On Jan 22, 2008 3:09 PM, badock <badock@xxxxxxxxx> wrote: > OK, so with PAM, how do you set passwords to your virtual users ? > sorry, i'm like _really_ lost, and running out of time :-/ Virtual user ? This mean your user don have local access to the server (ssh, ftp ...) Then you can use sasldb, without saslauth Exactly as I said. Maybe you have some problem with domain. 1 saspasswd2 foobar 2 saspasswd2 foobar@defaultdomain 3 saspasswd2 foobar@anotherdomain can have different result. 1 and 2 can have the same result if defaultdomain is the default domain I gave you my working config on centos-5.1, just changing imapd.conf and creating sasldb. > > thanks. > > 2008/1/22, Alain Spineux < aspineux@xxxxxxxxx>: > > > On Jan 22, 2008 2:33 PM, badock < badock@xxxxxxxxx> wrote: > > > mmmmh i still don't manage to have the 'testsaslauthd -u logon -p > password' > > > work... > > > does yours work allright ? > > > can you paste your /etc/sysconfig/saslauthd file please ? > > > > I don't use saslauthd ! > > > > > in mine : > > > SOCKETDIR=/var/run/saslauthd > > > MECH=pam > > > FLAGS= > > > > If you use saslauthd with PAM, like you are trying, you dont need to > > work with a sasldb nor saslpasswd .... > > > > > > > > > > > > > > > > 2008/1/21, Alain Spineux <aspineux@xxxxxxxxx>: > > > > On Jan 21, 2008 5:31 PM, badock <badock@xxxxxxxxx > wrote: > > > > > OK, apparently, i have a problem, but it's more a SASL problem. > > > > > I set passwords with "saslpasswd2 -c logon" and then tried to check > > > whether > > > > > it worked with the command : "testsaslauthd -u logon -p password" > and it > > > > > doesn't work... :S > > > > > > > > Do you want to use saslauth or just don't realy know what you are > doing? > > > > > > > > I have just migrated my server yesterday using just here are some of > my > > > config : > > > > > > > > # cat /etc/imapd.conf > > > > configdirectory: /var/lib/imap > > > > partition-default: /var/spool/imap > > > > admins: cyrus > > > > sievedir: /var/lib/imap/sieve > > > > sendmail: /usr/sbin/sendmail > > > > #sasl_pwcheck_method: saslauthd > > > > sasl_pwcheck_method: auxprop > > > > sasl_auxprop_plugin: sasldb > > > > sasl_mech_list: PLAIN > > > > > > > > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > > > > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > > > > tls_ca_file: /etc/pki/tls/certs/ca- bundle.crt > > > > > > > > virtdomains: userid > > > > defaultdomain: max.asxnet.loc > > > > loginrealms: max.asxnet.loc > > > > > > > > hashimapspool: yes > > > > > > > > altnamespace: 0 > > > > unixhierarchysep: yes > > > > lmtp_downcase_rcpt: yes > > > > username_tolower: 1 > > > > > > > > > > > > THE relevant thing for you are : > > > > > > > > sasl_pwcheck_method: auxprop > > > > sasl_auxprop_plugin: sasldb > > > > > > > > > > > > # history | grep sasl > > > > 705 sasldblistusers2 > > > > 706 saslpasswd2 cyrus@xxxxxxxxxxxxxx > > > > 707 sasldblistusers2 > > > > 709 saslpasswd2 -u max.asxnet.loc root > > > > 710 sasldblistusers2 > > > > 728 chown cyrus.mail /etc/sasldb2 > > > > > > > > > > > > > > > > > > I checked the logs, here's what i found : > > > > > in /var/log/secure: > > > > > # Jan 21 17:12:28 demovm33 saslauthd[3393]: pam_unix(imap:auth): > check > > > > > pass; user unknown > > > > > # Jan 21 17:12:28 demovm33 saslauthd[3393]: pam_unix(imap:auth): > > > > > authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= > > > > > # Jan 21 17:12:28 demovm33 saslauthd[3393]: > pam_succeed_if(imap:auth): > > > > > error retrieving information about user logon > > > > > > > > > > in /var/log/messages: > > > > > # Jan 21 17:12:20 demovm33 saslauthd[3351]: server_exit : > master > > > > > exited: 3351 > > > > > # Jan 21 17:12:21 demovm33 saslauthd[3376]: set_auth_mech : > unknown > > > > > authentication mechanism: map > > > > > # Jan 21 17:12:27 demovm33 saslauthd[3392]: detach_tty : > master > > > pid > > > > > is: 3392 > > > > > # Jan 21 17:12:27 demovm33 saslauthd[3392]: ipc_init : > listening > > > on > > > > > socket: /var/run/saslauthd/mux > > > > > # Jan 21 17:12:31 demovm33 saslauthd[3393]: do_auth : auth > > > failure: > > > > > [user=logon] [service=imap] [realm=] [mech=pam] [reason=PAM auth > error] > > > > > > > > > > OK, so that's when in /etc/sysconfig/saslauthd i have one line > saying : > > > > > # MECH=pam > > > > > > > > > > I tried with several other "MECH" but i still get errors like, for > > > instance > > > > > with