From: Andreas Winkelmann (no email)
Date: Mon Jun 07 2004 - 10:32:30 EDT
Am Montag, 7. Juni 2004 15:24 schrieb Jonathan Telep:
> My configuration is as follows:
>
> The server is running Debian Linux (Woody 2.4.18-bf2)
> Postfix Version 2.1.1-1
> Cyrus SASL 2.1.18-4.1
>
> I had a lot of problems running Postfix as "chroot" (mainly because I had
> no idea how to add something to chroot jail) so I finally edited the
> master.cf file and changed the "smtp" entry under "chroot" from a "-" to an
> "n". I then had to change the permissions on the /etc/sasldb2 file from
> 600 to 777 just to see if it would work but still no cigar.
Postfix must be able to read sasldb, not everyone.
If you want to use chroot, copy the sasldb2 to /var/spool/postfix/etc/
> The errors I received before making any changes to the master.cf file were:
> >>postfix/smtpd[5253]: warning: SASL authentication problem: unable to open
> >> Berkeley db /etc/sasldb2: No such file or directory
>
> After I stopped Postfix from running as chroot the error changed to:
> >>postfix/smtpd[1147]: warning: SASL authentication problem: unable to open
> >> Berkeley db /etc/sasldb2: Permission denied
>
> Once I changed the permissions on that file it switched to:
> >>Jun 3 12:07:51 jaxs postfix/smtpd[609]: warning: SASL authentication
> >> failure: no secret in database Jun 3 12:07:51 jaxs postfix/smtpd[609]:
> >> warning: d47-69-211-93.try.wideopenwest.com[69.47.93.211]: SASL CRAM-MD5
> >> authentication failed Jun 3 12:07:51 jaxs postfix/smtpd[609]: warning:
> >> SASL authentication failure: no secret in database Jun 3 12:07:51 jaxs
> >> postfix/smtpd[609]: warning:
> >> d47-69-211-93.try.wideopenwest.com[69.47.93.211]: SASL NTLM
> >> authentication failed Jun 3 12:07:51 jaxs postfix/smtpd[609]: warning:
> >> SASL authentication failure: Password verification failed Jun 3
> >> 12:07:51 jaxs postfix/smtpd[609]: warning:
> >> d47-69-211-93.try.wideopenwest.com[69.47.93.211]: SASL PLAIN
> >> authentication failed Jun 3 12:07:51 jaxs postfix/smtpd[609]: warning:
> >> d47-69-211-93.try.wideopenwest.com[69.47.93.211]: SASL LOGIN
> >> authentication failed
>
> My configuration files:
>
> SMTPD.CONF:
>
> # This sets smtpd to authenticate using the saslauthd daemon.
> pwcheck_method:saslauthd
Hmm, best to insert a space between ":" and "saslauthd".
> # This allows only plain, login, cram-md5 and digest-md5 as the
> authentication m echanisms.
> mech_list: plain login cram-md5 digest-md5
If you want to use saslauthd, change this to
mech_list: plain login
all other will not work. If you want to use sasldb, change
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: plain login cram-md5 digest-md5
If your smtpd.conf contains the line "mech_list: plain login cram-md5
digest-md5" and a Client can choose "NTLM" as above, then your smtpd.conf is
in the wron directory. For Postfix-Debian-Edition it should be /etc/postfix/
sasl.
> I would venture to guess that there are no entries in the Berkeley DB for
> what I'm trying to authenticate with but that wouldn't explain standard
> plain authentication would it?
To create users in sasldb use "saslpasswd2" to show the entries
"sasldblistusers2"
-- Andreas
|
|
|