Re: Replication problem

From: David Korpiewski (no email)
Date: Wed May 17 2006 - 12:17:39 EDT

  • Next message: Larry Rosenbaum: "RE: Outlook does not delete but displays deleted messages as strike-through"

    Hi Patrick,
        I do apologize, that message was hurried so I could get it out and
    you are right, I did not correctly label things. Your suggestion fixed
    my main problem, however, a new problem appeared.

    It started to work when I set the replica to use "sasl_mech_list:
    PLAIN". I had accidentally put this line into my master instead of the
    replica, hence, why it didn't work.

    So the replica works, but something else is broken:

    Right now the sync is updating at at least once a second.
    Unfortunately, it is tying up all of the resources on the replica,
    leading it to thrash and eventually crash.

    I set this option in imapd.conf files on both master and replica, but it
    has no effect:

    sync_repeat_interval: 10

    One other note: I found it interesting that the install-replication.html
    instructions never mentioned adding a prefork=1 to the sync-server and
    sync-client SERVICE lines. I added these and it was the only way I
    could keep the sync-server and sync-client running in the background.
    It makes me wonder if this has something to do with my problem the
    runaway replication, especially since now I have two sync_client and two
    sync_server daemons running......(sync_client running on master,
    sync_server on replica)

    syncclient cmd="/usr/lib/cyrus-imapd/sync_client -r" listen="csync"
    prefork=1
    syncserver cmd="/usr/lib/cyrus-imapd/sync_server" listen="csync"
    prefork=1

    Here are some logs and other data:

    imapd.conf on the master (LMC1)
    ------------------------
    configdirectory: /var/lib/imap
    partition-default: /var/spool/imap
    admins: cyrus davidk
    sievedir: /var/lib/imap/sieve
    sendmail: /usr/sbin/sendmail
    hashimapspool: true
    sasl_pwcheck_method: saslauthd
    sasl_mech_list: PLAIN

    sync_authname: cyrus
    sync_log: 1
    sync_host: lmc2.cs.umass.edu
    sync_repeat_interval: 10
    sync_password: XXXXXXXXX

    tls_cipher_list: PLAIN TLSv1 :SSLv3 :SSLv2 : !DES : !LOW :@STRENGTH
    tls_ca_file: /usr/share/ssl/certs/cyrus1.pem
    tls_cert_file: /usr/share/ssl/certs/cyrus1.pem
    tls_key_file: /usr/share/ssl/certs/cyrus.key

    imapd.conf on the replica (LMC2)
    -------------------------
    configdirectory: /var/lib/imap
    partition-default: /var/spool/imap
    admins: cyrus davidk
    sievedir: /var/lib/imap/sieve
    sendmail: /usr/sbin/sendmail
    hashimapspool: true
    sasl_pwcheck_method: saslauthd
    sasl_mech_list: PLAIN

    sync_repeat_interval: 10
    sync_machineid:2
    sync_log: 1

    tls_cipher_list: PLAIN TLSv1 :SSLv3 :SSLv2 : !DES : !LOW :@STRENGTH
    tls_ca_file: /usr/share/ssl/certs/cyrus2.pem
    tls_cert_file: /usr/share/ssl/certs/cyrus2.pem
    tls_key_file: /usr/share/ssl/certs/cyrus.key

