Problem setting up Prosody with sasl
1,107 views
Skip to first unread message
Thomas Rupp
Sep 15, 2016, 1:42:21 PM9/15/16
to Prosody IM Users
Hello,
i have a problem settin up prosody with sasl as authentication. System is a Ubuntu 16.04. What i have done so far:
I have a working saslauthd configuration working with postfix, cyrus etc
I had a working ejabberd configuration, also working with sasl
I removed this configuration because the installation of diaspora
I setting up prosody with authentication against the diaspora userdatabase, which work fine.
But for another domain i need a authentication against sasl
So i set up a virtual host
Create a directory /etc/sasl which does not exist and to be shure a link to /etc/sasl2
Create a file there named prosody.conf which contains:
But everytime when i try to connect i get the following error:
I hope anybody can help me out there
Thanks
Tom
i have a problem settin up prosody with sasl as authentication. System is a Ubuntu 16.04. What i have done so far:
I have a working saslauthd configuration working with postfix, cyrus etc
I had a working ejabberd configuration, also working with sasl
I removed this configuration because the installation of diaspora
I setting up prosody with authentication against the diaspora userdatabase, which work fine.
But for another domain i need a authentication against sasl
So i set up a virtual host
VirtualHost "leben-auf-see.de"
ssl = {
key = "/etc/letsencrypt/live/leben-auf-see.de/privkey.pem";
certificate = "/etc/letsencrypt/live/leben-auf-see.de/fullchain.pem";
}
allow_registration = false;
c2s_require_encryption = true
anonymous_login = false
authentication = "cyrus"Create a directory /etc/sasl which does not exist and to be shure a link to /etc/sasl2
Create a file there named prosody.conf which contains:
pwcheck_method: saslauthd
mech_list: PLAINBut everytime when i try to connect i get the following error:
Sep 09 17:37:07 c2s90514b0 info Client connected
Sep 09 17:37:07 c2s90514b0 debug Client sent opening <stream:stream> to leben-auf-see.de
Sep 09 17:37:07 c2s90514b0 debug Sent reply <stream:stream> to client
Sep 09 17:37:08 c2s90514b0 debug Received[c2s_unauthed]: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
Sep 09 17:37:08 socket debug server.lua: we need to do tls, but delaying until send buffer empty
Sep 09 17:37:08 c2s90514b0 debug TLS negotiation started for c2s_unauthed...
Sep 09 17:37:08 socket debug server.lua: attempting to start tls on tcp{client}: 0x8f0018c
Sep 09 17:37:09 socket debug server.lua: ssl handshake done
Sep 09 17:37:10 c2s90514b0 debug Client sent opening <stream:stream> to leben-auf-see.de
Sep 09 17:37:10 c2s90514b0 debug Sent reply <stream:stream> to client
Sep 09 17:37:10 c2s90514b0 debug Received[c2s_unauthed]: <auth mechanism='DIGEST-MD5' http://www.google.com/talk/protocol/authclient-uses-full-bind-result='true' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
Sep 09 17:37:10 leben-auf-see.de:saslauth debug sasl reply: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cmVhbG09ImxlYmVuLWF1Zi1zZWUuZGUiLG5vbmNlPSI0OTljY2QxZC1lMWQ2LTRmNGQtOTU0NC00MTNjOTFhMjNkOGQiLHFvcD0iYXV0aCIsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=</challenge>
Sep 09 17:37:11 c2s90514b0 debug Received[c2s_unauthed]: <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
Sep 09 17:37:11 leben-auf-see.de:auth_internal_plain debug get_password for username 'trupp' at host 'leben-auf-see.de'
Sep 09 17:37:11 leben-auf-see.de:saslauth debug sasl reply: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text>The response provided by the client doesn't match the one we calculated.</text></failure>
Sep 09 17:37:11 c2s90514b0 debug Received </stream:stream>
Sep 09 17:37:11 c2s90514b0 info c2s stream for <83.203.232.6> closed: session closed
Sep 09 17:37:11 c2s90514b0 debug Destroying session for (unknown) ((unknown)@leben-auf-see.de)
Sep 09 17:37:11 c2s90514b0 info Client disconnected: connection closed
Sep 09 17:37:11 c2s90514b0 debug Destroying session for (unknown) ((unknown)@(unknown))
Sep 09 17:37:11 socket debug server.lua: closed client handler and removed socket from list
I hope anybody can help me out there
Thanks
Tom
Emeric Malacord
Oct 2, 2017, 9:46:30 AM10/2/17
to Prosody IM Users
Hi Thomas,
Did you find the solution?
