[Postfixbuch-users] SASL @

netmm2001 netmm2001 at web.de
Mi Sep 28 14:39:47 CEST 2005


 
> Am Wednesday 28 September 2005 13:56 schrieb netmm2001:
> 
> > Auf ein
> >
> > testsaslauthd -u user at ichbins.de -p pass
> >
> > kommt ein: 0: OK "Success." --> Das bedeutet doch das 
> Username durch 
> > PAM in der MySQL-Abgefragt wurde?
> 
> Keine Ahnung, hängt von Deiner Konfiguration ab. Ob PAM oder 
> MySQL dahinter steckt sieht man hier nicht.


Sorry. Ich würde gerne die User in einer MySQL pflegen. Dazu habe ich
saslauthd in /etc/init.d/saslauth gesagt mech=pam.

Bei PAM benutze ich das pam_mysql plugin. Die Konfigdatei sieht so aus:

auth sufficient /lib/security/pam_mysql.so user=dbuser passwd=pass
host=localhost \
                             db=maildb table=users usercolumn=email \
                             passwdcolumn=password crypt=0
auth sufficient pam_unix_auth.so
account required /lib/security/pam_mysql.so user=dbuser passwd=pass
host=localhost \
                             db=maildb table=users usercolumn=email \
                             passwdcolumn=password crypt=0
account sufficient pam_unix_acct.so

> 
> Falls PAM dabei ist, fehlt bei testsaslauthd noch ein "-s 
> smtp" um es wenigstens etwas realistischer zu machen.
> 

testsaslauthd -s smtp -u user at ichbins.de -p pass
kommt ein: 0: OK "Success."

Verändere ich das Passwort
testsaslauthd -s smtp -u user at ichbins.de -p 2pass
kommt ein: 0: NO "authentication failed"

> Wie ist saslauthd gestartet?

Über /etc/init.d/saslauthd start

/etc/init.d/saslauthd:

----------------cut----------------
start() {
        echo -n $"Starting $prog: "
        daemon $path -m $SOCKETDIR -a $MECH $FLAGS
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
        return $RETVAL
}
----------------cut------------------





> 
> > Per Telnet klappts aber trotzdem nicht.
> >
> > In der main.cf habe ich die Parameter
> >
> > smtpd_sasl_auth_enable = yes
> > ##smtpd_sasl_local_domain = hierists
> 
> Wenn Du Deine Konfig zeigst, dann "postconf -n".

Die Postconf:

alias_maps = mysql:/etc/postfix/mysql-aliases.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
inet_interfaces = all
local_recipient_maps = $alias_maps, $virtual_mailbox_maps
mail_owner = postfix
mailbox_size_limit = 2048000000
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 1024000000
mydestination = $myhostname, localhost.$mydomain, $transport_maps, $mydomain
mydomain = gpnet.lan
myhostname = fc3base
mynetworks = 127.0.0.0/8, 217.9.24.161
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains = $mydestination
relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = Welcome
smtpd_client_restrictions = reject_rbl_client zombie.dnsbl.sorbs.net,
reject_rbl_client relays.ordb.org,                      reject_rbl_client
opm.blitzed.org,                         reject_rbl_client sbl.spamhaus.org,
reject_rbl_client blackholes.easynet.nl,          reject_rbl_client
dsn.rfc-ignorant.org,                          permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated,  permit_mynetworks,
reject_unauth_destination
transport_maps = mysql:/etc/postfix/mysql-transport.cf
unknown_local_recipient_reject_code = 550
virtual_gid_maps = static:90
virtual_mailbox_base = /home2/maildirs
virtual_mailbox_limit = 2048000000
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
virtual_minimum_uid = 88
virtual_uid_maps = static:89


> 
> > Hier die Telnet:
> >
> > [root at fc3base ~]# telnet 127.0.0.1 25
> > Trying 127.0.0.1...
> > Connected to fc3base (127.0.0.1).
> > Escape character is '^]'.
> > 220 Welcome
> > ehlo ich.bins.de
> > 250-fc3base
> > 250-PIPELINING
> > 250-SIZE 1024000000
> > 250-VRFY
> > 250-ETRN
> > 250-AUTH LOGIN PLAIN
> > 250-AUTH=LOGIN PLAIN
> > 250 8BITMIME
> > AUTH PLAIN 
> > cm9iZXJ0QHdlcnRjaGVjay5kZQByb2JlcnRAd2VydGNoZWNrLmRlAHBhc3M=
> > 535 Error: authentication failed
> >
> > User ist mit  printf 'user at ichbins.de\0user at ichbins.de\0pass' | 
> > /usr/lib/xemacs-21.4.15/i386-redhat-linux/mmencode generiert.
> 
> Der base64-String hinter PLAIN stimmt nicht mit der 
> printf-Zeile überein.
> 
> Was kommt im Log?

Im Maillog:

Sep 28 15:50:29 fc3base postfix/smtpd[4156]: connect from fc3base[127.0.0.1]
Sep 28 15:51:14 fc3base postfix/smtpd[4156]: warning: SASL authentication
failure: Password verification failed
Sep 28 15:51:14 fc3base postfix/smtpd[4156]: warning: fc3base[127.0.0.1]:
SASL PLAIN authentication failed

Im messages:

Sep 28 15:51:11 fc3base saslauthd[4037]: pam_sm_authenticate called.
Sep 28 15:51:11 fc3base saslauthd[4037]: dbuser changed.
Sep 28 15:51:11 fc3base saslauthd[4037]: dbpasswd changed.
Sep 28 15:51:11 fc3base saslauthd[4037]: host changed.
Sep 28 15:51:11 fc3base saslauthd[4037]: database changed.
Sep 28 15:51:11 fc3base saslauthd[4037]: table changed.
Sep 28 15:51:11 fc3base saslauthd[4037]: usercolumn changed.
Sep 28 15:51:11 fc3base saslauthd[4037]: passwdcolumn changed.
Sep 28 15:51:11 fc3base saslauthd[4037]: crypt changed.
Sep 28 15:51:11 fc3base saslauthd[4037]: db_connect  called.
Sep 28 15:51:12 fc3base saslauthd[4037]: returning 0 .
Sep 28 15:51:12 fc3base saslauthd[4037]: db_checkpasswd called.
Sep 28 15:51:12 fc3base saslauthd[4037]: pam_mysql: where clause =
Sep 28 15:51:12 fc3base saslauthd[4037]: SELECT password FROM users WHERE
email='user'
Sep 28 15:51:12 fc3base saslauthd[4037]: pam_mysql: select returned more
than one result
Sep 28 15:51:12 fc3base saslauthd[4037]: returning 7 after db_checkpasswd.
Sep 28 15:51:12 fc3base smtp(pam_unix)[4037]: check pass; user unknown
Sep 28 15:51:12 fc3base smtp(pam_unix)[4037]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=
Sep 28 15:51:14 fc3base saslauthd[4037]: do_auth         : auth failure:
[user=user] [service=smtp] [realm=ichbins.de] [mech=pam] [reason=PAM auth
error]



Viele Grüße

Robert




Mehr Informationen über die Mailingliste Postfixbuch-users