No Login under SOGO

NethServer Version: 7.3.1611
Module: SOGO 3.0.2 and 3.2.4

Good Morning!

After with the RC3 everything started so far, there is now a problem with the login under SOGO.

It is simply no login possible, it comes the following message:
Authentication Failed
Wrong username or password.

Here the message from the sogo.log file:

Dec 18 11:15:49 sogod [6893]: <0x0x7fe903d90370[LDAPSource]> <NSException: 0x7fe904672cb0> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{"error_code" = 49; login = "samaccountname=gerald@neuching.com,cn=users,dc=neuching,dc=com"; }
Dec 18 11:15:49 sogod [6893]: [ERROR] <0x0x7fe903a77870[LDAPSource]> Could not bind to the LDAP server ldaps://neuching.com (389) using the bind DN: NEUCHINGJAGERBOX$ Dec 18 11:15:49 sogod [6893]: [ERROR] <0x0x7fe903a77870[LDAPSource]> <NSException: 0x7fe90424ad70> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{"error_code" = 49; login = "NEUCHINGJAGERBOX$"; }
Dec 18 11:15:49 sogod [6893]: SOGoRootPage Login from '192.168.5.235' for user 'gerald@neuching.com' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 
Dec 18 11:15:49 sogod [6893]: 192.168.5.235 "POST /SOGo/connect HTTP/1.1" 403 34/73 0.134 - - 0` 

And here the var/log/secure:

Dec 18 10:53:07 jagerbox polkitd[581]: Loading rules from directory /etc/polkit-1/rules.d 
Dec 18 10:53:07 jagerbox polkitd[581]: Loading rules from directory /usr/share/polkit-1/rules.d 
Dec 18 10:53:07 jagerbox polkitd[581]: Finished loading, compiling and executing 2 rules 
Dec 18 10:53:07 jagerbox polkitd[581]: Acquired the name org.freedesktop.PolicyKit1 on the system bus 
Dec 18 10:54:17 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/nic-info Dec 18 10:54:17 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/count-accounts -t 1 
Dec 18 10:54:20 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/admin-todos 
Dec 18 10:54:26 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/admin-todos 
Dec 18 10:54:30 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/pkginfo compsdump 
Dec 18 10:54:34 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/pkginfo check-update 
Dec 18 10:54:40 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/admin-todos Dec 18 10:54:52 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/pkginfo compsdump 
Dec 18 10:54:57 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/admin-todos 
Dec 18 10:55:00 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/libexec/nethserver/pkgaction --install @nethserver-sogo 
Dec 18 10:55:27 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/pkginfo compsdump 
Dec 18 10:55:28 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/pkginfo check-update 
Dec 18 10:55:32 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/admin-todos 
Dec 18 10:55:40 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/admin-todos 
Dec 18 10:55:44 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/pkginfo compsdump 
Dec 18 10:55:45 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/pkginfo check-update 
Dec 18 10:55:53 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/admin-todos 
Dec 18 10:56:46 jagerbox sshd[3785]: pam_unix(sshd:session): session opened for user root by (uid=0) 
Dec 18 10:57:55 jagerbox polkitd[581]: Registered Authentication Agent for unix-process:4121:29470 (system bus name :1.62 [/usr/bin/pkttyagent --notify-fd 8 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8) 
Dec 18 10:57:55 jagerbox polkitd[581]: Unregistered Authentication Agent for unix-process:4121:29470 (system bus name :1.62, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8) (disconnected from bus) 
Dec 18 10:58:28 jagerbox polkitd[581]: Registered Authentication Agent for unix-process:4784:32801 (system bus name :1.84 [/usr/bin/pkttyagent --notify-fd 8 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8) Dec 18 10:58:28 jagerbox polkitd[581]: Unregistered Authentication Agent for unix-process:4784:32801 (system bus name :1.84, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8) (disconnected from bus) 
Dec 18 10:59:11 jagerbox polkitd[581]: Registered Authentication Agent for unix-process:6161:37098 (system bus name :1.107 [/usr/bin/pkttyagent --notify-fd 8 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8) 
Dec 18 10:59:11 jagerbox polkitd[581]: Unregistered Authentication Agent for unix-process:6161:37098 (system bus name :1.107, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8) (disconnected from bus) 
Dec 18 10:59:58 jagerbox smbd[6275]: pam_unix(samba:session): session opened for user gerald@neuching.com by (uid=0) 
Dec 18 11:05:53 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/read-service-status 
Dec 18 11:06:01 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/control-service httpd restart 
Dec 18 11:06:03 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/read-service-status 
Dec 18 11:06:08 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/control-service sogod restart
Dec 18 11:06:09 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/read-service-status 
Dec 18 11:14:24 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/logviewer -l 
Dec 18 11:14:46 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/validate logfile /var/log/sogo/sogo.log 
Dec 18 11:14:46 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/logviewer /var/log/sogo/sogo.log 
Dec 18 11:15:44 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/logviewer -l 
Dec 18 11:15:57 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/validate logfile /var/log/sogo/sogo.log 
Dec 18 11:15:57 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/logviewer /var/log/sogo/sogo.log 
Dec 18 11:25:06 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/nic-info 
Dec 18 11:25:07 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/count-accounts -t 1 
Dec 18 11:25:09 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/admin-todos 
Dec 18 12:04:54 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/logviewer -l 
Dec 18 12:05:02 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/validate logfile /var/log/secure 
Dec 18 12:05:02 jagerbox sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/logviewer /var/log/secure 

