Sogo uses the ad.domain.com as default domain

sogo
mailserver

(Diego Martin) #1

hello, first post ever, I’ve been directed here by nethesis support

I understand SOGo is no more supported in the Enterprise version but I’d very much like to install it
in reality I managed to install it but I have some questions / issues

my Nethserver installation uses AD account provider, but when I log into SOGo I must use the "user@ad.domain.com" instead of "user@domain.com" to log in.

Everything inside is configured to use @ad.domain.com and so does the IMAP default configuration, and I think is’t a problem because I see no mail.
If I add another IMAP account using the correct login data, it works. But I’d like to be able to use the stock configuration, thus removing “ad.” in front of the username and/or imap configuration

I hope I made myself clear, and hope someone can help me :smiley:
thanks in advance


SoGo 4 into Nethserver?
(Stéphane de Labrusse) #2

On my side

user or user@domain.com work

user@ad.domain.com NOT

what is the output of

config show DomainName 
and 
config show sssd
and
account-provider-test dump

(Diego Martin) #3

thanks a lot for the quick reply!

xxxxx.xyz is the mail domain in use obviously

[root@services ~]# config show DomainName
DomainName=xxxxxxx.xyz
[root@services ~]# config show sssd
sssd=service
AdDns=192.168.1.6
BindDN=ldapservice@AD.xxxxx.xyz
BindPassword=
LdapURI=
Provider=ad
Realm=AD.xxxxx.xyz
Workgroup=xxxxx
status=enabled

thanks in advance!


(Stéphane de Labrusse) #4

well useless…if I have no access to the data.


(Stéphane de Labrusse) #5

It is a fresh install on nethserver7.4 or nethserver7.5 ?


(Diego Martin) #6

it’s a fresh 7.4 installation

7.4.1708


(Diego Martin) #7

“well useless…if I have no access to the data.”

sorry what do you mean?


(Stéphane de Labrusse) #8

you hided some information…how I can debug. For example the password is not present, did you remove it ?


(Diego Martin) #9

I just substitute my real domain with fakedomain.netx for privacy purpose :slight_smile:
I even kept uppercase and lowercase

here you go, hope it’s more clear now

[root@services ~]# config show DomainName
DomainName=fakedomain.netx
[root@services ~]# config show sssd
sssd=service
AdDns=192.168.1.6
BindDN=ldapservice@AD.FAKEDOMAIN.NETX
BindPassword=password_was_here
LdapURI=
Provider=ad
Realm=AD.FAKEDOMAIN.NETX
Workgroup=FAKEDOMAIN
status=enabled

thanks again


(Stéphane de Labrusse) #10

and the user login is not functionnal ?

what is the ouput of

rpm -qa |grep -e 'nethserver-mail' -e 'sogo' -e 'sssd' -e 'nethserver-dc'

mine are

[root@prometheus ~]# rpm -qa |grep -e 'nethserver-mail' -e 'sogo' -e 'sssd' -e 'nethserver-dc'
nethserver-mail2-disclaimer-2.1.0-1.ns7.noarch
sssd-proxy-1.15.2-50.el7_4.11.x86_64
sogo-activesync-4.0.0-1.ns7.x86_64
sssd-client-1.15.2-50.el7_4.11.x86_64
sssd-krb5-common-1.15.2-50.el7_4.11.x86_64
sssd-1.15.2-50.el7_4.11.x86_64
nethserver-sogo-1.7.1-1.ns7.noarch
python-sssdconfig-1.15.2-50.el7_4.11.noarch
sssd-krb5-1.15.2-50.el7_4.11.x86_64
sogo-4.0.0-1.ns7.x86_64
nethserver-mail-smarthost-1.0.1-1.ns7.noarch
nethserver-mail2-common-2.1.0-1.ns7.noarch
sssd-ad-1.15.2-50.el7_4.11.x86_64
nethserver-mail2-filter-2.1.0-1.2.g6bcabd0.ns7.noarch
sssd-common-pac-1.15.2-50.el7_4.11.x86_64
nethserver-mail2-server-2.1.0-1.ns7.noarch
sssd-ldap-1.15.2-50.el7_4.11.x86_64
sogo-tool-4.0.0-1.ns7.x86_64
nethserver-dc-1.5.0-1.ns7.x86_64
sssd-common-1.15.2-50.el7_4.11.x86_64
sssd-ipa-1.15.2-50.el7_4.11.x86_64
sogo-ealarms-notify-4.0.0-1.ns7.x86_64
nethserver-sssd-1.3.7-1.ns7.noarch

