Re: NO Login failed: generic failure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Mar 26, 2014, at 11:25 , Dan White <dwhite@xxxxxxx> wrote:


What does your imapd.conf config look like? In particular the sasl_*,
virtdomain, defaultdomain, allowplaintext, and loginrealms options.


configdirectory: /var/spool/imap
partition-default: /var/spool/mail
duplicatesuppression: 1
sievedir: /var/spool/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: yes
lmtpsocket: /var/run/socket/lmtp
unixhierarchysep: 0
quotawarn: 90
virtdomains: 1
allowplaintext: 1

pwcheck_method: auxprop
auxprop_plugin: sql

sasl_sql_engine: sqlite
sasl_sql_database: /var/db/sqlite/mailsys
sasl_sql_select: SELECT %p FROM sasl_auth WHERE userid = '%u@%r'
sasl_sql_insert: INSERT INTO sasl_auth ( userid, %p, domain ) VALUES ( '%u@%r', '%v' )
sasl_sql_update: UPDATE sasl_auth SET %p = '%v' WHERE userid = '%u@%r'

tls_ca_file: /var/imap/server.pem
tls_cert_file: /var/imap/server.pem
tls_key_file: /var/imap/server.pem

only difference between the above and the other one that isn’t working *and* the one that is, is the tls_* lines …


Try using a sasl mechanism, e.g.:

imtest -m digest-md5 -a 'xxx@xxxxxxx’ localhost

# imtest -m digest-md5 -a xxx@xxxxxxx localhost
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=LOGIN AUTH=PLAIN SASL-IR] xxx.xxx Cyrus IMAP v2.4.17 server ready
C: A01 AUTHENTICATE DIGEST-MD5
S: + bm9uY2U9IjdaZ0NLa1AxQTRPYmtlUHp2K3VaL0pSa3FYRUtzTFhtaFgwK1grbmJ2RlE9IixyZWFsbT0icmRmdW5kLmNvbSIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=
Please enter your password: 
C: dXNlcm5hbWU9InNhbGVzQG9mYWMuaW5mbyIscmVhbG09InJkZnVuZC5jb20iLG5vbmNlPSI3WmdDS2tQMUE0T2JrZVB6dit1Wi9KUmtxWEVLc0xYbWhYMCtYK25idkZRPSIsY25vbmNlPSI1WFVrUXZZbFZybXp3dndYREY3MHM4SkROcUcyOEM5Z1FuMUNCVy9xM29JPSIsbmM9MDAwMDAwMDEscW9wPWF1dGgtY29uZixjaXBoZXI9cmM0LG1heGJ1Zj0xMDI0LGRpZ2VzdC11cmk9ImltYXAvbG9jYWxob3N0IixyZXNwb25zZT05ODlhNzk3NTU5ZDY1OTY1NGRhODZiMGQ1OTc0ODU1ZQ==
S: A01 NO generic failure
Authentication failed. generic failure
Security strength factor: 128
C: C01 CAPABILITY
S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE STARTTLS AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=LOGIN AUTH=PLAIN SASL-IR COMPRESS=DEFLATE IDLE
S: C01 OK Completed
quit
* BAD Invalid tag
. logout
* BYE LOGOUT received
. OK Completed
Connection closed.


Is there any way of getting more debug information out of the backend without modifying the code itself?

Add 'sasl_log_level: 7' to imapd.conf, and verify your syslog daemon is
logging 'auth.*’.

k, will do this and re-test things …



--
Dan White

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux