Re: postfix + saslauthd: SASL PLAIN authentication failed: no mechanism available

Ana Díez <Ana.Diez@xxxxxxxxxx> · Mon, 05 Dec 2011 16:27:46 +0100



    El 01/12/2011 19:00, Dan White escribió:
    On

      01/12/11 12:34 +0100, Ana Díez wrote: 

      Hi, 

        
        I'm working to configure SASL (2.1.25) with Postfix 2.7.1. in
        Solaris 10. 

        
        I'm running saslauthd with ldap: 

        
        /usr/local/sbin/saslauthd -a ldap 

        
        And running manually "testsaslauthd" works ok 

        # /usr/local/sbin/testsaslauthd -u xxxx -p xxxxx 

        0: OK "Success." 

        
        But Postfix seems to ignore the "pwcheck_method". Although I set
        it as 

        "saslauthd", I receive "could not find auxprop plugin, was
        searching for 

        '[all]'", "SASL PLAIN authentication failed: no mechanism
        available" im my 

        logs. 

        
        The file /usr/local/lib/sasl2/smtpd.conf: 

      
      I believe Postfix overwrites the confdir path via a callback. It
      appears 

      that it is: 

      
      *path = concatenate(var_config_dir, "/", "sasl:/usr/lib/sasl2",
      (char *) 0); 

      
      For example: 

      
      /etc/postfix/sasl:/usr/lib/sasl2      
    You'll

      need to place your smtpd.conf file into one of those two
      directories for libsasl2 to see it. 

    
    I have already links from those directories to smtpd.conf

    
      pwcheck_method: saslauthd 

        mech_list: PLAIN LOGIN 

        saslauthd_path: /var/state/saslauthd/ 

      
      saslauthd_path should include the full path to the mux, e.g.: 

      
      saslauthd_path: /var/state/saslauthd/mux 

      
    Ok, I have made this change.

    If

      you happen to be running postfix chrooted (within master.cf), then
      that 

      will affect where postfix (and libsasl2) will look for the
      saslauthd mux. 

      
      The Postfix configuration: 

        
        # postconf -n | grep sasl 

        broken_sasl_auth_clients = yes 

        smtpd_client_restrictions = permit_mynetworks, 
        permit_sasl_authenticated,      reject_unauth_destination,     
        check_relay_domains 

        smtpd_recipient_restrictions = permit_mynetworks,       
        permit_sasl_authenticated,     check_relay_domains,   
        reject_non_fqdn_recipient 

        smtpd_sasl_auth_enable = yes 

        smtpd_sasl_path = smtpd 

        smtpd_sasl_security_options = noanonymous 

        smtpd_sasl_tls_security_options = $smtpd_sasl_security_options 

      
      Patrick's 'saslfinger' script might help to catch some other
      problems. 

      
    I have executed saslfinger but I didn't found any problem. 

    
    Deepening, I  have seen that when I built cyrus sasl only static
    libraries are created for auth mech:

    #ls -l /usr/local/lib/sasl2/

    -rwxr-xr-x   1 root     root         795 dic  5 15:59 libsasldb.la

    -rwxr-xr-x   1 root     root         774 dic  5 15:59 libscram.la

    -rwxr-xr-x   1 root     root         768 dic  5 15:59 libotp.la

    -rwxr-xr-x   1 root     root         765 dic  5 15:59 libplain.la

    -rwxr-xr-x   1 root     root         765 dic  5 15:59 liblogin.la

    -rw-r--r--   1 root     root      123568 dic  5 15:59 libsasldb.a

    -rw-r--r--   1 root     root      126560 dic  5 15:59 libscram.a

    -rw-r--r--   1 root     root      158248 dic  5 15:59 libotp.a

    -rw-r--r--   1 root     root       69832 dic  5 15:59 libplain.a

    -rw-r--r--   1 root     root       69008 dic  5 15:59 liblogin.a

    
    I
        still get the same problem...

        
        Thanks.

        Ana

    
    --