Hi Patrick,
I do apologize, that message was hurried so I could get it out and
you are right, I did not correctly label things. Your suggestion
fixed my main problem, however, a new problem appeared.
It started to work when I set the replica to use "sasl_mech_list:
PLAIN". I had accidentally put this line into my master instead of
the replica, hence, why it didn't work.
So the replica works, but something else is broken:
Right now the sync is updating at at least once a second.
Unfortunately, it is tying up all of the resources on the replica,
leading it to thrash and eventually crash.
I set this option in imapd.conf files on both master and replica, but
it has no effect:
sync_repeat_interval: 10
One other note: I found it interesting that the
install-replication.html instructions never mentioned adding a
prefork=1 to the sync-server and sync-client SERVICE lines. I added
these and it was the only way I could keep the sync-server and
sync-client running in the background. It makes me wonder if this has
something to do with my problem the runaway replication, especially
since now I have two sync_client and two sync_server daemons
running......(sync_client running on master, sync_server on replica)
syncclient cmd="/usr/lib/cyrus-imapd/sync_client -r" listen="csync"
prefork=1
syncserver cmd="/usr/lib/cyrus-imapd/sync_server" listen="csync"
prefork=1
Here are some logs and other data:
imapd.conf on the master (LMC1)
------------------------
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus davidk
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
sync_authname: cyrus
sync_log: 1
sync_host: lmc2.cs.umass.edu
sync_repeat_interval: 10
sync_password: XXXXXXXXX
tls_cipher_list: PLAIN TLSv1 :SSLv3 :SSLv2 : !DES : !LOW :@STRENGTH
tls_ca_file: /usr/share/ssl/certs/cyrus1.pem
tls_cert_file: /usr/share/ssl/certs/cyrus1.pem
tls_key_file: /usr/share/ssl/certs/cyrus.key
imapd.conf on the replica (LMC2)
-------------------------
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus davidk
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
sync_repeat_interval: 10
sync_machineid:2
sync_log: 1
tls_cipher_list: PLAIN TLSv1 :SSLv3 :SSLv2 : !DES : !LOW :@STRENGTH
tls_ca_file: /usr/share/ssl/certs/cyrus2.pem
tls_cert_file: /usr/share/ssl/certs/cyrus2.pem
tls_key_file: /usr/share/ssl/certs/cyrus.key
Running log of the Master:
-------------------------
May 17 11:30:56 lmc1 master[20248]: process 20361 exited, status 0
May 17 11:30:56 lmc1 sync_client[20364]: Doing a peer verify
May 17 11:30:56 lmc1 sync_client[20364]: Doing a peer verify
May 17 11:30:56 lmc1 master[20367]: about to exec
/usr/lib/cyrus-imapd/sync_client
May 17 11:30:56 lmc1 sync_client[20364]: received server certificate
May 17 11:30:56 lmc1 sync_client[20364]: starttls: TLSv1 with cipher
AES256-SHA (256/256 bits new) no authentication
May 17 11:30:56 lmc1 sync_client[20367]: Doing a peer verify
May 17 11:30:56 lmc1 sync_client[20367]: Doing a peer verify
May 17 11:30:56 lmc1 sync_client[20367]: received server certificate
May 17 11:30:56 lmc1 sync_client[20367]: starttls: TLSv1 with cipher
AES256-SHA (256/256 bits new) no authentication
May 17 11:30:56 lmc1 master[20248]: process 20367 exited, status 0
May 17 11:30:56 lmc1 master[20370]: about to exec
/usr/lib/cyrus-imapd/sync_client
May 17 11:30:57 lmc1 sync_client[20370]: Doing a peer verify
May 17 11:30:57 lmc1 sync_client[20370]: Doing a peer verify
May 17 11:30:57 lmc1 sync_client[20370]: received server certificate
May 17 11:30:57 lmc1 sync_client[20370]: starttls: TLSv1 with cipher
AES256-SHA (256/256 bits new) no authentication
May 17 11:30:57 lmc1 master[20248]: process 20364 exited, status 0
May 17 11:30:57 lmc1 master[20373]: about to exec
/usr/lib/cyrus-imapd/sync_client
May 17 11:30:57 lmc1 master[20248]: process 20370 exited, status 0
May 17 11:30:57 lmc1 master[20376]: about to exec
/usr/lib/cyrus-imapd/sync_client
May 17 11:30:57 lmc1 sync_client[20373]: Doing a peer verify
May 17 11:30:57 lmc1 sync_client[20373]: Doing a peer verify
May 17 11:30:57 lmc1 sync_client[20373]: received server certificate
May 17 11:30:57 lmc1 sync_client[20373]: starttls: TLSv1 with cipher
AES256-SHA (256/256 bits new) no authentication
May 17 11:30:57 lmc1 sync_client[20376]: Doing a peer verify
Running log of the Replica:
--------------------------
May 17 11:30:56 lmc2 master[17441]: about to exec
/usr/lib/cyrus-imapd/sync_server
May 17 11:30:56 lmc2 syncserver[17440]: accepted connection
