Hi again. On 24/05/17 17:46, Daniel Bareiro wrote:
> Maybe this question is not 100% about Postfix, but it is related. I am > configuring a Postifx server with SASL authentication. > > When I do a test to authenticate, I get an error: > > ------------------------------------------------------------------ > root@server2:~# saslpasswd2 -c daniel > ------------------------------------------------------------------ > root@server2:~# testsaslauthd -u daniel -p password > 0: NO "authentication failed" > ------------------------------------------------------------------ > > However it works when I provide the realm: > > ------------------------------------------------------------------ > root@server2:~# testsaslauthd -u daniel -r server2 -p password > 0: OK "Success." > ------------------------------------------------------------------ > > It's strange because I have another mail server where it works without > problems: > > ------------------------------------------------------------------ > root@mail:~# testsaslauthd -u daniel -p password > 0: OK "Success." > ------------------------------------------------------------------ > > Both hosts have Debian Jessie and the SASL configuration is the same: > > ------------------------------------------------------------------ > root@mail:~# grep ^[^#] /etc/default/saslauthd > START=yes > DESC="SASL Authentication Daemon" > NAME="saslauthd" > MECHANISMS="sasldb" > MECH_OPTIONS="" > THREADS=5 > OPTIONS="-c -m /var/run/saslauthd" > ------------------------------------------------------------------ > root@server2:~# grep ^[^#] /etc/default/saslauthd > START=yes > DESC="SASL Authentication Daemon" > NAME="saslauthd" > MECHANISMS="sasldb" > MECH_OPTIONS="" > THREADS=5 > OPTIONS="-c -m /var/run/saslauthd" > ------------------------------------------------------------------ > > "mail" has some updates to apply, but I do not see any differences in > the versions of the SASL packages: > > ------------------------------------------------------------------ > root@mail:~# aptitude show libsasl2-2 | grep Versión > Versión: 2.1.26.dfsg1-13+deb8u1 > > root@mail:~# aptitude show libsasl2-modules | grep Versión > Versión: 2.1.26.dfsg1-13+deb8u1 > > root@mail:~# aptitude show sasl2-bin | grep Versión > Versión: 2.1.26.dfsg1-13+deb8u1 > ------------------------------------------------------------------ > > ------------------------------------------------------------------ > root@server2:~# aptitude show libsasl2-2 | grep Version > Version: 2.1.26.dfsg1-13+deb8u1 > > root@server2:~# aptitude show libsasl2-modules | grep Version > Version: 2.1.26.dfsg1-13+deb8u1 > > root@server2:~# aptitude show sasl2-bin | grep Version > Version: 2.1.26.dfsg1-13+deb8u1 > ------------------------------------------------------------------ > > In this case I'm not doing the authentication test against IMAP but > directly against SASL, so I guess the problem will be directly related > to the SASL configuration itself. > > In case it is useful, when the authentication fails I get this in > /var/log/auth.log: > > ------------------------------------------------------------------ > May 24 15:31:38 server2 saslauthd[2701]: do_auth : auth failure: > [user=daniel] [service=imap] [realm=] [mech=sasldb] [reason=Unknown] > ------------------------------------------------------------------ > > It seems that authentication is done through IMAP and I have previously > installed the Cyrus packages. > > > Any thoughts about what might differ between the two environments? Apparently, despite this difference, the SASL authentication via IMAP is working. /var/log/mail.log: ------------------------------------------------------------------ May 24 19:38:51 server2 cyrus/imaps[3711]: starttls: TLSv1.2 with cipher ECDHE-RSA-AES128-SHA (128/128 bits new) no authentication May 24 19:38:51 server2 cyrus/imaps[3711]: login: host.domain.tld.net [x.y.z.t] daniel CRAM-MD5+TLS User logged in SESSIONID=<cyrus-3711-1495665531-1> May 24 19:38:51 server2 cyrus/imaps[3711]: created decompress buffer of 4102 bytes May 24 19:38:51 server2 cyrus/imaps[3711]: created compress buffer of 4102 bytes May 24 19:38:51 server2 cyrus/imaps[3711]: client id: "name" "Thunderbird" "version" "45.8.0" May 24 19:38:53 server2 cyrus/master[3800]: about to exec /usr/lib/cyrus/bin/imapd May 24 19:38:53 server2 cyrus/imaps[3800]: executed May 24 19:38:53 server2 cyrus/imaps[3800]: accepted connection May 24 19:38:53 server2 cyrus/imaps[3800]: imapd:Loading hard-coded DH parameters May 24 19:38:53 server2 cyrus/imaps[3800]: SSL_accept() incomplete -> wait May 24 19:38:54 server2 cyrus/imaps[3800]: SSL_accept() succeeded -> done ------------------------------------------------------------------ But SMTP authentication for sending mail is not working. /var/log/auth.log: ------------------------------------------------------------------ May 24 20:12:38 server2 saslauthd[3685]: do_auth : auth failure: [user=daniel] [service=smtp] [realm=] [mech=sasldb] [reason=Unknown] May 24 20:12:38 server2 saslauthd[3683]: do_auth : auth failure: [user=daniel] [service=smtp] [realm=] [mech=sasldb] [reason=Unknown] May 24 20:12:56 server2 saslauthd[3684]: do_auth : auth failure: [user=daniel] [service=smtp] [realm=] [mech=sasldb] [reason=Unknown] May 24 20:12:56 server2 saslauthd[3682]: do_auth : auth failure: [user=daniel] [service=smtp] [realm=] [mech=sasldb] [reason=Unknown] ------------------------------------------------------------------ /var/log/mail.log: ------------------------------------------------------------------ May 24 20:12:37 server2 postfix/smtpd[4122]: Anonymous TLS connection established from unknown[x.y.z.t] TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) May 24 20:12:38 server2 postfix/smtpd[4122]: warning: SASL authentication failure: Password verification failed May 24 20:12:38 server2 postfix/smtpd[4122]: warning: unknown[x.y.z.t] SASL PLAIN authentication failed: authentication failure May 24 20:12:38 server2 postfix/smtpd[4122]: warning: unknown[x.y.z.t] SASL LOGIN authentication failed: authentication failure May 24 20:12:56 server2 postfix/smtpd[4122]: warning: SASL authentication failure: Password verification failed May 24 20:12:56 server2 postfix/smtpd[4122]: warning: unknown[x.y.z.t] SASL PLAIN authentication failed: authentication failure May 24 20:12:56 server postfix/smtpd[4122]: warning: unknown[x.y.z.t] SASL LOGIN authentication failed: authentication failure ------------------------------------------------------------------ I'll keep investigating. All comments are welcome. Thanks. Kind regards, Daniel
signature.asc
Description: OpenPGP digital signature