Cyrus2.2 with IMAPS/SASLauthd not working

Roland Felnhofer roland.felnhofer at chello.at
Fri Oct 26 13:58:14 EDT 2007 

Hi  Holger,

Are you using Thunderbird ?

Try these settings:

Port: 993
Use secure connection: SSL
Use secure authentication: NOT checked!

Best regards
Roland


FreiNet Technik wrote:
> Hello all,
>
> I set up a cyrus2.2 IMAP-Server with authentication to a
> LDAP-userdirectory via "saslauthd". All ist working well if i use IMAP.
> When i try to use IMAPs "mail auth" ist still working (used in groupware
> web-client), but IMAP connections from clients time out.
>
> It is logged in cyrus.log as:
>   Oct 26 13:35:49 mailer cyrus/imaps[1531]: accepted connection
>   Oct 26 13:35:49 mailer cyrus/imaps[1531]: telling master 3
>   Oct 26 13:35:49 mailer cyrus/master[1407]: service imaps pid 1531 in
> READY state: now unavailable and in BUSY state
>   Oct 26 13:35:49 mailer cyrus/master[1407]: service imaps now has 0
> ready workers
>   Oct 26 13:35:49 mailer cyrus/master[1407]: service imaps pid 1531 in
> BUSY state: now serving connection
>   Oct 26 13:35:49 mailer cyrus/master[1407]: service imaps now has 0
> ready workers
>   Oct 26 13:36:31 mailer cyrus/imaps[1530]: imaps TLS negotiation
> failed: client.example.net [192.168.x.x]
>   Oct 26 13:36:31 mailer cyrus/imaps[1530]: Fatal error:
> tls_start_servertls() failed
>   Oct 26 13:36:31 mailer cyrus/master[1407]: process 1530 exited, status 75
>   Oct 26 13:36:31 mailer cyrus/master[1407]: service imaps pid 1530 in
> BUSY state: terminated abnormally
>
> auth.log says:
>   Oct 26 14:32:21 mailer cyrus/imaps[1972]: auxpropfunc error invalid
> parameter supplied
>   Oct 26 14:32:21 mailer cyrus/imaps[1972]: _sasl_plugin_load failed on
> sasl_auxprop_plug_init for plugin: ldapdb
>
> If i test the configuration with "imtest -s -v -a client mailer -p 993"
> i am able to log in and fetch some mails.
>
> In this case the log looks like:
>
>   Oct 26 14:56:12 mailer cyrus/imaps[1994]: accepted connection
>   Oct 26 14:56:12 mailer cyrus/imaps[1994]: telling master 3
>   Oct 26 14:56:12 mailer cyrus/master[1957]: service imaps pid 1994 in
> READY state: now unavailable and in BUSY state
>   Oct 26 14:56:12 mailer cyrus/master[1957]: service imaps now has 0
> ready workers
>   Oct 26 14:56:12 mailer cyrus/master[1957]: service imaps pid 1994 in
> BUSY state: now serving connection
>   Oct 26 14:56:12 mailer cyrus/master[1957]: service imaps now has 0
> ready workers
>   Oct 26 14:56:12 mailer cyrus/imaps[1994]: mydelete: starting txn
> 2147483659
>   Oct 26 14:56:12 mailer cyrus/imaps[1994]: mydelete: committing txn
> 2147483659
>   Oct 26 14:56:12 mailer cyrus/imaps[1994]: mystore: starting txn 2147483660
>   Oct 26 14:56:12 mailer cyrus/imaps[1994]: mystore: committing txn
> 2147483660
>   Oct 26 14:56:12 mailer cyrus/imaps[1994]: starttls: TLSv1 with cipher
> AES256-SHA (256/256 bits new) no authentication
>   Oct 26 14:56:18 mailer cyrus/imaps[1994]: login: client.example.net
> [192.168.x.x] client PLAIN+TLS User logged in
>   Oct 26 14:56:27 mailer cyrus/imaps[1994]: seen_db: user client opened
> /var/lib/cyrus/user/c/client.seen
>   Oct 26 14:56:27 mailer cyrus/imaps[1994]: open: user client opened Inbox
>   Oct 26 14:57:21 mailer cyrus/imaps[1994]: telling master 1
>   Oct 26 14:57:21 mailer cyrus/master[1957]: service imaps pid 1994 in
> BUSY state: now available and in READY state
>   Oct 26 14:57:21 mailer cyrus/master[1957]: service imaps now has 1
> ready workers
>
> Can someone tell me the difference between connecting with client (i
> tried with and without TLS, with and without "secure authentication" and
> "imtest"? Where come these strange "_sasl_plugin_load" errors from when
> "mail auth" works with imaps?
> Can somebody please enlighten me?
>
> Thanks in advance,
> Holger
>
> I use the following configs:
>
> /etc/saslauthd.conf:
>   ldap_servers: ldaps://ds1.example.net
>   ldap_search_base: dc=example,dc=net
>   ldap_mech: DIGEST_MD5
>
>
> /etc/cyurus.conf (excerpt)
>  #imap           cmd="imapd -U 30" listen="localhost:imap" prefork=0
> maxchild=100
>  imaps           cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
>
> /etc/imapd.conf (excerpt)
>   # No anonymous logins
>   allowanonymouslogin: no
>   # Allow plaintext logins by default (SASL PLAIN)
>   allowplaintext: yes
>   sasl_mech_list: PLAIN
>   sasl_pwcheck_method: saslauthd
>
> ________________________________________________________________________
> FreiNet Gesellschaft fuer Informationsdienste mbH                       
> Loerracher Strasse 5a, D-79115 Freiburg                                 
> Telefon: +49-761-496-1700, Fax: +49-761-496-1790                        
> http://www.freinet.de                                                   
>                                                                         
> Registergericht AG Freiburg i. Br. - HRB 4758                           
> Geschaeftsfuehrung: Manfred Neufang                                     
> USt-Id-Nr.:DE142316038 - FA Freiburg Stadt - Steuernummer 06425/40959   
> Sparkasse Freiburg-Noerdlicher Breisgau - BLZ 680 501 01 - Konto 10105414
> ________________________________________________________________________
>
>
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3673 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20071026/b3e5b1c9/attachment-0001.bin

More information about the Info-cyrus mailing list