Mail and collaboration


(Samuele Cialdini) #1

Hi

I have this scenario: use Nethserver in a Win 2008 domain , to provide mail and collaboration platform to AD users.
I setup NS as domain member, with mail and sogo groupware packages from software center.

  • Do I have to create each mailbox for each AD user in nethserver ? if Yes, I cannot see the list of users in the mailbox section … I see only local admin …

  • I can access round cube without any additional setting , and without creating each mailbox …

  • I cannot access sogo with AD users … should it read automatically or there is some additional configuration to do ?

Thanks


(Alessio Fattorini) #2

Hi Samuele, thanks for asking.

  • You cannot see AD users on account pannel, right now though join may be working correctly, try

    getent passwd

to check this

  • yes, you can access without any problem
  • nope, it should work automatically.

Can you paste sogo log about failed login?


(Samuele Cialdini) #3

Thank you Alessio

here are the last tre row are the user in the AD domain … and the sogo log

Maybe is it something about password policy that doesn’t match ? I see that NS 6.6 use allow only restictive password (lower , upper , numeric and symbol) … Is there a way to set passwd policy on nethserver ?

getent passwd

michele.campione::50000:50006:Michele Campione:/var/lib/nethserver/home/michele.campione:/bin/false
paola.papperi:
:50001:50006:Paola Papperi:/var/lib/nethserver/home/paola.papperi:/bin/false
stefano.lega:*:50005:50006:Stefano Lega:/var/lib/nethserver/home/stefano.lega:/bin/false

Here is the log

Jun 05 11:19:30 sogod [16619]: <0x0x7fbd6fc32908[LDAPSource]> <NSException: 0x7fbd6fd13078> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “uid=michele.campione,ou=people,dc=directory,dc=nh”; }
Jun 05 11:19:30 sogod [16619]: <0x0x7fbd6fcc8298[LDAPSource]> <NSException: 0x7fbd6fdd1948> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “cn=michele.campione,ou=groups,dc=directory,dc=nh”; }
Jun 05 11:19:30 sogod [16619]: SOGoRootPage Login from ‘192.168.10.97’ for user ‘michele.campione’ might not have worked - password policy: 65535 grace: -1 e
xpire: -1 bound: 0
Jun 05 11:19:30 sogod [16619]: 192.168.10.97 “POST /SOGo/connect HTTP/1.1” 403 34/54 0.005 - - 0
Jun 05 11:19:36 sogod [16619]: <0x0x7fbd6fc32908[LDAPSource]> <NSException: 0x7fbd6fd82628> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “uid=michele.campione@demo.local,ou=people,dc=directory,dc=nh”; }
Jun 05 11:19:36 sogod [16619]: <0x0x7fbd6fcc8298[LDAPSource]> <NSException: 0x7fbd6f763ad8> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “cn=michele.campione@demo.local,ou=groups,dc=directory,dc=nh”; }
Jun 05 11:19:36 sogod [16619]: SOGoRootPage Login from ‘192.168.10.97’ for user ‘michele.campione@demo.local’ might not have worked - password policy: 65535 g
race: -1 expire: -1 bound: 0
Jun 05 11:19:36 sogod [16619]: 192.168.10.97 “POST /SOGo/connect HTTP/1.1” 403 34/65 0.002 - - 0
Jun 05 11:19:37 sogod [16619]: <0x0x7fbd6fc32908[LDAPSource]> <NSException: 0x7fbd6fd38d78> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “uid=michele.campione@demo.local,ou=people,dc=directory,dc=nh”; }
Jun 05 11:19:37 sogod [16619]: <0x0x7fbd6fcc8298[LDAPSource]> <NSException: 0x7fbd6fc6f758> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “cn=michele.campione@demo.local,ou=groups,dc=directory,dc=nh”; }
Jun 05 11:19:37 sogod [16619]: SOGoRootPage Login from ‘192.168.10.97’ for user ‘michele.campione@demo.local’ might not have worked - password policy: 65535 g
race: -1 expire: -1 bound: 0
Jun 05 11:19:37 sogod [16619]: 192.168.10.97 “POST /SOGo/connect HTTP/1.1” 403 34/65 0.002 - - 0
Jun 05 11:19:37 sogod [16619]: <0x0x7fbd6fc32908[LDAPSource]> <NSException: 0x7fbd6fd71538> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “uid=michele.campione@demo.local,ou=people,dc=directory,dc=nh”; }
Jun 05 11:19:37 sogod [16619]: <0x0x7fbd6fcc8298[LDAPSource]> <NSException: 0x7fbd6fd26b68> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “cn=michele.campione@demo.local,ou=groups,dc=directory,dc=nh”; }
Jun 05 11:19:37 sogod [16619]: SOGoRootPage Login from ‘192.168.10.97’ for user ‘michele.campione@demo.local’ might not have worked - password policy: 65535 g
race: -1 expire: -1 bound: 0
Jun 05 11:19:37 sogod [16619]: 192.168.10.97 “POST /SOGo/connect HTTP/1.1” 403 34/65 0.002 - - 0
Jun 05 11:19:37 sogod [16619]: <0x0x7fbd6fc32908[LDAPSource]> <NSException: 0x7fbd6fd287d8> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “uid=michele.campione@demo.local,ou=people,dc=directory,dc=nh”; }
Jun 05 11:19:37 sogod [16619]: <0x0x7fbd6fcc8298[LDAPSource]> <NSException: 0x7fbd6fdc12e8> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “cn=michele.campione@demo.local,ou=groups,dc=directory,dc=nh”; }
Jun 05 11:19:37 sogod [16619]: SOGoRootPage Login from ‘192.168.10.97’ for user ‘michele.campione@demo.local’ might not have worked - password policy: 65535 g
race: -1 expire: -1 bound: 0


