Re: Issue with SASL authentication
Hi again! On 24/05/17 21:21, Daniel Bareiro wrote: >>> I am configuring SASL to authenticate against IMAP. When I try to >>> authenticate, I get an error: >>> >>> -- >>> root@Wserver2:~# saslpasswd2 -c daniel >>> -- >>> root@Wserver2:~# testsaslauthd -u daniel -p password >>> 0: NO "authentication failed" >>> -- >>> >>> However it works when I provide the realm: >>> >>> -- >>> root@Wserver2:~# testsaslauthd -u daniel -r server2 -p password >>> 0: OK "Success." >>> -- >>> >>> It's strange because I have another server where it works without problems: >>> >>> -- >>> root@mail:~# testsaslauthd -u daniel -p password >>> 0: OK "Success." >>> -- >>> >>> Both hosts have Debian Jessie and the SASL configuration is the same: >>> >>> -- >>> root@mail:~# grep ^[^#] /etc/default/saslauthd >>> START=yes >>> DESC="SASL Authentication Daemon" >>> NAME="saslauthd" >>> MECHANISMS="sasldb" >>> MECH_OPTIONS="" >>> THREADS=5 >>> OPTIONS="-c -m /var/run/saslauthd" >>> -- >>> root@server2:~# grep ^[^#] /etc/default/saslauthd >>> START=yes >>> DESC="SASL Authentication Daemon" >>> NAME="saslauthd" >>> MECHANISMS="sasldb" >>> MECH_OPTIONS="" >>> THREADS=5 >>> OPTIONS="-c -m /var/run/saslauthd" >>> -- >>> >>> "mail" has some updates to apply, but I do not see any differences in >>> the versions of the SASL packages: >>> >>> -- >>> root@mail:~# aptitude show libsasl2-2 | grep Versión >>> Versión: 2.1.26.dfsg1-13+deb8u1 >>> >>> root@mail:~# aptitude show libsasl2-modules | grep Versión >>> Versión: 2.1.26.dfsg1-13+deb8u1 >>> >>> root@mail:~# aptitude show sasl2-bin | grep Versión >>> Versión: 2.1.26.dfsg1-13+deb8u1 >>> -- >>> >>> -- >>> root@server2:~# aptitude show libsasl2-2 | grep Version >>> Version: 2.1.26.dfsg1-13+deb8u1 >>> >>> root@server2:~# aptitude show libsasl2-modules | grep Version >>> Version: 2.1.26.dfsg1-13+deb8u1 >>> >>> root@server2:~# aptitude show sasl2-bin | grep Version >>> Version: 2.1.26.dfsg1-13+deb8u1 >>> -- >>> >>> In this case I'm not doing the authentication test against IMAP but >>> directly against SASL, so I guess the problem will be directly related >>> to the SASL configuration itself. >>> >>> Any thoughts about what might differ between the two environments? >> In case it is useful, when the authentication fails I get this in >> /var/log/auth.log: >> >> -- >> May 24 15:31:38 server2 saslauthd[2701]: do_auth : auth failure: >> [user=daniel] [service=imap] [realm=] [mech=sasldb] [reason=Unknown] >> -- >> >> It seems that authentication is done through IMAP and I have previously >> installed the Cyrus packages. > Apparently, despite this difference, the SASL authentication via IMAP is > working. > > /var/log/mail.log: > > -- > May 24 19:38:51 server2 cyrus/imaps[3711]: starttls: TLSv1.2 with cipher > ECDHE-RSA-AES128-SHA (128/128 bits new) no authentication > May 24 19:38:51 server2 cyrus/imaps[3711]: login: host.domain.tld.net > [x.y.z.t] daniel CRAM-MD5+TLS User logged in > SESSIONID= > May 24 19:38:51 server2 cyrus/imaps[3711]: created decompress buffer of > 4102 bytes > May 24 19:38:51 server2 cyrus/imaps[3711]: created compress buffer of > 4102 bytes > May 24 19:38:51 server2 cyrus/imaps[3711]: client id: "name" > "Thunderbird" "version" "45.8.0" > May 24 19:38:53 server2 cyrus/master[3800]: about to exec > /usr/lib/cyrus/bin/imapd > May 24 19:38:53 server2 cyrus/imaps[3800]: executed > May 24 19:38:53 server2 cyrus/imaps[3800]: accepted connection > May 24 19:38:53 server2 cyrus/imaps[3800]: imapd:Loading hard-coded DH > parameters > May 24 19:38:53 server2 cyrus/imaps[3800]: SSL_accept() incomplete -> wait > May 24 19:38:54 server2 cyrus/imaps[3800]: SSL_accept() succeeded -> done > -- > > But SMTP authentication for sending mail is not working. > > /var/log/auth.log: > > -- > May 24
Re: Issue with SASL authentication