I think it is simply the interface to user authentication.
I use samba as DC

The following services work:

- Fileserver     OK
- FTP            OK
- Web server     OK
- Nextcloud      OK
- DHCP           OK
- DNS            OK
- sssd           OK
- nsdc           OK

I have a fresh reinstallation yesterday with the new ISO RC3, everything worked without problems.

The only noteworthy thing is that the DC service must be installed before the updates are run, if you want to update the system first and then install the Samba DC service, there are error messages.

greetings
Gerald

1 Like

exactly what happen to me, i fight for 3 days now with it.

Welcome to the club!
Willkommen im Club!

But I think that we will still go !
The advantages of the 7er version are greater than the current suffer.
And here we are in good hands, all problems have been solved here quickly.

1 Like

at the moment i install it completely new and hope to get my data back.

I would gladly help to fix Sogo.
@mark_nl could you please open a pull request with all modifications to the package?

Then I will try to fix it :wink:

2 Likes

After a complete new install i am not able to log on at Sogo, so it is not only after an Update it is also after a new Installation.

I can confirm what @hucky says about sogo on a clean RC3 system with nethserver-dc as account provider.
No difference neither when using the sogo package from nethforge-testing. Same errors as reported by @gerald_FS.

1 Like

Hello again,

I have my configuration data viewed from sogo, while I am compared to the server (RC2), which performs with me his trust service that the overall addressing of the LDAP service is differently structured.

Can that possibly be our problem?

The differences I have at the beginning of the line with !!! marked

Ich hoffe ich kann etwas zur Problemlösung beitragen :wink:

Here the sogo.conf on my server (RC2) the works:

 /* 45 AD authentication */
    SOGoUserSources =(
     {
      	id = AD_Users;
        type = ldap;
        CNFieldName = cn;
        IDFieldName = sAMAccountName;
        UIDFieldName = sAMAccountName;
        IMAPLoginFieldName = userPrincipalName;
        canAuthenticate = YES;
 !!!!   bindDN = "cn=OPENZWO,cn=Computers,dc=nandlnet,dc=de";
        bindPassword = "J(oOXy:m@[;:~-";
        baseDN = "cn=Users,dc=nandlnet,dc=de";
        bindFields = (
                sAMAccountName,
                userPrincipalName
            );
!!!!	hostname = ldap://nsdc-openzwo.nandlnet.de:389;
        filter = "(objectClass='user')";
        scope = SUB;
        displayName = "nandlnet.de users";
        isAddressBook = YES;
     },
     {
      	id = AD_Groups;
        type = ldap;
        CNFieldName = name;
        IDFieldName = sAMAccountName;
        UIDFieldName = sAMAccountName;
        canAuthenticate = YES;
  !!!!   BindDN = "cn=OPENZWO,cn=Computers,dc=nandlnet,dc=de";
        bindPassword = "J(oOXy:m@[;:~-";
        baseDN = "cn=Users,dc=nandlnet,dc=de";
  !!!!    hostname = ldap://nsdc-openzwo.nandlnet.de:389;
        filter = "(objectClass='group') AND (sAMAccountType=268435456)";
        scope = SUB;
        displayName = "nandlnet.de groups";
        isAddressBook = YES;
     }
    );

Here the sogo.conf of RC3:

