postfix + saslauthd: SASL PLAIN authentication failed: no mechanism available

[Dan White]

On 01/12/11 12:34 +0100, Ana Díez wrote:
>Hi,
>
>I'm working to configure SASL (2.1.25) with Postfix 2.7.1. in Solaris 10.
>
>I'm running saslauthd with ldap:
>
> /usr/local/sbin/saslauthd -a ldap
>
>And running manually "testsaslauthd" works ok
># /usr/local/sbin/testsaslauthd -u xxxx -p xxxxx
>0: OK "Success."
>
>But Postfix seems to ignore the "pwcheck_method". Although I set it as
>"saslauthd", I receive "could not find auxprop plugin, was searching for
>'[all]'", "SASL PLAIN authentication failed: no mechanism available" im my
>logs.
>
>The file /usr/local/lib/sasl2/smtpd.conf:

I believe Postfix overwrites the confdir path via a callback. It appears
that it is:

*path = concatenate(var_config_dir, "/", "sasl:/usr/lib/sasl2", (char *) 0);

For example:

/etc/postfix/sasl:/usr/lib/sasl2

You'll need to place your smtpd.conf file into one of those two directories
for libsasl2 to see it.

>pwcheck_method: saslauthd
>mech_list: PLAIN LOGIN
>saslauthd_path: /var/state/saslauthd/

saslauthd_path should include the full path to the mux, e.g.:

saslauthd_path: /var/state/saslauthd/mux

If you happen to be running postfix chrooted (within master.cf), then that
will affect where postfix (and libsasl2) will look for the saslauthd mux.

>The Postfix configuration:
>
># postconf -n | grep sasl
>broken_sasl_auth_clients = yes
>smtpd_client_restrictions = permit_mynetworks,  permit_sasl_authenticated,      reject_unauth_destination,      check_relay_domains
>smtpd_recipient_restrictions = permit_mynetworks,        permit_sasl_authenticated,     check_relay_domains,    reject_non_fqdn_recipient
>smtpd_sasl_auth_enable = yes
>smtpd_sasl_path = smtpd
>smtpd_sasl_security_options = noanonymous
>smtpd_sasl_tls_security_options = $smtpd_sasl_security_options

Patrick's 'saslfinger' script might help to catch some other problems.

-- 
Dan White