Hi! On 24/05/17 15:37, Daniel Bareiro wrote: >> I am configuring SASL to authenticate against IMAP. When I try to >> authenticate, I get an error: >> >> -- >> root@Wserver2:~# saslpasswd2 -c daniel >> -- >> root@Wserver2:~# testsaslauthd -u daniel -p password >> 0: NO "authentication failed" >> -- >> >> However it works when I provide the realm: >> >> -- >> root@Wserver2:~# testsaslauthd -u daniel -r server2 -p password >> 0: OK "Success." >> -- >> >> It's strange because I have another server where it works without problems: >> >> -- >> root@mail:~# testsaslauthd -u daniel -p password >> 0: OK "Success." >> -- >> >> Both hosts have Debian Jessie and the SASL configuration is the same: >> >> -- >> root@mail:~# grep ^[^#] /etc/default/saslauthd >> START=yes >> DESC="SASL Authentication Daemon" >> NAME="saslauthd" >> MECHANISMS="sasldb" >> MECH_OPTIONS="" >> THREADS=5 >> OPTIONS="-c -m /var/run/saslauthd" >> -- >> root@server2:~# grep ^[^#] /etc/default/saslauthd >> START=yes >> DESC="SASL Authentication Daemon" >> NAME="saslauthd" >> MECHANISMS="sasldb" >> MECH_OPTIONS="" >> THREADS=5 >> OPTIONS="-c -m /var/run/saslauthd" >> -- >> >> "mail" has some updates to apply, but I do not see any differences in >> the versions of the SASL packages: >> >> -- >> root@mail:~# aptitude show libsasl2-2 | grep Versión >> Versión: 2.1.26.dfsg1-13+deb8u1 >> >> root@mail:~# aptitude show libsasl2-modules | grep Versión >> Versión: 2.1.26.dfsg1-13+deb8u1 >> >> root@mail:~# aptitude show sasl2-bin | grep Versión >> Versión: 2.1.26.dfsg1-13+deb8u1 >> -- >> >> -- >> root@server2:~# aptitude show libsasl2-2 | grep Version >> Version: 2.1.26.dfsg1-13+deb8u1 >> >> root@server2:~# aptitude show libsasl2-modules | grep Version >> Version: 2.1.26.dfsg1-13+deb8u1 >> >> root@server2:~# aptitude show sasl2-bin | grep Version >> Version: 2.1.26.dfsg1-13+deb8u1 >> -- >> >> In this case I'm not doing the authentication test against IMAP but >> directly against SASL, so I guess the problem will be directly related >> to the SASL configuration itself. >> >> Any thoughts about what might differ between the two environments? > In case it is useful, when the authentication fails I get this in > /var/log/auth.log: > > -- > May 24 15:31:38 server2 saslauthd[2701]: do_auth : auth failure: > [user=daniel] [service=imap] [realm=] [mech=sasldb] [reason=Unknown] > -- > > It seems that authentication is done through IMAP and I have previously > installed the Cyrus packages. Apparently, despite this difference, the SASL authentication via IMAP is working. /var/log/mail.log: -- May 24 19:38:51 server2 cyrus/imaps[3711]: starttls: TLSv1.2 with cipher ECDHE-RSA-AES128-SHA (128/128 bits new) no authentication May 24 19:38:51 server2 cyrus/imaps[3711]: login: host.domain.tld.net [x.y.z.t] daniel CRAM-MD5+TLS User logged in SESSIONID= May 24 19:38:51 server2 cyrus/imaps[3711]: created decompress buffer of 4102 bytes May 24 19:38:51 server2 cyrus/imaps[3711]: created compress buffer of 4102 bytes May 24 19:38:51 server2 cyrus/imaps[3711]: client id: "name" "Thunderbird" "version" "45.8.0" May 24 19:38:53 server2 cyrus/master[3800]: about to exec /usr/lib/cyrus/bin/imapd May 24 19:38:53 server2 cyrus/imaps[3800]: executed May 24 19:38:53 server2 cyrus/imaps[3800]: accepted connection May 24 19:38:53 server2 cyrus/imaps[3800]: imapd:Loading hard-coded DH parameters May 24 19:38:53 server2 cyrus/imaps[3800]: SSL_accept() incomplete -> wait May 24 19:38:54 server2 cyrus/imaps[3800]: SSL_accept() succeeded -> done -- But SMTP authentication for sending mail is not working. /var/log/auth.log: -- May 24 20:12:38 server2 saslauthd[3685]: do_auth : auth failure: [user=daniel] [service=smtp] [realm=] [mech=sasldb] [reason=Unknown] May 24 20:12:38
Re: Issue with SASL authentication
