<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:12.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="DE" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Dear all,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">I have a question of my configuration,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">we’re using multiple domains and the users are stored on our samba ad dc server.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">In past I wanted to prevent the issue, that user can login with their username and not with a fqdn mail address.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">I had solved this issue by editing the /etc/default/saslauthd service file and added ‚-r‘ at options in the end:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">#<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># Settings for saslauthd daemon<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># Please read /usr/share/doc/sasl2-bin/README.Debian for details.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">#<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># Should saslauthd run automatically on startup? (default: no)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">START=yes<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># Description of this saslauthd instance. Recommended.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># (suggestion: SASL Authentication Daemon)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">DESC="SASL Authentication Daemon"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># Short name of this saslauthd instance. Strongly recommended.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># (suggestion: saslauthd)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">NAME="saslauthd"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># Which authentication mechanisms should saslauthd use? (default: pam)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">#<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># Available options in this Debian package:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># getpwent -- use the getpwent() library function<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># kerberos5 -- use Kerberos 5<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># pam -- use PAM<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># rimap -- use a remote IMAP server<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># shadow -- use the local shadow password file<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># sasldb -- use the local sasldb database file<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># ldap -- use LDAP (configuration is in /etc/saslauthd.conf)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">#<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># Only one option may be used at a time. See the saslauthd man page<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># for more information.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">#<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># Example: MECHANISMS="pam"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">MECHANISMS="ldap"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># Additional options for this mechanism. (default: none)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># See the saslauthd man page for information about mech-specific options.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">MECH_OPTIONS=""<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># How many saslauthd processes should we run? (default: 5)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># A value of 0 will fork a new process for each connection.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">THREADS=5<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># Other options (default: -c -m /var/run/saslauthd)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># Note: You MUST specify the -m option or saslauthd won't run!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">#<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># WARNING: DO NOT SPECIFY THE -d OPTION.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># The -d option will cause saslauthd to run in the foreground instead of as<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># to run saslauthd in debug mode, please run it by hand to be safe.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">#<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># See the saslauthd man page and the output of 'saslauthd -h' for general<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># information about these options.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">#<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">#<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># To know if your Postfix is running chroot, check /etc/postfix/master.cf.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># then your Postfix is running in a chroot.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"># running in a chroot.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">OPTIONS="-r -c -m /var/run/saslauthd"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">My saslauthd.config file here use an other filter than default one:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">ldap_servers: ldap://XXXXX<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">ldap_search_base: dc= XXX,dc=dir<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">#ldap_filter: sAMAccountName=%U<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">ldap_filter: userPrincipalName=%u<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">#ldap_version: 3<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">ldap_auth_method: bind<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">ldap_bind_dn: cn=Administrator,cn=Users,dc=XXX,dc=dir<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">ldap_bind_pw: XXX<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">#ldap_scope: sub<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">ldap_debug: -1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Here I have problem this config works fine all users can only sign in with their full e-mail address
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">So <a href="mailto:max.murry@web.de">
max.murry@web.de</a> can login AND<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Max.murry can’t login. <br>
<br>
This is working fine,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">but when I want to use cyradm I need to switch the filter on /etc/saslauthd.conf to sAMAccountName=%U<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">If I don’t do this I can’t access the cyradm tool, perhaps someone could help here?
<br>
I think the problem is here the same, authentication are only allowed with a fqdn but the linux user cyrus has no domain ending.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Best Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">David Faller<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
</div>
</body>
</html>