HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   saslauthd problem ... (http://www.howtoforge.com/forums/showthread.php?t=861)

tmwtp 15th October 2005 13:19

saslauthd problem ...
 
First I want to thank you for the detaild “HOWTO’S” that helpd me get my Debian server up and running
Cleanly.
After finishing configuring the base system (The Perfect Setup - Debian Sarge (3.1) ) I went on to the next step of
Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV) .

Followed the steps in configuring all the parts of the system but still has a problem with a main part of the system – saslauthd wont start
( maybe permissions problem – read all I could find on the new but still nothing makes it work .

If I run the cmd –

mail:~# saslauthd check -a pam
saslauthd[7888] :detach_tty : Cannot start saslauthd
saslauthd[7888] :detach_tty : could not read from startup_pipe

this is the relavent part of the auth.log as seen when I run the saslauthd check –a pam :::

Oct 15 12:33:50 mail saslauthd[7893]: detach_tty : could not lock pid file /var/run/saslauthd/saslauthd.pid: Resource temporarily unavailable
Oct 15 12:33:50 mail saslauthd[7892]: detach_tty : Cannot start saslauthd
Oct 15 12:33:50 mail saslauthd[7892]: detach_tty : could not read from startup_pipe

This is the auth log output as seen when I make a /etc/init.d/saslauthd stop / start :::

Oct 15 12:37:49 mail saslauthd[7086]: server_exit : master exited: 7086
Oct 15 12:38:12 mail saslauthd[7933]: detach_tty : master pid is: 7933
Oct 15 12:38:12 mail saslauthd[7933]: ipc_init : listening on socket: /var/spool/postfix/var/run/saslauthd/mux

Socket permissions :

mail:~# ls -l /var/spool/postfix/var/run/saslauthd/mux
srwxrwxrwx 1 root root 0 Oct 15 12:38 /var/spool/postfix/var/run/saslauthd/mux

mail:~# ls -l /var/spool/postfix/var/run/saslauthd/
total 4
srwxrwxrwx 1 root root 0 Oct 15 12:38 mux
-rw------- 1 root root 0 Oct 15 12:38 mux.accept
-rw------- 1 root root 5 Oct 15 12:38 saslauthd.pid


config files :

smtpd.conf :


pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
saslauthd_path:/var/spool/postfix/var/run/saslauthd/saslauthd.pid



saslauthd : /etc/default/saslauthd


# This needs to be uncommented before saslauthd will be run automatically
START=yes

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

MECHANISMS="pam"

PARAMS="-m /var/spool/postfix/var/run/saslauthd"


Master.cf - /etc/postfix/master.cf :::


# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_etrn_restrictions=reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}

# only used by postfix-tls
#tlsmgr fifo - - n 300 1 tlsmgr
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes


amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8,192.168.0.0/24,192.168.10.0/24,192.168.20.0/24,192.168.33.0/24
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1

Smtp - /etc/pam.d/smtp

auth required pam_mysql.so user=mail_admin passwd=mypass host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1

auth required pam_mysql.so user=mail_admin passwd=mypass host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1

( mypass=mail_admin_password !!! )


I don’t really know which details can I give more and I really hope you can help me figure out what did I do wrong on
The way .


Best Regards,

TRoiy ( admin@musicinfo.org )

falko 15th October 2005 15:41

I found two slight differences between my howto nad the files you posted:

/etc/default/saslauthd should be exactly like this:
Code:

# This needs to be uncommented before saslauthd will be run automatically
START=yes

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

MECHANISMS="pam"
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"

And /etc/postfix/sasl/smtpd.conf must be like this:
Code:

pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true


themachine 15th October 2005 17:34

I am running Debian Sarge 3.1:

What are the perms on the /var/spool/postfix/var/run/saslauthd dir? For me, the group ownership is the sasl group, and i needed to add the postfix user to the sasl group.

Did you create the directories "/var/" "/var/run" "/var/spool/run/saslauthd"

Since the INIT scripts on my Debian box still look in "/var/run/saslauthd", I removed /var/run/saslauthd, and then created a symlink to /var/spool/postfix/var/run/saslauthd

# rm -rf /var/run/saslauthd
# ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd

(you could also change the init script, but I find this to be cleaner)

---

# cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login

---

# ls -l /var/spool/postfix/var/run/
total 4
drwx--x--- 2 root sasl 4096 Oct 10 23:31 saslauthd

---

# cat /etc/default/saslauthd

# This needs to be uncommented before saslauthd will be run automatically
START=yes

PARAMS="-m /var/spool/postfix/var/run/saslauthd"

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

MECHANISMS="pam"

tmwtp 15th October 2005 21:54

back with some more :)
 
heya again ... ok .. after changing those mistakes my files looks like this ...

mail:~# vi /etc/default/saslauthd
----------------------------------------------------------------------------------------------------------
# This needs to be uncommented before saslauthd will be run automatically
START=yes

