[jitsi-users] Force Prosody-authentication in Jitsi-meet


#1

Hi,

I now have configured Prosody in my in-house Jitsi-meet-server to
authenticate via Active Directory. I have also enabled the secure domain
following this guide: https://github.com/jitsi/jicofo#secure-domain

So when creating a new conference I get a message saying:

"
Waiting for the host...
The conference *chat * has not yet started. If you are the host then please
authenticate. Otherwise, please wait for the host to arrive."

Clicking on "I am the host" and logging in with wrong username I get

"Error
Connection failed: host-unknown"

However when logging in with correct username and correct _or_ incorrect
password i get

"Connecting
Connecting"

The jvb.log does not tell me anything and jicofo.log keeps squirting out

"2015-08-23 19:22:28.708 INFO: [58]
org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().377 Focus request
for room: chat5@conference.10.1.3.16"

endlessly. prosody.err doesn't tell me anything either, but prosody.log
says this:

Sep 23 19:25:00 bosh0cd5fa28-5a02-42ef-8453-f0310392eb3a info BOSH
client disconnected
Sep 23 19:25:00 mod_bosh info Client tried to use sid
'0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
Sep 23 19:25:00 mod_bosh info Client tried to use sid
'0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
Sep 23 19:25:01 mod_bosh info New BOSH session, assigned it sid
'28a7f933-82a6-4bfd-b270-09d512b47231'
Sep 23 19:25:01 bosh28a7f933-82a6-4bfd-b270-09d512b47231 info
Authenticated as 9f97257a-5c24-42ca-a172-dd52ef4216e3@guest.10.1.3.16

And after I try to login it says:

Sep 23 19:25:26 mod_bosh info New BOSH session, assigned it sid
'a4a1b27f-2403-468a-bf16-0d740710d073'

And then it just sits there...

I don't have any DNS name assigned to the server, can that be the problem?

Kindest regards,
Mathias


#2

Hi Mathias,

try to add option "consider_bosh_secure = true" to prosody.cfg.lua.
Make sure to use right username when logging in, it's
user.name@<your-jitsi-hostname>, e.g jonh.doe@meet.example.com

Best,
Stan

···

2015-09-23 19:28 GMT+02:00 Mathias Friman <mathias@workplays.se>:

Hi,

I now have configured Prosody in my in-house Jitsi-meet-server to
authenticate via Active Directory. I have also enabled the secure domain
following this guide: https://github.com/jitsi/jicofo#secure-domain

So when creating a new conference I get a message saying:

"
Waiting for the host...
The conference chat has not yet started. If you are the host then please
authenticate. Otherwise, please wait for the host to arrive."

Clicking on "I am the host" and logging in with wrong username I get

"Error
Connection failed: host-unknown"

However when logging in with correct username and correct _or_ incorrect
password i get

"Connecting
Connecting"

The jvb.log does not tell me anything and jicofo.log keeps squirting out

"2015-08-23 19:22:28.708 INFO: [58]
org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().377 Focus request
for room: chat5@conference.10.1.3.16"

endlessly. prosody.err doesn't tell me anything either, but prosody.log says
this:

Sep 23 19:25:00 bosh0cd5fa28-5a02-42ef-8453-f0310392eb3a info BOSH
client disconnected
Sep 23 19:25:00 mod_bosh info Client tried to use sid
'0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
Sep 23 19:25:00 mod_bosh info Client tried to use sid
'0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
Sep 23 19:25:01 mod_bosh info New BOSH session, assigned it sid
'28a7f933-82a6-4bfd-b270-09d512b47231'
Sep 23 19:25:01 bosh28a7f933-82a6-4bfd-b270-09d512b47231 info
Authenticated as 9f97257a-5c24-42ca-a172-dd52ef4216e3@guest.10.1.3.16

And after I try to login it says:

Sep 23 19:25:26 mod_bosh info New BOSH session, assigned it sid
'a4a1b27f-2403-468a-bf16-0d740710d073'

And then it just sits there...

I don't have any DNS name assigned to the server, can that be the problem?

Kindest regards,
Mathias

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#3

Thanks Stan,

I got a little further. Now Jitsi-Meet says "Error: Authentication failed"
instead of "Connecting". :slight_smile:

prosody.log says:
Sep 24 19:32:29 general info Hello and welcome to Prosody version 0.9.1
Sep 24 19:32:29 general info Prosody is using the select backend for
connection handling
Sep 24 19:32:29 portmanager info Activated service 'component' on
[127.0.0.1]:5347, [::1]:5347
Sep 24 19:32:29 portmanager info Activated service 's2s' on
[::]:5269, [*]:5269
Sep 24 19:32:29 portmanager info Activated service 'c2s' on
[::]:5222, [*]:5222
Sep 24 19:32:29 portmanager info Activated service 'legacy_ssl' on
no ports
Sep 24 19:32:29 mod_posix info Prosody is about to detach from the
console, disabling further console output
Sep 24 19:32:29 mod_posix info Successfully daemonized to PID 989
Sep 24 19:32:29 portmanager info Activated service 'http' on
[::]:5280, [*]:5280
Sep 24 19:32:29 portmanager info Activated service 'https' on
[::]:5281, [*]:5281
Sep 24 19:32:31 jcp144bb20 info Incoming Jabber component connection
Sep 24 19:32:31 jitsi-videobridge.videokonf.domain.com:component
info External component successfully authenticated
Sep 24 19:32:33 jcp1455930 info Incoming Jabber component connection
Sep 24 19:32:33 focus.videokonf.domain.com:component info External
component successfully authenticated
Sep 24 19:32:33 c2s145f1b0 info Client connected
Sep 24 19:32:34 sasl warn Client is violating RFC 3920 (section 6.1,
point 7).
Sep 24 19:32:34 c2s145f1b0 info Authenticated as
focus@auth.videokonf.domain.com
Sep 24 19:32:35 mod_bosh info Client tried to use sid
'614481cd-ff0c-4bce-b230-64fcabf47b29' which we don't know about
Sep 24 19:32:36 mod_bosh info New BOSH session, assigned it sid
'79f56519-4a1e-4bab-b156-86e71ff2efc2'
Sep 24 19:32:36 bosh79f56519-4a1e-4bab-b156-86e71ff2efc2 info
Authenticated as
626c374e-16ec-4fb2-9e62-3c0194ff1c31@guest.videokonf.domain.com
Sep 24 19:32:37 c2s1212010 info Client connected
Sep 24 19:32:38 c2s1212010 info Authenticated as
testmathias@videokonf.domain.com
Sep 24 19:32:55 mod_bosh info Client tried to use sid
'614481cd-ff0c-4bce-b230-64fcabf47b29' which we don't know about
Sep 24 19:32:57 mod_bosh info New BOSH session, assigned it sid
'68b91a83-e0da-4945-894c-058c6aefab13'
Sep 24 19:32:58 bosh68b91a83-e0da-4945-894c-058c6aefab13 info
Authenticated as
e9998922-ac2b-486d-b844-0c954d5cad09@guest.videokonf.domain.com
Sep 24 19:33:08 bosh68b91a83-e0da-4945-894c-058c6aefab13 info
BOSH client disconnected
Sep 24 19:33:23 mod_bosh info New BOSH session, assigned it sid
'26758970-7004-4945-b5eb-e0e49dab4bb2'
Sep 24 19:33:23 bosh26758970-7004-4945-b5eb-e0e49dab4bb2 info
Authenticated as
b3445fb7-613d-43fe-a28a-298fcee1b9b7@guest.videokonf.domain.com
Sep 24 19:33:39 mod_bosh info New BOSH session, assigned it sid
'd0e14ba4-fcfd-4f8e-92d4-f3c2f62ded1d'

The "Authenticated as"-line is a XMPP-client connecting to Prosody and not
the Jitsi-Meet. I don't know which logfiles to include and what settings
are important for you all to see in order to help...

The /etc/prosody/conf.avail/videokonf.domain.com.cfg.lua file:

VirtualHost "videokonf.domain.com"
        authentication = "ldap"
        ldap_base="dc=domain,dc=local"
        ldap_server="10.1.1.170:3268"
        ldap_rootdn="Jitsi@domain.local"
        ldap_password="[redacted]"
        ldap_filter="sAMAccountName=$user"
        ldap_scope="subtree"
        ldap_tls="false"
        ldap_mode="bind"
        -- Assign this host a certificate for TLS, otherwise it would use
the one
        -- set in the global section (if any).
        -- Note that old-style SSL on port 5223 only supports one
certificate, and will always
        -- use the global one.
        ssl = {
                key = "/etc/prosody/certs/videokonf.domain.com.key";
                certificate = "/etc/prosody/certs/videokonf.domain.com.crt";
        }
        -- we need bosh
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
        }

Component "conference.videokonf.domain.com" "muc"
admins = { "focus@auth.videokonf.domain.com" }

Component "jitsi-videobridge.videokonf.domain.com"
    component_secret = "[redacted]"

VirtualHost "auth.videokonf.domain.com"
        authentication = "internal_plain"

VirtualHost "guest.videokonf.domain.com"
        authentication = "anonymous"

Component "focus.videokonf.domain.com"
    component_secret = "[redacted]"

···

----

Highest regards to you guys :slight_smile:
//Mathias

2015-09-24 18:44 GMT+02:00 Stanislav Kopp <staskopp@gmail.com>:

Hi Mathias,

try to add option "consider_bosh_secure = true" to prosody.cfg.lua.
Make sure to use right username when logging in, it's
user.name@<your-jitsi-hostname>, e.g jonh.doe@meet.example.com

Best,
Stan

2015-09-23 19:28 GMT+02:00 Mathias Friman <mathias@workplays.se>:
> Hi,
>
> I now have configured Prosody in my in-house Jitsi-meet-server to
> authenticate via Active Directory. I have also enabled the secure domain
> following this guide: https://github.com/jitsi/jicofo#secure-domain
>
> So when creating a new conference I get a message saying:
>
> "
> Waiting for the host...
> The conference chat has not yet started. If you are the host then please
> authenticate. Otherwise, please wait for the host to arrive."
>
> Clicking on "I am the host" and logging in with wrong username I get
>
> "Error
> Connection failed: host-unknown"
>
> However when logging in with correct username and correct _or_ incorrect
> password i get
>
> "Connecting
> Connecting"
>
> The jvb.log does not tell me anything and jicofo.log keeps squirting out
>
> "2015-08-23 19:22:28.708 INFO: [58]
> org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().377 Focus
request
> for room: chat5@conference.10.1.3.16"
>
> endlessly. prosody.err doesn't tell me anything either, but prosody.log
says
> this:
>
> Sep 23 19:25:00 bosh0cd5fa28-5a02-42ef-8453-f0310392eb3a info BOSH
> client disconnected
> Sep 23 19:25:00 mod_bosh info Client tried to use sid
> '0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
> Sep 23 19:25:00 mod_bosh info Client tried to use sid
> '0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
> Sep 23 19:25:01 mod_bosh info New BOSH session, assigned it sid
> '28a7f933-82a6-4bfd-b270-09d512b47231'
> Sep 23 19:25:01 bosh28a7f933-82a6-4bfd-b270-09d512b47231 info
> Authenticated as 9f97257a-5c24-42ca-a172-dd52ef4216e3@guest.10.1.3.16
>
> And after I try to login it says:
>
> Sep 23 19:25:26 mod_bosh info New BOSH session, assigned it sid
> 'a4a1b27f-2403-468a-bf16-0d740710d073'
>
> And then it just sits there...
>
> I don't have any DNS name assigned to the server, can that be the
problem?
>
> Kindest regards,
> Mathias
>
>
> _______________________________________________
> users mailing list
> users@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#4

First of all, you prosody version is pretty old, update to 0.9.8 if
possible. Secondly, what ldap module do you use? I think "ldap2"
should work better than "ldap", I don't have experience with AD, but
here are my setup notes for OpenLDAP auth with prosody and jitsi-meet,
hope this can help you
http://booting-rpi.blogspot.de/2015/09/using-ldap-authentication-with-jitsi.html

Best,
Stan

···

2015-09-24 19:45 GMT+02:00 Mathias Friman <mathias@workplays.se>:

Thanks Stan,

I got a little further. Now Jitsi-Meet says "Error: Authentication failed"
instead of "Connecting". :slight_smile:

prosody.log says:
Sep 24 19:32:29 general info Hello and welcome to Prosody version 0.9.1
Sep 24 19:32:29 general info Prosody is using the select backend for
connection handling
Sep 24 19:32:29 portmanager info Activated service 'component' on
[127.0.0.1]:5347, [::1]:5347
Sep 24 19:32:29 portmanager info Activated service 's2s' on
[::]:5269, [*]:5269
Sep 24 19:32:29 portmanager info Activated service 'c2s' on
[::]:5222, [*]:5222
Sep 24 19:32:29 portmanager info Activated service 'legacy_ssl' on no
ports
Sep 24 19:32:29 mod_posix info Prosody is about to detach from the
console, disabling further console output
Sep 24 19:32:29 mod_posix info Successfully daemonized to PID 989
Sep 24 19:32:29 portmanager info Activated service 'http' on
[::]:5280, [*]:5280
Sep 24 19:32:29 portmanager info Activated service 'https' on
[::]:5281, [*]:5281
Sep 24 19:32:31 jcp144bb20 info Incoming Jabber component connection
Sep 24 19:32:31 jitsi-videobridge.videokonf.domain.com:component info
External component successfully authenticated
Sep 24 19:32:33 jcp1455930 info Incoming Jabber component connection
Sep 24 19:32:33 focus.videokonf.domain.com:component info External
component successfully authenticated
Sep 24 19:32:33 c2s145f1b0 info Client connected
Sep 24 19:32:34 sasl warn Client is violating RFC 3920 (section 6.1,
point 7).
Sep 24 19:32:34 c2s145f1b0 info Authenticated as
focus@auth.videokonf.domain.com
Sep 24 19:32:35 mod_bosh info Client tried to use sid
'614481cd-ff0c-4bce-b230-64fcabf47b29' which we don't know about
Sep 24 19:32:36 mod_bosh info New BOSH session, assigned it sid
'79f56519-4a1e-4bab-b156-86e71ff2efc2'
Sep 24 19:32:36 bosh79f56519-4a1e-4bab-b156-86e71ff2efc2 info
Authenticated as
626c374e-16ec-4fb2-9e62-3c0194ff1c31@guest.videokonf.domain.com
Sep 24 19:32:37 c2s1212010 info Client connected
Sep 24 19:32:38 c2s1212010 info Authenticated as
testmathias@videokonf.domain.com
Sep 24 19:32:55 mod_bosh info Client tried to use sid
'614481cd-ff0c-4bce-b230-64fcabf47b29' which we don't know about
Sep 24 19:32:57 mod_bosh info New BOSH session, assigned it sid
'68b91a83-e0da-4945-894c-058c6aefab13'
Sep 24 19:32:58 bosh68b91a83-e0da-4945-894c-058c6aefab13 info
Authenticated as
e9998922-ac2b-486d-b844-0c954d5cad09@guest.videokonf.domain.com
Sep 24 19:33:08 bosh68b91a83-e0da-4945-894c-058c6aefab13 info BOSH
client disconnected
Sep 24 19:33:23 mod_bosh info New BOSH session, assigned it sid
'26758970-7004-4945-b5eb-e0e49dab4bb2'
Sep 24 19:33:23 bosh26758970-7004-4945-b5eb-e0e49dab4bb2 info
Authenticated as
b3445fb7-613d-43fe-a28a-298fcee1b9b7@guest.videokonf.domain.com
Sep 24 19:33:39 mod_bosh info New BOSH session, assigned it sid
'd0e14ba4-fcfd-4f8e-92d4-f3c2f62ded1d'

The "Authenticated as"-line is a XMPP-client connecting to Prosody and not
the Jitsi-Meet. I don't know which logfiles to include and what settings are
important for you all to see in order to help...

