Re: [courier-users] Troubleshooting authdaemon - ldaprc amended

Thu, 11 Apr 2002 09:36:22 -0700 

Sorry, I didn't give my full authldaprc with the last post.
I was missing some parts. Here is another try.

On Thu, Apr 11, 2002 at 11:23:10AM -0400, Theodore J. Knab wrote:
I am troubleshooting the ldap authdaemon.
I need some help. Maybe just a second set of eyes: ;-)

I am using the following Debian packages:

ii  courier-authda 0.37.3-2       Courier Mail Server authentication
ii  courier-base   0.37.3-2       Courier Mail Server Base System
ii  courier-debug  0.37.3-2       Debugging Tools for Courier Mail
ii  courier-doc    0.37.3-1       Documentation for the Courier Mail
ii  courier-imap   1.4.3-2        IMAP daemon with PAM and Maildir
ii  courier-imap-s 1.4.3-1        IMAP daemon with SSL, PAM and Maildir
ii  courier-ldap   0.37.3-2       LDAP support for Courier Mail Server
rc  courier-maildr 0.37.3-2       Mail delivery agent with filtering
ii  courier-pop    0.37.3-2       POP3 daemon with PAM and Maildir
ii  courier-ssl    0.37.3-1       Courier Mail Server SSL Package
ii  maildrop       1.3.7-2        mail delivery agent with filter

The following daemons are running:

root       554  0.0  0.0  1436  448 ?        S    11:14   0:00
/usr/sbin/courierlogger imaplogin
root       565  0.0  0.0  2216  696 ?        S    11:14   0:00
/usr/lib/courier/authlib/authdaemond.ldap start
root       566  0.0  0.0  2356 1084 ?        S    11:14   0:00
/usr/lib/courier/authlib/authdaemond.ldap start
root       567  0.0  0.0  2216  696 ?        S    11:14   0:00
/usr/lib/courier/authlib/authdaemond.ldap start
root       568  0.0  0.0  2216  696 ?        S    11:14   0:00
/usr/lib/courier/authlib/authdaemond.ldap start
root       569  0.0  0.0  2216  696 ?        S    11:14   0:00
/usr/lib/courier/authlib/authdaemond.ldap start
root       570  0.0  0.0  2216  696 ?        S    11:14   0:00
/usr/lib/courier/authlib/authdaemond.ldap start
root       592  0.0  0.0  1336  472 pts/2    S    11:19   0:00 grep -i
courier
root       551  0.0  0.0  1532  536 ?        S    11:14   0:00
/usr/sbin/couriertcpd -address=0 -stderrlogger=/usr/sbin/courierlogger
-maxprocs=40 -maxperip=4 -pid=/var/run/courier/imapd.pid -nodnslookup
-noidentlookup 143 /usr/lib/courier/courier/imaplogin
/usr/lib/courier/authlib/authdaemon /usr/bin/imapd Maildir
root       554  0.0  0.0  1436  448 ?        S    11:14   0:00
/usr/sbin/courierlogger imaplogin

The tests seems to appear that everything is working on the server side, but I am 
getting a
login failed from the client side. I am using both the netscape client and the 
mulberry client to test.

Mulberry complains that the TCP is being reset: "TCP/IP: connection reset by remote 
host
while logining into server".

Netscape complains: That it is unable to connect to server at the current
location:

It does exist:

washmail:/home/tjk# nmap 209.243.37.154

Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
Interesting ports on WC-37-154.washcoll.edu (209.243.37.154):
(The 1550 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh                     
110/tcp    open        pop-3                   
111/tcp    open        sunrpc                  
143/tcp    open        imap2  

Apr 11 11:00:18 imap-mail imaplogin: Connection,
ip=[::ffff:192.146.226.81]
Apr 11 11:00:18 imap-mail imaplogin: LOGIN, user=tester1,
ip=[::ffff:192.146.226.81]
Apr 11 11:06:15 imap-mail imaplogin: Connection,
ip=[::ffff:192.146.226.81]
Apr 11 11:06:15 imap-mail imaplogin: LOGIN, user=tester1,
ip=[::ffff:192.146.226.81]
Apr 11 11:06:18 imap-mail imaplogin: Connection,
ip=[::ffff:192.146.226.81]
Apr 11 11:06:18 imap-mail imaplogin: LOGIN, user=tester1,
ip=[::ffff:192.146.226.81]
Apr 11 11:07:53 imap-mail courierpop3login: Connection,
ip=[::ffff:192.146.226.81]
Apr 11 11:07:53 imap-mail imaplogin: Connection,
ip=[::ffff:192.146.226.81]

When I type in the wrong password, the client tells me it is wrong.
Apr 11 11:13:24 imap-mail imaplogin: Connection,
ip=[::ffff:192.146.226.81]
Apr 11 11:13:37 imap-mail imaplogin: LOGIN FAILED,
ip=[::ffff:192.146.226.81]
Apr 11 11:13:55 imap-mail imaplogin: LOGIN, user=tester1,
ip=[::ffff:192.146.226.8


