Hey All!

I ran through the Virtual Users/Postfix howto a while back and had everything working except the outgoing smtp stuff since I just use my ISPs server. However I'd like to start using mine. Problem is SASL won't auth my user. I've read around at some of the problems and checked everything I can think of.

saslauthd is running and its pid file is correct.

My error is this:

Nov 18 09:47:47 bertram postfix/smtpd[8847]: warning: SASL authentication failure: Password verification failed
Nov 18 09:47:47 bertram postfix/smtpd[8847]: warning: unknown[XXX.XXX.XXX.XXX]: SASL PLAIN authentication failed: authentication failure
Nov 18 09:47:48 bertram postfix/smtpd[8847]: warning: unknown[XXX.XXX.XXX.XXX]: SASL LOGIN authentication failed: authentication failure
Nov 18 09:48:09 bertram postfix/smtpd[8847]: lost connection after AUTH from unknown[XXX.XXX.XXX.XXX]
Nov 18 09:48:09 bertram postfix/smtpd[8847]: disconnect from unknown[XXX.XXX.XXX.XXX]


If I run:
testsaslauthd -u user@domain.com -p xxxxxx
connect() : Connection refused

I'm at a loss as to why it doesn't work. Any ideas?

PS Gutsy Gibbon and likely used the Edgy howto since it was the only one there at the time.

What's in /etc/default/saslauthd? Make it look like the one here: http://www.howtoforge.com/virtual_users_and_domains_with_postfix_debian_etch _p3

hey Falko!

I checked again and it does already look identical. I have been playing with the OPTIONS or PARAMS lines as they seem to be a bit different in some of the howto's but it so far hasn't fixed the problem. Each change brings a different error message though....

Right now I believe all my files are as you have described in your howto.

I'm wondering if I need to upgrade my Gutsy or something. Maybe one of my packages is busted....

ls -la /var/spool/postfix/var/run/saslauthd
total 940
drwxr-xr-x 2 root root 4096 Nov 18 15:58 .
drwxr-xr-x 3 root root 4096 Oct 6 12:06 ..
-rw------- 1 root root 0 Nov 18 09:46 cache.flock
-rw------- 1 root root 945152 Nov 18 09:46 cache.mmap
-rw------- 1 root root 5 Nov 18 09:46 saslauthd.pid

saslauthd

#
# Settings for saslauthd daemon

START=yes

MECHANISMS="pam"

MECH_OPTIONS=""

THREADS=5

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
#PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"

#PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"


/etc/pam.d/smtp

auth required pam_mysql.so user=mail_admin passwd=xxxxxxx host=localhost db=mail table=users usercolumn=email passwdcolumn=password crypt=1

account sufficient pam_mysql.so user=mail_admin passwd=xxxxxxx host=localhost db=mail table=users usercolumn=email passwdcolumn=password crypt=1


cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: localhost
sql_user: mail_admin
sql_passwd: xxxxxx
sql_database: mail
sql_select: select password from users where email = '%u'

I believe that is all the relevant files associated with my issue. Any help would be appreciated. BTW an upgrade didn't help as all the sasl packages were up to date already.

Does it work if you do:
chmod 777 /var/spool/postfix/var/run/saslauthd

hey falko!

Tried that...same results...however I think it may have something to do with the sock file not being found. I haven't had a lot of time to look into this (terribly sick, and a newborn keep things busy as it is).

My hunch is that the sock file is being created somewhere else that sasl can't find. I saw it in another howto that the sock location was being defined.

Any pointers on where that is and how its set is very much appreciated as it would save me some time!

Thanks for the help so far!

Take a look at /etc/init.d/saslauthd. It's possible that it contains some code that changes the permissions of /var/spool/postfix/var/run/saslauthd back. If you find such code, comment it out and restart saslauthd.

I noticed you posted a new HOWTO for Gutsy. Was there much different between it and the Edgy/Feisty implementations?

