[Postfixbuch-users] Postfix und SASL Problem

Claas Müller claas.mueller at contact-software.com
Fr Mai 15 10:46:37 CEST 2015 

Hallo,
ich habe Probleme damit SASL zum Laufen zu kriegen.

Die User sollen via LDAP von der Windows AD Domäne authentifiziert werden.
Vielleicht hat jemand einen Hinweis wo ich den Fehler suchen soll, ich 
hab schon ein paar Stunden Google hinter mir und verstehe die Ursache 
des Problems nicht. Ich werde das Gefühl nicht los, dass das Problem in 
der main.cf liegt.

Vielen Dank!

Folgende configs habe ich bisher bearbeitet:

/etc/default/saslauthd
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="ldap"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"


Postfix Anpassungen bzgl SASL:
/etc/postfix/main.cf

smtpd_sasl_path = /etc/postfix/sasl/smtpd.conf
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions =
                 permit_mynetworks,
                 permit_sasl_authenticated,
                 reject_unauth_destination,
                 reject_invalid_hostname,
                 reject_unknown_sender_domain


/etc/postfix/sasl/smtpd.conf
saslauthd_path: /var/run/saslauthd/mux
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
log_level: 9
allow_plaintext: true
ldap_servers: ldap://SERVER
ldap_search_base: CN=users,DC=DOMAIN,DC=de
ldap_timeout: 10
ldap_filter: sAMAccountName=%U
ldap_bind_dn: CN=ldap,CN=Users,DC=DOMAIN,DC=de
ldap_password: geheim
ldap_deref: never
ldap_restart: yes
ldap_scope: sub
ldap_use_sasl: no
ldap_start_tls: no
ldap_version: 3
ldap_auth_method: bind


Fehlermeldung:
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
vstream_buf_get_ready: fd 24 got 33
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: < 
cmu-vm03.DOMAIN.de[172.27.1.20]: AUTH PLAIN AGNtdQAdkdW1tZXIwZiYp
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
xsasl_cyrus_server_create: SASL service=smtp, realm=(null)
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: name_mask: 
noanonymous
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
xsasl_cyrus_server_first: sasl_method PLAIN, init_response 
AGNtdQdAkdW1tZXIwZiYp
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
xsasl_cyrus_server_first: decoded initial response


May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: warning: 
SASL authentication failure: Password verification failed
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: warning: 
cmu-vm03.DOMAIN.de[172.27.1.20]: SASL PLAIN authentication failed: 
authentication failure


May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: > 
cmu-vm03.DOMAIN.de[172.27.1.20]: 535 5.7.8 Error: authentication failed: 
authentication failure
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
watchdog_pat: 0x7f2d9fc6cae0
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
vstream_fflush_some: fd 24 flush 64
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
vstream_buf_get_ready: fd 24 got 12
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: < 
cmu-vm03.DOMAIN.de[172.27.1.20]: AUTH LOGIN
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
xsasl_cyrus_server_create: SASL service=smtp, realm=(null)
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: name_mask: 
noanonymous
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
xsasl_cyrus_server_first: sasl_method LOGIN
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
xsasl_cyrus_server_auth_response: uncoded server challenge: Username:
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: > 
cmu-vm03.DOMAIN.de[172.27.1.20]: 334 VXNlcmd5hbWU6
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
vstream_fflush_some: fd 24 flush 18
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
vstream_buf_get_ready: fd 24 got 6
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: < 
cmu-vm03.DOMAIN.de[172.27.1.20]: Y211
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
xsasl_cyrus_server_next: decoded response: cmu
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
xsasl_cyrus_server_auth_response: uncoded server challenge: Password:
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: > 
cmu-vm03.DOMAIN.de[172.27.1.20]: 334 UGFzc3ddvcmQ6
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
vstream_fflush_some: fd 24 flush 18
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
vstream_buf_get_ready: fd 24 got 18
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: < 
cmu-vm03.DOMAIN.de[172.27.1.20]: JHVtbdWVyMGYdmKQ==
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
xsasl_cyrus_server_next: decoded response: PASSWORD
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: warning: 
cmu-vm03.DOMAIN.de[172.27.1.20]: SASL LOGIN authentication failed: 
authentication failure
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: > 
cmu-vm03.DOMAIN.de[172.27.1.20]: 535 5.7.8 Error: authentication failed: 
authentication failure
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
watchdog_pat: 0x7f2d9fc6cae0
May 15 10:37:04 de-bre-mail05 postfix/submission/smtpd[6915]: 
vstream_fflush_some: fd 24 flush 64

Mehr Informationen über die Mailingliste Postfixbuch-users