Re: [SOGo] Authentication Problem Using Samba4
Aleksey, Thank you for your response! While modifying the sogo.conf per your instructions, I noticed an extra space between dc=lan in the base DN. I corrected that, and with your changes, it works! Well, sort of. Now, I login and the web page welcomes me by my full name, but logs me right back out. I cleaned up the sogo.conf and enabled degugging. Here is more information from the log: Apr 10 07:27:28 sogod [29367]: |SOGo| request took 0.114224 seconds to execute Apr 10 07:27:28 sogod [29367]: 172.16.42.253 "POST /SOGo/connect HTTP/1.1" 200 49/67 0.116 - - 32K Apr 10 07:27:29 sogod [29367]: |SOGo| starting method 'GET' on uri '/SOGo/so/khoward' 2019-04-10 07:27:29.934 sogod[29367:29367] Creating NGLdapConnection instance for bindDN 'CN=Administrator,CN=Users,DC=medinaco,DC=lan' Apr 10 07:27:29 sogod [29367]: <0x0x7f7728702d40[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://localhost 2019-04-10 07:27:29.972 sogod[29367:29367] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'cn=users,dc=medinaco,dc=lan' filter '(|(samaccountname=khoward)(mail=khoward))' for attrs '*' Apr 10 07:27:29 sogod [29367]: <0x0x7f77282de330[SOGoCache]> an error occurred when caching value for key 'khoward+attributes': "SERVER HAS FAILED AND IS DISABLED UNTIL TIMED RETRY" Apr 10 07:27:29 sogod [29367]: <0x0x7f77282de330[SOGoCache]> an error occurred when caching value for key 'khow...@medinaco.lan+attributes': "SERVER HAS FAILED AND IS DISABLED UNTIL TIMED RETRY" Apr 10 07:27:29 sogod [29367]: |SOGo| request took 0.056453 seconds to execute Apr 10 07:27:29 sogod [29367]: 172.16.42.253 "GET /SOGo/so/khoward HTTP/1.1" 200 27413/0 0.058 - - 0 ***END LOG I will try Google for this error, but if anyone has suggestions/corrections for this, I very much appreciate your input! Thanks. Keith On Tue, Apr 9, 2019 at 3:36 PM Aleksey V wrote: > Hallo! I had same problem some times ago. Try change according fields in > your config in SOGoUserSources section: > > CNFieldName = cn; > IDFieldName = cn; > UIDFieldName = sAMAccountName; > bindFields = (sAMAccountName); > id = directory; > > And add in there, in SOGoUserSources, passwordPolicy = NO; > > After this changes my problem was solved. This is from Sogo Installation > and Configuration Guide > (https://sogo.nu/files/docs/v3/SOGoInstallationGuide.pdf) > > 09.04.2019 18:16, Keith Howard (kbhoward1...@gmail.com) пишет: > > SOGoUserSources = ( > > { > > type = ldap; > > CNFieldName = cn; > > IDFieldName = sAMAccountName; > > UIDFieldName = sAMAccountName; > > baseDN = "CN=Users,DC=medinaco,DC=lan"; > > bindDN = "CN=Administrator,CN=Users,DC=medinaco,DC=lan"; > > bindFields = (sAMAccountName,mail,userPrincipalName); > > bindPassword = ; > > canAuthenticate = YES; > > displayName = "Public"; > > hostname = "ldap://localhost;; > > id = public; > > isAddressBook = YES; > > scope = SUB; > > > > } > -- > users@sogo.nu > https://inverse.ca/sogo/lists > -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Authentication Problem Using Samba4
Hallo! I had same problem some times ago. Try change according fields in your config in SOGoUserSources section: CNFieldName = cn; IDFieldName = cn; UIDFieldName = sAMAccountName; bindFields = (sAMAccountName); id = directory; And add in there, in SOGoUserSources, passwordPolicy = NO; After this changes my problem was solved. This is from Sogo Installation and Configuration Guide (https://sogo.nu/files/docs/v3/SOGoInstallationGuide.pdf) 09.04.2019 18:16, Keith Howard (kbhoward1...@gmail.com) пишет: SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName = sAMAccountName; UIDFieldName = sAMAccountName; baseDN = "CN=Users,DC=medinaco,DC =lan"; bindDN = "CN=Administrator,CN=Users,DC=medinaco,DC=lan"; bindFields = (sAMAccountName,mail,userPrincipalName); bindPassword = ; canAuthenticate = YES; displayName = "Public"; hostname = "ldap://localhost;; id = public; isAddressBook = YES; scope = SUB; } -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Authentication Problem Using Samba4
Hi Christian, Good catch. I forgot to mention that I editted my samba.conf to allow non SSL ldap traffic. I tested/verified that by connecting to my Samba server with an LDAP editor (non-ssl) and it worked. So, will SOGo work unencrypted? Thanks! Keith On Tue, Apr 9, 2019 at 3:12 PM Christian Naumer wrote: > Iam not 100% sure but you connect without ssl/TLS I don't know if Samba > AD permits this. > We use LDAPS and it works. You then need to configure > /etc/openldap/ldap.conf to accept your certificates. > > Regards > > Christian > > Am 09.04.19 um 17:16 schrieb Keith Howard (kbhoward1...@gmail.com): > > Hello, > > > > I am using Samba 4.9.4 compiled from source, MariaDB 5.5..60-1 (RPM), and > > SOGo 4.0.7 (nightly RPMs). > > > > sogo.conf: > > > > { > > /* * Main SOGo configuration file > > ** > > > > * > > * > >* Since the content of this file is a dictionary in OpenStep plist > > format, * > >* the curly braces enclosing the body of the configuration are > > mandatory. * > >* See the Installation Guide for details on the > > format. * > > > > * > > * > >* C and C++ style comments are > > supported. * > > > > * > > * > >* This example configuration contains only a subset of all > > available* > >* configuration parameters. Please see the installation guide more > > details. * > > > > * > > * > >* ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this > > file,* > >* make sure to move it away to avoid unwanted parameter > > overrides. * > > > > * > > * > >* > > > **/ > > > > /* Database configuration (mysql:// or postgresql://) */ > > SOGoProfileURL = > > "mysql://sogo:@localhost:3306/sogo/sogo_user_profile"; > > OCSFolderInfoURL = "mysql://sogo: > > @localhost:3306/sogo/sogo_folder_info"; > > OCSSessionsFolderURL = "mysql://sogo: > > @localhost:3306/sogo/sogo_sessions_folder"; > > > > /* Mail */ > > SOGoDraftsFolderName = Drafts; > > SOGoSentFolderName = Sent; > > SOGoTrashFolderName = Trash; > > SOGoIMAPServer = localhost; > > SOGoSieveServer = sieve://127.0.0.1:4190; > > SOGoSMTPServer = 127.0.0.1; > > SOGoMailDomain = medinaco.lan; > > SOGoMailingMechanism = smtp; > > //SOGoForceExternalLoginWithEmail = NO; > > //SOGoMailSpoolPath = /var/spool/sogo; > > //NGImap4ConnectionStringSeparator = "/"; > > > > /* Notifications */ > > //SOGoAppointmentSendEMailNotifications = NO; > > //SOGoACLsSendEMailNotifications = NO; > > //SOGoFoldersSendEMailNotifications = NO; > > > > /* Authentication */ > > //SOGoPasswordChangeEnabled = YES; > > > > /* LDAP authentication example */ > > //SOGoUserSources = ( > > // { > > //type = ldap; > > //CNFieldName = cn; > > //UIDFieldName = uid; > > //IDFieldName = uid; // first field of the DN for direct binds > > //bindFields = (uid, mail); // array of fields to use for indirect > > binds > > //baseDN = "dc=medinaco,dc=lan"; > > //bindDN = "uid=sogo,ou=users,dc=acme,dc=com"; > > //bindPassword = qwerty; > > //canAuthenticate = YES; > > //displayName = "Shared Addresses"; > > //hostname = ldap://127.0.0.1:389; > > //id = public; > > //isAddressBook = YES; > > // } > > //); > > > > /* LDAP AD/Samba4 example */ > > SOGoUserSources = ( > > { > > type = ldap; > > CNFieldName = cn; > > IDFieldName = sAMAccountName; > > UIDFieldName = sAMAccountName; > > baseDN = "CN=Users,DC=medinaco,DC=lan"; > > bindDN = "CN=Administrator,CN=Users,DC=medinaco,DC=lan"; > > bindFields = (sAMAccountName,mail,userPrincipalName); > > bindPassword = ; > > canAuthenticate = YES; > > displayName = "Public"; > > hostname = "ldap://localhost;; > > id = public; > > isAddressBook = YES; > > scope = SUB; > > > > } > > ); > > > > > > /* SQL authentication example */ > > /* These database columns MUST be present in the view/table: > >*c_uid - will be used for authentication - it's the username or > > usern...@domain.tld) > >*c_name - which can be identical to c_uid - will be used to > > uniquely identify entries > >*c_password - password of the user, plain-text, md5 or sha encoded > > for now > >*c_cn - the user's common name - such as "John Doe" > >*mail - the user's mail address > >* See the installation guide for more details > >*/ > > //SOGoUserSources = > > // ( > > //{ > > // type = sql; > > // id = directory; > > // viewURL = "postgresql:// > sogo:sogo@127.0.0.1:5432/sogo/sogo_view"; > > // canAuthenticate = YES; > > // isAddressBook = YES; > > // userPasswordAlgorithm = md5; > > //} > > // ); > > > > /* Web
Re: [SOGo] Authentication Problem Using Samba4
