# postfix,sasl2,mysql auth problem

## coobav

Hi

I set up Vhost mailing server based mostly on http://gentoo-wiki.com/HOWTO_Linux_Virtual_Hosting_Server#Cyrus-sasl_and_Courier-authlib

but i cannot make cyrus-sasl to authenticate my users

from mail.log

```

Aug  8 17:53:19 Dell postfix/smtpd[12242]: NTLM server step 1

Aug  8 17:53:19 Dell postfix/smtpd[12242]: client flags: ffff8207

Aug  8 17:53:19 Dell postfix/smtpd[12242]: NTLM server step 2

Aug  8 17:53:19 Dell postfix/smtpd[12242]: client user: myuser@mydomain.com

Aug  8 17:53:19 Dell postfix/smtpd[12242]: warning: SASL authentication failure: no secret in database

Aug  8 17:53:19 Dell postfix/smtpd[12242]: warning: unknown[10.0.0.206]: SASL NTLM authentication failed: authentication failure

Aug  8 17:53:21 Dell postfix/smtpd[12242]: warning: unknown[10.0.0.206]: SASL NTLM authentication aborted

Aug  8 17:53:23 Dell postfix/smtpd[12242]: lost connection after AUTH from unknown[10.0.0.206]

Aug  8 17:53:23 Dell postfix/smtpd[12242]: disconnect from unknown[10.0.0.206]

```

smtp.conf

```

pwcheck_method: auxprop

auxprop_plugin: sql

mech_list: plain login cram-md5 digest-md5

allow_plaintext: true

sql_engine: mysql

sql_hostnames: 127.0.0.1

sql_user: root

sql_passwd: secret_password

sql_database: maildb

sql_select: select clear from users where id='%u@%r' and enabled = 1

sql_verbose: true

```

/etc/pam.d/smtp

```

auth    required   pam_mysql.so user=root passwd=secret_password host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=clear crypt=0

account sufficient pam_mysql.so user=root passwd=secret_password host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=clear crypt=0

```

extract from main.cf

```

...

smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination,  permit

smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit

smtpd_sasl_auth_enable = yes

broken_sasl_auth_clients = yes

smtpd_sasl_path = /etc/postfix/sasl:/usr/local/sasl2

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain =

...

```

Courier-pop3d extract users from database correctly

Looking forward for your suggestions

Kuba

----------

## kashani

It looks to me like you are not following the link you posted. That link has cyrus-sasl use courier-authlib instead of trying to talk to the db itself. Here is what your config should look like. 

/etc/sasl2/smtp.conf

```

pwcheck_method: authdaemond

log_level: 3

mech_list: PLAIN LOGIN

authdaemond_path:/var/lib/courier/authdaemon/socket

```

You'll also need to add postfix to mail using this command. gpasswd -a postfix mail

Additionally I'd make sure the cyrus-sasl was emerged with the authdaemond flag turned on.

kashani

----------

## coobav

i did that too

```

Aug  8 20:48:06 Dell postfix/smtpd[13288]: warning: SASL authentication failure: no secret in database

Aug  8 20:48:06 Dell postfix/smtpd[13288]: warning: unknown[10.0.0.206]: SASL NTLM authentication failed: authentication failure

Aug  8 20:48:07 Dell postfix/smtpd[13288]: warning: unknown[10.0.0.206]: SASL NTLM authentication aborted

Aug  8 20:48:09 Dell postfix/smtpd[13288]: warning: unknown[10.0.0.206]: SASL LOGIN authentication failed: authentication failure

Aug  8 20:48:10 Dell postfix/smtpd[13288]: lost connection after AUTH from unknown[10.0.0.206]

Aug  8 20:48:10 Dell postfix/smtpd[13288]: disconnect from unknown[10.0.0.206]

Aug  8 20:48:11 Dell postfix/smtpd[13288]: connect from unknown[10.0.0.206]

Aug  8 20:48:11 Dell postfix/smtpd[13288]: warning: unknown[10.0.0.206]: SASL LOGIN authentication failed: authentication failure

Aug  8 20:48:11 Dell postfix/smtpd[13288]: lost connection after AUTH from unknown[10.0.0.206]

Aug  8 20:48:11 Dell postfix/smtpd[13288]: disconnect from unknown[10.0.0.206]

Aug  8 20:48:12 Dell postfix/smtpd[13288]: connect from unknown[10.0.0.206]

Aug  8 20:48:12 Dell postfix/smtpd[13288]: warning: unknown[10.0.0.206]: SASL LOGIN authentication failed: authentication failure

Aug  8 20:48:12 Dell postfix/smtpd[13288]: lost connection after AUTH from unknown[10.0.0.206]

Aug  8 20:48:12 Dell postfix/smtpd[13288]: disconnect from unknown[10.0.0.206]

```

thats why i tried different approach

----------

## kashani

What's the output of these commands

emerge -pv cyrus-sasl

ls -la /var/lib/courier/authdaemon/

kashani

----------

## smoco

Hmm interesting in logs is nothing from saslauthd is it tuned on ?? and is it configurated properly ? I'm using sasl authentification against ldap trought saslauthd without problems with this setup file(/etc/sasl2/smtpd.conf)

```

pwcheck_method: saslauthd

auth_mech: plain

```

and /etc/saslauthd.conf must be also configurated properly(i don't now how against sql database because as i said I'm using ldap).

----------

## coobav

 *kashani wrote:*   

> 
> 
> emerge -pv cyrus-sasl
> 
> ls -la /var/lib/courier/authdaemon/
> ...

 

```

[ebuild   R   ] dev-libs/cyrus-sasl-2.1.22-r2  USE="authdaemond crypt gdbm pam ssl urandom -berkdb -java -kerberos -ldap -mysql -ntlm_unsupported_patch -postgres -sample -srp" 0 kB

```

```

# ls -la /var/lib/courier/authdaemon/

total 0

drwxr-x--x 2 mail mail 58 Aug  8 13:41 .

drwxr-xr-x 3 root root 23 Jul 19 22:40 ..

-rw-r--r-- 1 root root  0 Jul 23 11:21 .keep_net-libs_courier-authlib-0

srwxrwxrwx 1 root root  0 Aug  8 13:41 socket

```

----------

## kashani

Try

chmod 755 /var/lib/courier/authdaemon

and see if that allows sasl to talk to the the authdaemon socket.

kashani

----------

## coobav

same errors   :Sad: 

any ideas guys ?

----------

