Results 1 to 6 of 6

Thread: SMTP SASL authentication failure

  1. #1
    Join Date
    Oct 2005
    Posts
    8
    Rep Power
    10

    Default SMTP SASL authentication failure

    Hi,

    Authentication to SMTP as some domain user <user>@<domain> keeps failing when the domain is other than the host name (or the domain that was created at installation time). The message on the server is:

    Oct 10 17:20:45 host saslauthd[11583]: auth_zimbra: <user> auth failed: authentication failed for <user>
    Oct 10 17:20:45 host saslauthd[11583]: do_auth : auth failure: [user=<user>] [service=smtp] [realm=<domain>] [mech=zimbra] [reason=Unknown]

    This happens with TLS set on & off in SMTP authentication on the server. Restarting saslathd as suggested in another forum thread didn't help either

    Authenticating as any user of the hostname domain works fine.
    Sending & receiving from the web interface works fine for all domains.

    Is this a DNS issue? Any hints so I can investigate it further?


    Thanks
    John

  2. #2
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    Are you using the full user@domain for the user name? Some mail clients don't add this and Postfix may only be defaulting to the first domain.

  3. #3
    Join Date
    Oct 2005
    Posts
    8
    Rep Power
    10

    Default

    Hi,

    Let me know whether this should move to the dev forum.

    Investigating this further revealed that saslauthd is making a SOAP auth call with the domain stripped off the user name and gets back an authentication failure msg:

    POST /service/soap/ HTTP/1.1
    Host: host
    Pragma: no-cache
    Accept: */*
    Content-Type: text/xml
    Content-Length: 299

    <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"><nosession/></context></soap:Header ><soap:Body><AuthRequest xmlns="urn:zimbraAccount"><account by="name">testuser</account><password>testpasswd</password></AuthRequest></s oap:Body></soap:Envelope>


    HTTP/1.1 500 Internal Server Error
    Server: Apache-Coyote/1.1
    Content-Type: text/html;charset=utf-8
    Content-Length: 362
    Date: Mon, 10 Oct 2005 17:42:40 GMT
    Connection: close

    <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Body><soap:Fault><soap:Code><soap: Value>soap:Sender</soap:Value></soap :Code><soap:Reason><soap:Text>authentication failed for testuser</soap:Text></soap:Reason><soapetail><Error xmlns="urn:zimbra"><Code>account.AUTH_FA ILED</Code></Error></soapetail></soap:Fault></soap:Body></soap:Envelope>

    So it seems the domain name gets through to saslauthd, but it is not passed in the SOAP call?

    Thanks
    John

  4. #4
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    I've moved it to the dev forum. We've recreated this here in house and are looking at it now.

  5. #5
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    There is an easy workaround/fix for this:

    su - zimbra
    cd /opt/zimbra/bin

    EDIT zmsaslauthdctl

    CHANGE:
    ${zimbra_home}/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
    TO:
    ${zimbra_home}/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -r -a zimbra

    (Basically add a -r to keep the domain)


    Then run /opt/zimbra/bin/zmsaslauthdctl restart

  6. #6
    Join Date
    Oct 2005
    Posts
    8
    Rep Power
    10

    Default

    Works great!

    Thanks for the excellent support
    John

Similar Threads

  1. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  2. SASL authentication failure...
    By voltcraft in forum Installation
    Replies: 1
    Last Post: 03-09-2007, 07:15 AM
  3. SASL LOGIN authentication failure
    By sgcowgill in forum Administrators
    Replies: 14
    Last Post: 08-11-2006, 01:55 PM
  4. Is it started or not
    By kwelipatton in forum Installation
    Replies: 10
    Last Post: 03-28-2006, 10:11 PM
  5. SMTP SASL authentication failure
    By adobrin in forum Developers
    Replies: 3
    Last Post: 11-22-2005, 02:31 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •