Re: smtp authentication with cyrus sasl2.1.23 and pam-mysql

Fri, 06 May 2011 14:00:37 -0700 

On Fri, May 06, 2011 at 02:44:24PM +0300, kibirango moses wrote:
> Errors in the /var/log/auth:
> root@mailbackup:/usr/local/lib/sasl2# testsaslauthd -u
> m...@bedrock.mak.ac.ug -p mkk123 -f /var/state/saslauthd/mux -s smtp
> 0: NO "authentication failed"
> root@mailbackup:/usr/local/lib/sasl2# tail -f /var/log/auth
> May  6 14:16:41 mailbkp postfix/smtpd[16252]: _sasl_plugin_load failed
> on sasl_auxprop_plug_init for plugin: sql
> May  6 14:16:41 mailbkp postfix/smtpd[16252]: auxpropfunc error
> invalid parameter supplied
> May  6 14:16:41 mailbkp postfix/smtpd[16252]: _sasl_plugin_load failed
> on sasl_auxprop_plug_init for plugin: ldapdb
> May  6 14:19:17 mailbkp postfix/smtpd[16391]: sql_select option missing
> May  6 14:19:17 mailbkp postfix/smtpd[16391]: auxpropfunc error no
> mechanism available
> May  6 14:19:17 mailbkp postfix/smtpd[16391]: _sasl_plugin_load failed
> on sasl_auxprop_plug_init for plugin: sql
> May  6 14:19:17 mailbkp postfix/smtpd[16391]: auxpropfunc error
> invalid parameter supplied
> May  6 14:19:17 mailbkp postfix/smtpd[16391]: _sasl_plugin_load failed
> on sasl_auxprop_plug_init for plugin: ldapdb
> May  6 14:31:15 mailbkp saslauthd[16186]: DEBUG: auth_pam:
> pam_authenticate failed: User not known to the underlying
> authentication module

That makes it look like a SASL+PAM+Mysql problem. But I think there 
may be other problems too.

> May  6 14:31:15 mailbkp saslauthd[16186]: do_auth         : auth
> failure: [user=m...@bedrock.mak.ac.ug] [service=smtp] [realm=]
> [mech=pam] [reason=PAM auth error]
> 
> 
> 
> 
> On 5/6/11, kibirango moses <kibsmo...@gmail.com> wrote:
> > Hullo Jerry ,
> > Below are my output of saslfinger -s command
> >
> > saslfinger - postfix Cyrus sasl configuration Fri May  6 14:19:17 EAT 2011
> > version: 1.0.2
> > mode: server-side SMTP AUTH
> >
> > -- basics --
> > Postfix: 2.7.2
> > System: Slackware 13.1.0

Slackware does not use PAM. Of course PAM can be added in as desired, 
but that will only work if you did it. Did you? Discussion of the 
high-level goal would probably help. Why are you needing Mysql as a 
data source for PAM, and why did you choose a non-PAM OS on which to 
implement this?

> > -- smtpd is linked to --
> >         libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x00007fb148c67000)

And this means you're not using the Slackware Cyrus SASL package, you 
seem to have compiled your own (linking against PAM?)

> > -- active SMTP AUTH and TLS parameters for smtpd --
> > broken_sasl_auth_clients = yes
> > smtpd_sasl_auth_enable = yes
> > smtpd_sasl_authenticated_header = yes
> > smtpd_sasl_local_domain = $myhostname
> > smtpd_sasl_path = /usr/lib64/sasl2

But this path is wrong! That's not your PAM-linked SASL, that is 
Slackware's SASL.

