Hi, I set up 2 servers (2.3.3) today to operate in a murder (both running unified). They are called master.leunet.lan and slave.leunet.lan. mupdate seems to be running fine so far, but if one imapd should proxy for the other it won't work. Here's what I did: - created an inbox for a new user on master - logged onto master using cyradm (authenticating as user) - created a child mailbox INBOX/test - logged onto slave using cyradm, checked for mailbox existance (both INBOX and INBOX/test are there) Then I issued a "cm INBOX/test2" and got: createmailbox: Server(s) unavailable to complete operation The slave imapd's log looks like this: May 13 20:25:29 slave <error> imap[25582]: Doing a peer verify May 13 20:25:29 slave <error> imap[25582]: Doing a peer verify May 13 20:25:29 slave <debug> imap[25582]: received server certificate May 13 20:25:29 slave <notice> imap[25582]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication May 13 20:25:29 slave <notice> imap[25582]: No worthy mechs found May 13 20:25:29 slave <error> imap[25582]: couldn't authenticate to backend server: no mechanism available May 13 20:30:03 slave <debug> imap[25621]: executed May 13 20:30:03 slave <debug> imap[25621]: accepted connection May 13 20:30:04 slave <notice> imap[25621]: login: localhost.localdomain [127.0.0.1] manager plaintext User logged in The master imapd's log looks like that: May 14 03:28:44 master <debug> imap[19305]: executed May 14 03:28:44 master <debug> imap[19305]: accepted connection May 14 03:28:45 master <debug> imap[19305]: mystore: starting txn 2147483658 May 14 03:28:45 master <debug> imap[19305]: mystore: committing txn 2147483658 May 14 03:28:45 master <notice> imap[19305]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication I'm using self-signed certificates and after fiddling a while I entered the ca certificate into the configuration using tls_ca_file, but actually that changed nothing. I'm not even sure the problem I have is related to TLS. I'd really appreciate if someone who knows what's going on could please take a look at my configuration. Maybe the problem's obvious, but I'm at my wits end. Here's goes my configuration. --------------------------- master --------------------------- configdirectory: /kolab/var/imapd partition-default: /kolab/var/imapd/spool allowusermoves: 0 admins: manager sasl_pwcheck_method: saslauthd sasl_mech_list: plain login sendmail: /kolab/sbin/sendmail allowanonymouslogin: no allowplaintext: yes servername: master.leunet.lan autocreatequota: 100000 reject8bit: no munge8bit: no quotawarn: 80 lmtp_over_quota_perm_failure: 1 timeout: 30 sievedir: /kolab/var/imapd/sieve lmtpsocket: /kolab/var/kolab/lmtp allowapop: no tls_ca_file: /kolab/etc/kolab/cacert.pem tls_ca_path: /kolab/etc/kolab tls_cert_file: /kolab/etc/kolab/cert.pem tls_key_file: /kolab/etc/kolab/key.pem tls_cipher_list: ALL sasl_minimum_layer: 0 altnamespace: 0 unixhierarchysep: yes lmtp_downcase_rcpt: yes username_tolower: 1 hashimapspool: yes loginrealms: leunet.lan leunet.lan ldap_uri: ldap://127.0.0.1:389 ldap_base: dc=leunet,dc=lan ldap_bind_dn: cn=nobody,cn=internal,dc=leunet,dc=lan ldap_password: aO0TcJiuIHEu445AFo0HAyivgjosyWxSq+dxgkgE ldap_time_limit: 15 virtdomains: ldap mupdate_config: unified mupdate_server: master.leunet.lan mupdate_port: 3905 mupdate_authname: manager mupdate_password: MYPASS proxyservers: manager proxy_authname: manager proxy_passwd: MYPASS proxy_realm: leunet.lan postuser: kolab userprefix: user sharedprefix: shared --------------------------- master --------------------------- --------------------------- slave --------------------------- configdirectory: /kolab/var/imapd partition-default: /kolab/var/imapd/spool allowusermoves: 0 admins: manager sasl_pwcheck_method: saslauthd sasl_mech_list: plain login sendmail: /kolab/sbin/sendmail allowanonymouslogin: no allowplaintext: yes servername: slave.leunet.lan autocreatequota: 100000 reject8bit: no munge8bit: no quotawarn: 80 lmtp_over_quota_perm_failure: 1 timeout: 30 sievedir: /kolab/var/imapd/sieve lmtpsocket: /kolab/var/kolab/lmtp allowapop: no tls_ca_path: /kolab/etc/kolab tls_ca_file: /kolab/etc/kolab/cacert.pem tls_cert_file: /kolab/etc/kolab/cert.pem tls_key_file: /kolab/etc/kolab/key.pem tls_cipher_list: ALL sasl_minimum_layer: 0 altnamespace: 0 unixhierarchysep: yes lmtp_downcase_rcpt: yes username_tolower: 1 hashimapspool: yes loginrealms: leunet.lan leunet.lan ldap_uri: ldap://127.0.0.1 ldap_base: dc=leunet,dc=lan ldap_bind_dn: cn=nobody,cn=internal,dc=leunet,dc=lan ldap_password: aO0TcJiuIHEu445AFo0HAyivgjosyWxSq+dxgkgE ldap_time_limit: 15 virtdomains: ldap mupdate_config: unified mupdate_server: master.leunet.lan mupdate_port: 3905 mupdate_authname: manager mupdate_password: MYPASS proxyservers: manager proxy_authname: manager proxy_passwd: MYPASS proxy_realm: leunet.lan mupdate_workers_max: 2 mupdate_workers_maxspare: 1 mupdate_workers_minspare: 0 mupdate_workers_start: 1 postuser: kolab userprefix: user sharedprefix: shared --------------------------- slave --------------------------- I also tried some other things that aren't in the config any longer, eg. adding "master_passwd: MYPASS", adding "master_mechs: PLAIN" or removing the proxy_realm from the slave's setup. Unfortunately I don't have the slightest idea what's going on with the authentication. btw, I know that putting manager as proxyuser and admin is probably not the best idea, but this setup is only meant for evaluation. The mupdate server is running on the master as well but it has its own config-directory and partition. I'd appreciate anything that could hint me into the right direction. :-) Kind regards, Michael ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
