Sogo uses the ad.domain.com as default domain

diego.martin · 2018-05-24 11:43:41 UTC

hello, first post ever, I’ve been directed here by nethesis support

I understand SOGo is no more supported in the Enterprise version but I’d very much like to install it
in reality I managed to install it but I have some questions / issues

my Nethserver installation uses AD account provider, but when I log into SOGo I must use the "user@ad.domain.com" instead of "user@domain.com" to log in.

Everything inside is configured to use @ad.domain.com and so does the IMAP default configuration, and I think is’t a problem because I see no mail.
If I add another IMAP account using the correct login data, it works. But I’d like to be able to use the stock configuration, thus removing “ad.” in front of the username and/or imap configuration

I hope I made myself clear, and hope someone can help me
thanks in advance

stephdl · 2018-05-24 11:53:44 UTC

On my side

user or user@domain.com work

user@ad.domain.com NOT

what is the output of

config show DomainName 
and 
config show sssd
and
account-provider-test dump

diego.martin · 2018-05-24 12:03:40 UTC

thanks a lot for the quick reply!

xxxxx.xyz is the mail domain in use obviously

[root@services ~]# config show DomainName
DomainName=xxxxxxx.xyz
[root@services ~]# config show sssd
sssd=service
AdDns=192.168.1.6
BindDN=ldapservice@AD.xxxxx.xyz
BindPassword=
LdapURI=
Provider=ad
Realm=AD.xxxxx.xyz
Workgroup=xxxxx
status=enabled

thanks in advance!

stephdl · 2018-05-24 12:06:09 UTC

well useless…if I have no access to the data.

stephdl · 2018-05-24 12:07:32 UTC

It is a fresh install on nethserver7.4 or nethserver7.5 ?

diego.martin · 2018-05-24 12:08:28 UTC

it’s a fresh 7.4 installation

7.4.1708

diego.martin · 2018-05-24 12:09:16 UTC

“well useless…if I have no access to the data.”

sorry what do you mean?

stephdl · 2018-05-24 12:13:33 UTC

you hided some information…how I can debug. For example the password is not present, did you remove it ?

diego.martin · 2018-05-24 12:19:33 UTC

I just substitute my real domain with fakedomain.netx for privacy purpose
I even kept uppercase and lowercase

here you go, hope it’s more clear now

[root@services ~]# config show DomainName
DomainName=fakedomain.netx
[root@services ~]# config show sssd
sssd=service
AdDns=192.168.1.6
BindDN=ldapservice@AD.FAKEDOMAIN.NETX
BindPassword=password_was_here
LdapURI=
Provider=ad
Realm=AD.FAKEDOMAIN.NETX
Workgroup=FAKEDOMAIN
status=enabled

thanks again

stephdl · 2018-05-24 12:26:47 UTC

and the user login is not functionnal ?

what is the ouput of

rpm -qa |grep -e 'nethserver-mail' -e 'sogo' -e 'sssd' -e 'nethserver-dc'

mine are

[root@prometheus ~]# rpm -qa |grep -e 'nethserver-mail' -e 'sogo' -e 'sssd' -e 'nethserver-dc'
nethserver-mail2-disclaimer-2.1.0-1.ns7.noarch
sssd-proxy-1.15.2-50.el7_4.11.x86_64
sogo-activesync-4.0.0-1.ns7.x86_64
sssd-client-1.15.2-50.el7_4.11.x86_64
sssd-krb5-common-1.15.2-50.el7_4.11.x86_64
sssd-1.15.2-50.el7_4.11.x86_64
nethserver-sogo-1.7.1-1.ns7.noarch
python-sssdconfig-1.15.2-50.el7_4.11.noarch
sssd-krb5-1.15.2-50.el7_4.11.x86_64
sogo-4.0.0-1.ns7.x86_64
nethserver-mail-smarthost-1.0.1-1.ns7.noarch
nethserver-mail2-common-2.1.0-1.ns7.noarch
sssd-ad-1.15.2-50.el7_4.11.x86_64
nethserver-mail2-filter-2.1.0-1.2.g6bcabd0.ns7.noarch
sssd-common-pac-1.15.2-50.el7_4.11.x86_64
nethserver-mail2-server-2.1.0-1.ns7.noarch
sssd-ldap-1.15.2-50.el7_4.11.x86_64
sogo-tool-4.0.0-1.ns7.x86_64
nethserver-dc-1.5.0-1.ns7.x86_64
sssd-common-1.15.2-50.el7_4.11.x86_64
sssd-ipa-1.15.2-50.el7_4.11.x86_64
sogo-ealarms-notify-4.0.0-1.ns7.x86_64
nethserver-sssd-1.3.7-1.ns7.noarch

diego.martin · 2018-05-24 12:30:28 UTC

I can login fine using username@ad.fakedomain.netx , but the email associated with the default IMAP account in SOGo is username@ad.fakedomain.netx and not the real one so it fails IMAP retrieve from the local server

also, it tries to connect to the IMAP localhost server using port 143 with no SSL, so it might fail for that, not sure

