Hi again. On 24/05/17 10:57, Daniel Bareiro wrote: > I am configuring SASL to authenticate against IMAP. When I try to > authenticate, I get an error: > > ------------------------------------------------------------------ > root@Wserver2:~# saslpasswd2 -c daniel > ------------------------------------------------------------------ > root@Wserver2:~# testsaslauthd -u daniel -p password > 0: NO "authentication failed" > ------------------------------------------------------------------ > > However it works when I provide the realm: > > ------------------------------------------------------------------ > root@Wserver2:~# testsaslauthd -u daniel -r server2 -p password > 0: OK "Success." > ------------------------------------------------------------------ > > It's strange because I have another server where it works without problems: > > ------------------------------------------------------------------ > root@mail:~# testsaslauthd -u daniel -p password > 0: OK "Success." > ------------------------------------------------------------------ > > Both hosts have Debian Jessie and the SASL configuration is the same: > > ------------------------------------------------------------------ > root@mail:~# grep ^[^#] /etc/default/saslauthd > START=yes > DESC="SASL Authentication Daemon" > NAME="saslauthd" > MECHANISMS="sasldb" > MECH_OPTIONS="" > THREADS=5 > OPTIONS="-c -m /var/run/saslauthd" > ------------------------------------------------------------------ > root@server2:~# grep ^[^#] /etc/default/saslauthd > START=yes > DESC="SASL Authentication Daemon" > NAME="saslauthd" > MECHANISMS="sasldb" > MECH_OPTIONS="" > THREADS=5 > OPTIONS="-c -m /var/run/saslauthd" > ------------------------------------------------------------------ > > "mail" has some updates to apply, but I do not see any differences in > the versions of the SASL packages: > > ------------------------------------------------------------------ > root@mail:~# aptitude show libsasl2-2 | grep Versión > Versión: 2.1.26.dfsg1-13+deb8u1 > > root@mail:~# aptitude show libsasl2-modules | grep Versión > Versión: 2.1.26.dfsg1-13+deb8u1 > > root@mail:~# aptitude show sasl2-bin | grep Versión > Versión: 2.1.26.dfsg1-13+deb8u1 > ------------------------------------------------------------------ > > ------------------------------------------------------------------ > root@server2:~# aptitude show libsasl2-2 | grep Version > Version: 2.1.26.dfsg1-13+deb8u1 > > root@server2:~# aptitude show libsasl2-modules | grep Version > Version: 2.1.26.dfsg1-13+deb8u1 > > root@server2:~# aptitude show sasl2-bin | grep Version > Version: 2.1.26.dfsg1-13+deb8u1 > ------------------------------------------------------------------ > > In this case I'm not doing the authentication test against IMAP but > directly against SASL, so I guess the problem will be directly related > to the SASL configuration itself. > > Any thoughts about what might differ between the two environments? In case it is useful, when the authentication fails I get this in /var/log/auth.log: ------------------------------------------------------------------ May 24 15:31:38 server2 saslauthd[2701]: do_auth : auth failure: [user=daniel] [service=imap] [realm=] [mech=sasldb] [reason=Unknown] ------------------------------------------------------------------ It seems that authentication is done through IMAP and I have previously installed the Cyrus packages. Thanks in advance, Kind regards, Daniel
Attachment:
signature.asc
Description: OpenPGP digital signature