Hello,
I want to set up a Postfix SMTP server with cyrus-sasl in GSSAPI mode. I have two Samba4 servers in AD mode, and my clients are in windows 10. I removed the execution of Posfix in chroot to simplify. I added two keytab in /etc/krb5.keytab smtp/smtptest.domain.fr and host/smtptest.domain.fr Currently I can authenticate with windows credentials from a windows client under Thunderbird with the "normal password" settings. But if I try to switch from LOGIN to GSSAPI ( in /etc/postfix/sasl/smtpd.conf ) it doesn't work, here is the message in Thunderbird ( Sending of the message failed. The Kerberos/GSSAPI ticket was not accepted by the Outgoing server (SMTP). Please check that you are logged in to the Kerberos/GSSAPI realm.) Here are some settings : klist -k -t /etc/krb5.keytab Keytab name: FILE:/etc/krb5.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 2 16/09/2021 16:00:44 host/[email protected] 2 16/09/2021 16:28:14 smtp/[email protected] 2 20/09/2021 09:19:41 smtpd/[email protected] /etc/default/saslauthd : START=yes DESC="SASL Auth. Daemon" NAME="saslauthd" MECHANISMS="kerberos5" MECH_OPTIONS="" THREADS=1 OPTIONS="-c -m /var/run/saslauthd" root@smtptest:~# saslfinger -s saslfinger - postfix Cyrus sasl configuration lun. 20 sept. 2021 09:53:49 CEST version: 1.0.4 mode: server-side SMTP AUTH -- basics -- Postfix: 3.5.6 System: Debian GNU/Linux 11 \n \l -- smtpd is linked to -- libsasl2.so.2 => /lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007f87cfe08000) -- active SMTP AUTH and TLS parameters for smtpd -- broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_security_level = may -- listing of /usr/lib/sasl2 -- total 16 drwxr-xr-x 2 root root 4096 14 sept. 14:31 . drwxr-xr-x 54 root root 4096 3 sept. 09:46 .. -rw-r--r-- 1 root root 4 14 sept. 14:31 berkeley_db.active -rw-r--r-- 1 root root 4 7 févr. 2021 berkeley_db.txt -- listing of /etc/postfix/sasl -- total 12 drwxr-xr-x 2 root root 4096 20 sept. 09:24 . drwxr-xr-x 5 root root 4096 17 sept. 16:43 .. -rw-r--r-- 1 root root 160 20 sept. 09:24 smtpd.conf -- content of /etc/postfix/sasl/smtpd.conf -- pwcheck_method: saslauthd mech_list: GSSAPI keytab: /etc/krb5.keytab log_level: 7 -- active services in /etc/postfix/master.cf -- # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) submission inet n - n - - smtpd -v -o syslog_name=postfix/submission -o smtpd_sasl_auth_enable=yes pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - y - - smtp -o syslog_name=postfix/$service_name showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache postlog unix-dgram n - n - 1 postlogd maildrop unix - n n - - pipe flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} -- mechanisms on localhost -- -- end of saslfinger output -- If anyone can help me.... Thanks in advance. Samuel ------------------------------------------ Cyrus: SASL Permalink: https://cyrus.topicbox.com/groups/sasl/T1e24816c0d686c81-M8fd7588d0601679347f1851d Delivery options: https://cyrus.topicbox.com/groups/sasl/subscription
