Hi! On 24/05/17 15:37, Daniel Bareiro wrote:
>> I am configuring SASL to authenticate against IMAP. When I try to >> authenticate, I get an error: >> >> ------------------------------------------------------------------ >> root@Wserver2:~# saslpasswd2 -c daniel >> ------------------------------------------------------------------ >> root@Wserver2:~# testsaslauthd -u daniel -p password >> 0: NO "authentication failed" >> ------------------------------------------------------------------ >> >> However it works when I provide the realm: >> >> ------------------------------------------------------------------ >> root@Wserver2:~# testsaslauthd -u daniel -r server2 -p password >> 0: OK "Success." >> ------------------------------------------------------------------ >> >> It's strange because I have another server where it works without problems: >> >> ------------------------------------------------------------------ >> root@mail:~# testsaslauthd -u daniel -p password >> 0: OK "Success." >> ------------------------------------------------------------------ >> >> Both hosts have Debian Jessie and the SASL configuration is the same: >> >> ------------------------------------------------------------------ >> root@mail:~# grep ^[^#] /etc/default/saslauthd >> START=yes >> DESC="SASL Authentication Daemon" >> NAME="saslauthd" >> MECHANISMS="sasldb" >> MECH_OPTIONS="" >> THREADS=5 >> OPTIONS="-c -m /var/run/saslauthd" >> ------------------------------------------------------------------ >> root@server2:~# grep ^[^#] /etc/default/saslauthd >> START=yes >> DESC="SASL Authentication Daemon" >> NAME="saslauthd" >> MECHANISMS="sasldb" >> MECH_OPTIONS="" >> THREADS=5 >> OPTIONS="-c -m /var/run/saslauthd" >> ------------------------------------------------------------------ >> >> "mail" has some updates to apply, but I do not see any differences in >> the versions of the SASL packages: >> >> ------------------------------------------------------------------ >> root@mail:~# aptitude show libsasl2-2 | grep Versión >> Versión: 2.1.26.dfsg1-13+deb8u1 >> >> root@mail:~# aptitude show libsasl2-modules | grep Versión >> Versión: 2.1.26.dfsg1-13+deb8u1 >> >> root@mail:~# aptitude show sasl2-bin | grep Versión >> Versión: 2.1.26.dfsg1-13+deb8u1 >> ------------------------------------------------------------------ >> >> ------------------------------------------------------------------ >> root@server2:~# aptitude show libsasl2-2 | grep Version >> Version: 2.1.26.dfsg1-13+deb8u1 >> >> root@server2:~# aptitude show libsasl2-modules | grep Version >> Version: 2.1.26.dfsg1-13+deb8u1 >> >> root@server2:~# aptitude show sasl2-bin | grep Version >> Version: 2.1.26.dfsg1-13+deb8u1 >> ------------------------------------------------------------------ >> >> In this case I'm not doing the authentication test against IMAP but >> directly against SASL, so I guess the problem will be directly related >> to the SASL configuration itself. >> >> Any thoughts about what might differ between the two environments? > In case it is useful, when the authentication fails I get this in > /var/log/auth.log: > > ------------------------------------------------------------------ > May 24 15:31:38 server2 saslauthd[2701]: do_auth : auth failure: > [user=daniel] [service=imap] [realm=] [mech=sasldb] [reason=Unknown] > ------------------------------------------------------------------ > > It seems that authentication is done through IMAP and I have previously > installed the Cyrus packages. Apparently, despite this difference, the SASL authentication via IMAP is working. /var/log/mail.log: ------------------------------------------------------------------ May 24 19:38:51 server2 cyrus/imaps[3711]: starttls: TLSv1.2 with cipher ECDHE-RSA-AES128-SHA (128/128 bits new) no authentication May 24 19:38:51 server2 cyrus/imaps[3711]: login: host.domain.tld.net [x.y.z.t] daniel CRAM-MD5+TLS User logged in SESSIONID=<cyrus-3711-1495665531-1> May 24 19:38:51 server2 cyrus/imaps[3711]: created decompress buffer of 4102 bytes May 24 19:38:51 server2 cyrus/imaps[3711]: created compress buffer of 4102 bytes May 24 19:38:51 server2 cyrus/imaps[3711]: client id: "name" "Thunderbird" "version" "45.8.0" May 24 19:38:53 server2 cyrus/master[3800]: about to exec /usr/lib/cyrus/bin/imapd May 24 19:38:53 server2 cyrus/imaps[3800]: executed May 24 19:38:53 server2 cyrus/imaps[3800]: accepted connection May 24 19:38:53 server2 cyrus/imaps[3800]: imapd:Loading hard-coded DH parameters May 24 19:38:53 server2 cyrus/imaps[3800]: SSL_accept() incomplete -> wait May 24 19:38:54 server2 cyrus/imaps[3800]: SSL_accept() succeeded -> done ------------------------------------------------------------------ But SMTP authentication for sending mail is not working. /var/log/auth.log: ------------------------------------------------------------------ May 24 20:12:38 server2 saslauthd[3685]: do_auth : auth failure: [user=daniel] [service=smtp] [realm=] [mech=sasldb] [reason=Unknown] May 24 20:12:38 server2 saslauthd[3683]: do_auth : auth failure: [user=daniel] [service=smtp] [realm=] [mech=sasldb] [reason=Unknown] May 24 20:12:56 server2 saslauthd[3684]: do_auth : auth failure: [user=daniel] [service=smtp] [realm=] [mech=sasldb] [reason=Unknown] May 24 20:12:56 server2 saslauthd[3682]: do_auth : auth failure: [user=daniel] [service=smtp] [realm=] [mech=sasldb] [reason=Unknown] ------------------------------------------------------------------ /var/log/mail.log: ------------------------------------------------------------------ May 24 20:12:37 server2 postfix/smtpd[4122]: Anonymous TLS connection established from unknown[x.y.z.t] TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) May 24 20:12:38 server2 postfix/smtpd[4122]: warning: SASL authentication failure: Password verification failed May 24 20:12:38 server2 postfix/smtpd[4122]: warning: unknown[x.y.z.t] SASL PLAIN authentication failed: authentication failure May 24 20:12:38 server2 postfix/smtpd[4122]: warning: unknown[x.y.z.t] SASL LOGIN authentication failed: authentication failure May 24 20:12:56 server2 postfix/smtpd[4122]: warning: SASL authentication failure: Password verification failed May 24 20:12:56 server2 postfix/smtpd[4122]: warning: unknown[x.y.z.t] SASL PLAIN authentication failed: authentication failure May 24 20:12:56 server postfix/smtpd[4122]: warning: unknown[x.y.z.t] SASL LOGIN authentication failed: authentication failure ------------------------------------------------------------------ I'll keep investigating. All comments are welcome. Thanks. Kind regards, Daniel
signature.asc
Description: OpenPGP digital signature
