[Samba] [OT] Postfix sasl authentication help

L.P.H. van Belle belle at bazuin.nl
Thu Feb 19 04:10:10 MST 2015

Hai Chan Min Wai, 

If you use debian, enable at least imap on localhost, then do the following. 
Use imap for the password check.. 

## install Sasl
apt-get install -y sasl2-bin libsasl2-modules
## backup
cp /etc/default/saslauthd /etc/default/saslauthd.backup

## create sasl folder in /etc/postfix/sasl/ and create the sasl config file
mkdir -p /etc/postfix/sasl/
cat << EOF > /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

## change the default saslauthd options for remote imap (rimap) to localhost 143
sed -i 's/MECHANISMS="pam"/MECHANISMS="rimap"/g' /etc/default/saslauthd
sed -i 's/MECH_OPTIONS=""/MECH_OPTIONS=" 143"/g' /etc/default/saslauthd

## postfix smtp(d) in Chroot mode.. ( by default ) ( add -r for remote imap )
sed -i "s/OPTIONS=\"-c -m \/var\/run\/saslauthd\"/OPTIONS=\"-r -c -m \/var\/spool\/postfix\/var\/run\/saslauthd\"/g" /etc/default/saslauthd

## adduser postfix to sasl group
gpasswd -a postfix sasl

## add override for saslauthd..
## the initscript wil create this directory automatic for you with correct rights.
## ( see : zcat /usr/share/doc/sasl2-bin/README.Debian.gz |less )
dpkg-statoverride --add root sasl 750 /var/spool/postfix/var/run/saslauthd

## enable saslauthd DAEMON
sed -i 's/START=no/START=yes/g' /etc/default/saslauthd

## enable saslauthd for postfix
postconf -e "smtpd_sasl_auth_enable = yes"
## this point to the "smtpd.conf" file in the /etc/postfix/sasl/ directory
postconf -e "smtpd_sasl_path = smtpd"

service saslauthd restart
service postfix restart

##check for directory :
ls -al /var/spool/postfix/var/run/

and your done.

This is tested want works on multipel servers with different backends. 



>-----Oorspronkelijk bericht-----
>Van: dcmwai at gmail.com [mailto:samba-bounces at lists.samba.org] 
>Namens Chan Min Wai
>Verzonden: woensdag 18 februari 2015 4:58
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] [OT] Postfix sasl authentication help
>Dear all,
>Would need some of your advise. 
>As I was the trying to get postfix sasl working with samba AD. 
>I've try to search online for a few examples some use ldap, 
>kerberos or pam. 
>I'm using winbind on that system and I wonder if we can use 
>winbind with sasl. 
>Or anyone have a more correct on how it should be done. 
>My existing setup was working with ldap before moving to samba4. 
>Thank you. 
>Chan Min Wai
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list