Fedora 8 cyrus-imap install w/ cyrus admin cm permission errors (long post)
Greetings, I have two freshly installed Fedora 8 systems exhibiting the same behaviour, cyrus admin permission error when creating a mailbox, this may be only coincidental because of the operator. After several days of research reading and reviewing multiple cyrus installation howtos, then IMAP RFC, installing and uninstalling, and following threads in discussion forums, I am unable to find the persistant cause of the permission error. Please direct me to some debugging method to solve the permission complaint. -system information - cyrus is admin in imapd.conf - user cyrus and group mail have permissions in directories /var/spool/imap and /var/lib/imap - cyradm and imtest connections are authenticated - cyrus authenticates via sasl_sql - perl modules are current - no error reporting in /var/log within messages, auth.log, or cyrus.log Sample imtest session: # imtest -u cyrus -a cyrus localhost S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN SASL-IR] mysmtp.mydomain.net Cyrus IMAP4 v2.3.9-Fedora-RPM-2.3.9-7.fc8 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN SASL-IR ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH S: C01 OK Completed Please enter your password: C: A01 AUTHENTICATE PLAIN *SOMESTRING* S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] Success (no protection) Authenticated. Security strength factor: 0 . create user.roboeb . NO Permission denied . logout * BYE LOGOUT received . OK Completed Connection closed. -- Directory structures ls -ld /var/lib/imap/ drwxr-x--- 18 cyrus mail 4096 2008-03-16 12:36 /var/lib/imap/ -- ls -ld /var/spool/imap/ drwx-- 4 cyrus mail 4096 2008-03-15 15:50 /var/spool/imap/ -- ls -lR /var/spool/imap /var/spool/imap: total 16 drwxr-xr-x 2 cyrus mail 4096 2008-03-15 15:50 stage. drwxr-xr-x 2 cyrus mail 4096 2008-03-15 15:50 sync. /var/spool/imap/stage.: total 0 /var/spool/imap/sync.: -- ls -lR /var/lib/imap /var/lib/imap: total 160 -rw--- 1 cyrus mail 144 2008-03-16 06:11 annotations.db drwx-- 2 cyrus mail 4096 2007-09-25 02:21 backup drwx-- 2 cyrus mail 4096 2008-03-16 12:36 db drwx-- 2 cyrus mail 4096 2008-03-16 12:12 db.backup1 drwx-- 2 cyrus mail 4096 2008-03-16 11:42 db.backup2 -rw--- 1 cyrus mail 144 2008-03-16 12:36 deliver.db drwx-- 2 cyrus mail 4096 2007-09-25 02:21 log -rw--- 1 cyrus mail 144 2008-03-16 06:11 mailboxes.db drwx-- 2 cyrus mail 4096 2007-09-25 02:21 md5 drwx-- 2 cyrus mail 4096 2007-09-25 02:21 meta drwx-- 2 cyrus mail 4096 2007-09-25 02:21 msg drwx-- 2 cyrus mail 4096 2008-03-15 18:04 proc drwx-- 2 cyrus mail 4096 2007-09-25 02:21 ptclient drwx-- 2 cyrus mail 4096 2007-09-25 02:21 quota drwx-- 2 cyrus mail 4096 2008-03-16 12:36 rpm drwx-- 2 cyrus mail 4096 2007-09-25 02:21 sieve drwxr-x--- 2 cyrus mail 4096 2008-03-16 06:11 socket drwx-- 2 cyrus mail 4096 2007-09-25 02:21 sync -rw--- 1 cyrus mail 144 2008-03-16 12:36 tls_sessions.db drwx-- 2 cyrus mail 4096 2007-09-25 02:21 user /var/lib/imap/backup: total 0 /var/lib/imap/db: total 8 -rw--- 1 cyrus mail 4 2008-03-16 06:11 skipstamp /var/lib/imap/db.backup1: total 10276 -rw--- 1 cyrus mail 144 2008-03-16 12:12 annotations.db -rw--- 1 cyrus mail 10485760 2008-03-16 12:12 log.01 -rw--- 1 cyrus mail 144 2008-03-16 12:12 mailboxes.db /var/lib/imap/db.backup2: total 10276 -rw--- 1 cyrus mail 144 2008-03-16 11:42 annotations.db -rw--- 1 cyrus mail 10485760 2008-03-16 11:42 log.01 -rw--- 1 cyrus mail 144 2008-03-16 11:42 mailboxes.db /var/lib/imap/log: total 0 /var/lib/imap/md5: total 0 /var/lib/imap/meta: total 0 /var/lib/imap/msg: total 0 /var/lib/imap/proc: total 0 /var/lib/imap/ptclient: total 0 /var/lib/imap/quota: total 0 /var/lib/imap/rpm: total 24 -rw--- 1 cyrus mail 212 2008-03-16 12:36 db.cfg.cache -rw--- 1 cyrus mail 904 2008-03-16 12:36 db_export.log -rw--- 1 cyrus mail 601 2008-03-16 06:11 db_import.log /var/lib/imap/sieve: total 0 /var/lib/imap/socket: total 44 srwxrwxrwx 1 cyrus mail 0 2008-03-16 06:11 idle -rw--- 1 cyrus mail 0 2008-03-15 15:12 imap-0.lock -rw--- 1 cyrus mail 0 2008-03-15 15:12 imap-1.lock -rw--- 1 cyrus mail 0 2008-03-15 15:12 imaps-0.lock -rw-
[no subject]
Hi list,
I am attempting to install cyrus-imapd-2.3.11 and cyrus-sasl-2.1.22 from the
ports library on FreeBSD 6.3. I am using the CMU document at
http://cyrusimap.web.cmu.edu/imapd/install.html (and the contents links) as an
install guide.
