Ask for saslauthd help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dear All,

I want to try my luck here, perhaps someone could help me.

 

First The Problem:

We would like to restrict the ldap authentication over saslauthd, so that users only can login with their valid e-mail address.

At the moment users are able to login with username@xxxxxxxxxx or only their username. 

 

I tied a lot to specify the ldap_filter to take a lookup for  the userPrincipalName=%u.

With the command testsaslauthd it’s working but cyrus can’t grant access with errors like this:

 

saslauthd.service - LSB: saslauthd startup script

   Loaded: loaded (/etc/init.d/saslauthd; generated)

   Active: active (running) since Fri 2019-10-25 14:07:54 CEST; 1h 33min ago

     Docs: man:systemd-sysv-generator(8)

  Process: 3707 ExecStart=/etc/init.d/saslauthd start (code=exited, status=0/SUCCESS)

    Tasks: 10 (limit: 4915)

   Memory: 15.4M

   CGroup: /system.slice/saslauthd.service

           ─3727 /usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -n 5

           ─3728 /usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -n 5

           ─3729 /usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -n 5

           ─3730 /usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -n 5

           ─3733 /usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -n 5

           ─3745 /usr/sbin/saslauthd -a ldap -c -m /var/spool/postfix/var/run/saslauthd -n 5

           ─3746 /usr/sbin/saslauthd -a ldap -c -m /var/spool/postfix/var/run/saslauthd -n 5

           ─3747 /usr/sbin/saslauthd -a ldap -c -m /var/spool/postfix/var/run/saslauthd -n 5

           ─3748 /usr/sbin/saslauthd -a ldap -c -m /var/spool/postfix/var/run/saslauthd -n 5

           └─3749 /usr/sbin/saslauthd -a ldap -c -m /var/spool/postfix/var/run/saslauthd -n 5

 

Oct 25 15:38:27 CGSG saslauthd[3747]:                 : auth failure: [user=money] [service=smtp] [realm=uc-central.net] [mech=ldap] [reason=Unknown]

Oct 25 15:39:07 CGSG saslauthd[3745]: Entry not found (sAMAccountName=account).

Oct 25 15:39:07 CGSG saslauthd[3745]: Authentication failed for account/uc-central.net: User not found (-6)

Oct 25 15:39:07 CGSG saslauthd[3745]:                 : auth failure: [user=account] [service=smtp] [realm=uc-central.net] [mech=ldap] [reason=Unknown]

Oct 25 15:40:20 CGSG saslauthd[3748]: Entry not found (sAMAccountName=tg).

Oct 25 15:40:20 CGSG saslauthd[3748]: Authentication failed for tg/uc-central.net: User not found (-6)

Oct 25 15:40:20 CGSG saslauthd[3748]:                 : auth failure: [user=tg] [service=smtp] [realm=uc-central.net] [mech=ldap] [reason=Unknown]

Oct 25 15:40:56 CGSG saslauthd[3746]: Entry not found (sAMAccountName=pearl).

Oct 25 15:40:56 CGSG saslauthd[3746]: Authentication failed for pearl/uc-central.net: User not found (-6)

Oct 25 15:40:56 CGSG saslauthd[3746]:                 : auth failure: [user=pearl] [service=smtp] [realm=uc-central.net] [mech=ldap] [reason=Unknown]

 

 

 

 

Oct 25 13:49:52 CGSG cyrus/imaps[3074]: SASL Password verification failed

 

Oct 25 13:31:25 CGSG cyrus/imap[2420]: badlogin: localhost [127.0.0.1] plaintext it@xxxxxxxxxxxxxxx SASL(-13): authentication failure: checkpass failed

Oct 25 13:31:25 CGSG cyrus/imaps[2434]: badlogin: port-83-236-195-74.static.qsc.de[83.236.195.74] LOGIN [SASL(-13): authentication failure: checkpass failed]

Oct 25 13:31:25 CGSG cyrus/imaps[2432]: badlogin: port-83-236-195-74.static.qsc.de[83.236.195.74] LOGIN [SASL(-13): authentication failure: checkpass failed]

Oct 25 13:31:28 CGSG cyrus/imap[2445]: badlogin: localhost [127.0.0.1] plaintext it@xxxxxxxxxxxxxxx SASL(-13): authentication failure: checkpass failed

Oct 25 13:31:29 CGSG cyrus/imaps[2432]: badlogin: port-83-236-195-74.static.qsc.de[83.236.195.74] plaintext lager SASL(-13): authentication failure: checkpass failed

Oct 25 13:31:29 CGSG cyrus/imaps[2434]: badlogin: port-83-236-195-74.static.qsc.de[83.236.195.74] plaintext sebastian.mandl@xxxxxxxxxxxxxxx SASL(-13): authentication failure: checkpass failed

 

 

 

 

The problem is our multi domain setup and when a user login with a client or over the web with only their username, cyrus create new false mailboxes. 

This we would like to prevent.

 

Perhaps someone know how to configure the saslauthd filter right for this special case.

 

 

Configuration

 

Our /etc/saslauthd.config

 

ldap_servers: ldap://ddcl001.domain.dir

ldap_search_base: dc=domain,dc=dir

ldap_filter: sAMAccountName=%U

#ldap_filter: userPrincipalName=%u

 

#ldap_version: 3

ldap_auth_method: bind

ldap_bind_dn: cn=Administrator,cn=Users,dc=domain,dc=dir

ldap_bind_pw: ******

#ldap_scope: sub

 

Best Regards,

David Faller


Von meinem iPad gesendet
[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux