How to manually set up jigasi for outgoing calls (the sequel)

Hi,

I’m really trying to get my grips on prosody, but it’s tough.

I now have two servers with Jitsi Meet which are supposed to be the same, except that jigasi authentication is working on one and failing on the other. However, I just can’t seem to get my hands on the erroneous configuration settings

This shows up in the jigasi log:

SEVERE: [45] impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin().1003 Failed to connect to XMPP service
org.jivesoftware.smack.sasl.SASLErrorException: SASLError using SCRAM-SHA-1: not-authorized
        at org.jivesoftware.smack.SASLAuthentication.authenticationFailed(SASLAuthentication.java:292)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1100)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
        at java.base/java.lang.Thread.run(Thread.java:834)

It’s not supposed to use SASL authentication but “internal_plain” because the jigasi user is in the auth.meet.example.com domain which is defined with “internal_plain” in prosody.

# cat meet.example.com.cfg.lua
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "meet.example.com";

turncredentials_secret = "ZKAzL6v5kbVgimn6";

turncredentials = {
    { type = "stun", host = "meet.example.com", port = "3478" },
    { type = "turn", host = "meet.example.com", port = "3478", transport = "udp" },
    { type = "turns", host = "meet.example.com", port = "5349", transport = "tcp" }
};

cross_domain_bosh = false;
consider_bosh_secure = true;
-- https_ports = { }; -- Remove this line to prevent listening on port 5284

-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
    protocol = "tlsv1_2+";
    ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
}

VirtualHost "meet.example.com"
    -- enabled = false -- Remove this line to enable this host
    authentication = "cyrus"
    cyrus_application_name = "xmpp"
    allow_unencrypted_plain_auth = true

    -- authentication = "ldap2"

    -- authentication = "external"
    -- external_auth_command = "/etc/prosody/conf.avail/HMAN_prosody_auth.sh"

    -- authentication = "internal_hashed"

    -- authentication = "anonymous"

    -- Properties below are modified by jitsi-meet-tokens package config
    -- and authentication above is switched to "token"
    --app_id="example_app_id"
    --app_secret="example_app_secret"
    -- Assign this host a certificate for TLS, otherwise it would use the one
    -- set in the global section (if any).
    -- Note that old-style SSL on port 5223 only supports one certificate, and will always
    -- use the global one.
    ssl = {
        key = "/etc/prosody/certs/meet.example.com.key";
        certificate = "/etc/prosody/certs/meet.example.com.crt";
    }
    speakerstats_component = "speakerstats.meet.example.com"
    conference_duration_component = "conferenceduration.meet.example.com"
    -- we need bosh
    modules_enabled = {
        "bosh";
        "pubsub";
        "ping"; -- Enable mod_ping
        "speakerstats";
        "turncredentials";
        "conference_duration";
        "muc_lobby_rooms";
        -- "auth_cyrus";
    }
    c2s_require_encryption = false
    lobby_muc = "lobby.meet.example.com"
    main_muc = "conference.meet.example.com"
    -- muc_lobby_whitelist = { "recorder.meet.example.com" } -- Here we can whitelist jibri to enter lobby enabled rooms

Component "conference.meet.example.com" "muc"
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        --"token_verification";
    }
    admins = { "focus@auth.meet.example.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

-- internal muc component
Component "internal.auth.meet.example.com" "muc"
    storage = "memory"
    modules_enabled = {
        "ping";
    }
    admins = { "focus@auth.meet.example.com", "jvb@auth.meet.example.com", "jigasi@auth.meet.example.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

VirtualHost "auth.meet.example.com"
    ssl = {
        key = "/etc/prosody/certs/auth.meet.example.com.key";
        certificate = "/etc/prosody/certs/auth.meet.example.com.crt";
    }
    authentication = "internal_plain"

Component "focus.meet.example.com"
    component_secret = "2tRnfVBp"

Component "speakerstats.meet.example.com" "speakerstats_component"
    muc_component = "conference.meet.example.com"

Component "conferenceduration.meet.example.com" "conference_duration_component"
    muc_component = "conference.meet.example.com"

Component "lobby.meet.example.com" "muc"
    storage = "memory"
    restrict_room_creation = true
    muc_room_locking = false
    muc_room_default_public_jids = true