The /etc/prosody/conf.avail/videokonf.domain.com.cfg.lua file:

VirtualHost "videokonf.domain.com"
        authentication = "ldap"
        ldap_base="dc=domain,dc=local"
        ldap_server="10.1.1.170:3268"
        ldap_rootdn="Jitsi@domain.local"
        ldap_password="[redacted]"
        ldap_filter="sAMAccountName=$user"
        ldap_scope="subtree"
        ldap_tls="false"
        ldap_mode="bind"
        -- Assign this host a certificate for TLS, otherwise it would use
the one
        -- set in the global section (if any).
        -- Note that old-style SSL on port 5223 only supports one
certificate, and will always
        -- use the global one.
        ssl = {
                key = "/etc/prosody/certs/videokonf.domain.com.key";
                certificate = "/etc/prosody/certs/videokonf.domain.com.crt";
        }
        -- we need bosh
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
        }

Component "conference.videokonf.domain.com" "muc"
admins = { "focus@auth.videokonf.domain.com" }

Component "jitsi-videobridge.videokonf.domain.com"
    component_secret = "[redacted]"

VirtualHost "auth.videokonf.domain.com"
        authentication = "internal_plain"

VirtualHost "guest.videokonf.domain.com"
        authentication = "anonymous"

Component "focus.videokonf.domain.com"
    component_secret = "[redacted]"

----

Highest regards to you guys :slight_smile:
//Mathias

2015-09-24 18:44 GMT+02:00 Stanislav Kopp <staskopp@gmail.com>:

Hi Mathias,

try to add option "consider_bosh_secure = true" to prosody.cfg.lua.
Make sure to use right username when logging in, it's
user.name@<your-jitsi-hostname>, e.g jonh.doe@meet.example.com

Best,
Stan

2015-09-23 19:28 GMT+02:00 Mathias Friman <mathias@workplays.se>:
> Hi,
>
> I now have configured Prosody in my in-house Jitsi-meet-server to
> authenticate via Active Directory. I have also enabled the secure domain
> following this guide: https://github.com/jitsi/jicofo#secure-domain
>
> So when creating a new conference I get a message saying:
>
> "
> Waiting for the host...
> The conference chat has not yet started. If you are the host then please
> authenticate. Otherwise, please wait for the host to arrive."
>
> Clicking on "I am the host" and logging in with wrong username I get
>
> "Error
> Connection failed: host-unknown"
>
> However when logging in with correct username and correct _or_ incorrect
> password i get
>
> "Connecting
> Connecting"
>
> The jvb.log does not tell me anything and jicofo.log keeps squirting out
>
> "2015-08-23 19:22:28.708 INFO: [58]
> org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().377 Focus
> request
> for room: chat5@conference.10.1.3.16"
>
> endlessly. prosody.err doesn't tell me anything either, but prosody.log
> says
> this:
>
> Sep 23 19:25:00 bosh0cd5fa28-5a02-42ef-8453-f0310392eb3a info BOSH
> client disconnected
> Sep 23 19:25:00 mod_bosh info Client tried to use sid
> '0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
> Sep 23 19:25:00 mod_bosh info Client tried to use sid
> '0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
> Sep 23 19:25:01 mod_bosh info New BOSH session, assigned it sid
> '28a7f933-82a6-4bfd-b270-09d512b47231'
> Sep 23 19:25:01 bosh28a7f933-82a6-4bfd-b270-09d512b47231 info
> Authenticated as 9f97257a-5c24-42ca-a172-dd52ef4216e3@guest.10.1.3.16
>
> And after I try to login it says:
>
> Sep 23 19:25:26 mod_bosh info New BOSH session, assigned it sid
> 'a4a1b27f-2403-468a-bf16-0d740710d073'
>
> And then it just sits there...
>
> I don't have any DNS name assigned to the server, can that be the
> problem?
>
> Kindest regards,
> Mathias
>
>
> _______________________________________________
> users mailing list
> users@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#5

Hehe, the result for me was even worse than with the mod_auth_ldap module,
prosody faults with

Sep 27 12:55:48 mod_c2s error Traceback[c2s]:
/usr/lib/prosody/modules/ldap.lib.lua:217: attempt to index local 'ld' (a
nil value)
stack traceback:
    /usr/lib/prosody/modules/ldap.lib.lua:217: in function 'singlematch'
    /usr/lib/prosody/modules/ldap.lib.lua:187: in function
</usr/lib/prosody/modules/ldap.lib.lua:179>
    (tail call): ?
    /usr/lib/prosody/modules/mod_auth_ldap2.lua:54: in function 'plain_test'
    /usr/lib/prosody/util/sasl/plain.lua:72: in function
</usr/lib/prosody/util/sasl/plain.lua:38>
    (tail call): ?
    /usr/lib/prosody/modules/mod_saslauth.lua:77: in function
</usr/lib/prosody/modules/mod_saslauth.lua:66>
    (tail call): ?
    /usr/lib/prosody/util/events.lua:67: in function 'fire_event'
    /usr/lib/prosody/core/stanza_router.lua:149: in function
</usr/lib/prosody/core/stanza_router.lua:56>
    ...
    [C]: in function 'parse'
    /usr/lib/prosody/util/xmppstream.lua:255: in function 'feed'
    /usr/lib/prosody/modules/mod_c2s.lua:230: in function 'data'
    /usr/lib/prosody/modules/mod_c2s.lua:252: in function
</usr/lib/prosody/modules/mod_c2s.lua:249>
    (tail call): ?
    /usr/lib/prosody/net/server_select.lua:854: in function
</usr/lib/prosody/net/server_select.lua:836>
    [C]: in function 'xpcall'
    /usr/bin/prosody:376: in function 'loop'
    /usr/bin/prosody:407: in main chunk
    [C]: ?

and I'm unable to connect to prosody using a XMPP client.

I tested to change my /etc/prosody/conf.avail/domain.com.cfg.lua to use
'internal_plain' authentication and created a user
with "prosodyctl adduser prosodytest@videokonf.domain.com" and tried to
login. That worked flawlessly.

This is how jicofo.log looks then:

Sep 27, 2015 2:55:44 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:44 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authentication session created for prosodytest@videokonf.domain.com
SID: ced6ba4a-6e0b-4bc9-a658-dd628ef59040
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authenticated jid:
prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0 with
session: AuthSession[ID=prosodytest@videokonf.domain.com, JID=
prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0,
SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0, R=
test@conference.videokonf.domain.com]@1190029155
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Jid
prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0
authenticated as: prosodytest@videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Created new focus for test@conference.videokonf.domain.com@
auth.videokonf.domain.com conferences count: 1 options:
    channelLastN: -1
    adaptiveLastN: false
    simulcastMode: rewriting
    adaptiveSimulcast: false
    bridge: jitsi-videobridge.videokonf.domain.com
    openSctp: true
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Joining the room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Auto owner feature enabled
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus role: OWNER init: true
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberJoined
sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@ae9bd16
member=org.jitsi.impl.protocol.xmpp.ChatMemberImpl@777cf4f2]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Member test@conference.videokonf.domain.com/focus joined.
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus role: OWNER init: false
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authenticated jid:
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
with session: AuthSession[ID=prosodytest@videokonf.domain.com, JID=
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27,
SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0, R=
test@conference.videokonf.domain.com]@1190029155
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Jid
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
authenticated as: prosodytest@videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authenticated jid:
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
with session: AuthSession[ID=prosodytest@videokonf.domain.com, JID=
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27,
SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0, R=
test@conference.videokonf.domain.com]@1190029155
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Jid
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
authenticated as: prosodytest@videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberJoined
sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@ae9bd16
member=org.jitsi.impl.protocol.xmpp.ChatMemberImpl@3e25065f]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Grant owner to
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Member test@conference.videokonf.domain.com/a6b934f3 joined.
Sep 27, 2015 2:55:54 PM net.java.sip.communicator.util.Logger error
SEVERE: Ping timeout for ID: GoY7U-731

LDAP connection works.

ldapsearch -D 'CN=Jitsi Servicekonto,OU=ServiceKonton,DC=domain,DC=com' l
-x -W -H ldap://10.1.1.170:3268 -b 'dc=domain,dc=com' 'sAMAccountName=*'

returns users so there is no problem with the LDAP-connection from the
server. Also I'm able to connect to prosody using an LDAP-account and for
example the Jitsi client or Empathy.