    Running log of the Master:
    -------------------------
    May 17 11:30:56 lmc1 master[20248]: process 20361 exited, status 0
    May 17 11:30:56 lmc1 sync_client[20364]: Doing a peer verify
    May 17 11:30:56 lmc1 sync_client[20364]: Doing a peer verify
    May 17 11:30:56 lmc1 master[20367]: about to exec
    /usr/lib/cyrus-imapd/sync_client
    May 17 11:30:56 lmc1 sync_client[20364]: received server certificate
    May 17 11:30:56 lmc1 sync_client[20364]: starttls: TLSv1 with cipher
    AES256-SHA (256/256 bits new) no authentication
    May 17 11:30:56 lmc1 sync_client[20367]: Doing a peer verify
    May 17 11:30:56 lmc1 sync_client[20367]: Doing a peer verify
    May 17 11:30:56 lmc1 sync_client[20367]: received server certificate
    May 17 11:30:56 lmc1 sync_client[20367]: starttls: TLSv1 with cipher
    AES256-SHA (256/256 bits new) no authentication
    May 17 11:30:56 lmc1 master[20248]: process 20367 exited, status 0
    May 17 11:30:56 lmc1 master[20370]: about to exec
    /usr/lib/cyrus-imapd/sync_client
    May 17 11:30:57 lmc1 sync_client[20370]: Doing a peer verify
    May 17 11:30:57 lmc1 sync_client[20370]: Doing a peer verify
    May 17 11:30:57 lmc1 sync_client[20370]: received server certificate
    May 17 11:30:57 lmc1 sync_client[20370]: starttls: TLSv1 with cipher
    AES256-SHA (256/256 bits new) no authentication
    May 17 11:30:57 lmc1 master[20248]: process 20364 exited, status 0
    May 17 11:30:57 lmc1 master[20373]: about to exec
    /usr/lib/cyrus-imapd/sync_client
    May 17 11:30:57 lmc1 master[20248]: process 20370 exited, status 0
    May 17 11:30:57 lmc1 master[20376]: about to exec
    /usr/lib/cyrus-imapd/sync_client
    May 17 11:30:57 lmc1 sync_client[20373]: Doing a peer verify
    May 17 11:30:57 lmc1 sync_client[20373]: Doing a peer verify
    May 17 11:30:57 lmc1 sync_client[20373]: received server certificate
    May 17 11:30:57 lmc1 sync_client[20373]: starttls: TLSv1 with cipher
    AES256-SHA (256/256 bits new) no authentication
    May 17 11:30:57 lmc1 sync_client[20376]: Doing a peer verify

    Running log of the Replica:
    --------------------------
    May 17 11:30:56 lmc2 master[17441]: about to exec
    /usr/lib/cyrus-imapd/sync_server
    May 17 11:30:56 lmc2 syncserver[17440]: accepted connection
    May 17 11:30:56 lmc2 syncserver[17440]: cmdloop(): startup
    May 17 11:30:57 lmc2 syncserver[17441]: executed
    May 17 11:30:57 lmc2 syncserver[17440]: starttls: TLSv1 with cipher
    AES256-SHA (256/256 bits new) no authentication
    May 17 11:30:57 lmc2 syncserver[17438]: login: lmc1.cs.umass.edu
    [128.119.243.236] cyrus PLAIN+TLS User logged in
    May 17 11:30:57 lmc2 master[17442]: about to exec
    /usr/lib/cyrus-imapd/sync_server
    May 17 11:30:57 lmc2 syncserver[17441]: accepted connection
    May 17 11:30:57 lmc2 syncserver[17442]: executed
    May 17 11:30:57 lmc2 syncserver[17441]: cmdloop(): startup
    May 17 11:30:57 lmc2 syncserver[17440]: login: lmc1.cs.umass.edu
    [128.119.243.236] cyrus PLAIN+TLS User logged in
    May 17 11:30:57 lmc2 master[17443]: about to exec
    /usr/lib/cyrus-imapd/sync_server
    May 17 11:30:57 lmc2 syncserver[17442]: accepted connection
    May 17 11:30:57 lmc2 syncserver[17442]: cmdloop(): startup
    May 17 11:30:57 lmc2 syncserver[17443]: executed

