Replication problem

David Korpiewski davidk at cs.umass.edu
Wed May 17 12:17:39 EDT 2006


Hi Patrick,
    I do apologize, that message was hurried so I could get it out and 
you are right, I did not correctly label things.  Your suggestion fixed 
my main problem, however, a new problem appeared.

It started to work when I set the replica to use "sasl_mech_list: 
PLAIN".  I had accidentally put this line into my master instead of the 
replica, hence, why it didn't work.

So the replica works, but something else is broken:

Right now the sync is updating at at least once a second. 
Unfortunately, it is tying up all of the resources on the replica, 
leading it to thrash and eventually crash.

I set this option in imapd.conf files on both master and replica, but it 
has no effect:

sync_repeat_interval: 10

One other note: I found it interesting that the install-replication.html 
instructions never mentioned adding a prefork=1 to the sync-server and 
sync-client SERVICE lines.  I added these and it was the only way I 
could keep the sync-server and sync-client running in the background. 
It makes me wonder if this has something to do with my problem the 
runaway replication, especially since now I have two sync_client and two 
sync_server daemons running......(sync_client running on master, 
sync_server on replica)

syncclient    cmd="/usr/lib/cyrus-imapd/sync_client -r" listen="csync" 
prefork=1
syncserver       cmd="/usr/lib/cyrus-imapd/sync_server" listen="csync" 
prefork=1



Here are some logs and other data:

imapd.conf on the master (LMC1)
------------------------
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus davidk
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN

sync_authname: cyrus
sync_log: 1
sync_host: lmc2.cs.umass.edu
sync_repeat_interval: 10
sync_password: XXXXXXXXX

tls_cipher_list: PLAIN TLSv1 :SSLv3 :SSLv2 : !DES : !LOW :@STRENGTH
tls_ca_file:  /usr/share/ssl/certs/cyrus1.pem
tls_cert_file:  /usr/share/ssl/certs/cyrus1.pem
tls_key_file:  /usr/share/ssl/certs/cyrus.key



imapd.conf on the replica (LMC2)
-------------------------
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus davidk
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN

sync_repeat_interval: 10
sync_machineid:2
sync_log: 1

tls_cipher_list: PLAIN TLSv1 :SSLv3 :SSLv2 : !DES : !LOW :@STRENGTH
tls_ca_file: /usr/share/ssl/certs/cyrus2.pem
tls_cert_file: /usr/share/ssl/certs/cyrus2.pem
tls_key_file: /usr/share/ssl/certs/cyrus.key



Running log of the Master:
-------------------------
May 17 11:30:56 lmc1 master[20248]: process 20361 exited, status 0
May 17 11:30:56 lmc1 sync_client[20364]: Doing a peer verify
May 17 11:30:56 lmc1 sync_client[20364]: Doing a peer verify
May 17 11:30:56 lmc1 master[20367]: about to exec 
/usr/lib/cyrus-imapd/sync_client
May 17 11:30:56 lmc1 sync_client[20364]: received server certificate
May 17 11:30:56 lmc1 sync_client[20364]: starttls: TLSv1 with cipher 
AES256-SHA (256/256 bits new) no authentication
May 17 11:30:56 lmc1 sync_client[20367]: Doing a peer verify
May 17 11:30:56 lmc1 sync_client[20367]: Doing a peer verify
May 17 11:30:56 lmc1 sync_client[20367]: received server certificate
May 17 11:30:56 lmc1 sync_client[20367]: starttls: TLSv1 with cipher 
AES256-SHA (256/256 bits new) no authentication
May 17 11:30:56 lmc1 master[20248]: process 20367 exited, status 0
May 17 11:30:56 lmc1 master[20370]: about to exec 
/usr/lib/cyrus-imapd/sync_client
May 17 11:30:57 lmc1 sync_client[20370]: Doing a peer verify
May 17 11:30:57 lmc1 sync_client[20370]: Doing a peer verify
May 17 11:30:57 lmc1 sync_client[20370]: received server certificate
May 17 11:30:57 lmc1 sync_client[20370]: starttls: TLSv1 with cipher 
AES256-SHA (256/256 bits new) no authentication
May 17 11:30:57 lmc1 master[20248]: process 20364 exited, status 0
May 17 11:30:57 lmc1 master[20373]: about to exec 
/usr/lib/cyrus-imapd/sync_client
May 17 11:30:57 lmc1 master[20248]: process 20370 exited, status 0
May 17 11:30:57 lmc1 master[20376]: about to exec 
/usr/lib/cyrus-imapd/sync_client
May 17 11:30:57 lmc1 sync_client[20373]: Doing a peer verify
May 17 11:30:57 lmc1 sync_client[20373]: Doing a peer verify
May 17 11:30:57 lmc1 sync_client[20373]: received server certificate
May 17 11:30:57 lmc1 sync_client[20373]: starttls: TLSv1 with cipher 
AES256-SHA (256/256 bits new) no authentication
May 17 11:30:57 lmc1 sync_client[20376]: Doing a peer verify




