Dear SOGo Group, I am having difficulty getting SOGo/OpenChange to work with Outlook 2010. SOGo itself works through its web interface, but email with Outlook does not. I have been messing around with it for days without success, so I thought I would ask for some help.
Setup: Server is running CentOS 6.4 with Postfix 2.6 and Cyrus-IMAP 2.4. The email system was setup and tested before starting with SOGo. I also had Samba4 from the SOGo repo already installed and AD setup and tested. DNS: Here I will call the server domain example.local, so AD is setup with domain EXAMPLE, realm example.local. The server is also hosting a real world domain example.com, so there is a split DNS setup. The example.local is managed by Samba using BIND with DLZ plugin, and example.com has traditional BIND zone files. All setup and tested. The users are in Samba4 AD, but will have u...@example.com as their email address. Postfix is setup with example.com as a virtual mailbox domain and delivers mail to Cyrus-IMAP. I used Cyrus-IMAP because, being a sealed system makes it well suited to virtual domains. It authenticates users by SASL (saslauthd) configured for PAM. The /etc/pam.d/imap file uses pam_krb5 to authenticate email users by Kerberos against AD. All works. I installed SOGo following the guide with MySQL database backend. For LDAP authentication I used the template in the Outlook configuration guide. Side note: I read somewhere that the SOGo configuration is being changed to a proper “sogo.conf” file rather than using that awful “defaults” method, but maybe it was only for Debian. Can this be done for RHEL/CentOS? I got so sick of it I actually wrote a script to do the config. Is anyone aware that running ‘defaults –u sogo’ blows away the existing file? I learned that the hard way. When finished I started SOGo and could login from the web interface with my EXAMPLE\testuser AD account. Calendar, contacts and email (as testu...@example.com) all worked perfectly. I then followed the Outlook configuration guide to install and configure the SOGo/OpenChange packages. The only part I did not follow initially was under the IMAP trust section. It reads like a couple of lines thrown in there as an afterthought, and with no example to follow, so it did not make sense at the time. I will come back to this. All steps appeared to work OK. Adding testuser to OpenChange initially failed with “not found”. I discovered from the code that it only looks in CN=Users, but my users are under OU=People in order to apply group policy. When I moved testuser it worked OK and I could see the extended attributes. I assume that, after this step, users could be moved back to an OU without any issues? I left testuser in CN=Users for now. At the end the services start OK and I login as testuser from a VM client joined to the EXAMPLE domain. I create the Outlook profile and start Outlook. It appears to work – Outlook says it is connected to Exchange, but there is no mail folder creation and no email visible. However, the calendar and contact items are there. Eventually Outlook says it is disconnected, and Samba is rather unhappy and appears to have stopped working and must be restarted. If I run the “Test Email AutoConfiguration” utility it fails. The Apache logs show requests for “autodiscover” returning 401 or 502 errors. But I had setup DNS for autodiscover. In DNS Manager I tried both methods – using a SRV entry and adding a CNAME alias. I also added an alias to the example.com DNS just in case. In the maillog I see cyrus-imap errors for badlogin, SASL(-13), authentication failure. This, with the 401 error, suggests SOGo/OpenChange will not connect to Cyrus-IMAP. I revisited the IMAP trust section and attempted to use ‘sasl_pwcheck_method = alwaystrue’. However, I found that on EL this is not available because the option is not enabled at compile. So I downloaded the cyrus-sasl source RPM, rebuilt it with ‘--enable-alwaystrue’ and installed it. I could now use the ‘imtest’ utility to authenticate as testuser with any password. Seems OK. I setup ‘cyrus.conf’ with separate imap services, one bound to 127.0.0.1 and the other to the server IP, using different ‘imapd.conf’ files. The only difference being one has ‘sasl_pwcheck_method = saslauthd’ and the other ‘sasl_pwcheck_method = alwaystrue’. I tried again with Outlook, but this time it hangs at the splash screen. It will not open at all. There is no information in the logs to tell me what is happening. Only in the maillog shows testuser successfully logged in from 127.0.0.1, and then connection closed, but the messages appear together only when I cancel Outlook. I also realised that the guide talks about Cyrus-IMAP 2.4, but the packaged EL version is 2.3, so I found a stable 2.4 source RPM, built it and upgraded, but nothing changed. It works from SOGo web but not Outlook/OpenChange. I am really at a loss. I am considering swapping Cyrus-IMAP for Dovecot, but would rather not. Yes, the Cyrus documentation woeful, which is probably why people consider it difficult to use, but I think it’s solid and well suited to virtual hosting. Compared to Dovecot with its labyrinth of config files and nested calls it doesn’t seem too bad to me. But I don’t want to go to the trouble of installing Dovecot and then find I have the same problem. If anyone has an explanation for this problem, or an example of a working setup with Cyrus-IMAP, I would appreciate their help. Regards, Stephen Jones -- users@sogo.nu https://inverse.ca/sogo/lists