4 16:27 liblogin.so.2.0.23
-rwxr-xr-x 1 root root 776 May 4 16:27 libplain.la
-rwxr-xr-x 1 root root 67064 May 4 16:27 libplain.so
-rwxr-xr-x 1 root root 67064 May 4 16:27 libplain.so.2
-rwxr-xr-x 1 root root 67064 May 4 16:27 libplain.so.2.0.23
-rwxr-xr-x 1 root root 828 May 4 16:27 libsasldb.la
-rwxr-xr-x 1 root root 115046 May 4 16:27 libsasldb.so
-rwxr-xr-x 1 root root 115046 May 4 16:27 libsasldb.so.2
-rwxr-xr-x 1 root root 115046 May 4 16:27 libsasldb.so.2.0.23
-rwxr-xr-x 1 root root 778 May 4 16:27 libsql.la
-rwxr-xr-x 1 root root 85392 May 4 16:27 libsql.so
-rwxr-xr-x 1 root root 85392 May 4 16:27 libsql.so.2
-rwxr-xr-x 1 root root 85392 May 4 16:27 libsql.so.2.0.23
-rw-r--r-- 1 root root 442 May 5 16:29 smtpd.conf
-- listing of /usr/local/lib/sasl2 --
total 1444
drwxr-xr-x 2 root root 4096 May 5 16:27 .
drwxr-xr-x 9 root root 4096 May 4 16:27 ..
-rw-r--r-- 1 root root 493 Apr 15 11:09 1smtpw
-rwxr-xr-x 1 root root 800 May 4 16:27 libanonymous.la
-rwxr-xr-x 1 root root 65096 May 4 16:27 libanonymous.so
-rwxr-xr-x 1 root root 65096 May 4 16:27 libanonymous.so.2
-rwxr-xr-x 1 root root 65096 May 4 16:27 libanonymous.so.2.0.23
-rwxr-xr-x 1 root root 796 May 4 16:27 libldapdb.la
-rwxr-xr-x 1 root root 65960 May 4 16:27 libldapdb.so
-rwxr-xr-x 1 root root 65960 May 4 16:27 libldapdb.so.2
-rwxr-xr-x 1 root root 65960 May 4 16:27 libldapdb.so.2.0.23
-rwxr-xr-x 1 root root 776 May 4 16:27 liblogin.la
-rwxr-xr-x 1 root root 67354 May 4 16:27 liblogin.so
-rwxr-xr-x 1 root root 67354 May 4 16:27 liblogin.so.2
-rwxr-xr-x 1 root root 67354 May 4 16:27 liblogin.so.2.0.23
-rwxr-xr-x 1 root root 776 May 4 16:27 libplain.la
-rwxr-xr-x 1 root root 67064 May 4 16:27 libplain.so
-rwxr-xr-x 1 root root 67064 May 4 16:27 libplain.so.2
-rwxr-xr-x 1 root root 67064 May 4 16:27 libplain.so.2.0.23
-rwxr-xr-x 1 root root 828 May 4 16:27 libsasldb.la
-rwxr-xr-x 1 root root 115046 May 4 16:27 libsasldb.so
-rwxr-xr-x 1 root root 115046 May 4 16:27 libsasldb.so.2
-rwxr-xr-x 1 root root 115046 May 4 16:27 libsasldb.so.2.0.23
-rwxr-xr-x 1 root root 778 May 4 16:27 libsql.la
-rwxr-xr-x 1 root root 85392 May 4 16:27 libsql.so
-rwxr-xr-x 1 root root 85392 May 4 16:27 libsql.so.2
-rwxr-xr-x 1 root root 85392 May 4 16:27 libsql.so.2.0.23
-rw-r--r-- 1 root root 442 May 5 16:29 smtpd.conf
-- content of /usr/lib64/sasl2/smtpd.conf --
#Global Parameters
log_level: 7
allow_plaintext: true
pwcheck_method: saslauthd
auxprop_plugin: mysql
mech_list: plain login
sql_engine: mysql
sql_database: postfix
sql_user: --- replaced ---
sql_hostnames:127.0.0.1
sql_passwd: --- replaced ---
sql_select: select password from mailbox where username='%u@%r' AND active
='1'
# --------- saslauthd parameters-------------#
saslauthd_path : /var/state/saslauthd/mux
#saslauthd_path : /var/state/saslauthd
-- content of /usr/local/lib/sasl2/smtpd.conf --
#Global Parameters
log_level: 7
allow_plaintext: true
pwcheck_method: saslauthd
auxprop_plugin: mysql
mech_list: plain login
sql_engine: mysql
sql_database: postfix
sql_user: --- replaced ---
sql_hostnames:127.0.0.1
sql_passwd: --- replaced ---
sql_select: select password from mailbox where username='%u@%r' AND active
='1'
# --------- saslauthd parameters-------------#
saslauthd_path : /var/state/saslauthd/mux
#saslauthd_path : /var/state/saslauthd
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - - smtpd -v
-o smtpd_sasl_auth_enable=yes
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=ODRhu user=popmail:popmail argv=/usr/bin/maildrop -w 90 -d ${user}@
${nexthop}
${extension} ${recipient} ${user} ${nexthop}
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
-- mechanisms on localhost --
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
-- end of saslfinger output --
strace testsaslauthd -u username@domain -p xxxx -f /var/state/saslauthd/mux
-s smtp
root@xxxxx:/# strace testsaslauthd -u username@domain -p xxx -f
/var/state/saslauthd/mux -s smtp
execve("/usr/local/sbin/testsaslauthd", ["testsaslauthd", "-u", "
m...@bedrock.mak.ac.ug", "-p", "mkk123", "-f", "/var/state/saslauthd/mux",
"-s", "smtp"], [/* 31 vars */]) = 0
brk(0) = 0x603000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f45270b0000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
directory)
open("/usr/local/ssl/lib64/tls/x86_64/libmysqlclient.so.16", O_RDONLY) = -1
ENOENT (No such file or directory)
stat("/usr/local/ssl/lib64/tls/x86_64", 0x7fff74afb020) = -1 ENOENT (No such
file or directory)
open("/usr/local/ssl/lib64/tls/libmysqlclient.so.16", O_RDONLY) = -1 ENOENT
(No such file or directory)
stat("/usr/local/ssl/lib64/tls", 0x7fff74afb020) = -1 ENOENT (No such file
or directory)
open("/usr/local/ssl/lib64/x86_64/libmysqlclient.so.16", O_RDONLY) = -1
ENOENT (No such file or directory)
stat("/usr/local/ssl/lib64/x86_64", 0x7fff74afb020) = -1 ENOENT (No such
file or directory)
open("/usr/local/ssl/lib64/libmysqlclient.so.16", O_RDONLY) = -1 ENOENT (No
such file or directory)
stat("/usr/local/ssl/lib64", 0x7fff74afb020) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=92764, ...}) = 0 , ...etc
root@xxxx:/# testsaslauthd -u username@domain -p xxxxxx -f
/var/state/saslauthd/mux -s smtp
connect() : No such file or directory
How can i fix this to confirm that mysql is being queried when saslauthd is
run, so pam_mysql is doing its job.
Thanx in advance