But when enabling ldap login in
/etc/prosody/conf.avail/videokonf.domain.com.cfg.lua I get a jicofo.log
that looks like this:

Sep 27, 2015 3:02:32 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 3:02:36 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 3:02:37 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 3:02:41 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com

endlessly.

When trying to login with Empathy (with ldap enabled), my debug-enabled
prosody.log looks like this:

Sep 27 15:10:31 videokonf.domain.com:auth_ldap debug
get_user("osdmatfri")
Sep 27 15:10:31 c2s10d9750 info Authenticated as
osdmatfri@videokonf.domain.com
Sep 27 15:10:31 rostermanager debug load_roster: asked for:
osdmatfri@videokonf.domain.com
Sep 27 15:10:31 rostermanager debug load_roster: loading for new
user: osdmatfri@videokonf.domain.com
Sep 27 15:10:31 c2s10d9750 debug Resource bound:
osdmatfri@videokonf.domain.com/85fbfde6
Sep 27 15:10:31 videokonf.domain.com:presence debug outbound presence
probe from osdmatfri@videokonf.domain.com for persun0@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug inbound presence
probe from osdmatfri@videokonf.domain.com for persun0@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug broadcasted
presence of 0 resources from persun0@videokonf.domain.com to
osdmatfri@videokonf.domain.com/85fbfde6
Sep 27 15:10:31 videokonf.domain.com:presence debug outbound presence
probe from osdmatfri@videokonf.domain.com for
testmathias@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug inbound presence
probe from osdmatfri@videokonf.domain.com for
testmathias@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug broadcasted
presence of 1 resources from testmathias@videokonf.domain.com to
osdmatfri@videokonf.domain.com/85fbfde6
Sep 27 15:10:31 datamanager debug Assuming empty offline storage
('cannot open
/var/lib/prosody/videokonf%2edomain%2ecom/offline/osdmatfri.list: No such
file or directory') for user: osdmatfri@videokonf.domain.com
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='disco'
type='result' to='osdmatfri@videokonf.domain.com' from='
osdmatfri@videokonf.domain.com/85fbfde6'>
Sep 27 15:10:31 jcpfcae40 debug Received[component]: <iq
id='239825768460' type='result' to='osdmatfri@videokonf.domain.com/85fbfde6'
from='jitsi-videobridge.videokonf.domain.com'>
Sep 27 15:10:31 jcp111ba70 debug Received[component]: <iq
id='240212768588' type='result' to='osdmatfri@videokonf.domain.com/85fbfde6'
from='focus.videokonf.domain.com'>

Clearly something is awry, but I don't know what... And I'm deeply sorry
for a rather messy post, but I'm becoming desperate. :slight_smile:

Kindest regards,
Mathias

···

Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='232003757585' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='240204764539' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='237581766226' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='237650766294' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='245780770067' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='245785770078' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='245786770086' type='get' to='osdmatfri@videokonf.domain.com'>

2015-09-24 21:09 GMT+02:00 Stanislav Kopp <staskopp@gmail.com>:

First of all, you prosody version is pretty old, update to 0.9.8 if
possible. Secondly, what ldap module do you use? I think "ldap2"
should work better than "ldap", I don't have experience with AD, but
here are my setup notes for OpenLDAP auth with prosody and jitsi-meet,
hope this can help you

http://booting-rpi.blogspot.de/2015/09/using-ldap-authentication-with-jitsi.html

Best,
Stan

2015-09-24 19:45 GMT+02:00 Mathias Friman <mathias@workplays.se>:
> Thanks Stan,
>
> I got a little further. Now Jitsi-Meet says "Error: Authentication
failed"
> instead of "Connecting". :slight_smile:
>
> prosody.log says:
> Sep 24 19:32:29 general info Hello and welcome to Prosody version
0.9.1
> Sep 24 19:32:29 general info Prosody is using the select backend for
> connection handling
> Sep 24 19:32:29 portmanager info Activated service 'component' on
> [127.0.0.1]:5347, [::1]:5347
> Sep 24 19:32:29 portmanager info Activated service 's2s' on
> [::]:5269, [*]:5269
> Sep 24 19:32:29 portmanager info Activated service 'c2s' on
> [::]:5222, [*]:5222
> Sep 24 19:32:29 portmanager info Activated service 'legacy_ssl'
on no
> ports
> Sep 24 19:32:29 mod_posix info Prosody is about to detach from
the
> console, disabling further console output
> Sep 24 19:32:29 mod_posix info Successfully daemonized to PID
989
> Sep 24 19:32:29 portmanager info Activated service 'http' on
> [::]:5280, [*]:5280
> Sep 24 19:32:29 portmanager info Activated service 'https' on
> [::]:5281, [*]:5281
> Sep 24 19:32:31 jcp144bb20 info Incoming Jabber component
connection
> Sep 24 19:32:31 jitsi-videobridge.videokonf.domain.com:component
info
> External component successfully authenticated
> Sep 24 19:32:33 jcp1455930 info Incoming Jabber component
connection
> Sep 24 19:32:33 focus.videokonf.domain.com:component info External
> component successfully authenticated
> Sep 24 19:32:33 c2s145f1b0 info Client connected
> Sep 24 19:32:34 sasl warn Client is violating RFC 3920 (section
6.1,
> point 7).
> Sep 24 19:32:34 c2s145f1b0 info Authenticated as
> focus@auth.videokonf.domain.com
> Sep 24 19:32:35 mod_bosh info Client tried to use sid
> '614481cd-ff0c-4bce-b230-64fcabf47b29' which we don't know about
> Sep 24 19:32:36 mod_bosh info New BOSH session, assigned it sid
> '79f56519-4a1e-4bab-b156-86e71ff2efc2'
> Sep 24 19:32:36 bosh79f56519-4a1e-4bab-b156-86e71ff2efc2 info
> Authenticated as
> 626c374e-16ec-4fb2-9e62-3c0194ff1c31@guest.videokonf.domain.com
> Sep 24 19:32:37 c2s1212010 info Client connected
> Sep 24 19:32:38 c2s1212010 info Authenticated as
> testmathias@videokonf.domain.com
> Sep 24 19:32:55 mod_bosh info Client tried to use sid
> '614481cd-ff0c-4bce-b230-64fcabf47b29' which we don't know about
> Sep 24 19:32:57 mod_bosh info New BOSH session, assigned it sid
> '68b91a83-e0da-4945-894c-058c6aefab13'
> Sep 24 19:32:58 bosh68b91a83-e0da-4945-894c-058c6aefab13 info
> Authenticated as
> e9998922-ac2b-486d-b844-0c954d5cad09@guest.videokonf.domain.com
> Sep 24 19:33:08 bosh68b91a83-e0da-4945-894c-058c6aefab13 info
BOSH
> client disconnected
> Sep 24 19:33:23 mod_bosh info New BOSH session, assigned it sid
> '26758970-7004-4945-b5eb-e0e49dab4bb2'
> Sep 24 19:33:23 bosh26758970-7004-4945-b5eb-e0e49dab4bb2 info
> Authenticated as
> b3445fb7-613d-43fe-a28a-298fcee1b9b7@guest.videokonf.domain.com
> Sep 24 19:33:39 mod_bosh info New BOSH session, assigned it sid
> 'd0e14ba4-fcfd-4f8e-92d4-f3c2f62ded1d'
>
> The "Authenticated as"-line is a XMPP-client connecting to Prosody and
not
> the Jitsi-Meet. I don't know which logfiles to include and what settings
are
> important for you all to see in order to help...
>
> The /etc/prosody/conf.avail/videokonf.domain.com.cfg.lua file:
>
> VirtualHost "videokonf.domain.com"
> authentication = "ldap"
> ldap_base="dc=domain,dc=local"
> ldap_server="10.1.1.170:3268"
> ldap_rootdn="Jitsi@domain.local"
> ldap_password="[redacted]"
> ldap_filter="sAMAccountName=$user"
> ldap_scope="subtree"
> ldap_tls="false"
> ldap_mode="bind"
> -- Assign this host a certificate for TLS, otherwise it would use
> the one
> -- set in the global section (if any).
> -- Note that old-style SSL on port 5223 only supports one
> certificate, and will always
> -- use the global one.
> ssl = {
> key = "/etc/prosody/certs/videokonf.domain.com.key";
> certificate =
"/etc/prosody/certs/videokonf.domain.com.crt";
> }
> -- we need bosh
> modules_enabled = {
> "bosh";
> "pubsub";
> "ping"; -- Enable mod_ping
> }
>
> Component "conference.videokonf.domain.com" "muc"
> admins = { "focus@auth.videokonf.domain.com" }
>
> Component "jitsi-videobridge.videokonf.domain.com"
> component_secret = "[redacted]"
>
> VirtualHost "auth.videokonf.domain.com"
> authentication = "internal_plain"
>
> VirtualHost "guest.videokonf.domain.com"
> authentication = "anonymous"
>
> Component "focus.videokonf.domain.com"
> component_secret = "[redacted]"
>
> ----
>
> Highest regards to you guys :slight_smile:
> //Mathias
>
>
>
> 2015-09-24 18:44 GMT+02:00 Stanislav Kopp <staskopp@gmail.com>:
>>
>> Hi Mathias,
>>
>> try to add option "consider_bosh_secure = true" to prosody.cfg.lua.
>> Make sure to use right username when logging in, it's
>> user.name@<your-jitsi-hostname>, e.g jonh.doe@meet.example.com
>>
>> Best,
>> Stan
>>
>> 2015-09-23 19:28 GMT+02:00 Mathias Friman <mathias@workplays.se>:
>> > Hi,
>> >
>> > I now have configured Prosody in my in-house Jitsi-meet-server to
>> > authenticate via Active Directory. I have also enabled the secure
domain
>> > following this guide: https://github.com/jitsi/jicofo#secure-domain
>> >
>> > So when creating a new conference I get a message saying:
>> >
>> > "
>> > Waiting for the host...
>> > The conference chat has not yet started. If you are the host then
please
>> > authenticate. Otherwise, please wait for the host to arrive."
>> >
>> > Clicking on "I am the host" and logging in with wrong username I get
>> >
>> > "Error
>> > Connection failed: host-unknown"
>> >
>> > However when logging in with correct username and correct _or_
incorrect
>> > password i get
>> >
>> > "Connecting
>> > Connecting"
>> >
>> > The jvb.log does not tell me anything and jicofo.log keeps squirting
out
>> >
>> > "2015-08-23 19:22:28.708 INFO: [58]
>> > org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().377 Focus
>> > request
>> > for room: chat5@conference.10.1.3.16"
>> >
>> > endlessly. prosody.err doesn't tell me anything either, but
prosody.log
>> > says
>> > this:
>> >
>> > Sep 23 19:25:00 bosh0cd5fa28-5a02-42ef-8453-f0310392eb3a info
BOSH
>> > client disconnected
>> > Sep 23 19:25:00 mod_bosh info Client tried to use sid
>> > '0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
>> > Sep 23 19:25:00 mod_bosh info Client tried to use sid
>> > '0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
>> > Sep 23 19:25:01 mod_bosh info New BOSH session, assigned it sid
>> > '28a7f933-82a6-4bfd-b270-09d512b47231'
>> > Sep 23 19:25:01 bosh28a7f933-82a6-4bfd-b270-09d512b47231 info
>> > Authenticated as 9f97257a-5c24-42ca-a172-dd52ef4216e3@guest.10.1.3.16
>> >
>> > And after I try to login it says:
>> >
>> > Sep 23 19:25:26 mod_bosh info New BOSH session, assigned it sid
>> > 'a4a1b27f-2403-468a-bf16-0d740710d073'
>> >
>> > And then it just sits there...
>> >
>> > I don't have any DNS name assigned to the server, can that be the
>> > problem?
>> >
>> > Kindest regards,
>> > Mathias
>> >
>> >
>> > _______________________________________________
>> > users mailing list
>> > users@jitsi.org
>> > Unsubscribe instructions and other list options:
>> > http://lists.jitsi.org/mailman/listinfo/users
>>
>> _______________________________________________
>> users mailing list
>> users@jitsi.org
>> Unsubscribe instructions and other list options:
>> http://lists.jitsi.org/mailman/listinfo/users
>
>
>
> _______________________________________________
> users mailing list
> users@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#6