[root@services ~]# rpm -qa |grep -e ‘nethserver-mail’ -e ‘sogo’ -e ‘sssd’ -e 'nethserver-dc’
nethserver-sssd-1.3.8-1.ns7.noarch
nethserver-sogo-1.7.2-1.ns7.noarch
sssd-ldap-1.15.2-50.el7_4.11.x86_64
sssd-ipa-1.15.2-50.el7_4.11.x86_64
nethserver-mail-server-1.12.1-1.ns7.noarch
sssd-common-pac-1.15.2-50.el7_4.11.x86_64
nethserver-mail-common-1.6.7-1.ns7.noarch
sogo-ealarms-notify-4.0.0-1.ns7.x86_64
sogo-tool-4.0.0-1.ns7.x86_64
sssd-libwbclient-1.15.2-50.el7_4.11.x86_64
sssd-ad-1.15.2-50.el7_4.11.x86_64
nethserver-mail-smarthost-1.0.1-1.ns7.noarch
nethserver-mail-disclaimer-1.6.7-1.ns7.noarch
nethserver-dc-1.5.1-1.ns7.x86_64
sogo-4.0.0-1.ns7.x86_64
nethserver-mail-filter-1.4.4-1.ns7.noarch
python-sssdconfig-1.15.2-50.el7_4.11.noarch
sssd-client-1.15.2-50.el7_4.11.x86_64
sssd-common-1.15.2-50.el7_4.11.x86_64
sssd-krb5-1.15.2-50.el7_4.11.x86_64
sssd-krb5-common-1.15.2-50.el7_4.11.x86_64
sogo-activesync-4.0.0-1.ns7.x86_64
sssd-proxy-1.15.2-50.el7_4.11.x86_64
sssd-1.15.2-50.el7_4.11.x86_64

stephdl · 2018-05-24 12:36:58 UTC

sogo takes the email name from ldap (whatever you call it samba4 or openldap)

can you send me this output (replace stephane by one of your user), if you prefer give it by PM

net ads search -P cn=stephane

diego.martin · 2018-05-24 12:44:44 UTC

here you go

[root@services ~]# net ads search -P cn=info
Got 1 replies

objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: info
givenName: Info
instanceType: 4
whenCreated: 20180502080912.0Z
displayName: Info
uSNCreated: 3793
name: info
objectGUID: e599d032-6652-4d4a-8b1e-5daf8f6edaeb
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
primaryGroupID: 513
objectSid: S-1-5-21-1929061671-2162046378-3786332760-1111
sAMAccountName: info
sAMAccountType: 805306368
userPrincipalName: info@ad.fakedomain.net
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ad,DC=fakedomain,DC=net
loginShell: /usr/libexec/openssh/sftp-server
unixHomeDirectory: /var/lib/nethserver/home/info
userAccountControl: 66048
accountExpires: 0
pwdLastSet: 131697221547337940
memberOf: CN=tutti,CN=Users,DC=ad,DC=fakedomain,DC=net
lastLogonTimestamp: 131713591820612030
whenChanged: 20180521065302.0Z
uSNChanged: 3867
lastLogon: 131716387175062420
logonCount: 3798
distinguishedName: CN=info,CN=Users,DC=ad,DC=fakedomain,DC=net

stephdl · 2018-05-24 12:46:08 UTC

the problem doesn’t come from sogo but from your AD

What did you do before, do you give a lot of love to your server, if yes, then we might find a solution

diego.martin · 2018-05-24 12:53:35 UTC

well it’s an out of the box configuration

I just installed 7.4 from scratch, activated AD account provider with the default (and suggested) configuration and now I find myself in this situation
I also installed roundcube and webtop 5, they work fine, but I need sogo

stephdl · 2018-05-24 13:04:30 UTC

could you please create a user and put the /var/log/messages logs, then try to log again

diego.martin · 2018-05-24 13:07:15 UTC

well, just looked in messages.log, each time I created a user I got a quite clear error stating

[ERROR] failed to modify UPN suffixes

I also found this

still, It was an out of the box installation.

I think we found the problem, now for the solution?

stephdl · 2018-05-24 13:13:59 UTC

same punition we need a full log access, do not hide information

stephdl · 2018-05-24 18:39:22 UTC

when you create a user you launch an action /etc/e-smith/events/actions/nethserver-dc-sync-upn
which is supposed to change the ad.domain.com to domain.com for the email address of users, something was wrong but now it seem to go right.

you can test your AD by

net ads search -P cn=User | grep userPrincipalName