If so, thank you for enlightening me,
Vincent Van Houtte
Oct 5, 2017, 9:44:17 AM10/5/17
to Prosody IM Users
Hi Emeric,
The obvious issue (but maybe not the only one) in Thomas' message above is that he named the Cyrus service file 'prosody.conf', but he forgot to set Prosody's optional setting 'cyrus_service_name' to 'prosody'.
Alternatively he could have named the service file 'xmpp.conf', which corresponds to the default value for Prosody's 'cyrus_service_name' ('xmpp').
More info: https://prosody.im/doc/cyrus_sasl
HTH,
Vincent
Op maandag 2 oktober 2017 15:46:30 UTC+2 schreef Emeric Malacord:
The obvious issue (but maybe not the only one) in Thomas' message above is that he named the Cyrus service file 'prosody.conf', but he forgot to set Prosody's optional setting 'cyrus_service_name' to 'prosody'.
Alternatively he could have named the service file 'xmpp.conf', which corresponds to the default value for Prosody's 'cyrus_service_name' ('xmpp').
More info: https://prosody.im/doc/cyrus_sasl
HTH,
Vincent
Op maandag 2 oktober 2017 15:46:30 UTC+2 schreef Emeric Malacord:
Zdeněk Sobotka
Oct 5, 2017, 10:47:21 AM10/5/17
to prosod...@googlegroups.com
Hello, i did it "long" time ago, but I have some notes, maybe will help:
apt-get install libsasl2-modules-ldap libsasl2-2 libsasl2-modules sasl2-bin lua-cyrussasl
vim /etc/default/saslauthd
START=yes
[...]
MECHANISMS="ldap"
adduser prosody sasl
/etc/default/saslauthd:
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="ldap
MECH_OPTIONS="/etc/saslauthd.conf"
OPTIONS="-c -m /var/run/saslauthd"
vim /etc/sasl/prosody.conf
pwcheck_method: saslauthd
mech_list: plain
-- authentication = "cyrus"
Z.
On 5.10.2017 14:21, Vincent Van Houtte wrote:
> Hi Emeric,
>
> The obvious issue (but maybe not the only one) in Thomas' message above is that he named the Cyrus service file 'prosody.conf', but he forgot to set Prosody's optional setting 'cyrus_service_name' to 'prosody'.
> Alternatively he could have named the service file 'xmpp.conf', which corresponds to the default value for Prosody's 'cyrus_service_name' ('xmpp').
>
> More info: https://prosody.im/doc/cyrus_sasl
>
> HTH,
> Vincent
>
> Op maandag 2 oktober 2017 15:46:30 UTC+2 schreef Emeric Malacord:
>
> Hi Thomas,
>
> Did you find the solution?
> If so, thank you for enlightening me,
>
> Le jeudi 15 septembre 2016 19:42:21 UTC+2, Thomas Rupp a écrit :
>
> Hello,
> i have a problem settin up prosody with sasl as authentication. System is a Ubuntu 16.04. What i have done so far:
> I have a working saslauthd configuration working with postfix, cyrus etc
> I had a working ejabberd configuration, also working with sasl
> I removed this configuration because the installation of diaspora
> I setting up prosody with authentication against the diaspora userdatabase, which work fine.
