date:20150728

Cyrus murder auth issue

2015-07-28 Thread Forster, Gabriel

Hello,

This was asked in the Kolab list, but they mentioned this list may be more 
appropriate:

Trying to get Kolab 3.4 setup in a distrubuted environment. The last piece of 
the puzzle seems to be getting Cyrus configured correctly for a murder 
environement. Currently, only using 1 frontend and one backend.

mupdatetest and testsaslauthd checks seem to work fine. But, when trying to 
create a user account using the command-line cyradm tools, from the backend, 
I'm getting the following error:


cyradm -t  -u kolab -w ${password} ${cyrus_host}

verify error:num=18:self signed certificate

 cm user/kolab3test

verify error:num=18:self signed certificate

Invalid user at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Admin.pm line 118

cyradm: cannot authenticate to [redacted.fqdn.backend.server]


and directly from the frontend:

 cm user/kolab3test

Password:

IMAP Password:

  Invalid user at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Admin.pm 
line 118

cyradm: cannot authenticate to [redacted.fqdn.backend.server]


/var/log/messages on the backend only shows perl: No worthy mechs found

and /var/log/maillog says:

 imap[27001]: SASL bad userid authenticated

imap[27001]: badlogin: [redacted.fqdn.frontend.server] [10.2.1.26] PLAIN 
[SASL(-13): authentication failure: bad userid authenticated]



Gabriel Forster | Email and Directory Services

This message, including any attachments, is the property of Sears Holdings 
Corporation and/or one of its subsidiaries. It is confidential and may contain 
proprietary or legally privileged information. If you are not the intended 
recipient, please delete it without reading the contents. Thank you.

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

RE: Cyrus murder auth issue

2015-07-28 Thread Forster, Gabriel

On 07/28/15 16:37 +, Forster, Gabriel wrote:
Hello,

This was asked in the Kolab list, but they mentioned this list may be more 
appropriate:

Trying to get Kolab 3.4 setup in a distrubuted environment. The last piece of 
the puzzle seems to be getting Cyrus configured correctly for a murder 
environement. Currently, only using 1 frontend and one backend.

mupdatetest and testsaslauthd checks seem to work fine. But, when trying to 
create a user account using the command-line cyradm tools, from the backend, 
I'm getting the following error:


cyradm -t  -u kolab -w ${password} ${cyrus_host}

verify error:num=18:self signed certificate

 cm user/kolab3test

verify error:num=18:self signed certificate

Invalid user at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Admin.pm line 118

cyradm: cannot authenticate to [redacted.fqdn.backend.server]


and directly from the frontend:

 cm user/kolab3test

Password:

IMAP Password:

  Invalid user at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Admin.pm 
 line 118

cyradm: cannot authenticate to [redacted.fqdn.backend.server]


/var/log/messages on the backend only shows perl: No worthy mechs found

and /var/log/maillog says:

 imap[27001]: SASL bad userid authenticated

imap[27001]: badlogin: [redacted.fqdn.frontend.server] [10.2.1.26] PLAIN 
[SASL(-13): authentication failure: bad userid authenticated]

Check your auth facility syslog (e.g. /var/log/auth.log) as well.

Verify your configuration with:

http://cyrusimap.org/docs/cyrus-imapd/2.5.4/install-murder.php

For further assistance, provide redacted copies of your /etc/imapd.conf,
/etc/cyrus.conf, and saslauthd.conf (if existing) files for both the
frontent and backend servers.

--
Dan White

___

Thanks for the response. Redacted versions of /etc/imapd.conf, 
/etc/saslauthd.conf and /etc/cyrus.conf for both frontend and backend servers 
are below.

