[Postfixbuch-users] pam_authenticate failed

Joachim Sturm joachim-sturm at web.de
Sa Aug 26 11:26:40 CEST 2006


Hallo Liste.

Ich versuche gerade
Postfix2.2.10/cyrus2.2/MySQL5.0/php5.0/Apache2.0/web-cyradm5.4 auf
UBUNTU-Server zu instalieren.

Als HOWTO habe ich das von Luc de Low genommen. (Die main.cf läst sich
sicherlich noch optimieren, zuerst soll der Mailer aber mal laufen)

Ich kann unter "web-cyradm" Domainen und User anlegen. Sie erscheinen auch
in der MySQL Datenbank, nicht jedoch unter /var/spool/cyrus/mail/"user"

Auth.log sag dazu:
Aug 26 10:04:58 ubuntu saslauthd[3973]: ipc_init        : listening on
socket: /var/run/saslauthd/mux
Aug 26 10:08:37 ubuntu cyrus/imap[4173]: sql_select option missing Aug 26
10:08:37 ubuntu cyrus/imap[4173]: auxpropfunc error no mechanism available
Aug 26 10:08:37 ubuntu cyrus/imap[4173]: _sasl_plugin_load failed on
sasl_auxprop_plug_init for plugin: sql Aug 26 10:08:38 ubuntu
saslauthd[3974]: (pam_unix) authentication failure; logname= uid=0 euid=0
tty= ruser= rhost=  user=cyrus Aug 26 10:08:39 ubuntu saslauthd[3974]:
DEBUG: auth_pam: pam_authenticate failed: Permission denied
Aug 26 10:08:39 ubuntu saslauthd[3974]: do_auth         : auth failure:
[user=cyrus] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
Aug 26 10:08:55 ubuntu saslauthd[3975]: (pam_unix) authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=  user=cyrus


Saslfinger -s sagt:
saslfinger - postfix Cyrus sasl configuration Sa 26 Aug 09:33:01 CEST 2006
version: 1.0
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.2.10
System: Ubuntu 6.06.1 LTS \n \l

-- smtpd is linked to --
	libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d30000)

-- active SMTP AUTH and TLS parameters for smtpd -- broken_sasl_auth_clients
= yes smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile =
/etc/postfix/ssl/server.pem smtpd_tls_auth_only = no smtpd_tls_cert_file =
/etc/postfix/ssl/server.pem smtpd_tls_key_file = /etc/postfix/ssl/server.pem
smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes

-- listing of /usr/lib/sasl2 --
total 924
drwxr-xr-x  2 root root  4096 2006-08-22 20:19 .
drwxr-xr-x 47 root root  8192 2006-08-22 20:32 ..
-rw-r--r--  1 root root 12792 2006-04-24 13:37 libanonymous.a
-rw-r--r--  1 root root   855 2006-04-24 13:37 libanonymous.la
-rw-r--r--  1 root root 12344 2006-04-24 13:37 libanonymous.so
-rw-r--r--  1 root root 12344 2006-04-24 13:37 libanonymous.so.2
-rw-r--r--  1 root root 12344 2006-04-24 13:37 libanonymous.so.2.0.19
-rw-r--r--  1 root root 14934 2006-04-24 13:37 libcrammd5.a
-rw-r--r--  1 root root   841 2006-04-24 13:37 libcrammd5.la
-rw-r--r--  1 root root 14584 2006-04-24 13:37 libcrammd5.so
-rw-r--r--  1 root root 14584 2006-04-24 13:37 libcrammd5.so.2
-rw-r--r--  1 root root 14584 2006-04-24 13:37 libcrammd5.so.2.0.19
-rw-r--r--  1 root root 44516 2006-04-24 13:37 libdigestmd5.a
-rw-r--r--  1 root root   864 2006-04-24 13:37 libdigestmd5.la
-rw-r--r--  1 root root 41752 2006-04-24 13:37 libdigestmd5.so
-rw-r--r--  1 root root 41752 2006-04-24 13:37 libdigestmd5.so.2
-rw-r--r--  1 root root 41752 2006-04-24 13:37 libdigestmd5.so.2.0.19
-rw-r--r--  1 root root 13074 2006-04-24 13:37 liblogin.a
-rw-r--r--  1 root root   835 2006-04-24 13:37 liblogin.la
-rw-r--r--  1 root root 12824 2006-04-24 13:37 liblogin.so
-rw-r--r--  1 root root 12824 2006-04-24 13:37 liblogin.so.2
-rw-r--r--  1 root root 12824 2006-04-24 13:37 liblogin.so.2.0.19
-rw-r--r--  1 root root 28264 2006-04-24 13:37 libntlm.a
-rw-r--r--  1 root root   829 2006-04-24 13:37 libntlm.la
-rw-r--r--  1 root root 27836 2006-04-24 13:37 libntlm.so
-rw-r--r--  1 root root 27836 2006-04-24 13:37 libntlm.so.2
-rw-r--r--  1 root root 27836 2006-04-24 13:37 libntlm.so.2.0.19
-rw-r--r--  1 root root 19130 2006-04-24 13:37 libotp.a
-rw-r--r--  1 root root   829 2006-04-24 13:37 libotp.la
-rw-r--r--  1 root root 41408 2006-04-24 13:37 libotp.so
-rw-r--r--  1 root root 41408 2006-04-24 13:37 libotp.so.2
-rw-r--r--  1 root root 41408 2006-04-24 13:37 libotp.so.2.0.19
-rw-r--r--  1 root root 13442 2006-04-24 13:37 libplain.a
-rw-r--r--  1 root root   835 2006-04-24 13:37 libplain.la
-rw-r--r--  1 root root 13080 2006-04-24 13:37 libplain.so
-rw-r--r--  1 root root 13080 2006-04-24 13:37 libplain.so.2
-rw-r--r--  1 root root 13080 2006-04-24 13:37 libplain.so.2.0.19
-rw-r--r--  1 root root 20750 2006-04-24 13:37 libsasldb.a
-rw-r--r--  1 root root   856 2006-04-24 13:37 libsasldb.la
-rw-r--r--  1 root root 17104 2006-04-24 13:37 libsasldb.so
-rw-r--r--  1 root root 17104 2006-04-24 13:37 libsasldb.so.2
-rw-r--r--  1 root root 17104 2006-04-24 13:37 libsasldb.so.2.0.19
-rw-r--r--  1 root root 21260 2006-04-24 13:37 libsql.a
-rw-r--r--  1 root root   895 2006-04-24 13:37 libsql.la
-rw-r--r--  1 root root 21068 2006-04-24 13:37 libsql.so
-rw-r--r--  1 root root 21068 2006-04-24 13:37 libsql.so.2
-rw-r--r--  1 root root 21068 2006-04-24 13:37 libsql.so.2.0.19

