Re: [SOGo] Authentication Problem Using Samba4

[Keith Howard]

Aleksey,

Thank you for your response!

While modifying the sogo.conf per your instructions, I noticed an extra
space between dc=lan in the base DN.  I corrected that, and with your
changes, it works!  Well, sort of.

Now, I login and the web page welcomes me by my full name, but logs me
right back out.

I cleaned up the sogo.conf and enabled degugging.
Here is more information from the log:

Apr 10 07:27:28 sogod [29367]: |SOGo| request took 0.114224 seconds to
execute
Apr 10 07:27:28 sogod [29367]: 172.16.42.253 "POST /SOGo/connect HTTP/1.1"
200 49/67 0.116 - - 32K
Apr 10 07:27:29 sogod [29367]: |SOGo| starting method 'GET' on uri
'/SOGo/so/khoward'
2019-04-10 07:27:29.934 sogod[29367:29367] Creating NGLdapConnection
instance for bindDN 'CN=Administrator,CN=Users,DC=medinaco,DC=lan'
Apr 10 07:27:29 sogod [29367]: <0x0x7f7728702d40[NGLdapConnection]> Using
ldap_initialize for LDAP URL: ldap://localhost
2019-04-10 07:27:29.972 sogod[29367:29367] -[NGLdapConnection
_searchAtBaseDN:qualifier:attributes:scope:]: search at base
'cn=users,dc=medinaco,dc=lan' filter
'(|(samaccountname=khoward)(mail=khoward))' for attrs '*'
Apr 10 07:27:29 sogod [29367]: <0x0x7f77282de330[SOGoCache]> an error
occurred when caching value for key 'khoward+attributes': "SERVER HAS
FAILED AND IS DISABLED UNTIL TIMED RETRY"
Apr 10 07:27:29 sogod [29367]: <0x0x7f77282de330[SOGoCache]> an error
occurred when caching value for key 'khow...@medinaco.lan+attributes':
"SERVER HAS FAILED AND IS DISABLED UNTIL TIMED RETRY"
Apr 10 07:27:29 sogod [29367]: |SOGo| request took 0.056453 seconds to
execute
Apr 10 07:27:29 sogod [29367]: 172.16.42.253 "GET /SOGo/so/khoward
HTTP/1.1" 200 27413/0 0.058 - - 0
***END LOG

I will try Google for this error, but if anyone has suggestions/corrections
for this, I very much appreciate your input!

Thanks.

Keith

On Tue, Apr 9, 2019 at 3:36 PM Aleksey V  wrote:

> Hallo! I had same problem some times ago. Try change according fields in
> your config in SOGoUserSources section:
>
>  CNFieldName = cn;
>  IDFieldName = cn;
>  UIDFieldName = sAMAccountName;
>  bindFields = (sAMAccountName);
>  id = directory;
>
> And add in there, in SOGoUserSources, passwordPolicy = NO;
>
> After this changes my problem was solved. This is from Sogo Installation
> and Configuration Guide
> (https://sogo.nu/files/docs/v3/SOGoInstallationGuide.pdf)
>
> 09.04.2019 18:16, Keith Howard (kbhoward1...@gmail.com) пишет:
> > SOGoUserSources = (
> > {
> >   type = ldap;
> >   CNFieldName = cn;
> >   IDFieldName = sAMAccountName;
> >   UIDFieldName = sAMAccountName;
> >   baseDN = "CN=Users,DC=medinaco,DC=lan";
> >   bindDN = "CN=Administrator,CN=Users,DC=medinaco,DC=lan";
> >   bindFields = (sAMAccountName,mail,userPrincipalName);
> >   bindPassword =  ;
> >   canAuthenticate = YES;
> >   displayName = "Public";
> >   hostname = "ldap://localhost;;
> >   id = public;
> >   isAddressBook = YES;
> >   scope = SUB;
> >
> > }
> --
> users@sogo.nu
> https://inverse.ca/sogo/lists
>
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Authentication Problem Using Samba4

[Aleksey V]

Hallo! I had same problem some times ago. Try change according fields in 
your config in SOGoUserSources section:


    CNFieldName = cn;
    IDFieldName = cn;
    UIDFieldName = sAMAccountName;
    bindFields = (sAMAccountName);
    id = directory;

And add in there, in SOGoUserSources, passwordPolicy = NO;

After this changes my problem was solved. This is from Sogo Installation 
and Configuration Guide 
(https://sogo.nu/files/docs/v3/SOGoInstallationGuide.pdf)


09.04.2019 18:16, Keith Howard (kbhoward1...@gmail.com) пишет:

SOGoUserSources = (
    {
  type = ldap;
  CNFieldName = cn;
  IDFieldName = sAMAccountName;
  UIDFieldName = sAMAccountName;
  baseDN = "CN=Users,DC=medinaco,DC    =lan";
  bindDN = "CN=Administrator,CN=Users,DC=medinaco,DC=lan";
  bindFields = (sAMAccountName,mail,userPrincipalName);
  bindPassword =  ;
  canAuthenticate = YES;
  displayName = "Public";
  hostname = "ldap://localhost;;
  id = public;
  isAddressBook = YES;
  scope = SUB;

    }

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Authentication Problem Using Samba4

[Keith Howard]

Hi Christian,

Good catch.
I forgot to mention that I editted my samba.conf to allow non SSL ldap
traffic.
I tested/verified that by connecting to my Samba server with an LDAP editor
(non-ssl) and it worked.

So, will SOGo work unencrypted?

Thanks!

Keith


On Tue, Apr 9, 2019 at 3:12 PM Christian Naumer  wrote:

> Iam not 100% sure but you connect without ssl/TLS I don't know if Samba
> AD permits this.
> We use LDAPS and it works. You then need to configure
> /etc/openldap/ldap.conf to accept your certificates.
>
> Regards
>
> Christian
>
> Am 09.04.19 um 17:16 schrieb Keith Howard (kbhoward1...@gmail.com):
> > Hello,
> >
> > I am using Samba 4.9.4 compiled from source, MariaDB 5.5..60-1 (RPM), and
> > SOGo 4.0.7 (nightly RPMs).
> >
> > sogo.conf:
> >
> > {
> >   /* *  Main SOGo configuration file
> > **
> >
> > *
> > *
> >* Since the content of this file is a dictionary in OpenStep plist
> > format,  *
> >* the curly braces enclosing the body of the configuration are
> > mandatory.   *
> >* See the Installation Guide for details on the
> > format. *
> >
> > *
> > *
> >* C and C++ style comments are
> > supported.   *
> >
> > *
> > *
> >* This example configuration contains only a subset of all
> > available*
> >* configuration parameters. Please see the installation guide more
> > details. *
> >
> > *
> > *
> >* ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this
> > file,*
> >* make sure to move it away to avoid unwanted parameter
> > overrides.  *
> >
> > *
> > *
> >*
> >
> **/
> >
> >   /* Database configuration (mysql:// or postgresql://) */
> >   SOGoProfileURL =
> > "mysql://sogo:@localhost:3306/sogo/sogo_user_profile";
> >   OCSFolderInfoURL = "mysql://sogo: 
> > @localhost:3306/sogo/sogo_folder_info";
> >   OCSSessionsFolderURL = "mysql://sogo: 
