Re: same SASL config that works on CentOS5 & 6 fails on CentOS7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 09/27/18 16:04 -0400, Paul Raines wrote:

I have a saslauthd server running on a CentOS6 system that I want
to upgrade to CentOS7.  On the CentOS6 system I have /etc/saslauthd.conf
set as (domain changed):

ldap_servers: ldaps://ldap.foobar.org
ldap_use_sasl: yes
ldap_mech: DIGEST-MD5

and saslauthd is run as

/usr/sbin/saslauthd -m /run/saslauthd -a ldap -O /etc/saslauthd.conf

The LDAP server is the LDAP portal of the corporate AD server.

This works fine as 'testsaslauthd -s ldap ...' succeeds.  This
same config worked when it was on a CentOS5 system.

When I set up this identical config on a test CentOS7 system the
testsaslauthd always fails.  Debug output is

Aug 24 11:05:42 hound saslauthd[118834]: DIGEST-MD5 client step 2
Aug 24 11:05:42 hound saslauthd[118834]: DIGEST-MD5 parse_server_challenge()
Aug 24 11:05:42 hound saslauthd[118834]: DIGEST-MD5 ask_user_info()
Aug 24 11:05:42 hound saslauthd[118834]: DIGEST-MD5 client step 2
Aug 24 11:05:42 hound saslauthd[118834]: DIGEST-MD5 ask_user_info()
Aug 24 11:05:42 hound saslauthd[118834]: DIGEST-MD5 make_client_response()
Aug 24 11:05:42 hound saslauthd[118834]: Authentication failed for per2: Bind to ldap server failed (invalid user/password or insufficient access) (-7) Aug 24 11:05:42 hound saslauthd[118834]: do_auth : auth failure: [user=per2] [service=ldap] [realm=] [mech=ldap] [reason=Unknown] 

I have tried ldap_auth_method with 'bind' and 'fastbind' and
ldap_use_sasl set to no, but every combo fails.

It does work to use a /etc/saslauthd.conf with explicit credentials such
as

ldap_servers: ldaps://ldap.foobar.org
ldap_search_base: dc=foobar,dc=org
ldap_filter: (sAMAccountName=%u)
ldap_bind_dn: cn=myuid,cn=users,dc=foobar,dc=org
ldap_password: *********
but I don't like putting my password in a config file and also having to remember to change it everytime the password changes in AD 

Does anyone have any ideas why the initial setup does not work
in CentOS7?


Check your DNS settings.

Trouble shoot this by using the ldap client utilities directly:

ldapwhoami -d -1 -H ldaps://ldap.foobar.org -Y DIGEST-MD5 -U per2 -W
[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux