Virtual Users And Domains With Postfix, Courier And MySQL (Fedora 8)

Discussion in 'HOWTO-Related Questions' started by Packet, Jan 18, 2008.

  1. Packet

    Packet New Member

    Firstly nice tutorial overall and it has me with an almost fully operational setup except for one thing that is killing me :(

    In short I can not get saslauthd to use authdaemond to authenticate smtp users although imap auth via authdaemond works fine towards mysql.

    I've spent sometime debugging and it appears to me that saslauthd is simply ignoring smtpd.conf (certainly an strace show's no attempt to open the file nor the authdaemond socket) and when I run testsaslauthd it's working with PAM so local account authenticate ok and only for services defined under /etc/pam.d/. 'authtest' against authdaemond works great but 'testsaslauthd' fails unless I use one of the local system accounts.

    I've seen numerous references to localtions for smtpd.conf but I've tried them all and the most logical for me is /usr/lib64/sasl2/smtpd.conrf ...

    Some info:

    [[email protected] pam.d]# uname -a
    Linux ams00sv01 #1 SMP Tue Oct 30 13:18:33 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux

    [[email protected] sasl2]# ps -ef|grep auth
    root 7090 1 0 14:42 ? 00:00:00 /usr/sbin/courierlogger -pid=/var/spool/authdaemon/pid -start /usr/libexec/courier-authlib/authdaemond
    root 7091 7090 0 14:42 ? 00:00:00 /usr/libexec/courier-authlib/authdaemond
    root 7092 7091 0 14:42 ? 00:00:00 /usr/libexec/courier-authlib/authdaemond
    root 7093 7091 0 14:42 ? 00:00:00 /usr/libexec/courier-authlib/authdaemond
    root 7094 7091 0 14:42 ? 00:00:00 /usr/libexec/courier-authlib/authdaemond
    root 7095 7091 0 14:42 ? 00:00:00 /usr/libexec/courier-authlib/authdaemond
    root 7096 7091 0 14:42 ? 00:00:00 /usr/libexec/courier-authlib/authdaemond
    root 11590 1 0 16:16 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
    root 11591 11590 0 16:16 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
    root 11592 11590 0 16:16 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
    root 11593 11590 0 16:16 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
    root 11594 11590 0 16:16 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
    root 11597 5745 0 16:16 pts/5 00:00:00 grep auth
    [[email protected] sasl2]# more /etc/sasl2/smtpd.conf
    pwcheck_method: authdaemond
    log_level: 3
    mech_list: PLAIN LOGIN
    authdaemond_path: /var/spool/authdaemon/socket
    [[email protected] sasl2]# ls -al /var/spool/authdaemon/
    total 32
    drwxr-xr-x 2 daemon daemon 4096 2008-01-18 14:42 .
    drwxr-xr-x 19 root root 4096 2008-01-16 11:21 ..
    -rw-r--r-- 1 root root 5 2008-01-18 14:42 pid
    -rw------- 1 root root 0 2008-01-08 12:24 pid.lock
    srwxrwxrwx 1 root root 0 2008-01-18 14:42 socket
    [[email protected] sasl2]#
  2. falko

    falko Super Moderator ISPConfig Developer

    Yes, that's right for x86_64 systems. :)
  3. Packet

    Packet New Member

    It sure is :)

    I don't suppose anyone else has some debugging tips or an idea of what might be the issue, missing compiled libs or something. Everything was yum installed but I can't see how to verify authdaemond support either.
  4. falko

    falko Super Moderator ISPConfig Developer

    Any errors in your mail log?
  5. Packet

    Packet New Member

    Absolutely nothing useful (i.e. just the expected auth fails).

    It is exactly as if saslauthd simply doesn't know anything about its smtpd.conf file.

    As I said smtp auth works great if I use a local system account, saslauthd is clearly using PAM to authenticate, sure I can try and use pam_mysql as a work around but I'd really like to get it working right.

    The command line options passed to saslauthd through its init script set the mechanism to PAM but from the little info I can find this is normal, does this reflect your situation?
    Last edited: Jan 21, 2008
  6. Packet

    Packet New Member

    I know many of my friends questioned my sanity but this is just silly.

    Would you believe, I'm going through my mail in Outlook 2003, sending mails using my cached PAM local system account credentials for smtp auth. Then I get a pop up telling me the creds are wrong, ok so I type them again but nothing, I check my maillog and find MYSQL authdaemond auth failures, I'm like what the hell and indeed suddenly without action or warning its working perfectl as advertised.

    I'll go spend an hour figuring out how, what, where when and why but for now problem solved.

Share This Page