cyradm freebsd ldap auth problem
Luís Cargnini
lvcargnini at gmail.com
Thu Jun 30 11:15:03 EDT 2005
Jun 30 12:12:30 area51 perl: No worthy mechs found
Jun 30 12:12:36 area51 imap[86286]: ptload(): can't connect to
ptloader server: No such file or directory
Jun 30 12:12:36 area51 imap[86286]: ptload(): can't connect to
ptloader server: No such file or directory
Jun 30 12:12:36 area51 imap[86286]: bad userid authenticated
Jun 30 12:12:36 area51 imap[86286]: bad userid authenticated
Jun 30 12:12:36 area51 imap[86286]: badlogin: localhost.domain.com.br
[::1] plaintext cyrus invalid user
Invalid user at
/usr/local/lib/perl5/site_perl/5.8.6/mach/Cyrus/IMAP/Admin.pm line 118
cyradm: cannot authenticate to server with as cyrus
On 30/06/05, Luís Cargnini <lvcargnini at gmail.com> wrote:
> saslauthd[86220] :do_auth : auth success: [user=cyrus]
> [service=imap] [realm=] [mech=pam]
> saslauthd[86220] :do_request : response: OK
> yes i have the user created
>
> On 30/06/05, Ondrej Sury <ondrej at sury.org> wrote:
> > On Wed, 2005-06-29 at 13:15 -0300, Luís Cargnini wrote:
> > > > 3. testsaslauthd -u cyrus -p "*****" and look for output
> > >
> > > saslauthd[50374] :get_accept_lock : acquired accept lock
> > > saslauthd[50375] :rel_accept_lock : released accept lock
> > > saslauthd[50375] :do_auth : auth success: [user=cyrus]
> > > [service=imap] [realm=] [mech=pam]
> > > saslauthd[50375] :do_request : response: OK
> > > my pam is modified to query ldap
> >
> > > > 4. cyradm -u cyrus localhost and look for output
> > >
> > > %cyradm --user cyrus localhost
> > > IMAP Password:
> > > Invalid user at
> > > /usr/local/lib/perl5/site_perl/5.8.6/mach/Cyrus/IMAP/Admin.pm line 118
> > > cyradm: cannot authenticate to server with as cyrus
> >
> > I ment to look at saslauthd output.
> >
> > BTW did you check the logs? It could be as that easy as cyrus user not
> > having access to /var/run/cyrus/mux (or where the socket is on your
> > system). Usually adduser cyrus sasl helps.
> >
> > Ondrej.
> >
> > > On 29/06/05, Ondrej Sury <ondrej at sury.org> wrote:
> > > > Next step is to run saslauthd in debug mode, ie.
> > > >
> > > > 1. stop saslauthd
> > > > 2. run saslauthd from command line:
> > > > # saslauthd -a ldap -d
> > > > 3. testsaslauthd -u cyrus -p "*****" and look for output
> > > > 4. cyradm -u cyrus localhost and look for output
> > > >
> > > > I guess realms will be different in 3. and 4. and in that case you need
> > > > to modify your defaultdomain to match your settings (localhost?).
> > > >
> > > > I don't know how your LDAP schema looks like, so I cannot help you
> > > > exactly.
> > > >
> > > > Ondrej.
> > > >
> > > > On Wed, 2005-06-29 at 12:42 -0300, Luís Cargnini wrote:
> > > > > i did the modifications
> > > > > testsaslauthd -u cyrus -p "*********"
> > > > > 0: OK "Success."
> > > > > %cyradm --user cyrus localhost
> > > > > IMAP Password:
> > > > > Invalid user at
> > > > > /usr/local/lib/perl5/site_perl/5.8.6/mach/Cyrus/IMAP/Admin.pm line 118
> > > > > cyradm: cannot authenticate to server with as cyrus
> > > > >
> > > > >
> > > > > On 29/06/05, Ondrej Sury <ondrej at sury.org> wrote:
> > > > > > On Wed, 2005-06-29 at 07:58 -0300, Luís Cargnini wrote:
> > > > > > > On 29/06/05, Ondrej Sury <ondrej at sury.org> wrote:
> > > > > > > > What is your auth method? Ie. show us output of:
> > > > > > > >
> > > > > > > > grep -E ^sasl /etc/imapd.conf
> > > > > > > >
> > > > > > > sasl_minimum_layer: 1
> > > > > > > sasl_pwcheck_method: saslauthd
> > > > > > > sasl_ldap_servers: localhost
> > > > > > > sasl_ldap_bind_dn: cn=Manager,dc=domain,dc=com,dc=br
> > > > > > > sasl_ldap_bind_pw: *************
> > > > > > > sasl_mech_list: LOGIN PLAIN CRAM-MD5 DIGEST-MD5 NTLM
> > > > > >
> > > > > > You are mixing saslauthd and auxprop together.
> > > > > >
> > > > > > It should look like:
> > > > > >
> > > > > > #grep -E ^sasl /etc/imapd.conf
> > > > > >
> > > > > > sasl_mech_list: PLAIN LOGIN
> > > > > > sasl_pwcheck_method: saslauthd
> > > > > > sasl_auto_transition: no
> > > > > >
> > > > > > How does your /etc/saslauthd.conf looks like? It should be something
> > > > > > like:
> > > > > >
> > > > > > ldap_servers: ldap://localhost
> > > > > > ldap_version: 3
> > > > > > ldap_auth_method: bind
> > > > > > ldap_default_realm: localhost
> > > > > > ldap_filter: uid=%u@%r
> > > > > > ldap_bind_dn: cn=Manager,dc=domain,dc=com,dc=br
> > > > > > ldap_bind_pw: xxxx
> > > > > > ldap_search_base: dc=domain,dc=com,dc=br
> > > > > >
> > > > > > (read LDAP_SASLAUTHD doc in your cyrus-sasl distribution)
> > > > > >
> > > > > > > > if you are using saslauthd, then does testsaslauthd works?
> > > > > > > >
> > > > > > > how could i test it ?
> > > > > >
> > > > > > man testsaslauthd
> > > > > >
> > > > > > > > And did you read and understand all installation instructions?
> > > > > > > >
> > > > > > > yes
> > > > > >
> > > > > > Then first your SASL must work... only after that you can log into
> > > > > > cyrus.
> > > > > >
> > > > > > Ondrej.
> > > > > > --
> > > > > > Ondrej Sury <ondrej at sury.org>
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > --
> > > > Ondrej Sury <ondrej at sury.org>
> > > >
> > > >
> > >
> > >
> > --
> > Ondrej Sury <ondrej at sury.org>
> >
> >
>
> --
> Thanks && Regards
> Msc. Bsc. Luís Vitório Cargnini
> IEEE Member
> Mastering Degree student @ PUC-RS Eletrical Engineer Faculty
>
--
Thanks && Regards
Msc. Bsc. Luís Vitório Cargnini
IEEE Member
Mastering Degree student @ PUC-RS Eletrical Engineer Faculty
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list