cyradm troubles : no prompt



  • Dear Community,

    We have installed Kolab 16 on CentOS 7 and it's really fine. I have an issue with shared subfolders permission, and I read in the doc that cyradm is the solution.

    However when I try to use cyradm with :
    cyradm --user admin localhost

    It is stuck (no output, no password prompt), the cursor goes back to a new line and stay there for very long. When waiting 30 minutes or so a prompt finally appear "IMAP Password:" but for now on I never managed to answer before this question timeout itself (I did not wait for the prompt doing nothing for 30 minutes).

    I have tried --tls --notls --auth PLAIN, without much success.

    I have tried strace:

    strace -s 200 -f cyradm --user admin localhost

    and here is the output:

    mmap(NULL, 2151432, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f4ac2dd5000
    mprotect(0x7f4ac2de2000, 2093056, PROT_NONE) = 0
    mmap(0x7f4ac2fe1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xc000) = 0x7f4ac2fe1000
    close(5) = 0
    mprotect(0x7f4ac2fe1000, 4096, PROT_READ) = 0
    open("/usr/lib64/sasl2/libgssapiv2.la", O_RDONLY) = -1 ENOENT (No such file or directory)
    open("/usr/lib64/sasl2/libgssapiv2.so", O_RDONLY|O_CLOEXEC) = 5
    read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p\33\0\0\0\0\0\0@\0\0\0\0\0\0\0(\211\0\0\0\0\0\0\0\0\0\0@\0008\0\7\0@\0\34\0\33\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\q\0\0\0\0\0\0\q\0\0\0\0\0\0\0\0 \0\0\0\0\0\1\0\0\0\6\0\0\0h}\0\0\0\0\0\0h} \0\0\0\0\0h} \0\0\0\0\0\370\5\0\0\0\0\0\0\10\6\0\0\0\0\0\0\0\0 \0\0\0\0\0\2\0\0\0\6\0\0\0\210}\0\0\0\0\0\0\210} \0\0\0\0\0"..., 832) = 832
    fstat(5, {st_mode=S_IFREG|0755, st_size=36904, ...}) = 0
    mmap(NULL, 2130800, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f4ac2bcc000
    mprotect(0x7f4ac2bd4000, 2093056, PROT_NONE) = 0
    mmap(0x7f4ac2dd3000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x7000) = 0x7f4ac2dd3000
    close(5) = 0
    mprotect(0x7f4ac2dd3000, 4096, PROT_READ) = 0
    open("/usr/lib64/sasl2/liblogin.la", O_RDONLY) = -1 ENOENT (No such file or directory)
    open("/usr/lib64/sasl2/liblogin.so", O_RDONLY|O_CLOEXEC) = 5
    read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\21\0\0\0\0\0\0@\0\0\0\0\0\0\0\20G\0\0\0\0\0\0\0\0\0\0@\0008\0\7\0@\0\34\0\33\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\3648\0\0\0\0\0\0\3648\0\0\0\0\0\0\0\0 \0\0\0\0\0\1\0\0\0\6\0\0\0\310=\0\0\0\0\0\0\310= \0\0\0\0\0\310= \0\0\0\0\0\0\4\0\0\0\0\0\0\10\4\0\0\0\0\0\0\0\0 \0\0\0\0\0\2\0\0\0\6\0\0\0\350=\0\0\0\0\0\0\350= \0\0\0\0\0"..., 832) = 832
    fstat(5, {st_mode=S_IFREG|0755, st_size=19984, ...}) = 0
    mmap(NULL, 2114000, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f4ac29c7000
    mprotect(0x7f4ac29cb000, 2093056, PROT_NONE) = 0
    mmap(0x7f4ac2bca000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x3000) = 0x7f4ac2bca000
    close(5) = 0
    mprotect(0x7f4ac2bca000, 4096, PROT_READ) = 0
    open("/usr/lib64/sasl2/libplain.la", O_RDONLY) = -1 ENOENT (No such file or directory)
    open("/usr/lib64/sasl2/libplain.so", O_RDONLY|O_CLOEXEC) = 5
    read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\21\0\0\0\0\0\0@\0\0\0\0\0\0\0\20G\0\0\0\0\0\0\0\0\0\0@\0008\0\7\0@\0\34\0\33\0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2649\0\0\0\0\0\0\2649\0\0\0\0\0\0\0\0 \0\0\0\0\0\1\0\0\0\6\0\0\0\310=\0\0\0\0\0\0\310= \0\0\0\0\0\310= \0\0\0\0\0\0\4\0\0\0\0\0\0\10\4\0\0\0\0\0\0\0\0 \0\0\0\0\0\2\0\0\0\6\0\0\0\350=\0\0\0\0\0\0\350= \0\0\0\0\0"..., 832) = 832
    fstat(5, {st_mode=S_IFREG|0755, st_size=19984, ...}) = 0
    mmap(NULL, 2114000, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f4ac27c2000
    mprotect(0x7f4ac27c6000, 2093056, PROT_NONE) = 0
    mmap(0x7f4ac29c5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x3000) = 0x7f4ac29c5000
    close(5) = 0
    mprotect(0x7f4ac29c5000, 4096, PROT_READ) = 0
    getdents(4, /* 0 entries /, 32768) = 0
    close(4) = 0
    uname({sys="Linux", node="kolab.sibio.fr", ...}) = 0
    write(3, "1 CAPABILITY\r\n", 14) = 14
    select(4, [3], [], NULL, NULL) = 1 (in [3])
    read(3, "
    OK [CAPABILITIES IMAP4rev1 STARTTLS LITERAL+ ID ENABLE SASL-IR LOGINDISABLED] kolab.sibio.fr Cyrus IMAP 2.5.10-55-gb6dbffa-Kolab-2.5.10-6.1.el7.kolab_16 server ready\r\n", 4096) = 169
    select(4, [3], [], NULL, NULL

    Any clue would be welcome.

    Raynald



  • I wonder if you need to specify the port 9993 because cyrus is running there, and guam is running on the default cyrus port, 993:

    cyradm --port 9993 --user admin localhost



  • Wow, I've got an instant prompt now ! Many thanks.
    I just have to figure out the password. I've noted one but it does not seem to work.



  • Have a look in the file /etc/kolab/kolab.conf, the user is cyrus-admin, and the password is there as well, in the section cyrus-imap



  • Hmmm it seems not working : I've tested the admin password using a telnet localhost 143 and it works that way.

    More over an strace shows that the cyradm client mimics classical IMAP login orders and when you try that with telnet localhost 9993 you get immediately ejected, giving the feeling that the service behind 9993 is not what cyradm expect.

    Or it could be a crypto effect like the service is expecting a TLS connection that cyradm is not willing to provide.

    Adding the option --tls give the immediate answer:

    [root@kolab ~]# cyradm --tls --port 9993 --user "admin" localhost
    TLS disabled.
    cyradm: cannot authenticate to server with as admin



  • I'm seeing this problem too.



  • Thanks Marko, I was thinking it should be fairly reporductible since I'm using a 100% automatic install using CentOS 7 and Kolab 16.

    I've managed to login using imtest meaning I've got login and password right (TLS is really off on 9993 - if I add the "-t" sitch I have a very clear error message with imtest, it needs the -s (SSL) explaining why telnet tests won't work):

    [root@kolab ~]# imtest -a cyrus-admin -m login -s -p9993 localhost
    verify error:num=18:self signed certificate
    TLS connection established: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
    S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=PLAIN AUTH=LOGIN SASL-IR] kolab.sibio.fr Cyrus IMAP 2.5.10-55-gb6dbffa-Kolab-2.5.10-6.1.el7.kolab_16 server ready
    Please enter your password:
    C: L01 LOGIN cyrus-admin {15}
    S: + go ahead
    C: <omitted>
    S: L01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE URLAUTH URLAUTH=BINARY X-NETSCAPE LOGINDISABLED AUTH=PLAIN AUTH=LOGIN X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE] User logged in SESSIONID=<kolab.sibio.fr-7870-1491650167-1-14164215189298559347>
    Authenticated.
    Security strength factor: 256



  • Ok according to this:
    https://lists.apple.com/archives/macos-x-server//2005/Jun/msg01367.html

    cyradm is not capable of SSL.

    So I changed /etc/guam/sys.config to this:

    %% Example configuration for Guam.
    [
        {
            kolab_guam, [
                {
                    imap_servers, [
                        {
                            imaps, [
                                { host, "127.0.0.1" },
                                { port, 9993 },
                                { tls, true }
                            ]
                        },
                        {
                            imap, [
                                { host, "127.0.0.1" },
                                { port, 9994 },
                                { tls, false }
                            ]
                        }
                    ]
                },
                {
                    listeners, [
                        {
                            imap, [
                                { port, 143 },
                                { imap_server, imaps },
                                {
                                    rules, [
                                        { filter_groupware, [] }
                                    ]
                                },
                                {
                                    tls_config, [
                                        { certfile, "/etc/pki/cyrus-imapd/cyrus-imapd.pem" }
                                    ]
                                }
                            ]
                        },
                        {
                            imaps, [
                                { port, 993 },
                                { implicit_tls, true },
                                { imap_server, imaps },
                                {
                                    rules, [
                                        { filter_groupware, [] }
                                    ]
                                },
                                {
                                    tls_config, [
                                        { certfile, "/etc/pki/cyrus-imapd/cyrus-imapd.pem" }
                                    ]
                                }
                            ]
                        }
                    ]
                }
            ]
        },
    
        {
            lager, [
                {
                    handlers, [
                        { lager_console_backend, warning },
                        { lager_file_backend, [ { file, "log/error.log"}, { level, error } ] },
                        { lager_file_backend, [ { file, "log/console.log"}, { level, info } ] }
                    ]
                }
            ]
        },
    
        %% SASL config
        {
            sasl, [
                { sasl_error_logger, { file, "log/sasl-error.log" } },
                { errlog_type, error },
                { error_logger_mf_dir, "log/sasl" },      % Log directory
                { error_logger_mf_maxbytes, 10485760 },   % 10 MB max file size
                { error_logger_mf_maxfiles, 5 }           % 5 files max
            ]
        }
    ].
    

    And finding this was not enough, I modified also /etc/cyrus.conf, modifying the paragraph SERVICES thus:

    # UNIX sockets start with a slash and are put into /var/lib/imap/sockets
    SERVICES {
        imaps       cmd="imapd -s"  listen="127.0.0.1:9993"                 prefork=5
    
        imap       cmd="imapd"  listen="127.0.0.1:9994"                 prefork=5
    
        sieve       cmd="timsieved" listen="sieve"                          prefork=0
    
        ptloader    cmd="ptloader"  listen="/var/lib/imap/ptclient/ptsock"  prefork=0
    
        lmtpunix    cmd="lmtpd"     listen="/var/lib/imap/socket/lmtp"      prefork=1
    
        notify      cmd="notifyd"   listen="/var/lib/imap/socket/notify"    proto="udp" prefork=1
    }
    

    Rebooted and then tada ! :grin:

    [root@kolab ~]# cyradm --port 9994 --user "cyrus-admin"  localhost
    Password:
    localhost>
    localhost> lm
    DELETED/user/raynald.delahondes/58CD7993@sibio.fr (\HasNoChildren)
    


  • Many thanks to Timotheus: you really directed me to the good direction!



  • Thanks Sibio & Timotheus - working for me as well


Log in to reply