-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
log_level: 3

-- active services in /etc/postfix/master.cf -- # service type  private
unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       -       -       -       smtpd -v
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
	-o fallback_relay=
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache	  unix	-	-	-	-	1	scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix	-	n	n	-	2	pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

cyrus    unix   -		n	  n	    -	      -	  pipe
    flags=R user=cyrus argv=/usr/sbin/cyrdeliver -r ${sender} -m
${extension} ${user}

-- mechanisms on localhost --
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN

-- end of saslfinger output --


Postconf -n sagt:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
config_directory = /etc/postfix
inet_interfaces = all
inet_protocols = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mailbox_transport = cyrus
mydestination = sample.com, localhost
myhostname = mail.sample.com
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql-relay.cf relayhost =
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_helo_required =
yes smtpd_recipient_restrictions = 
	reject_invalid_hostname,
     permit_sasl_authenticated,
     permit_mynetworks,
     reject_non_fqdn_hostname,
     reject_non_fqdn_sender,
     reject_non_fqdn_recipient,
     reject_unknown_sender_domain,
     reject_unknown_recipient_domain,
     reject_unauth_pipelining,
     reject_unauth_destination,
     reject_rbl_client zombie.dnsbl.sorbs.net,
     reject_rbl_client relays.ordb.org,
     reject_rbl_client opm.blitzed.org,
     reject_rbl_client list.dsbl.org,
     reject_rbl_client sbl.spamhaus.org,
     permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile =
/etc/postfix/ssl/server.pem smtpd_tls_auth_only = no smtpd_tls_cert_file =
/etc/postfix/ssl/server.pem smtpd_tls_key_file = /etc/postfix/ssl/server.pem
smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = mysql:/etc/postfix/mysql-transport.cf
virtual_alias_domains = mysql:/etc/postfix/mysql-virtual.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf


testsaslauth -u cyrus -p secret (cyrus ist in der MySQL Datenbank
vorhanden!) 0; NO "autentification failed"

auth.log sagt dazu:
Aug 26 10:35:32 ubuntu saslauthd[3974]: (pam_unix) authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=  user=cyrus Aug 26 10:35:34 ubuntu
saslauthd[3974]: DEBUG: auth_pam: pam_authenticate failed: Permission denied
Aug 26 10:35:34 ubuntu saslauthd[3974]: do_auth         : auth failure:
[user=cyrus] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]



Bitte gebt mir Tipps, wo ich noch nach Fehlern suchen kann!
Dankeschön
Achim




Mehr Informationen über die Mailingliste Postfixbuch-users