does xfer require murder?

Perry Brown vbperry at hotmail.com
Fri Apr 14 18:31:59 EDT 2006 

I set up imapd.conf how I think it should be and restarted cyrus (even 
rebooted hosts). I log into the source server cyradm:
sudo cyradm --user cyrus --server server1.sub1.domain.amazon.com --auth 
plain

Run the xfer
server1.sub1.domain.com> xfer user.vbperry server2.sub2.domain.com

And get:
xfermailbox: Server(s) unavailable to complete operation

This is in log on source:
Apr 14 15:08:15 server1 imap[3434]: couldn't authenticate to backend server: 
generic failure
Apr 14 15:08:15 server1 imap[3434]: Could not move mailbox: user.vbperry, 
Initial backend connect failed

This is on destination server:
Apr 14 15:08:15 server2 imap[3022]: accepted connection
Apr 14 15:08:15 server2 master[3125]: about to exec 
/opt/mail/cyrus-imapd/bin/imapd
Apr 14 15:08:15 server2 imap[3125]: executed

This is what the imapd.conf looks like on both servers.
defaultpartition: imap1
configdirectory: /var/imap
partition-imap1: /var/spool/imap1
admins: cyrus support
srvtab: /var/imap/srvtab
quotawarn: 85
popminpoll: 0
autocreatequota: 30000
sasl_pwcheck_method: saslauthd
lmtp_over_quota_perm_failure: 1
allowusermoves: yes
proxy_authname: cyrus
proxy_password: password

The systems are in different subdomains sub1.domain.com and sub2.domain.com 
and when I tried to do the hostname_password option it did not like dot's in 
the name so I did short names and added the sub#.domain.com to the 
resolv.conf so each host could ping by short name. I still got the error 
from above so I changed the imapd.conf entry servername_password to 
proxy_password since the cyrus account has the same password on both servers 
and still got the error above.


Any ideas what I am missing?

Thank you
Perry








>Perry Brown wrote:
>>Thank you for the reply. Some follow up questions. (sorry to be so dense 
>>I'm making this change on production servers so wanted to make sure I've 
>>got it right).
>>
>>
>>SASL is running as: /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
>>
>>Our pam.d configs for both imap and pop look like
>>auth       required     /lib/security/pam_stack.so service=system-auth
>>account    required     /lib/security/pam_stack.so service=system-auth
>>
>>
>>Looking at the install-murder doc I should set up all the boxes like they 
>>where frontends? (I pasted in what I think will only apply to my set up 
>>from install-murder).
>>
>>
>>
>>Additional backend configuration
>>If your authentication system requires usernames, passwords, etc, to 
>>authenticate (e.g. it isn't Kerberos), then you will also need to specify 
>>proxy_authname (and friends) in the backend imapd.confs as well. This is 
>>so that the backends can authenticate to eachother to facilitate maibox 
>>moves. (Backend machines will need to be full admins).
>>
>>In short I just need to set up a common user account in the OS on each box 
>>and define the user as proxy_authname: and put the password for that 
>>account listed as host1_password: and host2_password etc....
>
>Correct.
>
>
>>Do I need to add this proxy_authname to imapd.conf admins: as well for the 
>>full admins requirement?
>
>Yes.
>
>
>>
>>Perry Brown wrote:
>>>Hi All,
>>>
>>>We are running cyrus-imap 2.2.8 and sasl 2.1.15. We have two RHEL 3 
>>>servers with about 4800 users split between them.
>>>
>>>I am looking to migrate the users to 2 new RHEL3 hosts with the same 
>>>cyrus-imap and sasl versions. I added the allowusermoves to imapd.conf 
>>>restarted cyrus and tried to do a test move.
>>>
>>>
>>>host1.domain.com> xfer user/ host2.domain.com
>>>xfermailbox: Mailbox does not exist
>>>
>>>
>>>Both cyrus-imap and cyrus-sasl where compiled with --enable-murder (least 
>>>that is what my notes say is there a way to verify?), but it looks like 
>>>murder has not been set up with a master or imapd.conf file changes.
>>>
>>>Question, Is it possible to xfer a mailbox without configuring murder?
>>
>>Yes and no.  You don't need mupdate, but the backends need to know how
>>to authenticate to each other.  Look at install-murder.html and take a
>>look at the stuff regarding authentication.  Also note that you can't
>>XFER the entire user/ hierarchy with one command, you have to do it one
>>user at a time.  Assuming that you're using unixhierachysep, you would do:
>>
>>xfer user/vbperry host2
>>
>>
>>----
>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
>
>
>--
>Kenneth Murchison
>Systems Programmer
>Project Cyrus Developer/Maintainer
>Carnegie Mellon University

More information about the Info-cyrus mailing list