Homepage | Products | OX Knowledge Base | Support | Try Now | Contact | Company
OX Logo
Page 1 of 2 12 LastLast
Results 1 to 10 of 15
  1. #1
    shondalg Guest

    Red face cyradm: cannot authenticate to server with plain as cyrus

    I installed this image successfully and everything ran wonderfully. I had to create an lvm snapshot of the system to move it to a vps and this is where the issue comes in. I am almost positive all the issues I am having are related to the initial set up since you chose the ip address and the like so my question is the following.

    Where are the locations besides /etc/hosts and the bind/* that I need to go to update the ip addresses. I am having problems mailboxes not being created because cyrus (the user) can not be authenticated to create the boxes. I have everything else working (I believe) so please, o please help me super open-xchange community.

  2. #2
    shondalg Guest

    Default Update - Other users can login - but..

    telnet localhost pop3
    Trying 127.0.0.1...
    Connected to localhost.localdomain.
    Escape character is '^]'.
    +OK XXX-XX-XXX-XX.XX-XX.XXX Cyrus POP3 v2.2.13-Debian-2.2.13-10.6.200712032135 server ready <3336080491.1231124882@XXX-XX-XXX-XX.XX-XX.XXX>
    user cyrus
    +OK Name is a valid mailbox
    pass password
    -ERR [AUTH] Invalid login
    user cyrus@localhost
    +OK Name is a valid mailbox
    pass password
    -ERR [AUTH] Invalid login
    user basic
    +OK Name is a valid mailbox
    pass password
    -ERR [AUTH] Invalid login
    user basic@gcans.net
    +OK Name is a valid mailbox
    pass password
    -ERR [SYS/PERM] Unable to locate maildrop: Mailbox does not exist


    Users are created through the udm correctly but when it comes to cyrus to create the mailbox I get.

    Jan 4 21:51:05 208-43-235-61 cyrus/imap[5355]: badlogin: localhost.localdomain [127.0.0.1] plaintext cyrus@localdomain SASL(-13): authentication failure: checkpass failed

    In the syslog.

    Jelp Me!!!.. I mean.. help..

  3. #3
    Join Date
    Feb 2007
    Location
    Germany
    Posts
    3,695

    Default

    I don't really know what could trigger this issue, but maybe debugging the auth process helps:
    http://osdir.com/ml/security.cyrus.s.../msg00010.html

    best wishes..

  4. #4
    shondalg Guest

    Default SASL Debugging

    --The following are attempts to login using telnet 110

    XXXX@XXX-XX-XXX-XX:~# /usr/sbin/saslauthd -a pam -r -m /var/run/saslauthd -d
    saslauthd[2003] :main : num_procs : 5
    saslauthd[2003] :main : mech_option: NULL
    saslauthd[2003] :main : run_path : /var/run/saslauthd
    saslauthd[2003] :main : auth_mech : pam
    saslauthd[2003] :ipc_init : using accept lock file: /var/run/saslauthd/mux.accept
    saslauthd[2003] :detach_tty : master pid is: 0
    saslauthd[2003] :ipc_init : listening on socket: /var/run/saslauthd/mux
    saslauthd[2003] :main : using process model
    saslauthd[2007] :get_accept_lock : acquired accept lock
    saslauthd[2003] :have_baby : forked child: 2007
    saslauthd[2003] :have_baby : forked child: 2008
    saslauthd[2003] :have_baby : forked child: 2009
    saslauthd[2003] :have_baby : forked child: 2010
    saslauthd[2007] :rel_accept_lock : released accept lock
    saslauthd[2003] :get_accept_lock : acquired accept lock
    saslauthd[2007] :do_auth : auth failure: [user=atest@localdomain] [service=pop] [realm=localdomain] [mech=pam] [reason=PAM auth error]
    saslauthd[2003] :rel_accept_lock : released accept lock
    saslauthd[2009] :get_accept_lock : acquired accept lock
    saslauthd[2003] :do_auth : auth success: [user=atest@gcans.net] [service=pop] [realm=gcans.net] [mech=pam]
    saslauthd[2003] :do_request : response: OK

    This is the telnet side.

    XXXX@XXX-XX-XXX-XX:~# telnet localhost 110
    Trying 127.0.0.1...
    Connected to localhost.localdomain.
    Escape character is '^]'.

    user atest
    +OK Name is a valid mailbox
    pass password
    -ERR [AUTH] Invalid login
    user atest@gcans.net
    +OK Name is a valid mailbox
    pass password
    -ERR [SYS/PERM] Unable to locate maildrop: Mailbox does not exist



    XXXX@XXX-XX-XXX-XX:~# testsaslauthd -u atest -p password
    0: NO "authentication failed"
    XXXX@XXX-XX-XXX-XX:~# testsaslauthd -u atest@gcans.net -p password
    0: OK "Success."
    XXXX@XXX-XX-XXX-XX:~# testsaslauthd -u cyrus -p password
    0: OK "Success."
    XXXX@XXX-XX-XXX-XX:~#
    XXXX@XXX-XX-XXX-XX:~# testsaslauthd -u cyrus@gcans.net -p password
    0: NO "authentication failed"
    XXXX@XXX-XX-XXX-XX:~# testsaslauthd -u cyrus@localhost -p password
    0: NO "authentication failed"


    testsaslauthd succeeds to log in with cyrus no domain
    cyradm fails to log in cyrus because domain is required in all of my tests.
    udm attempts to log cyrus in using localhost domain and fails.
    telnet cannot log in cyrus at all.
    users can log in using correct domain using testsaslauthd and telnet.
    Last edited by shondalg; 01-05-2009 at 07:59 PM.