VirtualHost "guest.meet.example.com"
    authentication = "anonymous"
    c2s_require_encryption = false

I can see that the user ID is created/registered here:

# cat /var/lib/prosody/auth%2emeet%2eexample%2ecom/accounts/meetvoip.dat
return {
        ["password"] = "TuIfCJM2vOiP07500hOm";
};

Finally, my jigasi comfig is as follows:

# cat /etc/jitsi/jigasi/sip-communicator.properties | grep -v ^# | grep -v ^$
org.jitsi.jigasi.MUC_SERVICE_ADDRESS=conference.meet.example.com
net.java.sip.communicator.impl.protocol.SingleCallInProgressPolicy.enabled=false
net.java.sip.communicator.impl.neomedia.codec.audio.opus.encoder.COMPLEXITY=10
net.java.sip.communicator.packetlogging.PACKET_LOGGING_ENABLED=false
net.java.sip.communicator.impl.protocol.sip.acc1403273890647=acc1403273890647
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.ACCOUNT_UID=SIP\:4901@pbx1.example.com
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PASSWORD=TWVldFVwQXRITWFu
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PROTOCOL_NAME=SIP
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.SERVER_ADDRESS=pbx1.example.com
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.USER_ID=4901@pbx1.example.com
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.KEEP_ALIVE_INTERVAL=25
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.KEEP_ALIVE_METHOD=OPTIONS
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.VOICEMAIL_ENABLED=false
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.AMR-WB/16000=750
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.G722/8000=700
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.GSM/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.H263-1998/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.H264/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.PCMA/8000=600
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.PCMU/8000=650
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/12000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/16000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/24000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.VP8/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.iLBC/8000=10
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.opus/48000=1000
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.red/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.speex/16000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.speex/32000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.speex/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.telephone-event/8000=1
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.ulpfec/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.OVERRIDE_ENCODINGS=true
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.DEFAULT_ENCRYPTION=false
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.DOMAIN_BASE=meet.example.com
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1=acc-xmpp-1
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.ACCOUNT_UID=Jabber:jigasi@auth.meet.example.com
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.USER_ID=jigasi@auth.meet.example.com
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_SERVER_OVERRIDDEN=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.SERVER_ADDRESS=127.0.0.1
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.SERVER_PORT=5222
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.ALLOW_NON_SECURE=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.PASSWORD=bXB6ZHg5d2E0dAo=
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.AUTO_GENERATE_RESOURCE=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.RESOURCE_PRIORITY=30
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.KEEP_ALIVE_METHOD=XEP-0199
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.KEEP_ALIVE_INTERVAL=30
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.CALLING_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.JINGLE_NODES_ENABLED=false
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_CARBON_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.DEFAULT_ENCRYPTION=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_USE_ICE=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_ACCOUNT_DISABLED=false
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_PREFERRED_PROTOCOL=false
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.AUTO_DISCOVER_JINGLE_NODES=false
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.PROTOCOL=Jabber
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_USE_UPNP=false
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IM_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.SERVER_STORED_INFO_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_FILE_TRANSFER_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.USE_DEFAULT_STUN_SERVER=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.ENCRYPTION_PROTOCOL.DTLS-SRTP=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.ENCRYPTION_PROTOCOL_STATUS.DTLS-SRTP=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.OVERRIDE_ENCODINGS=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.G722/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.GSM/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.H263-1998/90000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.H264/90000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.PCMA/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.PCMU/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.SILK/12000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.SILK/16000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.SILK/24000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.SILK/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.VP8/90000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.iLBC/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.opus/48000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.speex/16000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.speex/32000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.Encodings.speex/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.BREWERY=JigasiBrewery@internal.auth.meet.example.com
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.BOSH_URL_PATTERN=https://{host}{subdomain}/http-bind?room={roomName}
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.DOMAIN_BASE=meet.example.com
org.jitsi.jigasi.ALLOWED_JID=JigasiBrewery@internal.auth.meet.example.com
org.jitsi.jigasi.BREWERY_ENABLED=true
org.jitsi.jigasi.xmpp.acc.IS_SERVER_OVERRIDDEN=true
org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS=127.0.0.1
org.jitsi.jigasi.xmpp.acc.VIDEO_CALLING_DISABLED=true
org.jitsi.jigasi.xmpp.acc.JINGLE_NODES_ENABLED=false
org.jitsi.jigasi.xmpp.acc.AUTO_DISCOVER_STUN=false
org.jitsi.jigasi.xmpp.acc.IM_DISABLED=true
org.jitsi.jigasi.xmpp.acc.SERVER_STORED_INFO_DISABLED=true
org.jitsi.jigasi.xmpp.acc.IS_FILE_TRANSFER_DISABLED=true
org.jitsi.jigasi.ENABLE_SIP=true
net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true
org.jitsi.jigasi.USE_SIP_USER_AS_XMPP_RESOURCE=true
org.jitsi.jigasi.xmpp.acc.USER_ID=meetvoip@auth.meet.example.com
org.jitsi.jigasi.xmpp.acc.PASS=TuIfCJM2vOiP07500hOm
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PREFERRED_TRANSPORT=udp
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.ACCOUNT_UID=SIP\:4901@10.215.147.115
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.SERVER_ADDRESS=10.215.147.115
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.SERVER_ADDRESS_VALIDATED=true
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.SERVER_PORT=5060
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PROXY_ADDRESS=10.215.147.115
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PROXY_PORT=5060
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PROXY_ADDRESS_VALIDATED=true
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PROXY_AUTO_CONFIG=false
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.USER_ID=4901@10.215.147.115
org.jitsi.jigasi.DEFAULT_JVB_ROOM_NAME=testroom

I can see that org.jitsi.jigasi.xmpp.acc.PASS matches the password found in /var/lib/prosody/auth%2emeet%2eexample%2ecom/accounts/meetvoip.dat.

In any case, both servers are running the same version of prosody:
Package: prosody
Version: 0.11.2-1

Any ideas?

This error normally is wrong credentials.

Referring to

org.jitsi.jigasi.xmpp.acc.USER_ID=meetvoip@auth.meet.example.com
org.jitsi.jigasi.xmpp.acc.PASS=TuIfCJM2vOiP07500hOm

, right?

The password should not be base64-encoded, correct?

And it has to be the same as in

/var/lib/prosody/auth%2emeet%2eexample%2ecom/accounts/meetvoip.dat

, correct?

If so, so far so good.

The problem I see here is that I have

authentication = "internal_plain"

in

VirtualHost "auth.meet.example.com"

whereas I have

authentication = "cyrus"

in

VirtualHost "meet.example.com"

Since my jigasi USER_ID is

meetvoip@auth.meet.example.com

I am NOT expecting a SASL authentication, but an internal_plain one.

Why is the auth_cyrus / SASL mechanism triggered for the jigasi xmpp user?

Not sure looking at the snippet of logs, it can be and

net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.USER_ID=jigasi@auth.meet.example.com

I think this password: org.jitsi.jigasi.xmpp.acc.PASS= is clear text, but the net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1 one is base64.

# grep net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.USER_ID /etc/jitsi/jigasi/sip-communicator.properties
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.USER_ID=jigasi@auth.meet.example.com

# grep net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.PASS /etc/jitsi/jigasi/sip-communicator.properties
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.PASSWORD=bXB6ZHg5d2E0dAo=

# echo "bXB6ZHg5d2E0dAo=" | base64 --decode
mpzdx9wa4t

# cat /var/lib/prosody/auth%2emeet%2eexample%2ecom/accounts/jigasi.dat
return {
        ["password"] = "mpzdx9wa4t";
};

However, one thing I’ve noticed is that in my “sane server” I see this message in prosody’s log:

Authenticated as jigasi@auth.meet.example.com

whereas I do NOT in the failing server.

Still, I don’t see why the jigasi@auth.meet.example.com user is not authenticating.

I think I’m going bonkers. I even tried to remove and create the jigasi user again.