Hi list!

Seems that I'm not the only one having a problem with LDAP-authentication.
AFAICT, Cyrus SASL authentication with LDAP has the exact same problem, and
I've added to this bug report my own setup:
https://github.com/jitsi/jicofo/issues/22#issuecomment-143073738

Hope this helps to clarify things, and not the opposite :slight_smile:

Kindest regards,
Mathias

···

2015-09-27 15:28 GMT+02:00 Mathias Friman <mathias@workplays.se>:

Hehe, the result for me was even worse than with the mod_auth_ldap module,
prosody faults with

Sep 27 12:55:48 mod_c2s error Traceback[c2s]:
/usr/lib/prosody/modules/ldap.lib.lua:217: attempt to index local 'ld' (a
nil value)
stack traceback:
    /usr/lib/prosody/modules/ldap.lib.lua:217: in function 'singlematch'
    /usr/lib/prosody/modules/ldap.lib.lua:187: in function
</usr/lib/prosody/modules/ldap.lib.lua:179>
    (tail call): ?
    /usr/lib/prosody/modules/mod_auth_ldap2.lua:54: in function
'plain_test'
    /usr/lib/prosody/util/sasl/plain.lua:72: in function
</usr/lib/prosody/util/sasl/plain.lua:38>
    (tail call): ?
    /usr/lib/prosody/modules/mod_saslauth.lua:77: in function
</usr/lib/prosody/modules/mod_saslauth.lua:66>
    (tail call): ?
    /usr/lib/prosody/util/events.lua:67: in function 'fire_event'
    /usr/lib/prosody/core/stanza_router.lua:149: in function
</usr/lib/prosody/core/stanza_router.lua:56>
    ...
    [C]: in function 'parse'
    /usr/lib/prosody/util/xmppstream.lua:255: in function 'feed'
    /usr/lib/prosody/modules/mod_c2s.lua:230: in function 'data'
    /usr/lib/prosody/modules/mod_c2s.lua:252: in function
</usr/lib/prosody/modules/mod_c2s.lua:249>
    (tail call): ?
    /usr/lib/prosody/net/server_select.lua:854: in function
</usr/lib/prosody/net/server_select.lua:836>
    [C]: in function 'xpcall'
    /usr/bin/prosody:376: in function 'loop'
    /usr/bin/prosody:407: in main chunk
    [C]: ?

and I'm unable to connect to prosody using a XMPP client.

I tested to change my /etc/prosody/conf.avail/domain.com.cfg.lua to use
'internal_plain' authentication and created a user
with "prosodyctl adduser prosodytest@videokonf.domain.com" and tried to
login. That worked flawlessly.

This is how jicofo.log looks then:

Sep 27, 2015 2:55:44 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:44 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authentication session created for prosodytest@videokonf.domain.com
SID: ced6ba4a-6e0b-4bc9-a658-dd628ef59040
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authenticated jid:
prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0
with session: AuthSession[ID=prosodytest@videokonf.domain.com, JID=
prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0,
SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0, R=
test@conference.videokonf.domain.com]@1190029155
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Jid
prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0
authenticated as: prosodytest@videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Created new focus for test@conference.videokonf.domain.com@
auth.videokonf.domain.com conferences count: 1 options:
    channelLastN: -1
    adaptiveLastN: false
    simulcastMode: rewriting
    adaptiveSimulcast: false
    bridge: jitsi-videobridge.videokonf.domain.com
    openSctp: true
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Joining the room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Auto owner feature enabled
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus role: OWNER init: true
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberJoined
sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@ae9bd16
member=org.jitsi.impl.protocol.xmpp.ChatMemberImpl@777cf4f2]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Member test@conference.videokonf.domain.com/focus joined.
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus role: OWNER init: false
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authenticated jid:
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
with session: AuthSession[ID=prosodytest@videokonf.domain.com, JID=
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27,
SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0, R=
test@conference.videokonf.domain.com]@1190029155
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Jid
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
authenticated as: prosodytest@videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authenticated jid:
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
with session: AuthSession[ID=prosodytest@videokonf.domain.com, JID=
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27,
SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0, R=
test@conference.videokonf.domain.com]@1190029155
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Jid
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
authenticated as: prosodytest@videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberJoined
sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@ae9bd16
member=org.jitsi.impl.protocol.xmpp.ChatMemberImpl@3e25065f]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Grant owner to
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Member test@conference.videokonf.domain.com/a6b934f3 joined.
Sep 27, 2015 2:55:54 PM net.java.sip.communicator.util.Logger error
SEVERE: Ping timeout for ID: GoY7U-731

LDAP connection works.

ldapsearch -D 'CN=Jitsi Servicekonto,OU=ServiceKonton,DC=domain,DC=com' l
-x -W -H ldap://10.1.1.170:3268 -b 'dc=domain,dc=com' 'sAMAccountName=*'

returns users so there is no problem with the LDAP-connection from the
server. Also I'm able to connect to prosody using an LDAP-account and for
example the Jitsi client or Empathy.

But when enabling ldap login in
/etc/prosody/conf.avail/videokonf.domain.com.cfg.lua I get a jicofo.log
that looks like this:

Sep 27, 2015 3:02:32 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 3:02:36 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 3:02:37 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 3:02:41 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com

endlessly.

When trying to login with Empathy (with ldap enabled), my debug-enabled
prosody.log looks like this:

Sep 27 15:10:31 videokonf.domain.com:auth_ldap debug
get_user("osdmatfri")
Sep 27 15:10:31 c2s10d9750 info Authenticated as
osdmatfri@videokonf.domain.com
Sep 27 15:10:31 rostermanager debug load_roster: asked for:
osdmatfri@videokonf.domain.com
Sep 27 15:10:31 rostermanager debug load_roster: loading for new
user: osdmatfri@videokonf.domain.com
Sep 27 15:10:31 c2s10d9750 debug Resource bound:
osdmatfri@videokonf.domain.com/85fbfde6
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='232003757585' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 videokonf.domain.com:presence debug outbound
presence probe from osdmatfri@videokonf.domain.com for
persun0@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug inbound
presence probe from osdmatfri@videokonf.domain.com for
persun0@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug broadcasted
presence of 0 resources from persun0@videokonf.domain.com to
osdmatfri@videokonf.domain.com/85fbfde6
Sep 27 15:10:31 videokonf.domain.com:presence debug outbound
presence probe from osdmatfri@videokonf.domain.com for
testmathias@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug inbound
presence probe from osdmatfri@videokonf.domain.com for
testmathias@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug broadcasted
presence of 1 resources from testmathias@videokonf.domain.com to
osdmatfri@videokonf.domain.com/85fbfde6
Sep 27 15:10:31 datamanager debug Assuming empty offline storage
('cannot open
/var/lib/prosody/videokonf%2edomain%2ecom/offline/osdmatfri.list: No such
file or directory') for user: osdmatfri@videokonf.domain.com
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='240204764539' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='disco'
type='result' to='osdmatfri@videokonf.domain.com' from='
osdmatfri@videokonf.domain.com/85fbfde6'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='237581766226' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='237650766294' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 jcpfcae40 debug Received[component]: <iq
id='239825768460' type='result' to='
osdmatfri@videokonf.domain.com/85fbfde6' from='
jitsi-videobridge.videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='245780770067' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='245785770078' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='245786770086' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 jcp111ba70 debug Received[component]: <iq
id='240212768588' type='result' to='
osdmatfri@videokonf.domain.com/85fbfde6' from='focus.videokonf.domain.com
'>

Clearly something is awry, but I don't know what... And I'm deeply sorry
for a rather messy post, but I'm becoming desperate. :slight_smile:

Kindest regards,
Mathias

2015-09-24 21:09 GMT+02:00 Stanislav Kopp <staskopp@gmail.com>:

First of all, you prosody version is pretty old, update to 0.9.8 if
possible. Secondly, what ldap module do you use? I think "ldap2"
should work better than "ldap", I don't have experience with AD, but
here are my setup notes for OpenLDAP auth with prosody and jitsi-meet,
hope this can help you

