Cyradm saslauthd issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Dear all,


I have a question of my configuration,

we’re using multiple domains and the users are stored on our samba ad dc server.


In past I wanted to prevent the issue, that user can login with their username and not with a fqdn mail address.


I had solved this issue by editing the /etc/default/saslauthd service file and added ‚-r‘  at options in the end:



# Settings for saslauthd daemon

# Please read /usr/share/doc/sasl2-bin/README.Debian for details.



# Should saslauthd run automatically on startup? (default: no)



# Description of this saslauthd instance. Recommended.

# (suggestion: SASL Authentication Daemon)

DESC="SASL Authentication Daemon"


# Short name of this saslauthd instance. Strongly recommended.

# (suggestion: saslauthd)



# Which authentication mechanisms should saslauthd use? (default: pam)


# Available options in this Debian package:

# getpwent  -- use the getpwent() library function

# kerberos5 -- use Kerberos 5

# pam       -- use PAM

# rimap     -- use a remote IMAP server

# shadow    -- use the local shadow password file

# sasldb    -- use the local sasldb database file

# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)


# Only one option may be used at a time. See the saslauthd man page

# for more information.


# Example: MECHANISMS="pam"



# Additional options for this mechanism. (default: none)

# See the saslauthd man page for information about mech-specific options.



# How many saslauthd processes should we run? (default: 5)

# A value of 0 will fork a new process for each connection.



# Other options (default: -c -m /var/run/saslauthd)

# Note: You MUST specify the -m option or saslauthd won't run!



# The -d option will cause saslauthd to run in the foreground instead of as

# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish

# to run saslauthd in debug mode, please run it by hand to be safe.


# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.

# See the saslauthd man page and the output of 'saslauthd -h' for general

# information about these options.


# Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"

# Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"


# To know if your Postfix is running chroot, check /etc/postfix/

# If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd"

# then your Postfix is running in a chroot.

# If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT

# running in a chroot.

OPTIONS="-r -c -m /var/run/saslauthd"


My saslauthd.config file here use an other filter than default one:


ldap_servers: ldap://XXXXX

ldap_search_base: dc= XXX,dc=dir

#ldap_filter: sAMAccountName=%U

ldap_filter: userPrincipalName=%u


#ldap_version: 3

ldap_auth_method: bind

ldap_bind_dn: cn=Administrator,cn=Users,dc=XXX,dc=dir

ldap_bind_pw: XXX

#ldap_scope: sub

ldap_debug: -1



Here I have problem this config works fine all users can only sign in with their full e-mail address


So max.murry@xxxxxx can login AND

Max.murry can’t login.

This is working fine,


but when I want to use cyradm I need to switch the filter on /etc/saslauthd.conf to sAMAccountName=%U

If I don’t do this I can’t access the cyradm tool, perhaps someone could help here?
I think the problem is here the same, authentication are only allowed with a fqdn but the linux user cyrus has no domain ending.


Best Regards,

David Faller



[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux