Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16
Andrey
andrew_dev at hotmail.com
Fri Mar 7 16:02:30 EST 2014
Hi
this was very helpful:
sasl_auxprop_plugin: sasldb
But is works only in combination with:
sasl_pwcheck_method: saslauth
I can now log in to default domain as user password via Windows live mail
(WLM) and send/receive e-mails.
And I a succeed on testsaslauthd.
However, the user in sasldb with name info at domain2.tld cannot login.
in /etc/default/saslauthd
START=yes
MECHANISMS="sasldb"
THREADS=5
OPTIONS="-c -m /var/run/saslauthd -rVd"
root at srv01:~# sasldblistusers2
cyrus at srv01: userPassword
info at domain2.tld: userPassword
andrey at srv01: userPassword
root at srv01:~#testsaslauthd -u info at domain2.tld -p Pa77w0rd
0: NO "authentication failed"
Debug:
root at srv01:~# service saslauthd restart
* Stopping SASL Authentication Daemon saslauthd [
OK ]
* Starting SASL Authentication Daemon saslauthd
saslauthd[8891] :main : num_procs : 5
saslauthd[8891] :main : mech_option: NULL
saslauthd[8891] :main : run_path : /var/run/saslauthd
saslauthd[8891] :main : auth_mech : sasldb
saslauthd[8891] :cache_alloc_mm : mmaped shared memory segment on file:
/var/run/saslauthd/cache.mmap
saslauthd[8891] :cache_init : bucket size: 96 bytes
saslauthd[8891] :cache_init : stats size : 36 bytes
saslauthd[8891] :cache_init : timeout : 28800 seconds
saslauthd[8891] :cache_init : cache table: 985828 total bytes
saslauthd[8891] :cache_init : cache table: 1711 slots
saslauthd[8891] :cache_init : cache table: 10266 buckets
saslauthd[8891] :cache_init_lock : flock file opened at
/var/run/saslauthd/cache.flock
saslauthd[8891] :ipc_init : using accept lock file:
/var/run/saslauthd/mux.accept
saslauthd[8891] :detach_tty : master pid is: 0
saslauthd[8891] :ipc_init : listening on socket:
/var/run/saslauthd/mux
saslauthd[8891] :main : using process model
saslauthd[8891] :have_baby : forked child: 8892
saslauthd[8892] :get_accept_lock : acquired accept lock
saslauthd[8891] :have_baby : forked child: 8893
saslauthd[8891] :have_baby : forked child: 8894
saslauthd[8891] :have_baby : forked child: 8895
saslauthd[8892] :rel_accept_lock : released accept lock
saslauthd[8892] :cache_get_rlock : attempting a read lock on slot: 1130
saslauthd[8892] :cache_lookup : [login=info at domain2.tld] [service=]
[realm=imap]: not found, update pending
saslauthd[8892] :cache_un_lock : attempting to release lock on slot: 1130
saslauthd[8893] :get_accept_lock : acquired accept lock
saslauthd[8892] :do_auth : auth failure: [user=info at domain2.tld]
[service=imap] [realm=] [mech=sasldb] [reason=Unknown]
saslauthd[8892] :do_request : response: NO
I test it from WLM and got an error too...
Thank you
-----Oorspronkelijk bericht-----
From: Dan White
Sent: Friday, March 7, 2014 6:01 PM
To: Andrey
Cc: info-cyrus at lists.andrew.cmu.edu
Subject: Re: Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16
On 03/07/14 17:13 +0100, Andrey wrote:
>Hi everyone,
>
>I am stack. I would like to use in my test environment virtual domains and
>emails.
>
>I have 2 domains. The users from default domain i can via sasl and pam
>authenticate without problem. I use in my mail software credentials like
>user password.
>Now I don’t want to use pam mechanism, but sasldb. See hereunder my
>configs:
>
>/etc/default/saslauthd
>
>START=yes
>MECHANISMS="sasldb"
>MECH_OPTIONS=""
>THREADS=5
saslauthd, with default compile options, does not contain support for
sasldb. It is recommended to use the sasldb auxprop plugin in this scenario
rather than saslauthd. Configure /etc/imapd.conf with:
sasl_auxprop_plugin: sasldb
sasl_pwcheck_method: auxprop
>#chroot Postfix
>OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd”
>
>
>/etc/postfix/main.cf
>#only sasl/virtual related config info!
>mydomain = domain.tld
>myhostname = mail.domain.tld
>mydestination = mail.domain.tld, domain.tld, localhost.domain.tld,
>localhost
>
>mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
Configure your postfix smtpd.conf with:
auxprop_plugin: sasldb
pwcheck_method: auxprop
The sasldb database is typically contained in /etc, and not underneath
underneath the Postfix chroot. Either disable chrooting of smtpd in
/etc/postfix/master.cf, or configure an appropriate 'sasl_sasldb_path' in
/etc/imapd.conf, and a 'sasldb_path' in your postfix smtpd.conf file. If
you continue to chroot postfix, you will also need to specify the location
of the sasldb database with 'saslpasswd2 -f <path>'.
>/etc/imapd.conf
>#only sasl/virtual related config info!
>allowplaintext: yes
>sasl_mech_list: PLAIN
>loginrealms: domain.tld,domain2.tld
>virtdomains: userid
>defaultdomain: domain.tld
>sasl_pwcheck_method: saslauthd
>sasl_auto_transition: no
>
>
>Then I did following steps:
>saslpasswd2 -u domain.tld info
>testsaslauthd -u info -r domain.tld -p Pa77w0rd
>0: OK "Success."
>testsaslauthd -u info at domain.tld -p Pa77w0rd
>0: NO "authentication failed"
With saslauthd, you may wish to experiment with the '-r' option
(/etc/default/saslauthd OPTIONS).
--
Dan White
More information about the Info-cyrus
mailing list