(Diego Martin) #11

I can login fine using username@ad.fakedomain.netx , but the email associated with the default IMAP account in SOGo is username@ad.fakedomain.netx and not the real one so it fails IMAP retrieve from the local server

also, it tries to connect to the IMAP localhost server using port 143 with no SSL, so it might fail for that, not sure

[root@services ~]# rpm -qa |grep -e ‘nethserver-mail’ -e ‘sogo’ -e ‘sssd’ -e 'nethserver-dc’
nethserver-sssd-1.3.8-1.ns7.noarch
nethserver-sogo-1.7.2-1.ns7.noarch
sssd-ldap-1.15.2-50.el7_4.11.x86_64
sssd-ipa-1.15.2-50.el7_4.11.x86_64
nethserver-mail-server-1.12.1-1.ns7.noarch
sssd-common-pac-1.15.2-50.el7_4.11.x86_64
nethserver-mail-common-1.6.7-1.ns7.noarch
sogo-ealarms-notify-4.0.0-1.ns7.x86_64
sogo-tool-4.0.0-1.ns7.x86_64
sssd-libwbclient-1.15.2-50.el7_4.11.x86_64
sssd-ad-1.15.2-50.el7_4.11.x86_64
nethserver-mail-smarthost-1.0.1-1.ns7.noarch
nethserver-mail-disclaimer-1.6.7-1.ns7.noarch
nethserver-dc-1.5.1-1.ns7.x86_64
sogo-4.0.0-1.ns7.x86_64
nethserver-mail-filter-1.4.4-1.ns7.noarch
python-sssdconfig-1.15.2-50.el7_4.11.noarch
sssd-client-1.15.2-50.el7_4.11.x86_64
sssd-common-1.15.2-50.el7_4.11.x86_64
sssd-krb5-1.15.2-50.el7_4.11.x86_64
sssd-krb5-common-1.15.2-50.el7_4.11.x86_64
sogo-activesync-4.0.0-1.ns7.x86_64
sssd-proxy-1.15.2-50.el7_4.11.x86_64
sssd-1.15.2-50.el7_4.11.x86_64


(Stéphane de Labrusse) #12

sogo takes the email name from ldap (whatever you call it samba4 or openldap)

can you send me this output (replace stephane by one of your user), if you prefer give it by PM

net ads search -P cn=stephane


(Diego Martin) #13

here you go

[root@services ~]# net ads search -P cn=info
Got 1 replies

objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: info
givenName: Info
instanceType: 4
whenCreated: 20180502080912.0Z
displayName: Info
uSNCreated: 3793
name: info
objectGUID: e599d032-6652-4d4a-8b1e-5daf8f6edaeb
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
primaryGroupID: 513
objectSid: S-1-5-21-1929061671-2162046378-3786332760-1111
sAMAccountName: info
sAMAccountType: 805306368
userPrincipalName: info@ad.fakedomain.net
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ad,DC=fakedomain,DC=net
loginShell: /usr/libexec/openssh/sftp-server
unixHomeDirectory: /var/lib/nethserver/home/info
userAccountControl: 66048
accountExpires: 0
pwdLastSet: 131697221547337940
memberOf: CN=tutti,CN=Users,DC=ad,DC=fakedomain,DC=net
lastLogonTimestamp: 131713591820612030
whenChanged: 20180521065302.0Z
uSNChanged: 3867
lastLogon: 131716387175062420
logonCount: 3798
distinguishedName: CN=info,CN=Users,DC=ad,DC=fakedomain,DC=net


(Stéphane de Labrusse) #14

the problem doesn’t come from sogo but from your AD

What did you do before, do you give a lot of love to your server, if yes, then we might find a solution


(Diego Martin) #15

well it’s an out of the box configuration

I just installed 7.4 from scratch, activated AD account provider with the default (and suggested) configuration and now I find myself in this situation
I also installed roundcube and webtop 5, they work fine, but I need sogo :slight_smile:


(Stéphane de Labrusse) #16

could you please create a user and put the /var/log/messages logs, then try to log again


(Diego Martin) #17

well, just looked in messages.log, each time I created a user I got a quite clear error stating

[ERROR] failed to modify UPN suffixes

I also found this

still, It was an out of the box installation.

I think we found the problem, now for the solution? :slight_smile:


(Stéphane de Labrusse) #18

same punition we need a full log access, do not hide information


(Stéphane de Labrusse) #19

when you create a user you launch an action /etc/e-smith/events/actions/nethserver-dc-sync-upn
which is supposed to change the ad.domain.com to domain.com for the email address of users, something was wrong but now it seem to go right.

you can test your AD by

net ads search -P cn=User | grep userPrincipalName