(Samuele Cialdini) #4

Hi all

Does anyone have a solution for this ?
I get autentication error vs the win2008 domain controller…

in the sogo log , I see

SOGoRootPage Login from ‘192.168.10.97’ for user … might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0

I have set simple password policy on NS, but nothing changed …


(Stefano) #5

IIUC, you joined your NS to a windows AD server… so you’re using AD users and passwords… NS has no control on them, you’d take a look in AD side


(Samuele Cialdini) #6

Hi

If I log into W7 PC with this user, it’ok , so user and password are ok

The password is 1234Abcd … Do you think might be something with password policy between NS and windows domain ?


(Stefano) #7

seems to me like you can’t read/authenticate on NS ldap
guess @davidep or @giacomo have any clue about it


(Samuele Cialdini) #8

hi

there are other 2 errors before

Jun 19 13:05:32 sogod [25908]: 192.168.10.97 “POST /SOGo/connect HTTP/1.1” 403 34/82 0.002 - - 0

Jun 19 13:05:33 sogod [25908]: <0x0x7f61688c7a58[LDAPSource]> <NSException: 0x7f616896da78> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{“error_code” = 49; login = “uid=paola.papperi@demo.local,ou=people,dc=directory,dc=nh”; }

Jun 19 13:05:33 sogod [25908]: <0x0x7f6168867168[LDAPSource]> <NSException: 0x7f61689f6eb8> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{“error_code” = 49; login = “cn=paola.papperi@demo.local,ou=groups,dc=directory,dc=nh”; }

Jun 19 13:05:33 sogod [25908]: SOGoRootPage Login from ‘192.168.10.97’ for user ‘paola.papperi@demo.local’ might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0


(Stefano) #9

it’s the same error…

let’s wait for davide or giacomo :smile:


(Davide Principi) #10

To configure SOGo authentication against AD refer to


(Samuele Cialdini) #11

Thank you Davide

this allow me to login with AD user into sogo …

Is there is something to do similar also for Owncloud , Jabber, and webtop to read windows ad users ?
I’m also trying the new platform for collaboration webtop …

Thanks