Have lost access to email - NS 7.2 Alpha 3

The email server lists users and emails. I can change passwords and other settings, yet when I try to sign in using Roundmail I get the message that the login failed. If I try SOGo, it lets me connect and shows a blank screen after I sign in.

I have tried it on Firefox and Konqueror.

Ideas? This is important - it turns out to be a production server.

Try having a look at all log files when you login.

Which log files should I focus on? (Although I work with linux a long time - I am more familiar with OpenSUSE - not CentOS)

I’d say messages and maillog, maybe imap.log

In imap there entries like this:
Jun 15 12:52:45 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.32.145, lip=76.10.177.54, TLS: SSL_read() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48, session=
Jun 15 12:52:45 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.32.145, lip=76.10.177.54, TLS: SSL_read() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48, session=
Jun 15 12:52:45 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.32.145, lip=76.10.177.54, TLS: SSL_read() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48, session=
Jun 15 12:53:03 mail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 4 secs): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<TfM49FM1ywB/AAAB>

From secure I see:
Jun 15 12:52:59 mail auth: pam_unix(dovecot:auth): check pass; user unknown
Jun 15 12:52:59 mail auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=ken rhost=127.0.0.1

Only the last imap log line is for a roundcube/sogo access (rip=127.0.0.1) and the user is empty.
Lines above are remote users (I don’t know what to think about the ssl problem).

I think you have to back out what you changed on the system configuration.
Going back in time looking at logs, I’d see a successful login and compare it to a failed one.

Giving us as much information as you can could help a lot.
I can have a look at your full logs, if you can show them to me. Just upload the log directory (packed) somewhere.

I have zipped some of the logs and linked them:

https://drive.google.com/file/d/0B_Y3w7jf2devU1c4SExIQ01fQ2s/view?usp=sharing

As for backing out changes - I would IF I knew what to back out. The problem is that I am not aware of having changed any config settings (other than doing a software update - which unknowingly took me from Alpha 2 to Alpha 3).

One additional quesion:

As I was looking at the Available/Installed packages, I noticed a small anomaly relating to email. There are three screen shots that I am including. The first is “Available” packages (e.g. not installed in my understanding) - I have highlighted their check boxes (roundcubemail and sogo). The next two screen shots are “installed” packages ( nethserver-groupware and nethserver-roundcube mail).

Screen 1

Screen 2

Screen 3

Question?
Is there any relationship between this anomaly and the fact that my email, roundcube and sogo are not functional?

Additional thought…

One other approach … Is there a command line way of removing/rebuilding user credentials?
I have checked the file system (under vmail) and ALL data appears to be present (ie. not lost).

All that needs to happen is that users (email boxes) are recognized.

I think that something went wrong with the ldap user database when you installed the updates.
I found lines like:
Jun 15 12:36:01 mail ldapsearch: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (SPNEGO cannot find mechanisms to negotiate)
or
Jun 15 07:13:37 mail nslcd[1040]: [fec37e] <group/member="ldap"> ldap_search_ext() failed: Can't contact LDAP server: Broken pipe

I think that you could wipe the ldap user database and re-create accounts, but I’m not skilled enough on ldap utilities to give you the right commands.

Your quickest option maybe to install from scratch a new system, create accounts and copy emails from this broken system.

I can assist.

I was coming to a similar conclusion. Since this is a production email server, it must be up sooner than later.

The easiest will be to start from scratch and rebuild. To that end, I will dive into 7.2 Alpha 3 and mirror the setup.

Later I may need help moving SOGo data if it is not in vmail folder suite.

Thanks for your invaluable help to this point. I’ll be back at you later (no home life tonight…) :grinning:

LATE NIGHT UPDATE

It is now operational on NS 7.2 Alpha3.

The note that I read in the announcement details for Alpah3 warned that there is currently no upgrade path from Alpha2 is all too true. The fact that performing a software update upgraded me to Alpha3 was not expected.

The issue boiled down to authentication. The server that I am running is a stand-alone server and had neither LDAP or AD authentication active. NS 7.2 Alpha3 forces you into one or the other. The result was that my email user list then became inoperative. Also in the /var/lib/nethserver/vmwail - directory naming conventions changed (on the new system I elected to use LDAP authentication). Roundcube mail now uses directory names that are your fully qualified email. Previously it was just user name (without the @domain.com suffix). That required changing when I rsync’d the dovecot directories over. As well when I sign into roundcube - it has to be the full email address. The funny thing is that SOGo still only uses the simple user name (no domain please). So basic email is working.

Now HOW DO I FIND AND MOVE SOGo Calendars, Contacts and Tasks at the command line level?

I don’t know, but NS7 in alpha release is still in alpha stage. I wouldn’t run it in production environment.

Great point. However, there were one or two features that made the NS7 attractive and I just love living on the edge :sunglasses:

1 Like

Sogo data is stored in mysql: dump the db on the old server and import it to new.
AFAIU, sogo has a tool to import/export data, but I’m not familiar with it.

BTW, you did a great job.

Final resolutuon - SOGo contacts - Blackberry Classic to the rescue.

All the contacts were on a Blackberry Classic (having used the SOGo Active Exchange connection prior to the crash/rebuild). Disabled the sync between the Classic and SOGo. Copied all SOGo related contacts (using Balckberry Hub) to local on the smartphone. Removed and reenabled SOGo link on the smartphone. Copied all contacts from local back to SOGo connection on the smartphone. Then let propogation move it out to the server and to the other clients.

Didn’t have time to research SOGo export/import (I know mysql but didn’t have the time to find database/schema/auth etc).

NOW on to documenting and resolving Alpha3 VPN issues.

2 Likes