Replication problem
David Korpiewski
davidk at cs.umass.edu
Wed May 17 12:17:39 EDT 2006
Hi Patrick,
I do apologize, that message was hurried so I could get it out and
you are right, I did not correctly label things. Your suggestion fixed
my main problem, however, a new problem appeared.
It started to work when I set the replica to use "sasl_mech_list:
PLAIN". I had accidentally put this line into my master instead of the
replica, hence, why it didn't work.
So the replica works, but something else is broken:
Right now the sync is updating at at least once a second.
Unfortunately, it is tying up all of the resources on the replica,
leading it to thrash and eventually crash.
I set this option in imapd.conf files on both master and replica, but it
has no effect:
sync_repeat_interval: 10
One other note: I found it interesting that the install-replication.html
instructions never mentioned adding a prefork=1 to the sync-server and
sync-client SERVICE lines. I added these and it was the only way I
could keep the sync-server and sync-client running in the background.
It makes me wonder if this has something to do with my problem the
runaway replication, especially since now I have two sync_client and two
sync_server daemons running......(sync_client running on master,
sync_server on replica)
syncclient cmd="/usr/lib/cyrus-imapd/sync_client -r" listen="csync"
prefork=1
syncserver cmd="/usr/lib/cyrus-imapd/sync_server" listen="csync"
prefork=1
Here are some logs and other data:
imapd.conf on the master (LMC1)
------------------------
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus davidk
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
sync_authname: cyrus
sync_log: 1
sync_host: lmc2.cs.umass.edu
sync_repeat_interval: 10
sync_password: XXXXXXXXX
tls_cipher_list: PLAIN TLSv1 :SSLv3 :SSLv2 : !DES : !LOW :@STRENGTH
tls_ca_file: /usr/share/ssl/certs/cyrus1.pem
tls_cert_file: /usr/share/ssl/certs/cyrus1.pem
tls_key_file: /usr/share/ssl/certs/cyrus.key
imapd.conf on the replica (LMC2)
-------------------------
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus davidk
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
sync_repeat_interval: 10
sync_machineid:2
sync_log: 1
tls_cipher_list: PLAIN TLSv1 :SSLv3 :SSLv2 : !DES : !LOW :@STRENGTH
tls_ca_file: /usr/share/ssl/certs/cyrus2.pem
tls_cert_file: /usr/share/ssl/certs/cyrus2.pem
tls_key_file: /usr/share/ssl/certs/cyrus.key
Running log of the Master:
-------------------------
May 17 11:30:56 lmc1 master[20248]: process 20361 exited, status 0
May 17 11:30:56 lmc1 sync_client[20364]: Doing a peer verify
May 17 11:30:56 lmc1 sync_client[20364]: Doing a peer verify
May 17 11:30:56 lmc1 master[20367]: about to exec
/usr/lib/cyrus-imapd/sync_client
May 17 11:30:56 lmc1 sync_client[20364]: received server certificate
May 17 11:30:56 lmc1 sync_client[20364]: starttls: TLSv1 with cipher
AES256-SHA (256/256 bits new) no authentication
May 17 11:30:56 lmc1 sync_client[20367]: Doing a peer verify
May 17 11:30:56 lmc1 sync_client[20367]: Doing a peer verify
May 17 11:30:56 lmc1 sync_client[20367]: received server certificate
May 17 11:30:56 lmc1 sync_client[20367]: starttls: TLSv1 with cipher
AES256-SHA (256/256 bits new) no authentication
May 17 11:30:56 lmc1 master[20248]: process 20367 exited, status 0
May 17 11:30:56 lmc1 master[20370]: about to exec
/usr/lib/cyrus-imapd/sync_client
May 17 11:30:57 lmc1 sync_client[20370]: Doing a peer verify
May 17 11:30:57 lmc1 sync_client[20370]: Doing a peer verify
May 17 11:30:57 lmc1 sync_client[20370]: received server certificate
May 17 11:30:57 lmc1 sync_client[20370]: starttls: TLSv1 with cipher
AES256-SHA (256/256 bits new) no authentication
May 17 11:30:57 lmc1 master[20248]: process 20364 exited, status 0
May 17 11:30:57 lmc1 master[20373]: about to exec
/usr/lib/cyrus-imapd/sync_client
May 17 11:30:57 lmc1 master[20248]: process 20370 exited, status 0
May 17 11:30:57 lmc1 master[20376]: about to exec
/usr/lib/cyrus-imapd/sync_client
May 17 11:30:57 lmc1 sync_client[20373]: Doing a peer verify
May 17 11:30:57 lmc1 sync_client[20373]: Doing a peer verify
May 17 11:30:57 lmc1 sync_client[20373]: received server certificate
May 17 11:30:57 lmc1 sync_client[20373]: starttls: TLSv1 with cipher
AES256-SHA (256/256 bits new) no authentication
May 17 11:30:57 lmc1 sync_client[20376]: Doing a peer verify
Running log of the Replica:
--------------------------
May 17 11:30:56 lmc2 master[17441]: about to exec
/usr/lib/cyrus-imapd/sync_server
May 17 11:30:56 lmc2 syncserver[17440]: accepted connection
May 17 11:30:56 lmc2 syncserver[17440]: cmdloop(): startup
May 17 11:30:57 lmc2 syncserver[17441]: executed
May 17 11:30:57 lmc2 syncserver[17440]: starttls: TLSv1 with cipher
AES256-SHA (256/256 bits new) no authentication
May 17 11:30:57 lmc2 syncserver[17438]: login: lmc1.cs.umass.edu
[128.119.243.236] cyrus PLAIN+TLS User logged in
May 17 11:30:57 lmc2 master[17442]: about to exec
/usr/lib/cyrus-imapd/sync_server
May 17 11:30:57 lmc2 syncserver[17441]: accepted connection
May 17 11:30:57 lmc2 syncserver[17442]: executed
May 17 11:30:57 lmc2 syncserver[17441]: cmdloop(): startup
May 17 11:30:57 lmc2 syncserver[17440]: login: lmc1.cs.umass.edu
[128.119.243.236] cyrus PLAIN+TLS User logged in
May 17 11:30:57 lmc2 master[17443]: about to exec
/usr/lib/cyrus-imapd/sync_server
May 17 11:30:57 lmc2 syncserver[17442]: accepted connection
May 17 11:30:57 lmc2 syncserver[17442]: cmdloop(): startup
May 17 11:30:57 lmc2 syncserver[17443]: executed
Thank you for any help!