Perl 5.8.8 and BDB 4.6 were installed prior to starting the install of the
Cyrus ports. The BDB option was selected for both packages. For the imapd
install, AUTH OTP was de-selected. Both DIGEST-MD5 and CRAM-MD5 were selected.
The make & install run and complete properly for both packages.
Everything appears proper until I run cyradm.
I can run saslpasswd2, sasldbuserslist2, telnet to imapd, etc. But when I run
imtest to test the login, in the "S" line, I get the notice "LOGINDISABLED"
rather than a list of accepted authentication methods and am unable to log into
imap regardless of the sasl pwcheck method or mech list in imapd.conf.
Any help would be very much appreciated.
J.J.
IMTEST SESSION
===
[EMAIL PROTECTED] etc]# imtest -m login localhost
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED] D-Y-C
Mail Server Cyrus IMAP4 v2.3.11 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED ACL
RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT
CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT
THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE URLAUTH
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN root {4}
S: L01 NO Login only available under a layer
Authentication failed. generic failure
Security strength factor: 0
a1 logout
* BYE LOGOUT received
a1 OK Completed
Connection closed.
[EMAIL PROTECTED] etc]#
CYRUS-SASL2 CONFIGURE
==
$ ./configure --sysconfdir=/usr/local/etc
--with-configdir=/usr/local/lib/sasl2:/usr/local/etc/sasl2
--with-plugindir=/usr/local/lib/sasl2 --with-dbpath=/usr/local/etc/sasldb2
--includedir=/usr/local/include --enable-static --enable-auth-sasldb
--with-rc4=openssl --with-saslauthd=/var/run/saslauthd --with-dblib=berkeley
--with-bdb-libdir=/usr/local/lib --with-bdb-incdir=/usr/local/include/db46
--with-bdb=db-4.6 --without-mysql --without-pgsql --without-sqlite
--enable-login --disable-otp --disable-ntlm --enable-gssapi --disable-krb4
--with-openssl=yes --prefix=/usr/local --mandir=/usr/local/man
--infodir=/usr/local/info/ i386-portbld-freebsd6.3
CYRUS-IMAPD CONFIGURE
==
$ ./configure --sysconfdir=/usr/local/etc --with-cyrus-prefix=/usr/local/cyrus
--with-cyrus-user=cyrus --with-cyrus-group=cyrus --with-sasl=/usr/local
--with-bdb=db-4.6 --with-com_err --with-openssl=/usr
--with-perl=/usr/local/bin/perl5.8.8 --with-bdb-incdir=/usr/local/include/db46
--with-bdb-libdir=/usr/local/lib --with-snmp=no --prefix=/usr/local
--mandir=/usr/local/man --infodir=/usr/local/info/ i386-portbld-freebsd6.3
_
Connect and share in new ways with Windows Live.
http://www.windowslive.com/share.html?ocid=TXT_TAGHM_Wave2_sharelife_012008
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
IMAPD "Authentication failed. generic failure"
Hi list,
I am attempting to install cyrus-imapd-2.3.11 and cyrus-sasl-2.1.22 from the
ports library on FreeBSD 6.3. I am using the CMU document at
http://cyrusimap.web.cmu.edu/imapd/install.html (and the contents links) as an
install guide.
Perl 5.8.8 and BDB 4.6 were installed prior to starting the install of the
Cyrus ports. The BDB option was selected for both packages. For the imapd
install, AUTH OTP was de-selected. Both DIGEST-MD5 and CRAM-MD5 were selected.
(I would like to use the simplest login method possible.) The make & install
run and complete properly for both packages.
Everything appears proper until I run cyradm.