> > smtpd_sasl_security_options = noanonymous
> > smtpd_sasl_type = cyrus
> >
> >
> > -- listing of /usr/lib64/sasl2 --
> > total 1444
> > drwxr-xr-x 2 root root   4096 May  6 14:19 .
> > drwxr-xr-x 9 root root   4096 May  4 16:27 ..
> > -rw-r--r-- 1 root root    493 Apr 15 11:09 1smtpw
> > -rwxr-xr-x 1 root root    800 May  4 16:27 libanonymous.la
> > -rwxr-xr-x 1 root root  65096 May  4 16:27 libanonymous.so
> > -rwxr-xr-x 1 root root  65096 May  4 16:27 libanonymous.so.2
> > -rwxr-xr-x 1 root root  65096 May  4 16:27 libanonymous.so.2.0.23
> > -rwxr-xr-x 1 root root    796 May  4 16:27 libldapdb.la
> > -rwxr-xr-x 1 root root  65960 May  4 16:27 libldapdb.so
> > -rwxr-xr-x 1 root root  65960 May  4 16:27 libldapdb.so.2
> > -rwxr-xr-x 1 root root  65960 May  4 16:27 libldapdb.so.2.0.23
> > -rwxr-xr-x 1 root root    776 May  4 16:27 liblogin.la
> > -rwxr-xr-x 1 root root  67354 May  4 16:27 liblogin.so
> > -rwxr-xr-x 1 root root  67354 May  4 16:27 liblogin.so.2
> > -rwxr-xr-x 1 root root  67354 May  4 16:27 liblogin.so.2.0.23
> > -rwxr-xr-x 1 root root    776 May  4 16:27 libplain.la
> > -rwxr-xr-x 1 root root  67064 May  4 16:27 libplain.so
> > -rwxr-xr-x 1 root root  67064 May  4 16:27 libplain.so.2
> > -rwxr-xr-x 1 root root  67064 May  4 16:27 libplain.so.2.0.23
> > -rwxr-xr-x 1 root root    828 May  4 16:27 libsasldb.la
> > -rwxr-xr-x 1 root root 115046 May  4 16:27 libsasldb.so
> > -rwxr-xr-x 1 root root 115046 May  4 16:27 libsasldb.so.2
> > -rwxr-xr-x 1 root root 115046 May  4 16:27 libsasldb.so.2.0.23
> > -rwxr-xr-x 1 root root    778 May  4 16:27 libsql.la
> > -rwxr-xr-x 1 root root  85392 May  4 16:27 libsql.so
> > -rwxr-xr-x 1 root root  85392 May  4 16:27 libsql.so.2
> > -rwxr-xr-x 1 root root  85392 May  4 16:27 libsql.so.2.0.23
> > -rw-r--r-- 1 root root    442 May  6 14:12 smtpd.conf
> >
> > -- listing of /usr/local/lib/sasl2 --
> > total 1444
> > drwxr-xr-x 2 root root   4096 May  6 14:19 .
> > drwxr-xr-x 9 root root   4096 May  4 16:27 ..
> > -rw-r--r-- 1 root root    493 Apr 15 11:09 1smtpw
> > -rwxr-xr-x 1 root root    800 May  4 16:27 libanonymous.la
> > -rwxr-xr-x 1 root root  65096 May  4 16:27 libanonymous.so
> > -rwxr-xr-x 1 root root  65096 May  4 16:27 libanonymous.so.2
> > -rwxr-xr-x 1 root root  65096 May  4 16:27 libanonymous.so.2.0.23
> > -rwxr-xr-x 1 root root    796 May  4 16:27 libldapdb.la
> > -rwxr-xr-x 1 root root  65960 May  4 16:27 libldapdb.so
> > -rwxr-xr-x 1 root root  65960 May  4 16:27 libldapdb.so.2
> > -rwxr-xr-x 1 root root  65960 May  4 16:27 libldapdb.so.2.0.23
> > -rwxr-xr-x 1 root root    776 May  4 16:27 liblogin.la
> > -rwxr-xr-x 1 root root  67354 May  4 16:27 liblogin.so
> > -rwxr-xr-x 1 root root  67354 May  4 16:27 liblogin.so.2
> > -rwxr-xr-x 1 root root  67354 May  4 16:27 liblogin.so.2.0.23
> > -rwxr-xr-x 1 root root    776 May  4 16:27 libplain.la
> > -rwxr-xr-x 1 root root  67064 May  4 16:27 libplain.so
> > -rwxr-xr-x 1 root root  67064 May  4 16:27 libplain.so.2
> > -rwxr-xr-x 1 root root  67064 May  4 16:27 libplain.so.2.0.23
> > -rwxr-xr-x 1 root root    828 May  4 16:27 libsasldb.la
> > -rwxr-xr-x 1 root root 115046 May  4 16:27 libsasldb.so
> > -rwxr-xr-x 1 root root 115046 May  4 16:27 libsasldb.so.2
> > -rwxr-xr-x 1 root root 115046 May  4 16:27 libsasldb.so.2.0.23
> > -rwxr-xr-x 1 root root    778 May  4 16:27 libsql.la
> > -rwxr-xr-x 1 root root  85392 May  4 16:27 libsql.so
> > -rwxr-xr-x 1 root root  85392 May  4 16:27 libsql.so.2
> > -rwxr-xr-x 1 root root  85392 May  4 16:27 libsql.so.2.0.23
> > -rw-r--r-- 1 root root    442 May  6 14:12 smtpd.conf
> >
> >
> >
> >
> > -- content of /usr/lib64/sasl2/smtpd.conf --