Running log of the Replica:
--------------------------
May 17 11:30:56 lmc2 master[17441]: about to exec 
/usr/lib/cyrus-imapd/sync_server
May 17 11:30:56 lmc2 syncserver[17440]: accepted connection
May 17 11:30:56 lmc2 syncserver[17440]: cmdloop(): startup
May 17 11:30:57 lmc2 syncserver[17441]: executed
May 17 11:30:57 lmc2 syncserver[17440]: starttls: TLSv1 with cipher 
AES256-SHA (256/256 bits new) no authentication
May 17 11:30:57 lmc2 syncserver[17438]: login: lmc1.cs.umass.edu 
[128.119.243.236] cyrus PLAIN+TLS User logged in
May 17 11:30:57 lmc2 master[17442]: about to exec 
/usr/lib/cyrus-imapd/sync_server
May 17 11:30:57 lmc2 syncserver[17441]: accepted connection
May 17 11:30:57 lmc2 syncserver[17442]: executed
May 17 11:30:57 lmc2 syncserver[17441]: cmdloop(): startup
May 17 11:30:57 lmc2 syncserver[17440]: login: lmc1.cs.umass.edu 
[128.119.243.236] cyrus PLAIN+TLS User logged in
May 17 11:30:57 lmc2 master[17443]: about to exec 
/usr/lib/cyrus-imapd/sync_server
May 17 11:30:57 lmc2 syncserver[17442]: accepted connection
May 17 11:30:57 lmc2 syncserver[17442]: cmdloop(): startup
May 17 11:30:57 lmc2 syncserver[17443]: executed


Thank you for any help!
It is much appreciated!
David




Patrick H Radtke wrote:
> PLAIN for sasl_pwcheck_method isn't a valid option. Keep it as saslauthd 
> (and then make sure the testsaslauthd program works with your sync 
> username and password).
> 
> I think you showed me your primary imapd.conf and not the replica's.
> 
> What does imtest show you when you log into the replica (capability lines)?
> 
> -Patrick
> On Tue, 16 May 2006, David Korpiewski wrote:
> 
>> Hello Patrick!
>>
>> I set the sasl_pwcheck_method to be PLAIN from what it used to be 
>> (saslauthd) on the replica server.
>>
>> Still doesn't work though, it gives me this error:
>> badlogin: lmc1.cs.umass.edu [128.119.243.236] DIGEST-MD5 [SASL(-13): 
>> user not found: no secret in database]
>>
>> HISTORY:
>> our servers are set up with saslauthd for their sasl_pwcheck_method. 
>> Saslauthd uses PAM for ldap authentication.  This works fine for 
>> receiving email and authenticating users with their mail clients. 
>> However, this doesn't appear to work for sync_server when 
>> authenticating the sync_client.
>>
>> These are pieces of my replica's imapd.conf:
>>
>> sasl_pwcheck_method: saslauthd
>> sasl_mech_list: PLAIN
>> sync_authname: cyrus
>> sync_log: 1
>> sync_host: lmc2.cs.umass.edu
>> sync_repeat_interval: 5
>> sync_password: XXXXXXXXXX
>>
>>
>> Thank you for any help you can offer!
>> David
>>
>>
>> Patrick Radtke wrote:
>>>
>>> did you try setting
>>> sasl_pwcheck_method on the replica?
>>>
>>> 'unix' isn't a SASL mechanism.
>>>
>>> you may want to try PLAIN (what do you use currently on the primary 
>>> server)?
>>>
>>> on the replica use this line
>>> sasl_mech_list: PLAIN
>>>
>>> to make it only advertise PLAIN authentication, and then the primary 
>>> machine will try using that sasl mechanism when connecting.
>>> This will then invoke what you have for your sasl_pwcheck_method.
>>>
>>> -Patrick
>>>
>>> On May 16, 2006, at 3:47 PM, David Korpiewski wrote:
>>>
>>>> I'm in the middle of trying to set up replication.  However, I keep 
>>>> running into a problem.
>>>>
>>>> The replication error I'm getting on the replica is this if I don't 
>>>> specify a sync_authname and sync_password:
>>>>
>>>>  syncserver[7682]: starttls: TLSv1 with cipher AES256-SHA (256/256 
>>>> bits new) no authentication
>>>>
>>>> I get this error if I'm specifying a sync_authname and sync_password:
>>>>
>>>>  badlogin: lmc1.cs.umass.edu [128.119.243.236] DIGEST-MD5 
>>>> [SASL(-13): user not found: no secret in database]
>>>>
>>>> MY QUESTION IS THIS:
>>>> How can I change what sync_server uses for its authentication?  I 
>>>> want it to either use LDAP or the local passwd/shadow files.  It 
>>>> obviously keeps trying to use DIGEST-MD5, in which case it would 
>>>> have to look for a md5 file in a particluar location, but I don't 
>>>> see how to specify that either.
>>>>
>>>> I tried setting auth_mech and sasl_auth_mech to be "unix" in the 
>>>> /etc/imapd.conf but that doesn't change anything.
>>>>
>>>> Can anyone help me?
>>>> Thanks,
>>>> David
>>>>
>>>>
>>>>
>>>> ----------------------------------------------------------
>>>> David Korpiewski                     Phone: 413-545-4319
>>>> Software Specialist I                Fax:   413-577-2285
>>>> Department of Computer Science       ICQ:   7565766
>>>> University of Massachusetts Amherst
>>>> --------------------------------------------------------
>>>>
>>>> ----
>>>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
>> -- 
>> --------------------------------------------------------
>> David Korpiewski                     Phone: 413-545-4319
>> Software Specialist I                Fax:   413-577-2285
>> Department of Computer Science       ICQ:   7565766
>> University of Massachusetts Amherst
>> --------------------------------------------------------
>>
>>

-- 
--------------------------------------------------------
David Korpiewski                     Phone: 413-545-4319
Software Specialist I                Fax:   413-577-2285
Department of Computer Science       ICQ:   7565766
University of Massachusetts Amherst
--------------------------------------------------------



More information about the Info-cyrus mailing list