Postfix Dovecot Ldap: SASL authentication failure

Linux-haladó

Sziasztok!
Alábbi problémám akadt, egy tesztszerveren:
warning: SASL authentication failure: Password verification failed
warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
SASL LOGIN authentication failed: generic failure

conf file-k:

main.cf:
smtpd_banner = $myhostname
biff = no
append_dot_mydomain = no
readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = athene.mydomain.hu
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = athene.mydomain.hu, localhost.mydomain.hu, localhost
#relayhost = 10.24.24.250

#transport_maps = hash:/etc/postfix/transport

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_maps = ldap:/etc/postfix/people.ldap
relay_transport = ldap:/etc/postfix/people.ldap
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
smtpd_sasl_authenticated_header = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = no
#smtpd_relay_restrictions = permit_mynetworks

#smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
#smtpd_sender_restrictions =

smtpd_client_restrictions=
permit_mynetworks,
permit

smtpd_recipient_restrictions=
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_auth_destination,
reject_unauth_destination,
reject

smtpd_sender_restrictions=
reject_unknown_sender_domain,
reject_unlisted_sender,
reject_authenticated_sender_login_mismatch,
permit

mailbox_command =
smtp_use_tls = yes
smtpd_tls_received_header = no
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_auth_only = no
tls_random_source = dev:/dev/urandom

dovecot_destination_recipient_limit = 1
virtual_mailbox_domains = test.mydomain.hu, mydomain.hu, athene.mydomain.hu
virtual_transport = dovecot
mhgit@athene:~$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 athene.mydomain.hu
ehlo localhost
250-athene.mydomain.hu
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 athene.mydomain.hu
ehlo localhost
250-athene.mydomain.hu
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Dovecot

/etc/dovecot/dovecot.conf
disable_plaintext_auth = yes
log_path = /var/log/dovecot.message
log_timestamp = "%Y-%m-%d %H:%M:%S "
#auth_debug=yes
#mail_debug=yes
mail_location = maildir:/var/mail/%u
first_valid_uid = 33
mail_privileged_group = mail
ssl = required
ssl_cert =
ssl_key =
ssl_ca =
passdb {
driver = passwd-file
args = /etc/dovecot/master-users
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
passdb {
driver = static
args = nopassword=y allow_nets=127.0.0.1/32
}
passdb {
driver = pam
}
protocols = imap pop3 sieve
service auth {
unix_listener auth-master {
group = vmail
mode = 0600
user = vmail
}
unix_listener auth-userdb {
user = vmail
}
user = root
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
userdb {
driver = passwd
}
protocol lda {
hostname = athene.mydomain.hu
log_path =
mail_plugins = sieve quota
postmaster_address = postmaster@mydomain.hu
}
protocol imap {
mail_plugins = quota imap_quota imap_acl acl
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
}
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
service_count = 1
}
plugin {
sieve = /var/mail/sieve/%n.sieve
sieve_dir = /var/mail/sieve/%n/
quota = maildir
quota_rule2 = Trash:storage=+100M
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
quota_warning3 = -storage=80%% quota-warning below %u
acl_shared_dict = file:/var/mail/shared-mailboxes.db
acl = vfile
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
user = vmail
unix_listener quota-warning {
user = vmail
}
}
namespace {
type = private
separator = /
prefix =
inbox = yes
}
namespace {
type = shared
separator = /
prefix = shared/%%u/
location = maildir:/var/mail/%%u:INDEX=/var/mail/%u/shared/%%u
list = children
}
/etc/default/saslauthd
#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"

# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"

# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="ldap"
MECHANISMS="ldap"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS="/etc/saslauthd.conf"

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

OPTIONS="-c -m /var/run/saslauthd"
#OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

/etc/saslauthd.conf
ldap_servers: ldap://127.0.0.1/
ldap_search_base: cn=users,dc=mydomain,dc=hu
ldap_bind_dn: cn=administrator,cn=users,dc=mydomain,dc=hu
ldap_bind_pw: azénjelszavam
ldap_filter: (mailNickname=%u)

smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login

/var/spool/postfix/var/run# ls -la
total 8
drwxr-xr-x 2 root sasl 4096 Oct 16 16:51 .
drwxr-xr-x 3 root sasl 4096 Oct 16 16:49 ..
lrwxrwxrwx 1 root sasl 22 Oct 16 16:51 saslauthd -> /etc/default/saslauthd

Segítséget előre is köszönöm!

( kallaics | 2014. 10. 16., cs – 17:45 )

warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
SASL LOGIN authentication failed: generic failure

Fut a szolgáltatás? Telepítve van egyáltalán? Én ezeket nézném meg elsőre.

2500 ? Ss 0:00 /usr/sbin/saslauthd -a ldap -O /etc/saslauthd.conf -c -m /var/run/saslauthd -n 5
2501 ? S 0:00 /usr/sbin/saslauthd -a ldap -O /etc/saslauthd.conf -c -m /var/run/saslauthd -n 5
2502 ? S 0:00 /usr/sbin/saslauthd -a ldap -O /etc/saslauthd.conf -c -m /var/run/saslauthd -n 5
2504 ? S 0:00 /usr/sbin/saslauthd -a ldap -O /etc/saslauthd.conf -c -m /var/run/saslauthd -n 5
2505 ? S 0:00 /usr/sbin/saslauthd -a ldap -O /etc/saslauthd.conf -c -m /var/run/saslauthd -n 5
3736 ? S 0:00 smtpd -n submission -t inet -u -c -o stress= -s 2 -o smtpd_sasl_auth_enable=yes
3755 pts/0 S+ 0:00 grep --color=auto sasl

( Mik v | 2014. 10. 16., cs – 19:23 )

Postfix:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

Dovecot: 


service auth {
  unix_listener auth-userdb {
    #mode = 0666
    #user =
    #group =
  }

  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }
}

service auth-worker {
       user = $default_internal_user
       unix_listener auth-worker {
            group = postfix
            mode = 0666
       }
}

( Stryker | 2014. 11. 03., h – 15:55 )

Sziasztok!
Elnézést az eltűnésért, történt egy kis baleset.
Elvileg megcsináltam, működik ezekkel a módosításokkal:
postfix main.cf:
https://drive.google.com/file/d/0BwtJODwM48BkZnVGOHhHdHJiMDA/view
master.cf:
https://drive.google.com/file/d/0BwtJODwM48Bkc3RtaktZMGE1bUE/view?usp=s…
dovecot:
https://drive.google.com/file/d/0BwtJODwM48Bkc0NLeGEwSGNSZXc/view?usp=s…

Levélküldés jön/megy
de kapok egy hibaüzenetet:
dovecot: lda: Error: user root: Invalid settings in userdb: userdb returned 0 as uid
dovecot: lda: Fatal: Invalid user settings. Refer to server log for more information.

lda(felhasznalo): Fatal: setresgid(1000(felhasznalo),1000(felhasznalo),8(mail)) failed with euid=5000(vmail): Operation not permitted

guglizni próbáltál már rá?
http://dovecot.org/pipermail/dovecot/2011-September/078467.html

Szal nincs root nevű email user-ed, de - gondolom a rendszertől - érkezne rá valami email. Célszerű egy alias-t tenni valami tényleg létező email user-re.

Az utolsó hibaüzenet meg valami elcseszett jogosultságra emlékeztet engem, de ezt hadd ne túrjam már ki helyetted a netről. Szedd ki a szemetet a logsorból és dobd be gugliba.