Re: SASL issues - can login once then not at all
Thanks for the reply Scott... Removing the extra lib files has removed the error from auth.log, however the imapd daemon is still present and as such I cannot relogin. Here's the mail.log again with the removed library files: Dec 28 16:28:31 soapbox cyrus/imapd[22256]: badlogin: soapbox[127.0.0.1] plaintext jb SASL(-13): user not found: checkpass failed Dec 28 16:28:34 soapbox cyrus/imapd[22256]: telling master 1 Dec 28 16:28:34 soapbox cyrus/master[22197]: service imap pid 22256 in BUSY state: now available and in READY state Dec 28 16:28:34 soapbox cyrus/master[22197]: service imap now has 1 ready workers Dec 28 16:29:34 soapbox cyrus/master[22197]: process 22256 exited, status 0 Dec 28 16:29:34 soapbox cyrus/master[22197]: service imap now has 0 ready workers I'm using the distribution Ubuntu "Breezy" and as such using Cyrus 2.1.18. Not sure about the compiler, I believe it is 3.3 but might be gcc 4.0. Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SASL issues - can login once then not at all
Hi JB, I think your problem is you're including plugins you do not need. If you'd like my 10cents, you should 'rm' the plugins or 'mv' them so that SASL no longer finds them. cd /usr/lib/sasl2;ls desolation ~ # cd /usr/lib/sasl2 desolation sasl2 # ls libanonymous.la libdigestmd5.la libplain.la libanonymous.so libdigestmd5.so libplain.so libanonymous.so.2 libdigestmd5.so.2 libplain.so.2 libanonymous.so.2.0.21 libdigestmd5.so.2.0.21 libplain.so.2.0.21 libcrammd5.la liblogin.la libsasldb.la libcrammd5.so liblogin.so libsasldb.so libcrammd5.so.2 liblogin.so.2 libsasldb.so.2 libcrammd5.so.2.0.21liblogin.so.2.0.21 libsasldb.so.2.0.21 As you can see, you can 'mv' those libdigestmd5.* and libcrammd5.so.* if you do not want them to be supported. Same with otp, and others. As far as the imapd staying alive, I will let someone else answer that since I do not have that problem. But if you'd like, you can enlighten us with some more details of your setup, what OS (eg linux, solaris) and what distro if applicable with gcc version and whatnot. The more details, the more we can help. Thanks, On Wed, 28 Dec 2005 14:18:19 +1000 JB Hewitt <[EMAIL PROTECTED]> wrote: > Thanks for your reply Andreas, > > testsaslauthd works flawlessly everytime. I have indeed have the > "sasl_mech_list: plain login" line in my imapd.conf also... > > It's quite strange as it works the first time I start the cyrus > server up, and then any subsequent times results in failure. > For instance, here is an example of the login process... > [EMAIL PROTECTED]:~# /etc/init.d/cyrus21 start > Starting Cyrus IMAPd: cyrmaster. > [EMAIL PROTECTED]:~# cyradm -u jb localhost > IMAP Password: > soapbox> lm > user.jb (\HasNoChildren) user.test2 (\HasNoChildren) > user.johnblade (\HasNoChildren) > soapbox> exit > [EMAIL PROTECTED]:~# cyradm -u jb localhost > Password: > cyradm: cannot authenticate to server as user jb > [EMAIL PROTECTED]:~# > > > Reading the log files from this attempt looks like this for mail.log: > Dec 28 14:12:56 soapbox cyrus/imapd[21453]: accepted connection > Dec 28 14:12:59 soapbox cyrus/imapd[21453]: login: soapbox[127.0.0.1] > jb plaintext > Dec 28 14:13:00 soapbox cyrus/imapd[21453]: accepted connection > Dec 28 14:13:02 soapbox cyrus/imapd[21453]: badlogin: > soapbox[127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: no secret > in database] Dec 28 14:14:05 soapbox cyrus/master[21446]: process > 21453 exited, status 0 > > and for auth.log > Dec 28 14:16:37 soapbox cyrus/imapd[21498]: OTP unavailable because > can't read/w > rite key database /etc/opiekeys: No such file or directory > Dec 28 14:16:37 soapbox cyrus/imapd[21498]: DIGEST-MD5 server step 1 > Dec 28 14:16:37 soapbox perl: DIGEST-MD5 client step 2 > Dec 28 14:16:39 soapbox cyrus/imapd[21498]: DIGEST-MD5 server step 2 > Dec 28 14:16:39 soapbox cyrus/imapd[21498]: no secret in database > Dec 28 14:16:42 soapbox perl: NTLM client step 1 > Dec 28 14:16:42 soapbox cyrus/imapd[21498]: NTLM server step 1 > Dec 28 14:16:42 soapbox cyrus/imapd[21498]: client flags: 207 > Dec 28 14:16:42 soapbox perl: NTLM client step 2 > Dec 28 14:16:42 soapbox perl: No worthy mechs found > Dec 28 14:17:01 soapbox CRON[21507]: (pam_unix) session opened for > user root by > (uid=0) > Dec 28 14:17:01 soapbox CRON[21507]: (pam_unix) session closed for > user root > > > Any ideas? > > > > If you use saslauthd, you forgot to suppress DIGEST-MD5. saslauthd > > can only > > handle plain and login. Add something like "sasl_mech_list: plain > > login" to > > your imapd.conf. > > > > If saslauthd itself works, you can test with "testsaslauthd". > > > > > -- > Regards, > JB Hewitt > Business: http://www.stcpl.com.au > Blog: http://blade.lansmash.com > Best LAN ever: http://www.lansmash.com > How to ask a ?: http://www.catb.org/~esr/faqs/smart-questions.html > > > !DSPAM:43b227e559135939618124! -- "What does one want when one is engaged in the sexual act? That everything around you give you its utter attention Think only of you, care only for you... Every man wants to be a tyrant when he fornicates" Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SASL issues - can login once then not at all
