Hello List,
I have been pulling my hair out trying to hunt down an issue I have
with my MX setup.
Details:-
Centos5
postfix 2.5.1
courier-imap-4.3.0
courier-authlib-0.60.2
OpenLDAP: slapd 2.3.27
Thus far I have been able to get postfix to perform virtual domain
lookups in LDAP and deliver mail to maildir's specified in the LDAP
entries. I can login via IMAP and retrieve mail delivered to my
mailbox. But I cannot get smtp authentication working.
/usr/local/etc/authlib/authldaprc
##VERSION: $Id: authldaprc,v 1.25 2005/10/05 00:07:32 mrsam Exp $
#
LDAP_URI ldaps://192.168.1.10
# Which version of LDAP protocol to use
LDAP_PROTOCOL_VERSION 3
# Look for authentication here:
LDAP_BASEDN o=mail,dc=meibin,dc=jp
LDAP_TIMEOUT 5
LDAP_AUTHBIND 1
LDAP_MAIL mail
#LDAP_FILTER (objectClass=CourierMailAccount)
LDAP_GLOB_UID vmail
LDAP_GLOB_GID vmail
LDAP_HOMEDIR homeDirectory
LDAP_MAILDIR mailbox
LDAP_DEFAULTDELIVERY defaultDelivery
LDAP_FULLNAME cn
LDAP_CRYPTPW userPassword
LDAP_CLEARPW clearPassword
LDAP_DEREF never
LDAP_TLS 0
When I login via IMAP authdaemond takes my login credentials and uses
them to bind against the LDAP directory which then authenticates. No
problems. When I try to relay mail for some reason authdaemon does not
return. any auth data.
eg when an IMAP login is performed I see the following in the ldap logs
Mar 16 09:08:18 tamachi slapd[25955]: do_bind: version=3 dn=""
method=128
Mar 16 09:08:18 tamachi slapd[25955]: send_ldap_result: conn=83 op=0 p=3
Mar 16 09:08:18 tamachi slapd[25955]: send_ldap_response: msgid=1
tag=97 err=0
Mar 16 09:08:18 tamachi slapd[25955]: do_bind: v3 anonymous bind
Mar 16 09:08:18 tamachi slapd[25955]: connection_get(18): got connid=83
Mar 16 09:08:18 tamachi slapd[25955]: connection_read(18): checking
for input on id=83
Mar 16 09:08:18 tamachi slapd[25955]: do_search
Mar 16 09:08:18 tamachi slapd[25955]: >>> dnPrettyNormal:
<o=mail,dc=meibin,dc=jp>
Mar 16 09:08:18 tamachi slapd[25955]: <<< dnPrettyNormal:
<o=mail,dc=meibin,dc=jp>, <o=mail,dc=meibin,dc=jp>
Mar 16 09:08:18 tamachi slapd[25955]: ==> limits_get: conn=83 op=1
dn="[anonymous]"
Mar 16 09:08:18 tamachi slapd[25955]: => bdb_search
Mar 16 09:08:18 tamachi slapd[25955]:
bdb_dn2entry("o=mail,dc=meibin,dc=jp")
Mar 16 09:08:18 tamachi slapd[25955]: search_candidates:
base="o=mail,dc=meibin,dc=jp" (0x0000006c) scope=2
Mar 16 09:08:18 tamachi slapd[25955]: =>
bdb_dn2idl("o=mail,dc=meibin,dc=jp")
Mar 16 09:08:18 tamachi slapd[25955]: <= bdb_dn2idl: id=8 first=108
last=147
Mar 16 09:08:18 tamachi slapd[25955]: => bdb_equality_candidates
(objectClass)
Mar 16 09:08:18 tamachi slapd[25955]: => key_read
Mar 16 09:08:18 tamachi slapd[25955]: <= bdb_index_read: failed (-30989)
Mar 16 09:08:18 tamachi slapd[25955]: <= bdb_equality_candidates:
id=0, first=0, last=0
Mar 16 09:08:18 tamachi slapd[25955]: => bdb_equality_candidates (mail)
Mar 16 09:08:18 tamachi slapd[25955]: => key_read
Mar 16 09:08:18 tamachi slapd[25955]: <= bdb_index_read 1 candidates
Mar 16 09:08:18 tamachi slapd[25955]: <= bdb_equality_candidates:
id=1, first=134, last=134
Mar 16 09:08:18 tamachi slapd[25955]: bdb_search_candidates: id=1
first=134 last=134
Mar 16 09:08:18 tamachi slapd[25955]: => send_search_entry: conn 83
dn="cn=Luke Kearney,o=hanabitaikai.org,o=mail,dc=meibin,dc=jp"
Mar 16 09:08:18 tamachi slapd[25955]: ber_get_next on fd 18 failed
errno=11 (Resource temporarily unavailable)
Mar 16 09:08:18 tamachi slapd[25955]: <= send_search_entry: conn 83
exit.
Mar 16 09:08:18 tamachi slapd[25955]: send_ldap_result: conn=83 op=1 p=3
Mar 16 09:08:18 tamachi slapd[25955]: send_ldap_response: msgid=2
tag=101 err=0
Mar 16 09:08:18 tamachi slapd[25955]: connection_get(25): got connid=84
Mar 16 09:08:18 tamachi slapd[25955]: connection_read(25): checking
for input on id=84
Mar 16 09:08:18 tamachi slapd[25955]: connection_get(25): got connid=84
Mar 16 09:08:18 tamachi slapd[25955]: connection_read(25): checking
for input on id=84
Mar 16 09:08:18 tamachi slapd[25955]: connection_read(25): unable to
get TLS client DN, error=49 id=84
Mar 16 09:08:18 tamachi slapd[25955]: connection_get(25): got connid=84
Mar 16 09:08:18 tamachi slapd[25955]: connection_read(25): checking
for input on id=84
Mar 16 09:08:18 tamachi slapd[25955]: ber_get_next on fd 25 failed
errno=11 (Resource temporarily unavailable)
Mar 16 09:08:18 tamachi slapd[25955]: do_bind
Mar 16 09:08:18 tamachi slapd[25955]: >>> dnPrettyNormal: <cn=Luke
Kearney,o=hanabitaikai.org,o=mail,dc=meibin,dc=jp>
Mar 16 09:08:18 tamachi slapd[25955]: <<< dnPrettyNormal: <cn=Luke
Kearney,o=hanabitaikai.org,o=mail,dc=meibin,dc=jp>, <cn=luke
kearney,o=hanabitaikai.org,o=mail,dc=meibin,dc=jp>
Mar 16 09:08:18 tamachi slapd[25955]: do_bind: version=3 dn="cn=Luke
Kearney,o=hanabitaikai.org,o=mail,dc=meibin,dc=jp" method=128
Mar 16 09:08:18 tamachi slapd[25955]: bdb_dn2entry("cn=luke
kearney,o=hanabitaikai.org,o=mail,dc=meibin,dc=jp")
Mar 16 09:08:18 tamachi slapd[25955]: do_bind: v3 bind: "cn=Luke
Kearney,o=hanabitaikai.org,o=mail,dc=meibin,dc=jp" to "cn=Luke
Kearney,o=hanabitaikai.org,o=mail,dc=meibin,dc=jp"
Mar 16 09:08:18 tamachi slapd[25955]: send_ldap_result: conn=84 op=0 p=3
Mar 16 09:08:18 tamachi slapd[25955]: send_ldap_response: msgid=1
tag=97 err=0
and just for good measure /var/log/maillog shows
Mar 16 09:08:18 tamachi imapd-ssl: Connection, ip=[::ffff:192.168.1.28]
Mar 16 09:08:18 tamachi authdaemond: received auth request,
service=imap, authtype=login
Mar 16 09:08:18 tamachi authdaemond: authldap: trying this module
Mar 16 09:08:18 tamachi authdaemond: selected ldap protocol version 3
Mar 16 09:08:18 tamachi authdaemond: binding to LDAP server as DN
'<null>', password '<null>'
Mar 16 09:08:18 tamachi authdaemond: using search filter: ([EMAIL PROTECTED]
)
Mar 16 09:08:18 tamachi authdaemond: one entry returned, DN: cn=Luke
Kearney,o=hanabitaikai.org,o=mail,dc=meibin,dc=jp
Mar 16 09:08:18 tamachi authdaemond: raw ldap entry returned:
Mar 16 09:08:18 tamachi authdaemond: | cn: Luke Kearney
Mar 16 09:08:18 tamachi authdaemond: | homeDirectory: /data/vmail/
hanabitaikai.org/lukek
Mar 16 09:08:18 tamachi authdaemond: | mail: [EMAIL PROTECTED]
Mar 16 09:08:18 tamachi authdaemond: | mailbox: /data/vmail/
