Great Fun With Cyrus-IMAP, SASLAUTHD, and PAM-SMB

Dick Davies rasputnik at hellooperator.net
Wed Dec 1 17:15:01 EST 2004 

* Robert Lubbers <rlubbers at borg.com> [1208 22:08]:
> What I am trying to do in a nutshell is to set up an IMAP/SMTP-AUTH 
> server for a small company using Cyrus-IMAP, and to have the mail 
> accounts authenticate off of a Windows domain controller.   The SMB PAM 
> module appears to be working well, as I have been able to get the POP 
> server module of the Cyrus server to authenticate off of the Windows 
> DC.  That us to say, I can do this...
 
> However, when I try to attach to the IMAP server, I get this:
> 
> Trying 127.0.0.1...
> Connected to localhost.Dec  1 16:36:50
> Escape character is '^]'.
> * OK exchange.booriley.com Cyrus IMAP4 v2.2.9 server ready
> . login booriley booriley
> . NO Login failed: can't request info until later in exchange
> 
> But I get **exactly the same message** in the /var/log/secure.log:
> 
> Dec  1 16:36:50 exchange saslauthd[26153]: rel_accept_lock : released 
> accept lock
> Dec  1 16:36:50 exchange saslauthd[26155]: get_accept_lock : acquired 
> accept lock
> Dec  1 16:36:50 exchange imap(pam_unix)[26153]: authentication failure; 
> logname= uid=0 euid=0 tty= ruser= rhost=  user=booriley
> Dec  1 16:36:50 exchange saslauthd[26153]: No Local authentication done, 
> relying on other modules for password file entry.
> Dec  1 16:36:50 exchange pamsmbd[1872]: cache_check: found entry 
> checking passwords
> Dec  1 16:36:50 exchange pamsmbd[1872]: cache_check: found entry
> Dec  1 16:36:50 exchange pamsmbd[1872]: cache_check: account valid
> Dec  1 16:36:50 exchange saslauthd[26153]: pamsmbd: Got something back... 0
> Dec  1 16:36:50 exchange saslauthd[26153]: pam_smb: got back 0 username  
> booriley
> Dec  1 16:36:50 exchange saslauthd[26153]: do_auth         : auth 
> success: [user=booriley] [service=imap] [realm=] [mech=pam]
> Dec  1 16:36:50 exchange saslauthd[26153]: do_request      : response: OK
> 
> Strange world, huh?

Since the timestamps are the same, are you sure you're not just reading
the old messages from the pop session?
 
> Also, I have to change the  sasl_pwcheck_method:  from "saslauthd" to 
> "auxprop" if I want to add a user through  cyradm.  This wouldn't be a 
> deal breaker, but I have to stop the process , change the imapd.conf 
> file, add the user, do my configuration, and restart the process, and it 
> isn't very elegant.

I'm guessing that's because there isn't a 'cyrus' user defined in the directory.
Probably worth getting one setup.
 
-- 
When you have to kill a man it costs nothing to be polite.
 - Winston Churchill, On formal declarations of war
Rasputin :: Jack of All Trades - Master of Nuns
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list