hi,

this topic is very ucs related, maybe you should also ask at http://forum.univention.de/

Using Console Tools

Well atleast this time all the changes I make are properly being changed where ever else they need to go. However.. cyrus STILL cannot log in.

How to I reset the cyrus password using the udm or the umc.

This is the only thing I need to do. Is reset the cyrus password and/or entire login information (host and info). If I can do this everything else will work I am sure. So... how do I go about doing this.

Or, if you can let me know how to change the default user ox uses because I was able to create a user and then make him admin and was able to create email boxes fine.

UMC Tools

Hm.. did not realize that was there. I will revert to ground 0 and start over.

We will see if this works.

I think this could be the source of all problems:
You should always use the UDM / Univention Commandline Tools to perform actions like changing adresses or hostnames.

By the way - do you have the latest online update installed?

Daniel

Condensed version of the problem

cyradm --user cyrus@ localhost
IMAP Password:
Login failed: authentication failure at /usr/lib/perl5/Cyrus/IMAP/Admin.pm line 119
cyradm: cannot authenticate to server as cyrus@


--------------------------------------sasl output of command

saslauthd[6109] :rel_accept_lock : released accept lock
saslauthd[6111] :get_accept_lock : acquired accept lock
saslauthd[6109] :do_auth : auth success: [user=cyrus] [service=imap] [realm=] [mech=pam]
saslauthd[6109] :do_request : response: OK


I need to know what does sasl authenticate for. What are the other levels of authentication that I need to troubleshoot because obviously saslauth is working like it should be but something else is not.

Not any user.. just cyrus

Yeah, regular users created in udm can login fine, (but no mailbox is created due to ) cyrus is not able to log in so the mailboxes can be created. That is the problem.

01 LOGIN atest@gcans.net password
01 OK User logged in

so what is the problem? It seems that OX tries to login using other credentials than these (for whatever reason).

Greetings

Sorry about the bad imap debug

XXXX@XXX-XX-XXX-XX:~# telnet localhost 143
Trying 127.0.0.1...
01 LOGIN cyrus password
01 NO Login failed: authentication failure
01 LOGIN cyrus@localhost password
01 NO Login failed: authentication failure
01 LOGIN cyrus@gcans.net password
01 NO Login failed: authentication failure

01 LOGIN cyrus@ password
01 NO Login failed: authentication failure

01 LOGIN atest@ password
01 NO Login failed: authentication failure
01 LOGIN atest@gcans.net password
01 OK User logged in




saslauthd[5656] :rel_accept_lock : released accept lock
saslauthd[5657] :get_accept_lock : acquired accept lock
saslauthd[5656] :do_auth : auth failure: [user=cyrus@localhost] [service=imap] [realm=localdomain] [mech=pam] [reason=PAM auth error]
saslauthd[5657] :rel_accept_lock : released accept lock
saslauthd[5656] :get_accept_lock : acquired accept lock
saslauthd[5657] :do_auth : auth failure: [user=cyrus@localhost] [service=imap] [realm=localhost] [mech=pam] [reason=PAM auth error]
saslauthd[5655] :get_accept_lock : acquired accept lock
saslauthd[5656] :rel_accept_lock : released accept lock
saslauthd[5656] :do_auth : auth failure: [user=cyrus@gcans.net] [service=imap] [realm=gcans.net] [mech=pam] [reason=PAM auth error]
saslauthd[5655] :rel_accept_lock : released accept lock
saslauthd[5657] :get_accept_lock : acquired accept lock
saslauthd[5655] :do_auth : auth success: [user=cyrus] [service=imap] [realm=] [mech=pam]
saslauthd[5655] :do_request : response: OK
saslauthd[5657] :rel_accept_lock : released accept lock
saslauthd[5656] :get_accept_lock : acquired accept lock
saslauthd[5657] :do_auth : auth failure: [user=atest] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
saslauthd[5656] :rel_accept_lock : released accept lock
saslauthd[5658] :get_accept_lock : acquired accept lock
saslauthd[5656] :do_auth : auth success: [user=atest@gcans.net] [service=imap] [realm=gcans.net] [mech=pam]
saslauthd[5656] :do_request : response: OK

the syntax is:
"01 LOGIN user password"

If you're doing this, please start sasl in debug mode as you did before, maybe it sheds some more light then. You could also check the pam.d configuration at /etc/pam.d/ (i have to check if this is the correct path but i assume it).

IMAP authentication is like woa..

XXXX@XXX-XX-XXX-XX:~# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
* OK XXX-XX-XXX-XX.XX-XX.XXX Cyrus IMAP4 v2.2.13-Debian-2.2.13-10.6.200712032135 server ready
LOGIN cyrus password
LOGIN BAD Please login first
LOGIN cyrus@localhost password
LOGIN BAD Please login first
LOGIN cyrus@gcans.net password
LOGIN BAD Please login first
LOGIN atest password
LOGIN BAD Please login first
LOGIN atest@gcans.net password
LOGIN BAD Please login first


Fail fail fail fail..

Could you try telnet to port 143 where IMAP is listening?

SASL Debugging

--The following are attempts to login using telnet 110

XXXX@XXX-XX-XXX-XX:~# /usr/sbin/saslauthd -a pam -r -m /var/run/saslauthd -d
saslauthd[2003] :main : num_procs : 5
saslauthd[2003] :main : mech_option: NULL
saslauthd[2003] :main : run_path : /var/run/saslauthd
saslauthd[2003] :main : auth_mech : pam
saslauthd[2003] :ipc_init : using accept lock file: /var/run/saslauthd/mux.accept
saslauthd[2003] :detach_tty : master pid is: 0
saslauthd[2003] :ipc_init : listening on socket: /var/run/saslauthd/mux
saslauthd[2003] :main : using process model
saslauthd[2007] :get_accept_lock : acquired accept lock
saslauthd[2003] :have_baby : forked child: 2007
saslauthd[2003] :have_baby : forked child: 2008
saslauthd[2003] :have_baby : forked child: 2009
saslauthd[2003] :have_baby : forked child: 2010
saslauthd[2007] :rel_accept_lock : released accept lock
saslauthd[2003] :get_accept_lock : acquired accept lock
saslauthd[2007] :do_auth : auth failure: [user=atest@localdomain] [service=pop] [realm=localdomain] [mech=pam] [reason=PAM auth error]
saslauthd[2003] :rel_accept_lock : released accept lock
saslauthd[2009] :get_accept_lock : acquired accept lock
saslauthd[2003] :do_auth : auth success: [user=atest@gcans.net] [service=pop] [realm=gcans.net] [mech=pam]
saslauthd[2003] :do_request : response: OK

This is the telnet side.

XXXX@XXX-XX-XXX-XX:~# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.

user atest
+OK Name is a valid mailbox
pass password
-ERR [AUTH] Invalid login
user atest@gcans.net
+OK Name is a valid mailbox
pass password
-ERR [SYS/PERM] Unable to locate maildrop: Mailbox does not exist



XXXX@XXX-XX-XXX-XX:~# testsaslauthd -u atest -p password
0: NO "authentication failed"
XXXX@XXX-XX-XXX-XX:~# testsaslauthd -u atest@gcans.net -p password
0: OK "Success."
XXXX@XXX-XX-XXX-XX:~# testsaslauthd -u cyrus -p password
0: OK "Success."
XXXX@XXX-XX-XXX-XX:~#
XXXX@XXX-XX-XXX-XX:~# testsaslauthd -u cyrus@gcans.net -p password
0: NO "authentication failed"
XXXX@XXX-XX-XXX-XX:~# testsaslauthd -u cyrus@localhost -p password
0: NO "authentication failed"


testsaslauthd succeeds to log in with cyrus no domain
cyradm fails to log in cyrus because domain is required in all of my tests.
udm attempts to log cyrus in using localhost domain and fails.
telnet cannot log in cyrus at all.
users can log in using correct domain using testsaslauthd and telnet.

I don't really know what could trigger this issue, but maybe debugging the auth process helps:


best wishes..

Update - Other users can login - but..

telnet localhost pop3
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
+OK XXX-XX-XXX-XX.XX-XX.XXX Cyrus POP3 v2.2.13-Debian-2.2.13-10.6.200712032135 server ready <3336080491.1231124882@XXX-XX-XXX-XX.XX-XX.XXX>
user cyrus
+OK Name is a valid mailbox
pass password
-ERR [AUTH] Invalid login
user cyrus@localhost
+OK Name is a valid mailbox
pass password
-ERR [AUTH] Invalid login
user basic
+OK Name is a valid mailbox
pass password
-ERR [AUTH] Invalid login
user basic@gcans.net
+OK Name is a valid mailbox
pass password
-ERR [SYS/PERM] Unable to locate maildrop: Mailbox does not exist


Users are created through the udm correctly but when it comes to cyrus to create the mailbox I get.

Jan 4 21:51:05 208-43-235-61 cyrus/imap[5355]: badlogin: localhost.localdomain [127.0.0.1] plaintext cyrus@localdomain SASL(-13): authentication failure: checkpass failed

In the syslog.

Jelp Me!!!.. I mean.. help..