does xfer require murder?

Mon Apr 17 14:02:51 EDT 2006

I thought nscd might have been tripping me up so I tried by IP address with 
the same results. Also thought it may be an issue with a firewall between 
these 2 hosts blocking a port so I tried 2 other cyrus servers that do not 
have a FW between them with the same result (anyone know what port(s) xfer 
uses?).

Any suggestions?

Thank you
Perry

>I set up imapd.conf how I think it should be and restarted cyrus (even 
>rebooted hosts). I log into the source server cyradm:
>sudo cyradm --user cyrus --server server1.sub1.domain.amazon.com --auth 
>plain
>
>Run the xfer
>server1.sub1.domain.com> xfer user.vbperry server2.sub2.domain.com

>And get:
>xfermailbox: Server(s) unavailable to complete operation
>
>This is in log on source:
>Apr 14 15:08:15 server1 imap[3434]: couldn't authenticate to backend 
>server: generic failure
>Apr 14 15:08:15 server1 imap[3434]: Could not move mailbox: user.vbperry, 
>Initial backend connect failed
>
>This is on destination server:
>Apr 14 15:08:15 server2 imap[3022]: accepted connection
>Apr 14 15:08:15 server2 master[3125]: about to exec 
>/opt/mail/cyrus-imapd/bin/imapd
>Apr 14 15:08:15 server2 imap[3125]: executed
>
>This is what the imapd.conf looks like on both servers.
>defaultpartition: imap1
>configdirectory: /var/imap
>partition-imap1: /var/spool/imap1
>admins: cyrus support
>srvtab: /var/imap/srvtab
>quotawarn: 85
>popminpoll: 0
>autocreatequota: 30000
>sasl_pwcheck_method: saslauthd
>lmtp_over_quota_perm_failure: 1
>allowusermoves: yes
>proxy_authname: cyrus
>proxy_password: password
>
>The systems are in different subdomains sub1.domain.com and sub2.domain.com 
>and when I tried to do the hostname_password option it did not like dot's 
>in the name so I did short names and added the sub#.domain.com to the 
>resolv.conf so each host could ping by short name. I still got the error 
>from above so I changed the imapd.conf entry servername_password to 
>proxy_password since the cyrus account has the same password on both 
>servers and still got the error above.
>
>
>Any ideas what I am missing?
>
>Thank you
>Perry
>
>
>
>
>
>
>
>
>>Perry Brown wrote:
>>>Thank you for the reply. Some follow up questions. (sorry to be so dense 
>>>I'm making this change on production servers so wanted to make sure I've 
>>>got it right).
>>>
>>>
>>>SASL is running as: /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
>>>
>>>Our pam.d configs for both imap and pop look like
>>>auth       required     /lib/security/pam_stack.so service=system-auth
>>>account    required     /lib/security/pam_stack.so service=system-auth
>>>
>>>
>>>Looking at the install-murder doc I should set up all the boxes like they 
>>>where frontends? (I pasted in what I think will only apply to my set up 
>>>from install-murder).
>>>
>>>
>>>
>>>Additional backend configuration
>>>If your authentication system requires usernames, passwords, etc, to 
>>>authenticate (e.g. it isn't Kerberos), then you will also need to specify 
>>>proxy_authname (and friends) in the backend imapd.confs as well. This is 
>>>so that the backends can authenticate to eachother to facilitate maibox 
>>>moves. (Backend machines will need to be full admins).
>>>
>>>In short I just need to set up a common user account in the OS on each 
>>>box and define the user as proxy_authname: and put the password for that 
>>>account listed as host1_password: and host2_password etc....
>>
>>Correct.
>>
>>
>>>Do I need to add this proxy_authname to imapd.conf admins: as well for 
>>>the full admins requirement?
>>
>>Yes.
>>
>>
>>>
>>>Perry Brown wrote:
>>>>Hi All,
>>>>
>>>>We are running cyrus-imap 2.2.8 and sasl 2.1.15. We have two RHEL 3 
>>>>servers with about 4800 users split between them.
>>>>
>>>>I am looking to migrate the users to 2 new RHEL3 hosts with the same 
>>>>cyrus-imap and sasl versions. I added the allowusermoves to imapd.conf 
>>>>restarted cyrus and tried to do a test move.
>>>>
>>>>
>>>>host1.domain.com> xfer user/ host2.domain.com
>>>>xfermailbox: Mailbox does not exist
>>>>
>>>>
>>>>Both cyrus-imap and cyrus-sasl where compiled with --enable-murder 
>>>>(least that is what my notes say is there a way to verify?), but it 
>>>>looks like murder has not been set up with a master or imapd.conf file 
>>>>changes.
>>>>
>>>>Question, Is it possible to xfer a mailbox without configuring murder?
>>>
>>>Yes and no.  You don't need mupdate, but the backends need to know how
>>>to authenticate to each other.  Look at install-murder.html and take a
>>>look at the stuff regarding authentication.  Also note that you can't
>>>XFER the entire user/ hierarchy with one command, you have to do it one
>>>user at a time.  Assuming that you're using unixhierachysep, you would 
>>>do:
>>>
>>>xfer user/vbperry host2
>>>
>>>
>>>----
>>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>
>>
>>--
>>Kenneth Murchison
>>Systems Programmer
>>Project Cyrus Developer/Maintainer
>>Carnegie Mellon University
>
>
>----
>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html