> But for another domain i need a authentication against sasl
> So i set up a virtual host
>
> |
> VirtualHost"leben-auf-see.de <http://leben-auf-see.de>"
> ssl ={
> key ="/etc/letsencrypt/live/leben-auf-see.de/privkey.pem <http://leben-auf-see.de/privkey.pem>";
> certificate ="/etc/letsencrypt/live/leben-auf-see.de/fullchain.pem <http://leben-auf-see.de/fullchain.pem>";
> }
> allow_registration =false;
> c2s_require_encryption =true
> anonymous_login =false
> Sep0917:37:08socket debug server.lua:we need to dotls,but delaying untilsend buffer empty
> Sep0917:37:09socket debug server.lua:ssl handshake done
> Sep0917:37:10c2s90514b0 debug Clientsent opening <stream:stream>to leben-auf-see.de
> Sep0917:37:10c2s90514b0 debug Sentreply <stream:stream>to client
> Sep0917:37:10c2s90514b0 debug Received[c2s_unauthed]:<auth mechanism='DIGEST-MD5'http://www.google.com/talk/protocol/authclient-uses-full-bind-result='true <http://www.google.com/talk/protocol/authclient-uses-full-bind-result='true>' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
> Sep0917:37:10leben-auf-see.de:saslauth debug sasl reply:<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cmVhbG09ImxlYmVuLWF1Zi1zZWUuZGUiLG5vbmNlPSI0OTljY2QxZC1lMWQ2LTRmNGQtOTU0NC00MTNjOTFhMjNkOGQiLHFvcD0iYXV0aCIsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=</challenge>
> Sep0917:37:11c2s90514b0 debug Received[c2s_unauthed]:<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
> Sep0917:37:11leben-auf-see.de:auth_internal_plain debug get_password forusername 'trupp'at host 'leben-auf-see.de <http://leben-auf-see.de>'
> Sep0917:37:11leben-auf-see.de:saslauth debug sasl reply:<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text>Theresponse provided bythe client doesn't match the one we calculated.</text></failure>
> You received this message because you are subscribed to the Google Groups "Prosody IM Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to prosody-user...@googlegroups.com <mailto:prosody-user...@googlegroups.com>.
> To post to this group, send email to prosod...@googlegroups.com <mailto:prosod...@googlegroups.com>.
> Visit this group at https://groups.google.com/group/prosody-users.
> For more options, visit https://groups.google.com/d/optout.
--
CZ.NIC, z.s.p.o.
Milešovská 5, Praha 3, 130 00
mail: zdenek....@nic.cz
web: www.nic.cz
apt-get install libsasl2-modules-ldap libsasl2-2 libsasl2-modules sasl2-bin lua-cyrussasl
vim /etc/default/saslauthd
START=yes
[...]
MECHANISMS="ldap"
adduser prosody sasl
/etc/default/saslauthd:
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="ldap
MECH_OPTIONS="/etc/saslauthd.conf"
OPTIONS="-c -m /var/run/saslauthd"
vim /etc/sasl/prosody.conf
pwcheck_method: saslauthd
mech_list: plain
-- authentication = "cyrus"
Z.
On 5.10.2017 14:21, Vincent Van Houtte wrote:
> Hi Emeric,
>
> The obvious issue (but maybe not the only one) in Thomas' message above is that he named the Cyrus service file 'prosody.conf', but he forgot to set Prosody's optional setting 'cyrus_service_name' to 'prosody'.
> Alternatively he could have named the service file 'xmpp.conf', which corresponds to the default value for Prosody's 'cyrus_service_name' ('xmpp').
>
> More info: https://prosody.im/doc/cyrus_sasl
>
> HTH,
> Vincent
>
> Op maandag 2 oktober 2017 15:46:30 UTC+2 schreef Emeric Malacord:
>
> Hi Thomas,
>
> Did you find the solution?
> If so, thank you for enlightening me,
>
> Le jeudi 15 septembre 2016 19:42:21 UTC+2, Thomas Rupp a écrit :
>
> Hello,
> i have a problem settin up prosody with sasl as authentication. System is a Ubuntu 16.04. What i have done so far:
> I have a working saslauthd configuration working with postfix, cyrus etc
> I had a working ejabberd configuration, also working with sasl
> I removed this configuration because the installation of diaspora
> I setting up prosody with authentication against the diaspora userdatabase, which work fine.