  /* 45 AD authentication */
    SOGoUserSources =(
     {
      	id = AD_Users;
        type = ldap;
        CNFieldName = cn;
        IDFieldName = sAMAccountName;
        UIDFieldName = sAMAccountName;
        IMAPLoginFieldName = userPrincipalName;
        canAuthenticate = YES;
 !!!!   bindDN = "NEUCHING\JAGERBOX$";
        bindPassword = "CA-,VeZ_dL7,9:";
        baseDN = "cn=Users,dc=neuching,dc=com";
        bindFields = (
                sAMAccountName,
                userPrincipalName
            );
   !!!!    hostname = ldaps://neuching.com;
            filter = "(objectClass='user')";
            scope = SUB;
            displayName = "neuching.com users";
            isAddressBook = YES;
         },
         {
          	id = AD_Groups;
            type = ldap;
            CNFieldName = name;
            IDFieldName = sAMAccountName;
            UIDFieldName = sAMAccountName;
            canAuthenticate = YES;
      !!!!      bindDN = "NEUCHING\JAGERBOX$";
            bindPassword = "CA-,VeZ_dL7,9:";
            baseDN = "cn=Users,dc=neuching,dc=com";
      !!!!      hostname = ldaps://neuching.com;
            filter = "(objectClass='group') AND (sAMAccountType=268435456)";
            scope = SUB;
            displayName = "neuching.com groups";
            isAddressBook = YES;
         }
        );
1 Like

Hey Gerald,
i take a quick look at your server and saw also at your side everything is up. apache, sogo etc. u also have the newest version 3.2.4. i tried to figure out since a few days now where the problem with the authentication is but did not find a bit :frowning:

So Found a mistake!

In the sogo.conf is currently the wrong ldap server specify, I have now corrected all lines as specified in the RC2.

So all with “!!!” marked lines are to be adjusted, then go!

And it works!

3 Likes

So the problem is solved - unfortunately it can not be noted

I’d rather say you found a solution for it :grin:

I bet @mark_nl already started working on this fix, but he’s probably busy in this period for his new job.

Does anybody want to open a PR on GitHub?

Do you know you can even edit the source code directly on the github web page :wink: ?

I know that it is, but I am not so far that I can put myself there without danger for other hand.

If I have only the sympthome treated, the last step must make someone have a idea of it and it can.

After the steps from @davidep the “Account provider error” is away.
But I can’t login to Sogo anymore. I’ve tried to set a new password to the user, but it dosn’t change anything.
This is the log

Dec 19 09:38:19 sogod [1643]: [ERROR] <0x0x7ffa70f219c0[LDAPSource]> Could not bind to the LDAP server ldaps://MyDomain.de (389) using the bind DN: MyDomainHostname$
Dec 19 09:38:19 sogod [1643]: [ERROR] <0x0x7ffa70f219c0[LDAPSource]> <NSException: 0x7ffa71de2360> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{“error_code” = 49; login = “MYDOMAINHOSTNAME$”; }
Dec 19 09:38:19 sogod [1643]: [ERROR] <0x0x7ffa714faa40[LDAPSource]> Could not bind to the LDAP server ldaps://MyDomain.de (389) using the bind DN: MYDOMAINHOSTNAME $
Dec 19 09:38:19 sogod [1643]: [ERROR] <0x0x7ffa714faa40[LDAPSource]> <NSException: 0x7ffa71e0e7b0> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{“error_code” = 49; login = " MYDOMAINHOSTNAME $"; }
Dec 19 09:38:19 sogod [1643]: 192.168.46.130 “PROPFIND /SOGo/dav/username/Contacts/236A-57E4D080-1-697F2E00/ HTTP/1.1” 404 74/175 0.069 - - 0

One problem, one topic. Please help us keep clean and don’t cross-post:

(Moved here)

1 Like

Thanks @gerald_FS . I faced the same problem with SOGo. Changed sogo.conf as you discribed and now it works. Saved a lot of time. :clap: :clap:

1 Like

I just updated the rpm in nethforge-testing:
nethserver-sogo-1.6.1-1.15.ga5eb638.ns7.noarch.rpm

Please check it out! /cc @dnutan @mark_nl @flatspin @hucky @m.traeumner

(I haven’t tested it with remote account providers.)

5 Likes

Thanx,

I could not figure out how to get the right credentials;
Thanx a lot!

3 Likes

Hi Giacomo,
I think I do a mistake by installing, can you help?
I tried this command:

yum install --enablerepo=nethforge-testing nethserver-sogo-1.6.1-1.15.ga5eb638.ns7.noarch.rpm

and it shows

No package nethserver-sogo-1.6.1-1.15.ga5eb638.ns7.noarch.rpm available.

UPDATE!
I try the following command and it works well

yum --enablerepo=nethforge-testing install nethserver-sogo

4 Likes

Super! Will test it today! Thanks Giacomo.

1 Like