Re: Cyrus murder auth issue
On 07/28/15 16:37 +, Forster, Gabriel wrote: >mupdatetest and testsaslauthd checks seem to work fine. But, when trying >to create a user account using the command-line cyradm tools, from the >backend, I'm getting the following error: > >cyradm -t "" -u kolab -w "${password}" ${cyrus_host} > >> cm user/kolab3test > >Invalid user at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Admin.pm line 118 >cyradm: cannot authenticate to [redacted.fqdn.backend.server] > >and directly from the frontend: > >> cm user/kolab3test >Password: >IMAP Password: > > Invalid user at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Admin.pm > line 118 > >cyradm: cannot authenticate to [redacted.fqdn.backend.server] > >/var/log/messages on the backend only shows "perl: No worthy mechs found" > >and /var/log/maillog says: > > imap[27001]: SASL bad userid authenticated > >imap[27001]: badlogin: [redacted.fqdn.frontend.server] [10.2.1.26] PLAIN >[SASL(-13): authentication failure: bad userid authenticated] On 07/28/15 18:33 +, Forster, Gabriel wrote: >BACKEND /etc/imapd.conf >sasl_pwcheck_method: saslauthd >sasl_mech_list: PLAIN >allowplaintext: 1 >allowallsubscribe: 1 >allowusermoves: 1 >altnamespace: 1 >hashimapspool: 1 >unixhierarchysep: 1 >anysievefolder: 1 >fulldirhash: 0 >username_tolower: 1 >postuser: shared >mupdate_config: standard >mupdate_server: {redacted} >mupdate_port: 3905 >mupdate_authname: {redacted} >mupdate_username: {redacted} >mupdate_password: {redacted}- >proxyservers: {redacted} >proxy_authname: {redacted} >proxy_password: {redacted}- >virtdomains: off >FRONTEND /etc/imapd.conf >sasl_pwcheck_method: saslauthd auxprop >sasl_auxprop_plugin: sasldb >sasl_mech_list: PLAIN >allowplaintext: 1 >allowallsubscribe: 1 >allowusermoves: 1 >altnamespace: 1 >hashimapspool: 1 >unixhierarchysep: 1 >anysievefolder: 1 >fulldirhash: 0 >username_to_lower: 1 >normalizeuid: 1 >deletedprefix: DELETED >delete_mode: delayed >expunge_mode: delayed >mupdate_config: standard >mupdate_server: {redacted} >mupdate_port: 3905 >mupdate_authname: {redacted} >mupdate_username: {redacted} >mupdate_password: {redacted} This block may confuse your proxyd processes. Try removing it and retesting. >defaultserver: {redacted} >serverlist: {redacted} >proxy_authname: {redacted} >proxy_password: {redacted} >virtdomains: off >FRONTEND /etc/cyrus.conf >mupdate cmd="mupdate -m"listen=3905 > prefork=1 Again, consult your auth facility syslog for sasl related problems. Does imap authentication (imtest) succeed? -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
RE: Cyrus murder auth issue
On 07/28/15 16:37 +, Forster, Gabriel wrote: >Hello, > >This was asked in the Kolab list, but they mentioned this list may be more >appropriate: > >Trying to get Kolab 3.4 setup in a distrubuted environment. The last piece of >the puzzle seems to be getting Cyrus configured correctly for a murder >environement. Currently, only using 1 frontend and one backend. > >mupdatetest and testsaslauthd checks seem to work fine. But, when trying to >create a user account using the command-line cyradm tools, from the backend, >I'm getting the following error: > > >cyradm -t "" -u kolab -w "${password}" ${cyrus_host} > >verify error:num=18:self signed certificate > >> cm user/kolab3test > >verify error:num=18:self signed certificate > >Invalid user at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Admin.pm line 118 > >cyradm: cannot authenticate to [redacted.fqdn.backend.server] > > >and directly from the frontend: > >> cm user/kolab3test > >Password: > >IMAP Password: > > Invalid user at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Admin.pm > line 118 > >cyradm: cannot authenticate to [redacted.fqdn.backend.server] > > >/var/log/messages on the backend only shows "perl: No worthy mechs found" > >and /var/log/maillog says: > > imap[27001]: SASL bad userid authenticated > >imap[27001]: badlogin: [redacted.fqdn.frontend.server] [10.2.1.26] PLAIN >[SASL(-13): authentication failure: bad userid authenticated] Check your auth facility syslog (e.g. /var/log/auth.log) as well. Verify your configuration with: http://cyrusimap.org/docs/cyrus-imapd/2.5.4/install-murder.php For further assistance, provide redacted copies of your /etc/imapd.conf, /etc/cyrus.conf, and saslauthd.conf (if existing) files for both the frontent and backend servers. -- Dan White ___ Thanks for the response. Redacted versions of /etc/imapd.conf, /etc/saslauthd.conf and /etc/cyrus.conf for both frontend and backend servers are below. BACKEND /etc/imapd.conf configdirectory: /srv/imap/be/lib # partition-default: /var/spool/imap partition-default: /srv/imap/be/spool # admins: kolab admins: kolab sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail # sasl_pwcheck_method: saslauthd sasl_pwcheck_method: saslauthd # sasl_mech_list: PLAIN LOGIN sasl_mech_list: PLAIN # allowplaintext: no allowplaintext: 1 tls_server_cert: /var/imap/server.pem tls_server_key: /var/imap/server.pem # tls_server_ca_file: /var/imap/server.pem # tls_client_ca_file: /var/imap/server.pem # uncomment this if you're operating in a DSCP environment (RFC-4594) # qosmarking: af13 auth_mech: pts pts_module: ldap ldap_servers: {redacted} ldap_sasl: 0 ldap_base: ou=people,o=intra,dc={redacted},dc={redacted} ldap_bind_dn: uid={redacted},ou=People,o={redacted},dc={redacted},dc={redacted} ldap_password: F@{redacted} ldap_filter: {redacted} ldap_user_attribute: uid ldap_group_base: o=intra,dc={redacted},dc={redacted} ldap_bind_dn: