SASL LOGIN authentication failed: generic failure

10 posts / 0 new
Last post
#1 Thu, 08/28/2014 - 04:27
aneysa

SASL LOGIN authentication failed: generic failure

Webmin 1.690 Ubuntu Linux 10.04.2

Hi

I followed the advice on Webmin screen to auto-remove packages that are no longer required, and ran into trouble when I did a server reboot. Apache won't start, and more importantly procmail did not work because of missing procmail-wrapper, which I managed to fix by "apt-get install procmail-wrapper"

Now I have another problem. After checking the mail logs I noticed this:

warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory www postfix/smtpd[2127]: warning: xxxxx: SASL LOGIN authentication failed: generic failure

Help please?

Thank you.

Thu, 08/28/2014 - 09:04
aneysa

That Webmin suggestion to auto-remove packages has really screwed up my system. I can't even save Apache options:

  • Starting web server apache2 Warning: SuexecUserGroup directive requires SUEXEC wrapper. Syntax error on line 18 of /etc/apache2/sites-enabled/0-mysite.conf: Invalid command 'FCGIWrapper', perhaps misspelled or defined by a module not included in the server configuration ...fail!

And then, when I attempt to change the config: "Failed to save website options : Suexec is enabled in the default template, but the suexec command was not found on your system."

In a pickle!

Thu, 08/28/2014 - 12:44
andreychek

Howdy,

While I'm not certain, as I didn't see the message that you saw -- I don't believe Webmin itself would recommend using the autoremove, though it may have passed along a message that was generated by apt (apt itself will, under some circumstances, propose that autoremove can be used to get rid of packages it thinks are no longer necessary... but it's not always correct about that :-)

In general, we don't recommend performing an autoremove, as that can end up removing things that you need on your system.

Now, as far as how to fix all that -- do you happen to have a list of packages that was removed as part of that autoremove?

If not, you may want to take a peek at "/var/log/apt/history.log", which has a log of all the apt packages that were installed/removed on your system.

It sounds like you may be missing some packages that are required -- if you're able to list the packages that were removed, we can help you sort out which ones should be reinstalled.

-Eric

Thu, 08/28/2014 - 20:15
aneysa

Hi Eric,

That's a very helpful tip. Thank you.

I found these entries in that log:

apache2-suexec-custom (2.2.14-5ubuntu8), pwgen (2.06-1ubuntu2), sasl2-bin (2.1.23.dfsg1-5ubuntu1), db4.8-util (4.8.24-1ubuntu1), irb1.8 (1.8.7.249-2), libapache2-svn (1.6.6dfsg-2ubuntu1), re2c (0.13.5-1build1), libmail-spf-perl (2.007-1), awstats (6.9~dfsg-1ubuntu3.10.04.1), libdbd-pg-perl (2.16.1-1), libsocket6-perl (0.23-1), libfile-copy-recursive-perl (0.38-1), rdoc (4.2), libnet-xwhois-perl (0.90-3), ri (4.2), liberror-perl (0.17-1), libnetaddr-ip-perl (4.024+dfsg-1build1), spamassassin (3.3.1-1), libapache2-mod-fcgid (2.3.4-2), procmail (3.22-18ubuntu1), clamav-testfiles (0.96+dfsg-2ubuntu1), spamc (3.3.1-1), libmcrypt4 (2.5.8-3.1), mailman (2.1.13-1ubuntu0.2), scponly (4.8-4), libpg-perl (2.1.1-4), irb (4.2), clamav-daemon (0.98.1+dfsg-4ubuntu1~ubuntu10.04.2), update-inetd (4.35ubuntu0.1), libnet-ip-perl (1.25-2), openbsd-inetd (0.20080125-4ubuntu2), libio-socket-inet6-perl (2.54-1.1), libnet-dns-perl (0.65-1build1), rdoc1.8 (1.8.7.249-2), procmail-wrapper (1.0-2), webalizer (2.01.10-32.6), proftpd-basic (1.3.2c-1), apache2-doc (2.2.14-5ubuntu8.4), libtommath0 (0.39-3ubuntu1), usermin-virtual-server-theme (6.8), libdigest-hmac-perl (1.01-7), libreadline-ruby1.8 (1.8.7.249-2), libreadline5 (5.2-7build1), libsys-hostname-long-perl (1.4-2), ri1.8 (1.8.7.249-2), libdigest-sha1-perl (2.12-1build1)

I was able to resolve the procmail-wrapper problem earlier, but I just tried to install apache2-suexec-custom, and got this:

WARNING: The following packages cannot be authenticated! apache2-suexec-custom E: There are problems and -y was used without --force-yes

Many thanks for your help!

Simon

Thu, 08/28/2014 - 20:30
andreychek

Howdy,

Aha! I had momentarily forgotten that on Ubuntu/Debian, that although suexec is part of Apache, it's provided as a separate package (apache2-suexec-custom).

The correct thing to do is what you attempted, to install that package.

Now, that error you're receiving is an odd one... it's possible that the Ubuntu authentication key was removed at the time those other packages were uninstalled.

