All of this information is nice to have, however, it all seems like it would cause my logon to fail even when SASL is disabled. However, as soon as I disable SASL (even on the client), I am able to connect. In other words, without changing the server configuration at all, I can connect if I tell the client not to use encryption. Doesn't this basically mean my ntlogon etc. is configured correctly?
On Feb 6, 2008 3:55 AM, Adam Strzelecki <[EMAIL PROTECTED]> wrote: > Dan, > > It seems your problem isn't related neither to SASL or ntlogon, nor to > TLS. It is the "bind" command problem that fails. > I'm not sure why it fails though but it may be StorageManager that > isn't running for your domain and which is responsible for binding > after successful authentication. > > Make sure SM is running and its sm.xml sm/id matches c2s/local/id of > c2s.xml, checkout you got same domain and your components are > connected to router: > > c2s.log > > Tue Feb 05 00:17:11 2008 [notice] [mydomain.com] configured; > > realm=mydomain.com, registration disabled > > Tue Feb 05 00:17:11 2008 [notice] connection to router established > > sm.log > > Tue Feb 05 00:17:19 2008 [notice] id: mydomain.com > > > Tue Feb 05 00:17:19 2008 [notice] connection to router established > > > Note that domain setting is setting used for ntlogon to indicate which > ADS domain (or computer) should be used as auth source. > > > SEND: <iq type='set' id='1007'><bind > > xmlns='urn:ietf:params:xml:ns:xmpp- > > bind'><resource>[EMAIL PROTECTED]</resource></bind></iq> > > RECV: <stream:error > > xmlns:stream='http://etherx.jabber.org/streams'><internal-server-error > > xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text > > xmlns='urn:ietf:params:xml:ns:xmpp-streams'>internal server > > error</text></stream:error></stream:stream> > > SEND: </stream:stream> > > @Tomasz: Do you have any clue what else may cause internal server > error? Would be nice if we could have more clear error reporting in > this case @ c2s.c: > > /* route errors */ > if(nad_find_attr(nad, 0, -1, "error", NULL) >= 0) { > log_debug(ZONE, "routing error"); > > sx_error(sess->s, stream_err_INTERNAL_SERVER_ERROR, > "internal server error"); > sx_close(sess->s); > > nad_free(nad); > return 0; > } > > I think we could pass there some more meaningful error description to > the client? Like "sm for this domain is not running" or cannot connect > to sm. > > > Cheers, > -- > Adam Strzelecki |: nanoant.com :| > >