# cat ./jigasi_test.sh
#!/bin/bash

MYDOMAIN=example
MYDOMAINDOT=com

prosodyctl unregister jigasi auth.meet.${MYDOMAIN}.${MYDOMAINDOT}

JIGASI_PASSWORD=$(< /dev/urandom tr -dc a-zA-Z0-9 | head -c16)
ENCODED_JIGASI_PASSWORD=$( echo ${JIGASI_PASSWORD} | base64 )
prosodyctl register jigasi auth.meet.${MYDOMAIN}.${MYDOMAINDOT} ${JIGASI_PASSWORD}
sed -i "s/^net\.java\.sip\.communicator\.impl\.protocol\.jabber\.acc-xmpp-1\.PASSWORD=.*/net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.PASSWORD=${ENCODED_JIGASI_PASSWORD}/" /etc/jitsi/jigasi/sip-communicator.properties

GET_JIGASI_PASSWORD=$( grep net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.PASSWORD /etc/jitsi/jigasi/sip-communicator.properties )
EXTRACTED_JIGASI_PASSWORD=${GET_JIGASI_PASSWORD#*=}
DECODED_JIGASI_PASSWORD=$( echo ${EXTRACTED_JIGASI_PASSWORD} | base64 --decode )
GET_JIGASI_USER_ID=$( grep net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.USER_ID /etc/jitsi/jigasi/sip-communicator.properties )
EXTRACTED_JIGASI_USER_ID=${GET_JIGASI_USER_ID#*=}

echo "Found:"
echo "Jigasi XMPP USER ID: ${EXTRACTED_JIGASI_USER_ID}"
echo "Jigasi XMPP USER PASSWORD: ${EXTRACTED_JIGASI_PASSWORD} which decodes to ${DECODED_JIGASI_PASSWORD}"
echo "The decoded password here below should match the one above:"
cat /var/lib/prosody/auth%2emeet%2e${MYDOMAIN}%2e${MYDOMAINDOT}/accounts/jigasi.dat

service jigasi restart

sleep 5

tail -n 7 /var/log/jitsi/jigasi.log

The script output is:

# ./jigasi_test.sh
Found:
Jigasi XMPP USER ID: jigasi@auth.meet.example.com
Jigasi XMPP USER PASSWORD: TEQ1Ym9ad3pCVUN6QUVUUQo= which decodes to LD5boZwzBUCzAETQ
The decoded password here below should match the one above:
return {
        ["password"] = "LD5boZwzBUCzAETQ";
};
2021-02-24 17:45:32.742 SEVERE: [47] impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin().1003 Failed to connect to XMPP service
org.jivesoftware.smack.sasl.SASLErrorException: SASLError using SCRAM-SHA-1: not-authorized
        at org.jivesoftware.smack.SASLAuthentication.authenticationFailed(SASLAuthentication.java:292)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1100)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
        at java.base/java.lang.Thread.run(Thread.java:834)

If I check the prosody log
# grep Authenticated /var/log/prosody/prosody.log
does NOT show that jigasi has authenticated:

Authenticated as jvb@auth.meet.example.com
Authenticated as focus@auth.meet.example.com

is all I see as far as authentication is concerned.

I don’t know what to try next.

You need to have in the config a section like: net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1. for every new shard.

net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1. …
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-2. …

OK, I have no idea what a shard is, so I guess I need to do some homework…

I only have acc-xmpp-1 defined in jigasi properties. I don’t know why or when I should define acc-xmpp-2, acc-xmpp-3, etc.

Do I need to increment each time I unregister and register the same user ID?

Maybe purging/uninstalling prosody and starting over by registering the jigasi user just once might help?

So you are talking about two shards. A shard is jitsi-meet deployment with one or more bridges.

You jigasi is configured to connect to: net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.SERVER_ADDRESS=127.0.0.1

So you installed jigasi on one of the shards and it connects to xmpp server on localhost?

And you did a second jitsi-meet install, you need to configure jigasi to connect to that prosody server by defining new xmpp account and pointing it to the other machine.

No, I probably didn’t explain myself properly. I meant that I have 2 servers: one I started configuring and was working fine (and still is), but it’s a “test” server, the other I configured afterwards and is failing. However, they are independent and they have their own xmpp server in localhost.

So I take it there are no shards.

[EDIT] In other words, they are identical machines, each one with prosody in localhost.

If this is the failing part:

prosodyctl register jigasi auth.meet.${MYDOMAIN}.${MYDOMAINDOT} ${JIGASI_PASSWORD}

then is there a simple way to manually test the xmpp connection preferably on command-line?
Or can I try to use Jitsi-Desktop by adding the jigasi xmpp account? I guess I’d have to define a different VirtualHost in prosody for that?

Any tips?