It is much appreciated!
David
Patrick H Radtke wrote:
> PLAIN for sasl_pwcheck_method isn't a valid option. Keep it as saslauthd
> (and then make sure the testsaslauthd program works with your sync
> username and password).
>
> I think you showed me your primary imapd.conf and not the replica's.
>
> What does imtest show you when you log into the replica (capability lines)?
>
> -Patrick
> On Tue, 16 May 2006, David Korpiewski wrote:
>
>> Hello Patrick!
>>
>> I set the sasl_pwcheck_method to be PLAIN from what it used to be
>> (saslauthd) on the replica server.
>>
>> Still doesn't work though, it gives me this error:
>> badlogin: lmc1.cs.umass.edu [128.119.243.236] DIGEST-MD5 [SASL(-13):
>> user not found: no secret in database]
>>
>> HISTORY:
>> our servers are set up with saslauthd for their sasl_pwcheck_method.
>> Saslauthd uses PAM for ldap authentication. This works fine for
>> receiving email and authenticating users with their mail clients.
>> However, this doesn't appear to work for sync_server when
>> authenticating the sync_client.
>>
>> These are pieces of my replica's imapd.conf:
>>
>> sasl_pwcheck_method: saslauthd
>> sasl_mech_list: PLAIN
>> sync_authname: cyrus
>> sync_log: 1
>> sync_host: lmc2.cs.umass.edu
>> sync_repeat_interval: 5
>> sync_password: XXXXXXXXXX
>>
>>
>> Thank you for any help you can offer!
>> David
>>
>>
>> Patrick Radtke wrote:
>>>
>>> did you try setting
>>> sasl_pwcheck_method on the replica?
>>>
>>> 'unix' isn't a SASL mechanism.
>>>
>>> you may want to try PLAIN (what do you use currently on the primary
>>> server)?
>>>
>>> on the replica use this line
>>> sasl_mech_list: PLAIN
>>>
>>> to make it only advertise PLAIN authentication, and then the primary
>>> machine will try using that sasl mechanism when connecting.
>>> This will then invoke what you have for your sasl_pwcheck_method.
>>>
>>> -Patrick
>>>
>>> On May 16, 2006, at 3:47 PM, David Korpiewski wrote:
>>>
>>>> I'm in the middle of trying to set up replication. However, I keep
>>>> running into a problem.
>>>>
>>>> The replication error I'm getting on the replica is this if I don't
>>>> specify a sync_authname and sync_password:
>>>>
>>>> syncserver[7682]: starttls: TLSv1 with cipher AES256-SHA (256/256
>>>> bits new) no authentication
>>>>
>>>> I get this error if I'm specifying a sync_authname and sync_password:
>>>>
>>>> badlogin: lmc1.cs.umass.edu [128.119.243.236] DIGEST-MD5
>>>> [SASL(-13): user not found: no secret in database]
>>>>
>>>> MY QUESTION IS THIS:
>>>> How can I change what sync_server uses for its authentication? I
>>>> want it to either use LDAP or the local passwd/shadow files. It
>>>> obviously keeps trying to use DIGEST-MD5, in which case it would
>>>> have to look for a md5 file in a particluar location, but I don't
>>>> see how to specify that either.
>>>>
>>>> I tried setting auth_mech and sasl_auth_mech to be "unix" in the
>>>> /etc/imapd.conf but that doesn't change anything.
>>>>
>>>> Can anyone help me?
>>>> Thanks,
>>>> David
>>>>
>>>>
>>>>
>>>> ----------------------------------------------------------
>>>> David Korpiewski Phone: 413-545-4319
>>>> Software Specialist I Fax: 413-577-2285
>>>> Department of Computer Science ICQ: 7565766
>>>> University of Massachusetts Amherst
>>>> --------------------------------------------------------
>>>>
>>>> ----
>>>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
>> --
>> --------------------------------------------------------
>> David Korpiewski Phone: 413-545-4319
>> Software Specialist I Fax: 413-577-2285
>> Department of Computer Science ICQ: 7565766
>> University of Massachusetts Amherst
>> --------------------------------------------------------
>>
>>
--
--------------------------------------------------------
David Korpiewski Phone: 413-545-4319
Software Specialist I Fax: 413-577-2285
Department of Computer Science ICQ: 7565766
University of Massachusetts Amherst
--------------------------------------------------------
More information about the Info-cyrus
mailing list