BACKEND /etc/imapd.conf
configdirectory: /srv/imap/be/lib
# partition-default: /var/spool/imap
partition-default: /srv/imap/be/spool

# admins: kolab
admins: kolab
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
# sasl_pwcheck_method: saslauthd
sasl_pwcheck_method: saslauthd
# sasl_mech_list: PLAIN LOGIN
sasl_mech_list: PLAIN
# allowplaintext: no
allowplaintext: 1


 tls_server_cert: /var/imap/server.pem
 tls_server_key: /var/imap/server.pem
# tls_server_ca_file: /var/imap/server.pem
# tls_client_ca_file: /var/imap/server.pem

# uncomment this if you're operating in a DSCP environment (RFC-4594)
# qosmarking: af13
auth_mech: pts
pts_module: ldap

ldap_servers: {redacted}
ldap_sasl: 0

ldap_base: ou=people,o=intra,dc={redacted},dc={redacted}
ldap_bind_dn: uid={redacted},ou=People,o={redacted},dc={redacted},dc={redacted}
ldap_password: F@{redacted}
ldap_filter: {redacted}
ldap_user_attribute: uid
ldap_group_base: o=intra,dc={redacted},dc={redacted}
ldap_bind_dn: uid={redacted},ou=People,o=intra,dc={redacted},dc={redacted}
ldap_password: {redacted}
ldap_filter:{redacted}
ldap_user_attribute: uid
ldap_group_base: o=intra,dc={redacted},dc={redacted}
ldap_group_filter: 
((cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition))
ldap_group_scope: one
ldap_member_base: ou=People,o=intra,dc={redacted},dc={redacted}
ldap_member_method: attribute
ldap_member_attribute: nsrole
ldap_restart: 1
ldap_timeout: 10
ldap_time_limit: 10

# allowallsubscribe: 0
allowallsubscribe: 1
allowusermoves: 1
altnamespace: 1
hashimapspool: 1
unixhierarchysep: 1

annotation_definitions: /etc/imapd.annotations.conf
sieve_extensions: fileinto reject envelope body vacation imapflags notify 
include regex subaddress relational copy date index

anysievefolder: 1
fulldirhash: 0
sieveusehomedir: 0
# sieve_allowreferrals: 0
sieve_allowreferrals: 1

lmtp_downcase_rcpt: 1
lmtp_fuzzy_mailbox_match: 1
username_tolower: 1

deletedprefix: DELETED
delete_mode: delayed
expunge_mode: delayed

# This value not in Kolab 2
postuser: shared

# Only run a murder on the master site

# We run a discreet murder
mupdate_config: standard

# Mailbox master runs on the first frontend
mupdate_server: {redacted}
mupdate_port: 3905
mupdate_authname: {redacted}
mupdate_username: {redacted}
mupdate_password: {redacted}-

# proxyservers: murder
proxyservers: {redacted}
proxy_authname: {redacted}
proxy_password: {redacted}-

# virtdomains: userid
virtdomains: off

FRONTEND /etc/imapd.conf

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: {redacted}
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail

sasl_pwcheck_method: saslauthd auxprop
sasl_auxprop_plugin: sasldb
sasl_mech_list: PLAIN
allowplaintext: 1

auth_mech: pts
pts_module: ldap



ldap_servers: ldap://{redacted}



ldap_sasl: 0
ldap_base: ou=people,o=intra,dc={redacted},dc={redacted}
ldap_scope: one
ldap_bind_dn: uid={redacted},ou=People,o=intra,dc={redacted},dc={redacted}
ldap_password: {redacted}
ldap_filter: {redacted}
ldap_user_attribute: uid
ldap_group_base: o=intra,dc={redacted},dc={redacted}

Re: Cyrus murder auth issue

2015-07-28 Thread Dan White

On 07/28/15 16:37 +, Forster, Gabriel wrote:
Hello,

This was asked in the Kolab list, but they mentioned this list may be more 
appropriate:

Trying to get Kolab 3.4 setup in a distrubuted environment. The last piece of 
the puzzle seems to be getting Cyrus configured correctly for a murder 
environement. Currently, only using 1 frontend and one backend.

mupdatetest and testsaslauthd checks seem to work fine. But, when trying to 
create a user account using the command-line cyradm tools, from the backend, 
I'm getting the following error:


cyradm -t  -u kolab -w ${password} ${cyrus_host}

verify error:num=18:self signed certificate

 cm user/kolab3test

verify error:num=18:self signed certificate

Invalid user at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Admin.pm line 118

cyradm: cannot authenticate to [redacted.fqdn.backend.server]


and directly from the frontend:

 cm user/kolab3test

Password:

