Jitsi meet cant conect to AD with LDAP

#1

I need help to connect the meeting with AD servers, I have followed the article on


but jitsi mee not work after create room

#2

What are the console errors you see, start from there?

#3

Thanks for reply.

where should I set ldap?
now I set the ldap in /etc/prosody/conf.d/ldap.cfg.lua
in the prosody artist I found it to be set in /etc/ldap/ldap.conf
I use Ubuntu 16.04 LTS

#4

I have no experience with that, search the forum there were several people that reported it working.

#5

You need to set your ldap configuration in /etc/prosody/conf.avail/ldap.cfg.lua
Do not forget to create a symlink in conf.d because prosody.cfg.lua only includes files coming from “conf.d”.

Just install “ldap2” by doing “apt install prosody-modules” and use it in “ldap.cfg.lua” as authentication (authentication = “ldap2”).

Jitsi-meet LDAP Active Directory authentication - how to get log info
#6

You’ll need setup on AD side too to get service on OpenLDAP.

Check this: https://blogs.msdn.microsoft.com/alextch/2012/04/25/configuring-openldap-pass-through-authentication-to-active-directory/

#7

I’m having the same issue here:

The symptoms described in the first post are similar to mine. Jitsi-meet does not ask for the user’s credentials, the room opens somewhat, but it’s unusable. I’ll try a nightly build, but if that doesn’t change anything I’ll try filing a bug report on github.

Users who have/are successfully authenticating via LDAP, (or “mod_auth_external” or any other prosody module for that matter) would you mind sharing some info such as the jitsi-meet versions you’re using (stable/nightly – which one)?
The main issue I see here is that the jitsi-meet web application does not ask for the user’s credentials, so there’s no way the module/any module will ever be launched.

#8

What do you mean unusable? Maybe sharing the client logs will help.

#9

What do you mean by “client”? I’m using FF as a client as shown here:


I’d be more than happy to show more info if you guide me through.

On the server, logs don’t seem to show much once the room is created.

#10

All browsers have javascript console under a developer menu, open it and see the errors and share it.
When there is a problem this is the first place to look at.

#11

There are no significant errors in the web console. I’ll post the full log if you deem it fit. In the meantime, the following messages caught my eye:

[modules/xmpp/moderator.js] <d.prototype.parseConfigOptions>: Authentication enabled: false
lib-jitsi-meet.min.js:6:248046

[modules/xmpp/moderator.js] <d.prototype.parseConfigOptions>:  External authentication enabled: false
lib-jitsi-meet.min.js:6:248046
#12

I need to check the code to see where these messages come from.
If there are no errors, what is the unusable in the room?

#13

OK, so I’m going to paste everything I have so there’s no mix-up or confusion. I installed jitsi-meet stable builds on a debian system with apache (as well as prosody-modules). Everything is “default” and autoconfigured by the deb packages (I just told it that my machine is meet.mydomain.org and I provided self-signed certificates). So now I’ll just paste my custom files only (ie. the ones I edited manually):

# cat /etc/prosody/conf.d/ldap.cfg.lua
authentication = 'ldap2'

ldap = {
    hostname = '10.215.144.35',
    bind_dn = 'cn=ldapbind,cn=Users,dc=mydomain,dc=org',
    bind_password = 'h07500Man',
    -- use_tls = true,
    user = {
        basedn = 'cn=Users,dc=mydomain,dc=org',
        -- filter = '(objectClass=User)',
        usernamefield = 'sAMAccountName',
        namefield = 'cn',
    },
}

# cat /etc/prosody/conf.d/meet.mydomain.org.cfg.lua

VirtualHost "meet.mydomain.org"
--        authentication = "anonymous"
        authentication = "ldap2"
--        authentication = "external"
--      external_auth_command = "/etc/prosody/conf.d/custom_prosody_auth.sh"
        ssl = {
                key = "/etc/prosody/certs/meet.mydomain.org.key";
                certificate = "/etc/prosody/certs/meet.mydomain.org.crt";
        }
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
        }

        c2s_require_encryption = false

Component "conference.meet.mydomain.org" "muc"
    storage = "null"
    --modules_enabled = { "token_verification" }
admins = { "focus@auth.meet.mydomain.org" }

Component "jitsi-videobridge.meet.mydomain.org"
    component_secret = "czzEeVRH"

VirtualHost "auth.meet.mydomain.org"
    ssl = {
        key = "/etc/prosody/certs/auth.meet.mydomain.org.key";
        certificate = "/etc/prosody/certs/auth.meet.mydomain.org.crt";
    }
    authentication = "internal_plain"

