Postfix and courier ldap auth failure

migrating to a different mail server has created some headaches for my postfix implementation. The problem according to the logs is:

root@lrrr:/var/run/courier# tail -f /var/log/mail.log
....
Jul 29 11:56:27 lrrr postfix/smtpd[17544]: warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory
Jul 29 11:56:27 lrrr postfix/smtpd[17544]: warning: SASL authentication failure: Password verification failed
Jul 29 11:56:27 lrrr postfix/smtpd[17544]: warning: unknown[10.8.0.6]: SASL PLAIN authentication failed: generic failure
Jul 29 11:56:28 lrrr postfix/smtpd[17544]: warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory
Jul 29 11:56:28 lrrr postfix/smtpd[17544]: warning: unknown[10.8.0.6]: SASL LOGIN authentication failed: generic failure

The problem it appears is that postfix can’t reach outside it’s chroot. The solution was found in this case: .

root@lrrr:/etc/postfix/sasl# /etc/init.d/courier-authdaemon stop
[ ok ] Stopping Courier authentication services: authdaemond.
root@lrrr:/etc/postfix/sasl# ls /var/run/courier/authdaemon/
pid       pid.lock  socket
root@lrrr:/etc/postfix/sasl# mv /var/run/courier/authdaemon/ /var/run/courier/authdaemon.20140729
root@lrrr:/etc/postfix/sasl# mkdir -p /var/spool/postfix/var/run/courier/authdaemon/
root@lrrr:/etc/postfix/sasl# ln -s /var/spool/postfix/var/run/courier/authdaemon/ /var/run/courier/authdaemon/
ln: target `/var/run/courier/authdaemon/' is not a directory: No such file or directory
root@lrrr:/etc/postfix/sasl# ln -s /var/spool/postfix/var/run/courier/authdaemon/ /var/run/courier/authdaemon
root@lrrr:/var/run/courier# ls -lah
total 8.0K
drwxrwxr-x  3 daemon daemon 160 Jul 29 15:23 .
drwxr-xr-x 27 root   root   960 Jul 29 11:29 ..
lrwxrwxrwx  1 root   root    46 Jul 29 15:23 authdaemon -> /var/spool/postfix/var/run/courier/authdaemon/
drwxr-x---  2 daemon daemon 100 Jul 29 11:59 authdaemon.20140729
-rw-r--r--  1 root   root     5 Jul 21 09:57 imapd.pid
-rw-------  1 root   root     0 Jul 21 09:57 imapd.pid.lock
-rw-------  1 daemon daemon   0 Jul 21 09:58 ldapaliasd.lock
-rw-r--r--  1 daemon daemon   5 Jul 21 09:58 ldapaliasd.pid
root@lrrr:/var/run/courier# /etc/init.d/courier-authdaemon start
[ ok ] Starting Courier authentication services: authdaemond.
root@lrrr:/var/run/courier# postfix reload
postfix/postfix-script: refreshing the Postfix mail system

SQL server authentication

This is a quick post on how to run SQL enterprise manager as another domain user. This is because I am normally logged in as a lower privileged account and require advanced rights to access our enterprise databases. This uses the good old runas command and requires you to put in a password to proceed.
Create a shortcut on your machine, in the properties type:

C:\Windows\System32\runas.exe /netonly /user:domain\bowdena-a "C:\Program Files\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe"

IIS mod rewrite

I have fought with IIS for a few hours trying to do what I can do in apache with a simple Alias statement and have finally managed to get to a permanent solution. The idea is that there is a subfolder under a site which has quite a large CMS component, the structure looks kind of like:
site
- Admin
- SelfService
- OtherComponent

All of these have different settings for application pools which creates a complication. The site has been pointed to by http://site.tld.com, the SelfService component can be reached by http://site.tld.com/SelfService and the request was that the SelfService module should be reached by http://SelfService.tld.com.
Continue reading

dsquery magic (not really)

Quick post for dsquery syntax that I can never remember.
Continue reading

openVPN via port 443

A new firewall rule at my organisation has left me needing a way to redirect external traffic via my public host. I have updated the rules for my openVPN to go via https as proxy servers have a great deal of difficulty dealing with these sites without DPI (deep packet inspection) and will kick up MITM errors when they try to resign certificates.

My client will handle all internal traffic to the internal network and all external traffic via the proxy. I am using port sharing (proxy handling) under openVPN to allow my https site (that I host subversion repos from) to continue to operate as per normal.

Continue reading

another collection of bits and bytes