Cannot login on Prosody 0.9.7 using LDAP/SASL
435 views
Skip to first unread message
Marcos Silva Cunha
Dec 9, 2015, 5:54:31 PM12/9/15
to Prosody IM Users
Hello all,
I'm in trouble while trying to log in using Psi XMPP client over the Prosody server (Debian distro).
Here is my prosody.log:
Dec 09 18:51:19 mod_posix info Successfully daemonized to PID 737
Dec 09 18:51:19 hostmanager debug Activated host: localhost
Dec 09 18:51:19 localhost:auth_internal_plain debug initializing internal_plain authentication provider for host 'localhost'
Dec 09 18:51:19 usermanager debug host 'localhost' now set to use user provider 'internal_plain'
Dec 09 18:52:14 socket debug server.lua: accepted new client connection from 10.56.7.187:24440 to 5222
Dec 09 18:52:14 c2s18d0b40 info Client connected
Dec 09 18:52:14 c2s18d0b40 debug Client sent opening <stream:stream> to sedur.intranet
Dec 09 18:52:14 c2s18d0b40 debug Sent reply <stream:stream> to client
Dec 09 18:52:14 c2s18d0b40 debug Received[c2s_unauthed]: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
Dec 09 18:52:14 socket debug server.lua: we need to do tls, but delaying until send buffer empty
Dec 09 18:52:14 c2s18d0b40 debug TLS negotiation started for c2s_unauthed...
Dec 09 18:52:14 socket debug server.lua: attempting to start tls on tcp{client}: 0x1954458
Dec 09 18:52:14 socket debug server.lua: ssl handshake done
Dec 09 18:52:14 c2s18d0b40 debug Client sent opening <stream:stream> to sedur.intranet
Dec 09 18:52:14 c2s18d0b40 debug Sent reply <stream:stream> to client
Dec 09 18:52:14 c2s18d0b40 debug Received[c2s_unauthed]: <auth mechanism='DIGEST-MD5' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
Dec 09 18:52:14 sedur.intranet:saslauth debug sasl reply: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>THE CHALLENGE STRING</challenge>
Dec 09 18:52:14 c2s18d0b40 debug Received[c2s_unauthed]: <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
Dec 09 18:52:14 sasl_cyrus debug Canonicalizing username marcos.cunha to marcos.cunha
Dec 09 18:52:14 sasl_cyrus debug Got SASL error condition -20: user not found
Dec 09 18:52:14 sedur.intranet:saslauth debug sasl reply: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><undefined-condition/><text>user not found</text></failure>
Dec 09 18:52:14 socket debug server.lua: client 10.56.7.187:24440 read error: closed
Dec 09 18:52:14 c2s18d0b40 info Client disconnected: closed
Dec 09 18:52:14 c2s18d0b40 debug Destroying session for (unknown) ((unknown)@sedur.intranet): closed
Dec 09 18:52:14 socket debug server.lua: closed client handler and removed socket from list
Using testldapauth I can confirm saslauthd is correctly configured and running. Here is my /etc/saslauthd.conf
ldap_servers: ldap://10.x.x.x ldap://10.x.x.x
ldap_search_base: OU=DOMAIN,DC=my,DC=intranet
ldap_bind_dn: DOMAIN\app.admin
ldap_password: app.admin
ldap_use_sasl: no
ldap_start_tls: no
ldap_auth_method: bind
ldap_filter: (sAMAccountName=%u)
Could you help me? Thanks!
Christian Steinherr
Dec 10, 2015, 8:46:16 AM12/10/15
to prosod...@googlegroups.com
Hello Marcos,
same issue here.
I set up a prosody installation, at first just with one local user. Worked fine so far. So i moved on to a sasl-auth-configuration.
But that doesn't seem to work either. Nice coincident: The error "Got SASL error condition -20: user not found" on my side.
I uploaded some logfiles an the configuration file to http://pastebin.com/CXU3Wi1h
As you can see, prosody starts up fine. But as soon, as i connect a client the sign-on doesn't work out.
Does anybody have a clue, what's going wrong?
Kind regards
Christian
> --
> You received this message because you are subscribed to the Google Groups "Prosody IM Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to prosody-user...@googlegroups.com
> <mailto:prosody-user...@googlegroups.com>.
> To post to this group, send email to prosod...@googlegroups.com <mailto:prosod...@googlegroups.com>.
> Visit this group at http://groups.google.com/group/prosody-users.
> For more options, visit https://groups.google.com/d/optout.
same issue here.
I set up a prosody installation, at first just with one local user. Worked fine so far. So i moved on to a sasl-auth-configuration.
But that doesn't seem to work either. Nice coincident: The error "Got SASL error condition -20: user not found" on my side.
I uploaded some logfiles an the configuration file to http://pastebin.com/CXU3Wi1h
As you can see, prosody starts up fine. But as soon, as i connect a client the sign-on doesn't work out.
Does anybody have a clue, what's going wrong?
Kind regards
Christian
> You received this message because you are subscribed to the Google Groups "Prosody IM Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to prosody-user...@googlegroups.com
> <mailto:prosody-user...@googlegroups.com>.
> To post to this group, send email to prosod...@googlegroups.com <mailto:prosod...@googlegroups.com>.
> Visit this group at http://groups.google.com/group/prosody-users.
> For more options, visit https://groups.google.com/d/optout.
Bill McGonigle
Dec 10, 2015, 1:32:37 PM12/10/15
to prosod...@googlegroups.com
On 12/10/2015 05:25 AM, Christian Steinherr wrote:
> I set up sasl so far as i can see correctly
> cat /etc/sasl
> pwcheck_method: saslauthd
> mech_list: PLAIN
> saslauthd_path: /var/run/saslauthd/mux
I've got:
# cat /etc/sasl2/prosody.conf
pwcheck_method: saslauthd
mech_list: PLAIN
(this is on CentOS 7).
and I'm not using 'cyrus_service_name'.
-Bill
--
Bill McGonigle, Owner
BFC Computing, LLC
http://bfccomputing.com/
Telephone: +1.855.SW.LIBRE
Email, IM, VOIP: bi...@bfccomputing.com
VCard: http://bfccomputing.com/vcard/bill.vcf
Social networks: bill_mcgonigle/bill.mcgonigle
> I set up sasl so far as i can see correctly
> cat /etc/sasl
> pwcheck_method: saslauthd
> mech_list: PLAIN
> saslauthd_path: /var/run/saslauthd/mux
I've got:
# cat /etc/sasl2/prosody.conf
pwcheck_method: saslauthd
mech_list: PLAIN
(this is on CentOS 7).
and I'm not using 'cyrus_service_name'.
-Bill
--
Bill McGonigle, Owner
BFC Computing, LLC
http://bfccomputing.com/
Telephone: +1.855.SW.LIBRE
Email, IM, VOIP: bi...@bfccomputing.com
VCard: http://bfccomputing.com/vcard/bill.vcf
Social networks: bill_mcgonigle/bill.mcgonigle
Christian Steinherr
Dec 11, 2015, 8:10:31 AM12/11/15
to prosod...@googlegroups.com
Hi Bill,
thanks for your tip, but it didn't work.
After deleting the line beginning with saslauthd_path, the error did not go away. I still get "Dec 11 14:08:29 sasl_cyrus debug
Christian
thanks for your tip, but it didn't work.
After deleting the line beginning with saslauthd_path, the error did not go away. I still get "Dec 11 14:08:29 sasl_cyrus debug
Got SASL error condition -20: user not found"
Kind regards
Christian
Reply all
Reply to author
Forward
0 new messages