Zimbra

igeorg · #1 (**permalink**) 10-10-2005, 09:36 AM

Hi,

Authentication to SMTP as some domain user <user>@<domain> keeps failing when the domain is other than the host name (or the domain that was created at installation time). The message on the server is:

Oct 10 17:20:45 host saslauthd[11583]: auth_zimbra: <user> auth failed: authentication failed for <user>
Oct 10 17:20:45 host saslauthd[11583]: do_auth : auth failure: [user=<user>] [service=smtp] [realm=<domain>] [mech=zimbra] [reason=Unknown]

This happens with TLS set on & off in SMTP authentication on the server. Restarting saslathd as suggested in another forum thread didn't help either

Authenticating as any user of the hostname domain works fine.
Sending & receiving from the web interface works fine for all domains.

Is this a DNS issue? Any hints so I can investigate it further?

Thanks
John

KevinH · #2 (**permalink**) 10-10-2005, 11:16 AM

Are you using the full user@domain for the user name? Some mail clients don't add this and Postfix may only be defaulting to the first domain.

igeorg · #3 (**permalink**) 10-10-2005, 11:22 AM

Hi,

Let me know whether this should move to the dev forum.

Investigating this further revealed that saslauthd is making a SOAP auth call with the domain stripped off the user name and gets back an authentication failure msg:

POST /service/soap/ HTTP/1.1
Host: host
Pragma: no-cache
Accept: */*
Content-Type: text/xml
Content-Length: 299

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"><nosession/></context></soap:Header ><soap:Body><AuthRequest xmlns="urn:zimbraAccount"><account by="name">testuser</account><password>testpasswd</password></AuthRequest></s oap:Body></soap:Envelope>

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 362
Date: Mon, 10 Oct 2005 17:42:40 GMT
Connection: close

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Body><soap:Fault><soap:Code><soap: Value>soap:Sender</soap:Value></soap :Code><soap:Reason><soap:Text>authentication failed for testuser</soap:Text></soap:Reason><soap

etail><Error xmlns="urn:zimbra"><Code>account.AUTH_FA ILED</Code></Error></soap

etail></soap:Fault></soap:Body></soap:Envelope>

So it seems the domain name gets through to saslauthd, but it is not passed in the SOAP call?

Thanks
John

KevinH · #4 (**permalink**) 10-10-2005, 12:05 PM

I've moved it to the dev forum. We've recreated this here in house and are looking at it now.

KevinH · #5 (**permalink**) 10-10-2005, 01:13 PM

There is an easy workaround/fix for this:

su - zimbra
cd /opt/zimbra/bin

EDIT zmsaslauthdctl

CHANGE:
${zimbra_home}/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -a zimbra
TO:
${zimbra_home}/cyrus-sasl-2.1.21.ZIMBRA/sbin/saslauthd -r -a zimbra

(Basically add a -r to keep the domain)

Then run /opt/zimbra/bin/zmsaslauthdctl restart

igeorg · #6 (**permalink**) 10-10-2005, 01:23 PM

Works great!

Thanks for the excellent support
John

Zimbra

Downloads

Product Information

Toolbox

Why Join?