IMAP Password:

  Invalid user at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Admin.pm 
 line 118

cyradm: cannot authenticate to [redacted.fqdn.backend.server]


/var/log/messages on the backend only shows perl: No worthy mechs found

and /var/log/maillog says:

 imap[27001]: SASL bad userid authenticated

imap[27001]: badlogin: [redacted.fqdn.frontend.server] [10.2.1.26] PLAIN 
[SASL(-13): authentication failure: bad userid authenticated]

Check your auth facility syslog (e.g. /var/log/auth.log) as well.

Verify your configuration with:

http://cyrusimap.org/docs/cyrus-imapd/2.5.4/install-murder.php

For further assistance, provide redacted copies of your /etc/imapd.conf,
/etc/cyrus.conf, and saslauthd.conf (if existing) files for both the
frontent and backend servers.

-- 
Dan White

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Cyrus murder auth issue

2015-07-28 Thread Dan White

On 07/28/15 16:37 +, Forster, Gabriel wrote:
mupdatetest and testsaslauthd checks seem to work fine. But, when trying
to create a user account using the command-line cyradm tools, from the
backend, I'm getting the following error:

cyradm -t  -u kolab -w ${password} ${cyrus_host}

 cm user/kolab3test

Invalid user at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Admin.pm line 118
cyradm: cannot authenticate to [redacted.fqdn.backend.server]

and directly from the frontend:

 cm user/kolab3test
Password:
IMAP Password:

  Invalid user at /usr/lib64/perl5/vendor_perl/Cyrus/IMAP/Admin.pm 
 line 118

cyradm: cannot authenticate to [redacted.fqdn.backend.server]

/var/log/messages on the backend only shows perl: No worthy mechs found

and /var/log/maillog says:

 imap[27001]: SASL bad userid authenticated

imap[27001]: badlogin: [redacted.fqdn.frontend.server] [10.2.1.26] PLAIN 
[SASL(-13): authentication failure: bad userid authenticated]

On 07/28/15 18:33 +, Forster, Gabriel wrote:
BACKEND /etc/imapd.conf
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
allowplaintext: 1
allowallsubscribe: 1
allowusermoves: 1
altnamespace: 1
hashimapspool: 1
unixhierarchysep: 1
anysievefolder: 1
fulldirhash: 0
username_tolower: 1
postuser: shared
mupdate_config: standard
mupdate_server: {redacted}
mupdate_port: 3905
mupdate_authname: {redacted}
mupdate_username: {redacted}
mupdate_password: {redacted}-
proxyservers: {redacted}
proxy_authname: {redacted}
proxy_password: {redacted}-
virtdomains: off

FRONTEND /etc/imapd.conf
sasl_pwcheck_method: saslauthd auxprop
sasl_auxprop_plugin: sasldb
sasl_mech_list: PLAIN
allowplaintext: 1
allowallsubscribe: 1
allowusermoves: 1
altnamespace: 1
hashimapspool: 1
unixhierarchysep: 1
anysievefolder: 1
fulldirhash: 0
username_to_lower: 1
normalizeuid: 1
deletedprefix: DELETED
delete_mode: delayed
expunge_mode: delayed
mupdate_config: standard

mupdate_server: {redacted}
mupdate_port: 3905
mupdate_authname: {redacted}
mupdate_username: {redacted}
mupdate_password: {redacted}

This block may confuse your proxyd processes. Try removing it and
retesting.

defaultserver: {redacted}
serverlist: {redacted}
proxy_authname: {redacted}
proxy_password: {redacted}
virtdomains: off

FRONTEND /etc/cyrus.conf
mupdate cmd=mupdate -mlisten=3905 
 prefork=1

Again, consult your auth facility syslog for sasl related problems. Does
imap authentication (imtest) succeed?

-- 
Dan White

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Cyrus murder auth issue

RE: Cyrus murder auth issue

Re: Cyrus murder auth issue

Re: Cyrus murder auth issue

4 matches

Site Navigation

Mail list logo

Footer information