Mail Queue exception during auth on ZCS 7.1.3 CentOS6_64

[MNPF]

Hi

I've installed a fresh copy of CentOS 6 64bit and ZCS 7.1.3, and migrated from my previous ZCS 7.1.2 on CentOS 5 64bit.

The migration was manual since we only have 4 accounts and 2 distribution lists, so I installed a fresh copy configured everything manualy and exported the mailboxes from preferences in the user account from old server into the new server importing the same way.

Everything went well but today I was looking arround in the admin board and had this problem:

Mail Queue Monitoring - Zimbra :: Wiki

Message: system failure: exception during auth {RemoteManager: MAIL.DOMAIN.COM->zimbra@MAIL.DOMAIN.COM:22}
com.zimbra.cs.service.ServiceException: system failure: exception during auth {RemoteManager:
MAIL.DOMAIN.COM->zimbra@MAIL.DOMAIN.COM:22}

I have followed all instructions from wiki and from google results and can't put this to work!

I've even tried and configured root to access in a similar way by ssh with RSA/DSA key and it worked very well and easy.

Could it be a problem of CentOS 6? SSH on CentOS 6 is 5.3 and on CentOS 5 is 4.3...

Any one as this configuration working? (CentOS 6 / ZCS 7.1.3)

[phoenix]

Quote:

Originally Posted by MNPF

Any one as this configuration working? (CentOS 6 / ZCS 7.1.3)

Yes, of course it works. So you've followed all the instructions from the wiki, does that include regenerating the certificates? What errors do you now now see? Have you changed the ssh port from 22 to something else?

[MNPF]

Yes I had regenerated. The port for ssh is 22.

Here is the output of the test:

Code:

[zimbra@mfserver ~]$ ssh -vi .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@mfserver.mnpf.net
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to mfserver.mnpf.net [192.168.5.55] port 22.
debug1: Connection established.
debug1: identity file .ssh/zimbra_identity type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'mfserver.mnpf.net' is known and matches the RSA host key.
debug1: Found key in /opt/zimbra/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_500' not found

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_500' not found

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Next authentication method: publickey
debug1: Offering public key: .ssh/zimbra_identity
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: password

[MNPF]

Note: After testing everything from wiki I reverted changes to the original settings of CentOS installation (sshd_config, etc...) because on my other server it works with that settings, and I thought its better to start debugging with the community from the clean installation.

Thank you.

[MNPF]

Hello once again!

I was here comparing the system that work with the new one and noticed this.

The one that works:

Code:

debug1: Next authentication method: publickey
debug1: Offering public key: .ssh/zimbra_identity
debug1: Remote: Forced command: /opt/zimbra/libexec/zmrcd
debug1: Server accepts key: pkalg ssh-dss blen 435
debug1: read PEM private key done: type DSA
debug1: Remote: Forced command: /opt/zimbra/libexec/zmrcd
debug1: Authentication succeeded (publickey).

The new one:

Code:

debug1: Next authentication method: publickey
debug1: Offering public key: .ssh/zimbra_identity
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: password

The new doesn't use the "Forced command: /opt/zimbra/libexec/zmrcd" to read the key, could it be the problem? Any thoughts about this?

Thank you.

[jmartinc]

Had the same problem with 7.1.3 and CentOS6, being looking for a solution for days...

I installer 7.1.3 on CentOS5 and workfine, problem is I already have 7.1.3 on CentOS6 on a production Environment.

I solve the problem disabling selinux, just do

Quote:

#setenforce 0

This will disable SELinux on running system, if you want the change to be boot persistant edit

/etc/selinux/config and set

Quote:

SELINUX=disabled

I will try to find a better way...