Hi Suomi ( thanks for the response ) I have the following packages installed on my RHEL 7.8
cyrus-sasl-2.1.26-23.el7.x86_64 cyrus-sasl-devel-2.1.26-23.el7.x86_64 cyrus-sasl-ldap-2.1.26-23.el7.x86_64 cyrus-sasl-lib-2.1.26-23.el7.x86_64 cyrus-sasl-md5-2.1.26-23.el7.x86_64 cyrus-sasl-ntlm-2.1.26-23.el7.x86_64 cyrus-sasl-plain-2.1.26-23.el7.x86_64 ********************************************************************************************************* The previous error message is nolonger seen after adding the right smtpd_sasl_path in main.cf ( smtpd_sasl_path = /run/saslauthd/mux ) " warning: > xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms " ( now gone ) But I have these two errors under /var/log/auth.log postfix/smtpd[40773]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb postfix/smtpd[40773]: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb *********************************************************************************************************** My sasl configuration under main.cf : smtpd_sasl_auth_enable = yes smtpd_sasl_type = cyrus smtpd_sasl_path = /run/saslauthd/mux smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous **************************************************************************************** Testsaslauthd is a pass : # testsaslauthd -u "xxxxx" -p "xxxxx" -f /run/saslauthd/mux -s smtp 0: OK "Success." # testsaslauthd -u "xxxxx" -p "xxxx" 0: OK "Success." ******************************************************************************************* My saslauthd file is located at : /etc/saslauthd.conf ( is this the right location on RHEL system ) ldap_servers: ldaps://xxx.xxxx.xxxx:636 ldap_version: 3 ldap_auth_method: bind ldap_search_base: ou=people,ou=pg,o=World ldap_scope: sub ldap_bind_dn: uid=xxxxxx,ou=xx,ou=xx,o=xx ldap_bind_pw: xxxxxxxxxx ldap_filter: ShortName=%U auxprop_plugin: ldapdb ***************************************************************************************************** Have added postfix to saslauth group usermod -a -G saslauth postfix Non chrooted env : smtp inet n - n - 100 smtpd -vv *********************************************************************************************************** When I connect over TLS to the server on port 25 : openssl s_client -debug -starttls smtp -crlf -connect x.x.x.x:25 it advertises the AUTH Mechanisms available : 250-PIPELINING 250-SIZE 36700160 250-AUTH DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN AUTH LOGIN ( I try to login with same username and password that worked under testsaslauthd ) I get : 435 4.7.8 Error: authentication failed: authentication failure QUIT my maillogs read : postfix-in-1/smtpd[32885]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null) postfix-in-1/smtpd[32885]: name_mask: noanonymous postfix-in-1/smtpd[32885]: > 250-AUTH DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN postfix-in-1/smtpd[32885]: > 250-ENHANCEDSTATUSCODES postfix-in-1/smtpd[32885]: > 250-8BITMIME postfix-in-1/smtpd[32885]: > 250 DSN postfix-in-1/smtpd[32885]: AUTH LOGIN postfix-in-1/smtpd[32885]: xsasl_cyrus_server_first: sasl_method LOGIN postfix-in-1/smtpd[32885]: xsasl_cyrus_server_auth_response: uncoded server challenge: Username: postfix-in-1/smtpd[32885]: > 334 VXNlcm5hbWU6 postfix-in-1/smtpd[32885]: xsasl_cyrus_server_next: decoded response: xxxxx ? postfix-in-1/smtpd[32885]: xsasl_cyrus_server_auth_response: uncoded server challenge: Password: postfix-in-1/smtpd[32885]: xsasl_cyrus_server_next: decoded response: xxxx ? postfix-in-1/smtpd[32885]: warning: xxx SASL LOGIN authentication failed: authentication failure 435 4.7.8 Error: authentication failed: authentication failure Auth.logs : The auth.log read : postfix-in-1/smtpd[40773]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb postfix-in-1/smtpd[40773]: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb Regards, Vamsi B -----Original Message----- From: [email protected] <[email protected]> On Behalf Of postfix Sent: Friday, April 24, 2020 6:19 PM To: [email protected] Subject: Re: Trying to setup SASL auth to use a LDAP server on postfix and having issues . CAUTION: This email originated outside P&G. Please exercise caution when opening any links or attachments. On 24/04/2020 13.27, Bandaru, Vamsi wrote: > Hello List , > > I am sorry if this query doesn't belong here , but I am trying to > configure Cyrus SASL on Postfix to use our LDAP servers for > authentication , > > The moment I turn on SASL auth on main.cf , telnet to the system on > port > 25 starts to fail , I see the below errors in maillog : > > Apr 24 11:07:09 XXXXXXXX postfix/smtpd[19352]: > xsasl_cyrus_server_create: SASL service=smtp, realm=(null) > > Apr 24 11:07:09 xxxxxxxxxx postfix/smtpd[19352]: name_mask: > noanonymous > > Apr 24 11:07:09 xxxxxxxxxx postfix/smtpd[19352]: name_mask: > noplaintext > > Apr 24 11:07:09 xxxxxxxxxx postfix/smtpd[19352]: warning: > xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms > > Apr 24 11:07:09 xxxxxxxxxx postfix/smtpd[19352]: fatal: no SASL > authentication mechanisms > > My smtpd.conf file : > > pwcheck_method: auxprop > > auxprop_plugin: ldapdb > > mech_list: PLAIN LOGIN > > ldapdb_uri: ldaps://xxxxxxxxxxx:636 > > ldapdb_id: uid=xxxxx,ou=people,ou=xxx,o=World > > ldapdb_pw: xxxxxxxxxx > > #ldapdb_mech: DIGEST-MD5 > > Just wondering if someone can share their input on this . > > Best regards, > Have you installed about all of the following packages (Centos 8.1) according to needs of course: cyrus-sasl-2.1.27-1.el8.x86_64 cyrus-sasl-devel-2.1.27-1.el8.x86_64 cyrus-sasl-plain-2.1.27-1.el8.x86_64 cyrus-sasl-ldap-2.1.27-1.el8.x86_64 cyrus-sasl-gssapi-2.1.27-1.el8.x86_64 cyrus-sasl-md5-2.1.27-1.el8.x86_64 cyrus-sasl-lib-2.1.27-1.el8.x86_64 suomi
