SCO OpenServer

another unix flavor added into my portfolio, SCO OpenServer 6.0.0 ;)

friend of mine asked me to do the SCO installation last friday. upfront i told him that i never do any of SCO installation before so don't expect it will go smoothly. well i was right, it didn't go the way it should. we stayed up till 4am but still couldn't get it installed. dang!!!

the hardware is Dell PowerEdge R200. at first it was SATA CDROM issue. somehow SCO couldn't detect it if its connected to 2nd or 3rd SATA port. we opened up & changed to port 0 then it good to go. then half way through the hard disk couldn't be detected! turned out the SCO installation CD doesn't have this Dell RAID Controllers driver. after googling, downloading & burning necessary files, we finally made it through. yeyyy!!!

one thing about SCO installation script, it sucks big time. we have to find out ourselves on how to load those addtional drivers. there's no help or note during the installation tell us how to do so. we even need to key in all those license & code key during the installation. couldn't it wait once it get installed? well, anyway we successfully installed it, now time to configure.

on the same time we also did the FreeBSD 7.2 installation. on the same spec of hardware but the installation was straight forward & perfect. we even only use the bootonly cd, the rest downloaded through mirror. freebsd rock, SCO scissors hehehehehe :P

p/s: probably you all wonder why not use other unix or linux for that SCO box, but according to my friend, it was their legacy application running on Infromix database that only can run on SCO. whatever lor... (janji payment aku jgn lupa! hehhehe)

freebsd + postfix + sasl + openldap

a week ago a friend of mine asked me to help him (read: side income ;)) to reconfigure his mail server to support smtp authentication.

so, for the past 3 days I've been trying to reconfigure the above combination but with no success especially to make postfix + sasl to use openldap for authentication. but after a lotttttt of googling, countless try an errors, few mugs of nescafe tarik etc... I've finally managed to resolve the issue :)

here is the configurations:

[root@mail ~]# uname -a
FreeBSD mail.domain.com.my 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 10:40:27 UTC 2007 root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386

recompile postfix with these options:

[root@mail ~]# cat /var/db/ports/postfix/options
# This file is auto-generated by 'make config'.
# No user-servicable parts inside!
# Options for postfix-2.5.1_2,1
_OPTIONS_READ=postfix-2.5.1_2,1
WITH_SASL2=true
WITH_TLS=true
WITH_OPENLDAP=true

cyrus-sasl:

[root@mail ~]# saslauthd -v
saslauthd 2.1.22
authentication mechanisms: sasldb getpwent kerberos5 pam rimap ldap httpform

openldap already compiled with these options:

[root@ldap ~]# cat /var/db/ports/openldap23/options
# This file is auto-generated by 'make config'.
# No user-servicable parts inside!
# Options for openldap-server-2.3.11
_OPTIONS_READ=openldap-server-2.3.11
WITH_SASL=true
WITH_PERL=true
WITH_SHELL=true
WITH_SLP=true
WITH_TCP_WRAPPERS=true
WITH_BDB=true
WITH_PROXYCACHE=true
WITH_PPOLICY=true
WITH_RWM=true
WITH_DYNAMIC_BACKENDS=true

ok 1st step is to configure the cyrus-sasl configuration files.

[root@mail ~]# cat /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mechlist: PLAIN LOGIN
log_level: 5

[root@mail ~]# cat /usr/local/etc/saslauthd.conf
ldap_servers: ldap://192.168.1.8/
ldap_auth_method: fastbind
ldap_filter: uid=%u,ou=Users,dc=domain,dc=com,dc=my
ldap_search_base: dc=domain,dc=com,dc=my
ldap_bind_dn: cn=Manager,dc=domain,dc=com,dc=my
ldap_password: secret

start the service with this flag "-cra ldap" (put -d for debugging)

[root@mail ~]# /usr/local/etc/rc.d/saslauthd start
Starting saslauthd.

[root@mail ~]# ps aux|grep sasl
root 39276 0.0 0.4 4840 2784 ?? Ss 3:25PM 0:00.00 /usr/local/sbin/saslauthd -cra ldap
root 39283 0.0 0.4 4840 2780 ?? S 3:25PM 0:00.00 /usr/local/sbin/saslauthd -cra ldap
root 39284 0.0 0.4 4840 2780 ?? S 3:25PM 0:00.00 /usr/local/sbin/saslauthd -cra ldap
root 39285 0.0 0.4 4840 2780 ?? S 3:25PM 0:00.00 /usr/local/sbin/saslauthd -cra ldap
root 39286 0.0 0.4 4840 2780 ?? S 3:25PM 0:00.00 /usr/local/sbin/saslauthd -cra ldap

test it out using testsaslauthd command

[root@mail ~]# testsaslauthd -u ashamril -p 1qaz2wsx
0: OK "Success."

this means the sasl can authenticates with your ldap server. yahoooo ;)

next configure the postfix. added these lines in /usr/local/etc/postfix/main.cf

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_authenticated_header = yes
broken_sasl_auth_clients = yes
smtpd_sasl_path = smtpd
smtp_sasl_type = cyrus
smtpd_sasl_security_options = noanonymous

smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination

restart the postfix & test it out:

[root@mail ~]# printf "ashamril" | mmencode
YXNoYW1yaWw=
[root@mail ~]# printf "1qaz2wsx" | mmencode
MXFhejJ3c3g=
[root@mail ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.domain.com.my ESMTP Postfix (By LinuxDotMy)
EHLO domain.com.my
250-mail.domain.com.my
250-PIPELINING
250-SIZE 512000000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
250-AUTH=LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
334 VXNlcm5hbWU6
YXNoYW1yaWw=
334 UGFzc3dvcmQ6
MXFhejJ3c3g=
235 2.7.0 Authentication successful

yahooooo setel.

p/s: man hours: 1st day till 4am, 2nd day till 2am. 3rd day baru setel... bape ek nak caj?
and to all Hindu who celebrate Deepavali, A Very Happy Deepavali !