Announcement

Collapse
No announcement yet.

cyradm: cannot authenticate to server with plain as cyrus

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • cyradm: cannot authenticate to server with plain as cyrus

    I installed this image successfully and everything ran wonderfully. I had to create an lvm snapshot of the system to move it to a vps and this is where the issue comes in. I am almost positive all the issues I am having are related to the initial set up since you chose the ip address and the like so my question is the following.

    Where are the locations besides /etc/hosts and the bind/* that I need to go to update the ip addresses. I am having problems mailboxes not being created because cyrus (the user) can not be authenticated to create the boxes. I have everything else working (I believe) so please, o please help me super open-xchange community.

  • #2
    Update - Other users can login - but..

    telnet localhost pop3
    Trying 127.0.0.1...
    Connected to localhost.localdomain.
    Escape character is '^]'.
    +OK XXX-XX-XXX-XX.XX-XX.XXX Cyrus POP3 v2.2.13-Debian-2.2.13-10.6.200712032135 server ready <3336080491.1231124882@XXX-XX-XXX-XX.XX-XX.XXX>
    user cyrus
    +OK Name is a valid mailbox
    pass password
    -ERR [AUTH] Invalid login
    user cyrus@localhost
    +OK Name is a valid mailbox
    pass password
    -ERR [AUTH] Invalid login
    user basic
    +OK Name is a valid mailbox
    pass password
    -ERR [AUTH] Invalid login
    user basic@gcans.net
    +OK Name is a valid mailbox
    pass password
    -ERR [SYS/PERM] Unable to locate maildrop: Mailbox does not exist


    Users are created through the udm correctly but when it comes to cyrus to create the mailbox I get.

    Jan 4 21:51:05 208-43-235-61 cyrus/imap[5355]: badlogin: localhost.localdomain [127.0.0.1] plaintext cyrus@localdomain SASL(-13): authentication failure: checkpass failed

    In the syslog.

    Jelp Me!!!.. I mean.. help..

    Comment


    • #3
      I don't really know what could trigger this issue, but maybe debugging the auth process helps:


      best wishes..

      Comment


      • #4
        SASL Debugging

        --The following are attempts to login using telnet 110

        XXXX@XXX-XX-XXX-XX:~# /usr/sbin/saslauthd -a pam -r -m /var/run/saslauthd -d
        saslauthd[2003] :main : num_procs : 5
        saslauthd[2003] :main : mech_option: NULL
        saslauthd[2003] :main : run_path : /var/run/saslauthd
        saslauthd[2003] :main : auth_mech : pam
        saslauthd[2003] :ipc_init : using accept lock file: /var/run/saslauthd/mux.accept
        saslauthd[2003] :detach_tty : master pid is: 0
        saslauthd[2003] :ipc_init : listening on socket: /var/run/saslauthd/mux
        saslauthd[2003] :main : using process model
        saslauthd[2007] :get_accept_lock : acquired accept lock
        saslauthd[2003] :have_baby : forked child: 2007
        saslauthd[2003] :have_baby : forked child: 2008
        saslauthd[2003] :have_baby : forked child: 2009
        saslauthd[2003] :have_baby : forked child: 2010
        saslauthd[2007] :rel_accept_lock : released accept lock
        saslauthd[2003] :get_accept_lock : acquired accept lock
        saslauthd[2007] :do_auth : auth failure: [user=atest@localdomain] [service=pop] [realm=localdomain] [mech=pam] [reason=PAM auth error]
        saslauthd[2003] :rel_accept_lock : released accept lock
        saslauthd[2009] :get_accept_lock : acquired accept lock
        saslauthd[2003] :do_auth : auth success: [user=atest@gcans.net] [service=pop] [realm=gcans.net] [mech=pam]
        saslauthd[2003] :do_request : response: OK

        This is the telnet side.

        XXXX@XXX-XX-XXX-XX:~# telnet localhost 110
        Trying 127.0.0.1...
        Connected to localhost.localdomain.
        Escape character is '^]'.

        user atest
        +OK Name is a valid mailbox
        pass password
        -ERR [AUTH] Invalid login
        user atest@gcans.net
        +OK Name is a valid mailbox
        pass password
        -ERR [SYS/PERM] Unable to locate maildrop: Mailbox does not exist



        XXXX@XXX-XX-XXX-XX:~# testsaslauthd -u atest -p password
        0: NO "authentication failed"
        XXXX@XXX-XX-XXX-XX:~# testsaslauthd -u atest@gcans.net -p password
        0: OK "Success."
        XXXX@XXX-XX-XXX-XX:~# testsaslauthd -u cyrus -p password
        0: OK "Success."
        XXXX@XXX-XX-XXX-XX:~#
        XXXX@XXX-XX-XXX-XX:~# testsaslauthd -u cyrus@gcans.net -p password
        0: NO "authentication failed"
        XXXX@XXX-XX-XXX-XX:~# testsaslauthd -u cyrus@localhost -p password
        0: NO "authentication failed"


        testsaslauthd succeeds to log in with cyrus no domain
        cyradm fails to log in cyrus because domain is required in all of my tests.
        udm attempts to log cyrus in using localhost domain and fails.
        telnet cannot log in cyrus at all.
        users can log in using correct domain using testsaslauthd and telnet.
        Last edited by Guest; 01-05-2009, 07:59 PM.

        Comment


        • #5
          Could you try telnet to port 143 where IMAP is listening?

          Comment


          • #6
            IMAP authentication is like woa..

            XXXX@XXX-XX-XXX-XX:~# telnet localhost 143
            Trying 127.0.0.1...
            Connected to localhost.localdomain.
            Escape character is '^]'.
            * OK XXX-XX-XXX-XX.XX-XX.XXX Cyrus IMAP4 v2.2.13-Debian-2.2.13-10.6.200712032135 server ready
            LOGIN cyrus password
            LOGIN BAD Please login first
            LOGIN cyrus@localhost password
            LOGIN BAD Please login first
            LOGIN cyrus@gcans.net password
            LOGIN BAD Please login first
            LOGIN atest password
            LOGIN BAD Please login first
            LOGIN atest@gcans.net password
            LOGIN BAD Please login first


            Fail fail fail fail..
            Last edited by Guest; 01-05-2009, 09:47 PM.

            Comment


            • #7
              the syntax is:
              "01 LOGIN user password"

              If you're doing this, please start sasl in debug mode as you did before, maybe it sheds some more light then. You could also check the pam.d configuration at /etc/pam.d/ (i have to check if this is the correct path but i assume it).
              Last edited by Martin Heiland; 01-05-2009, 11:41 PM.

              Comment


              • #8
                Sorry about the bad imap debug

                XXXX@XXX-XX-XXX-XX:~# telnet localhost 143
                Trying 127.0.0.1...
                01 LOGIN cyrus password
                01 NO Login failed: authentication failure
                01 LOGIN cyrus@localhost password
                01 NO Login failed: authentication failure
                01 LOGIN cyrus@gcans.net password
                01 NO Login failed: authentication failure

                01 LOGIN cyrus@ password
                01 NO Login failed: authentication failure

                01 LOGIN atest@ password
                01 NO Login failed: authentication failure
                01 LOGIN atest@gcans.net password
                01 OK User logged in




                saslauthd[5656] :rel_accept_lock : released accept lock
                saslauthd[5657] :get_accept_lock : acquired accept lock
                saslauthd[5656] :do_auth : auth failure: [user=cyrus@localhost] [service=imap] [realm=localdomain] [mech=pam] [reason=PAM auth error]
                saslauthd[5657] :rel_accept_lock : released accept lock
                saslauthd[5656] :get_accept_lock : acquired accept lock
                saslauthd[5657] :do_auth : auth failure: [user=cyrus@localhost] [service=imap] [realm=localhost] [mech=pam] [reason=PAM auth error]
                saslauthd[5655] :get_accept_lock : acquired accept lock
                saslauthd[5656] :rel_accept_lock : released accept lock
                saslauthd[5656] :do_auth : auth failure: [user=cyrus@gcans.net] [service=imap] [realm=gcans.net] [mech=pam] [reason=PAM auth error]
                saslauthd[5655] :rel_accept_lock : released accept lock
                saslauthd[5657] :get_accept_lock : acquired accept lock
                saslauthd[5655] :do_auth : auth success: [user=cyrus] [service=imap] [realm=] [mech=pam]
                saslauthd[5655] :do_request : response: OK
                saslauthd[5657] :rel_accept_lock : released accept lock
                saslauthd[5656] :get_accept_lock : acquired accept lock
                saslauthd[5657] :do_auth : auth failure: [user=atest] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
                saslauthd[5656] :rel_accept_lock : released accept lock
                saslauthd[5658] :get_accept_lock : acquired accept lock
                saslauthd[5656] :do_auth : auth success: [user=atest@gcans.net] [service=imap] [realm=gcans.net] [mech=pam]
                saslauthd[5656] :do_request : response: OK
                Last edited by Guest; 01-06-2009, 12:04 AM.

                Comment


                • #9
                  01 LOGIN atest@gcans.net password
                  01 OK User logged in

                  so what is the problem? It seems that OX tries to login using other credentials than these (for whatever reason).

                  Greetings

                  Comment


                  • #10
                    Not any user.. just cyrus

                    Yeah, regular users created in udm can login fine, (but no mailbox is created due to ) cyrus is not able to log in so the mailboxes can be created. That is the problem.

                    Comment


                    • #11
                      Condensed version of the problem

                      cyradm --user cyrus@ localhost
                      IMAP Password:
                      Login failed: authentication failure at /usr/lib/perl5/Cyrus/IMAP/Admin.pm line 119
                      cyradm: cannot authenticate to server as cyrus@


                      --------------------------------------sasl output of command

                      saslauthd[6109] :rel_accept_lock : released accept lock
                      saslauthd[6111] :get_accept_lock : acquired accept lock
                      saslauthd[6109] :do_auth : auth success: [user=cyrus] [service=imap] [realm=] [mech=pam]
                      saslauthd[6109] :do_request : response: OK


                      I need to know what does sasl authenticate for. What are the other levels of authentication that I need to troubleshoot because obviously saslauth is working like it should be but something else is not.

                      Comment


                      • #12
                        Where are the locations besides /etc/hosts and the bind/* that I need to go to update the ip addresses
                        I think this could be the source of all problems:
                        You should always use the UDM / Univention Commandline Tools to perform actions like changing adresses or hostnames.

                        By the way - do you have the latest online update installed?

                        Daniel

                        Comment


                        • #13
                          UMC Tools

                          Hm.. did not realize that was there. I will revert to ground 0 and start over.

                          We will see if this works.

                          Comment


                          • #14
                            Using Console Tools

                            Well atleast this time all the changes I make are properly being changed where ever else they need to go. However.. cyrus STILL cannot log in.

                            How to I reset the cyrus password using the udm or the umc.

                            This is the only thing I need to do. Is reset the cyrus password and/or entire login information (host and info). If I can do this everything else will work I am sure. So... how do I go about doing this.

                            Or, if you can let me know how to change the default user ox uses because I was able to create a user and then make him admin and was able to create email boxes fine.
                            Last edited by Guest; 01-07-2009, 01:00 AM. Reason: more info

                            Comment


                            • #15
                              hi,

                              this topic is very ucs related, maybe you should also ask at http://forum.univention.de/

                              Comment

                              Working...
                              X