http://booting-rpi.blogspot.de/2015/09/using-ldap-authentication-with-jitsi.html

Best,
Stan

2015-09-24 19:45 GMT+02:00 Mathias Friman <mathias@workplays.se>:
> Thanks Stan,
>
> I got a little further. Now Jitsi-Meet says "Error: Authentication
failed"
> instead of "Connecting". :slight_smile:
>
> prosody.log says:
> Sep 24 19:32:29 general info Hello and welcome to Prosody version
0.9.1
> Sep 24 19:32:29 general info Prosody is using the select backend for
> connection handling
> Sep 24 19:32:29 portmanager info Activated service 'component' on
> [127.0.0.1]:5347, [::1]:5347
> Sep 24 19:32:29 portmanager info Activated service 's2s' on
> [::]:5269, [*]:5269
> Sep 24 19:32:29 portmanager info Activated service 'c2s' on
> [::]:5222, [*]:5222
> Sep 24 19:32:29 portmanager info Activated service 'legacy_ssl'
on no
> ports
> Sep 24 19:32:29 mod_posix info Prosody is about to detach from
the
> console, disabling further console output
> Sep 24 19:32:29 mod_posix info Successfully daemonized to PID
989
> Sep 24 19:32:29 portmanager info Activated service 'http' on
> [::]:5280, [*]:5280
> Sep 24 19:32:29 portmanager info Activated service 'https' on
> [::]:5281, [*]:5281
> Sep 24 19:32:31 jcp144bb20 info Incoming Jabber component
connection
> Sep 24 19:32:31 jitsi-videobridge.videokonf.domain.com:component
info
> External component successfully authenticated
> Sep 24 19:32:33 jcp1455930 info Incoming Jabber component
connection
> Sep 24 19:32:33 focus.videokonf.domain.com:component info External
> component successfully authenticated
> Sep 24 19:32:33 c2s145f1b0 info Client connected
> Sep 24 19:32:34 sasl warn Client is violating RFC 3920 (section
6.1,
> point 7).
> Sep 24 19:32:34 c2s145f1b0 info Authenticated as
> focus@auth.videokonf.domain.com
> Sep 24 19:32:35 mod_bosh info Client tried to use sid
> '614481cd-ff0c-4bce-b230-64fcabf47b29' which we don't know about
> Sep 24 19:32:36 mod_bosh info New BOSH session, assigned it
sid
> '79f56519-4a1e-4bab-b156-86e71ff2efc2'
> Sep 24 19:32:36 bosh79f56519-4a1e-4bab-b156-86e71ff2efc2 info
> Authenticated as
> 626c374e-16ec-4fb2-9e62-3c0194ff1c31@guest.videokonf.domain.com
> Sep 24 19:32:37 c2s1212010 info Client connected
> Sep 24 19:32:38 c2s1212010 info Authenticated as
> testmathias@videokonf.domain.com
> Sep 24 19:32:55 mod_bosh info Client tried to use sid
> '614481cd-ff0c-4bce-b230-64fcabf47b29' which we don't know about
> Sep 24 19:32:57 mod_bosh info New BOSH session, assigned it
sid
> '68b91a83-e0da-4945-894c-058c6aefab13'
> Sep 24 19:32:58 bosh68b91a83-e0da-4945-894c-058c6aefab13 info
> Authenticated as
> e9998922-ac2b-486d-b844-0c954d5cad09@guest.videokonf.domain.com
> Sep 24 19:33:08 bosh68b91a83-e0da-4945-894c-058c6aefab13 info
BOSH
> client disconnected
> Sep 24 19:33:23 mod_bosh info New BOSH session, assigned it
sid
> '26758970-7004-4945-b5eb-e0e49dab4bb2'
> Sep 24 19:33:23 bosh26758970-7004-4945-b5eb-e0e49dab4bb2 info
> Authenticated as
> b3445fb7-613d-43fe-a28a-298fcee1b9b7@guest.videokonf.domain.com
> Sep 24 19:33:39 mod_bosh info New BOSH session, assigned it
sid
> 'd0e14ba4-fcfd-4f8e-92d4-f3c2f62ded1d'
>
> The "Authenticated as"-line is a XMPP-client connecting to Prosody and
not
> the Jitsi-Meet. I don't know which logfiles to include and what
settings are
> important for you all to see in order to help...
>
> The /etc/prosody/conf.avail/videokonf.domain.com.cfg.lua file:
>
> VirtualHost "videokonf.domain.com"
> authentication = "ldap"
> ldap_base="dc=domain,dc=local"
> ldap_server="10.1.1.170:3268"
> ldap_rootdn="Jitsi@domain.local"
> ldap_password="[redacted]"
> ldap_filter="sAMAccountName=$user"
> ldap_scope="subtree"
> ldap_tls="false"
> ldap_mode="bind"
> -- Assign this host a certificate for TLS, otherwise it would
use
> the one
> -- set in the global section (if any).
> -- Note that old-style SSL on port 5223 only supports one
> certificate, and will always
> -- use the global one.
> ssl = {
> key = "/etc/prosody/certs/videokonf.domain.com.key";
> certificate =
"/etc/prosody/certs/videokonf.domain.com.crt";
> }
> -- we need bosh
> modules_enabled = {
> "bosh";
> "pubsub";
> "ping"; -- Enable mod_ping
> }
>
> Component "conference.videokonf.domain.com" "muc"
> admins = { "focus@auth.videokonf.domain.com" }
>
> Component "jitsi-videobridge.videokonf.domain.com"
> component_secret = "[redacted]"
>
> VirtualHost "auth.videokonf.domain.com"
> authentication = "internal_plain"
>
> VirtualHost "guest.videokonf.domain.com"
> authentication = "anonymous"
>
> Component "focus.videokonf.domain.com"
> component_secret = "[redacted]"
>
> ----
>
> Highest regards to you guys :slight_smile:
> //Mathias
>
>
>
> 2015-09-24 18:44 GMT+02:00 Stanislav Kopp <staskopp@gmail.com>:
>>
>> Hi Mathias,
>>
>> try to add option "consider_bosh_secure = true" to prosody.cfg.lua.
>> Make sure to use right username when logging in, it's
>> user.name@<your-jitsi-hostname>, e.g jonh.doe@meet.example.com
>>
>> Best,
>> Stan
>>
>> 2015-09-23 19:28 GMT+02:00 Mathias Friman <mathias@workplays.se>:
>> > Hi,
>> >
>> > I now have configured Prosody in my in-house Jitsi-meet-server to
>> > authenticate via Active Directory. I have also enabled the secure
domain
>> > following this guide: https://github.com/jitsi/jicofo#secure-domain
>> >
>> > So when creating a new conference I get a message saying:
>> >
>> > "
>> > Waiting for the host...
>> > The conference chat has not yet started. If you are the host then
please
>> > authenticate. Otherwise, please wait for the host to arrive."
>> >
>> > Clicking on "I am the host" and logging in with wrong username I get
>> >
>> > "Error
>> > Connection failed: host-unknown"
>> >
>> > However when logging in with correct username and correct _or_
incorrect
>> > password i get
>> >
>> > "Connecting
>> > Connecting"
>> >
>> > The jvb.log does not tell me anything and jicofo.log keeps squirting
out
>> >
>> > "2015-08-23 19:22:28.708 INFO: [58]
>> > org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().377 Focus
>> > request
>> > for room: chat5@conference.10.1.3.16"
>> >
>> > endlessly. prosody.err doesn't tell me anything either, but
prosody.log
>> > says
>> > this:
>> >
>> > Sep 23 19:25:00 bosh0cd5fa28-5a02-42ef-8453-f0310392eb3a info
BOSH
>> > client disconnected
>> > Sep 23 19:25:00 mod_bosh info Client tried to use sid
>> > '0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
>> > Sep 23 19:25:00 mod_bosh info Client tried to use sid
>> > '0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
>> > Sep 23 19:25:01 mod_bosh info New BOSH session, assigned it sid
>> > '28a7f933-82a6-4bfd-b270-09d512b47231'
>> > Sep 23 19:25:01 bosh28a7f933-82a6-4bfd-b270-09d512b47231 info
>> > Authenticated as 9f97257a-5c24-42ca-a172-dd52ef4216e3@guest.10.1.3.16
>> >
>> > And after I try to login it says:
>> >
>> > Sep 23 19:25:26 mod_bosh info New BOSH session, assigned it sid
>> > 'a4a1b27f-2403-468a-bf16-0d740710d073'
>> >
>> > And then it just sits there...
>> >
>> > I don't have any DNS name assigned to the server, can that be the
>> > problem?
>> >
>> > Kindest regards,
>> > Mathias
>> >
>> >
>> > _______________________________________________
>> > users mailing list
>> > users@jitsi.org
>> > Unsubscribe instructions and other list options:
>> > http://lists.jitsi.org/mailman/listinfo/users
>>
>> _______________________________________________
>> users mailing list
>> users@jitsi.org
>> Unsubscribe instructions and other list options:
>> http://lists.jitsi.org/mailman/listinfo/users
>
>
>
> _______________________________________________
> users mailing list
> users@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#7

Hello again,

I guess you are getting quite fed up with my postings by now, but I must
update the issue. Seems that my installation works when i use another
account than the one I was testing with the whole time.

When examining my debug-log for prosody I get this:

Sep 28 10:03:46
boshed479f56-6a3b-420c-b330-00c1b4ea4bc6 debug Received[c2s_unauthed]:
<auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
Sep 28 10:03:46 sasl debug Username or password violates SASLprep.
Sep 28 10:03:46 videokonf.domain.com:saslauth debug sasl reply:
<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><malformed-request/><text>Invalid
username or password.</text></failure>

For my test user I used a password containing the letter ö (that is & ouml;
in html-speak). The handling of characters for SASLprep (or somewhere) made
the user login fail. When using another user with a password not containing
special characters, the login went fine.

However, this bug should be fixed since I can't rely on people in Sweden to
not use åäö or ÅÄÖ in passwords... They are kind of part of our alphabet...

So, how do I go further with this?

Kindest regards,
Mathias

···

2015-09-28 11:17 GMT+02:00 Mathias Friman <mathias@workplays.se>:

Hi list!

Seems that I'm not the only one having a problem with LDAP-authentication.
AFAICT, Cyrus SASL authentication with LDAP has the exact same problem, and
I've added to this bug report my own setup:
https://github.com/jitsi/jicofo/issues/22#issuecomment-143073738

Hope this helps to clarify things, and not the opposite :slight_smile:

Kindest regards,
Mathias

2015-09-27 15:28 GMT+02:00 Mathias Friman <mathias@workplays.se>:

Hehe, the result for me was even worse than with the mod_auth_ldap
module, prosody faults with

Sep 27 12:55:48 mod_c2s error Traceback[c2s]:
/usr/lib/prosody/modules/ldap.lib.lua:217: attempt to index local 'ld' (a
nil value)
stack traceback:
    /usr/lib/prosody/modules/ldap.lib.lua:217: in function 'singlematch'
    /usr/lib/prosody/modules/ldap.lib.lua:187: in function
</usr/lib/prosody/modules/ldap.lib.lua:179>
    (tail call): ?
    /usr/lib/prosody/modules/mod_auth_ldap2.lua:54: in function
'plain_test'
    /usr/lib/prosody/util/sasl/plain.lua:72: in function
</usr/lib/prosody/util/sasl/plain.lua:38>
    (tail call): ?
    /usr/lib/prosody/modules/mod_saslauth.lua:77: in function
</usr/lib/prosody/modules/mod_saslauth.lua:66>
    (tail call): ?
    /usr/lib/prosody/util/events.lua:67: in function 'fire_event'
    /usr/lib/prosody/core/stanza_router.lua:149: in function
</usr/lib/prosody/core/stanza_router.lua:56>
    ...
    [C]: in function 'parse'
    /usr/lib/prosody/util/xmppstream.lua:255: in function 'feed'
    /usr/lib/prosody/modules/mod_c2s.lua:230: in function 'data'
    /usr/lib/prosody/modules/mod_c2s.lua:252: in function
</usr/lib/prosody/modules/mod_c2s.lua:249>
    (tail call): ?
    /usr/lib/prosody/net/server_select.lua:854: in function
</usr/lib/prosody/net/server_select.lua:836>
    [C]: in function 'xpcall'
    /usr/bin/prosody:376: in function 'loop'
    /usr/bin/prosody:407: in main chunk
    [C]: ?

and I'm unable to connect to prosody using a XMPP client.

