SASL LDAP authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

I am trying to get authenticated SMTP running here on campus, and we are wanting to authenticate against Active Directory. We are running sendmail, and I've been able to get it to work using the UNIX password file. However, I'm having trouble when I try to use ldap to authenticate.

I'm working on RedHat ES rel4 with cyrus-sasl 2.1.19. My first question is whether or not cyrus-sasl-lib is required for this to work? It's not installed on my test box. However, I tried another Linux system we have that does have cyrus-sasl-lib installed, and things still don't work. I know I'm missing something crucial, so any help would be greatly appreciated.

When I run saslauthd -v I see:

saslauthd 2.1.19
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap

So, I'm assuming it has everything it needs compiled in to do ldap authentication.

I then edited the /etc/sysconfig/saslauthd file, and changed the MECH=pam line to MECH=ldap.

Then I created a /etc/saslauthd.conf file with the contents:

ldap_servers: ldap://129.82.xxx.xxx/
ldap_bind_dn: cn=xxxxx,ou=xxxxxxxxxxx,dc=ColoState,dc=edu
ldap_password: xxxxxxxx
ldap_filter: (sAMAccountName=%u)
ldap_search_base: dc=colostate,dc=edu
ldap_auth_method: bind

Then I start saslauthd the following command:

/usr/sbin/saslauthd -a ldap -d -O /etc/saslauthd.conf

Then I run a command to test it:

/usr/sbin/testsaslauthd -u jackie -p xxxxx

And the output I see is:

saslauthd[8045] :main            : num_procs  : 5
saslauthd[8045] :main            : mech_option: /etc/saslauthd.conf
saslauthd[8045] :main            : run_path   : /var/run/saslauthd
saslauthd[8045] :main            : auth_mech  : ldap
saslauthd[8045] :ipc_init : using accept lock file: /var/run/saslauthd/mux.accept
saslauthd[8045] :detach_tty      : master pid is: 0
saslauthd[8045] :ipc_init : listening on socket: /var/run/saslauthd/mux
saslauthd[8045] :main            : using process model
saslauthd[8046] :get_accept_lock : acquired accept lock
saslauthd[8045] :have_baby       : forked child: 8046
saslauthd[8045] :have_baby       : forked child: 8047
saslauthd[8045] :have_baby       : forked child: 8048
saslauthd[8045] :have_baby       : forked child: 8049
saslauthd[8046] :rel_accept_lock : released accept lock
saslauthd[8047] :get_accept_lock : acquired accept lock
saslauthd[8046] :do_auth : auth failure: [user=jackie] [service=imap] [realm=] [mech=ldap] [reason=Unknown]
saslauthd[8046] :do_request      : response: NO
saslauthd[8047] :rel_accept_lock : released accept lock

I don't see where it is trying to authenticate as the ldap_bind I specified in the configuration file. Should it do that first?

I would really appreciate any help. I've been struggling with this for several days.

Thanks so much!

Jackie Hunt
Colorado State University

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux