hello, first post ever, I’ve been directed here by nethesis support
I understand SOGo is no more supported in the Enterprise version but I’d very much like to install it
in reality I managed to install it but I have some questions / issues
my Nethserver installation uses AD account provider, but when I log into SOGo I must use the "user@ad.domain.com " instead of "user@domain.com " to log in.
Everything inside is configured to use @ad.domain.com and so does the IMAP default configuration, and I think is’t a problem because I see no mail.
If I add another IMAP account using the correct login data, it works. But I’d like to be able to use the stock configuration, thus removing “ad.” in front of the username and/or imap configuration
I hope I made myself clear, and hope someone can help me
thanks in advance
stephdl
(Stéphane de Labrusse)
May 24, 2018, 11:53am
2
On my side
user or user@domain.com work
user@ad.domain.com NOT
what is the output of
config show DomainName
and
config show sssd
and
account-provider-test dump
thanks a lot for the quick reply!
xxxxx.xyz is the mail domain in use obviously
[root@services ~]# config show DomainName
DomainName=xxxxxxx.xyz
[root@services ~]# config show sssd
sssd=service
AdDns=192.168.1.6
BindDN=ldapservice@AD.xxxxx.xyz
BindPassword=
LdapURI=
Provider=ad
Realm=AD.xxxxx.xyz
Workgroup=xxxxx
status=enabled
thanks in advance!
stephdl
(Stéphane de Labrusse)
May 24, 2018, 12:06pm
4
well useless…if I have no access to the data.
stephdl
(Stéphane de Labrusse)
May 24, 2018, 12:07pm
5
It is a fresh install on nethserver7.4 or nethserver7.5 ?
it’s a fresh 7.4 installation
7.4.1708
“well useless…if I have no access to the data.”
sorry what do you mean?
stephdl
(Stéphane de Labrusse)
May 24, 2018, 12:13pm
8
diego.martin:
sorry what do you mean?
you hided some information…how I can debug. For example the password is not present, did you remove it ?
I just substitute my real domain with fakedomain.netx for privacy purpose
I even kept uppercase and lowercase
here you go, hope it’s more clear now
[root@services ~]# config show DomainName
DomainName=fakedomain.netx
[root@services ~]# config show sssd
sssd=service
AdDns=192.168.1.6
BindDN=ldapservice@AD.FAKEDOMAIN.NETX
BindPassword=password_was_here
LdapURI=
Provider=ad
Realm=AD.FAKEDOMAIN.NETX
Workgroup=FAKEDOMAIN
status=enabled
thanks again
stephdl
(Stéphane de Labrusse)
May 24, 2018, 12:26pm
10
and the user
login is not functionnal ?
what is the ouput of
rpm -qa |grep -e 'nethserver-mail' -e 'sogo' -e 'sssd' -e 'nethserver-dc'
mine are
[root@prometheus ~]# rpm -qa |grep -e 'nethserver-mail' -e 'sogo' -e 'sssd' -e 'nethserver-dc'
nethserver-mail2-disclaimer-2.1.0-1.ns7.noarch
sssd-proxy-1.15.2-50.el7_4.11.x86_64
sogo-activesync-4.0.0-1.ns7.x86_64
sssd-client-1.15.2-50.el7_4.11.x86_64
sssd-krb5-common-1.15.2-50.el7_4.11.x86_64
sssd-1.15.2-50.el7_4.11.x86_64
nethserver-sogo-1.7.1-1.ns7.noarch
python-sssdconfig-1.15.2-50.el7_4.11.noarch
sssd-krb5-1.15.2-50.el7_4.11.x86_64
sogo-4.0.0-1.ns7.x86_64
nethserver-mail-smarthost-1.0.1-1.ns7.noarch
nethserver-mail2-common-2.1.0-1.ns7.noarch
sssd-ad-1.15.2-50.el7_4.11.x86_64
nethserver-mail2-filter-2.1.0-1.2.g6bcabd0.ns7.noarch
sssd-common-pac-1.15.2-50.el7_4.11.x86_64
nethserver-mail2-server-2.1.0-1.ns7.noarch
sssd-ldap-1.15.2-50.el7_4.11.x86_64
sogo-tool-4.0.0-1.ns7.x86_64
nethserver-dc-1.5.0-1.ns7.x86_64
sssd-common-1.15.2-50.el7_4.11.x86_64
sssd-ipa-1.15.2-50.el7_4.11.x86_64
sogo-ealarms-notify-4.0.0-1.ns7.x86_64
nethserver-sssd-1.3.7-1.ns7.noarch
I can login fine using username@ad.fakedomain.netx , but the email associated with the default IMAP account in SOGo is username@ad.fakedomain.netx and not the real one so it fails IMAP retrieve from the local server
