-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
HI,
I'm trying to migrate users from one backend cyrus 2.3.7 server to
another. I've got the imapd.conf on the servers set up so that
authentication is working between them just fine (using gssapi). When I run
the xfer command from inside cyradm, I get the following error:
cyrus1.mail.rice.edu> xfer user/wilma cyrus2.mail.rice.edu
xfermailbox: The remote Server(s) denied the operation
Examining the protocol log on cyrus2 shows me:
<1154539042<LC1 LOCALCREATE {10+}
user/wilma
>1154539042>LC1 OK Completed
<1154539042<D01 UNDUMP {10+}
user/wilma (NIL {2}
>1154539042>+ go ahead
>1154539042>D01 NO Bad protocol
>1154539042>* BYE decoding error: generic failure; SASL(-1): generic
failure: security flags do not match required
And the syslog shows:
Aug 2 12:09:15 cyrus1 master[20761]: about to exec
/usr/site/cyrus-imapd-2.3.7/bin/imapd
Aug 2 12:09:15 cyrus1 imap[20761]: executed
Aug 2 12:09:15 cyrus1 imap[20761]: accepted connection
Aug 2 12:09:15 cyrus1 imap[20761]: login: cyrus1.mail.rice.edu
[10.129.93.100] mailadmin GSSAPI User logged in
Aug 2 12:17:22 cyrus1 imap[20761]: Could not move mailbox: user.wilma,
UNDUMP failed
Aug 2 12:17:22 cyrus1 imap[20761]: Could not back out remote mailbox
during move of user/wilma (Server(s) unavailable to complete operation)
And then the mailbox is in an untenable state. An empty mailbox exists on
cyrus2, but on cyrus1 it's marked as a remote mailbox, so further attempts
to do anything to it fail. The only way I've been able to return to a
working state is to dump the mailboxes.db to text, edit the entry for that
mailbox to be on a local partition again, and then reimport it.
Here are some relevant lines from my imapd.conf (the same on both cyrus1 &
cyrus2)
admins: mailadmin
allowusermoves: 1
proxy_authname: mailadmin
proxyservers: mailadmin
I tried setting a defaultacl on cyrus2, but that didn't apply to the newly
created mailbox.
Am I missing something obvious? Should I have created "user" as a mailbox
first, with the default acl set appropriately, and only then created all
the "user/foo" mailboxes? Right now, "user" isn't a mailbox, so trying to
put an acl on it fails.
-paul
- --
Paul D. Engle | Rice University
Sr. Systems Administrator | Information Technology - MS119
(713) 348-4702 | P.O. Box 1892
pengle@xxxxxxxx | Houston, TX 77251-1892
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFE0OFvCpkISWtyHNsRAnhYAJ9JeKZjFMgnIDliE92iE/y5dd26YACdFvnN
YOhS1Gjj5N52se0DwpJBNt4=
=U9Yd
-----END PGP SIGNATURE-----
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