Component "focus.meet.mydomain.org"
    component_secret = "lqrfPXSD"

When I connect to meet.mydomain.org with Firefox, this is what I get in the client web console AFTER I enter the room name and press enter:

[react/features/analytics/functions.js] <c/</<>:  Error creating analytics handler: Error: Failed to initialize Amplitude handler, no APP key
app.bundle.min.js:60:56163
[react/features/analytics/functions.js] <c/</<>:  Loaded 0 analytics handlers
app.bundle.min.js:60:56163
[react/features/base/storage/PersistenceRegistry.js] <persistState>:  redux state persisted. eda571889093841189fcc2056dfc395b -> 096560b5dc9e3867d3d5236fc1760b43
app.bundle.min.js:60:56163
content youtube
content-youtube.js:1:1
no youtube
content-youtube.js:6:4
content dailymotion
content-dailymotion.js:1:1
no dailymotion
content-dailymotion.js:6:4
content vimeo
content-vimeo.js:1:1
no vimeo
content-vimeo.js:6:4
(TIME) index.html loaded:	 185
testroom:18:9
[modules/browser/BrowserCapabilities.js] <t>:  This appears to be firefox, ver: 60.0
Logger.js:124:12
[react/index.web.js] <>:  (TIME) document ready:	 537
app.bundle.min.js:60:56163
[react/features/base/storage/PersistenceRegistry.js] <getPersistedState>:  redux state rehydrated as 
Object { "features/base/settings": {…}, "features/dropbox": {}, "features/video-layout": {…}, "features/recent-list": (17) […], "features/welcome": {}, "features/base/known-domains": (5) […] }
app.bundle.min.js:60:56163
[modules/UI/videolayout/VideoLayout.js] <changeUserAvatar>:  Missed avatar update - no small video yet for undefined
app.bundle.min.js:60:56163
[react/features/base/media/middleware.js] <>:  Start muted: 
app.bundle.min.js:60:56163
[react/features/base/media/middleware.js] <>:  Start audio only set to false
app.bundle.min.js:60:56163
[react/features/base/conference/middleware.js] <>:  Audio-only disabled
app.bundle.min.js:60:56163
[react/features/analytics/functions.js] <c/</<>:  Error creating analytics handler: Error: Failed to initialize Amplitude handler, no APP key
app.bundle.min.js:60:56163
[react/features/analytics/functions.js] <c/</<>:  Loaded 0 analytics handlers
app.bundle.min.js:60:56163
[react/features/base/devices/actions.js] <c/</</<>:  Failed to set audio output device.
                        Default audio output device will be used instead Error: Audio output device change is not supported
app.bundle.min.js:60:56163
[modules/RTC/RTCUtils.js] <value/<>:  Available devices:  
Array(5) [ MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo ]
Logger.js:124:12
[conference.js] <updateAudioIconEnabled>:  Microphone button enabled: true local audio: null audio devices: [object MediaDeviceInfo],[object MediaDeviceInfo],[object MediaDeviceInfo] device count: 3
app.bundle.min.js:60:56163
[conference.js] <updateVideoIconEnabled>:  Camera button enabled: true local video: null video devices: [object MediaDeviceInfo],[object MediaDeviceInfo] device count: 2
app.bundle.min.js:60:56163
[modules/RTC/RTCUtils.js] <value>:  Using the new gUM flow
Logger.js:124:12
[modules/xmpp/xmpp.js] <value>:  P2P STUN servers:  
Array(3) [ {…}, {…}, {…} ]
Logger.js:124:12
[modules/xmpp/xmpp.js] <value>:  (TIME) Strophe connecting:	 897
Logger.js:124:12
[modules/RTC/RTCUtils.js] <value/i<>:  Got media constraints:  
Object { video: {…}, audio: {…} }
Logger.js:124:12
[modules/xmpp/strophe.util.js] <t.a/i.Strophe.log>:  Strophe: Server did not yet offer a supported authentication mechanism. Sending a blank poll request.
Logger.js:124:12
[react/features/base/storage/PersistenceRegistry.js] <persistState>:  redux state persisted. 096560b5dc9e3867d3d5236fc1760b43 -> 385787135698a16a66d9c30ff0555362
app.bundle.min.js:60:56163
[modules/RTC/RTCUtils.js] <value/</<>:  onUserMediaSuccess
Logger.js:124:12
[modules/RTC/JitsiLocalTrack.js] <value>:  Setting new MSID: {0178137d-8641-4d31-ae1d-e9b14ff792ea} {a862ce47-0242-48d0-a815-356ca5e1cbad} on LocalTrack[undefined,audio]
Logger.js:124:12
[modules/RTC/JitsiLocalTrack.js] <value>:  Setting new MSID: {a386fce1-2ce6-4204-9dc1-bfdb10b13923} {5262fd0d-9ebd-496c-9f36-457a278ca5ae} on LocalTrack[undefined,video]
Logger.js:124:12
[modules/xmpp/strophe.util.js] <t.a/i.Strophe.log>:  Strophe: Server did not yet offer a supported authentication mechanism. Sending a blank poll request.
Logger.js:124:12