also, it tries to connect to the IMAP localhost server using port 143 with no SSL, so it might fail for that, not sure
[root@services ~]# rpm -qa |grep -e ‘nethserver-mail’ -e ‘sogo’ -e ‘sssd’ -e 'nethserver-dc’
nethserver-sssd-1.3.8-1.ns7.noarch
nethserver-sogo-1.7.2-1.ns7.noarch
sssd-ldap-1.15.2-50.el7_4.11.x86_64
sssd-ipa-1.15.2-50.el7_4.11.x86_64
nethserver-mail-server-1.12.1-1.ns7.noarch
sssd-common-pac-1.15.2-50.el7_4.11.x86_64
nethserver-mail-common-1.6.7-1.ns7.noarch
sogo-ealarms-notify-4.0.0-1.ns7.x86_64
sogo-tool-4.0.0-1.ns7.x86_64
sssd-libwbclient-1.15.2-50.el7_4.11.x86_64
sssd-ad-1.15.2-50.el7_4.11.x86_64
nethserver-mail-smarthost-1.0.1-1.ns7.noarch
nethserver-mail-disclaimer-1.6.7-1.ns7.noarch
nethserver-dc-1.5.1-1.ns7.x86_64
sogo-4.0.0-1.ns7.x86_64
nethserver-mail-filter-1.4.4-1.ns7.noarch
python-sssdconfig-1.15.2-50.el7_4.11.noarch
sssd-client-1.15.2-50.el7_4.11.x86_64
sssd-common-1.15.2-50.el7_4.11.x86_64
sssd-krb5-1.15.2-50.el7_4.11.x86_64
sssd-krb5-common-1.15.2-50.el7_4.11.x86_64
sogo-activesync-4.0.0-1.ns7.x86_64
sssd-proxy-1.15.2-50.el7_4.11.x86_64
sssd-1.15.2-50.el7_4.11.x86_64
stephdl
(Stéphane de Labrusse)
May 24, 2018, 12:36pm
12
sogo takes the email name from ldap (whatever you call it samba4 or openldap)
can you send me this output (replace stephane by one of your user), if you prefer give it by PM
net ads search -P cn=stephane
here you go
[root@services ~]# net ads search -P cn=info
Got 1 replies
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: info
givenName: Info
instanceType: 4
whenCreated: 20180502080912.0Z
displayName: Info
uSNCreated: 3793
name: info
objectGUID: e599d032-6652-4d4a-8b1e-5daf8f6edaeb
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
primaryGroupID: 513
objectSid: S-1-5-21-1929061671-2162046378-3786332760-1111
sAMAccountName: info
sAMAccountType: 805306368
userPrincipalName: info@ad.fakedomain.net
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ad,DC=fakedomain,DC=net
loginShell: /usr/libexec/openssh/sftp-server
unixHomeDirectory: /var/lib/nethserver/home/info
userAccountControl: 66048
accountExpires: 0
pwdLastSet: 131697221547337940
memberOf: CN=tutti,CN=Users,DC=ad,DC=fakedomain,DC=net
lastLogonTimestamp: 131713591820612030
whenChanged: 20180521065302.0Z
uSNChanged: 3867
lastLogon: 131716387175062420
logonCount: 3798
distinguishedName: CN=info,CN=Users,DC=ad,DC=fakedomain,DC=net
stephdl
(Stéphane de Labrusse)
May 24, 2018, 12:46pm
14
the problem doesn’t come from sogo but from your AD
What did you do before, do you give a lot of love to your server, if yes, then we might find a solution
2 Likes
well it’s an out of the box configuration
I just installed 7.4 from scratch, activated AD account provider with the default (and suggested) configuration and now I find myself in this situation
I also installed roundcube and webtop 5, they work fine, but I need sogo
stephdl
(Stéphane de Labrusse)
May 24, 2018, 1:04pm
16
could you please create a user and put the /var/log/messages logs, then try to log again
well, just looked in messages.log, each time I created a user I got a quite clear error stating
[ERROR] failed to modify UPN suffixes
I also found this
still, It was an out of the box installation.
I think we found the problem, now for the solution?
stephdl
(Stéphane de Labrusse)
May 24, 2018, 1:13pm
18
same punition we need a full log access, do not hide information
stephdl
(Stéphane de Labrusse)
May 24, 2018, 6:39pm
19
when you create a user you launch an action /etc/e-smith/events/actions/nethserver-dc-sync-upn
which is supposed to change the ad.domain.com to domain.com for the email address of users, something was wrong but now it seem to go right.
you can test your AD by
net ads search -P cn=User | grep userPrincipalName
1 Like