Frontend couldn't authenticate to backend server: authentication failure

Fri Jun 1 13:54:37 EDT 2018

On 06/01/18 18:03 +0200, Jean-Christophe Delaye wrote:
>I'm trying to complete setup Cyrus Murder : 1 frontend with mupdate and
>1 backend (initial config).

># telnet imap1 imap
>Trying 192.168.106.208...
>Connected to imap1.eurecom.fr.
>Escape character is '^]'.
>* OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE
>MUPDATE=mupdate://cassandra.eurecom.fr/ STARTTLS AUTH=PLAIN SASL-IR]

>001 login standard XXXXXXX

>A001 SELECT INBOX
>* 0 EXISTS
>* 0 RECENT
>* FLAGS (\Answered \Flagged \Draft \Deleted \Seen)
>* OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)] Ok
>* OK [UIDVALIDITY 1527674348] Ok
>* OK [UIDNEXT 1] Ok
>* OK [HIGHESTMODSEQ 3] Ok
>* OK [URLMECH INTERNAL] Ok
>* OK [ANNOTATIONS 65536] Ok
>A001 OK [READ-WRITE] Completed

Note that you have 'mailproxy' configured as the proxy_authname on your
frontend. Use imtest to simulate your frontend:

imtest -m plain -a mailproxy imap1.eurecom.fr
imtest -m plain -a mailproxy -u <some_user> imap1.eurecom.fr

>The problem seems to be the proxy connections through frontend to the
>server with a backend role.
>
>From client(s), connection to frontend is the issue
>
>001 login standard xxxxxxx

>X-QUOTA=X-NUM-FOLDERS IDLE] User logged in

>Once I get connected and authenticated, I launch the command
>“select inbox”, but I receive the message
>A001 SELECT INBOX
>A001 NO Server(s) unavailable to complete operation
>
>In the log files there is an error from both frontend and backend
>
>From frontend:
>cassandra cyrus/imap[19868]:
>couldn't authenticate to backend server: authentication failure
>
>From backend:
>imap1 cyrus1/master
>about to exec /opt/cyrus-imapd_3.0.7-cyrus1/libexec/imapd
>
>imap1 cyrus1/imap[11632]: SASL could not find auxprop plugin, was
>searching for '[all]'

The above error is probably not important.

>badlogin: cassandra.eurecom.fr [192.168.106.61] PLAIN [SASL(-4): no
>mechanism available: Password verification failed]

Check that the plain mechanism is available on the backend with
'pluginviewer', and verify your mailproxy credentials.

>On the backend:
>
>admins: cyrus1 cyrus postman
>allowallsubscribe: yes
>allowplaintext: yes
>allowusermoves: yes
>auditlog: yes
>configdirectory: /global/cyrus1/var/mail
>defaultpartition: default
>duplicate_db_path: /var/run/cyrus1/deliver.db
>hashimapspool: yes
>debug: yes
>httpmodules: caldav carddav
>idlesocket: /var/run/cyrus1/idle
>mboxname_lockpath: /var/run/cyrus1_lock
>mupdate_authname: postman
>mupdate_password: xxxxxxx
>mupdate_server: cassandra.eurecom.fr
>mupdate_username: postman
>popminpoll: 1
>proc_path: /var/run/cyrus1_proc
>proxy_authname: mailproxy
>proxy_password: yyyyyyyy
>proxyservers: mailproxy cyrus1 cyrus
>ptscache_db_path: /var/run/cyrus1/ptscache.db
>servername: imap1.eurecom.fr
>sievedir: /global/cyrus1/var/sieve
>statuscache_db_path: /var/run/cyrus1/statuscache.db
>syslog_prefix: cyrus1
>tls_sessions_db_path: /var/run/cyrus1/tls_sessions.db

>sasl_saslauthd_path: /global/cyrus1/var/state/saslauthd/mux
>sasl_mech_list: plain
>sasl_auto_transition: no
>sasl_pwcheck_method: saslauthd

>partition-default: /global/cyrus1/mail
>lmtp_admins: mailproxy cyrus1 cyrus

>on the frontend/mupdate master:
>
>admins: cyrus cyrus1 postman
>allowallsubscribe: yes
>allowplaintext: yes
>allowusermoves: yes
>auditlog: yes
>configdirectory: /global/cyrus/var/mail
>defaultpartition: default
>duplicate_db_path: /var/run/cyrus/deliver.db
>force_sasl_client_mech: PLAIN
>hashimapspool: yes
>debug: yes
>httpmodules: caldav carddav
>idlesocket: /var/run/cyrus/idle
>mboxname_lockpath: /var/run/cyrus_lock
>mupdate_authname: postman
>mupdate_password: xxxxxxx
>mupdate_server: cassandra.eurecom.fr
>mupdate_username: postman
>popminpoll: 1
>proc_path: /var/run/cyrus_proc
>proxy_authname: mailproxy
>proxy_password: yyyyyyyyy
>ptscache_db_path: /var/run/cyrus/ptscache.db
>servername: cassandra.eurecom.fr
>sievedir: /global/cyrus/var/sieve
>statuscache_db_path: /var/run/cyrus/statuscache.db
>syslog_prefix: cyrus

>cassandra_mechs: PLAIN
>sasl_saslauthd_path: /global/cyrus/var/state/saslauthd/mux
>imap1_mechs: PLAIN
>sasl_mech_list: plain
>sasl_auto_transition: no
>sasl_pwcheck_method: saslauthd

>partition-default: /global/cyrus/mail

-- 
Dan White