postfix + saslauthd: SASL PLAIN authentication failed: no mechanism available
Dan White
dwhite at olp.net
Thu Dec 1 13:00:44 EST 2011
On 01/12/11 12:34 +0100, Ana Díez wrote:
>Hi,
>
>I'm working to configure SASL (2.1.25) with Postfix 2.7.1. in Solaris 10.
>
>I'm running saslauthd with ldap:
>
> /usr/local/sbin/saslauthd -a ldap
>
>And running manually "testsaslauthd" works ok
># /usr/local/sbin/testsaslauthd -u xxxx -p xxxxx
>0: OK "Success."
>
>But Postfix seems to ignore the "pwcheck_method". Although I set it as
>"saslauthd", I receive "could not find auxprop plugin, was searching for
>'[all]'", "SASL PLAIN authentication failed: no mechanism available" im my
>logs.
>
>The file /usr/local/lib/sasl2/smtpd.conf:
I believe Postfix overwrites the confdir path via a callback. It appears
that it is:
*path = concatenate(var_config_dir, "/", "sasl:/usr/lib/sasl2", (char *) 0);
For example:
/etc/postfix/sasl:/usr/lib/sasl2
You'll need to place your smtpd.conf file into one of those two directories
for libsasl2 to see it.
>pwcheck_method: saslauthd
>mech_list: PLAIN LOGIN
>saslauthd_path: /var/state/saslauthd/
saslauthd_path should include the full path to the mux, e.g.:
saslauthd_path: /var/state/saslauthd/mux
If you happen to be running postfix chrooted (within master.cf), then that
will affect where postfix (and libsasl2) will look for the saslauthd mux.
>The Postfix configuration:
>
># postconf -n | grep sasl
>broken_sasl_auth_clients = yes
>smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_relay_domains
>smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_relay_domains, reject_non_fqdn_recipient
>smtpd_sasl_auth_enable = yes
>smtpd_sasl_path = smtpd
>smtpd_sasl_security_options = noanonymous
>smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
Patrick's 'saslfinger' script might help to catch some other problems.
--
Dan White
More information about the Cyrus-sasl
mailing list