Additional information about RV: login problem

Christian Beilstein cbeilstein at gmx.ch
Thu Feb 12 08:51:29 EST 2004 

> Hi!...
>
> When i change on imapd.conf sasl_pwcheck_method for
> imapsasl_pwcheck_method  in messages log there this:
>
> badlogin: [192.168.2.24] plaintext user.domain.cl SASL(-13): user not
> found: checkpass failed
>
> but when is sasl... throw:
>
>
> Feb 12 09:44:09 LXPROD01 saslauthd[2480]: SELECT password FROM
> accountuser WHERE username='user.domain.cl'
> Feb 12 09:44:09 LXPROD01 saslauthd[2480]: returning 7 .
> Feb 12 09:44:09 LXPROD01 saslauthd[2480]: returning 7 after
> db_checkpasswd.
> Feb 12 09:44:09 LXPROD01 saslauthd[2480]: do_auth         : auth
> failure: [user=user.domain.cl] [service=imap] [realm=] [mech=pam]
> [reason=PAM auth error]
> badlogin: [192.168.2.24] plaintext user.domain.cl SASL(-13): user not
> found: checkpass failed

that's looking good ;-) saslauthd is trying to authenticate via pam_mysql. So 
you should start saslauthd with flage "-d" to enable the debugging mode and 
check the logs again after another try.
Maybe you will find there a line like:
saslauth[xxxxx]: DEBUG: auth_pam: pam_authenticate failed: Permission denied
Then check your mysql settings in /etc/pam.d/imap.

Another way to debug the problem is to test saslauthd with the program 
"testsaslauthd". Either this program is preinstalled or you have to compile 
it (its somwhere in the source dir)
testsaslauth -u user.domain.cl -p hispassword
you should get 
0: OK "Success."
if everything is configured well.

good luck

chris
>
> Thanks for any help... I googling but cant find any answer...
>
> Arturo.
>
> -----Mensaje original-----
> De: Arturo Mardones [mailto:arturo.mardones at coretech.cl]
> Enviado el: Jueves, 12 de Febrero de 2004 9:33
> Para: 'Christian Beilstein'
> CC: 'info-cyrus at lists.andrew.cmu.edu'
> Asunto: RE: login problem
>
> Hi,
>
> Thanks for your answer!!, I follow that howto but in imapd.conf I've
> sasl_pwcheck_method: saslauthd and in imap file have two lines
> additional:
>
> auth sufficient pam_unix_auth.so
>
> account  sufficient       pam_unix_acct.so
>
> when make this changes... in messages log throw me this error:
>
> unable to open Berkeley db
>
> > /etc/sasldb2: Permission denied
>
> then I make chown cyrus:mail /etc/sasldb2
>
> and now throw me in messages and imap log :
>
> badlogin: [192.168.2.24] plaintext user.domain.cl SASL(-13): user not
> found: checkpass failed
>
>
> but whit this I use Berkeley db, and I want use the users created in
> mysql with webcyradm.
>
> Thanks for your help,
>
>
> Arturo.
>
> -----Mensaje original-----
> De: Christian Beilstein [mailto:cbeilstein at gmx.ch]
> Enviado el: Miércoles, 11 de Febrero de 2004 18:54
> Para: arturo.mardones at coretech.cl
> CC: info-cyrus at lists.andrew.cmu.edu
> Asunto: Re: login problem
>
> > Hi,
> >
> > When try connect me from MUA in messages log through this error:
> >
> > Feb 11 17:11:40 mymachine imap(pam_unix)[3395]: could not identify
>
> user (from getpwnam(user.domain.cl))
>
> > Exist any way that cyrus take users created in mysql and not mapped
>
> over linux users??
>
> yes, there is a way (using pam): use the module pam_mysql (google knows
> where to find it ;-)
>
> set in /etc/imapd.conf:
>
> imapsasl_pwcheck_method: saslauthd
>
> start:
> saslauthd -a pam
>
> and configure pam_mysql the way you want to use it, eg in
> /etc/pam.d/imap
>
> #%PAM-1.0
> auth     sufficient     pam_mysql.so    user=username passwd=mysecret
> host=localhost db=mail table=accountuser usercolumn=username
> passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg
> logusercolumn=user loghostcolumn=host
> account  required       pam_mysql.so    user=username passwd=mysecret
> host=localhost db=mail table=accountuser usercolumn=username
> passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg
> logusercolumn=user loghostcolumn=host
>
> I would recommend to read the Postfix-Cyrus-Web-cyradmin-Howto; i've
> taken my configuration from there (and im using SuSE8.2, so the paths
> are takem from there)
>
> greez
>
> Chris
>
> > Thanks in advance.
> >
> > Arturo
> >
> > ---
> > Home Page: http://asg.web.cmu.edu/cyrus
> > Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
> ---
> Home Page: http://asg.web.cmu.edu/cyrus
> Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list