Dear all, I have a question of my configuration, we’re using multiple domains and the users are stored on our samba ad dc server. In past I wanted to prevent the issue, that user can login with their username and not with a fqdn mail address. I had solved this issue by editing the /etc/default/saslauthd service file and added ‚-r‘ at options in the end: # # Settings for saslauthd daemon # Please read /usr/share/doc/sasl2-bin/README.Debian for details. # # Should saslauthd run automatically on startup? (default: no) START=yes # Description of this saslauthd instance. Recommended. # (suggestion: SASL Authentication Daemon) DESC="SASL Authentication Daemon" # Short name of this saslauthd instance. Strongly recommended. # (suggestion: saslauthd) NAME="saslauthd" # Which authentication mechanisms should saslauthd use? (default: pam) # # Available options in this Debian package: # getpwent -- use the getpwent() library function # kerberos5 -- use Kerberos 5 # pam -- use PAM # rimap -- use a remote IMAP server # shadow -- use the local shadow password file # sasldb -- use the local sasldb database file # ldap -- use LDAP (configuration is in /etc/saslauthd.conf) # # Only one option may be used at a time. See the saslauthd man page # for more information. # # Example: MECHANISMS="pam" MECHANISMS="ldap" # Additional options for this mechanism. (default: none) # See the saslauthd man page for information about mech-specific options. MECH_OPTIONS="" # How many saslauthd processes should we run? (default: 5) # A value of 0 will fork a new process for each connection. THREADS=5 # Other options (default: -c -m /var/run/saslauthd) # Note: You MUST specify the -m option or saslauthd won't run! # # WARNING: DO NOT SPECIFY THE -d OPTION. # The -d option will cause saslauthd to run in the foreground instead of as # a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish # to run saslauthd in debug mode, please run it by hand to be safe. # # See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information. # See the saslauthd man page and the output of 'saslauthd -h' for general # information about these options. # # Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd" # Example for non-chroot Postfix users: "-c -m /var/run/saslauthd" # # To know if your Postfix is running chroot, check /etc/postfix/master.cf. # If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd" # then your Postfix is running in a chroot. # If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT # running in a chroot. OPTIONS="-r -c -m /var/run/saslauthd" My saslauthd.config file here use an other filter than default one: ldap_servers: ldap://XXXXX ldap_search_base: dc= XXX,dc=dir #ldap_filter: sAMAccountName=%U ldap_filter: userPrincipalName=%u #ldap_version: 3 ldap_auth_method: bind ldap_bind_dn: cn=Administrator,cn=Users,dc=XXX,dc=dir ldap_bind_pw: XXX #ldap_scope: sub ldap_debug: -1 Here I have problem this config works fine all users can only sign in with their full e-mail address
So
max.murry@xxxxxx can login AND Max.murry can’t login. but when I want to use cyradm I need to switch the filter on /etc/saslauthd.conf to sAMAccountName=%U If I don’t do this I can’t access the cyradm tool, perhaps someone could help here?
Best Regards, David Faller |