Ejabberd doesn't communicate with other XMPP (Jabber) servers

daz · September 20, 2017, 1:57pm

Hello friends,
I am not able to connect with other XMPP (Jabber) servers from the nethserver ejabberd chat server. I have tried to follow the instructions in
Ejabberd include s2s and TLS connections and Ejabberd enable s2s Port 5269 and other posts but without success. When I try to send message to contacts from other XMPP servers, it reports “Service unavailable.The server or recipient does not currently provide the requested service” or “Remote server not found. A remote server or service specified as part or all of the JID of the intended recipient does not exist.” despite I can normally communicate to these contacts from another XMPP server without problem.
Any suggestions?
Thank you!
Daniel

giacomo · September 21, 2017, 9:55am

I never tried to setup a confederation of XMPP server, but you should find all information here:
https://docs.ejabberd.im/admin/configuration/

I suggest to try it on a clean machine following ejabberd documentation. When it’s working, report here you’re findings and I will try to integrate them inside nethserver-ejabberd package.

In fact, a refactor of ejabberd configuration is on my todo list, along with an upgrade to Ejabberd 17.08.

daz · November 13, 2018, 9:14am

Hello,
I have tried again, after the latest update to ejabberd 18.06, to connect with external XMPP servers. I am getting these errors in the logfile:

2018-11-13 00:46:05.028 [info] <0.509.0>@ejabberd_s2s_out:init:280 Outbound s2s connection started: twr.cz -> njs.netlab.cz
2018-11-13 00:46:05.220 [info] <0.509.0>@ejabberd_s2s_out:handle_auth_failure:226 (tls|<0.509.0>) Failed outbound s2s EXTERNAL authentication twr.cz -> njs.netlab.cz (88.86.113.70): Authentication failed: Peer responded with error: Certificate host name mismatch (not-authorized)
2018-11-13 00:46:05.220 [info] <0.509.0>@mod_s2s_dialback:s2s_out_auth_result:147 (tls|<0.509.0>) Retrying with s2s dialback authentication: twr.cz -> njs.netlab.cz (88.86.113.70)
...
2018-11-13 00:46:35.030 [info] <0.509.0>@ejabberd_s2s_out:process_closed:160 Failed to establish outbound s2s connection twr.cz -> njs.netlab.cz: Stream closed by us: Idle connection (connection-timeout); bouncing for 1 seconds

As I undestand, the problem is, that my server certificate is valid for the FQDN (“hur.twr.cz” in my case), but the ejabberd authenticates only with a domain name (“twr.cz”). Unfortunately I am not able to get the certificate for “twr.cz” for my (hur.twr.cz) nethserver, because the twr.cz domain points to different server. Is it possible, that the ejabberd would authenticate with FQDN instead of just the domain name? Or is it another problem?
Thank you.

stephdl · November 13, 2018, 12:01pm

If i recall correctly, we use the DomainName property for ejabber hostname value

Check https://docs.ejabberd.im/admin/configuration/#host-names

In short you should make a custom-template and try to use sub.domain.com as hosts value

daz · November 15, 2018, 9:19am

Hello Stephane,
thank you very much. The change of domain name to subdomain in the ejabberd custom-template was a good starting point.
Further I’ve needed to modify the auth script /usr/libexec/nethserver/ejabberd-auth (copying the modified version to /usr/local/… with updating the custom-template accordingly), because otherwise the users were validated against the subdomain and not the domain, which did not work

.....
use strict;

#added
use Sys::Hostname;
my ($systemName, $domainName) = split(/\./, Sys::Hostname::hostname(), 2);
####
......
    my ($op, $user, $domain, $password) = split /:/,$buf;

#added
    $domain = $domainName;
####

    if($op eq 'auth') {........

Now it works like a charm, thank you very much!