Hi again. On 24/05/17 10:57, Daniel Bareiro wrote: > I am configuring SASL to authenticate against IMAP. When I try to > authenticate, I get an error: > > -- > root@Wserver2:~# saslpasswd2 -c daniel > -- > root@Wserver2:~# testsaslauthd -u daniel -p password > 0: NO "authentication failed" > -- > > However it works when I provide the realm: > > -- > root@Wserver2:~# testsaslauthd -u daniel -r server2 -p password > 0: OK "Success." > -- > > It's strange because I have another server where it works without problems: > > -- > root@mail:~# testsaslauthd -u daniel -p password > 0: OK "Success." > -- > > Both hosts have Debian Jessie and the SASL configuration is the same: > > -- > root@mail:~# grep ^[^#] /etc/default/saslauthd > START=yes > DESC="SASL Authentication Daemon" > NAME="saslauthd" > MECHANISMS="sasldb" > MECH_OPTIONS="" > THREADS=5 > OPTIONS="-c -m /var/run/saslauthd" > -- > root@server2:~# grep ^[^#] /etc/default/saslauthd > START=yes > DESC="SASL Authentication Daemon" > NAME="saslauthd" > MECHANISMS="sasldb" > MECH_OPTIONS="" > THREADS=5 > OPTIONS="-c -m /var/run/saslauthd" > -- > > "mail" has some updates to apply, but I do not see any differences in > the versions of the SASL packages: > > -- > root@mail:~# aptitude show libsasl2-2 | grep Versión > Versión: 2.1.26.dfsg1-13+deb8u1 > > root@mail:~# aptitude show libsasl2-modules | grep Versión > Versión: 2.1.26.dfsg1-13+deb8u1 > > root@mail:~# aptitude show sasl2-bin | grep Versión > Versión: 2.1.26.dfsg1-13+deb8u1 > -- > > -- > root@server2:~# aptitude show libsasl2-2 | grep Version > Version: 2.1.26.dfsg1-13+deb8u1 > > root@server2:~# aptitude show libsasl2-modules | grep Version > Version: 2.1.26.dfsg1-13+deb8u1 > > root@server2:~# aptitude show sasl2-bin | grep Version > Version: 2.1.26.dfsg1-13+deb8u1 > -- > > In this case I'm not doing the authentication test against IMAP but > directly against SASL, so I guess the problem will be directly related > to the SASL configuration itself. > > Any thoughts about what might differ between the two environments? In case it is useful, when the authentication fails I get this in /var/log/auth.log: -- May 24 15:31:38 server2 saslauthd[2701]: do_auth : auth failure: [user=daniel] [service=imap] [realm=] [mech=sasldb] [reason=Unknown] -- It seems that authentication is done through IMAP and I have previously installed the Cyrus packages. Thanks in advance, Kind regards, Daniel signature.asc Description: OpenPGP digital signature
Issue with SASL authentication
Hi all! I am configuring SASL to authenticate against IMAP. When I try to authenticate, I get an error: -- root@Wserver2:~# saslpasswd2 -c daniel -- root@Wserver2:~# testsaslauthd -u daniel -p password 0: NO "authentication failed" -- However it works when I provide the realm: -- root@Wserver2:~# testsaslauthd -u daniel -r server2 -p password 0: OK "Success." -- It's strange because I have another server where it works without problems: -- root@mail:~# testsaslauthd -u daniel -p password 0: OK "Success." -- Both hosts have Debian Jessie and the SASL configuration is the same: -- root@mail:~# grep ^[^#] /etc/default/saslauthd START=yes DESC="SASL Authentication Daemon" NAME="saslauthd" MECHANISMS="sasldb" MECH_OPTIONS="" THREADS=5 OPTIONS="-c -m /var/run/saslauthd" -- root@server2:~# grep ^[^#] /etc/default/saslauthd START=yes DESC="SASL Authentication Daemon" NAME="saslauthd" MECHANISMS="sasldb" MECH_OPTIONS="" THREADS=5 OPTIONS="-c -m /var/run/saslauthd" -- "mail" has some updates to apply, but I do not see any differences in the versions of the SASL packages: -- root@mail:~# aptitude show libsasl2-2 | grep Versión Versión: 2.1.26.dfsg1-13+deb8u1 root@mail:~# aptitude show libsasl2-modules | grep Versión Versión: 2.1.26.dfsg1-13+deb8u1 root@mail:~# aptitude show sasl2-bin | grep Versión Versión: 2.1.26.dfsg1-13+deb8u1 -- -- root@server2:~# aptitude show libsasl2-2 | grep Version Version: 2.1.26.dfsg1-13+deb8u1 root@server2:~# aptitude show libsasl2-modules | grep Version Version: 2.1.26.dfsg1-13+deb8u1 root@server2:~# aptitude show sasl2-bin | grep Version Version: 2.1.26.dfsg1-13+deb8u1 -- In this case I'm not doing the authentication test against IMAP but directly against SASL, so I guess the problem will be directly related to the SASL configuration itself. Any thoughts about what might differ between the two environments? Thanks in advance. Kind regards, Daniel signature.asc Description: OpenPGP digital signature