> But for another domain i need a authentication against sasl
> So i set up a virtual host
>
> |
> ssl ={
> key ="/etc/letsencrypt/live/leben-auf-see.de/privkey.pem <http://leben-auf-see.de/privkey.pem>";
> certificate ="/etc/letsencrypt/live/leben-auf-see.de/fullchain.pem <http://leben-auf-see.de/fullchain.pem>";
> }
> allow_registration =false;
> c2s_require_encryption =true
> anonymous_login =false
> authentication ="cyrus"
> |
>
> Create a directory /etc/sasl which does not exist and to be shure a link to /etc/sasl2
> Create a file there named prosody.conf which contains:
>
> |
> pwcheck_method:saslauthd
> mech_list:PLAIN
> |
>
> But everytime when i try to connect i get the following error:
>
> |
> Sep0917:37:07c2s90514b0 info Clientconnected
> Sep0917:37:07c2s90514b0 debug Clientsent opening <stream:stream>to leben-auf-see.de
> |
>
> Create a directory /etc/sasl which does not exist and to be shure a link to /etc/sasl2
> Create a file there named prosody.conf which contains:
>
> |
> pwcheck_method:saslauthd
> mech_list:PLAIN
> |
>
> But everytime when i try to connect i get the following error:
>
> |
> Sep0917:37:07c2s90514b0 info Clientconnected
> Sep0917:37:07c2s90514b0 debug Sentreply <stream:stream>to client
> Sep0917:37:08c2s90514b0 debug Received[c2s_unauthed]:<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
> Sep0917:37:08socket debug server.lua:we need to dotls,but delaying untilsend buffer empty
> Sep0917:37:08c2s90514b0 debug TLS negotiation started forc2s_unauthed...
> Sep0917:37:08socket debug server.lua:attempting to start tls on tcp{client}:0x8f0018c
> Sep0917:37:09socket debug server.lua:ssl handshake done
> Sep0917:37:10c2s90514b0 debug Clientsent opening <stream:stream>to leben-auf-see.de
> Sep0917:37:10c2s90514b0 debug Sentreply <stream:stream>to client
> Sep0917:37:10c2s90514b0 debug Received[c2s_unauthed]:<auth mechanism='DIGEST-MD5'http://www.google.com/talk/protocol/authclient-uses-full-bind-result='true <http://www.google.com/talk/protocol/authclient-uses-full-bind-result='true>' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
> Sep0917:37:10leben-auf-see.de:saslauth debug sasl reply:<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cmVhbG09ImxlYmVuLWF1Zi1zZWUuZGUiLG5vbmNlPSI0OTljY2QxZC1lMWQ2LTRmNGQtOTU0NC00MTNjOTFhMjNkOGQiLHFvcD0iYXV0aCIsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=</challenge>
> Sep0917:37:11c2s90514b0 debug Received[c2s_unauthed]:<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
> Sep0917:37:11leben-auf-see.de:auth_internal_plain debug get_password forusername 'trupp'at host 'leben-auf-see.de <http://leben-auf-see.de>'
> Sep0917:37:11leben-auf-see.de:saslauth debug sasl reply:<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text>Theresponse provided bythe client doesn't match the one we calculated.</text></failure>
> Sep0917:37:11c2s90514b0 debug Received</stream:stream>
> Sep0917:37:11c2s90514b0 info c2s stream for<83.203.232.6>closed:session closed
> Sep0917:37:11c2s90514b0 debug Destroyingsession for(unknown)((unknown)@leben-auf-see.de)
> Sep0917:37:11c2s90514b0 info Clientdisconnected:connection closed
> Sep0917:37:11c2s90514b0 debug Destroyingsession for(unknown)((unknown)@(unknown))
> Sep0917:37:11socket debug server.lua:closed client handler andremoved socket fromlist
> Sep0917:37:11c2s90514b0 info Clientdisconnected:connection closed
> Sep0917:37:11c2s90514b0 debug Destroyingsession for(unknown)((unknown)@(unknown))
>
> |
>
> I hope anybody can help me out there
> Thanks
> Tom
>
> --
> |
>
> I hope anybody can help me out there
> Thanks
> Tom
>
> You received this message because you are subscribed to the Google Groups "Prosody IM Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to prosody-user...@googlegroups.com <mailto:prosody-user...@googlegroups.com>.
> To post to this group, send email to prosod...@googlegroups.com <mailto:prosod...@googlegroups.com>.
> Visit this group at https://groups.google.com/group/prosody-users.
> For more options, visit https://groups.google.com/d/optout.
--
CZ.NIC, z.s.p.o.
Milešovská 5, Praha 3, 130 00
mail: zdenek....@nic.cz
web: www.nic.cz
Reply all
Reply to author
Forward
0 new messages