does xfer require murder?
Ken Murchison
murch at andrew.cmu.edu
Tue Apr 18 18:38:47 EDT 2006
Perry Brown wrote:
> PLease if anyone has any suggestions. I've been banging my head against
> a desk on this one.
I will locally tomorrow. I know that I added support for XFER for
non-Murder configs for Fastmail.fm, I just don't remember in what version.
>>
>> I thought nscd might have been tripping me up so I tried by IP address
>> with the same results. Also thought it may be an issue with a firewall
>> between these 2 hosts blocking a port so I tried 2 other cyrus servers
>> that do not have a FW between them with the same result (anyone know
>> what port(s) xfer uses?).
>>
>> Any suggestions?
>>
>> Thank you
>> Perry
>>
>>
>>> I set up imapd.conf how I think it should be and restarted cyrus
>>> (even rebooted hosts). I log into the source server cyradm:
>>> sudo cyradm --user cyrus --server server1.sub1.domain.amazon.com
>>> --auth plain
>>>
>>> Run the xfer
>>> server1.sub1.domain.com> xfer user.vbperry server2.sub2.domain.com
>>
>>> And get:
>>> xfermailbox: Server(s) unavailable to complete operation
>>>
>>> This is in log on source:
>>> Apr 14 15:08:15 server1 imap[3434]: couldn't authenticate to backend
>>> server: generic failure
>>> Apr 14 15:08:15 server1 imap[3434]: Could not move mailbox:
>>> user.vbperry, Initial backend connect failed
>>>
>>> This is on destination server:
>>> Apr 14 15:08:15 server2 imap[3022]: accepted connection
>>> Apr 14 15:08:15 server2 master[3125]: about to exec
>>> /opt/mail/cyrus-imapd/bin/imapd
>>> Apr 14 15:08:15 server2 imap[3125]: executed
>>>
>>> This is what the imapd.conf looks like on both servers.
>>> defaultpartition: imap1
>>> configdirectory: /var/imap
>>> partition-imap1: /var/spool/imap1
>>> admins: cyrus support
>>> srvtab: /var/imap/srvtab
>>> quotawarn: 85
>>> popminpoll: 0
>>> autocreatequota: 30000
>>> sasl_pwcheck_method: saslauthd
>>> lmtp_over_quota_perm_failure: 1
>>> allowusermoves: yes
>>> proxy_authname: cyrus
>>> proxy_password: password
>>>
>>> The systems are in different subdomains sub1.domain.com and
>>> sub2.domain.com and when I tried to do the hostname_password option
>>> it did not like dot's in the name so I did short names and added the
>>> sub#.domain.com to the resolv.conf so each host could ping by short
>>> name. I still got the error from above so I changed the imapd.conf
>>> entry servername_password to proxy_password since the cyrus account
>>> has the same password on both servers and still got the error above.
>>>
>>>
>>> Any ideas what I am missing?
>>>
>>> Thank you
>>> Perry
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>> Perry Brown wrote:
>>>>> Thank you for the reply. Some follow up questions. (sorry to be so
>>>>> dense I'm making this change on production servers so wanted to
>>>>> make sure I've got it right).
>>>>>
>>>>>
>>>>> SASL is running as: /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
>>>>>
>>>>> Our pam.d configs for both imap and pop look like
>>>>> auth required /lib/security/pam_stack.so service=system-auth
>>>>> account required /lib/security/pam_stack.so service=system-auth
>>>>>
>>>>>
>>>>> Looking at the install-murder doc I should set up all the boxes
>>>>> like they where frontends? (I pasted in what I think will only
>>>>> apply to my set up from install-murder).
>>>>>
>>>>>
>>>>>
>>>>> Additional backend configuration
>>>>> If your authentication system requires usernames, passwords, etc,
>>>>> to authenticate (e.g. it isn't Kerberos), then you will also need
>>>>> to specify proxy_authname (and friends) in the backend imapd.confs
>>>>> as well. This is so that the backends can authenticate to eachother
>>>>> to facilitate maibox moves. (Backend machines will need to be full
>>>>> admins).
>>>>>
>>>>> In short I just need to set up a common user account in the OS on
>>>>> each box and define the user as proxy_authname: and put the
>>>>> password for that account listed as host1_password: and
>>>>> host2_password etc....
>>>>
>>>> Correct.
>>>>
>>>>
>>>>> Do I need to add this proxy_authname to imapd.conf admins: as well
>>>>> for the full admins requirement?
>>>>
>>>> Yes.
>>>>
>>>>
>>>>>
>>>>> Perry Brown wrote:
>>>>>> Hi All,
>>>>>>
>>>>>> We are running cyrus-imap 2.2.8 and sasl 2.1.15. We have two RHEL
>>>>>> 3 servers with about 4800 users split between them.
>>>>>>
>>>>>> I am looking to migrate the users to 2 new RHEL3 hosts with the
>>>>>> same cyrus-imap and sasl versions. I added the allowusermoves to
>>>>>> imapd.conf restarted cyrus and tried to do a test move.
>>>>>>
>>>>>>
>>>>>> host1.domain.com> xfer user/ host2.domain.com
>>>>>> xfermailbox: Mailbox does not exist
>>>>>>
>>>>>>
>>>>>> Both cyrus-imap and cyrus-sasl where compiled with --enable-murder
>>>>>> (least that is what my notes say is there a way to verify?), but
>>>>>> it looks like murder has not been set up with a master or
>>>>>> imapd.conf file changes.
>>>>>>
>>>>>> Question, Is it possible to xfer a mailbox without configuring
>>>>>> murder?
>>>>>
>>>>> Yes and no. You don't need mupdate, but the backends need to know how
>>>>> to authenticate to each other. Look at install-murder.html and take a
>>>>> look at the stuff regarding authentication. Also note that you can't
>>>>> XFER the entire user/ hierarchy with one command, you have to do it
>>>>> one
>>>>> user at a time. Assuming that you're using unixhierachysep, you
>>>>> would do:
>>>>>
>>>>> xfer user/vbperry host2
>>>>>
>>>>>
>>>>> ----
>>>>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>>>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>>>
>>>>
>>>>
>>>> --
>>>> Kenneth Murchison
>>>> Systems Programmer
>>>> Project Cyrus Developer/Maintainer
>>>> Carnegie Mellon University
>>>
>>>
>>> ----
>>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
>>
>
>
> ----
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
--
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University
More information about the Info-cyrus
mailing list