does xfer require murder?

Perry Brown vbperry at hotmail.com
Tue Apr 18 13:29:59 EDT 2006 

PLease if anyone has any suggestions. I've been banging my head against a 
desk on this one.

perry

>
>
>I thought nscd might have been tripping me up so I tried by IP address with 
>the same results. Also thought it may be an issue with a firewall between 
>these 2 hosts blocking a port so I tried 2 other cyrus servers that do not 
>have a FW between them with the same result (anyone know what port(s) xfer 
>uses?).
>
>Any suggestions?
>
>Thank you
>Perry
>
>
>>I set up imapd.conf how I think it should be and restarted cyrus (even 
>>rebooted hosts). I log into the source server cyradm:
>>sudo cyradm --user cyrus --server server1.sub1.domain.amazon.com --auth 
>>plain
>>
>>Run the xfer
>>server1.sub1.domain.com> xfer user.vbperry server2.sub2.domain.com
>
>>And get:
>>xfermailbox: Server(s) unavailable to complete operation
>>
>>This is in log on source:
>>Apr 14 15:08:15 server1 imap[3434]: couldn't authenticate to backend 
>>server: generic failure
>>Apr 14 15:08:15 server1 imap[3434]: Could not move mailbox: user.vbperry, 
>>Initial backend connect failed
>>
>>This is on destination server:
>>Apr 14 15:08:15 server2 imap[3022]: accepted connection
>>Apr 14 15:08:15 server2 master[3125]: about to exec 
>>/opt/mail/cyrus-imapd/bin/imapd
>>Apr 14 15:08:15 server2 imap[3125]: executed
>>
>>This is what the imapd.conf looks like on both servers.
>>defaultpartition: imap1
>>configdirectory: /var/imap
>>partition-imap1: /var/spool/imap1
>>admins: cyrus support
>>srvtab: /var/imap/srvtab
>>quotawarn: 85
>>popminpoll: 0
>>autocreatequota: 30000
>>sasl_pwcheck_method: saslauthd
>>lmtp_over_quota_perm_failure: 1
>>allowusermoves: yes
>>proxy_authname: cyrus
>>proxy_password: password
>>
>>The systems are in different subdomains sub1.domain.com and 
>>sub2.domain.com and when I tried to do the hostname_password option it did 
>>not like dot's in the name so I did short names and added the 
>>sub#.domain.com to the resolv.conf so each host could ping by short name. 
>>I still got the error from above so I changed the imapd.conf entry 
>>servername_password to proxy_password since the cyrus account has the same 
>>password on both servers and still got the error above.
>>
>>
>>Any ideas what I am missing?
>>
>>Thank you
>>Perry
>>
>>
>>
>>
>>
>>
>>
>>
>>>Perry Brown wrote:
>>>>Thank you for the reply. Some follow up questions. (sorry to be so dense 
>>>>I'm making this change on production servers so wanted to make sure I've 
>>>>got it right).
>>>>
>>>>
>>>>SASL is running as: /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
>>>>
>>>>Our pam.d configs for both imap and pop look like
>>>>auth       required     /lib/security/pam_stack.so service=system-auth
>>>>account    required     /lib/security/pam_stack.so service=system-auth
>>>>
>>>>
>>>>Looking at the install-murder doc I should set up all the boxes like 
>>>>they where frontends? (I pasted in what I think will only apply to my 
>>>>set up from install-murder).
>>>>
>>>>
>>>>
>>>>Additional backend configuration
>>>>If your authentication system requires usernames, passwords, etc, to 
>>>>authenticate (e.g. it isn't Kerberos), then you will also need to 
>>>>specify proxy_authname (and friends) in the backend imapd.confs as well. 
>>>>This is so that the backends can authenticate to eachother to facilitate 
>>>>maibox moves. (Backend machines will need to be full admins).
>>>>
>>>>In short I just need to set up a common user account in the OS on each 
>>>>box and define the user as proxy_authname: and put the password for that 
>>>>account listed as host1_password: and host2_password etc....
>>>
>>>Correct.
>>>
>>>
>>>>Do I need to add this proxy_authname to imapd.conf admins: as well for 
>>>>the full admins requirement?
>>>
>>>Yes.
>>>
>>>
>>>>
>>>>Perry Brown wrote:
>>>>>Hi All,
>>>>>
>>>>>We are running cyrus-imap 2.2.8 and sasl 2.1.15. We have two RHEL 3 
>>>>>servers with about 4800 users split between them.
>>>>>
>>>>>I am looking to migrate the users to 2 new RHEL3 hosts with the same 
>>>>>cyrus-imap and sasl versions. I added the allowusermoves to imapd.conf 
>>>>>restarted cyrus and tried to do a test move.
>>>>>
>>>>>
>>>>>host1.domain.com> xfer user/ host2.domain.com
>>>>>xfermailbox: Mailbox does not exist
>>>>>
>>>>>
>>>>>Both cyrus-imap and cyrus-sasl where compiled with --enable-murder 
>>>>>(least that is what my notes say is there a way to verify?), but it 
>>>>>looks like murder has not been set up with a master or imapd.conf file 
>>>>>changes.
>>>>>
>>>>>Question, Is it possible to xfer a mailbox without configuring murder?
>>>>
>>>>Yes and no.  You don't need mupdate, but the backends need to know how
>>>>to authenticate to each other.  Look at install-murder.html and take a
>>>>look at the stuff regarding authentication.  Also note that you can't
>>>>XFER the entire user/ hierarchy with one command, you have to do it one
>>>>user at a time.  Assuming that you're using unixhierachysep, you would 
>>>>do:
>>>>
>>>>xfer user/vbperry host2
>>>>
>>>>
>>>>----
>>>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>>
>>>
>>>
>>>--
>>>Kenneth Murchison
>>>Systems Programmer
>>>Project Cyrus Developer/Maintainer
>>>Carnegie Mellon University
>>
>>
>>----
>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>

More information about the Info-cyrus mailing list