May 17 11:30:56 lmc2 syncserver[17440]: cmdloop(): startup
May 17 11:30:57 lmc2 syncserver[17441]: executed
May 17 11:30:57 lmc2 syncserver[17440]: starttls: TLSv1 with cipher
AES256-SHA (256/256 bits new) no authentication
May 17 11:30:57 lmc2 syncserver[17438]: login: lmc1.cs.umass.edu
[128.119.243.236] cyrus PLAIN+TLS User logged in
May 17 11:30:57 lmc2 master[17442]: about to exec
/usr/lib/cyrus-imapd/sync_server
May 17 11:30:57 lmc2 syncserver[17441]: accepted connection
May 17 11:30:57 lmc2 syncserver[17442]: executed
May 17 11:30:57 lmc2 syncserver[17441]: cmdloop(): startup
May 17 11:30:57 lmc2 syncserver[17440]: login: lmc1.cs.umass.edu
[128.119.243.236] cyrus PLAIN+TLS User logged in
May 17 11:30:57 lmc2 master[17443]: about to exec
/usr/lib/cyrus-imapd/sync_server
May 17 11:30:57 lmc2 syncserver[17442]: accepted connection
May 17 11:30:57 lmc2 syncserver[17442]: cmdloop(): startup
May 17 11:30:57 lmc2 syncserver[17443]: executed
Thank you for any help!
It is much appreciated!
David
Patrick H Radtke wrote:
PLAIN for sasl_pwcheck_method isn't a valid option. Keep it as
saslauthd (and then make sure the testsaslauthd program works with
your sync username and password).
I think you showed me your primary imapd.conf and not the replica's.
What does imtest show you when you log into the replica (capability
lines)?
-Patrick
On Tue, 16 May 2006, David Korpiewski wrote:
Hello Patrick!
I set the sasl_pwcheck_method to be PLAIN from what it used to be
(saslauthd) on the replica server.
Still doesn't work though, it gives me this error:
badlogin: lmc1.cs.umass.edu [128.119.243.236] DIGEST-MD5 [SASL(-13):
user not found: no secret in database]
HISTORY:
our servers are set up with saslauthd for their sasl_pwcheck_method.
Saslauthd uses PAM for ldap authentication. This works fine for
receiving email and authenticating users with their mail clients.
However, this doesn't appear to work for sync_server when
authenticating the sync_client.
These are pieces of my replica's imapd.conf:
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
sync_authname: cyrus
sync_log: 1
sync_host: lmc2.cs.umass.edu
sync_repeat_interval: 5
sync_password: XXXXXXXXXX
Thank you for any help you can offer!
David
Patrick Radtke wrote:
did you try setting
sasl_pwcheck_method on the replica?
'unix' isn't a SASL mechanism.
you may want to try PLAIN (what do you use currently on the primary
server)?
on the replica use this line
sasl_mech_list: PLAIN
to make it only advertise PLAIN authentication, and then the
primary machine will try using that sasl mechanism when connecting.
This will then invoke what you have for your sasl_pwcheck_method.
-Patrick
On May 16, 2006, at 3:47 PM, David Korpiewski wrote:
I'm in the middle of trying to set up replication. However, I
keep running into a problem.
The replication error I'm getting on the replica is this if I
don't specify a sync_authname and sync_password:
syncserver[7682]: starttls: TLSv1 with cipher AES256-SHA (256/256
bits new) no authentication
I get this error if I'm specifying a sync_authname and sync_password:
badlogin: lmc1.cs.umass.edu [128.119.243.236] DIGEST-MD5
[SASL(-13): user not found: no secret in database]
MY QUESTION IS THIS:
How can I change what sync_server uses for its authentication? I
want it to either use LDAP or the local passwd/shadow files. It
obviously keeps trying to use DIGEST-MD5, in which case it would
have to look for a md5 file in a particluar location, but I don't
see how to specify that either.
I tried setting auth_mech and sasl_auth_mech to be "unix" in the
/etc/imapd.conf but that doesn't change anything.
Can anyone help me?
Thanks,
David
----------------------------------------------------------
David Korpiewski Phone: 413-545-4319
Software Specialist I Fax: 413-577-2285
Department of Computer Science ICQ: 7565766
University of Massachusetts Amherst
--------------------------------------------------------
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
----------------------------------------------------------
David Korpiewski Phone: 413-545-4319
Software Specialist I Fax: 413-577-2285
Department of Computer Science ICQ: 7565766
University of Massachusetts Amherst
--------------------------------------------------------
----------------------------------------------------------
David Korpiewski Phone: 413-545-4319
Software Specialist I Fax: 413-577-2285
Department of Computer Science ICQ: 7565766
University of Massachusetts Amherst
--------------------------------------------------------