uid={redacted},ou=People,o=intra,dc={redacted},dc={redacted} ldap_password: {redacted} ldap_filter:{redacted} ldap_user_attribute: uid ldap_group_base: o=intra,dc={redacted},dc={redacted} ldap_group_filter: (&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition)) ldap_group_scope: one ldap_member_base: ou=People,o=intra,dc={redacted},dc={redacted} ldap_member_method: attribute ldap_member_attribute: nsrole ldap_restart: 1 ldap_timeout: 10 ldap_time_limit: 10 # allowallsubscribe: 0 allowallsubscribe: 1 allowusermoves: 1 altnamespace: 1 hashimapspool: 1 unixhierarchysep: 1 annotation_definitions: /etc/imapd.annotations.conf sieve_extensions: fileinto reject envelope body vacation imapflags notify include regex subaddress relational copy date index anysievefolder: 1 fulldirhash: 0 sieveusehomedir: 0 # sieve_allowreferrals: 0 sieve_allowreferrals: 1 lmtp_downcase_rcpt: 1 lmtp_fuzzy_mailbox_match: 1 username_tolower: 1 deletedprefix: DELETED delete_mode: delayed expunge_mode: delayed # This value not in Kolab 2 postuser: shared # Only run a murder on the master site # We run a discreet murder mupdate_config: standard # Mailbox master runs on the first frontend mupdate_server: {redacted} mupdate_port: 3905 mupdate_authname: {redacted} mupdate_username: {redacted} mupdate_password: {redacted}- # proxyservers: murder proxyservers: {redacted} proxy_authname: {redacted} proxy_password: {redacted}- # virtdomains: userid virtdomains: off FRONTEND /etc/imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: {redacted} sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail sasl_pwcheck_method: saslauthd auxprop sasl_auxprop_plugin: sasldb sasl_mech_list: PLAIN allowplaintext: 1 auth_mech: pts pts_module: ldap ldap_servers: ldap://{redacted} ldap_sasl: 0 ldap_base: ou=people,o=intra,dc={redacted},dc={redacted} ldap_scope: one ldap_bind_dn: uid={redacted},ou=People,o=intra,dc={redacted},dc={redacted} ldap_password: {redacted} ldap_filter: {redacted} ldap_user_attribute: ui
Re: Cyrus murder auth issue
On 07/28/15 16:37 +, Forster, Gabriel wrote: >Hello, > >This was asked in the Kolab list, but they mentioned this list may be more >appropriate: > >Trying to get Kolab 3.4 setup in a distrubuted environment. The last piece of >the puzzle seems to be getting Cyrus configured correctly for a murder >environement. Currently, only using 1 frontend and one backend. > >mupdatetest and testsaslauthd checks seem to work fine. But, when trying to >create a user account using the command-line cyradm tools, from the backend, >I'm getting the following error: > > >cyradm -t "" -u kolab -w "${password}" ${cyrus_host} > >verify error:num=18:self signed certificate > >> cm user/kolab3test > >verify error:num=18:self signed certificate > >Invalid user at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Admin.pm line 118 > >cyradm: cannot authenticate to [redacted.fqdn.backend.server] > > >and directly from the frontend: > >> cm user/kolab3test > >Password: > >IMAP Password: > > Invalid user at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Admin.pm > line 118 > >cyradm: cannot authenticate to [redacted.fqdn.backend.server] > > >/var/log/messages on the backend only shows "perl: No worthy mechs found" > >and /var/log/maillog says: > > imap[27001]: SASL bad userid authenticated > >imap[27001]: badlogin: [redacted.fqdn.frontend.server] [10.2.1.26] PLAIN >[SASL(-13): authentication failure: bad userid authenticated] Check your auth facility syslog (e.g. /var/log/auth.log) as well. Verify your configuration with: http://cyrusimap.org/docs/cyrus-imapd/2.5.4/install-murder.php For further assistance, provide redacted copies of your /etc/imapd.conf, /etc/cyrus.conf, and saslauthd.conf (if existing) files for both the frontent and backend servers. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cyrus murder auth issue
Hello, This was asked in the Kolab list, but they mentioned this list may be more appropriate: Trying to get Kolab 3.4 setup in a distrubuted environment. The last piece of the puzzle seems to be getting Cyrus configured correctly for a murder environement. Currently, only using 1 frontend and one backend. mupdatetest and testsaslauthd checks seem to work fine. But, when trying to create a user account using the command-line cyradm tools, from the backend, I'm getting the following error: cyradm -t "" -u kolab -w "${password}" ${cyrus_host} verify error:num=18:self signed certificate > cm user/kolab3test verify error:num=18:self signed certificate Invalid user at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Admin.pm line 118 cyradm: cannot authenticate to [redacted.fqdn.backend.server] and directly from the frontend: > cm user/kolab3test Password: IMAP Password: Invalid user at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Admin.pm line 118 cyradm: cannot authenticate to [redacted.fqdn.backend.server] /var/log/messages on the backend only shows "perl: No worthy mechs found" and /var/log/maillog says: imap[27001]: SASL bad userid authenticated imap[27001]: badlogin: [redacted.fqdn.frontend.server] [10.2.1.26] PLAIN [SASL(-13): authentication failure: bad userid authenticated] Gabriel Forster | Email and Directory Services This message, including any attachments, is the property of Sears Holdings Corporation and/or one of its subsidiaries. It is confidential and may contain proprietary or legally privileged information. If you are not the intended recipient, please delete it without reading the contents. Thank you. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus