Hello all.
Im try to make a SMTP Auth using Docecot SASL.
Im use swaks for tests.
Im store users in LDAP.
As im understand for CRAM & DIGEST MD5 we need to store pass in a clear
text?... Ok.
mail: admin3 at domain.off
userPassword: 123 <- Clear text
What im do
%swaks -a CRAM-MD5 -au admin3 at domain.off -ap 123
To: admin3 at domain.off
=== Trying mx.domain.off:25...
=== Connected to mx.domain.off.
<- 220 mx.domain.off ESMTP Exim 4.69 Tue, 08 Jul 2008 19:14:24 +0000
-> EHLO mx.domain.off
<- 250-mx.domain.off Hello mx.domain.off [172.16.1.19]
<- 250-SIZE 13631488
<- 250-PIPELINING
<- 250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5
<- 250-STARTTLS
<- 250 HELP
-> AUTH CRAM-MD5
<- 334 PDM4ODYwNTQ1MjEzMTA3NDEuMTIxNTU0NDQ2NEBteC5kb21haW4ub2ZmPg= ->
YWRtaW4zQGRvbWFpbi5vZmYgMGJlYzIzOTA5Zjg4OTc3MDdkYTJmZmNmOTEzMDBhMmM<** 535
Incorrect authentication data
*** No authentication type succeeded
-> QUIT
<- 221 mx.domain.off closing connection
=== Connection closed with remote host.
Exim says:
SMTP<< AUTH CRAM-MD5
9657 dovecot authentication
9657 AUTH 12 CRAM-MD5 service=smtp secured
rip=172.16.1.19 lip=172.16.1.19 resp 9657 received: CONT 12
PDM0MTMzMjg1NTUyOTE0MjMuMTIxNTU0NDcwMUBteC5kb21haW4ub2ZmPg= 9657 SMTP>>
334
PDM0MTMzMjg1NTUyOTE0MjMuMTIxNTU0NDcwMUBteC5kb21haW4ub2ZmPg= 9657 received: FAIL
12 user=admin3 at domain.off
9657 SMTP>> 535 Incorrect authentication data
9657 auth_cram_md5 authenticator failed for mx.domain.off
[172.16.1.19] I=[172.16.1.19]:26: 535 Incorrect authentication data
(set_id=admin3 at domain.off)
9657 SMTP<< QUIT
Dovecot logs:
Info: auth(default): new auth connection: pid=9713
Info: auth(default): client in: AUTH 11 CRAM-MD5
service=smtp secured rip=172.16.1.19 lip=172.16.1.19 resp=<hidden>
Info: auth(default): client out: CONT 11
PDU5MjUzNjc0Mjg1NDAyNjUuMTIxNTU0NDkyN0BteC5kb21haW4ub2ZmPg=Info: auth(default):
client in: CONT<hidden>
Info: auth(default): ldap(admin3 at domain.off,172.16.1.19): pass search:
base=dc=Virtual-Domains,dc=DOMAIN scope=subtree
filter=(&(objectClass=mailUser)(mail=admin3 at domain.off))
fields=mail,userPassword
Info: auth(default): ldap(admin3 at domain.off,172.16.1.19): result:
mail(user)=admin3 at domain.off userPassword(password)=<hidden>
Error: auth(default): password(admin3 at domain.off,172.16.1.19): Invalid
password format for scheme CRAM-MD5
Info: auth(default): client out: FAIL 11 user=admin3 at domain.off
---
password(admin3 at domain.off,172.16.1.19): Invalid password format for
scheme CRAM-MD5
Hm... as im see - something wrong in my dovecot-ldap.conf ?
Main idea of it is mail = user, userPassword = password.
dovecot-ldap.conf:
hosts = 127.0.0.1
dn = uid=Dovecot,ou=System-Users,dc=DOMAIN
dnpass = 123
debug_level = 0
ldap_version = 3
base = dc=Virtual-Domains,dc=DOMAIN
deref = never
scope = subtree
user_attrs user_filter = (&(objectClass=mailUser)(mail=%u))
pass_attrs = mail=user,userPassword=password
pass_filter = (&(objectClass=mailUser)(mail=%u))
default_pass_scheme = CRAM-MD5
Dovecot logs with debug_level=1 in attachment.
Help me please - I running out of ideas. :-(
--
Best regards,
Proskurin Kirill
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: debug.txt
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20080708/944ad1a1/attachment-0002.txt>