NO Login failed: generic failure

Marc Fournier scrappy at hub.org
Wed Mar 26 14:45:08 EDT 2014 

On Mar 26, 2014, at 11:25 , Dan White <dwhite at olp.net> wrote:

> 
> What does your imapd.conf config look like? In particular the sasl_*,
> virtdomain, defaultdomain, allowplaintext, and loginrealms options.


configdirectory: /var/spool/imap
partition-default: /var/spool/mail
duplicatesuppression: 1
sievedir: /var/spool/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: yes
lmtpsocket: /var/run/socket/lmtp
unixhierarchysep: 0
quotawarn: 90
virtdomains: 1
allowplaintext: 1

pwcheck_method: auxprop
auxprop_plugin: sql

sasl_sql_engine: sqlite
sasl_sql_database: /var/db/sqlite/mailsys
sasl_sql_select: SELECT %p FROM sasl_auth WHERE userid = '%u@%r'
sasl_sql_insert: INSERT INTO sasl_auth ( userid, %p, domain ) VALUES ( '%u@%r', '%v' )
sasl_sql_update: UPDATE sasl_auth SET %p = '%v' WHERE userid = '%u@%r'

tls_ca_file: /var/imap/server.pem
tls_cert_file: /var/imap/server.pem
tls_key_file: /var/imap/server.pem

only difference between the above and the other one that isn’t working *and* the one that is, is the tls_* lines …

> 
> Try using a sasl mechanism, e.g.:
> 
> imtest -m digest-md5 -a 'xxx at xxx.xxx’ localhost

# imtest -m digest-md5 -a xxx at xxx.xxx localhost
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=LOGIN AUTH=PLAIN SASL-IR] xxx.xxx Cyrus IMAP v2.4.17 server ready
C: A01 AUTHENTICATE DIGEST-MD5
S: + bm9uY2U9IjdaZ0NLa1AxQTRPYmtlUHp2K3VaL0pSa3FYRUtzTFhtaFgwK1grbmJ2RlE9IixyZWFsbT0icmRmdW5kLmNvbSIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=
Please enter your password: 
C: dXNlcm5hbWU9InNhbGVzQG9mYWMuaW5mbyIscmVhbG09InJkZnVuZC5jb20iLG5vbmNlPSI3WmdDS2tQMUE0T2JrZVB6dit1Wi9KUmtxWEVLc0xYbWhYMCtYK25idkZRPSIsY25vbmNlPSI1WFVrUXZZbFZybXp3dndYREY3MHM4SkROcUcyOEM5Z1FuMUNCVy9xM29JPSIsbmM9MDAwMDAwMDEscW9wPWF1dGgtY29uZixjaXBoZXI9cmM0LG1heGJ1Zj0xMDI0LGRpZ2VzdC11cmk9ImltYXAvbG9jYWxob3N0IixyZXNwb25zZT05ODlhNzk3NTU5ZDY1OTY1NGRhODZiMGQ1OTc0ODU1ZQ==
S: A01 NO generic failure
Authentication failed. generic failure
Security strength factor: 128
C: C01 CAPABILITY
S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE STARTTLS AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=LOGIN AUTH=PLAIN SASL-IR COMPRESS=DEFLATE IDLE
S: C01 OK Completed
quit
* BAD Invalid tag
. logout
* BYE LOGOUT received
. OK Completed
Connection closed.

> 
>> Is there any way of getting more debug information out of the backend without modifying the code itself?
> 
> Add 'sasl_log_level: 7' to imapd.conf, and verify your syslog daemon is
> logging 'auth.*’.

k, will do this and re-test things …


> 
> -- 
> Dan White

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20140326/474f70aa/attachment.html

More information about the Info-cyrus mailing list