    Thank you for any help!
    It is much appreciated!
    David

    Patrick H Radtke wrote:
    > PLAIN for sasl_pwcheck_method isn't a valid option. Keep it as saslauthd
    > (and then make sure the testsaslauthd program works with your sync
    > username and password).
    >
    > I think you showed me your primary imapd.conf and not the replica's.
    >
    > What does imtest show you when you log into the replica (capability lines)?
    >
    > -Patrick
    > On Tue, 16 May 2006, David Korpiewski wrote:
    >
    >> Hello Patrick!
    >>
    >> I set the sasl_pwcheck_method to be PLAIN from what it used to be
    >> (saslauthd) on the replica server.
    >>
    >> Still doesn't work though, it gives me this error:
    >> badlogin: lmc1.cs.umass.edu [128.119.243.236] DIGEST-MD5 [SASL(-13):
    >> user not found: no secret in database]
    >>
    >> HISTORY:
    >> our servers are set up with saslauthd for their sasl_pwcheck_method.
    >> Saslauthd uses PAM for ldap authentication. This works fine for
    >> receiving email and authenticating users with their mail clients.
    >> However, this doesn't appear to work for sync_server when
    >> authenticating the sync_client.
    >>
    >> These are pieces of my replica's imapd.conf:
    >>
    >> sasl_pwcheck_method: saslauthd
    >> sasl_mech_list: PLAIN
    >> sync_authname: cyrus
    >> sync_log: 1
    >> sync_host: lmc2.cs.umass.edu
    >> sync_repeat_interval: 5
    >> sync_password: XXXXXXXXXX
    >>
    >>
    >> Thank you for any help you can offer!
    >> David
    >>
    >>
    >> Patrick Radtke wrote:
    >>>
    >>> did you try setting
    >>> sasl_pwcheck_method on the replica?
    >>>
    >>> 'unix' isn't a SASL mechanism.
    >>>
    >>> you may want to try PLAIN (what do you use currently on the primary
    >>> server)?
    >>>
    >>> on the replica use this line
    >>> sasl_mech_list: PLAIN
    >>>
    >>> to make it only advertise PLAIN authentication, and then the primary
    >>> machine will try using that sasl mechanism when connecting.
    >>> This will then invoke what you have for your sasl_pwcheck_method.
    >>>
    >>> -Patrick
    >>>
    >>> On May 16, 2006, at 3:47 PM, David Korpiewski wrote:
    >>>
    >>>> I'm in the middle of trying to set up replication. However, I keep
    >>>> running into a problem.
    >>>>
    >>>> The replication error I'm getting on the replica is this if I don't
    >>>> specify a sync_authname and sync_password:
    >>>>
    >>>> syncserver[7682]: starttls: TLSv1 with cipher AES256-SHA (256/256
    >>>> bits new) no authentication
    >>>>
    >>>> I get this error if I'm specifying a sync_authname and sync_password:
    >>>>
    >>>> badlogin: lmc1.cs.umass.edu [128.119.243.236] DIGEST-MD5
    >>>> [SASL(-13): user not found: no secret in database]
    >>>>
    >>>> MY QUESTION IS THIS:
    >>>> How can I change what sync_server uses for its authentication? I
    >>>> want it to either use LDAP or the local passwd/shadow files. It
    >>>> obviously keeps trying to use DIGEST-MD5, in which case it would
    >>>> have to look for a md5 file in a particluar location, but I don't
    >>>> see how to specify that either.
    >>>>
    >>>> I tried setting auth_mech and sasl_auth_mech to be "unix" in the
    >>>> /etc/imapd.conf but that doesn't change anything.
    >>>>
    >>>> Can anyone help me?
    >>>> Thanks,
    >>>> David
    >>>>
    >>>>
    >>>>
    >>>> ----------------------------------------------------------
    >>>> David Korpiewski Phone: 413-545-4319
    >>>> Software Specialist I Fax: 413-577-2285
    >>>> Department of Computer Science ICQ: 7565766
    >>>> University of Massachusetts Amherst
    >>>> --------------------------------------------------------
    >>>>
    >>>> ----
    >>>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
    >>>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
    >>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
    >>
    >> --
    >> --------------------------------------------------------
    >> David Korpiewski Phone: 413-545-4319
    >> Software Specialist I Fax: 413-577-2285
    >> Department of Computer Science ICQ: 7565766
    >> University of Massachusetts Amherst
    >> --------------------------------------------------------
    >>
    >>

    -- 
    --------------------------------------------------------
    David Korpiewski                     Phone: 413-545-4319
    Software Specialist I                Fax:   413-577-2285
    Department of Computer Science       ICQ:   7565766
    University of Massachusetts Amherst
    --------------------------------------------------------
    ----
    Cyrus Home Page: http://asg.web.cmu.edu/cyrus
    Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
    List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
    

  • Next message: Larry Rosenbaum: "RE: Outlook does not delete but displays deleted messages as strike-through"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD