Additional information about RV: login problem

Arturo Mardones arturo.mardones at coretech.cl
Thu Feb 12 10:29:55 EST 2004 

Hi again!

When use testsaslauthd -u user.domain.cl -p password throw me error: 0:
NO "authentication failed"

And logs same errors...: 

Feb 12 11:57:56 LXPROD01 saslauthd[28901]: pam_sm_authenticate called.
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: dbuser changed.
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: dbpasswd changed.
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: host changed.
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: database changed.
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: table changed.
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: usercolumn changed.
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: passwdcolumn changed.
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: crypt changed.
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: logtable changed.
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: logmsgcolumn changed.
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: logusercolumn changed.
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: loghostcolumn changed.
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: logpidcolumn changed.
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: logtimecolumn changed.
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: db_connect  called.
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: returning 0 .
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: db_checkpasswd called.
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: pam_mysql: where clause =
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: SELECT password FROM
accountuser WHERE username= 'user.domain.cl'
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: returning 7 .
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: returning 7 after
db_checkpasswd.
Feb 12 11:57:56 LXPROD01 saslauthd[28901]: do_auth         : auth
failure: [user=user.domain.cl] [service=imap] [realm=] [mech=pam]
[reason=PAM auth error]

Thanks for any clue... solution... idea... etc... etc...

Arturo.

-----Mensaje original-----
De: Christian Beilstein [mailto:cbeilstein at gmx.ch] 
Enviado el: Jueves, 12 de Febrero de 2004 10:49
Para: Arturo Mardones
Asunto: Re: Additional information about RV: login problem

Am Donnerstag, 12. Februar 2004 14.00 schrieb Arturo Mardones:
> Hi!...
>
> When i change on imapd.conf sasl_pwcheck_method for
> imapsasl_pwcheck_method  in messages log there this:
>
> badlogin: [192.168.2.24] plaintext user.domain.cl SASL(-13): user not
> found: checkpass failed
>
> but when is sasl... throw:
>
>
> Feb 12 09:44:09 LXPROD01 saslauthd[2480]: SELECT password FROM
> accountuser WHERE username='user.domain.cl'
> Feb 12 09:44:09 LXPROD01 saslauthd[2480]: returning 7 .
> Feb 12 09:44:09 LXPROD01 saslauthd[2480]: returning 7 after
> db_checkpasswd.
> Feb 12 09:44:09 LXPROD01 saslauthd[2480]: do_auth         : auth
> failure: [user=user.domain.cl] [service=imap] [realm=] [mech=pam]
> [reason=PAM auth error]
> badlogin: [192.168.2.24] plaintext user.domain.cl SASL(-13): user not
> found: checkpass failed

that's looking good ;-) saslauthd is trying to authenticate via
pam_mysql. So 
you should start saslauthd with flage "-d" to enable the debugging mode
and 
check the logs again after another try.
Maybe you will find there a line like:
saslauth[xxxxx]: DEBUG: auth_pam: pam_authenticate failed: Permission
denied
Then check your mysql settings in /etc/pam.d/imap.

Another way to debug the problem is to test saslauthd with the program 
"testsaslauthd". Either this program is preinstalled or you have to
compile 
it (its somwhere in the source dir)
testsaslauth -u user.domain.cl -p hispassword
you should get 
0: OK "Success."
if everything is configured well.

good luck

chris
>
> Thanks for any help... I googling but cant find any answer...
>
> Arturo.
>
> -----Mensaje original-----
> De: Arturo Mardones [mailto:arturo.mardones at coretech.cl]
> Enviado el: Jueves, 12 de Febrero de 2004 9:33
> Para: 'Christian Beilstein'
> CC: 'info-cyrus at lists.andrew.cmu.edu'
> Asunto: RE: login problem
>
> Hi,
>
> Thanks for your answer!!, I follow that howto but in imapd.conf I've
> sasl_pwcheck_method: saslauthd and in imap file have two lines
> additional:
>
> auth sufficient pam_unix_auth.so
>
> account  sufficient       pam_unix_acct.so
>
> when make this changes... in messages log throw me this error:
>
> unable to open Berkeley db
>
> > /etc/sasldb2: Permission denied
>
> then I make chown cyrus:mail /etc/sasldb2
>
> and now throw me in messages and imap log :
>
> badlogin: [192.168.2.24] plaintext user.domain.cl SASL(-13): user not
> found: checkpass failed
>
>
> but whit this I use Berkeley db, and I want use the users created in
> mysql with webcyradm.
>
> Thanks for your help,
>
>
> Arturo.
>
> -----Mensaje original-----
> De: Christian Beilstein [mailto:cbeilstein at gmx.ch]
> Enviado el: Miércoles, 11 de Febrero de 2004 18:54
> Para: arturo.mardones at coretech.cl
> CC: info-cyrus at lists.andrew.cmu.edu
> Asunto: Re: login problem
>
> > Hi,
> >
> > When try connect me from MUA in messages log through this error:
> >
> > Feb 11 17:11:40 mymachine imap(pam_unix)[3395]: could not identify
>
> user (from getpwnam(user.domain.cl))
>
> > Exist any way that cyrus take users created in mysql and not mapped
>
> over linux users??
>
> yes, there is a way (using pam): use the module pam_mysql (google
knows
> where to find it ;-)
>
> set in /etc/imapd.conf:
>
> imapsasl_pwcheck_method: saslauthd
>
> start:
> saslauthd -a pam
>
> and configure pam_mysql the way you want to use it, eg in
> /etc/pam.d/imap
>
> #%PAM-1.0
> auth     sufficient     pam_mysql.so    user=username passwd=mysecret
> host=localhost db=mail table=accountuser usercolumn=username
> passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg
> logusercolumn=user loghostcolumn=host
> account  required       pam_mysql.so    user=username passwd=mysecret
> host=localhost db=mail table=accountuser usercolumn=username
> passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg
> logusercolumn=user loghostcolumn=host
>
> I would recommend to read the Postfix-Cyrus-Web-cyradmin-Howto; i've
> taken my configuration from there (and im using SuSE8.2, so the paths
> are takem from there)
>
> greez
>
> Chris
>
> > Thanks in advance.
> >
> > Arturo
> >
> > ---
> > Home Page: http://asg.web.cmu.edu/cyrus
> > Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
> ---
> Home Page: http://asg.web.cmu.edu/cyrus
> Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

-- 
Christian Beilstein
Albertus-Walderweg 30
CH-8606 Greifensee
phone: +4119409675
mobile: +41763659675
e-mail: cbeilstein at gmx.ch



---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list