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

MECHANISMS="pam"

PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
-----------------------------------------------------------------------------------------------------------


mail:~# vi /etc/postfix/sasl/smtpd.conf
---------------------------------------------------------------------------------------------------------
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
---------------------------------------------------------------------------------------------------------

main.cf :::

---------------------------------------------------------------------------------------------------------

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name musicinfo.org
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = mail.musicinfo.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8,192.168.0.0/24,192.168.10.0/24,192.168.20.0/24,192.168.33.0/24
mailbox_command =
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mai
lbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $
transport_maps $mynetworks $virtual_mailbox_limit_maps
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
disable_vrfy_command = yes
---------------------------------------------------------------------------------------------------------

but when try to make auth against server this is the outcome log :

mail:~# tail -n100 /var/log/mail.log

Oct 15 21:20:22 mail postfix/smtpd[3102]: connect from home.zehu.net[192.117.0.100]
Oct 15 21:20:23 mail postfix/smtpd[3102]: warning: home.zehu.net[192.117.0.100]: SASL LOGIN authentication failed
Oct 15 21:20:24 mail postfix/smtpd[3102]: lost connection after AUTH from home.zehu.net[192.117.0.100]
Oct 15 21:20:24 mail postfix/smtpd[3102]: disconnect from home.zehu.net[192.117.0.100]
Oct 15 21:20:25 mail courierpop3login: Connection, ip=[::ffff:192.117.0.100]
Oct 15 21:20:26 mail courierpop3login: LOGIN, user=ziv@musicinfo.org, ip=[::ffff:192.117.0.100]
Oct 15 21:20:27 mail courierpop3login: LOGOUT, user=ziv@musicinfo.org, ip=[::ffff:192.117.0.100], top=0, retr=0, time=1

mail:~# tail -n100 /var/log/auth.log

Oct 15 21:20:19 mail postfix/smtpd[3102]: sql_select option missing
Oct 15 21:20:19 mail postfix/smtpd[3102]: auxpropfunc error no mechanism available
Oct 15 21:20:19 mail postfix/smtpd[3102]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
Oct 15 21:20:23 mail saslauthd[2147]: (pam_unix) could not identify user (from getpwnam(ziv@musicinfo.org))
Oct 15 21:20:23 mail saslauthd[2147]: DEBUG: auth_pam: pam_acct_mgmt failed: User not known to the underlying authentication module
Oct 15 21:20:23 mail saslauthd[2147]: do_auth : auth failure: [user=ziv@musicinfo.org] [service=smtp] [realm=musicinfo.org] [mech=pam] [reason=PAM acct error]
Oct 15 21:22:37 mail saslauthd[2145]: server_exit : master exited: 2145
Oct 15 21:22:40 mail saslauthd[3123]: detach_tty : master pid is: 3123
Oct 15 21:22:40 mail saslauthd[3123]: ipc_init : listening on socket: /var/spool/postfix/var/run/saslauthd/mux

when checking up saslauthd with :

mail:~# saslauthd check -a pam
saslauthd[3152] :detach_tty : Cannot start saslauthd
saslauthd[3152] :detach_tty : could not read from startup_pipe

and this in auth.log :

Oct 15 21:30:35 mail saslauthd[3153]: detach_tty : could not lock pid file /var/run/saslauthd/saslauthd.pid: Resource temporarily unavailable
Oct 15 21:30:35 mail saslauthd[3152]: detach_tty : Cannot start saslauthd
Oct 15 21:30:35 mail saslauthd[3152]: detach_tty : could not read from startup_pipe

am i so far from the "truth" :P ?

Regards ,

Roiy - TmWtp

themachine 15th October 2005 22:27

you may need to add 'permit' to your 'smtp_recipient_restrictions' line... this is what mine has.

smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
permit


Also, is "ziv" the actual user on your box? If you login with that user, is the username exactly "ziv"?

I have to leave now... but I'll get back on here later on. In the mean time... search google.com for "DEBUG: auth_pam: pam_acct_mgmt failed: User not known to the underlying authentication module" ... that came up with alot so it might lead you somewhere.

tmwtp 15th October 2005 22:57

this is the state :::
 
hola again ...

i did change the original line and added permit at the end :

smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject _unauth_destination,permit

.... was'nt there before ... ( only permit ) .

still get :::

Oct 15 22:50:50 mail postfix/smtpd[3652]: sql_select option missing
Oct 15 22:50:50 mail postfix/smtpd[3652]: auxpropfunc error no mechanism available
Oct 15 22:50:50 mail postfix/smtpd[3652]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
Oct 15 22:50:53 mail saslauthd[3539]: (pam_unix) could not identify user (from getpwnam(ziv@musicinfo.org))
Oct 15 22:50:53 mail saslauthd[3539]: DEBUG: auth_pam: pam_acct_mgmt failed: User not known to the underlying authentication module
Oct 15 22:50:53 mail saslauthd[3539]: do_auth : auth failure: [user=ziv@musicinfo.org] [service=smtp] [realm=musicinfo.org] [mech=pam] [reason=PAM acct error]

ziv is a legit user in the domain ... a virtual domain affcorse so his user name iis actually ziv@musicinfo.org but it guess thats knows for all you linux ppl..
im just starting to understand so ... .

any suggestions ? ... im getting lost with all the mailing lists google offers ... newbie ... :(

Thanks for ALL the help ALL's ...