Now, despite the fact that I’m in the room, it is “unusable” (maybe a better word would be “unusual/nexpected”) because button clicks don’t apparently fire up anything. In my previous post I erroneously said there were no significant erros, but there are. For instance, right after clicking the red button to leave the room I get this message in the web console:

[JitsiMeetJS.js] <getGlobalOnErrorHandler>:  UnhandledError: TypeError: e is undefined Script: https://meet.mydomain/libs/app.bundle.min.js?v=3387 Line: 60 Column: 228118 StackTrace:  TypeError: e is undefined
Stack trace:
ft/<@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:228118
r/</</<@https://meet.mydomain/libs/app.bundle.min.js?v=3387:211:78251
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:271319
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:24:115808
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:77269
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:35:20580
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:35:13080
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:35:9960
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:35:4141
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:165309
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:211:72027
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:100803
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:24:92999
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:16:95793
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:16:95755
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:49243
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:35:29434
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:148:52829
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:39431
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:65:50182
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:148:49431
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:35:126777
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:243:52108
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:169573
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:243:48550
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:228796
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:112009
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:293235
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:289662
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:283973
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:80162
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:282292
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:1:47851
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:1:55878
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:1:54442
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:278018
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:183499
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:276559
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:275876
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:16:90768
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:274657
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:16:111700
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:1:136933
hangup@https://meet.mydomain/libs/app.bundle.min.js?v=3387:250:95694
s/<@https://meet.mydomain/libs/app.bundle.min.js?v=3387:211:29710
r/</</<@https://meet.mydomain/libs/app.bundle.min.js?v=3387:211:78251
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:271319
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:24:115808
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:77269
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:35:20580
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:35:13080
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:35:9960
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:35:4141
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:165309
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:211:72027
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:100803
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:24:92999
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:16:95793
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:16:95755
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:49243
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:35:29434
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:148:52829
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:39431
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:65:50182
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:148:49431
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:35:126777
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:243:52108
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:169573
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:243:48550
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:228796
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:112009
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:293235
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:289662
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:283973
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:80162
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:282292
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:1:47851
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:1:55878
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:1:54442
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:278018
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:60:183499
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:276559
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:275876
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:16:90768
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:232:274657
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:16:111700
@https://meet.mydomain/libs/app.bundle.min.js?v=3387:1:136933
_doHangup@https://meet.mydomain/libs/app.bundle.min.js?v=3387:24:74277
_handleClick@https://meet.mydomain/libs/app.bundle.min.js?v=3387:16:105985
_onClick@https://meet.mydomain/libs/app.bundle.min.js?v=3387:16:104517
f/<@https://meet.mydomain/libs/app.bundle.min.js?v=3387:132:879
f@https://meet.mydomain/libs/app.bundle.min.js?v=3387:132:801
S/<@https://meet.mydomain/libs/app.bundle.min.js?v=3387:132:1555
S@https://meet.mydomain/libs/app.bundle.min.js?v=3387:132:1524
A@https://meet.mydomain/libs/app.bundle.min.js?v=3387:132:2059
D@https://meet.mydomain/libs/app.bundle.min.js?v=3387:132:1892
N@https://meet.mydomain/libs/app.bundle.min.js?v=3387:132:2981
En@https://meet.mydomain/libs/app.bundle.min.js?v=3387:132:30345
Ps@https://meet.mydomain/libs/app.bundle.min.js?v=3387:132:98271
Fe@https://meet.mydomain/libs/app.bundle.min.js?v=3387:132:10256
An@https://meet.mydomain/libs/app.bundle.min.js?v=3387:132:30825
Ls/<@https://meet.mydomain/libs/app.bundle.min.js?v=3387:132:98548
t.unstable_runWithPriority@https://meet.mydomain/libs/app.bundle.min.js?v=3387:141:3194
Ls@https://meet.mydomain/libs/app.bundle.min.js?v=3387:132:98471
Cn@https://meet.mydomain/libs/app.bundle.min.js?v=3387:132:30568
 Logger.js:124:12

In any case, as you can see the root cause of all this is the fact that the jitsi-meet web application does not ask the user for his/her credentials.
It might all boil down to the message:
Server did not yet offer a supported authentication mechanism

What is “server” in this case?
Is it prosody? If so, please note that if I use any other xmpp client (like Jitsi Desktop), I can properly connect to prosody and authenticate via ldap.