> > @localhost:3306/sogo/sogo_sessions_folder";
> >
> >   /* Mail */
> >   SOGoDraftsFolderName = Drafts;
> >   SOGoSentFolderName = Sent;
> >   SOGoTrashFolderName = Trash;
> >   SOGoIMAPServer = localhost;
> >   SOGoSieveServer = sieve://127.0.0.1:4190;
> >   SOGoSMTPServer = 127.0.0.1;
> >   SOGoMailDomain = medinaco.lan;
> >   SOGoMailingMechanism = smtp;
> >   //SOGoForceExternalLoginWithEmail = NO;
> >   //SOGoMailSpoolPath = /var/spool/sogo;
> >   //NGImap4ConnectionStringSeparator = "/";
> >
> >   /* Notifications */
> >   //SOGoAppointmentSendEMailNotifications = NO;
> >   //SOGoACLsSendEMailNotifications = NO;
> >   //SOGoFoldersSendEMailNotifications = NO;
> >
> >   /* Authentication */
> >   //SOGoPasswordChangeEnabled = YES;
> >
> >   /* LDAP authentication example */
> >   //SOGoUserSources = (
> >   //  {
> >   //type = ldap;
> >   //CNFieldName = cn;
> >   //UIDFieldName = uid;
> >   //IDFieldName = uid; // first field of the DN for direct binds
> >   //bindFields = (uid, mail); // array of fields to use for indirect
> > binds
> >   //baseDN = "dc=medinaco,dc=lan";
> >   //bindDN = "uid=sogo,ou=users,dc=acme,dc=com";
> >   //bindPassword = qwerty;
> >   //canAuthenticate = YES;
> >   //displayName = "Shared Addresses";
> >   //hostname = ldap://127.0.0.1:389;
> >   //id = public;
> >   //isAddressBook = YES;
> >   //  }
> >   //);
> >
> >   /* LDAP AD/Samba4 example */
> >   SOGoUserSources = (
> > {
> >   type = ldap;
> >   CNFieldName = cn;
> >   IDFieldName = sAMAccountName;
> >   UIDFieldName = sAMAccountName;
> >   baseDN = "CN=Users,DC=medinaco,DC=lan";
> >   bindDN = "CN=Administrator,CN=Users,DC=medinaco,DC=lan";
> >   bindFields = (sAMAccountName,mail,userPrincipalName);
> >   bindPassword =   ;
> >   canAuthenticate = YES;
> >   displayName = "Public";
> >   hostname = "ldap://localhost;;
> >   id = public;
> >   isAddressBook = YES;
> >   scope = SUB;
> >
> > }
> >   );
> >
> >
> >   /* SQL authentication example */
> >   /*  These database columns MUST be present in the view/table:
> >*c_uid - will be used for authentication -  it's the username or
> > usern...@domain.tld)
> >*c_name - which can be identical to c_uid -  will be used to
> > uniquely identify entries
> >*c_password - password of the user, plain-text, md5 or sha encoded
> > for now
> >*c_cn - the user's common name - such as "John Doe"
> >*mail - the user's mail address
> >*  See the installation guide for more details
> >*/
> >   //SOGoUserSources =
> >   //  (
> >   //{
> >   //  type = sql;
> >   //  id = directory;
> >   //  viewURL = "postgresql://
> sogo:sogo@127.0.0.1:5432/sogo/sogo_view";
> >   //  canAuthenticate = YES;
> >   //  isAddressBook = YES;
> >   //  userPasswordAlgorithm = md5;
> >   //}
> >   //  );
> >
> >   /* Web 