Roiy - TmWtp

tmwtp 15th October 2005 23:01

maybe some more data required ,,, ?
 
maybe some more data required ,,, ?
some more cfg files ?

ill post anything ... as far as i care my root pass .. dont mind formating the machine again and start from the begining .. done it once 3 days ago ...

Thanks again ,

Roiy - TmWtp

tmwtp 15th October 2005 23:20

mail.log
 
this is the /var/log/mail.log entries when a user tries to telnet the server now :::

Oct 15 23:14:05 mail postfix/smtpd[3883]: connect from unknown[212.199.157.62]
Oct 15 23:15:25 mail postfix/smtpd[3883]: 823141B6695: client=unknown[212.199.157.62]
Oct 15 23:15:26 mail postfix/cleanup[3903]: 823141B6695: message-id=<20051015211525.823141B6695@mail.musicinfo.org>
Oct 15 23:15:26 mail postfix/qmgr[3462]: 823141B6695: from=<ynon@musicinfo.org>, size=356, nrcpt=1 (queue active)
Oct 15 23:15:26 mail amavis[1377]: (01377-02) lookup_sql: 2013, Lost connection to MySQL server during query
Oct 15 23:15:26 mail amavis[1377]: (01377-02) NOTICE: Disconnected from SQL server
Oct 15 23:15:26 mail amavis[1377]: (01377-02) TROUBLE in check_mail: creating_partsdir FAILED: DBD::mysql::st execute failed: Lost connection to MySQL server during query at (eval 38) line 238, <GEN16> line 850.
Oct 15 23:15:26 mail amavis[1377]: (01377-02) PRESERVING EVIDENCE in /var/lib/amavis/amavis-20051015T204635-01377
Oct 15 23:15:26 mail postfix/smtp[3904]: 823141B6695: to=<admin@musicinfo.org>, relay=127.0.0.1[127.0.0.1], delay=1, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=01377-02, creating_partsdir FAILED: DBD::mysql::st execute failed: Lost connection to MySQL server during query at (eval 38) line 238, <GEN16> line 850. (in reply to end of DATA command))
Oct 15 23:16:17 mail postfix/smtpd[3883]: disconnect from unknown[212.199.157.62]


anyone ?

falko 15th October 2005 23:27

Looks like your MySQL server died? Can you see MySQL when you run
Code:

netstat -tap
?

tmwtp 15th October 2005 23:32

yup
 
mail:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:imaps *:* LISTEN 1048/couriertcpd
tcp 0 0 *:pop3s *:* LISTEN 1071/couriertcpd
tcp 0 0 musicinfo.org:10024 *:* LISTEN 967/amavisd (master
tcp 0 0 musicinfo.org:10025 *:* LISTEN 3458/master
tcp 0 0 musicinfo.org:mysql *:* LISTEN 3752/mysqld
tcp 0 0 *:pop3 *:* LISTEN 1057/couriertcpd
tcp 0 0 *:imap2 *:* LISTEN 1034/couriertcpd
tcp 0 0 *:www *:* LISTEN 1342/apache2
tcp 0 0 *:981 *:* LISTEN 1352/perl
tcp 0 0 *:ftp *:* LISTEN 1330/proftpd: (acce
tcp 0 0 mail.musicinfo.o:domain *:* LISTEN 955/named
tcp 0 0 musicinfo.org:domain *:* LISTEN 955/named
tcp 0 0 *:ssh *:* LISTEN 1319/sshd
tcp 0 0 *:smtp *:* LISTEN 3458/master
tcp 0 0 musicinfo.org:953 *:* LISTEN 955/named
tcp 0 0 *:https *:* LISTEN 1342/apache2
tcp 0 0 mail.musicinfo.org:ssh 192.168.10.2:2016 ESTABLISHED3918/sshd: roiy [pr
tcp 0 0 mail.musicinfo.org:ssh 192.168.10.2:4980 ESTABLISHED3624/sshd: roiy [pr
tcp 1 0 musicinfo.org:32773 musicinfo.org:mysql CLOSE_WAIT 1374/amavisd (child
tcp 1 0 musicinfo.org:32780 musicinfo.org:mysql CLOSE_WAIT 1375/amavisd (child
tcp 0 144 mail.musicinfo.org:ssh 192.168.10.2:3136 ESTABLISHED1359/sshd: roiy [pr


All times are GMT +2. The time now is 19:03.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.