what happens if you use cyradm to log into the second host from the
first host using the proxy username and password?
I think xfer is going to connect on the imap port of the 2nd machine.
Is syslog in the debug level? if not, that might give you a better hint.
It seems that its the connection from the 1st to second server that's
tripping you up .
Do the two servers use the same source for authentication verification?
-Patrick
On Apr 18, 2006, at 1:29 PM, Perry Brown wrote:
PLease if anyone has any suggestions. I've been banging my head
against a desk on this one.
perry
I thought nscd might have been tripping me up so I tried by IP
address with the same results. Also thought it may be an issue
with a firewall between these 2 hosts blocking a port so I tried 2
other cyrus servers that do not have a FW between them with the
same result (anyone know what port(s) xfer uses?).
Any suggestions?
Thank you
Perry
I set up imapd.conf how I think it should be and restarted cyrus
(even rebooted hosts). I log into the source server cyradm:
sudo cyradm --user cyrus --server server1.sub1.domain.amazon.com
--auth plain
Run the xfer
server1.sub1.domain.com> xfer user.vbperry server2.sub2.domain.com
And get:
xfermailbox: Server(s) unavailable to complete operation
This is in log on source:
Apr 14 15:08:15 server1 imap[3434]: couldn't authenticate to
backend server: generic failure
Apr 14 15:08:15 server1 imap[3434]: Could not move mailbox:
user.vbperry, Initial backend connect failed
This is on destination server:
Apr 14 15:08:15 server2 imap[3022]: accepted connection
Apr 14 15:08:15 server2 master[3125]: about to exec /opt/mail/
cyrus-imapd/bin/imapd
Apr 14 15:08:15 server2 imap[3125]: executed
This is what the imapd.conf looks like on both servers.
defaultpartition: imap1
configdirectory: /var/imap
partition-imap1: /var/spool/imap1
admins: cyrus support
srvtab: /var/imap/srvtab
quotawarn: 85
popminpoll: 0
autocreatequota: 30000
sasl_pwcheck_method: saslauthd
lmtp_over_quota_perm_failure: 1
allowusermoves: yes
proxy_authname: cyrus
proxy_password: password
The systems are in different subdomains sub1.domain.com and
sub2.domain.com and when I tried to do the hostname_password
option it did not like dot's in the name so I did short names and
added the sub#.domain.com to the resolv.conf so each host could
ping by short name. I still got the error from above so I changed
the imapd.conf entry servername_password to proxy_password since
the cyrus account has the same password on both servers and still
got the error above.
Any ideas what I am missing?
Thank you
Perry
Perry Brown wrote:
Thank you for the reply. Some follow up questions. (sorry to be
so dense I'm making this change on production servers so wanted
to make sure I've got it right).
SASL is running as: /usr/sbin/saslauthd -m /var/run/saslauthd -
a pam
Our pam.d configs for both imap and pop look like
auth required /lib/security/pam_stack.so
service=system-auth
account required /lib/security/pam_stack.so
service=system-auth
Looking at the install-murder doc I should set up all the boxes
like they where frontends? (I pasted in what I think will only
apply to my set up from install-murder).
Additional backend configuration
If your authentication system requires usernames, passwords,
etc, to authenticate (e.g. it isn't Kerberos), then you will
also need to specify proxy_authname (and friends) in the
backend imapd.confs as well. This is so that the backends can
authenticate to eachother to facilitate maibox moves. (Backend
machines will need to be full admins).
In short I just need to set up a common user account in the OS
on each box and define the user as proxy_authname: and put the
password for that account listed as host1_password: and
host2_password etc....
Correct.
Do I need to add this proxy_authname to imapd.conf admins: as
well for the full admins requirement?
Yes.
Perry Brown wrote:
Hi All,
We are running cyrus-imap 2.2.8 and sasl 2.1.15. We have two
RHEL 3 servers with about 4800 users split between them.
I am looking to migrate the users to 2 new RHEL3 hosts with
the same cyrus-imap and sasl versions. I added the
allowusermoves to imapd.conf restarted cyrus and tried to do a
test move.
host1.domain.com> xfer user/ host2.domain.com
xfermailbox: Mailbox does not exist
Both cyrus-imap and cyrus-sasl where compiled with --enable-
murder (least that is what my notes say is there a way to
verify?), but it looks like murder has not been set up with a
master or imapd.conf file changes.
Question, Is it possible to xfer a mailbox without configuring
murder?
Yes and no. You don't need mupdate, but the backends need to
know how
to authenticate to each other. Look at install-murder.html and
take a
look at the stuff regarding authentication. Also note that you
can't
XFER the entire user/ hierarchy with one command, you have to
do it one
user at a time. Assuming that you're using unixhierachysep,
you would do:
xfer user/vbperry host2
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
--
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html