Hi I'm trying to set up a cyrus murder set of boxes on 2.3.16 to eventually replace our single creaking dovecot server, and am currently failing to get a working configuration. My current intention is to have switch-101 (frontend + murder master) switch-102 (frontend) store-101 (backend) store-102 (backend) with user authentication being done via saslauthd against pam (which in turn looks at ldap). On the frontend + murder master box, I've got the following imapd.conf (sanitized): ======================== admins: cyrus cyrus-frontend allowplaintext: false allowusermoves: true configdirectory: /var/lib/imap delete_mode: delayed duplicate_db: skiplist expunge_mode: delayed force_sasl_client_mech: plain hashimapspool: true improved_mboxlist_sort: true lmtp_downcase_rcpt: true mupdate_config: unified normalizeuid: true partition-default: /var/spool/imap proxy_authname: cyrus-frontend proxyd_disable_mailbox_referrals: true proxy_password: ******** ptscache_db: skiplist sasl_mech_list: DIGEST-MD5 PLAIN LOGIN sasl_pwcheck_method: saslauthd auxprop serverlist: store-101 sieve_allowreferrals: false sievedir: /var/lib/imap/sieve statuscache_db: skiplist tlscache_db: skiplist tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt tls_cert_file: /etc/pki/tls/certs/wildcard.pem tls_key_file: /etc/pki/tls/certs/wildcard.pem unix_group_enable: false ======================== And on the backend boxes I have: ======================== admins: cyrus cyrus-frontend allowallsubscribe: true allowplaintext: false allowusermoves: true configdirectory: /var/lib/imap delete_mode: delayed duplicate_db: skiplist expunge_mode: delayed hashimapspool: true improved_mboxlist_sort: true lmtp_downcase_rcpt: true mupdate_authname: cyrus-frontend mupdate_password: ******** mupdate_server: switch-101 mupdate_username: cyrus-frontend normalizeuid: true partition-default: /var/spool/imap proxyservers: cyrus-frontend ptscache_db: skiplist sasl_mech_list: DIGEST-MD5 PLAIN LOGIN sasl_pwcheck_method: auxprop sievedir: /var/lib/imap/sieve statuscache_db: skiplist tlscache_db: skiplist tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt tls_cert_file: /etc/pki/tls/certs/wildcard.pem tls_key_file: /etc/pki/tls/certs/wildcard.pem unix_group_enable: false ===================== These configs do let me log in on the frontend and do a LIST, but when I try and do a SELECT it fails: from switch-101: couldn't authenticate to backend server: authentication failure from store-101: badlogin: switch-101 [10.10.10.37] PLAIN [SASL(-16): encryption needed to use mechanism: security flags do not match required Is there something obvious that I'm missing in my configuration? Or could I ask for some kind soul to send me a known-good sample murder configuration set of imapd.conf files that I can at least start from? Thanks Simon ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