hanabitaikai.org/lukek
Mar 16 09:08:18 tamachi authdaemond: authldaplib: sysusername=<null>,
sysuserid=5000, sysgroupid=5000, homedir=/data/vmail/hanabitaikai.org/
lukek, [EMAIL PROTECTED], fullname=Luke Kearney, maildir=/
data/vmail/hanabitaikai.org/lukek, quota=<null>, options=<null>
Mar 16 09:08:18 tamachi authdaemond: authldaplib: clearpasswd=<null>,
passwd=<null>
Mar 16 09:08:18 tamachi authdaemond: rebinding with DN 'cn=Luke
Kearney,o=hanabitaikai.org,o=mail,dc=meibin,dc=jp' to validate password
Mar 16 09:08:18 tamachi authdaemond: authentication bind successful
Mar 16 09:08:18 tamachi authdaemond: Authenticated:
sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/data/
vmail/hanabitaikai.org/lukek, [EMAIL PROTECTED],
fullname=Luke Kearney, maildir=/data/vmail/hanabitaikai.org/lukek,
quota=<null>, options=<null>
Mar 16 09:08:18 tamachi authdaemond: Authenticated:
clearpasswd=secret, passwd=<null>
Mar 16 09:08:18 tamachi imapd-ssl: LOGIN, [EMAIL PROTECTED],
ip=[::ffff:192.168.1.28], port=[53316], protocol=IMAP
Now when I try to relay I see the following
in /var/log/openldap.log
Mar 16 09:11:39 tamachi slapd[25955]: connection_get(29): got connid=88
Mar 16 09:11:39 tamachi slapd[25955]: connection_read(29): checking
for input on id=88
Mar 16 09:11:39 tamachi slapd[25955]: do_search
Mar 16 09:11:39 tamachi slapd[25955]: >>> dnPrettyNormal:
<o=mail,dc=meibin,dc=jp>
Mar 16 09:11:39 tamachi slapd[25955]: <<< dnPrettyNormal:
<o=mail,dc=meibin,dc=jp>, <o=mail,dc=meibin,dc=jp>
Mar 16 09:11:39 tamachi slapd[25955]: ==> limits_get: conn=88 op=3
dn="[anonymous]"
Mar 16 09:11:39 tamachi slapd[25955]: => bdb_search
Mar 16 09:11:39 tamachi slapd[25955]:
bdb_dn2entry("o=mail,dc=meibin,dc=jp")
Mar 16 09:11:39 tamachi slapd[25955]: search_candidates:
base="o=mail,dc=meibin,dc=jp" (0x0000006c) scope=2
Mar 16 09:11:39 tamachi slapd[25955]: =>
bdb_dn2idl("o=mail,dc=meibin,dc=jp")
Mar 16 09:11:39 tamachi slapd[25955]: <= bdb_dn2idl: id=8 first=108
last=147
Mar 16 09:11:39 tamachi slapd[25955]: => bdb_equality_candidates
(objectClass)
Mar 16 09:11:39 tamachi slapd[25955]: => key_read
Mar 16 09:11:39 tamachi slapd[25955]: <= bdb_index_read: failed (-30989)
Mar 16 09:11:39 tamachi slapd[25955]: <= bdb_equality_candidates:
id=0, first=0, last=0
Mar 16 09:11:39 tamachi slapd[25955]: => bdb_equality_candidates (mail)
Mar 16 09:11:39 tamachi slapd[25955]: => key_read
Mar 16 09:11:39 tamachi slapd[25955]: <= bdb_index_read: failed (-30989)
Mar 16 09:11:39 tamachi slapd[25955]: <= bdb_equality_candidates:
id=0, first=0, last=0
Mar 16 09:11:39 tamachi slapd[25955]: bdb_search_candidates: id=0
first=108 last=0
Mar 16 09:11:39 tamachi slapd[25955]: bdb_search: no candidates
