Hello Wietse,
thanks for your hint to decode base64 encoded login string. My client was
command line and by decoding my encoded login string I recognized that I
missed to escape '@' character - thus my login string was incomplete. Now
both smtp and imap client authentication work properly.
Thanks for your help!
Regards,
Quirin
2014-08-24 16:44 GMT+02:00 Wietse Venema <wie...@porcupine.org>:
> Quirin Maier:
> > Hello,
> >
> > I've setup dovecot and postfix using dovecot sasl on samba4 ldap backend.
> > I'd like to authenticate with user's email address as login. While
> dovecot
> > authentication works,
> > postfix authentication fails on 'AUTH PLAIN ...' with '535 5.7.8 Error:
> > authentication failed:' Dovecot's debug log file shows:
> >
> > Aug 24 15:12:59 auth: Debug: client in: AUTH 1 PLAIN service=smtp nologin
> > lip=xxx.xxx.xxx.xxx rip=xxx.xxx.xxx.xxx secured resp=<hidden>
> > Aug 24 15:13:01 auth: Debug: client passdb out: FAIL 1 user=domain.tld
>
> The base64-encoded content of the <hidden> text is exactly what
> your SMTP client sends in the "AUTH PLAIN" command. Postfix passes
> it through unchanged, without even trying to decode the string.
>
> Thus, if your SMTP client sends a username of "domain.tld" then
> your SMTP client is mis-configured.
>
> To view the content of the <hidden> text:
>
> perl -MMIME::Base64 -e \
> 'print decode_base64("AHVzZXJuYW1lAHBhc3N3b3Jk");' | od -cb
>
> (replace AHVzZXJuYW1lAHBhc3N3b3Jk with your logged response string).
>
> The result will look like:
>
> 0000000 \0 u s e r n a m e \0 p a s s w
> o
> 000 165 163 145 162 156 141 155 145 000 160 141 163 163 167
> 157
> 0000020 r d
> 162 144
>
> In case you tried changing the Postfix smtpd_sasl_local_domain
> parameter, that has no effect for Dovecot authentication; it is
> used only with the Cyrus SASL adapter. At least. that's what happens
> with Postfix as distributed by me. I can't speak for improvements
> made by down-stream distributors.
>
> Wietse
