Sogo Login issues after AD join

sogo
activedirectory
accounts-provider
v7

(Paul Guerra) #1

I recently installed Nethserver with the intention of using it as a mail server running NextCloud and Sogo with user management being accomplished through my Server 2012 essentials AD server. For the life of me I can not get Nextcloud or Sogo to work with the server. I have had no issue with getting Roundcube and Nethserver users populated but when I try loggin into Sogo I get an incorrect user or password, and Nextcloud kicks back an error.

Sogo Log after login attempt:

> Jul 08 15:51:21 sogod [23196]: <0x0x7f7accff43e0[LDAPSource]> <NSException: 0x7f7acd494690> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{"error_code" = 49; login = "samaccountname=pguerra,dc=_domain_,dc=local"; }
> Jul 08 15:51:21 sogod [23196]: [ERROR] <0x0x7f7acd41c850[LDAPSource]> Could not bind to the LDAP server ldap://_server_._domain_.local (389) using the bind DN: _domain_\MAIL$
> Jul 08 15:51:21 sogod [23196]: [ERROR] <0x0x7f7acd41c850[LDAPSource]> <NSException: 0x7f7acd41d410> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{"error_code" = 49; login = "_domain_\\MAIL$"; }
> Jul 08 15:51:21 sogod [23196]: SOGoRootPage Login from '98.166.245.13' for user 'pguerra' might not have worked - password policy: 65535  grace: -1  expire: -1  bound: 0
> Jul 08 15:51:21 sogod [23196]: 98.166.245.13 "POST /SOGo/connect HTTP/1.1" 403 34/88 0.112 - - 1M

config show sogod results:

sogod=service
ActiveSync=enabled
AdminUsers=admin
Certificate=
Dav=enabled
DraftsFolder=Drafts
MailAuxiliaryUserAccountsEnabled=YES
Notifications=Appointment,EMail
SOGoInternalSyncInterval=30
SOGoMaximumPingInterval=3540
SOGoMaximumSyncInterval=3540
SOGoMaximumSyncResponseSize=2048
SOGoMaximumSyncWindowSize=100
SentFolder=Sent
SessionDuration=1440
SxVMemLimit=512
TrashFolder=Trash
VirtualHost=
WOWatchDogRequestTimeout=60
WOWorkersCount=10
status=enabled

account-provider-test resuslts:

dn: DC=domain,DC=local
objectClass: top
objectClass: domain
objectClass: domainDNS
distinguishedName: DC=domain,DC=local
instanceType: 5
whenCreated: 20130912002858.0Z
whenChanged: 20170708011129.0Z
subRefs: DC=ForestDnsZones,DC=domain,DC=local
subRefs: DC=DomainDnsZones,DC=domain,DC=local
subRefs: CN=Configuration,DC=domain,DC=local
uSNCreated: 4099
dSASignature:: AQAAACgAAAAAAAAAAAAAAAAAAAAAAAAAXD7b7+V+4k6Hr3rVtHVd1w==
uSNChanged: 2547796
name: domain
objectGUID:: wTdOdnG/sEKn/NWYn8FE8g==
creationTime: 131439498894600163
forceLogoff: -9223372036854775808
lockoutDuration: -18000000000
lockOutObservationWindow: -18000000000
lockoutThreshold: 0
maxPwdAge: -155520000000000
minPwdAge: 0
minPwdLength: 7
modifiedCountAtLastProm: 0
nextRid: 1001
pwdProperties: 1
pwdHistoryLength: 24
objectSid:: AQQAAAAAAAUVAAAAnetH/U3R5AQk53tD
serverState: 1
uASCompat: 1
modifiedCount: 1
auditingPolicy:: AAE=
nTMixedDomain: 0
rIDManagerReference: CN=RID Manager$,CN=System,DC=domain,DC=local
fSMORoleOwner: CN=NTDS Settings,CN=server,CN=Servers,CN=Default-First-S
ite-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
systemFlags: -1946157056
wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS Quotas,DC=KELV
INIC,DC=local
wellKnownObjects: B:32:F4BE92A4C777485E878E9421D53087DB:CN=Microsoft,CN=Progra
m Data,DC=domain,DC=local
wellKnownObjects: B:32:09460C08AE1E4A4EA0F64AEE7DAA1E5A:CN=Program Data,DC=KEL
VINIC,DC=local
wellKnownObjects: B:32:22B70C67D56E4EFB91E9300FCA3DC1AA:CN=ForeignSecurityPrin
cipals,DC=domain,DC=local
wellKnownObjects: B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted Objects,DC=
domain,DC=local
wellKnownObjects: B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=K
ELVINIC,DC=local
wellKnownObjects: B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=KEL
VINIC,DC=local
wellKnownObjects: B:32:AB1D30F3768811D1ADED00C04FD8D5CD:CN=System,DC=domain,
DC=local
wellKnownObjects: B:32:A361B2FFFFD211D1AA4B00C04FD7D83A:OU=Domain Controllers,
DC=domain,DC=local
wellKnownObjects: B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers,DC=KELVIN
IC,DC=local
wellKnownObjects: B:32:A9D1CA15768811D1ADED00C04FD8D5CD:CN=Users,DC=domain,D
C=local
objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=domain,DC=local
isCriticalSystemObject: TRUE
gPLink: [LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=Syste
m,DC=domain,DC=local;0]
dSCorePropagationData: 16010101000000.0Z
otherWellKnownObjects: B:32:1EB93889E40C45DF9F0C64D23BBB6237:CN=Managed Servic
e Accounts,DC=domain,DC=local
masteredBy: CN=NTDS Settings,CN=server,CN=Servers,CN=Default-First-Site
-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
ms-DS-MachineAccountQuota: 10
msDS-Behavior-Version: 5
msDS-PerUserTrustQuota: 1
msDS-AllUsersTrustQuota: 1000
msDS-PerUserTrustTombstonesQuota: 10
msDs-masteredBy: CN=NTDS Settings,CN=server,CN=Servers,CN=Default-First
-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
msDS-IsDomainFor: CN=NTDS Settings,CN=server,CN=Servers,CN=Default-Firs
t-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
msDS-NcType: 0
dc: domain