Mar 16 09:11:39 tamachi slapd[25955]: send_ldap_result: conn=88 op=3 p=3
Mar 16 09:11:39 tamachi slapd[25955]: send_ldap_response: msgid=4
tag=101 err=0
Mar 16 09:11:39 tamachi slapd[25955]: ber_get_next on fd 29 failed
errno=11 (Resource temporarily unavailable)
Mar 16 09:11:39 tamachi slapd[25955]: connection_get(29): got connid=88
Mar 16 09:11:39 tamachi slapd[25955]: connection_read(29): checking
for input on id=88
Mar 16 09:11:39 tamachi slapd[25955]: ber_get_next on fd 29 failed
errno=11 (Resource temporarily unavailable)
Mar 16 09:11:39 tamachi slapd[25955]: do_search
Mar 16 09:11:39 tamachi slapd[25955]: >>> dnPrettyNormal:
<o=mail,dc=meibin,dc=jp>
Mar 16 09:11:39 tamachi slapd[25955]: <<< dnPrettyNormal:
<o=mail,dc=meibin,dc=jp>, <o=mail,dc=meibin,dc=jp>
Mar 16 09:11:39 tamachi slapd[25955]: ==> limits_get: conn=88 op=4
dn="[anonymous]"
Mar 16 09:11:39 tamachi slapd[25955]: => bdb_search
Mar 16 09:11:39 tamachi slapd[25955]:
bdb_dn2entry("o=mail,dc=meibin,dc=jp")
Mar 16 09:11:39 tamachi slapd[25955]: search_candidates:
base="o=mail,dc=meibin,dc=jp" (0x0000006c) scope=2
Mar 16 09:11:39 tamachi slapd[25955]: =>
bdb_dn2idl("o=mail,dc=meibin,dc=jp")
Mar 16 09:11:39 tamachi slapd[25955]: <= bdb_dn2idl: id=8 first=108
last=147
Mar 16 09:11:39 tamachi slapd[25955]: => bdb_equality_candidates
(objectClass)
Mar 16 09:11:39 tamachi slapd[25955]: => key_read
Mar 16 09:11:39 tamachi slapd[25955]: <= bdb_index_read: failed (-30989)
Mar 16 09:11:39 tamachi slapd[25955]: <= bdb_equality_candidates:
id=0, first=0, last=0
Mar 16 09:11:39 tamachi slapd[25955]: => bdb_equality_candidates (mail)
Mar 16 09:11:39 tamachi slapd[25955]: => key_read
Mar 16 09:11:39 tamachi slapd[25955]: <= bdb_index_read: failed (-30989)
Mar 16 09:11:39 tamachi slapd[25955]: <= bdb_equality_candidates:
id=0, first=0, last=0
Mar 16 09:11:39 tamachi slapd[25955]: bdb_search_candidates: id=0
first=108 last=0
Mar 16 09:11:39 tamachi slapd[25955]: bdb_search: no candidates
Mar 16 09:11:39 tamachi slapd[25955]: send_ldap_result: conn=88 op=4 p=3
Mar 16 09:11:39 tamachi slapd[25955]: send_ldap_response: msgid=5
tag=101 err=0
and in /var/log/maillog
Mar 16 09:11:39 tamachi authdaemond: received auth request,
service=smtp, authtype=login
Mar 16 09:11:39 tamachi authdaemond: authldap: trying this module
Mar 16 09:11:39 tamachi authdaemond: using search filter: ([EMAIL PROTECTED]
)
Mar 16 09:11:39 tamachi authdaemond: number of entries returned: 0
(but we need exactly 1)
Mar 16 09:11:39 tamachi authdaemond: authldap: REJECT - try next module
Mar 16 09:11:39 tamachi authdaemond: FAIL, all modules rejected
Mar 16 09:11:39 tamachi postfix/smtpd[26909]: warning: SASL
