Page 1 of 1

SMTP SASL authentication failure

Posted: Mon Oct 10, 2005 11:36 am
by igeorg
Hi,
Authentication to SMTP as some domain user @ keeps failing when the domain is other than the host name (or the domain that was created at installation time). The message on the server is:
Oct 10 17:20:45 host saslauthd[11583]: auth_zimbra: auth failed: authentication failed for

Oct 10 17:20:45 host saslauthd[11583]: do_auth : auth failure: [user=] [service=smtp] [realm=] [mech=zimbra] [reason=Unknown]
This happens with TLS set on & off in SMTP authentication on the server. Restarting saslathd as suggested in another forum thread didn't help either
Authenticating as any user of the hostname domain works fine.

Sending & receiving from the web interface works fine for all domains.
Is this a DNS issue? Any hints so I can investigate it further?


Thanks

John

SMTP SASL authentication failure

Posted: Mon Oct 10, 2005 1:16 pm
by 14319KevinH
Are you using the full user@domain for the user name? Some mail clients don't add this and Postfix may only be defaulting to the first domain.

SMTP SASL authentication failure

Posted: Mon Oct 10, 2005 1:22 pm
by igeorg
Hi,
Let me know whether this should move to the dev forum.
Investigating this further revealed that saslauthd is making a SOAP auth call with the domain stripped off the user name and gets back an authentication failure msg:
POST /service/soap/ HTTP/1.1

Host: host

Pragma: no-cache

Accept: */*

Content-Type: text/xml

Content-Length: 299
http://www.w3.org/2003/05/soap-envelope"> xmlns="urn:zimbra">testusertestpasswd


HTTP/1.1 500 Internal Server Error

Server: Apache-Coyote/1.1

Content-Type: text/html;charset=utf-8

Content-Length: 362

Date: Mon, 10 Oct 2005 17:42:40 GMT

Connection: close
soap:Senderhttp://www.w3.org/2003/05/soap-envelope">soap:Sender :Code>authentication failed for testuseraccount.AUTH_FA ILED
So it seems the domain name gets through to saslauthd, but it is not passed in the SOAP call?
Thanks

John

SMTP SASL authentication failure

Posted: Mon Oct 10, 2005 2:05 pm
by 14319KevinH
I've moved it to the dev forum. We've recreated this here in house and are looking at it now.

SMTP SASL authentication failure

Posted: Mon Oct 10, 2005 3:13 pm
by 14319KevinH
There is an easy workaround/fix for this:
su - zimbra

cd /opt/zimbra/bin
EDIT zmsaslauthdctl
CHANGE:

${zimbra_home}/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra

TO:

${zimbra_home}/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -r -a zimbra
(Basically add a -r to keep the domain)


Then run /opt/zimbra/bin/zmsaslauthdctl restart

SMTP SASL authentication failure

Posted: Mon Oct 10, 2005 3:23 pm
by igeorg
Works great!
Thanks for the excellent support

John