Problen with SLES + postfix + sals+ ldap

Discussion:

Carlos

2007-12-22 10:46:06 UTC

HEllo i am desperate and i dont kow how to solve my problem.
I have install the SLES 10, i have upodate online and i have install the
SP1.
I want to configure one email server using postfix, sasl, cyrus and the
autentication againts the ldap (localhot)
I have configure into the dns server (in the same server) 6 domains.
Into the email server (always using yast) y have configured the 6 domains,
one master and the oherts (5) virutals.

the configuration is the next (only i writte what have i change):
SASLAUTHD_AUTHMECH="ldap"

/etc/saslauth.conf:
ldap_servers: ldap://localhost:389
ldap_search_base: ou=people,dc=domain1.com,dc=com
ldap_filter: uid=%u
ldap_group_scope: sub
ldap_password_attr:userPassword

into /usr/lib/sasl2 i have smtpd.conf:
pwcheck_method: saslauthd
mech_list: plain login

if i make:
testsaslauthd -u usuario -p pasword
0: OK "Success."

1. problem:
i am using the yast for adding users and when y add one ussers and i add it
email adress using the yast pluging for editing the email date from user ,
or if i change the password whe i finalize appears this error into the
/var/logs/messages:
Dec 22 11:29:54 server master[4560]: about to exec /usr/lib/cyrus/bin/imapd
Dec 22 11:29:54 server imap[4560]: executed
Dec 22 11:29:54 server imap[4560]: accepted connection
Dec 22 11:29:54 server saslauthd[3090]: Entry not found (uid=cyrus).
Dec 22 11:29:54 server saslauthd[3090]: Authentication failed for cyrus:
User not found (-6)
Dec 22 11:29:54 server saslauthd[3090]: do_auth : auth failure:
[user=cyrus] [service=imap] [realm=] [mech=ldap] [reason=Unknown]
Dec 22 11:29:54 server imap[4560]: badlogin: localhost [127.0.0.1] plaintext
cyrus SASL(-13): authentication failure: checkpass failed

¿what is the problem?
the cyrus user is into the /etc/passwd, is one system user.
2.- if i have 2 domains: domain1.con and domain2.com and if i what to have 2
emails addresses: ***@domain1.com and ***@domain2.com i have added 2 users
using the yast but to the second user the yast put one email address. if i
waht to use for this user other email adress i can add but is impoible to
delete the yast has added email address.
3.- if i send ine email to this user appears this error message:
Dec 22 11:40:05 server lmtpunix[4749]: accepted connection
Dec 22 11:40:05 server lmtpunix[4749]: lmtp connection preauth'd as postman
Dec 22 11:40:05 server master[4814]: about to exec /usr/lib/cyrus/bin/lmtpd
Dec 22 11:40:05 server lmtpunix[4749]: verify_user(user.carlostinieblas)
failed: Mailbox does not exist
Dec 22 11:40:05 server lmtpunix[4814]: executed
Dec 22 11:40:05 server lmtpunix[4749]: IOERROR: fstating sieve script
/var/lib/sieve/c/carlos/defaultbc: No such file or directory
Dec 22 11:40:05 server lmtpunix[4749]: duplicate_check:
<***@server.lpis.com> user.carlos 0
Dec 22 11:40:05 server lmtpunix[4749]: mystore: starting txn 2147483654
Dec 22 11:40:05 server lmtpunix[4749]: mystore: committing txn 2147483654
Dec 22 11:40:05 server lmtpunix[4749]: duplicate_mark:
<***@server.lpis.com> user.carlos 1198320005
43
what is the problem? the yast doesn't work well?

I have into SLES support opened tow issues:
#10372072571 and #10372805557 issues into the days:
13/12/2007 and 17/12/2007 and still ther eis not solution.

How can i solve this problem?
can anybopdy helps me?
thanks

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Anders Johansson

2007-12-22 11:36:21 UTC

Permalink

Post by Carlos
i am using the yast for adding users and when y add one ussers and i add it
email adress using the yast pluging for editing the email date from user ,
or if i change the password whe i finalize appears this error into the
Dec 22 11:29:54 server master[4560]: about to exec /usr/lib/cyrus/bin/imapd
Dec 22 11:29:54 server imap[4560]: executed
Dec 22 11:29:54 server imap[4560]: accepted connection
Dec 22 11:29:54 server saslauthd[3090]: Entry not found (uid=cyrus).
User not found (-6)
[user=cyrus] [service=imap] [realm=] [mech=ldap] [reason=Unknown]
Dec 22 11:29:54 server imap[4560]: badlogin: localhost [127.0.0.1]
plaintext cyrus SASL(-13): authentication failure: checkpass failed

This looks like you're trying to log in to cyrus imap using the cyrus system
user. As far as I know, the cyrus system user doesn't have an email account,
so this can't be done.

Are you saying YaST itself is making this connection? That's new. YaST should
be storing all its info in the LDAP server. I don't think I've ever seen YaST
itself make an imap connection

Post by Carlos
¿what is the problem?
the cyrus user is into the /etc/passwd, is one system user.
2.- if i have 2 domains: domain1.con and domain2.com and if i what to have
users using the yast but to the second user the yast put one email address.
if i waht to use for this user other email adress i can add but is impoible
to delete the yast has added email address.

Not sure about this one

Post by Carlos
Dec 22 11:40:05 server lmtpunix[4749]: IOERROR: fstating sieve script
/var/lib/sieve/c/carlos/defaultbc: No such file or directory

This just means that the user hasn't created a sieve script yet. sieve is used
by cyrus for server side filtering. It isn't something YaST sets up, it's
something each user creates for himself

Anders

--
Madness takes its toll
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Carlos

2007-12-22 11:57:00 UTC

Permalink

i only make these changes using Yast, only yast
what can i solve this problem?
Can you help me?
thanks
----- Original Message -----
From: "Anders Johansson" <***@rydsbo.net>
To: <***@opensuse.org>
Sent: Saturday, December 22, 2007 12:36 PM
Subject: Re: [opensuse] Problen with SLES + postfix + sals+ ldap

Post by Carlos
i am using the yast for adding users and when y add one ussers and i add
it
email adress using the yast pluging for editing the email date from user ,
or if i change the password whe i finalize appears this error into the
Dec 22 11:29:54 server master[4560]: about to exec
/usr/lib/cyrus/bin/imapd
Dec 22 11:29:54 server imap[4560]: executed
Dec 22 11:29:54 server imap[4560]: accepted connection
Dec 22 11:29:54 server saslauthd[3090]: Entry not found (uid=cyrus).
User not found (-6)
[user=cyrus] [service=imap] [realm=] [mech=ldap] [reason=Unknown]
Dec 22 11:29:54 server imap[4560]: badlogin: localhost [127.0.0.1]
plaintext cyrus SASL(-13): authentication failure: checkpass failed

This looks like you're trying to log in to cyrus imap using the cyrus system
user. As far as I know, the cyrus system user doesn't have an email account,
so this can't be done.

Are you saying YaST itself is making this connection? That's new. YaST
should
be storing all its info in the LDAP server. I don't think I've ever seen
YaST
itself make an imap connection

Post by Carlos
¿what is the problem?
the cyrus user is into the /etc/passwd, is one system user.
2.- if i have 2 domains: domain1.con and domain2.com and if i what to have
users using the yast but to the second user the yast put one email
address.
if i waht to use for this user other email adress i can add but is
impoible
to delete the yast has added email address.

Not sure about this one

Post by Carlos
Dec 22 11:40:05 server lmtpunix[4749]: IOERROR: fstating sieve script
/var/lib/sieve/c/carlos/defaultbc: No such file or directory

This just means that the user hasn't created a sieve script yet. sieve is
used
by cyrus for server side filtering. It isn't something YaST sets up, it's
something each user creates for himself

Anders
--
Madness takes its toll

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Anders Johansson

2007-12-22 12:10:56 UTC

Permalink

Post by Anders Johansson
Are you saying YaST itself is making this connection? That's new. YaST
should be storing all its info in the LDAP server. I don't think I've ever
seen YaST itself make an imap connection

My mistake. I just checked, and YaST does do an imap login as user cyrus to
change settings

The problem here seems to be that you've changed the defaults. The default is
to use pam, which will automatically find the system users in /etc/passwd
and /etc/shadow, but you've changed it to use sasl, and told sasl to only use
ldap. That means you also have to add the cyrus user to ldap

Anders

--
Madness takes its toll
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Anders Johansson

2007-12-22 12:16:19 UTC

Permalink

Post by Carlos
i only make these changes using Yast, only yast
what can i solve this problem?

I'd need to set up a system with multiple domains in order to test your second
problem. The third, as I said, isn't a problem

For the first problem, either add user cyrus to your ldap, or change
SASLAUTHD_AUTHMECH back to using pam so it can find your system users

Anders

--
Madness takes its toll
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Anders Johansson

2007-12-22 12:25:23 UTC

Permalink

Post by Carlos
i only make these changes using Yast, only yast
what can i solve this problem?

--
Madness takes its toll
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Carlos E. R.

2007-12-23 12:11:45 UTC

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Post by Anders Johansson
The problem here seems to be that you've changed the defaults. The default is
to use pam, which will automatically find the system users in /etc/passwd
and /etc/shadow, but you've changed it to use sasl, and told sasl to only use
ldap. That means you also have to add the cyrus user to ldap

I guess he wants to have virtual, not system, users, ie, mail only users.
I suppose he would need pam for the system users, and sasl/ldap for the
mail only users. This should be quite a typical thing to do in sles,
should be handled automatically?

- --
Cheers,
Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)

iD8DBQFHblCEtTMYHG2NR9URAqDyAJ4/v2BIcoZmXqdj/2lew/Rf3IqsXgCggCsu
xG0OcurtuJMm3t19pKs2Rdk=
=Kyst
-----END PGP SIGNATURE-----

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Anders Johansson

2007-12-23 12:46:52 UTC

Permalink

Post by Carlos E. R.

Post by Anders Johansson
The problem here seems to be that you've changed the defaults. The
default is to use pam, which will automatically find the system users in
/etc/passwd and /etc/shadow, but you've changed it to use sasl, and told
sasl to only use ldap. That means you also have to add the cyrus user to
ldap

It is. As I said, the problem is that he changed the defaults. The defaults
are to use sasl with pam as backend, and to have the users stored in ldap.
sasl will then, through pam, automatically pick up both the system users and
the ldap users.

Anders

--
Madness takes its toll
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Carlos E. R.

2007-12-23 13:05:22 UTC

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Post by Anders Johansson

Post by Carlos E. R.
I guess he wants to have virtual, not system, users, ie, mail only users.
I suppose he would need pam for the system users, and sasl/ldap for the
mail only users. This should be quite a typical thing to do in sles,
should be handled automatically?

Ah! I see.

- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)

iD8DBQFHbl0btTMYHG2NR9URAkMsAJ48mpsDquMz35wiE0NLHeDSwC9fmQCeP9eI
hxoi8imG0vUuHkJJxhsi9/g=
=fuL2
-----END PGP SIGNATURE-----

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Carlos

2007-12-23 20:52:55 UTC

Permalink

hello
Than thesolution is not chage the defaults for SASLAUTHD_AUTHMECH (pam) to
ldap?
my sister has beed asking to the spanis list and has one great problem.

if she doesn't change the defaults (pam) she must to execute the command:
saslpasswd2 -c -u domain user for adding each user for alowing to send
emails?
or the pam checks the ldap and user's passwrd?

thanks
----- Original Message -----
From: "Carlos E. R." <***@telefonica.net>
To: "OS-en" <***@opensuse.org>
Sent: Sunday, December 23, 2007 2:05 PM
Subject: Re: [opensuse] Problen with SLES + postfix + sals+ ldap

Post by Carlos E. R.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Post by Anders Johansson

Post by Carlos E. R.
I guess he wants to have virtual, not system, users, ie, mail only
users.
I suppose he would need pam for the system users, and sasl/ldap for the
mail only users. This should be quite a typical thing to do in sles,
should be handled automatically?

It is. As I said, the problem is that he changed the defaults. The
defaults
are to use sasl with pam as backend, and to have the users stored in
ldap.
sasl will then, through pam, automatically pick up both the system users
and
the ldap users.

Ah! I see.
- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQFHbl0btTMYHG2NR9URAkMsAJ48mpsDquMz35wiE0NLHeDSwC9fmQCeP9eI
hxoi8imG0vUuHkJJxhsi9/g=
=fuL2
-----END PGP SIGNATURE-----
--

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Anders Johansson

2007-12-23 21:08:25 UTC

Permalink

Post by Carlos
hello
Than thesolution is not chage the defaults for SASLAUTHD_AUTHMECH (pam) to
ldap?
my sister has beed asking to the spanis list and has one great problem.
saslpasswd2 -c -u domain user for adding each user for alowing to send
emails?
or the pam checks the ldap and user's passwrd?

No you don't have to run saslpasswd, you only need that when saslauthd takes
care of the passwords itself. When it's set to use pam, it will look in ldap
if you told the system to store its users in ldap

Anders

--
Madness takes its toll
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Carlos

2007-12-23 21:55:18 UTC

Permalink

But when i used the lapd for the SASLAUTHD:AUTHMECH i had into the
/etc/saslauthd.conf this:
ldap_servers: ldap://localhost:389
ldap_search_base: ou=people,dc=domain,dc=com
ldap_filter: uid=%U
ldap_group_scope: sub
ldap_password_attr:userPassword

what must i to writte into this file now if the SASLAUTHD_AUTHMECH = pam?
must be empty? or how must be this file?
thanks?
----- Original Message -----
From: "Anders Johansson" <***@rydsbo.net>
To: <***@opensuse.org>
Sent: Sunday, December 23, 2007 10:08 PM
Subject: Re: [opensuse] Problen with SLES + postfix + sals+ ldap

Post by Anders Johansson

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Anders Johansson

2007-12-23 22:12:28 UTC

Permalink

Post by Carlos
But when i used the lapd for the SASLAUTHD:AUTHMECH i had into the
ldap_servers: ldap://localhost:389
ldap_search_base: ou=people,dc=domain,dc=com
ldap_filter: uid=%U
ldap_group_scope: sub
ldap_password_attr:userPassword
what must i to writte into this file now if the SASLAUTHD_AUTHMECH = pam?
must be empty? or how must be this file?

Go to YaST, Network Services->LDAP Client and configure your LDAP settings
there. This will set up /etc/ldap.conf and tell pam to use LDAP for the user
data

Anders

--
Madness takes its toll
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Carlos

2007-12-23 23:04:02 UTC

Permalink

Hello.
thanks for your answers,a lor of thaks.
i have several troubles:

1.- for configuren une email server into my SLES 10 using yast i have 10
doamins. one of them must be master tyope but the rest of them must be
virtual?
2.- y have leave the pam autentification, as you say me, i have configurethe
email server using cyrus (using yast) and if i send one email to root (ls |
mail root) from the same machine, into the /var/log/message appears this
error:
Dec 24 00:04:12 server master[4131]: about to exec /usr/lib/cyrus/bin/lmtpd
Dec 24 00:04:12 server lmtpunix[4131]: executed
Dec 24 00:04:12 server lmtpunix[4131]: accepted connection
Dec 24 00:04:12 server lmtpunix[4131]: lmtp connection preauth'd as postman
Dec 24 00:04:12 server lmtpunix[4131]: verify_user(user.root) failed:
Mailbox does not exist
Dec 24 00:04:12 server lmtpunix[4131]: verify_user(user.root) failed:
Mailbox does not exist

how can i solve it?

thanks

----- Original Message -----
From: "Anders Johansson" <***@rydsbo.net>
To: <***@opensuse.org>
Sent: Sunday, December 23, 2007 11:12 PM
Subject: Re: [opensuse] Problen with SLES + postfix + sals+ ldap

Post by Anders Johansson

Go to YaST, Network Services->LDAP Client and configure your LDAP settings
there. This will set up /etc/ldap.conf and tell pam to use LDAP for the
user
data
Anders
--
Madness takes its toll
--

--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org

Anders Johansson

2007-12-23 23:19:49 UTC

Permalink

Post by Carlos
Hello.
thanks for your answers,a lor of thaks.
1.- for configuren une email server into my SLES 10 using yast i have 10
doamins. one of them must be master tyope but the rest of them must be
virtual?

A machine can only have one domain, so if you like, that is the master domain,
and by default that is what is set up for postfix. Other domains in postfix
can be virtual or canonical, it all depends on if they have separate users or
not. But no, they don't have to be virtual

Post by Carlos
2.- y have leave the pam autentification, as you say me, i have
configurethe email server using cyrus (using yast) and if i send one email
to root (ls | mail root) from the same machine, into the /var/log/message
Dec 24 00:04:12 server master[4131]: about to exec /usr/lib/cyrus/bin/lmtpd
Dec 24 00:04:12 server lmtpunix[4131]: executed
Dec 24 00:04:12 server lmtpunix[4131]: accepted connection
Dec 24 00:04:12 server lmtpunix[4131]: lmtp connection preauth'd as postman
Mailbox does not exist
Mailbox does not exist
how can i solve it?

The normal solution is to check the box "receive system mail" in the user
configuration for one of your users.

An alternative would be to log into cyrus once with your root account. That
will create the mailbox.

But I would prefer the first version if I were you. You shouldn't use the root
account unless you absolutely have to. It's much better to designate a normal
user (or a couple of them) as administrative user, and send the mail to
him/them instead

Anders

--
Madness takes its toll
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org