Ejabberd doesn't communicate with other XMPP (Jabber) servers

chat
ejabberd

(Daniel Zeman) #1

Hello friends,
I am not able to connect with other XMPP (Jabber) servers from the nethserver ejabberd chat server. I have tried to follow the instructions in
Ejabberd include s2s and TLS connections and Ejabberd enable s2s Port 5269 and other posts but without success. When I try to send message to contacts from other XMPP servers, it reports “Service unavailable.The server or recipient does not currently provide the requested service” or “Remote server not found. A remote server or service specified as part or all of the JID of the intended recipient does not exist.” despite I can normally communicate to these contacts from another XMPP server without problem.
Any suggestions?
Thank you!
Daniel


Ejabberd 18.06 bug or issue
(Giacomo Sanchietti) #2

I never tried to setup a confederation of XMPP server, but you should find all information here:
https://docs.ejabberd.im/admin/configuration/

I suggest to try it on a clean machine following ejabberd documentation. When it’s working, report here you’re findings and I will try to integrate them inside nethserver-ejabberd package.

In fact, a refactor of ejabberd configuration is on my todo list, along with an upgrade to Ejabberd 17.08.


(Daniel Zeman) #3

Hello,
I have tried again, after the latest update to ejabberd 18.06, to connect with external XMPP servers. I am getting these errors in the logfile:

2018-11-13 00:46:05.028 [info] <0.509.0>@ejabberd_s2s_out:init:280 Outbound s2s connection started: twr.cz -> njs.netlab.cz
2018-11-13 00:46:05.220 [info] <0.509.0>@ejabberd_s2s_out:handle_auth_failure:226 (tls|<0.509.0>) Failed outbound s2s EXTERNAL authentication twr.cz -> njs.netlab.cz (88.86.113.70): Authentication failed: Peer responded with error: Certificate host name mismatch (not-authorized)
2018-11-13 00:46:05.220 [info] <0.509.0>@mod_s2s_dialback:s2s_out_auth_result:147 (tls|<0.509.0>) Retrying with s2s dialback authentication: twr.cz -> njs.netlab.cz (88.86.113.70)
...
2018-11-13 00:46:35.030 [info] <0.509.0>@ejabberd_s2s_out:process_closed:160 Failed to establish outbound s2s connection twr.cz -> njs.netlab.cz: Stream closed by us: Idle connection (connection-timeout); bouncing for 1 seconds

As I undestand, the problem is, that my server certificate is valid for the FQDN (“hur.twr.cz” in my case), but the ejabberd authenticates only with a domain name (“twr.cz”). Unfortunately I am not able to get the certificate for “twr.cz” for my (hur.twr.cz) nethserver, because the twr.cz domain points to different server. Is it possible, that the ejabberd would authenticate with FQDN instead of just the domain name? Or is it another problem?
Thank you.


(Stéphane de Labrusse) #4

If i recall correctly, we use the DomainName property for ejabber hostname value

Check https://docs.ejabberd.im/admin/configuration/#host-names

In short you should make a custom-template and try to use sub.domain.com as hosts value


(Daniel Zeman) #5

Hello Stephane,
thank you very much. The change of domain name to subdomain in the ejabberd custom-template was a good starting point.
Further I’ve needed to modify the auth script /usr/libexec/nethserver/ejabberd-auth (copying the modified version to /usr/local/… with updating the custom-template accordingly), because otherwise the users were validated against the subdomain and not the domain, which did not work

.....
use strict;

#added
use Sys::Hostname;
my ($systemName, $domainName) = split(/\./, Sys::Hostname::hostname(), 2);
####
......
    my ($op, $user, $domain, $password) = split /:/,$buf;

#added
    $domain = $domainName;
####

    if($op eq 'auth') {........

Now it works like a charm, thank you very much!