SASL: could not find auxprop plugin

Posted on 2006-05-29
Last Modified: 2013-11-18
Hello all,

I am about to pull my hair out...

I have a working Postfix server, which I installed from an RPM that comes with my OS' install DVD (Mandrakelinux 10.1). Everything works fine and well. However, now it is needed to support SMTP authentication so our laptop users can send mail from outside the house. So I read all kinds of HOWTOs and installed OpenSSL and CyrusSASL. The Postfix RPM description states that it supports SASL.

Here's what I changed in the configuration files:

smtpd_sasl_auth_enable = yes
smtpd_reipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

turned off all chroot options

pwcheck_method: pwcheck
mech_list: plain login

I also have to link /usr/lib/sasl2 pointing to /usr/local/lib/sasl2.

According to what I've read (and that's not quite a bit), it should work. However, clients can not log on, and I get the following in my log:

SASL authentication misc: could not find auxprop plugin, was searching for '[all]'

warning: SASL authentication problem: unknown password verifier

warning: SASL authentication failure: Password verification failed

warning: localhost.localdomain[]: SASL PLAIN authentication failed

localhost.localdomain[]: 535 Error: authentication failed

Any ideas? Please help me...

Question by:PappP
    LVL 27

    Expert Comment

    What HOWTO's did you read? First of all check you have a capital 'S' in /usr/local/lib/sasl2/Smtpd.conf

    I have working sendmail with SASL authentication (via ldap). You may have sasldb or some other backend.
    What exactly password backend database are you using?

    That's my /usr/lib/sasl2/Sendmail.conf (ldapdb backend probably will not work for you), but the syntax should be the similar:

    log_level: 127
    auxprop_plugin: ldapdb
    pwcheck_method: auxprop
    ldapdb_uri: ldaps://
    ldapdb_id: xxxxx
    ldapdb_pw: *****
    ldapdb_mech: DIGEST-MD5

    Add to your Smtpd.conf log_level and auxprop_plugin lines.
    At least you will get more debug info (also enable debug level logging in syslog).

    Author Comment

    Hello Nopius

    Thank you for your comment.

    Why is the capital 'S'? I have lowercase 's', and if I write something to the file, it has its effects. For example, I changed "pwcheck_method: pwcheck" to be "pwcheck_method: saslauthd" and the error message has changed (just as I expeted): "cannot connect to saslauthd server: No such file or directory". I started saslauthd with the "shadow" option.

    LVL 27

    Accepted Solution


    1) smtpd is an application (client of SASL library), so it must be named sith capital 'S' as written in the manual.
    2) If you are using 'shadow', you cannot use 'auxprop' plugin, since SASL has no access to cleartext password
    try this options instead:

    pwcheck_method: saslauthd
    mech_list: plain login

    Read here for possible list of options:

    3) If your SASL library cannot connect to saslauthd, probably your applivation has no rigths to write to saslauthd/mux unix socket. Look to the owner and rights of that socket after saslauthd starts. It shouldbe somewhere below /var (by default /var/state/saslauthd/mux). Also look to the owner of smtpd process.
    Also it's possible that application cannot find specified path, but this case is rare.
    LVL 25

    Expert Comment


    Still have an issue with this.  If so, I use smtp auth on Postfix without issue and can help.  If not, then please give an update as to the fix.

    Author Comment

    Dear Cyclops3590,

    I agree to close the question, as I have it solved. However, Nopius's comment had nothing to do with the problem was (especially not the capital S thing). It was something with the symlink, dut I did not have the time to discover the whole thing, finally I installed an older version RPM of postfix from my OS' install DVD, instead of the newer version source distro I tried before, and all of a sudden everything is working just fine. If I felt that any of the comments is the answer to my problem than I already had the points awarded to that.

    Best wishes
    LVL 25

    Expert Comment

    PappP, just wanted to tell you why I chose Nopius' second recommendation.  I have set up SMTP Auth with Postfix several times before.  While I know his comment about the capital 'S' seems to not mean anything, it could have.  Linux is case-sensitive and although by default it is actually a small 's' that postfix uses; who really knows how all the distros mess with the rpms.

    The other part of it was even though Nopius kept referring to Sendmail, the steps outlined to get SMTP Auth (while not entirely complete) are the same as what is used in Postfix.  And since there was no feedback for Nopius, no more help could be given.
    Example, if you would have responded with
    >>It was something with the symlink
    Nopius could have pointed out that this has to do with
    >>Look to the owner and rights of that socket after saslauthd starts. It shouldbe somewhere below /var (by default /var/state/saslauthd/mux)
    most likely.  But since there wasn't feedback Nopius didn't have a chance to help make things clearer.

    I also want to point out my comment about wishing to help if you still needed it, I assume you already reverted to the older rpms by then?

    At any rate, that is how I came to my decision, and honestly I still feel Nopius deserves the points here (even though it may only be a grade of B since it wasn't entirely complete being he didn't have the or config changes needed to get it working).  But that's just my opinion.

    However, I would also like to ask you to please respond to suggestions or give an update when you change directions like that.  It helps the experts out tremendously by knowing what the current status is with your situation.  And if you do feel that you want to close a question, then there is a Support link in the upper right hand corner of the page you can click.  Post a free Q in that area referencing the URL of your orig Q and the action you wish to have taken on that Q.  Hope that comes in helpful in the future   :)

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    In this article you will learn how to create a free basic website on Bitbucket, a git service provider. Polymer creates dynamic HTML components, which allow more flexibility than static HTML. This tutorial uses Ubuntu Linux but can also be done on W…
    The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now