What you could try doing are to run these two commands:

apt-key update
apt-get update

After running those two commands, are you then able to install the apache2-suexec-custom package?

There are additional thoughts on resolving authentication key issues in these two Ubuntu postings:

http://askubuntu.com/questions/75565/why-am-i-getting-authentication-err...

http://askubuntu.com/questions/399742/warning-the-following-packages-can...

Thu, 08/28/2014 - 21:33 (Reply to #5)
aneysa

Thanks, Eric.

Still no joy.

I have run those commands, and also updated the server with public key manually as suggested in one of the links you provided. But still I get the same error message:

WARNING: The following packages cannot be authenticated!
  apache2-suexec-custom

When I ran the apt-get update some of the lines in the output were like this:

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/karmic-security/restricted/source/Sources.gz  404  Not Found [IP: 91.189.91.15 80]

Err http://security.ubuntu.com karmic-security/restricted Sources
  404  Not Found [IP: 91.189.91.15 80]

Right now my webserver is down, and I can't send email out because sasl is broken. I need to solve these urgently. What options do I have?

Your help is very much appreciated.

Thu, 08/28/2014 - 22:39
andreychek

Howdy,

Hmm, the apt repositories that failed are trying to update from Ubuntu 9.10 repositories.

Can you verify which Ubuntu version you're using now? You can do that by running this command:

cat /etc/issue

If that is indeed Ubuntu 10.04 -- was this system updated from 9.10 at one point?

-Eric

Thu, 08/28/2014 - 22:52
aneysa

Hi Eric,

This is what I've got:

> cat /etc/issue
Ubuntu 10.04.2 LTS

We have not updated the OS.

I've got the mail working again! The next stumbling block is Apache.

Thanks again.

Simon

Fri, 08/29/2014 - 03:19
aneysa

Hi Eric,

Nothing seems to get rid of this authentication problem. I think I have exhausted all possiple options suggested on the Ubuntu forums and elsewhere. The problem won't go away.

I tried reinstalling the key ring: >sudo aptitude reinstall ubuntu-archive-keyring and got this:

Reading package lists...
Building dependency tree...
Reading state information...
Reading extended state information...
Initializing package states...
Couldn't find any package whose name or description matched "ubuntu-archive-keyring"
Couldn't find any package whose name or description matched "ubuntu-archive-keyring"
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 116 not upgraded.
Need to get 0B of archives. After unpacking 0B will be used.
Reading package lists...
Building dependency tree...
Reading state information...
Reading extended state information...
Initializing package states...

Here is the state of the keyring: > sudo apt-key finger

/etc/apt/trusted.gpg
--------------------
pub   1024D/437D05B5 2004-09-12
      Key fingerprint = 6302 39CC 130E 1A7F D81A  27B1 4097 6EAF 437D 05B5
uid                  Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
sub   2048g/79164387 2004-09-12

pub   1024D/FBB75451 2004-12-30
      Key fingerprint = C598 6B4F 1257 FFA8 6632  CBA7 4618 1433 FBB7 5451
uid                  Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>

pub   1024D/A0BDBCF9 2005-07-11
      Key fingerprint = 31D2 B188 72EA F68E FB81  F81D E8DD 3FA0 A0BD BCF9
uid                  Virtualmin, Inc. <security@virtualmin.com>
sub   2048g/CB9262B0 2005-07-11

pub   1024D/11F63C51 2002-02-28
      Key fingerprint = 1719 003A CE3E 5A41 E2DE  70DF D97A 3AE9 11F6 3C51
uid                  Jamie Cameron <jcameron@webmin.com>
sub   1024g/1B24BE83 2002-02-28

pub   1024D/4F368D5D 2005-01-31 [expired: 2006-01-31]
      Key fingerprint = 4C7A 8E5E 9454 FE3F AE1E  78AD F1D5 3D8C 4F36 8D5D
uid                  Debian Archive Automatic Signing Key (2005) <ftpmaster@debian.org>

pub   1024D/ED17DA8C 2008-10-22 [expired: 2013-10-21]
      Key fingerprint = 2246 3AE3 3DB0 04F7 849D  2D0B D204 21CA ED17 DA8C
uid                  Paul Maszy (r1soft gpg key) <support@r1soft.com>

Afterwards I tried > sudo apt-get install apache2-suexec-custom -y and got the same old error:

Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  apache2-suexec-custom
0 upgraded, 1 newly installed, 0 to remove and 116 not upgraded.
Need to get 91.7kB of archives.
After this operation, 201kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
  apache2-suexec-custom
E: There are problems and -y was used without --force-yes

Something is fundamentally wrong. How is it possible that my installation ( Ubuntu 10.04) is looking for updates in 9.10?

Stuck.

I can't get any package that I desperately need to get the system functioning again. No Apache and no FTP!

Fri, 08/29/2014 - 09:46
andreychek

Howdy,

You mentioned in another post that you managed to get suexec installed -- did you fix the other issues you described as well? Or are you still seeing some of these issues?

-Eric

Topic locked