#14

This is your problem.
Can you add in prosody general section consider_bosh_secure = true and restart it.
https://prosody.im/doc/modules/mod_bosh

#15

I’m afraid I already tried that, but it didn’t change anything.
Here’s EXACTLY what I did:

# grep consider_bosh_secure /etc/prosody/prosody.cfg.lua
consider_bosh_secure = true
# systemctl restart prosody

And here’s what Firefox says:

[react/features/analytics/functions.js] <c/</<>:  Error creating analytics handler: Error: Failed to initialize Amplitude handler, no APP key
app.bundle.min.js:60:56163
[react/features/analytics/functions.js] <c/</<>:  Loaded 0 analytics handlers
app.bundle.min.js:60:56163
[react/features/base/storage/PersistenceRegistry.js] <persistState>:  redux state persisted. fb5a4c9f711dd8ce1c94a0ba3104c135 -> 8a5ef311b9ddb599c4972acd074afa83
app.bundle.min.js:60:56163
content youtube
content-youtube.js:1:1
no youtube
content-youtube.js:6:4
content dailymotion
content-dailymotion.js:1:1
no dailymotion
content-dailymotion.js:6:4
content vimeo
content-vimeo.js:1:1
no vimeo
content-vimeo.js:6:4
(TIME) index.html loaded:	 197
testroom:18:9
[modules/browser/BrowserCapabilities.js] <t>:  This appears to be firefox, ver: 60.0
Logger.js:124:12
[react/index.web.js] <>:  (TIME) document ready:	 559
app.bundle.min.js:60:56163
[react/features/base/storage/PersistenceRegistry.js] <getPersistedState>:  redux state rehydrated as 
Object { "features/base/settings": {…}, "features/dropbox": {}, "features/video-layout": {…}, "features/recent-list": (17) […], "features/welcome": {}, "features/base/known-domains": (5) […] }
app.bundle.min.js:60:56163
[modules/UI/videolayout/VideoLayout.js] <changeUserAvatar>:  Missed avatar update - no small video yet for undefined
app.bundle.min.js:60:56163
[react/features/base/media/middleware.js] <>:  Start muted: 
app.bundle.min.js:60:56163
[react/features/base/media/middleware.js] <>:  Start audio only set to false
app.bundle.min.js:60:56163
[react/features/base/conference/middleware.js] <>:  Audio-only disabled
app.bundle.min.js:60:56163
[react/features/analytics/functions.js] <c/</<>:  Error creating analytics handler: Error: Failed to initialize Amplitude handler, no APP key
app.bundle.min.js:60:56163
[react/features/analytics/functions.js] <c/</<>:  Loaded 0 analytics handlers
app.bundle.min.js:60:56163
[react/features/base/devices/actions.js] <c/</</<>:  Failed to set audio output device.
                        Default audio output device will be used instead Error: Audio output device change is not supported
app.bundle.min.js:60:56163
[modules/RTC/RTCUtils.js] <value/<>:  Available devices:  
Array(5) [ MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo ]
Logger.js:124:12
[conference.js] <updateAudioIconEnabled>:  Microphone button enabled: true local audio: null audio devices: [object MediaDeviceInfo],[object MediaDeviceInfo],[object MediaDeviceInfo] device count: 3
app.bundle.min.js:60:56163
[conference.js] <updateVideoIconEnabled>:  Camera button enabled: true local video: null video devices: [object MediaDeviceInfo],[object MediaDeviceInfo] device count: 2
app.bundle.min.js:60:56163
[modules/RTC/RTCUtils.js] <value>:  Using the new gUM flow
Logger.js:124:12
[modules/xmpp/xmpp.js] <value>:  P2P STUN servers:  
Array(3) [ {…}, {…}, {…} ]
Logger.js:124:12
[modules/xmpp/xmpp.js] <value>:  (TIME) Strophe connecting:	 968
Logger.js:124:12
[modules/RTC/RTCUtils.js] <value/i<>:  Got media constraints:  
Object { video: {…}, audio: {…} }
Logger.js:124:12
[modules/xmpp/strophe.util.js] <t.a/i.Strophe.log>:  Strophe: Server did not yet offer a supported authentication mechanism. Sending a blank poll request.
Logger.js:124:12
[react/features/base/storage/PersistenceRegistry.js] <persistState>:  redux state persisted. 8a5ef311b9ddb599c4972acd074afa83 -> 5af2f554be859a98236704efa203e0ad
app.bundle.min.js:60:56163
[modules/RTC/RTCUtils.js] <value/</<>:  onUserMediaSuccess
Logger.js:124:12
[modules/RTC/JitsiLocalTrack.js] <value>:  Setting new MSID: {d0b681f1-a800-4e0f-9aea-98b24ca0bf7a} {302df142-bd56-44b5-b00c-1201b12c3762} on LocalTrack[undefined,audio]
Logger.js:124:12
[modules/RTC/JitsiLocalTrack.js] <value>:  Setting new MSID: {e960514b-8d84-4d26-97e4-470fb6d3e674} {1fcd81f7-ebdb-485b-a037-602741536542} on LocalTrack[undefined,video]
Logger.js:124:12
[modules/RTC/RTCUtils.js] <n/<>:  list of media devices has changed: 
Array(5) [ MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo ]
Logger.js:124:12