search result

search: 2
result: 0 Success

numResponses: 2

numEntries: 1

account-provider-test dump results:

{
“BindDN” : “domain\mailadmin”,
“LdapURI” : “ldap://server.domain.local”,
“StartTls” : “”,
“port” : 389,
“host” : “server.domain.local”,
“isAD” : “1”,
“isLdap” : “”,
“UserDN” : “DC=domain,DC=local”,
“GroupDN” : “DC=domain,DC=local”,
“BindPassword” : “M*\74XWG$^8Lhpq{”,
“BaseDN” : “DC=domain,DC=local”,
“LdapUriDn” : “ldap:///dc%3D_domain_%2Cdc%3Dlocal”
}

If anyone has any guidance on this issue I would greatly appreciate it.

NethServer Version: 7
Module: SOGO


(Paul Guerra) #2

So after doing some more work I have managed to make some progress on NextCloud. Once I entered the full DN in the bind user field on the NextCloud configuration page I get a green light and and I can even test individual user names. However I am still receiving an error when trying to log in and when I loging as admin and list users it shows nothing.


(Paul Guerra) #3

More on NextCloud,

I have re-installed and the issue with users persists. It will pull groups no problem but will not find users. I am enclosing some of the logfile. It seems to be at odds with the configuration page. I am really confused here and could really use some help. Still no progress on Sogo.

NextCloud Logfile:

Warning user_ldap Configuration Error (prefix s02): login filter does not contain %uid place holder. 2017-07-09T10:05:26-0400
Warning user_ldap Configuration Error (prefix s02): Not a single Base DN given. 2017-07-09T10:05:26-0400
Warning user_ldap Configuration Error (prefix s02): No LDAP Login Filter given! 2017-07-09T10:05:26-0400
Warning user_ldap Configuration Error (prefix s02): No LDAP Port given! 2017-07-09T10:05:26-0400
Warning user_ldap Configuration Error (prefix s02): login filter does not contain %uid place holder. 2017-07-09T10:05:26-0400
Warning user_ldap Configuration Error (prefix s02): Not a single Base DN given. 2017-07-09T10:05:26-0400
Warning user_ldap Configuration Error (prefix s02): No LDAP Login Filter given! 2017-07-09T10:05:26-0400
Warning user_ldap Configuration Error (prefix s02): No LDAP Port given! 2017-07-09T10:05:26-0400
Warning user_ldap Configuration Error (prefix s02): login filter does not contain %uid place holder. 2017-07-09T10:05:26-0400
Warning user_ldap Configuration Error (prefix s02): Not a single Base DN given. 2017-07-09T10:05:26-0400
Warning user_ldap Configuration Error (prefix s02): No LDAP Login Filter given! 2017-07-09T10:05:26-0400
Warning user_ldap Configuration Error (prefix s02): No LDAP Port given! 2017-07-09T10:05:26-0400


(Paul Guerra) #4

NextCloud is fixed, as I was proofreading my post, HAHA, noticed the prefix s02 part and was digging to find out what it meant, apparently there was an empty configuration that was causing issues. I deleted it and all the users show up. Now to focus on Sogo.


(Michael Träumner) #5

Hi Paul,
please have a look at this guide for sogo using ad.

I’ll did some more changes to get it working, pleas have a look at this thread too.


(Paul Guerra) #6

Thanks for your help here, I had read your post before and was hoping you had some more information to help me fix the issue however re-reading your finale post on your thread got me to thinking about password characters, turns out that % is not the only character you cannot use, ! and / will also cause issues possibly more I am not aware of. Once I removed my random password with the / character all works.
Thanks