  5. #5
    Join Date
    Feb 2007
    Location
    Germany
    Posts
    3,695

    Default

    Could you try telnet to port 143 where IMAP is listening?

  6. #6
    shondalg Guest

    Default IMAP authentication is like woa..

    XXXX@XXX-XX-XXX-XX:~# telnet localhost 143
    Trying 127.0.0.1...
    Connected to localhost.localdomain.
    Escape character is '^]'.
    * OK XXX-XX-XXX-XX.XX-XX.XXX Cyrus IMAP4 v2.2.13-Debian-2.2.13-10.6.200712032135 server ready
    LOGIN cyrus password
    LOGIN BAD Please login first
    LOGIN cyrus@localhost password
    LOGIN BAD Please login first
    LOGIN cyrus@gcans.net password
    LOGIN BAD Please login first
    LOGIN atest password
    LOGIN BAD Please login first
    LOGIN atest@gcans.net password
    LOGIN BAD Please login first


    Fail fail fail fail..
    Last edited by shondalg; 01-05-2009 at 09:47 PM.

  7. #7
    Join Date
    Feb 2007
    Location
    Germany
    Posts
    3,695

    Default

    the syntax is:
    "01 LOGIN user password"

    If you're doing this, please start sasl in debug mode as you did before, maybe it sheds some more light then. You could also check the pam.d configuration at /etc/pam.d/ (i have to check if this is the correct path but i assume it).
    Last edited by Martin Heiland; 01-05-2009 at 11:41 PM.

  8. #8
    shondalg Guest

    Default Sorry about the bad imap debug

    XXXX@XXX-XX-XXX-XX:~# telnet localhost 143
    Trying 127.0.0.1...
    01 LOGIN cyrus password
    01 NO Login failed: authentication failure
    01 LOGIN cyrus@localhost password
    01 NO Login failed: authentication failure
    01 LOGIN cyrus@gcans.net password
    01 NO Login failed: authentication failure

    01 LOGIN cyrus@ password
    01 NO Login failed: authentication failure

    01 LOGIN atest@ password
    01 NO Login failed: authentication failure
    01 LOGIN atest@gcans.net password
    01 OK User logged in




    saslauthd[5656] :rel_accept_lock : released accept lock
    saslauthd[5657] :get_accept_lock : acquired accept lock
    saslauthd[5656] :do_auth : auth failure: [user=cyrus@localhost] [service=imap] [realm=localdomain] [mech=pam] [reason=PAM auth error]
    saslauthd[5657] :rel_accept_lock : released accept lock
    saslauthd[5656] :get_accept_lock : acquired accept lock
    saslauthd[5657] :do_auth : auth failure: [user=cyrus@localhost] [service=imap] [realm=localhost] [mech=pam] [reason=PAM auth error]
    saslauthd[5655] :get_accept_lock : acquired accept lock
    saslauthd[5656] :rel_accept_lock : released accept lock
    saslauthd[5656] :do_auth : auth failure: [user=cyrus@gcans.net] [service=imap] [realm=gcans.net] [mech=pam] [reason=PAM auth error]
    saslauthd[5655] :rel_accept_lock : released accept lock
    saslauthd[5657] :get_accept_lock : acquired accept lock
    saslauthd[5655] :do_auth : auth success: [user=cyrus] [service=imap] [realm=] [mech=pam]
    saslauthd[5655] :do_request : response: OK
    saslauthd[5657] :rel_accept_lock : released accept lock
    saslauthd[5656] :get_accept_lock : acquired accept lock
    saslauthd[5657] :do_auth : auth failure: [user=atest] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
    saslauthd[5656] :rel_accept_lock : released accept lock
    saslauthd[5658] :get_accept_lock : acquired accept lock
    saslauthd[5656] :do_auth : auth success: [user=atest@gcans.net] [service=imap] [realm=gcans.net] [mech=pam]
    saslauthd[5656] :do_request : response: OK
    Last edited by shondalg; 01-06-2009 at 12:04 AM.

  9. #9
    Join Date
    Feb 2007
    Location
    Germany
    Posts
    3,695

    Default

    01 LOGIN atest@gcans.net password
    01 OK User logged in

    so what is the problem? It seems that OX tries to login using other credentials than these (for whatever reason).

    Greetings

  10. #10
    shondalg Guest

    Default Not any user.. just cyrus

    Yeah, regular users created in udm can login fine, (but no mailbox is created due to ) cyrus is not able to log in so the mailboxes can be created. That is the problem.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •