Mail and collaboration

samuele_cialdini · June 5, 2015, 9:07am

Hi

I have this scenario: use Nethserver in a Win 2008 domain , to provide mail and collaboration platform to AD users.
I setup NS as domain member, with mail and sogo groupware packages from software center.

Do I have to create each mailbox for each AD user in nethserver ? if Yes, I cannot see the list of users in the mailbox section … I see only local admin …
I can access round cube without any additional setting , and without creating each mailbox …
I cannot access sogo with AD users … should it read automatically or there is some additional configuration to do ?

Thanks

alefattorini · June 5, 2015, 12:58pm

Hi Samuele, thanks for asking.

You cannot see AD users on account pannel, right now though join may be working correctly, try

getent passwd

to check this

yes, you can access without any problem
nope, it should work automatically.

Can you paste sogo log about failed login?

samuele_cialdini · June 5, 2015, 2:47pm

Thank you Alessio

here are the last tre row are the user in the AD domain … and the sogo log

Maybe is it something about password policy that doesn’t match ? I see that NS 6.6 use allow only restictive password (lower , upper , numeric and symbol) … Is there a way to set passwd policy on nethserver ?

getent passwd

michele.campione::50000:50006:Michele Campione:/var/lib/nethserver/home/michele.campione:/bin/false
paola.papperi::50001:50006:Paola Papperi:/var/lib/nethserver/home/paola.papperi:/bin/false
stefano.lega:*:50005:50006:Stefano Lega:/var/lib/nethserver/home/stefano.lega:/bin/false

Here is the log

Jun 05 11:19:30 sogod [16619]: <0x0x7fbd6fc32908[LDAPSource]> <NSException: 0x7fbd6fd13078> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “uid=michele.campione,ou=people,dc=directory,dc=nh”; }
Jun 05 11:19:30 sogod [16619]: <0x0x7fbd6fcc8298[LDAPSource]> <NSException: 0x7fbd6fdd1948> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “cn=michele.campione,ou=groups,dc=directory,dc=nh”; }
Jun 05 11:19:30 sogod [16619]: SOGoRootPage Login from ‘192.168.10.97’ for user ‘michele.campione’ might not have worked - password policy: 65535 grace: -1 e
xpire: -1 bound: 0
Jun 05 11:19:30 sogod [16619]: 192.168.10.97 “POST /SOGo/connect HTTP/1.1” 403 34/54 0.005 - - 0
Jun 05 11:19:36 sogod [16619]: <0x0x7fbd6fc32908[LDAPSource]> <NSException: 0x7fbd6fd82628> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “uid=michele.campione@demo.local,ou=people,dc=directory,dc=nh”; }
Jun 05 11:19:36 sogod [16619]: <0x0x7fbd6fcc8298[LDAPSource]> <NSException: 0x7fbd6f763ad8> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “cn=michele.campione@demo.local,ou=groups,dc=directory,dc=nh”; }
Jun 05 11:19:36 sogod [16619]: SOGoRootPage Login from ‘192.168.10.97’ for user ‘michele.campione@demo.local’ might not have worked - password policy: 65535 g
race: -1 expire: -1 bound: 0
Jun 05 11:19:36 sogod [16619]: 192.168.10.97 “POST /SOGo/connect HTTP/1.1” 403 34/65 0.002 - - 0
Jun 05 11:19:37 sogod [16619]: <0x0x7fbd6fc32908[LDAPSource]> <NSException: 0x7fbd6fd38d78> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “uid=michele.campione@demo.local,ou=people,dc=directory,dc=nh”; }
Jun 05 11:19:37 sogod [16619]: <0x0x7fbd6fcc8298[LDAPSource]> <NSException: 0x7fbd6fc6f758> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “cn=michele.campione@demo.local,ou=groups,dc=directory,dc=nh”; }
Jun 05 11:19:37 sogod [16619]: SOGoRootPage Login from ‘192.168.10.97’ for user ‘michele.campione@demo.local’ might not have worked - password policy: 65535 g
race: -1 expire: -1 bound: 0
Jun 05 11:19:37 sogod [16619]: 192.168.10.97 “POST /SOGo/connect HTTP/1.1” 403 34/65 0.002 - - 0
Jun 05 11:19:37 sogod [16619]: <0x0x7fbd6fc32908[LDAPSource]> <NSException: 0x7fbd6fd71538> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “uid=michele.campione@demo.local,ou=people,dc=directory,dc=nh”; }
Jun 05 11:19:37 sogod [16619]: <0x0x7fbd6fcc8298[LDAPSource]> <NSException: 0x7fbd6fd26b68> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “cn=michele.campione@demo.local,ou=groups,dc=directory,dc=nh”; }
Jun 05 11:19:37 sogod [16619]: SOGoRootPage Login from ‘192.168.10.97’ for user ‘michele.campione@demo.local’ might not have worked - password policy: 65535 g
race: -1 expire: -1 bound: 0
Jun 05 11:19:37 sogod [16619]: 192.168.10.97 “POST /SOGo/connect HTTP/1.1” 403 34/65 0.002 - - 0
Jun 05 11:19:37 sogod [16619]: <0x0x7fbd6fc32908[LDAPSource]> <NSException: 0x7fbd6fd287d8> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “uid=michele.campione@demo.local,ou=people,dc=directory,dc=nh”; }
Jun 05 11:19:37 sogod [16619]: <0x0x7fbd6fcc8298[LDAPSource]> <NSException: 0x7fbd6fdc12e8> NAME:LDAPException REASON:operation bind failed: Invalid credential
s (0x31) INFO:{login = “cn=michele.campione@demo.local,ou=groups,dc=directory,dc=nh”; }
Jun 05 11:19:37 sogod [16619]: SOGoRootPage Login from ‘192.168.10.97’ for user ‘michele.campione@demo.local’ might not have worked - password policy: 65535 g
race: -1 expire: -1 bound: 0

samuele_cialdini · June 19, 2015, 10:54am

Hi all

Does anyone have a solution for this ?
I get autentication error vs the win2008 domain controller…

in the sogo log , I see

SOGoRootPage Login from ‘192.168.10.97’ for user … might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0

I have set simple password policy on NS, but nothing changed …

zamboni · June 19, 2015, 10:59am

IIUC, you joined your NS to a windows AD server… so you’re using AD users and passwords… NS has no control on them, you’d take a look in AD side

samuele_cialdini · June 19, 2015, 11:02am

Hi

If I log into W7 PC with this user, it’ok , so user and password are ok

The password is 1234Abcd … Do you think might be something with password policy between NS and windows domain ?

zamboni · June 19, 2015, 11:06am

seems to me like you can’t read/authenticate on NS ldap
guess @davidep or @giacomo have any clue about it

samuele_cialdini · June 19, 2015, 11:07am

hi

there are other 2 errors before

Jun 19 13:05:32 sogod [25908]: 192.168.10.97 “POST /SOGo/connect HTTP/1.1” 403 34/82 0.002 - - 0

Jun 19 13:05:33 sogod [25908]: <0x0x7f61688c7a58[LDAPSource]> <NSException: 0x7f616896da78> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{“error_code” = 49; login = “uid=paola.papperi@demo.local,ou=people,dc=directory,dc=nh”; }

Jun 19 13:05:33 sogod [25908]: <0x0x7f6168867168[LDAPSource]> <NSException: 0x7f61689f6eb8> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{“error_code” = 49; login = “cn=paola.papperi@demo.local,ou=groups,dc=directory,dc=nh”; }

Jun 19 13:05:33 sogod [25908]: SOGoRootPage Login from ‘192.168.10.97’ for user ‘paola.papperi@demo.local’ might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0

zamboni · June 19, 2015, 11:09am

it’s the same error…

let’s wait for davide or giacomo

davidep · June 19, 2015, 12:51pm

To configure SOGo authentication against AD refer to

samuele_cialdini · June 25, 2015, 4:00pm

Thank you Davide

this allow me to login with AD user into sogo …

Is there is something to do similar also for Owncloud , Jabber, and webtop to read windows ad users ?
I’m also trying the new platform for collaboration webtop …

Thanks