On May 2, 2006, at 4:19 PM, Perry Brown wrote:
On May 2, 2006, at 3:24 PM, Perry Brown wrote:
I log into imtest:
/opt/mail/cyrus-imapd/bin/imtest -t "" -p imap -u cyrus -a cyrus -
m plain
Run
C: XFER user.vbperry server2.sub2.domain.com
and get
C: NO Server(s) unavailable to complete operation
Am I using the right auth mode? should the imtest connect or
xfer command be formatted differently? I looking in the archives
and could not locate the thread you mentioned, was that on list?
No, our discussion was off list.
What does syslog say (on both servers)?
We have cyrus logging to local6 so I'll assume that is what you are
interested in.
On source server:
May 2 13:11:42 server1 imap[5927]: starttls: TLSv1 with cipher
AES256-SHA (256/256 bits new) no authentication
May 2 13:11:46 server1 imap[5927]: login: localhost.localdomain
[127.0.0.1] cyrimap PLAIN+TLS User logged in
May 2 13:12:12 server1 imap[5927]: couldn't authenticate to
backend server: generic failure
May 2 13:12:12 server1 imap[5927]: Could not move mailbox:
user.vbperry, Initial backend connect failed
On Destination server:
May 2 13:12:12 server2 master[6574]: about to exec /opt/mail/cyrus-
imapd/bin/imapd
May 2 13:12:12 server2 imap[6574]: executed
Can you log in with imtest to the 2nd server?
Yes
server1.sub1% /opt/mail/cyrus-imapd/bin/imtest -t "" -p imap -u
cyrus -a cyrus -m plain server2.sub2
S: * OK server2.sub2.domain.com Cyrus IMAP4 v2.2.8 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-
REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN
MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES
ANNOTATEMORE IDLE STARTTLS AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-
MD5 SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256
bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-
REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN
MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES
ANNOTATEMORE IDLE AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI AUTH=DIGEST-MD5
AUTH=CRAM-MD5 SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
S: C01 OK Completed
Please enter your password: <<enter passwd for cyrus account
C: A01 AUTHENTICATE PLAIN Y3lyaW1hcABjeXJpbWFwAGpTdXZTMTFz
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256
Do you allow other SASL mechanisms? I think what we tried with
Richard may have only worked since PLAIN is the only mechanism
his 2nd server offered.
What other mechanism does your secondary server offer? it should
be part of the CAPABILITY response when imtest logs in.
It's offering
AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5
Should the connect use plain since it is the first available? How
can I disbale the other AUTH mechanisms?
Its not the first available though. If you look at the first
capability call, PLAIN isn't offered. Its only get seen after the
STARTTLS when the CAPABILITY called is offered again.
To remove the other Auth mechanisms (I'm assuming you don't use them),
put
sasl_mech_list: PLAIN
in your imapd.conf file on the second machines.
-Patrick
-Patrick
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