Could the name be a problem ?: 

imap-mail:/home/staff# cat /etc/hosts
127.0.0.1       imap    localhost
#not in dns as this
209.243.37.154  imap.washsholl.edu imap imap-mail

The courier debug tool is getting this 

map-mail:/home/staff# courierauthtest tester1 tester1
Authenticated: module authdaemon
Home directory: /home/staff/tester1
UID/GID: 1001/1001
AUTHADDR=tester1
AUTHFULLNAME=test t. tinker

#syslog from remote ldap server seems to check out
Apr 11 11:13:56 moe2 slapd[2852]: connection_get(20) 
Apr 11 11:13:56 moe2 slapd[2865]: SRCH
"ou=mailaccounts,dc=washcoll,dc=edu" 2 0
Apr 11 11:13:56 moe2 slapd[2865]:     0 0 0 
Apr 11 11:13:56 moe2 slapd[2865]:     filter:
([EMAIL PROTECTED]) 
Apr 11 11:13:56 moe2 slapd[2865]:     attrs:
Apr 11 11:13:56 moe2 slapd[2865]:  homeDirectory
Apr 11 11:13:56 moe2 slapd[2865]:  cn
Apr 11 11:13:56 moe2 slapd[2865]:  clearPassword
Apr 11 11:13:56 moe2 slapd[2865]:  userPassword
Apr 11 11:13:56 moe2 slapd[2865]:  mail
Apr 11 11:13:56 moe2 slapd[2865]:  Quota

slapcat output from ldap server

dn: [EMAIL PROTECTED],ou=mailaccounts, dc=washcoll, dc=edu
userPassword:: e1NTSEF9MjdSa3ZPYisrTytYMnpTeVZwQW90b21Ec0ZWQ3I4MFU=
objectClass: couriermailaccount
mail: [EMAIL PROTECTED]
mail: useradmin2
cn: mail user admin
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/staff/useradmin2
quota: 10M
clearPassword: useradmin2
description: courier user admin no shell account

dn: [EMAIL PROTECTED],ou=mailaccounts, dc=washcoll, dc=edu
userPassword:: e1NTSEF9TWRUcmhVS09sSGRoQjVxMkkxN0UxTEdpTllpVjE4NE0=
objectClass: couriermailaccount
cn: test t. tinker
homeDirectory: /home/staff/tester1
mail: [EMAIL PROTECTED]
mail: tester1
uidNumber: 1001
gidNumber: 1001
quota: 10M
clearPassword: tester1

dn: [EMAIL PROTECTED],ou=mailaccounts, dc=washcoll, dc=edu
objectClass: CourierMailAlias
mail: [EMAIL PROTECTED]
maildrop: tester1

#courier is the user that is reading the password
#from slapd.conf
...
access to attr=userpassword,clearpassword,ldappassword
    by dn="cn=admin,dc=washcoll,dc=edu" write 
    by dn="cn=courier,dc=washcoll,dc=edu" read
    by self write
    by anonymous auth
    by * none
...


/etc/courier/* configuration files

authldaprc

LDAP_SERVER             209.243.37.9
LDAP_PORT               389
LDAP_BASEDN             ou=mailaccounts,dc=washcoll,dc=edu
LDAP_BINDDN             cn=courier,dc=washcoll,dc=edu
LDAP_BINDPW             couriersecret
LDAP_TIMEOUT    5       
LDAP_AUTHBIND           0
LDAP_MAIL               mail
LDAP_DOMAIN             washcoll.edu
LDAP_GLOB_UID           vmail
LDAP_GLOB_GID           vmail
LDAP_HOMEDIR            homeDirectory
LDAP_MAILDIRQUOTA       Quota
LDAP_FULLNAME           cn
LDAP_CLEARPW            clearPassword
LDAP_CRYPTPW            userPassword
LDAP_DEREF              never
LDAP_TLS        0   

authdaemonrc

authmodulelist="authldap"
authmodulelistorig="authldap"
daemons=5
version=""
authdaemonvar=/var/run/courier/authdaemon

ldapaliasrc
LDAP_ALIAS              1
LDAP_SERVER             209.243.37.9
LDAP_PORT               389
LDAP_NUMPROCS           5
LDAP_BASEDN             ou=mailaccounts,dc=washcoll,dc=edu
LDAP_BINDDN             cn=courier,dc=washcoll,dc=edu
LDAP_BINDPW             couriersecret
LDAP_TIMEOUT            5
LDAP_MAIL               mail
LDAP_MAILDROP           maildrop
LDAP_SOURCE

maildrop
/usr/bin/maildrop

*********************************
 *Theodore Knab                 *
 * --------------------------- *
*********************************

_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

-- 
*********************************
 *Theodore Knab                 *
 *Systems Engineer  [Unix]     *        
 * --------------------------- *
 *My Desk: x7419               *
 *Fax: 410-778-7830            * 
*********************************

_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to