BTW the saslauthd script doesn't seem to modify perms on the folder:

total 940
drwxrwxrwx 2 root root 4096 Nov 20 19:30 .
drwxr-xr-x 3 root root 4096 Oct 6 12:06 ..
-rw------- 1 root root 0 Nov 20 19:30 cache.flock
-rw------- 1 root root 945152 Nov 20 19:30 cache.mmap
srwxrwxrwx 1 root root 0 Nov 20 19:30 mux
-rw------- 1 root root 0 Nov 20 19:30 mux.accept
-rw------- 1 root root 5 Nov 20 19:30 saslauthd.pid

Not sure if this helps any but I ran saslauthd manually on the command line with the same params you'd find in /etc/default/saslauthd and enabled debugging:

/usr/sbin/saslauthd -c -m /var/spool/postfix/var/run/saslauthd -a pam -r -d

saslauthd[25751] :main : num_procs : 5
saslauthd[25751] :main : mech_option: NULL
saslauthd[25751] :main : run_path : /var/spool/postfix/var/run/saslauthd
saslauthd[25751] :main : auth_mech : pam
saslauthd[25751] :cache_alloc_mm : mmaped shared memory segment on file: /var/spool/postfix/var/run/saslauthd/cache.mmap
saslauthd[25751] :cache_init : bucket size: 92 bytes
saslauthd[25751] :cache_init : stats size : 36 bytes
saslauthd[25751] :cache_init : timeout : 28800 seconds
saslauthd[25751] :cache_init : cache table: 944764 total bytes
saslauthd[25751] :cache_init : cache table: 1711 slots
saslauthd[25751] :cache_init : cache table: 10266 buckets
saslauthd[25751] :cache_init_lock : flock file opened at /var/spool/postfix/var/run/saslauthd/cache.flock
saslauthd[25751] :ipc_init : using accept lock file: /var/spool/postfix/var/run/saslauthd/mux.accept
saslauthd[25751] :detach_tty : master pid is: 0
saslauthd[25751] :ipc_init : listening on socket: /var/spool/postfix/var/run/saslauthd/mux
saslauthd[25751] :main : using process model
saslauthd[25752] :get_accept_lock : acquired accept lock
saslauthd[25751] :have_baby : forked child: 25752
saslauthd[25751] :have_baby : forked child: 25753
saslauthd[25751] :have_baby : forked child: 25754
saslauthd[25751] :have_baby : forked child: 25755


Socket is in the mux file?

Anyways when I run testsaslauthd I need to specify the following for it to work:

testsaslauthd -s smtp -u user -p pass -f /var/spool/postfix/var/run/saslauthd/mux

So I re-ran saslauthd from the init script as opposed to manually and ran testsaslauthd again. As long as I specify the -f flag it will work. When I stop it gives me a connection refused....Something in the config is not pointing to the right mux file....

Ok...I think I have this one figured out...now I just need to figure out how to fix it. It seems that pam is trying to connect to my mysqldb on /var/run/mysqld/mysqld.sock, however I use xampp so it isn't there. I modified my /etc/mysql/my.cnf file to point to the correct socket location but it seems pamd doesn't abide. Any ideas how to force pamd/saslauthd to look at the right location?

I've confirmed the above by creating a symlink to the mysql.sock file created by xampp...Everything works fine once I do that. However that link will die if I restart the server I believe.

So any help in how to point pam.d config to the right socket would be very helpful!

Got it all figured out. In case anyone is interested all you need to do is change:

auth required pam_mysql.so user=mail_admin passwd=xxxxxx host=localhost db=mail table=users usercolumn=email passwdcolumn=password crypt=1 verbose=1

account sufficient pam_mysql.so user=mail_admin passwd=xxxxxxx host=localhost db=mail table=users usercolumn=email passwdcolumn=password crypt=1 verbose=1

to

auth required pam_mysql.so user=mail_admin passwd=xxxxxxx host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1 verbose=1

account sufficient pam_mysql.so user=mail_admin passwd=xxxxxxx host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1 verbose=1

Note the host= entry.