MECH=shadow : > > > > > # Jan 21 17:11:41 demovm33 saslauthd[3318]: server_exit : > master > > > > > exited: 3318 > > > > > # Jan 21 17:11:41 demovm33 saslauthd[3351]: detach_tty : > master > > > pid > > > > > is: 3351 > > > > > # Jan 21 17:11:41 demovm33 saslauthd[3351]: ipc_init : > listening > > > on > > > > > socket: /var/run/saslauthd/mux > > > > > # Jan 21 17:11:43 demovm33 saslauthd[3352]: do_auth : auth > > > failure: > > > > > [user=logon] [service=imap] [realm=] [mech=shadow] [reason=Unknown] > > > > > > > > > > > > > > > I couldn't try to use the MECH=sasldb because natively the sasldb > mech > > > is > > > > > disabled, so i have two options : > > > > > 1. compile a new saslauthd from sources that supports sasldb (i > tried > > > and > > > > > failed, i get error coming from the .c and .h files :-/ ) > > > > > 2. have it working without the sasldb, which i guess is possible... > i > > > mean i > > > > > only need a simple login/password thing, it's not that complex > > > > > > > > > > So anyway, when _you_ use this cyrus-imapd thing, do you > authenticate > > > with > > > > > the sasldb by typing login/password, or do you do it another way ? > > > > > > > > > > Hope it's clearer now to you (it isn't to me... ;) ) > > > > > Any idea, please ? > > > > > > > > > > > > > > > @Alain> about this RCTP TO error, i'd say it comes from the SMTP, > but i > > > > > don't understand what you meant by "Ave you configured your SMTP to > > > accept > > > > > lgon@xxxxxxxxxxx ?", do i have to configure something on the SMTP > side ? > > > > > > > > Often things are made to work together without to much change. > > > > It help to stay in the main idea of the developer, but not always easy > > > > to guest it. > > > > Yesterday I didn't touch my postfix on my centos 5.1 to make it works > > > > with cyrus. > > > > > > > > Regards > > > > > Thanks for paying interest in my helplessness :) > > > > > > > > > > > > > > > > > > > > 2008/1/21, Alain Spineux < aspineux@xxxxxxxxx>: > > > > > > > > > > > On Jan 21, 2008 2:19 PM, badock <badock@xxxxxxxxx> wrote: > > > > > > > > > > > > > > Hello all, > > > > > > > > > > > > > > I recently installed cyrus-imapd, and i'm now trying to make it > > > work. > > > > > > > I created a mailbox user (cm user.logon) then acl'ed it (sam > > > user.logon > > > > > > > logon all) > > > > > > > Then i set a password to logon : saslpasswd2 -c logon > > > > > > > > > > > > maybe a > > > > > > # chown cyrus.cyrus /etc/sasl2.db > > > > > > or something like that could help > > > > > > Read all cyrus error messages in log files! > > > > > > > > > > > > > So now, i expect the "user" logon to have access to his mailbox > > > > > > > But it doesn't work, cause > > > > > > > > > > > > > > 1. i can't telnet/login to the imap server with "logon": > > > > > > > shell says: > > > > > > > LOGIN BAD Error in IMAP commabd received by server > > > > > > > > > > > > > > 2. i can't send any mail to logon@xxxxxxxxxxxxxxx > > > > > > > mailer says : > > > > > > > RCPT TO < logon@xxxxxxxxxxxx> failed : > > > > > > > < logon@xxxxxxxxxxxx >: Recipient address rejected: User > > > unknown in > > > > > > > local recipient table > > > > > > > > > > > > Where this message come from ? SMTP or cyrus ? Is-it lmtpd ? > > > > > > Can you give some more line around this error ? > > > > > > Ave you configured your SMTP to accept lgon@xxxxxxxxxxx ? > > > > > > > > > > > > > > > > > > > > > > > > > > > Do you have an idea how i can check wether the imap works or > not ? > > > > > > > Actually i'd like to check if my settings are ok, is there a way > to > > > > > check > > > > > > > that ? > > > > > > > > > > > > > > > > > > > > > Thanks in advance. > > > > > > > > > > > > > > ---- > > > > > > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > > > > > > > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > > > > > > > List Archives/Info: > http://asg.web.cmu.edu/cyrus/mailing-list.html > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Alain Spineux > > > > > > aspineux gmail com > > > > > > May the sources be with you > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Alain Spineux > > > > aspineux gmail com > > > > May the sources be with you > > > > > > > > > > > > > > > > > > -- > > Alain Spineux > > aspineux gmail com > > May the sources be with you > > > > -- Alain Spineux aspineux gmail com May the sources be with you ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