One last thing I've noted... after logging in succesfully I noticed that an imapd daemon spawned and stayed alive even when logging out of cyradm. When the daemon eventually dies (around a minute) I can then relogin successfully into the server. I have tested this on another box and the daemon instantly disapeared as soon as I logout, unlike this broken one where it stays alive... so i'm not sure why the daemon is staying alive. Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Global admin fails via saslauthd and ldap
Hello, We have the following set in the imapd.conf for 2.3.1 install: virtdomains: on admins: globaladmin [EMAIL PROTECTED] defaultdomain: xyz.com and in saslauthd.conf: ldap_default_realm: xyz.com Following cyradm logins fail for the 'globaladmin', whether or not FQDN is passed as an option of '-u' argument: cyradm -u globaladmin localhost cyradm -u [EMAIL PROTECTED] localhost However [EMAIL PROTECTED] succeeds in login. Ldap logs indicate that the domain passed for 'globaladmin' is 'adari.net' and not xyz.com. It appears that the application is doing a reverse dns and obtaining the domain 'adari.net' instead of using the defaultdomain (ldap_default_realm). Any other parameters to set for the system to pick the right domain (ie xyz.com) for the globaladmin? Thanks __ Seva Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: SASL issues - can login once then not at all
Thanks for your reply Andreas, testsaslauthd works flawlessly everytime. I have indeed have the "sasl_mech_list: plain login" line in my imapd.conf also... It's quite strange as it works the first time I start the cyrus server up, and then any subsequent times results in failure. For instance, here is an example of the login process... [EMAIL PROTECTED]:~# /etc/init.d/cyrus21 start Starting Cyrus IMAPd: cyrmaster. [EMAIL PROTECTED]:~# cyradm -u jb localhost IMAP Password: soapbox> lm user.jb (\HasNoChildren) user.test2 (\HasNoChildren) user.johnblade (\HasNoChildren) soapbox> exit [EMAIL PROTECTED]:~# cyradm -u jb localhost Password: cyradm: cannot authenticate to server as user jb [EMAIL PROTECTED]:~# Reading the log files from this attempt looks like this for mail.log: Dec 28 14:12:56 soapbox cyrus/imapd[21453]: accepted connection Dec 28 14:12:59 soapbox cyrus/imapd[21453]: login: soapbox[127.0.0.1] jb plaintext Dec 28 14:13:00 soapbox cyrus/imapd[21453]: accepted connection Dec 28 14:13:02 soapbox cyrus/imapd[21453]: badlogin: soapbox[127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: no secret in database] Dec 28 14:14:05 soapbox cyrus/master[21446]: process 21453 exited, status 0 and for auth.log Dec 28 14:16:37 soapbox cyrus/imapd[21498]: OTP unavailable because can't read/w rite key database /etc/opiekeys: No such file or directory Dec 28 14:16:37 soapbox cyrus/imapd[21498]: DIGEST-MD5 server step 1 Dec 28 14:16:37 soapbox perl: DIGEST-MD5 client step 2 Dec 28 14:16:39 soapbox cyrus/imapd[21498]: DIGEST-MD5 server step 2 Dec 28 14:16:39 soapbox cyrus/imapd[21498]: no secret in database Dec 28 14:16:42 soapbox perl: NTLM client step 1 Dec 28 14:16:42 soapbox cyrus/imapd[21498]: NTLM server step 1 Dec 28 14:16:42 soapbox cyrus/imapd[21498]: client flags: 207 Dec 28 14:16:42 soapbox perl: NTLM client step 2 Dec 28 14:16:42 soapbox perl: No worthy mechs found Dec 28 14:17:01 soapbox CRON[21507]: (pam_unix) session opened for user root by (uid=0) Dec 28 14:17:01 soapbox CRON[21507]: (pam_unix) session closed for user root Any ideas? If you use saslauthd, you forgot to suppress DIGEST-MD5. saslauthd can onlyhandle plain and login. Add something like "sasl_mech_list: plain login" to your imapd.conf.If saslauthd itself works, you can test with "testsaslauthd".-- Regards, JB HewittBusiness: http://www.stcpl.com.auBlog: http://blade.lansmash.comBest LAN ever: http://www.lansmash.comHow to ask a ?: http://www.catb.org/~esr/faqs/smart-questions.html Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
two-way rolling replication
Hi, The replication feature available in Cyrus IMAPd 2.3.x is very exciting! Before starting testing it I would like to know if replication protocol supports virtual domains? I also look for solution to allow me to have two email servers - one in the office and one hosted off the office in a ISP datacenter. All users in the office use local email server and all travelers connect to the server in ISP datacenter and both servers keep in sync. Is two-way rolling replication is possible and suitable for such setup? Cheers, Milen Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
