saslauth problem / imap login does not work
Michael Schmitt
m.schmitt at hardworx-online.net
Mon Mar 14 19:56:42 CET 2005
Some further notes...
I kept on reading the kolab mailing lists (gmane is just great!! *g*)
and found several more people probably do have the same issue as I do.
To name one thread "saslauthd: Domain/Realm not available" in
kolab-devel at kolab.org
I thought, kolab-users is the right place to ask... but it may be that I
am wrong. Should I post my problem in kolab-devel instead?
Anyhow... I made a transcript of the whole bootstraping process (see
attachment) as Martin Konold said in kolab-users Charles Johnson should
do (script -c "/kolab/etc/kolab/kolab_bootstrap -b" -f /tmp/output <- is
there a smarter way to log everything?).
I also did some tcpdumping and straceing but I only get what I already
know: Somehow the components do not work together... I am no way a
professional when it comes to sasl or ldap (I'd say I know almost
nothing) so it may be that I did misinterpret the strace and tcpdump
logs.
Something else... I did upgrade that debian-woody-box to a
debian-sarge-box yesterday too... but, same problem, nothing has
changed. I did a complete removal of kolab (at least I think I did) and
started from scratch with sh obmtool kolab... and bootstraping
afterwards...
Any help is GREATLY appreciated!
-------------- next part --------------
Script started on Mon Mar 14 19:02:10 2005
KOLAB BOOTSTRAP
Check for running webserver on port 80
Check for running webserver on port 443
Check for running imap server on port 143
Check for running imap server on port 220
Check for running imap server on port 585
Check for running imap server on port 993
Check for running pop3 server on port 109
Check for running pop3 server on port 110
Check for running pop3 server on port 473
Check for running pop3 server on port 995
Check for running smtp server on port 25
Check for running smtp server on port 465
Check for running ftp server on port 21
Check for running Amavis Virus Scanner Interface on port 10024
Check for running Kolab daemon on port 9999
Check for running OpenLDAP server on port 636
Check for running OpenLDAP server on port 389
Check for running Sieve server on port 2000
Excellent all required Ports are available!
LDAP repository is empty - assuming fresh install
Please enter Hostname [kolab.tcw.local]:
Proceeding with Hostname kolab.tcw.local
Do you want to set up (1) a master Kolab server or (2) a slave [1] (1/2): 1
Proceeding with master server setup
Please enter your Maildomain [tcw.local]:
proceeding with Maildomain tcw.local
Generating default configuration:
base_dn : dc=tcw,dc=local
bind_dn : cn=manager,cn=internal,dc=tcw,dc=local
Please choose a manager password [kjPQ9jTvyJbOk45m]: 1234
bind_pw : 1234
done modifying /kolab/etc/kolab/kolab.conf
IMPORTANT NOTE:
use login=manager and passwd=1234 when you log into the webinterface!
Enter fully qualified hostname of slave kolab server e.g. thishost.domain.tld [empty when done]:
prepare LDAP database...
temporarily starting slapd
Waiting for OpenLDAP to start
no dc=tcw,dc=local object found, creating one
mynetworkinterfaces: 127.0.0.0/8
LDAP setup finished
Create initial config files for postfix, apache, proftpd, cyrus imap, saslauthd
running /kolab/sbin/kolabconf -n
kolabconf - Kolab Configuration Generator
Copyright (c) 2004 Klaraelvdalens Datakonsult AB
Copyright (c) 2003 Code Fusion cc
Copyright (c) 2003 Tassilo Erlewein, Martin Konold, Achim Frank, erfrakon
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
kill temporary slapd
OpenPKG: stop: openldap.
Creating RSA keypair for resource password encryption
/kolab/bin/openssl genrsa -out /kolab/etc/kolab/res_priv.pem 1024
Generating RSA private key, 1024 bit long modulus
..............................++++++
...++++++
e is 65537 (0x10001)
/kolab/bin/openssl rsa -in /kolab/etc/kolab/res_priv.pem -pubout -out /kolab/etc/kolab/res_pub.pem
writing RSA key
chown kolab:kolab-n /kolab/etc/kolab/res_pub.pem /kolab/etc/kolab/res_priv.pem
Kolab can create an manage a certificate authority that can be
used to create SSL certificates for use within the Kolab environment.
You can choose to skip this section if you already have certificates
for the Kolab server.
Do you want to create CA and certificates [y] (y/n): y
Now we need to create a cerificate authority (CA) for Kolab and a server
certificate. You will be prompted for a passphrase for the CA.
################################################################################
/kolab/etc/kolab/kolab_ca.sh -newca kolab.tcw.local
Enter organization name [Kolab]:
Enter organizational unit [Test-CA]:
Using subject O=Kolab,OU=Test-CA,CN=kolab.tcw.local
Using dn
CA certificate filename (or enter to create)
Making CA certificate ...
Generating a 1024 bit RSA private key
........++++++
......................................++++++
writing new private key to '/kolab/etc/kolab/ca/private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
/
/kolab/etc/kolab/kolab_ca.sh -newkey kolab.tcw.local /kolab/etc/kolab/key.pem
Using dn
Generating RSA private key, 1024 bit long modulus
......................++++++
..................++++++
e is 65537 (0x10001)
writing RSA key
/
/kolab/etc/kolab/kolab_ca.sh -newreq kolab.tcw.local /kolab/etc/kolab/key.pem /kolab/etc/kolab/newreq.pem
Using dn
Request is in /kolab/etc/kolab/newreq.pem and private key is in /kolab/etc/kolab/key.pem
/
/kolab/etc/kolab/kolab_ca.sh -sign /kolab/etc/kolab/newreq.pem /kolab/etc/kolab/cert.pem
Using dn
Using configuration from /kolab/etc/kolab/kolab-ssl.cnf
Enter pass phrase for /kolab/etc/kolab/ca/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Mar 14 18:03:13 2005 GMT
Not After : Mar 12 18:03:13 2015 GMT
Subject:
commonName = kolab.tcw.local
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
86:FA:66:81:73:C2:25:CC:68:5A:8F:18:08:7D:43:37:02:C4:6B:38
X509v3 Authority Key Identifier:
DirName:/O=Kolab/OU=Test-CA/CN=kolab.tcw.local
serial:00
Certificate is to be certified until Mar 12 18:03:13 2015 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Signed certificate is in /kolab/etc/kolab/cert.pem
/
chgrp kolab-r /kolab/etc/kolab/key.pem;
chmod 0640 /kolab/etc/kolab/key.pem;
chgrp kolab-r /kolab/etc/kolab/cert.pem;
chmod 0640 /kolab/etc/kolab/cert.pem;
Script done on Mon Mar 14 19:03:16 2005
More information about the users
mailing list