does xfer require murder?

Perry Brown vbperry at hotmail.com
Tue Apr 18 16:59:05 EDT 2006 

Hi Andy,

Thank you for the suggestion. I added

proxyservers: cyrus

to the imapd.conf and restarted cyrus (the doc says it should not be an 
admin but I'm just trying to get things working right now)

restarted and got the same error.


I think Patrick was on to something with running cyradm to the other host.

In my testing I am launching cyradm from server3. It can connect to server1 
and server2 with no problem. When I tried his suggestion of running cyradm 
from server1 to server2 I get:

Can't load 
'/opt/mail/cyrus-imapd/lib/perl-5.6.0/Linux-2.4c2.3-i686/auto/Cyrus/IMAP/IMAP.so' 
for module Cyrus::IMAP: libssl.so.0.9.7: cannot open shared object file: No 
such file or directory at 
/opt/software/depot/Linux-2.4c2.3-i686/perl-5.6.0/lib/perl-5.6.0/Linux-2.4c2.3-i686/DynaLoader.pm 
line 200.
at 
/opt/mail/cyrus-imapd/lib/perl-5.6.0/Linux-2.4c2.3-i686/Cyrus/IMAP/Admin.pm 
line 44
Compilation failed in require at 
/opt/mail/cyrus-imapd/lib/perl-5.6.0/Linux-2.4c2.3-i686/Cyrus/IMAP/Admin.pm 
line 44.
BEGIN failed--compilation aborted at 
/opt/mail/cyrus-imapd/lib/perl-5.6.0/Linux-2.4c2.3-i686/Cyrus/IMAP/Admin.pm 
line 44.
Compilation failed in require at 
/opt/mail/cyrus-imapd/lib/perl-5.6.0/Linux-2.4c2.3-i686/Cyrus/IMAP/Shell.pm 
line 60.
BEGIN failed--compilation aborted at 
/opt/mail/cyrus-imapd/lib/perl-5.6.0/Linux-2.4c2.3-i686/Cyrus/IMAP/Shell.pm 
line 60.
Compilation failed in require.
BEGIN failed--compilation aborted.



Does cyradm need to be able to run from one host to the other for this to 
work? I'm digging through the archives on the above errrors to see if I can 
see what is going on.

Thank you
Perry



>I believe you are missing the proxyservers parameter on server2.  From the 
>man page:
>
>   proxy_authname: proxy
>      The authentication name to use when authenticating to a backend
>      server in the  Cyrus Murder.
>
>   proxy_password: <none>
>      The default password to use when authenticating to a backend server
>      in the Cyrus Murder.  May be overridden on a host-specific basis
>      using the hostname_password option.
>
>   proxyservers: <none>
>      A list of users and groups that are allowed to proxy for other users,
>      seperated by spaces.  Any user listed in this will be allowed to
>      login for any other user: use with caution.
>
>
>On frontend servers, you would specify proxy_authname and proxy_password to 
>define how the frontend server connects to the backend server.
>
>On backend servers, you would specify proxyservers to list which usernames 
>are allowed to proxy for other users.
>
>So, on server2 I believe you need to specify proxyservers and on server1 
>you need to specify proxy_authname and proxy_password.
>
>	Andy
>
>
>
>On Tue, 18 Apr 2006, Perry Brown wrote:
>
>>PLease if anyone has any suggestions. I've been banging my head against a 
>>desk on this one.
>>
>>perry
>>
>>>
>>>
>>>I thought nscd might have been tripping me up so I tried by IP address 
>>>with the same results. Also thought it may be an issue with a firewall 
>>>between these 2 hosts blocking a port so I tried 2 other cyrus servers 
>>>that do not have a FW between them with the same result (anyone know what 
>>>port(s) xfer uses?).
>>>
>>>Any suggestions?
>>>
>>>Thank you
>>>Perry
>>>
>>>
>>>>I set up imapd.conf how I think it should be and restarted cyrus (even 
>>>>rebooted hosts). I log into the source server cyradm:
>>>>sudo cyradm --user cyrus --server server1.sub1.domain.amazon.com --auth 
>>>>plain
>>>>
>>>>Run the xfer
>>>>server1.sub1.domain.com> xfer user.vbperry server2.sub2.domain.com
>>>
>>>>And get:
>>>>xfermailbox: Server(s) unavailable to complete operation
>>>>
>>>>This is in log on source:
>>>>Apr 14 15:08:15 server1 imap[3434]: couldn't authenticate to backend 
>>>>server: generic failure
>>>>Apr 14 15:08:15 server1 imap[3434]: Could not move mailbox: 
>>>>user.vbperry, Initial backend connect failed
>>>>
>>>>This is on destination server:
>>>>Apr 14 15:08:15 server2 imap[3022]: accepted connection
>>>>Apr 14 15:08:15 server2 master[3125]: about to exec 
>>>>/opt/mail/cyrus-imapd/bin/imapd
>>>>Apr 14 15:08:15 server2 imap[3125]: executed
>>>>
>>>>This is what the imapd.conf looks like on both servers.
>>>>defaultpartition: imap1
>>>>configdirectory: /var/imap
>>>>partition-imap1: /var/spool/imap1
>>>>admins: cyrus support
>>>>srvtab: /var/imap/srvtab
>>>>quotawarn: 85
>>>>popminpoll: 0
>>>>autocreatequota: 30000
>>>>sasl_pwcheck_method: saslauthd
>>>>lmtp_over_quota_perm_failure: 1
>>>>allowusermoves: yes
>>>>proxy_authname: cyrus
>>>>proxy_password: password
>>>>
>>>>The systems are in different subdomains sub1.domain.com and 
>>>>sub2.domain.com and when I tried to do the hostname_password option it 
>>>>did not like dot's in the name so I did short names and added the 
>>>>sub#.domain.com to the resolv.conf so each host could ping by short 
>>>>name. I still got the error from above so I changed the imapd.conf entry 
>>>>servername_password to proxy_password since the cyrus account has the 
>>>>same password on both servers and still got the error above.
>>>>
>>>>
>>>>Any ideas what I am missing?
>>>>
>>>>Thank you
>>>>Perry
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>Perry Brown wrote:
>>>>>>Thank you for the reply. Some follow up questions. (sorry to be so 
>>>>>>dense I'm making this change on production servers so wanted to make 
>>>>>>sure I've got it right).
>>>>>>
>>>>>>
>>>>>>SASL is running as: /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
>>>>>>
>>>>>>Our pam.d configs for both imap and pop look like
>>>>>>auth       required     /lib/security/pam_stack.so service=system-auth
>>>>>>account    required     /lib/security/pam_stack.so service=system-auth
>>>>>>
>>>>>>
>>>>>>Looking at the install-murder doc I should set up all the boxes like 
>>>>>>they where frontends? (I pasted in what I think will only apply to my 
>>>>>>set up from install-murder).
>>>>>>
>>>>>>
>>>>>>
>>>>>>Additional backend configuration
>>>>>>If your authentication system requires usernames, passwords, etc, to 
>>>>>>authenticate (e.g. it isn't Kerberos), then you will also need to 
>>>>>>specify proxy_authname (and friends) in the backend imapd.confs as 
>>>>>>well. This is so that the backends can authenticate to eachother to 
>>>>>>facilitate maibox moves. (Backend machines will need to be full 
>>>>>>admins).
>>>>>>
>>>>>>In short I just need to set up a common user account in the OS on each 
>>>>>>box and define the user as proxy_authname: and put the password for 
>>>>>>that account listed as host1_password: and host2_password etc....
>>>>>
>>>>>Correct.
>>>>>
>>>>>
>>>>>>Do I need to add this proxy_authname to imapd.conf admins: as well for 
>>>>>>the full admins requirement?
>>>>>
>>>>>Yes.
>>>>>
>>>>>
>>>>>>
>>>>>>Perry Brown wrote:
>>>>>>>Hi All,
>>>>>>>
>>>>>>>We are running cyrus-imap 2.2.8 and sasl 2.1.15. We have two RHEL 3 
>>>>>>>servers with about 4800 users split between them.
>>>>>>>
>>>>>>>I am looking to migrate the users to 2 new RHEL3 hosts with the same 
>>>>>>>cyrus-imap and sasl versions. I added the allowusermoves to 
>>>>>>>imapd.conf restarted cyrus and tried to do a test move.
>>>>>>>
>>>>>>>
>>>>>>>host1.domain.com> xfer user/ host2.domain.com
>>>>>>>xfermailbox: Mailbox does not exist
>>>>>>>
>>>>>>>
>>>>>>>Both cyrus-imap and cyrus-sasl where compiled with --enable-murder 
>>>>>>>(least that is what my notes say is there a way to verify?), but it 
>>>>>>>looks like murder has not been set up with a master or imapd.conf 
>>>>>>>file changes.
>>>>>>>
>>>>>>>Question, Is it possible to xfer a mailbox without configuring 
>>>>>>>murder?
>>>>>>
>>>>>>Yes and no.  You don't need mupdate, but the backends need to know how
>>>>>>to authenticate to each other.  Look at install-murder.html and take a
>>>>>>look at the stuff regarding authentication.  Also note that you can't
>>>>>>XFER the entire user/ hierarchy with one command, you have to do it 
>>>>>>one
>>>>>>user at a time.  Assuming that you're using unixhierachysep, you would 
>>>>>>do:
>>>>>>
>>>>>>xfer user/vbperry host2
>>>>>>
>>>>>>
>>>>>>----
>>>>>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>>>>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>>>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>>>>
>>>>>
>>>>>
>>>>>--
>>>>>Kenneth Murchison
>>>>>Systems Programmer
>>>>>Project Cyrus Developer/Maintainer
>>>>>Carnegie Mellon University
>>>>
>>>>
>>>>----
>>>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>>
>>
>>
>>----
>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>

More information about the Info-cyrus mailing list