RE: [Web-cyradm] Cyradm - SASL problem

Mon, 08 Aug 2005 11:54:41 -0700 

Just a brief recapture of my problem:

        1. I get a SUCCESS when running testsaslauthd on accounts created
with Web-cyrus
        2. I get User NOT FOUND from SASL when connecting through the email
client software with the same user as in testsaslauthd.
        3. It seems that Web-cyrus doesn't create any mailboxes in cyrus,
since cyradm -> lm returns no emailboxes.
        4. Cyrus does not receive any mails from postfix.
        5. Postfix finds the account users in the mysql mail table.

/etc/pam.d/imap smtp pop and sieve are identical.

I have no ideas of what the error could be, or how to debug. Where and what
does SASL and WEB-Cyradm log.

Regards

Thor Vik

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thor Vik
Sent: 8. august 2005 15:31
To: [email protected]
Subject: RE: [Web-cyradm] Cyradm - SASL problem

Ok, so I have done the testsaslauthd -u mail0003-p 'password' and I get
SUCCESS. The user mail0003 was created by web-cyradm and has never been seen
by the system. When connect through the email client I get:

        Aug  8 15:20:55 venus cyrus/imapd[15538]: badlogin:
175.80-202-134.nextgentel.com[80.202.134.175] plaintext mail0003 SASL(-13):
user not found:         checkpass failed 

So what does this means?

Regards 

Thor

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marcel Hartmann
Sent: 8. august 2005 14:14
To: [email protected]
Subject: RE: [Web-cyradm] Cyradm - SASL problem

Hi, 

> Subject: RE: [Web-cyradm] Cyradm - SASL problem
> 
> There are many files in /etc/pam.d/. Exept for imap they all says:
> 
>       @include common-auth
>       @include common-account
> 
> Where common-auth says:
> 
>       auth    required        pam_unix.so nullok_secure
> 
> And common-account says;
>       
>       account required        pam_unix.so
> 
> Exept for imap, which I have changed to not use these common things, 
> but pasted what's Luc's how to, and of course changed the password.
> Now I also have changed the crypt to 0.
> 
> Does saslauthd logg to somewhere?
Yes he logs to messages.

You need the following to get it working:

1. set up pam_mysql, if you have no luuck with the compile process You can
read the faq at pam-mysql.sourceforge.net. All possible Problems are written
down there.

2. you must set a crypt method in the pam.d/* files and in the
config.inc.php from web-cyradm. I use crypt, because i can transform the
accounts with these passwords easy to another structure. But you Can use md5
or plaintext.

3. Put a user in the accountuser Table from your web-cyradm Database.
Now you can test. First of them ist this:

$saslauthd -v
Now you get a list with all compiled in Auth mechs in saslauthd. There MUST
Be an pam in there, if you don't have it, you must build saslauthd with pam,
So that you can start him with -a pam, and a $ps aux | grep saslauthd should
Write something like this:
root     22353  0.0  2.6 16164 13376 ?       Ss   Aug01   0:12
/usr/sbin/saslauthd -m /var/run/saslauthd -a pam -r

Here is the -a pam very important, because without this start option,
saslauthd Don't look in the Database instead of /etc/sasldb2!

The next step is to put the correct files in /pam.d/ there are named
smtp/imap/pop and sieve.
Create a Database User who has read rights to your web-cyradm database. And
a file must look like this:

$less /etc/pam.d/imap
auth sufficient pam_mysql.so user=user passwd=pass host=localhost db=db
table=mail_user usercolumn=username passwdcolumn=password crypt=1 sqllog=0
logtable=mail_log logmsgcolumn=msg logusercolumn=user loghostcolumn=host
logtimecolumn=time logpidcolumn=pid

account required pam_mysql.so user=user passwd=pass host=localhost db=db
table=mail_user usercolumn=username passwdcolumn=password crypt=1 sqllog=0
logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host
logtimecolumn=time logpidcolumn=pid

Change the where clausel in this to the right names! In imap you must set it
to imap, pop=where pop=1 and so on, whith these you can disable imap but
allow pop for a account.

Now create a database user in accountusers.
Go in the database with phpMyAdmin not with saslpasswd2!

And now test the user:
$testsaslauthd -u username -p password -a authmech(like imap or pop or sieve
or smtp, So you can test it fine :-) )

If you get an SUCCESS you SMTP AUTH is ready for using it, but if there is a
NO, AUTH FAILED, You have done something wrong.

Can you tell us what is your Distri, and show us some logentrys for your
Problem?

Greets
  Marcel Hartmann


_______________________________________________
This mailing list is hosted and supported by bit-heads GmbH |
http://www.bit-heads.ch

_______________________________________________
Web-cyradm mailing list
[email protected]
http://www.web-cyradm.org/mailman/listinfo/web-cyradm

_______________________________________________
This mailing list is hosted and supported by bit-heads GmbH |
http://www.bit-heads.ch

_______________________________________________
Web-cyradm mailing list
[email protected]
http://www.web-cyradm.org/mailman/listinfo/web-cyradm

_______________________________________________
This mailing list is hosted and supported
by bit-heads GmbH | http://www.bit-heads.ch

_______________________________________________
Web-cyradm mailing list
[email protected]
http://www.web-cyradm.org/mailman/listinfo/web-cyradm

Reply via email to