I can run saslpasswd2, sasldbuserslist2, telnet to imapd, etc. But when I run
imtest to test the login, in the "S" line, I get the notice "LOGINDISABLED"
rather than a list of accepted authentication methods and am unable to log into
imap regardless of the sasl pwcheck method or mech list in imapd.conf.
Any help would be very much appreciated.
J.J.
IMTEST SESSION
===
[EMAIL PROTECTED] etc]# imtest -u cyrus -m login localhost
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED] D-Y-C
Mail Server Cyrus IMAP4 v2.3.11 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED ACL
RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT
CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT
THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE URLAUTH
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN root {5}
S: L01 NO Login only available under a layer
Authentication failed. generic failure
Security strength factor: 0
. logout
* BYE LOGOUT received
. OK Completed
Connection closed.
[EMAIL PROTECTED] etc]#
CYRUS-SASL2 CONFIGURE
==
$ ./configure --sysconfdir=/usr/local/etc
--with-configdir=/usr/local/lib/sasl2:/usr/local/etc/sasl2
--with-plugindir=/usr/local/lib/sasl2 --with-dbpath=/usr/local/etc/sasldb2
--includedir=/usr/local/include --enable-static --enable-auth-sasldb
--with-rc4=openssl --with-saslauthd=/var/run/saslauthd --with-dblib=berkeley
--with-bdb-libdir=/usr/local/lib --with-bdb-incdir=/usr/local/include/db46
--with-bdb=db-4.6 --without-mysql --without-pgsql --without-sqlite
--enable-login --disable-otp --disable-ntlm --enable-gssapi --disable-krb4
--with-openssl=yes --prefix=/usr/local --mandir=/usr/local/man
--infodir=/usr/local/info/ i386-portbld-freebsd6.3
CYRUS-IMAPD CONFIGURE
==
$ ./configure --sysconfdir=/usr/local/etc --with-cyrus-prefix=/usr/local/cyrus
--with-cyrus-user=cyrus --with-cyrus-group=cyrus --with-sasl=/usr/local
--with-bdb=db-4.6 --with-com_err --with-openssl=/usr
--with-perl=/usr/local/bin/perl5.8.8 --with-bdb-incdir=/usr/local/include/db46
--with-bdb-libdir=/usr/local/lib --with-snmp=no --prefix=/usr/local
--mandir=/usr/local/man --infodir=/usr/local/info/ i386-portbld-freebsd6.3
_
Connect and share in new ways with Windows Live.
http://www.windowslive.com/share.html?ocid=TXT_TAGHM_Wave2_sharelife_012008
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: IMAPD "Authentication failed. generic failure"
J.J. Day wrote, at 03/17/2008 12:12 AM: > [EMAIL PROTECTED] etc]# imtest -u cyrus -m login localhost Try this instead: imtest -u cyrus -a cyrus -t "" localhost Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: IMAPD "Authentication failed. generic failure"
No joy !!
CONSOLE:
===
[EMAIL PROTECTED] ~]# imtest -u cyrus -a cyrus -t "" localhost
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED] D-Y-C
Mail Server Cyrus IMAP4 v2.3.11 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED ACL
RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT
CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT
THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE URLAUTH
S: C01 OK Completed
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID ACL RIGHTS=kxte QUOTA
MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN
MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES
ANNOTATEMORE CATENATE CONDSTORE IDLE URLAUTH
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN cyrus {5}
S: + go ahead
C:
S: L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 256
. logout
* BYE LOGOUT received
. OK Completed
Connection closed.
[EMAIL PROTECTED] ~]#
imapd.log
===
Mar 16 23:38:40 dc-mail master[3700]: about to exec /usr/local/cyrus/bin/imapd
Mar 16 23:38:40 dc-mail imap[3700]: executed
Mar 16 23:38:40 dc-mail imap[3700]: accepted connection
Mar 16 23:38:40 dc-mail imap[3700]: TLS server engine: cannot load CA data
Mar 16 23:38:40 dc-mail imap[3700]: TLS server engine: No CA file specified.
Client side certs may not work
Mar 16 23:38:40 dc-mail imap[3700]: SSL_accept() incomplete -> wait
Mar 16 23:38:40 dc-mail imap[3700]: mystore: starting txn 2147483650
Mar 16 23:38:40 dc-mail imap[3700]: mystore: committing txn 2147483650
Mar 16 23:38:40 dc-mail imap[3700]: SSL_accept() succeeded -> done
Mar 16 23:38:40 dc-mail imap[3700]: starttls: TLSv1 with cipher AES256-SHA
(256/256 bits new) no authentication
auth.log
==
Mar 16 23:38:40 dc-mail imap[3700]: could not find auxprop plugin, was
searching for [all]
_
Helping your favorite cause is as easy as instant messaging. You IM, we give.
http://im.live.com/Messenger/IM/Home/?source=text_hotmail_join
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
