[Bug 875440] Re: Cannot authenticate with saslauthd and mysql

Sun Oct 14 12:58:06 UTC 2012

Solved-Works
I really hope this helps some people on here but I've found a solution that does NOT require uninstalling packages or installing anything that's not in the stock repos for precise 12.04 for use in saslauthd(cyrus), mysql, postfix scenario.
The gist of the problem seems to be syntax changes and the fact that if used in postfix (with chroot environment), a missing link in /var/run to the chroot of /var/spool/postfix/var/run/saslauthd.

If postfix is chrooted (and it probably is)
/etc/default/saslauthd
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
(needed the -r option, that puts the name and domain together, short for realm, without that it will send the user as "george" not "george at example.org"

/etc/pam.d/smtp
auth required pam_mysql.so user=mail passwd=yourdbpassword host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=clear crypt=0
account sufficient pam_mysql.so user=mail passwd=yourdbpassword host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=clear crypt=0
(this file needed the appropriate references to the database and table names and since I used clear passwords, I needed to change crypt=1 to crypt=0. (and the passwdcolumn from crypt to clear) I did this so the clear passwords would read all the password. Using crypt in the mysql table, it would only recognize the first 8 characters and ignore the rest.

And here's where the real changes took place, in the syntax.
/etc/postfix/sasl/smtpd.conf file need the changed syntax (alot) and relevant sql query info. NOTE: I did NOT need the "pam" mech_list option that I thought before.
pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
log_level: 7 #Remove this line when done
allow_plaintext: true
auxprop_plugin: sql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail
sql_passwd: yourdbpasswd
sql_database: maildb
sql_select: select clear from users where id='%u@%r' and enabled = 1
(note the use of the field "clear", you probably want "crypt" if using flurdy's how-to.

/etc/postfix/master.cf
submission inet n       -       -       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

/etc/postfix/main.cf
# SASL 
smtpd_sasl_auth_enable = yes
# If your potential clients use Outlook Express or other older clients 
# this needs to be set to yes 
broken_sasl_auth_clients = no
smtpd_sasl_security_options = noanonymous
# also add
# Add permit_sasl_authenticated to you existing smtpd_sender_restrictions
# Add permit_sasl_authenticated to you existing smtpd_recipient_restrictions

Fixed the sasl path problem by writing a script as such to run at boot
as I didn't want to try and figure out what the hell the deal was with
the path, how it starts, what starts it, what names it, sasl is a pain
in the ass!

#!/bin/bash
sleep 5
ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd
/etc/init.d/saslauthd restart
/etc/init.d/postfix restart

That did it!!
Finally got port 587 working and authenticating.
Don't forget to open the port if not already done on the firewall!!!!

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cyrus-sasl2 in Ubuntu.
https://bugs.launchpad.net/bugs/875440

Title:
  Cannot authenticate with saslauthd and mysql

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/875440/+subscriptions