Cyradm saslauthd issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear all,

 

I have a question of my configuration,

we’re using multiple domains and the users are stored on our samba ad dc server.

 

In past I wanted to prevent the issue, that user can login with their username and not with a fqdn mail address.

 

I had solved this issue by editing the /etc/default/saslauthd service file and added ‚-r‘  at options in the end:

 

#

# Settings for saslauthd daemon

# Please read /usr/share/doc/sasl2-bin/README.Debian for details.

#

 

# Should saslauthd run automatically on startup? (default: no)

START=yes

 

# Description of this saslauthd instance. Recommended.

# (suggestion: SASL Authentication Daemon)

DESC="SASL Authentication Daemon"

 

# Short name of this saslauthd instance. Strongly recommended.

# (suggestion: saslauthd)

NAME="saslauthd"

 

# Which authentication mechanisms should saslauthd use? (default: pam)

#

# Available options in this Debian package:

# getpwent  -- use the getpwent() library function

# kerberos5 -- use Kerberos 5

# pam       -- use PAM

# rimap     -- use a remote IMAP server

# shadow    -- use the local shadow password file

# sasldb    -- use the local sasldb database file

# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)

#

# Only one option may be used at a time. See the saslauthd man page

# for more information.

#

# Example: MECHANISMS="pam"

MECHANISMS="ldap"

 

# Additional options for this mechanism. (default: none)

# See the saslauthd man page for information about mech-specific options.

MECH_OPTIONS=""

 

# How many saslauthd processes should we run? (default: 5)

# A value of 0 will fork a new process for each connection.

THREADS=5

 

# Other options (default: -c -m /var/run/saslauthd)

# Note: You MUST specify the -m option or saslauthd won't run!

#

# WARNING: DO NOT SPECIFY THE -d OPTION.

# The -d option will cause saslauthd to run in the foreground instead of as

# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish

# to run saslauthd in debug mode, please run it by hand to be safe.

#

# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.

# See the saslauthd man page and the output of 'saslauthd -h' for general

# information about these options.

#

# Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"

# Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"

#

# To know if your Postfix is running chroot, check /etc/postfix/master.cf.

# If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd"

# then your Postfix is running in a chroot.

# If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT

# running in a chroot.

OPTIONS="-r -c -m /var/run/saslauthd"

 

My saslauthd.config file here use an other filter than default one:

 

ldap_servers: ldap://XXXXX

ldap_search_base: dc= XXX,dc=dir

#ldap_filter: sAMAccountName=%U

ldap_filter: userPrincipalName=%u

 

#ldap_version: 3

ldap_auth_method: bind

ldap_bind_dn: cn=Administrator,cn=Users,dc=XXX,dc=dir

ldap_bind_pw: XXX

#ldap_scope: sub

ldap_debug: -1

 

 

Here I have problem this config works fine all users can only sign in with their full e-mail address

 

So max.murry@xxxxxx can login AND

Max.murry can’t login.

This is working fine,

 

but when I want to use cyradm I need to switch the filter on /etc/saslauthd.conf to sAMAccountName=%U

If I don’t do this I can’t access the cyradm tool, perhaps someone could help here?
I think the problem is here the same, authentication are only allowed with a fqdn but the linux user cyrus has no domain ending.

 

Best Regards,

David Faller

 

 


[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux