I am having some trouble with Cyrus SASL and OpenLDAP. I tried to configure OpenLDAP using SASL for all conection but I cannot map the SASL-DN to OpenLDAP's DN. Below is my configuration file, slapd.conf
[code]...
After I finished the configuration, I try to use ldapsearch tool to verify, but I cannot:
[code]...
I'm trying to get SASL working with OpenLDAP + TLS. I got it working without TLS with these settings:
[code]...
What i'm doing wrong?
I followed the Wiki guide for configuring my Postfix server for SASL / TLS. I don't get any errors and I assume it's working but when I try and test SASL (saslauthd), I don't get the response noted according to the Wiki and I don't understand why.
View 3 Replies View Relatedi used yum install postfix, but i don't know it's support sasl? how to check it?
View 3 Replies View RelatedI installed cyrus-sasl 2.1
How to deal with?
I have Postfix up and working perfect. It receives and sends email fine with no TLS and SASL but I installed Dovecot and then generated some self signed certificates using 'openssl' and for some reason I can't send from my IMAP server. I get this in my logs:
Code:
Mar 3 11:20:45 mail dovecot: imap-login: Login: user=<carlos>, method=PLAIN, rip=10.1.1.204, lip=192.168.0.200, TLS
Mar 3 11:21:20 mail postfix/smtpd[1386]: connect from tuna.mydomain.tld[10.1.1.204]
[Code].....
Am unable to send mail from Outlook to my Postfix SMTP server.
Am getting the following in the /var/log/maillog.
Code:
Think I've pretty much followed the instructions correctly here.
[url]
Also, I looked for the PID of the smtpd and did a strace on it.
Code:
Code:
However, when I looked at the permission of this file, it should be accessible by everyone.
Code:
I have an issue where postfix is setup to use dovecot auth and as far as I know it works, if i login using telnet to the mail server i can authorize myself y providing the base64 encoded user & password. so if i can login, why cant my email clients. have tried thunderbird and evolution. this is the mail.log relavant entries for sucessful login via telnet
[Code]...
Login by pop or imap works flawlessly that what i dont get. From what i see it SHOULD be working. It it changes things, im using postfixadmin, postfix, dovecot. passwords and info stored in mysql tables. passwords are md5 encrypted. I thought that may be the issue, but that dosnt make sence.
I checked relay system using IP address it working gr8, but I want to implement user based authorization in relay server. but no idea where to make changes in sendmail.mc.. and my outlook asking for password again and again..whats role of openssl in user based authentication ?
View 1 Replies View RelatedI'm trying to expand my Courier+MySQL+Postfix+PostfixAdmin server to use SASL logins on Postfix so I can relay on my server. After following several guides I still can't get it to work: Postfix logs show the user transcript and end with "Authentication failure" but it does not tell me what told it that the login failed. The messages log show this:
Feb 19 22:48:55 sportlaan-server saslauthd[7254]: do_auth : auth failure: [user=berend] [service=smtp] [realm=mydomain.com] [mech=pam] [reason=PAM auth error] Which I don't get because I don't think it should be using PAM... I think...
The setup is similar to this one: http://www.howtoforge.org/virtual_users_postfix_courier_mailscanner_clamav_centos_p6
My SASL config has this in it:
/usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
log_level: 3
authdaemond_path: /var/spool/authdaemon/socket
mech_list: plain login
We have CentOS 5.3 and are using sendmail for outbound emails. We are trying to switch over to authsmtp service. Authsmtp requires sendmail built with SASL suport.
How do I find out if my sendmail has been built with SASL support? If it is not, is it easy to build it with SASL support?
I'm using postfix with unix accounts for a while now and I just realized today that SASL authentication, instead of working only with the USERNAME, it also works if the username is followed by ANYDOMAIN.COM
So, let's say I have the following UNIX users: tim, mike, john. If I set the Outgoing Username:[URL]..(where whatever.com can be any name you can think of) IT WORKS, even though it shouldn't, it should only work with tim, mike and john without any domain name. Does anyone know what might cause this and what's the workaround to this problem?
distro = debian 5
when i tried to send to other domain, i will get "Relay access denied"
below are my configs
main.cf
Code:
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
[Code].....
I am running the following on CentOS 5.5 (Final)
dovecot 1.0.7
saslauthd 2.1.22
When I send an email via TLS I see the following log entries.
Code:
Oct 14 11:53:06 ns2 postfix/smtpd[11372]: connect from unknown[172.16.1.159]
Oct 14 11:53:06 ns2 postfix/smtpd[11372]: setting up TLS connection from unknown[172.16.1.159]
[Code]....
What I'm really curious about is there is an intial TLS connection with a 256 bit cipher, but then.. The last entry states "sasl_method=PLAIN" - so surely this is not encrypted? Or am I misunderstanding how it works?
I am re setting up a server of mine running red hat enterprise Linux server 6 and I had all of this working befor but for some reason I had troubles getting sasl to work and now when I login my smtp server I get an error stating that my username or password is incorrect though I am sure I am entering both correctly. Would anyone know what could be happening? I have been spending days on the web looking for the solution and only went from sasl not working when started as a service to this. For some reason I can't use Pam with saslauthd and had to use shadow instead of which from what I hear I get to use better methods of secure authentication with smtp
View 2 Replies View RelatedI am setting up a cluster of servers which use Centos Directory Server for control of logins, etc and kerberos for authentication. The basic setup is working fine, I have been able to manually create accounts using the directory console and these accounts seem to work. Now what I want to do is automate the process of creating new accounts. I am writing a perl script which can be run by one of the server administrators, they supply a small number of arguments and it should create a new user in the directory server, and also create a principal in the kerberos.
I want them to be able to do this using their logged-in kerberos credentials, i.e., without having to enter and re-enter their passwords. My first attempt was to use perl modules Net::LDAP and Authen::SASL. I could not get this working so fell back to using ldap command line tools, but even these I cannot seem to get working! When using mozldap tools, as specified in the admin manual, I get the following:
$ /usr/lib64/mozldap/ldapmodify -h ldaphost.mycompany.com -D uid=eharmic,ou=mydept,dc=mycompany -o mech=GSSAPI -o authid=eharmic < ../ldapmod.txt
Bind Error: Invalid credentials
Bind Error: additional info: SASL(-14): authorization failure:
Using openldap tools I strike exactly the same problem:
$ ldapmodify -Y GSSAPI -H LDAP://ldaphost.mycompany.com -D uid=eharmic,ou=mydept,dc=mycompany -U eharmic < ../ldapmod.txt
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-14): authorization failure:
I believe I have set up the mapping correctly:
dn: cn=MyMapping,cn=mapping,cn=sasl,cn=config
objectClass: top
objectClass: nsSaslMapping
cn: MyMapping
nsSaslMapRegexString: ^(.+)@MYCOMPANY.COM
nsSaslMapBaseDNTemplate: ou=mydept,dc=mycompany
nsSaslMapFilterTemplate: (uid=1)
It must be getting reasonably far because after doing the above I can see the LDAP service ticket in my "klist" output.
I was reading over and checking the How to section on the Wiki for Postfix TLS / SASL. I followed it completely and everything seems to be working fine however I am confused about the following section:
smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.cert[code].....
I configured my openldap but now I want to implement SSL-TLS
This is my basic slapd.conf configuration
Code:
And I created this script (simple I know) to create this TLS/SSL Config but it won't work users cannot login
path when I am moving certs /etc/openldap/cacerts
Code:
As you see I create the key and certificate, assign permissions, add stuff to slapd.conf and finally copy thecer to a client PC
On client side I use authconfig-tui
My enviroment is Centos 5.5
what is wrong on my config?
Code:
$ su -c 'yum install wine'
this forum won't let me put all the text in Transaction Check Error: package openldap-2.4.21-6.fc13.x86_64 (which is newer than openldap-2.4.21-4.fc13.i686) is already installed package nss-softokn-freebl-3.12.4-19.fc13.x86_64 (which is newer than nss-softokn-freebl-3.12.4-17.fc13.i686) is already installed
Openldap 2.4.11 uses cn=config as the main configuration instead of slapd.conf .
How to add a new schema to openldap 2.4.11 that uses cn=config.
I was thinking of merging my openldap and samba bdc servers. Is it ok for a server to authenticate against itself? (ie ldap.conf points to localhost)
View 1 Replies View RelatedI have a RHEL 5.4 server installed in a server farm. The server is administered under a central AD, which means that administrators are registered in the AD.
However, I have to deploy an application on the linux server, that will use it's own OpenLDAP server. This means that this application will be the client to the LDAP server installed on the same RHEL server.
I tried installing OpenLDAP using yum and it resulted in a very fatal issue. Somehow the configuration files used for finding the Linux server from the AD was overwritten and the Linux server was not reachable anymore.
After some investigations, and possibly, rebuild, the server has been handed over to me.
The problem is how should I install OpenLDAP so that the existing connection to AD is not lost.
On the Linux server I see a /etc/openldap directory but only contains ldap.conf and cacerts directory.
Just installed openldap server on a VM CentOS called 'ldapsrv', it works fine, ldapsearch returns all ldap information.
Installed openldap client on another VM CentOS called 'ldapclient1', configured it with most basic configuration, no ssl/tls etc. but ldapsearch returns error:
ldapsrv is pingable:
Some outputs:
PHP Code:
PHP Code:
I've configured OPENLDAP server on the CentOs 5.3. Well everything is working fine .All the uses have been added to the database.database is bdb in ldap configuration.Now client machine is on windows xp. how to integrate Windows Xp with the LDAP server for authentication.
View 5 Replies View RelatedI want to configure Netgroup in openldap. I am using Redhat Linux 5.5.
View 1 Replies View RelatedI currently have an OpenLDAP server where everytime I add a new user their DN looks like this:
DN: cn=username,ou=people,dc=domainname,dc=com
Is their anyway I can change there dn to be in the following format?
username@domainname.com
I'm having much problems trying to configure openldap on Ubuntu 10.0.4 LTS
I have tried many tutorials, many configuration but still without results, I made the following script (for not repeating the same work, again & again)
Code:
#!/bin/sh
passwd=xxxxxx
dc1=host
dc2=com
[Code]....
I want to build a domain like abc.com in my LAN environment. Kindly tell me step by step procedure of installing OpenLDAP on CentOS 5.3.
View 2 Replies View RelatedI configured OpenLdap and now I want to configure it using TLS-SSL
But I cannot get it working with the Linux clients. Environment: Centos 5.5
Openldap Server configuration:
I am planning to deploy an OpenLDAP server in my LAN for basic authentication, but I have no idea how to do it. I would like to know how to configure an OpenLDAP Server, and I would also like to know about knowledge resources, if any.
View 3 Replies View Related