authentication failure: Password verification failed
Mar 16 09:11:39 tamachi postfix/smtpd[26909]: warning:
akasaka.hq.meibin.jp[192.168.1.28]: SASL PLAIN authentication failed:
authentication failure
Mar 16 09:11:39 tamachi postfix/smtpd[26909]: >
akasaka.hq.meibin.jp[192.168.1.28]: 535 5.7.8 Error: authentication
failed: authentication failure
Mar 16 09:11:39 tamachi postfix/smtpd[26909]: watchdog_pat: 0x907c7a0
Mar 16 09:11:39 tamachi postfix/smtpd[26909]: <
akasaka.hq.meibin.jp[192.168.1.28]: AUTH LOGIN
Mar 16 09:11:39 tamachi postfix/smtpd[26909]:
xsasl_cyrus_server_first: sasl_method LOGIN
Mar 16 09:11:39 tamachi postfix/smtpd[26909]:
xsasl_cyrus_server_auth_response: uncoded server challenge: Username:
Mar 16 09:11:39 tamachi postfix/smtpd[26909]: >
akasaka.hq.meibin.jp[192.168.1.28]: 334 VXNlcm5hbWU6
Mar 16 09:11:39 tamachi postfix/smtpd[26909]: <
akasaka.hq.meibin.jp[192.168.1.28]: bHVrZWtAaGFuYWJpdGFrYWkub3Jn
Mar 16 09:11:39 tamachi postfix/smtpd[26909]: xsasl_cyrus_server_next:
decoded response: [EMAIL PROTECTED]
Mar 16 09:11:39 tamachi postfix/smtpd[26909]:
xsasl_cyrus_server_auth_response: uncoded server challenge: Password:
Mar 16 09:11:39 tamachi postfix/smtpd[26909]: >
akasaka.hq.meibin.jp[192.168.1.28]: 334 GSODKsddoko
Mar 16 09:11:39 tamachi postfix/smtpd[26909]: <
akasaka.hq.meibin.jp[192.168.1.28]: YmNNNSSS
Mar 16 09:11:39 tamachi postfix/smtpd[26909]: xsasl_cyrus_server_next:
decoded response: secret
Mar 16 09:11:39 tamachi authdaemond: received auth request,
service=smtp, authtype=login
Mar 16 09:11:39 tamachi authdaemond: authldap: trying this module
Mar 16 09:11:39 tamachi authdaemond: using search filter: ([EMAIL PROTECTED]
)
Mar 16 09:11:39 tamachi postfix/smtpd[26909]: warning:
akasaka.hq.meibin.jp[192.168.1.28]: SASL LOGIN authentication failed:
authentication failure
Mar 16 09:11:39 tamachi postfix/smtpd[26909]: >
akasaka.hq.meibin.jp[192.168.1.28]: 535 5.7.8 Error: authentication
failed: authentication failure
Mar 16 09:11:39 tamachi postfix/smtpd[26909]: watchdog_pat: 0x907c7a0
Mar 16 09:11:39 tamachi authdaemond: number of entries returned: 0
(but we need exactly 1)
Mar 16 09:11:39 tamachi authdaemond: authldap: REJECT - try next module
Mar 16 09:11:39 tamachi authdaemond: FAIL, all modules rejected
I can see the difference between the two queries. In the SMTP-AUTH
query there is no search object. My /usr/lib/sasl2/smtpd.conf below
pwcheck_method: authdaemond
log_level: 7
mech_list: PLAIN LOGIN
authdaemond_path: /usr/local/var/spool/authdaemon/socket
Can anyone point me in the right direction here? I am not at all sure
where to go from here.
Thanks
---
Luke Kearney
[EMAIL PROTECTED]
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
