HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   SASL authentication failure (http://www.howtoforge.com/forums/showthread.php?t=49035)

donix 26th September 2010 14:57

SASL authentication failure
 
Hello,

I'm running a ISPConfig 3 server on xen debian lenny. Everything works perfect except sending emails remotely from eg. Thunderbird. I'm using the same login details as for imap. However authhentication fails.

Post of /var/log/mail.log:
Code:

Sep 26 14:42:02 xtra postfix/smtpd[7230]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 26 14:42:02 xtra postfix/smtpd[7230]: warning: SASL authentication failure: Password verification failed
Sep 26 14:42:02 xtra postfix/smtpd[7230]: warning: xx.rev.stofanet.dk[xx]: SASL PLAIN authentication failed: generic failure
Sep 26 14:42:02 xtra postfix/smtpd[7230]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 26 14:42:02 xtra postfix/smtpd[7230]: warning: xx.rev.stofanet.dk[xx]: SASL LOGIN authentication failed: generic failure

I think the problem is similar to http://www.howtoforge.com/forums/showthread.php?t=8242 but the softlink solution mentioned doesn't do any difference.

donix 26th September 2010 15:09

Output of "ps aux|grep sasl":
Code:

root      7096  0.0  0.1  53036  896 ?        Ss  14:35  0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root      7097  0.0  0.1  53036  628 ?        S    14:35  0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root      7099  0.0  0.0  53036  512 ?        S    14:35  0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root      7100  0.0  0.0  53036  512 ?        S    14:35  0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root      7101  0.0  0.0  53036  512 ?        S    14:35  0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root      7440  0.0  0.1  5600  712 pts/0    S+  14:58  0:00 grep sasl

Output of "cat /etc/default/saslauthd":
Code:

#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"

# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam      -- use PAM
# rimap    -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

Content of "/etc/init.d/saslauthd":
Code:

#! /bin/sh
### BEGIN INIT INFO
# Provides:          saslauthd
# Required-Start:    $local_fs $remote_fs
# Required-Stop:    $local_fs $remote_fs
# Default-Start:    2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: saslauthd startup script
# Description:      This script starts the saslauthd daemon. It is
#                    configured using the file /etc/default/saslauthd.
### END INIT INFO

# Author: Fabian Fagerholm <fabbe@debian.org>

# Do NOT "set -e"

# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin

# Global variables
DAEMON=/usr/sbin/saslauthd
DEFAULT_FILES=`find /etc/default -regex '/etc/default/saslauthd[_a-zA-Z0-9\-]*$' -print | sort`

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions

# Function that starts all saslauthd instances
# Parameters: none
# Return value: none
do_startall()
{
    for instance in $DEFAULT_FILES
    do
        start_instance $instance
    done
}

# Function that stops all saslauthd instances
# Parameters: none
# Return value: none
do_stopall()
{
    for instance in $DEFAULT_FILES
    do
        stop_instance $instance
    done
}

# Function that sends a SIGHUP to all saslauthd instances
# Parameters: none
# Return value: none
do_reloadall()
{
    for instance in $DEFAULT_FILES
    do
        reload_instance $instance
    done
}

# Function that starts a single saslauthd instance
# Parameters:
#    $1 = path of default file for this instance
# Return value:
#    0 on success (does not mean the instance started)
#    1 on failure
start_instance()
{
    # Load defaults file for this instance.
    . $1

    # If the daemon is not enabled, give the user a warning and stop.
    if [ "$START" != "yes" ]; then
        log_warning_msg "To enable $NAME, edit $1 and set START=yes"
        return 0
    fi

    # If the short name of this instance is undefined, warn the user
    # but choose a default name.
    if [ -z "$NAME" ]; then
        log_warning_msg "Short name (NAME) undefined in $1, using default"
        NAME=default
    fi

    log_daemon_msg "Starting $DESC" "$NAME"

    # Determine run directory and pid file location by looking
    # for an -m option.
    RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
    if [ -z "$RUN_DIR" ]; then
        # No run directory defined in defaults file, fail.
        log_failure_msg "No run directory defined for $NAME, not starting"
        return 1
    fi
    PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"

    # If no mechanisms are defined, fail.
    if [ -z "$MECHANISMS" ]; then
        log_failure_msg "No mechanisms defined in $1, not starting $NAME"
        return 1
    fi

    # If there are mechanism options defined, prepare them for use with
    # the -O flag.
    if [ -n "$MECH_OPTIONS" ]; then
        MECH_OPTIONS="-O $MECH_OPTIONS"
    fi

    # If there is a threads option defined, prepare it for use with
    # the -n flag.
    if [ -n "$THREADS" ]; then
        THREAD_OPTIONS="-n $THREADS"
    fi

    # Construct argument string.
    DAEMON_ARGS="-a $MECHANISMS $MECH_OPTIONS $OPTIONS $THREAD_OPTIONS"

    # If there is a statoverride for the run directory, then pull
    # permission and ownership information from it and create the directory.
    # Otherwise, we create the directory with default permissions and
    # ownership (root:sasl, 710).
    if dpkg-statoverride --list $RUN_DIR > /dev/null; then
        createdir `dpkg-statoverride --list $RUN_DIR`
    else
        createdir root sasl 710 $RUN_DIR
    fi

    # Start the daemon, phase 1: see if it is already running.
    start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
        --exec $DAEMON --test > /dev/null
    if [ "$?" != 0 ]; then
        log_progress_msg "(already running)"
        log_end_msg 0
        return 0
    fi

    # Start the daemon, phase 2: it was not running, so actually start it now.
    start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
        --exec $DAEMON -- $DAEMON_ARGS
    if [ "$?" -ne 0 ]; then
        log_end_msg 1
        return 1
    fi