Iam not 100% sure but you connect without ssl/TLS I don't know if Samba AD permits this. We use LDAPS and it works. You then need to configure /etc/openldap/ldap.conf to accept your certificates. Regards Christian Am 09.04.19 um 17:16 schrieb Keith Howard (kbhoward1...@gmail.com): > Hello, > > I am using Samba 4.9.4 compiled from source, MariaDB 5.5..60-1 (RPM), and > SOGo 4.0.7 (nightly RPMs). > > sogo.conf: > > { > /* * Main SOGo configuration file > ** > > * > * >* Since the content of this file is a dictionary in OpenStep plist > format, * >* the curly braces enclosing the body of the configuration are > mandatory. * >* See the Installation Guide for details on the > format. * > > * > * >* C and C++ style comments are > supported. * > > * > * >* This example configuration contains only a subset of all > available* >* configuration parameters. Please see the installation guide more > details. * > > * > * >* ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this > file,* >* make sure to move it away to avoid unwanted parameter > overrides. * > > * > * >* > **/ > > /* Database configuration (mysql:// or postgresql://) */ > SOGoProfileURL = > "mysql://sogo:@localhost:3306/sogo/sogo_user_profile"; > OCSFolderInfoURL = "mysql://sogo: > @localhost:3306/sogo/sogo_folder_info"; > OCSSessionsFolderURL = "mysql://sogo: > @localhost:3306/sogo/sogo_sessions_folder"; > > /* Mail */ > SOGoDraftsFolderName = Drafts; > SOGoSentFolderName = Sent; > SOGoTrashFolderName = Trash; > SOGoIMAPServer = localhost; > SOGoSieveServer = sieve://127.0.0.1:4190; > SOGoSMTPServer = 127.0.0.1; > SOGoMailDomain = medinaco.lan; > SOGoMailingMechanism = smtp; > //SOGoForceExternalLoginWithEmail = NO; > //SOGoMailSpoolPath = /var/spool/sogo; > //NGImap4ConnectionStringSeparator = "/"; > > /* Notifications */ > //SOGoAppointmentSendEMailNotifications = NO; > //SOGoACLsSendEMailNotifications = NO; > //SOGoFoldersSendEMailNotifications = NO; > > /* Authentication */ > //SOGoPasswordChangeEnabled = YES; > > /* LDAP authentication example */ > //SOGoUserSources = ( > // { > //type = ldap; > //CNFieldName = cn; > //UIDFieldName = uid; > //IDFieldName = uid; // first field of the DN for direct binds > //bindFields = (uid, mail); // array of fields to use for indirect > binds > //baseDN = "dc=medinaco,dc=lan"; > //bindDN = "uid=sogo,ou=users,dc=acme,dc=com"; > //bindPassword = qwerty; > //canAuthenticate = YES; > //displayName = "Shared Addresses"; > //hostname = ldap://127.0.0.1:389; > //id = public; > //isAddressBook = YES; > // } > //); > > /* LDAP AD/Samba4 example */ > SOGoUserSources = ( > { > type = ldap; > CNFieldName = cn; > IDFieldName = sAMAccountName; > UIDFieldName = sAMAccountName; > baseDN = "CN=Users,DC=medinaco,DC=lan"; > bindDN = "CN=Administrator,CN=Users,DC=medinaco,DC=lan"; > bindFields = (sAMAccountName,mail,userPrincipalName); > bindPassword = ; > canAuthenticate = YES; > displayName = "Public"; > hostname = "ldap://localhost;; > id = public; > isAddressBook = YES; > scope = SUB; > > } > ); > > > /* SQL authentication example */ > /* These database columns MUST be present in the view/table: >*c_uid - will be used for authentication - it's the username or > usern...@domain.tld) >*c_name - which can be identical to c_uid - will be used to > uniquely identify entries >*c_password - password of the user, plain-text, md5 or sha encoded > for now >*c_cn - the user's common name - such as "John Doe" >*mail - the user's mail address >* See the installation guide for more details >*/ > //SOGoUserSources = > // ( > //{ > // type = sql; > // id = directory; > // viewURL = "postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_view"; > // canAuthenticate = YES; > // isAddressBook = YES; > // userPasswordAlgorithm = md5; > //} > // ); > > /* Web Interface */ > SOGoPageTitle = SOGo; > SOGoVacationEnabled = YES; > SOGoForwardEnabled = YES; > SOGoSieveScriptsEnabled = YES; > //SOGoMailAuxiliaryUserAccountsEnabled = YES; > //SOGoTrustProxyAuthentication = NO; > //SOGoXSRFValidationEnabled = YES; > > /* General - SOGoTimeZone *MUST* be defined */ > SOGoLanguage = English; > SOGoTimeZone = America/New_York; > //SOGoCalendarDefaultRoles = ( > // PublicDAndTViewer, > // ConfidentialDAndTViewer > //); > SOGoSuperUsernames = (khoward); // This is an array - keep the parens! > SxVMemLimit = 1000; >