<div id="mb_0">Good day, List,<br><br>I'm trying to set up murder here.
I have let's say three servers. One for backend, one for frontend and
one for mupdate server. Problem is, that I'm not able to set up mupdate
part. Mupdate server is working as master(mupdate -m on the master
server). Authentication is done via
saslauthd->pam->pam_mysql.so.
<br>cyrus.conf looks like that:<br>SERVICES {<br> mupdate cmd="/usr/lib/cyrus-imapd/mupdate -m" listen=3905 prefork=1<br>}<br>imapd.conf:<br>configdirectory: /var/lib/imap<br>partition-default: /tmp
<br>mupdate_config: standard<br>mupdate_admins: cyrus murder<br>admins: cyrus murder<br><br>allowplaintext:yes<br>sasl_pwcheck_method: saslauthd<br>sasl_mech_list: PLAIN<br>sasl_minimum_layer: 0<br><br>I think that shoul be OK, because I'm able to authenticate with mupdatetest from backend or even frontend:
<br>bash-3.1$ mupdatetest -u murder -a murder mu1.cluster.tld<br>S: * AUTH "PLAIN"<br>S: * PARTIAL-UPDATE<br>S: * OK MUPDATE "mu1.cluster.tld" "Cyrus Murder" "v2.3.7-Invoca-RPM-2.3.7-1.1.el5
" "(master)"<br>Please enter your password:<br>C: A01 AUTHENTICATE "PLAIN" {28+}<br>bXVyZGVyAG11cmRlcgBzbGFwdGE=<br>S: A01 OK "Authenticated"<br>Authenticated.<br>Security strength factor: 0
<br><br>In mupdate server I have beautiful logs, that login successful:<br>/var/log/maillog<br>Aug 14 12:31:02 mu1 mupdate[1783]: login: be1 [<a href="http://192.168.1.10/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
192.168.1.10</a>] murder PLAIN User logged in<br>
Aug 14 12:31:03 mu1 mupdate[1783]: accepted connection<br>Aug 14 12:31:35 mu1 last message repeated 5 times<br>Aug 14 12:32:39 mu1 last message repeated 11 times<br>Also there are pam_mysql logs and so on. I think that is ok.
<br><br>BUT backend server is not able to authenticate to mupdate. backend's imapd.conf:<br>#<br>#Genereal Cyrus Configuration<br>#<br>configdirectory: /var/lib/imap<br>defaultpartition: default<br>partition-default: /var/spool/imap
<br>altnamespace: no<br>unixhierarchysep: no<br>admins: cyrus<br>proxyservers: murder<br>allowanonymouslogin: no<br>hashimapspool: true<br>#<br>#Authentication<br>#<br>allowplaintext:yes<br>sasl_pwcheck_method: saslauthd
<br>
sasl_mech_list: PLAIN<br>sasl_minimum_layer: 0<br>#<br>#Murder Config<br>#<br>mupdate_server: mu1.cluster.tld<br>mupdate_username: murder<br>mupdate_authname: murder<br>mupdate_password: slapta<br>mupdate_retry_delay: 5<br>
<br>And in logs I have errors:<br>/var/log/messages<br>Aug 14 12:37:07 be1 ctl_mboxlist[2164]: No worthy mechs found<br>In /var/log/maillog and /var/log/secure nothing related to that.<br>I'm trying to export mailbox db to mupdate server manually:
<br>[root@be1 beast]# su cyrus<br>bash-3.1$/usr/lib/cyrus-imapd/ctl_mboxlist -m <br>couldn't connect to mupdate server<br>bash-3.1$<br>Then again in /var/log/messages:<br>Aug 14 12:41:48 be1 ctl_mboxlist[2191]: No worthy mechs found
<br>I even tried with strace. I saw IP resolving, ports and etc. So, it looks like some work was done. <br>On mupdate server I have these logs (successful login from earlier connection with mupdatetest):<br>/var/log/maillog
<br>Aug 14 12:31:02 mu1 mupdate[1783]: login: be1 [<a href="http://192.168.1.10/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.10</a>] murder PLAIN User logged in<br>Aug 14 12:31:03 mu1 mupdate[1783]: accepted connection
<br>Aug 14 12:31:35 mu1 last message repeated 5 times
<br>Aug 14 12:32:39 mu1 last message repeated 11 times<br>Aug 14 12:33:41 mu1 last message repeated 10 times<br>Aug 14 12:34:42 mu1 last message repeated 11 times<br>Aug 14 12:35:43 mu1 last message repeated 9 times<br>Aug 14 12:36:53 mu1 last message repeated 13 times
<br>Aug 14 12:37:56 mu1 last message repeated 11 times<br>Aug 14 12:39:02 mu1 last message repeated 11 times<br>Aug 14 12:40:08 mu1 last message repeated 11 times<br>Aug 14 12:41:12 mu1 last message repeated 11 times<br>
Aug 14 12:42:18 mu1 last message repeated 13 times
<br>Aug 14 12:43:24 mu1 last message repeated 12 times<br>So connection was made (I've found that with tcpdump listening on both server eth0 with host mu1 and host be1 respectivly).<br><br>On
the frontend server I have similar messages except one additional -
frontend proxy is unable to authenticate to backend server:
<br>Aug 14 12:48:19 fe1 mupdate[1601]: couldn't connect to mupdate server<br>Aug 14 12:48:19 fe1 mupdate[1601]: retrying connection to mupdate server in 10 seconds<br>Aug 14 12:48:24 fe1 mupdate[1600]: couldn't authenticate to backend server: no mechanism available
<br>Aug 14 12:48:24 fe1 mupdate[1600]: couldn't connect to mupdate server<br>Aug 14 12:48:24 fe1 mupdate[1600]: retrying connection to mupdate server in 10 seconds<br>Aug 14 12:48:29 fe1 mupdate[1601]: couldn't authenticate to backend server: no mechanism available
<br>Aug 14 12:48:29 fe1 mupdate[1601]: couldn't connect to mupdate server<br>Aug 14 12:48:29 fe1 mupdate[1601]: retrying connection to mupdate server in 11 seconds<br>Aug 14 12:48:34 fe1 mupdate[1600]: couldn't authenticate to backend server: no mechanism available
<br>Aug 14 12:48:34 fe1 mupdate[1600]: couldn't connect to mupdate server<br>Aug 14 12:48:34 fe1 mupdate[1600]: retrying connection to mupdate server in 13 seconds<br><br>So
I think the problem is with authentication setup. But I don't know
how/where exactly the problem is. Maybe someone could point where to
look, or maybe someone could explain how lets say authentication is
done for imapproxy. <br>When frontend is trying to connect to backend, how it is trying
to connect? simple imap authentication? But then on the backend
authentication should be done with saslauthd (I'm able simply login to
backend sever imap service (pam->pam_mysql.so)).
<br><br>I'm stuck in a loop, but I need to make it work fast :(<br><br>I hope someone will point me out where to look.<br><br>With Best Regards,<br><span class="sg"><br>Daniel<br>
</span></div>