    # Started successfully.
    log_end_msg 0
    return 0
}

# Function that stops a single saslauthd instance
# Parameters:
#    $1 = path of default file for this instance
# Return value:
#    0 on success (daemon was stopped)
#    1 if the daemon was already stopped
#    2 if the daemon could not be stopped
stop_instance()
{
    # Load defaults file for this instance.
    . $1

    # If the short name of this instance is undefined, warn the user
    # but choose a default name.
    if [ -z "$NAME" ]; then
        log_warning_msg "Short name (NAME) undefined in $1, using default"
        NAME=default
    fi

    # Determine run directory and pid file location by looking
    # for an -m option.
    RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
    if [ -z "$RUN_DIR" ]; then
        # No run directory defined in defaults file, fail.
        log_failure_msg "No run directory defined for $NAME, cannot stop"
        return 2
    fi
    PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"

    log_daemon_msg "Stopping $DESC" "$NAME"

    start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
        --pidfile $PIDFILE --exec $DAEMON

    if [ "$?" -eq 2 ]; then
        # Failed to stop.
        log_end_msg 1
        return 2
    fi

    if [ "$?" -eq 1 ]; then
        # Already stopped.
        log_progress_msg "(not running)"
    fi

    # Many daemons don't delete their pidfiles when they exit.
    rm -f $PIDFILE

    # Stopped successfully.
    log_end_msg 0
    return $RETVAL
}

# Function that sends a SIGHUP to a single saslauthd instance
# Parameters:
#    $1 = path of default file for this instance
# Return value:
#    0 on success (does not mean the daemon was reloaded)
#    other values on failure
reload_instance()
{
    # Load defaults file for this instance.
    . $1

    # If the short name of this instance is undefined, warn the user
    # but choose a default name.
    if [ -z "$NAME" ]; then
        log_warning_msg "Short name (NAME) undefined in $1, using default"
        NAME=default
    fi

    # Determine run directory and pid file location by looking
    # for an -m option.
    RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
    if [ -z "$RUN_DIR" ]; then
        # No run directory defined in defaults file, fail.
        log_failure_msg "No run directory defined for $NAME, cannot reload"
        return 2
    fi
    PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"

    log_daemon_msg "Reloading $DESC" "$NAME"

    # Reload the daemon. First, see if it is already running.
    start-stop-daemon --start --quiet --pidfile $PIDFILE \
        --exec $DAEMON --test > /dev/null

    if [ "$?" -eq 0 ]; then
        # Not running, signal this and stop.
        log_progress_msg "(not running)"
        log_end_msg 0
        return 0
    fi

    start-stop-daemon --stop --signal 1 \
        --pidfile $PIDFILE --exec $DAEMON
    log_end_msg $?
}

# Function that creates a directory with the specified
# ownership and permissions
# Parameters:
#    $1 = user
#    $2 = group
#    $3 = permissions (octal)
#    $4 = path to directory
# Return value: none
createdir()
{
    # In the future, use -P/-Z to have SE Linux enhancement
    install -d --group="$2" --mode="$3" --owner="$1" "$4"
}

# Action switch
case "$1" in
    start)
        do_startall
        ;;
    stop)
        do_stopall
        ;;
    reload|force-reload)
        do_reloadall
        ;;
    restart)
        do_stopall
        do_startall
        ;;
    start-instance)
        if [ -f /etc/default/$2 ]; then
            start_instance /etc/default/$2
        else
            log_failure_msg "Instance $2 does not exist."
        fi
        ;;
    stop-instance)
        if [ -f /etc/default/$2 ]; then
            stop_instance /etc/default/$2
        else
            log_failure_msg "Instance $2 does not exist."
        fi
        ;;
    reload-instance|force-reload-instance)
        if [ -f /etc/default/$2 ]; then
            reload_instance /etc/default/$2
        else
            log_failure_msg "Instance $2 does not exist."
        fi
        ;;
    restart-instance)
        if [ -f /etc/default/$2 ]; then
            stop_instance /etc/default/$2
            start_instance /etc/default/$2
        else
            log_failure_msg "Instance $2 does not exist."
        fi
        ;;
    *)
        SCRIPTNAME=$0
        echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
        echo "      or {start-instance|stop-instance|restart-instance|" >&2
        echo "          reload-instance|force-reload-instance} " \
            "<instance name>" >&2
        exit 3
        ;;
esac

:

Output of "ls -la /var/spool/postfix/var/run":
Code:

total 12
drwxr-xr-x 3 root root 4096 2010-09-17 18:46 .
drwxr-xr-x 3 root root 4096 2010-09-17 18:46 ..
drwx--x--- 2 root sasl 4096 2010-09-26 14:35 saslauthd

Output of "/etc/init.d/saslauthd start":
Code:

Starting SASL Authentication Daemon: saslauthd (already running)

till 26th September 2010 15:17

Which tutorial did you use to install the server?

donix 26th September 2010 15:34

This one: http://www.howtoforge.com/perfect-se...nny-ispconfig3

till 26th September 2010 16:08

Please change the options line in /etc/default/saslauthd to:

OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r"

then restart saslauth.

donix 26th September 2010 16:19

Still the same :confused:

falko 27th September 2010 13:26

Please reboot the server.

donix 27th September 2010 16:25

Thanks for your reply falko. Unfortunately after rebooting it still doesn't work and I'm getting the same errormessages in mail.log

donix 27th September 2010 16:30

I forgot to tell my ISP blocks port 25 and therefore I added:

Code:

587      inet  n      -      n      -      -      smtpd
to /etc/postfix/master.cf. Does that make a difference to saslauth?

falko 28th September 2010 13:18

Do you still get the same errors?

Can you post your main.cf and your master.cf?


All times are GMT +2. The time now is 18:22.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.