[bustthis]

my dns records at dyndns are:

charles-x.com – 20 mx2.mailhop.org
charles-x.com – 10 mx2.mailhop.org

i am very new at this dns stuff, but i thought i set it up so the mx points to an A record-
server.charles-x.com. IN A 10.0.1.201
charles-x.com. IN MX 10 server.charles-x.com.
mail.charles-x.com. IN CNAME server.charles-x.com

and the cname was there so i could use “mail” instead of “server” – all of my ssl certs are mail.charles-x.com, so i’d like to keep that, but i don’t have another machine to add, until my g5 arrives!!!

would it make sense to do this:
server.charles-x.com. IN A 10.0.1.201
mail.charles-x.com IN A 10.0.1.201

two A records for the same machine? i wouldn’t think so, but what do i know!

maybe i don’t have a clue 🙂 i think i need a good book – i just find it confusing with dyndns in the mix.

[bustthis]

no, i haven’t becaue i thought it was a dns issue… but i will now. i noticed it behaving weird after i added the mx record.

i have freshclam check 6 times a day… i just find it a little odd that clamd stops checking and will start again when mail is sent or received.

i just changed the hostname in my amavisd.conf from server.charles-x.com to charles-x.com and i think that fixed it, i won’t know for a couple of hours.

i really just wanted to know if my mx record looked alright and if it was needed for my particular setup.

[bustthis]

ok, let me ask a lame question… i have mail.app set up for 3 imap accounts on a 10.3.4 client. all 3 accounts are users that live in ldap/127.0.0.1 on the server – all are set to use gssapi k5 for smtp and imap.

i get 3 imap tickets for “user 1” when checking mail for 3 different users – does this make sense? shouldn’t i be getting tickets for “user1” “user2” and “user3”? am i way off track?

[bustthis]

2 krbtgts for the same user… i remember on my last setup, tickets were issued as they were needed and if they weren’t expired. now, i get them all the time… mostly for krbtgt and imap… kerberos app lists 2 imap tickets for same user.

i also notice that the case changes after i get a new krbtgt ticket from [email protected] to [email protected]… not sure if this makes a difference or not?

[bustthis]

no luck.. it seems the host tickets are being created when i ssh, but it always wants my password… which leads me to think this is something to do with my ssh config. i just did a clean install of 10.3.4 six days ago and i think my system is pretty “healthy”… 🙂

thanks for your time,

charles

[bustthis]

OpenSSH_3.6.1p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL 0x0090702f

the client is 10.3.3, server 10.3.4… yes, i get a valid ticket.

a couple of weeks ago, someone suggested to me to take out the flags = REUSE IPv6 line in /etc/xinetd.d/ssh to avoid getting the POSSIBLE BREAKIN ATTEMPTS in my logs, could this be it? also, ever since i installed 10.3.4 update on my server, i get this everytime i log out from a remote login – error: BSM audit: solaris_audit_record failed to write “sshd logout ” record: Operation not supported

i am not sure if either are related…

[bustthis]

after reboot server and client –

[myclient:~] charlesx% ssh -2 my.server.com
[email protected]’s password:

server’s system log:
Jun 2 22:44:34 charles-x xinetd[8188]: START: ssh pid=18876 from=10.0.1.2
Jun 2 22:44:35 charles-x krb5kdc[536]: TGS_REQ (5 etypes {16 23 1 3 2}) 10.0.1.2: ISSUE: authtime 1086210789, etypes {rep=16 tkt=16 ses=16}, [email protected] for host/[email protected]
Jun 2 22:44:40 charles-x sshd[18876]: Accepted password for charlesx from 10.0.1.2 port 53340 ssh2

looks like it requested the ticket, but i still had to enter my password.

[bustthis]

thanks for your reply. i followed the article step by step and ran – sudo sso_util configure -r REALM -a admin_name -p password all

this is my keytab:

Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
—- —————– ——————————————————–
3 06/02/04 04:16:40 host/[email protected]
3 06/02/04 04:16:40 host/[email protected]
3 06/02/04 04:16:40 host/[email protected]
3 06/02/04 04:16:40 smtp/[email protected]
3 06/02/04 04:16:40 smtp/[email protected]
3 06/02/04 04:16:40 smtp/[email protected]
3 06/02/04 04:16:40 pop/[email protected]
3 06/02/04 04:16:40 pop/[email protected]
3 06/02/04 04:16:40 pop/[email protected]
3 06/02/04 04:16:40 imap/[email protected]
3 06/02/04 04:16:40 imap/[email protected]
3 06/02/04 04:16:40 imap/[email protected]
3 06/02/04 04:16:40 ftp/[email protected]
3 06/02/04 04:16:40 ftp/[email protected]
3 06/02/04 04:16:40 ftp/[email protected]
3 06/02/04 04:16:40 afpserver/[email protected]
3 06/02/04 04:16:40 afpserver/[email protected]
3 06/02/04 04:16:40 afpserver/[email protected]

i will check out the mit extras… i made a symlink to the kerberos.app into my utilities folder and everything seems to be working – imap,smtp, login, afp… i haven’t tried ftp, but when i ssh server.example.com, i am prompted for my password. i see there is some “kerberos stuff” in the sshd_config, but not sure how to configure that and the article suggests that it will work on healthy system…

thanks again,

charles

[bustthis]

after bugging joel… he suggested to turn off “allow secure connections” under afp settings in server admin, and sure enough that did the job. thanks again for all your help 🙂