Re: [SOGo] Authentication Problem Using Samba4

[Christian Naumer]

Iam not 100% sure but you connect without ssl/TLS I don't know if Samba
AD permits this.
We use LDAPS and it works. You then need to configure
/etc/openldap/ldap.conf to accept your certificates.

Regards

Christian

Am 09.04.19 um 17:16 schrieb Keith Howard (kbhoward1...@gmail.com):
> Hello,
> 
> I am using Samba 4.9.4 compiled from source, MariaDB 5.5..60-1 (RPM), and
> SOGo 4.0.7 (nightly RPMs).
> 
> sogo.conf:
> 
> {
>   /* *  Main SOGo configuration file
> **
> 
> *
> *
>* Since the content of this file is a dictionary in OpenStep plist
> format,  *
>* the curly braces enclosing the body of the configuration are
> mandatory.   *
>* See the Installation Guide for details on the
> format. *
> 
> *
> *
>* C and C++ style comments are
> supported.   *
> 
> *
> *
>* This example configuration contains only a subset of all
> available*
>* configuration parameters. Please see the installation guide more
> details. *
> 
> *
> *
>* ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this
> file,*
>* make sure to move it away to avoid unwanted parameter
> overrides.  *
> 
> *
> *
>*
> **/
> 
>   /* Database configuration (mysql:// or postgresql://) */
>   SOGoProfileURL =
> "mysql://sogo:@localhost:3306/sogo/sogo_user_profile";
>   OCSFolderInfoURL = "mysql://sogo: 
> @localhost:3306/sogo/sogo_folder_info";
>   OCSSessionsFolderURL = "mysql://sogo: 
> @localhost:3306/sogo/sogo_sessions_folder";
> 
>   /* Mail */
>   SOGoDraftsFolderName = Drafts;
>   SOGoSentFolderName = Sent;
>   SOGoTrashFolderName = Trash;
>   SOGoIMAPServer = localhost;
>   SOGoSieveServer = sieve://127.0.0.1:4190;
>   SOGoSMTPServer = 127.0.0.1;
>   SOGoMailDomain = medinaco.lan;
>   SOGoMailingMechanism = smtp;
>   //SOGoForceExternalLoginWithEmail = NO;
>   //SOGoMailSpoolPath = /var/spool/sogo;
>   //NGImap4ConnectionStringSeparator = "/";
> 
>   /* Notifications */
>   //SOGoAppointmentSendEMailNotifications = NO;
>   //SOGoACLsSendEMailNotifications = NO;
>   //SOGoFoldersSendEMailNotifications = NO;
> 
>   /* Authentication */
>   //SOGoPasswordChangeEnabled = YES;
> 
>   /* LDAP authentication example */
>   //SOGoUserSources = (
>   //  {
>   //type = ldap;
>   //CNFieldName = cn;
>   //UIDFieldName = uid;
>   //IDFieldName = uid; // first field of the DN for direct binds
>   //bindFields = (uid, mail); // array of fields to use for indirect
> binds
>   //baseDN = "dc=medinaco,dc=lan";
>   //bindDN = "uid=sogo,ou=users,dc=acme,dc=com";
>   //bindPassword = qwerty;
>   //canAuthenticate = YES;
>   //displayName = "Shared Addresses";
>   //hostname = ldap://127.0.0.1:389;
>   //id = public;
>   //isAddressBook = YES;
>   //  }
>   //);
> 
>   /* LDAP AD/Samba4 example */
>   SOGoUserSources = (
> {
>   type = ldap;
>   CNFieldName = cn;
>   IDFieldName = sAMAccountName;
>   UIDFieldName = sAMAccountName;
>   baseDN = "CN=Users,DC=medinaco,DC=lan";
>   bindDN = "CN=Administrator,CN=Users,DC=medinaco,DC=lan";
>   bindFields = (sAMAccountName,mail,userPrincipalName);
>   bindPassword =   ;
>   canAuthenticate = YES;
>   displayName = "Public";
>   hostname = "ldap://localhost;;
>   id = public;
>   isAddressBook = YES;
>   scope = SUB;
> 
> }
>   );
> 
> 
>   /* SQL authentication example */
>   /*  These database columns MUST be present in the view/table:
>*c_uid - will be used for authentication -  it's the username or
> usern...@domain.tld)
>*c_name - which can be identical to c_uid -  will be used to
> uniquely identify entries
>*c_password - password of the user, plain-text, md5 or sha encoded
> for now
>*c_cn - the user's common name - such as "John Doe"
>*mail - the user's mail address
>*  See the installation guide for more details
>*/
>   //SOGoUserSources =
>   //  (
>   //{
>   //  type = sql;
>   //  id = directory;
>   //  viewURL = "postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_view";
>   //  canAuthenticate = YES;
>   //  isAddressBook = YES;
>   //  userPasswordAlgorithm = md5;
>   //}
>   //  );
> 
>   /* Web Interface */
>   SOGoPageTitle = SOGo;
>   SOGoVacationEnabled = YES;
>   SOGoForwardEnabled = YES;
>   SOGoSieveScriptsEnabled = YES;
>   //SOGoMailAuxiliaryUserAccountsEnabled = YES;
>   //SOGoTrustProxyAuthentication = NO;
>   //SOGoXSRFValidationEnabled = YES;
> 
>   /* General - SOGoTimeZone *MUST* be defined */
>   SOGoLanguage = English;
>   SOGoTimeZone = America/New_York;
>   //SOGoCalendarDefaultRoles = (
>   //  PublicDAndTViewer,
>   //  ConfidentialDAndTViewer
>   //);
>   SOGoSuperUsernames = (khoward); // This is an array - keep the parens!
>   SxVMemLimit = 1000;
>