[pfx] Re: SASL authentication - first try local and then AD in postfix

Mon, 08 Jul 2024 18:38:37 -0700 

Hi Patrick,

Cyrus SASL is able to use saslauthd in order to authenticate users in
> /etc/passwd. I don’t know what you did with Cyrus SASL to configure AD
> authentication, but assuming it would be a method called foobar you would
> configure Cyrus SASL to use the following list of password verification
> methods:



I have configured the ldap via the below configuration, can you please
suggest how do i add local in this setup.

]# egrep -v "^#|^$" /etc/sysconfig/saslauthd
SOCKETDIR=/run/saslauthd
MECH=ldap
FLAGS="-O /etc/saslauthd.conf"
]# egrep -v "^#|^$" /etc/saslauthd.conf
ldap_servers: ldaps://10.1.1.11
ldap_search_base: xxxxx
ldap_filter: (sAMAccountName=%u)
ldap_bind_dn: xxxxxx
ldap_password:xxxx
ldap_tls_reqcert: never
# egrep -v "^#|^$" /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login


Regards,
Sandeep

On Mon, Jul 8, 2024 at 5:13 PM Viktor Dukhovni via Postfix-users <
postfix-users@postfix.org> wrote:

> On Mon, Jul 08, 2024 at 08:39:54AM +0200, Patrick Ben Koetter via
> Postfix-users wrote:
>
> > > I want to setup SMTP authentication in such a way that the user
> > > should first be looked locally (/etc/passwd) and then in AD. Is it
> > > possible to do so? I was able to configure AD auth via sasl (cyrus),
> > > but couldn't do both.
> >
> > Cyrus SASL is able to use saslauthd in order to authenticate users in
> > /etc/passwd.
>
> If saslauthd is configured to use "pam" authentication ("saslauthd -a
> pam"),
> then it should be possible to create a PAM config that uses either
> "pam_unix" or "pam_ldap" in that order.  Something like:
>
>     /etc/pam.d/smtp
>         auth sufficient pam_unix.so
>         auth requisite  pam_ldap.so use_first_pass
>         ...
>
> with much additional configuration needed for pam_ldap.
>
> --
>     Viktor.
> _______________________________________________
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
>

_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to