If you want to use PAM (via saslauthd), then you shouldn't have to use
saslpasswd2. Like I said earlier, unless your IMAP client can do
referrals, you only need the user credentials on the frontends.
If you're trying to delete a toplevel mailbox, you need to give the
admin the 'c' right before you can delete the mailbox.
rupert wrote:
> i followed some howtos on the net and provides wit cyrus,
> it uses pam to store some stuff in a mysql 5.1 DB.
> i can only login with imtest when i create the user I created with
> saslpasswd2 and "cm user.*" also create this user in the DB,
> which was installed during the web-cyradmin installation.
>
> Do I understand right that I have the db with the user accounts on the
> frontend and the mailboxes on the backend, so I dont need any DB and
> accounts in the sasldb1 on the backend?
>
> Another point is that I cant delete any user with dm, it asks for a
> password, when i enter the correct one it asks again until i enter a
> wrong one..!
>
> not an easy setup, but its making progress...
>
>
>
> here are my config file:
> frontend/mupdater
> admins: cyrus cyrus-frontend cyrus-backend
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> #admins: cyrus
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
>
> ##
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN LOGIN DIGEST-MD5
> sasl_auxprop_plugin: sasldb
> sasl_minimum_layer: 0
> sasl_auto_transition: no
>
> #sasl_pwcheck_method: auxprop
> #sasl_auxprop_plugin: sasldb
> #sasl_auxprop_plugin: sql
> #sasl_sql_engine: mysql
> #sasl_sql_hostnames: localhost
> #sasl_sql_user: sqlpassword
> #sasl_sql_database: cyrus
> #sasl_sql_verbose: no
> #sasl_sql_select: SELECT password FROM cyrus_mail WHERE username = '%u'
> AND active='1'
> #sasl_sql_usessl: 0
> #allowplaintext: yes
>
> tls_cert_file: /etc/pki/cyrus-imapd/cyrus- imapd.pem
> tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
>
> postmaster: postmaster
> allowanonymouslogin: no
> allowplaintext: yes
> # servername: localhost
> autocreatequota: 10000
> reject8bit: no
> quotawarn: 90
> timeout: 30
> poptimeout: 10
> dracinterval: 0
> drachost: localhost
> sieve_maxscriptsize: 32
> sieve_maxscripts: 5
> #unixhierarchysep: yes
> #tls_ca_file:/var/lib/imap/server.pem
> #tls_cert_file:/var/lib/imap/server.pem
> #tls_key_file:/var/lib/imap/server.pem
> realm: mailfarm21.local
> ##################
> # MUPDATE Master #
> ##################
> servername: mail2.mailfarm21.local
>
>
> # hier kommt der backend server
> proxy_authname: cyrus-frontend
> mail1_password: secret
> proxy_password: secret
> #proxyservers: mail1.mailfarm21.local
> proxyd_disable_mailbox_referrals: 1
>
> ## mupdate client?
> mupdate_server: mail2.mailfarm21.local
> mupdate_port: 3905
> mupdate_username: cyrus-frontend
> mupdate_authname: cyrus-frontend
> mupdate_password: secret
>
>
>
> backend:
>
> admins: cyrus cyrus-frontend cyrus-backend
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
>
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
>
> tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
>
> postmaster: postmaster
> allowanonymouslogin: no
> allowplaintext: yes
> servername: localhost
> autocreatequota: 10000
> reject8bit: no
> quotawarn: 90
> timeout: 30
> poptimeout: 10
> dracinterval: 0
> drachost: localhost
> sieve_maxscriptsize: 32
> sieve_maxscripts: 5
> #unixhierarchysep: yes
> #tls_ca_file:/var/lib/imap/server.pem
> #tls_cert_file:/var/lib/imap/server.pem
> #tls_key_file:/var/lib/imap/server.pem
>
> ## sasl kram
> sasl_auxprop_plugin: sasldb
> sasl_pwcheck_method: saslauthd
> #sasl_pwcheck_method: auxprop
> sasl_mech_list: plain login DIGEST-MD5
>
>
> #################
> # mupdate slave #
> #################
> mupdate_server: mail2.mailfarm21.local
> mupdate_port: 3905
> mupdate_username: cyrus-backend
> mupdate_authname: cyrus-backend
> mupdate_password: secret
> #mupdate_config: unified
>
> # frontendzugriff
> proxyservers: mail2.mailfarm21.local
> proxy_authname: cyrus-backend
>
> # transfer between backends
> allowusermoves: yes
> allowsubscribes: yes
>
> cyrus.conf
>
> # standard standalone server implementation
>
> START {
> # do not delete this entry!
> recover cmd="ctl_cyrusdb -r"
>
> # this is only necessary if using idled for IMAP IDLE
> idled cmd="idled"
> #
> # resync the mailbox with the master at startup
> mupdatepush cmd="ctl_mboxlist -m"
> }
>
> # UNIX sockets start with a slash and are put into /var/lib/imap/sockets
> SERVICES {
> # add or remove based on preferences
> imap cmd="imapd" listen="imap" prefork=5
> imaps cmd="imapd -s" listen="imaps" prefork=1
> pop3 cmd="pop3d" listen="pop3" prefork=3
> pop3s cmd="pop3d -s" listen="pop3s" prefork=1
> sieve cmd="timsieved" listen="sieve" prefork=0
>
> # these are only necessary if receiving/exporting usenet via NNTP
> # nntp cmd="nntpd" listen="nntp" prefork=3
> # nntps cmd="nntpd -s" listen="nntps" prefork=1
>
> # at least one LMTP is required for delivery
> # lmtp cmd="lmtpd" listen="lmtp" prefork=0
> lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
>
> # this is only necessary if using notifications
> # notify cmd="notifyd" listen="/var/lib/imap/socket/notify"
> proto="udp" prefork=1
>
> #
> mupdate cmd="/usr/lib/cyrus-imapd/mupdate" listen="3905" prefork=1
> fud cmd="fud" proto="udp" listen="4201" profork=0 maxchilds=10
>
> }
>
> EVENTS {
> # this is required
> checkpoint cmd="ctl_cyrusdb -c" period=30
>
> # this is only necessary if using duplicate delivery suppression,
> # Sieve or NNTP
> delprune cmd="cyr_expire -E 3" at=0400
> #delprune cmd="ctl_deliver -E 3" period=1440
> # this is only necessary if caching TLS sessions
> tlsprune cmd="tls_prune" at=0400
>
> # Squat failed, helps
> squatter cmd="squatter -r user" period=1440
> }
>
> On Jan 11, 2008 2:30 PM, Ken Murchison <murch@xxxxxxxxxxxxxx
> <mailto:murch@xxxxxxxxxxxxxx>> wrote:
>
> rupert wrote:
> > another questions is:
> > does the mysql database have to be on both machines or does the
> frontend
> > cyrus get its data from the backend and doesnt store anything
> inside its
> > local DB?
>
> What MySQL database? For authentication? All user credentials need to
> be verified on the frontends. If you IMAP client(s) support referrals,
> then they might also authenticate directly on the backends. Otherwise,
> only the "murder" user authenticates on the backends.
>
>
>
> > I created a new domain and user on the backend with web-cyradm and on
> > the frontend/mupdate i can get the data with lm, but I cant
> connect with
> > a mail client.
> >
> > On Jan 11, 2008 1:13 PM, Rupertt <rupertt@xxxxxxxxx
> <mailto:rupertt@xxxxxxxxx>
> > <mailto: rupertt@xxxxxxxxx <mailto:rupertt@xxxxxxxxx>>> wrote:
> >
> > Ken Murchison wrote:
> >> rupert wrote:
> >>
> >>> Hello first,
> >>> I was able to set up an murder cluster with one backend and
> a frontend
> >>> which also acts as a mupdate server.
> >>> i could get the mailbox accounts from the backend, which was a
> >>> standalone before.
> >>> I read that now the murder is running i should "only"
> create accounts on
> >>> the frontend and dont do anything manually on the backend,
> right?
> >>>
> >>> When I now create a user with web-cyradm on the frontend it
> creates the
> >>> entry in the DB, but the logfile says:
> >>>
> >>> Jan 11 12:34:02 mail2 mupdate[2166]: cmd_set(fd:18, user.ralf)
> >>> Jan 11 12:34:02 mail2 imap[2183]: mupdate NO response:
> mailbox already
> >>> exists
> >>> Jan 11 12:34:02 mail2 imap[2183]: MUPDATE: can't reserve
> mailbox entry
> >>> for 'user.ralf'
> >>> Jan 11 12:34:02 mail2 imap[2183]: autocreateinbox: User
> ralf, INBOX
> >>> failed. unable to reserve mailbox on mupdate server
> >>>
> >>>
> >>> when i try to add the user with "cm ralf" i get a
> permission denied
> >>> error in the cyradm console.
> >>>
> >>> i could add a new mailbox on the backend by hand and when I
> do a "lm" on
> >>> the frontend the new account gets listed there.
> >>>
> >>> So how can I proceed?
> >>>
> >> Toplevel mailboxes MUST be created on the backend.
> >>
> >>
> >>
> > you mean like "ralf", well i tried "user.ralf" and it still
> does not
> > work.
> >
> > this is my current list:
> >
> > sam (\HasNoChildren) user.sigi (\HasChildren)
> > testuser (\HasNoChildren) user.sigi.Sent (\HasNoChildren)
> > user.box1 (\HasNoChildren) user.sigi.Trash
> (\HasNoChildren)
> > user.jon (\HasNoChildren) user.tb0001 (\HasNoChildren)
> > user.roy (\HasChildren) user.test1 (\HasNoChildren)
> > user.roy.Sent (\HasNoChildren) user.test2 (\HasNoChildren)
> > user.roy.Trash (\HasNoChildren) user.testuser (\HasNoChildren)
> >
> >
> >
> >
>
>
> --
> Kenneth Murchison
> Systems Programmer
> Project Cyrus Developer/Maintainer
> Carnegie Mellon University
>
>
>
> ------------------------------------------------------------------------
>
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
--
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