> > #Global Parameters
> > log_level: 7
> > allow_plaintext: true
> > pwcheck_method: saslauthd
> > auxprop_plugin: mysql
> > mech_list: plain login
> > sql_engine: mysql
> > sql_database: postfix
> > sql_user: --- replaced ---
> > sql_hostnames:127.0.0.1
> > sql_passwd: --- replaced ---
> > sql_select: select password from mailbox where username='%u@%r' AND active
> > ='1'
> > # --------- saslauthd parameters-------------#
> > saslauthd_path : /var/state/saslauthd/mux
> > #saslauthd_path : /var/state/saslauthd
> >
> >
> > -- content of /usr/local/lib/sasl2/smtpd.conf --
> > #Global Parameters
> > log_level: 7
> > allow_plaintext: true
> > pwcheck_method: saslauthd
> > auxprop_plugin: mysql
> > mech_list: plain login
> > sql_engine: mysql
> > sql_database: postfix
> > sql_user: --- replaced ---
> > sql_hostnames:127.0.0.1
> > sql_passwd: --- replaced ---
> > sql_select: select password from mailbox where username='%u@%r' AND active
> > ='1'
> > # --------- saslauthd parameters-------------#
> > saslauthd_path : /var/state/saslauthd/mux
> > #saslauthd_path : /var/state/saslauthd
> >
> >
> >
> > -- active services in /etc/postfix/master.cf --
> > # service type  private unpriv  chroot  wakeup  maxproc command + args
> > #               (yes)   (yes)   (yes)   (never) (100)
> > smtp      inet  n       -       n       -       -       smtpd -v
> >   -o smtpd_sasl_auth_enable=yes
> > pickup    fifo  n       -       n       60      1       pickup
> > cleanup   unix  n       -       n       -       0       cleanup
> > qmgr      fifo  n       -       n       300     1       qmgr
> > tlsmgr    unix  -       -       n       1000?   1       tlsmgr
> > rewrite   unix  -       -       n       -       -       trivial-rewrite
> > bounce    unix  -       -       n       -       0       bounce
> > defer     unix  -       -       n       -       0       bounce
> > trace     unix  -       -       n       -       0       bounce
> > verify    unix  -       -       n       -       1       verify
> > flush     unix  n       -       n       1000?   0       flush
> > proxymap  unix  -       -       n       -       -       proxymap
> > proxywrite unix -       -       n       -       1       proxymap
> > smtp      unix  -       -       n       -       -       smtp
> > relay     unix  -       -       n       -       -       smtp
> >         -o smtp_fallback_relay=
> > showq     unix  n       -       n       -       -       showq
> > error     unix  -       -       n       -       -       error
> > retry     unix  -       -       n       -       -       error
> > discard   unix  -       -       n       -       -       discard
> > local     unix  -       n       n       -       -       local
> > virtual   unix  -       n       n       -       -       virtual
> > lmtp      unix  -       -       n       -       -       lmtp
> > anvil     unix  -       -       n       -       1       anvil
> > scache    unix  -       -       n       -       1       scache
> > maildrop  unix  -       n       n       -       -       pipe
> >   flags=ODRhu user=popmail:popmail argv=/usr/bin/maildrop -w 90 -d
> > ${user}@${nexthop}
> >    ${extension} ${recipient} ${user} ${nexthop}
> > cyrus     unix  -       n       n       -       -       pipe
> >   user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension}
> > ${user}
> > old-cyrus unix  -       n       n       -       -       pipe
> >   flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
> >
> > -- mechanisms on localhost --
> > 250-AUTH PLAIN LOGIN
> > 250-AUTH=PLAIN LOGIN
> >
> >
> > -- end of saslfinger output --

-- 
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header

Reply via email to