Hi,
Authentication to SMTP as some domain user @ keeps failing when the domain is other than the host name (or the domain that was created at installation time). The message on the server is:
Oct 10 17:20:45 host saslauthd[11583]: auth_zimbra: auth failed: authentication failed for
Oct 10 17:20:45 host saslauthd[11583]: do_auth : auth failure: [user=] [service=smtp] [realm=] [mech=zimbra] [reason=Unknown]
This happens with TLS set on & off in SMTP authentication on the server. Restarting saslathd as suggested in another forum thread didn't help either
Authenticating as any user of the hostname domain works fine.
Sending & receiving from the web interface works fine for all domains.
Is this a DNS issue? Any hints so I can investigate it further?
Thanks
John
SMTP SASL authentication failure
-
14319KevinH
- Ambassador
- Posts: 4558
- Joined: Fri Sep 12, 2014 9:52 pm
SMTP SASL authentication failure
Are you using the full user@domain for the user name? Some mail clients don't add this and Postfix may only be defaulting to the first domain.
SMTP SASL authentication failure
Hi,
Let me know whether this should move to the dev forum.
Investigating this further revealed that saslauthd is making a SOAP auth call with the domain stripped off the user name and gets back an authentication failure msg:
POST /service/soap/ HTTP/1.1
Host: host
Pragma: no-cache
Accept: */*
Content-Type: text/xml
Content-Length: 299
http://www.w3.org/2003/05/soap-envelope"> xmlns="urn:zimbra">testusertestpasswd
HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 362
Date: Mon, 10 Oct 2005 17:42:40 GMT
Connection: close
soap:Senderhttp://www.w3.org/2003/05/soap-envelope">soap:Sender :Code>authentication failed for testuseraccount.AUTH_FA ILED
So it seems the domain name gets through to saslauthd, but it is not passed in the SOAP call?
Thanks
John
Let me know whether this should move to the dev forum.
Investigating this further revealed that saslauthd is making a SOAP auth call with the domain stripped off the user name and gets back an authentication failure msg:
POST /service/soap/ HTTP/1.1
Host: host
Pragma: no-cache
Accept: */*
Content-Type: text/xml
Content-Length: 299
http://www.w3.org/2003/05/soap-envelope"> xmlns="urn:zimbra">testusertestpasswd
HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 362
Date: Mon, 10 Oct 2005 17:42:40 GMT
Connection: close
soap:Senderhttp://www.w3.org/2003/05/soap-envelope">soap:Sender :Code>authentication failed for testuseraccount.AUTH_FA ILED
So it seems the domain name gets through to saslauthd, but it is not passed in the SOAP call?
Thanks
John
-
14319KevinH
- Ambassador
- Posts: 4558
- Joined: Fri Sep 12, 2014 9:52 pm
SMTP SASL authentication failure
I've moved it to the dev forum. We've recreated this here in house and are looking at it now.
-
14319KevinH
- Ambassador
- Posts: 4558
- Joined: Fri Sep 12, 2014 9:52 pm
SMTP SASL authentication failure
There is an easy workaround/fix for this:
su - zimbra
cd /opt/zimbra/bin
EDIT zmsaslauthdctl
CHANGE:
${zimbra_home}/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
TO:
${zimbra_home}/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -r -a zimbra
(Basically add a -r to keep the domain)
Then run /opt/zimbra/bin/zmsaslauthdctl restart
su - zimbra
cd /opt/zimbra/bin
EDIT zmsaslauthdctl
CHANGE:
${zimbra_home}/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
TO:
${zimbra_home}/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -r -a zimbra
(Basically add a -r to keep the domain)
Then run /opt/zimbra/bin/zmsaslauthdctl restart
SMTP SASL authentication failure
Works great!
Thanks for the excellent support
John
Thanks for the excellent support
John