dovecot - Oct 2017 - Postfix + saslauthd SASL With Kerberos (FreeIPA) unable to send mail

Hello I just finished setting up FreeIPA with Dovecot + Postfix + Saslauthd. I
can easily access to mails using imap via dovecot with gssapi authentication and
postfix also delivering mails very well. But I cannot send email from postfix
using gssapi authentication (plain and login authentication working fine)
because saslauthd is not specifying realm when requesting service from freeipa
domain.

warning: SASL authentication failure: GSSAPI Error: Unspecified GSS failure. 
Minor code may provide more information (No key table entry found matching
smtp/mx0.aegisnet.eu@)

right form of request is smtp/mx0.aegisnet.eu at AEGISNET.EU 

I googled alot but couldn't find any solution to solve this problem. How to
configure saslauthd well that it will use realm to contact with freeipa.

Best Regards...

On 10/02/2017 07:00 PM, Anvar Kuchkartaev wrote:
> Hello I just finished setting up FreeIPA with Dovecot + Postfix +
Saslauthd. I can easily access to mails using imap via dovecot with gssapi
authentication and postfix also delivering mails very well. But I cannot send
email from postfix using gssapi authentication (plain and login authentication
working fine) because saslauthd is not specifying realm when requesting service
from freeipa domain.
>
> warning: SASL authentication failure: GSSAPI Error: Unspecified GSS
failure.  Minor code may provide more information (No key table entry found
matching smtp/mx0.aegisnet.eu@)
>
> right form of request is smtp/mx0.aegisnet.eu at AEGISNET.EU 
>
> I googled alot but couldn't find any solution to solve this problem.
How to configure saslauthd well that it will use realm to contact with freeipa.
>
> Best Regards... 
>
You may need to consider setting auth_realms and/or auth_default_realm.
I saw something similar without such being set.

Trever


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 886 bytes
Desc: OpenPGP digital signature
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20171002/c48c10d2/attachment.sig>

The dovecot instance set up with auth_realms and auth_default_realm 
variables and it is working well. In saslauthd configurations setting 
same variables giving configuration parsing error (I think it is not 
right way to configure kerberos realm in saslauthd). However 
testsaslauthd working without any problems even if I don't specify realm 
parameter from command line.


On 03/10/17 06:17, Trever L. Adams wrote:
> On 10/02/2017 07:00 PM, Anvar Kuchkartaev wrote:
>> Hello I just finished setting up FreeIPA with Dovecot + Postfix +
Saslauthd. I can easily access to mails using imap via dovecot with gssapi
authentication and postfix also delivering mails very well. But I cannot send
email from postfix using gssapi authentication (plain and login authentication
working fine) because saslauthd is not specifying realm when requesting service
from freeipa domain.
>>
>> warning: SASL authentication failure: GSSAPI Error: Unspecified GSS
failure.  Minor code may provide more information (No key table entry found
matching smtp/mx0.aegisnet.eu@)
>>
>> right form of request is smtp/mx0.aegisnet.eu at AEGISNET.EU
>>
>> I googled alot but couldn't find any solution to solve this
problem. How to configure saslauthd well that it will use realm to contact with
freeipa.
>>
>> Best Regards...
>>
> You may need to consider setting auth_realms and/or auth_default_realm.
> I saw something similar without such being set.
>
> Trever
>
>