[bustthis]

mostly used your examples and i plan to change them a little, i didn’t expect it to work

ok, this is db.charles-x;

;
; Name servers
;
charles-x.com. IN NS server.charles-x.com.

;
; Addresses for the canonical names
;
localhost.charles-x.com. IN A 127.0.0.1
server.charles-x.com. IN A 10.0.1.201
workstation1.charles-x.com. IN A 10.0.1.3
workstation2.charles-x.com. IN A 10.0.1.4
dhcp1.charles-x.com. IN A 10.0.1.101
dhcp2.charles-x.com. IN A 10.0.1.102
dhcp3.charles-x.com. IN A 10.0.1.103
dhcp4.charles-x.com. IN A 10.0.1.104
dhcp5.charles-x.com. IN A 10.0.1.105
gateway.charles-x.com. IN A 10.0.1.1

;
; Aliases
;
mail.charles-x.com. IN CNAME server.charles-x.com.
http://www.charles-x.com. IN CNAME server.charles-x.com.
test.charles-x.com. IN CNAME server.charles-x.com.
mylaptop.charles-x.com. IN CNAME workstation2.charles-x.com.

and db.10.0.1:
1.0.10.in-addr.arpa. IN SOA server.charles-x.com. serveradmin.charles-x.com. (
2004053000 ; Serial
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL of 1 day

;
; Name servers
;
1.0.10.in-addr.arpa. IN NS server.charles-x.com.

;
; Addresses point to canonical name
;
1.1.0.10.in-addr.arpa. IN PTR gateway.charles-x.com.
201.1.0.10.in-addr.arpa. IN PTR server.charles-x.com.
3.1.0.10.in-addr.arpa. IN PTR workstation1.charles-x.com.
4.1.0.10.in-addr.arpa. IN PTR workstation2.charles-x.com.
101.1.0.10.in-addr.arpa. IN PTR dhcp1.charles-x.com.
102.1.0.10.in-addr.arpa. IN PTR dhcp2.charles-x.com.
103.1.0.10.in-addr.arpa. IN PTR dhcp3.charles-x.com.
104.1.0.10.in-addr.arpa. IN PTR dhcp4.charles-x.com.
105.1.0.10.in-addr.arpa. IN PTR dhcp5.charles-x.com.

[bustthis]

ok, but how would i go about getting my mail back? i used your mailback script to backup everything before i reconstructed.

[bustthis]

i get this for every user i want to remove-
user.test: System I/O error No such file or directory
user.test.Deleted Messages: System I/O error No such file or directory
user.test.Drafts: System I/O error No such file or directory
user.test.Sent Messages: System I/O error No such file or directory

thanks,

-charles

[bustthis]

i apologize…

okay, i found it, but now i get this-

admin% /usr/local/sbin/saslauthd -m pam
saslauthd[2891] :set_run_path : -m requires an absolute pathname

i’m not sure what the path to pam is?

[bustthis]

i did just that – locate saslauthd, didn’t turn up… then i searched around and found a article that suggested this – sudo /usr/local/sbin/saslauthd -a pam
still not found.

i’m completely stumped!

[bustthis]

no luck 🙁

i followed your instructions… although, i got a little confused when i compiled postfix, is this correct?
make tidy
make -f Makefile.init makefiles \
CCARGS=’-DHAS_LDAP -I/usr/include \
-DUSE_SASL_AUTH -I/usr/local/include/sasl \
-DDEF_HTML_DIR=\”/Library/WebServer/Documents/PostfixDocs\” \
-DDEF_README_DIR=\”/etc/postfix/readmes\” ‘ \
AUXLIBS=’-L/usr/local/lib -lldap -L/usr/local/lib -llber -L/usr/local/lib -lsasl2′
make
make upgrade

saslauthd -m PAM returns command not found and i see this in my mail.log:
getPasswordRec returning -1

warning: SASL authentication failure: no secret in database

SASL CRAM-MD5 authentication failed

May 24 16:23:05 charles-x postfix/smtpd[10240]: lost connection after AUTH

postfix 2.1.1 started and i can send mail locally, but when i try to send mail out – i get relay access denied. the server restarted fine, but i would like to send mail.

[Author]

Posts