Pressing the red button to leave the room throws the same unhandled error.

#16

Is this in the general part of your config?

Can you try adding there and c2s_require_encryption = false and try again.

No client errors matter till you fix the Strophe: Server did not yet offer a supported authentication mechanism. Sending a blank poll request.

#17

I already have both parameters as you say:

# cat /etc/prosody/prosody.cfg.lua | grep -v '^--' | grep -v ^$
admins = { }
modules_enabled = {
        -- Generally required
                "roster"; -- Allow users to have a roster. Recommended ;)
                "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
                "tls"; -- Add support for secure TLS on c2s/s2s connections
                "dialback"; -- s2s dialback support
                "disco"; -- Service discovery
        -- Not essential, but recommended
                "private"; -- Private XML storage (for room bookmarks, etc.)
                "vcard"; -- Allow users to set vCards

        -- These are commented by default as they have a performance impact
                --"privacy"; -- Support privacy lists
                --"compression"; -- Stream compression (Debian: requires lua-zlib module to work)
        -- Nice to have
                "version"; -- Replies to server version requests
                "uptime"; -- Report how long server has been running
                "time"; -- Let others know the time here on this server
                "ping"; -- Replies to XMPP pings with pongs
                "pep"; -- Enables users to publish their mood, activity, playing music and more
                "register"; -- Allow users to register on this server using a client and change passwords
        -- Admin interfaces
                "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
                --"admin_telnet"; -- Opens telnet console interface on localhost port 5582

        -- HTTP modules
                --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
                --"http_files"; -- Serve static files from a directory over HTTP
        -- Other specific functionality
                "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
                --"groups"; -- Shared roster support
                --"announce"; -- Send announcement to all online users
                --"welcome"; -- Welcome users who register accounts
                --"watchregistrations"; -- Alert admins of registrations
                --"motd"; -- Send a message to users when they log in
                --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
};
modules_disabled = {
        -- "offline"; -- Store offline messages
        -- "c2s"; -- Handle client connections
        -- "s2s"; -- Handle server-to-server connections
};
allow_registration = false;
daemonize = true;
pidfile = "/var/run/prosody/prosody.pid";
ssl = {
        key = "/etc/prosody/certs/localhost.key";
        certificate = "/etc/prosody/certs/localhost.crt";
}
c2s_require_encryption = false
s2s_secure_auth = false
authentication = "internal_plain"
log = {
        -- Log files (change 'info' to 'debug' for debug logs):
        --info = "/var/log/prosody/prosody.log";
        debug = "/var/log/prosody/prosody.log";
        error = "/var/log/prosody/prosody.err";
        -- Syslog:
        { levels = { "error" }; to = "syslog";  };
}
VirtualHost "example.com"
        enabled = false -- Remove this line to enable this host
        -- Assign this host a certificate for TLS, otherwise it would use the one
        -- set in the global section (if any).
        -- Note that old-style SSL on port 5223 only supports one certificate, and will always
        -- use the global one.
        ssl = {
                key = "/etc/prosody/certs/example.com.key";
                certificate = "/etc/prosody/certs/example.com.crt";
        }
consider_bosh_secure = true
Include "conf.d/*.cfg.lua"

What else can I try/debug?

#18

Can you move this before the virtual host section as it belongs to the general section of the file and try again.

#19

damencho,

You nailed it!
Wow, what a sweat… It’s finally working.

It would be great to have this properly documented (all this hassle for just 1 line). I knew about the consider_bosh_secure parameter, and already placed it in the cfg file, but as I’m not fluent in LUA I wasn’t 100% sure what “general section” meant. I was supposing that if it was at the start of a line and out of a clause then it was “general”. My bad.

Thank you very much for your kind help and patience!