On May 2, 2006, at 3:24 PM, Perry Brown wrote:
I log into imtest:
/opt/mail/cyrus-imapd/bin/imtest -t "" -p imap -u cyrus -a cyrus -m plain
Run
C: XFER user.vbperry server2.sub2.domain.com
and get
C: NO Server(s) unavailable to complete operation
Am I using the right auth mode? should the imtest connect or xfer command
be formatted differently? I looking in the archives and could not locate
the thread you mentioned, was that on list?
No, our discussion was off list.
What does syslog say (on both servers)?
We have cyrus logging to local6 so I'll assume that is what you are
interested in.
On source server:
May 2 13:11:42 server1 imap[5927]: starttls: TLSv1 with cipher AES256-SHA
(256/256 bits new) no authentication
May 2 13:11:46 server1 imap[5927]: login: localhost.localdomain [127.0.0.1]
cyrimap PLAIN+TLS User logged in
May 2 13:12:12 server1 imap[5927]: couldn't authenticate to backend server:
generic failure
May 2 13:12:12 server1 imap[5927]: Could not move mailbox: user.vbperry,
Initial backend connect failed
On Destination server:
May 2 13:12:12 server2 master[6574]: about to exec
/opt/mail/cyrus-imapd/bin/imapd
May 2 13:12:12 server2 imap[6574]: executed
Can you log in with imtest to the 2nd server?
Yes
server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -t "" -p imap -u cyrus -a
cyrus -m plain server2.sub2
S: * OK server2.sub2.domain.com Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS
AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED
X-NETSCAPE
S: C01 OK Completed
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY
SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=PLAIN
AUTH=LOGIN AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR LISTEXT
LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
Please enter your password: <<enter passwd for cyrus account
C: A01 AUTHENTICATE PLAIN Y3lyaW1hcABjeXJpbWFwAGpTdXZTMTFz
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256
Do you allow other SASL mechanisms? I think what we tried with Richard may
have only worked since PLAIN is the only mechanism his 2nd server offered.
What other mechanism does your secondary server offer? it should be part
of the CAPABILITY response when imtest logs in.
It's offering
AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5
Should the connect use plain since it is the first available? How can I
disbale the other AUTH mechanisms?
Thank you
Perry
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