I tested to change my /etc/prosody/conf.avail/domain.com.cfg.lua to use
'internal_plain' authentication and created a user
with "prosodyctl adduser prosodytest@videokonf.domain.com" and tried to
login. That worked flawlessly.

This is how jicofo.log looks then:

Sep 27, 2015 2:55:44 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:44 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authentication session created for prosodytest@videokonf.domain.com
SID: ced6ba4a-6e0b-4bc9-a658-dd628ef59040
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authenticated jid:
prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0
with session: AuthSession[ID=prosodytest@videokonf.domain.com, JID=
prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0,
SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0, R=
test@conference.videokonf.domain.com]@1190029155
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Jid
prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0
authenticated as: prosodytest@videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Created new focus for test@conference.videokonf.domain.com@
auth.videokonf.domain.com conferences count: 1 options:
    channelLastN: -1
    adaptiveLastN: false
    simulcastMode: rewriting
    adaptiveSimulcast: false
    bridge: jitsi-videobridge.videokonf.domain.com
    openSctp: true
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Joining the room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Auto owner feature enabled
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus role: OWNER init: true
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberJoined
sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@ae9bd16
member=org.jitsi.impl.protocol.xmpp.ChatMemberImpl@777cf4f2]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Member test@conference.videokonf.domain.com/focus joined.
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus role: OWNER init: false
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authenticated jid:
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
with session: AuthSession[ID=prosodytest@videokonf.domain.com, JID=
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27,
SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0, R=
test@conference.videokonf.domain.com]@1190029155
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Jid
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
authenticated as: prosodytest@videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authenticated jid:
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
with session: AuthSession[ID=prosodytest@videokonf.domain.com, JID=
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27,
SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0, R=
test@conference.videokonf.domain.com]@1190029155
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Jid
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
authenticated as: prosodytest@videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberJoined
sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@ae9bd16
member=org.jitsi.impl.protocol.xmpp.ChatMemberImpl@3e25065f]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Grant owner to
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Member test@conference.videokonf.domain.com/a6b934f3 joined.
Sep 27, 2015 2:55:54 PM net.java.sip.communicator.util.Logger error
SEVERE: Ping timeout for ID: GoY7U-731

LDAP connection works.

ldapsearch -D 'CN=Jitsi Servicekonto,OU=ServiceKonton,DC=domain,DC=com'
l -x -W -H ldap://10.1.1.170:3268 -b 'dc=domain,dc=com'
'sAMAccountName=*'

returns users so there is no problem with the LDAP-connection from the
server. Also I'm able to connect to prosody using an LDAP-account and for
example the Jitsi client or Empathy.

But when enabling ldap login in
/etc/prosody/conf.avail/videokonf.domain.com.cfg.lua I get a jicofo.log
that looks like this:

Sep 27, 2015 3:02:32 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 3:02:36 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 3:02:37 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 3:02:41 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com

endlessly.

When trying to login with Empathy (with ldap enabled), my debug-enabled
prosody.log looks like this:

Sep 27 15:10:31 videokonf.domain.com:auth_ldap debug
get_user("osdmatfri")
Sep 27 15:10:31 c2s10d9750 info Authenticated as
osdmatfri@videokonf.domain.com
Sep 27 15:10:31 rostermanager debug load_roster: asked for:
osdmatfri@videokonf.domain.com
Sep 27 15:10:31 rostermanager debug load_roster: loading for new
user: osdmatfri@videokonf.domain.com
Sep 27 15:10:31 c2s10d9750 debug Resource bound:
osdmatfri@videokonf.domain.com/85fbfde6
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='232003757585' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 videokonf.domain.com:presence debug outbound
presence probe from osdmatfri@videokonf.domain.com for
persun0@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug inbound
presence probe from osdmatfri@videokonf.domain.com for
persun0@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug broadcasted
presence of 0 resources from persun0@videokonf.domain.com to
osdmatfri@videokonf.domain.com/85fbfde6
Sep 27 15:10:31 videokonf.domain.com:presence debug outbound
presence probe from osdmatfri@videokonf.domain.com for
testmathias@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug inbound
presence probe from osdmatfri@videokonf.domain.com for
testmathias@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug broadcasted
presence of 1 resources from testmathias@videokonf.domain.com to
osdmatfri@videokonf.domain.com/85fbfde6
Sep 27 15:10:31 datamanager debug Assuming empty offline storage
('cannot open
/var/lib/prosody/videokonf%2edomain%2ecom/offline/osdmatfri.list: No such
file or directory') for user: osdmatfri@videokonf.domain.com
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='240204764539' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='disco'
type='result' to='osdmatfri@videokonf.domain.com' from='
osdmatfri@videokonf.domain.com/85fbfde6'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='237581766226' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='237650766294' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 jcpfcae40 debug Received[component]: <iq
id='239825768460' type='result' to='
osdmatfri@videokonf.domain.com/85fbfde6' from='
jitsi-videobridge.videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='245780770067' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='245785770078' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='245786770086' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 jcp111ba70 debug Received[component]: <iq
id='240212768588' type='result' to='
osdmatfri@videokonf.domain.com/85fbfde6' from='focus.videokonf.domain.com
'>

Clearly something is awry, but I don't know what... And I'm deeply sorry
for a rather messy post, but I'm becoming desperate. :slight_smile:

Kindest regards,
Mathias

2015-09-24 21:09 GMT+02:00 Stanislav Kopp <staskopp@gmail.com>:

First of all, you prosody version is pretty old, update to 0.9.8 if
possible. Secondly, what ldap module do you use? I think "ldap2"
should work better than "ldap", I don't have experience with AD, but
here are my setup notes for OpenLDAP auth with prosody and jitsi-meet,
hope this can help you

http://booting-rpi.blogspot.de/2015/09/using-ldap-authentication-with-jitsi.html

Best,
Stan

2015-09-24 19:45 GMT+02:00 Mathias Friman <mathias@workplays.se>:
> Thanks Stan,
>
> I got a little further. Now Jitsi-Meet says "Error: Authentication
failed"
> instead of "Connecting". :slight_smile:
>
> prosody.log says:
> Sep 24 19:32:29 general info Hello and welcome to Prosody version
0.9.1
> Sep 24 19:32:29 general info Prosody is using the select backend for
> connection handling
> Sep 24 19:32:29 portmanager info Activated service 'component'
on
> [127.0.0.1]:5347, [::1]:5347
> Sep 24 19:32:29 portmanager info Activated service 's2s' on
> [::]:5269, [*]:5269
> Sep 24 19:32:29 portmanager info Activated service 'c2s' on
> [::]:5222, [*]:5222
> Sep 24 19:32:29 portmanager info Activated service 'legacy_ssl'
on no
> ports
> Sep 24 19:32:29 mod_posix info Prosody is about to detach
from the
> console, disabling further console output
> Sep 24 19:32:29 mod_posix info Successfully daemonized to PID
989
> Sep 24 19:32:29 portmanager info Activated service 'http' on
> [::]:5280, [*]:5280
> Sep 24 19:32:29 portmanager info Activated service 'https' on
> [::]:5281, [*]:5281
> Sep 24 19:32:31 jcp144bb20 info Incoming Jabber component
connection
> Sep 24 19:32:31 jitsi-videobridge.videokonf.domain.com:component
info
> External component successfully authenticated
> Sep 24 19:32:33 jcp1455930 info Incoming Jabber component
connection
> Sep 24 19:32:33 focus.videokonf.domain.com:component info External
> component successfully authenticated
> Sep 24 19:32:33 c2s145f1b0 info Client connected
> Sep 24 19:32:34 sasl warn Client is violating RFC 3920 (section
6.1,
> point 7).
> Sep 24 19:32:34 c2s145f1b0 info Authenticated as
> focus@auth.videokonf.domain.com
> Sep 24 19:32:35 mod_bosh info Client tried to use sid
> '614481cd-ff0c-4bce-b230-64fcabf47b29' which we don't know about
> Sep 24 19:32:36 mod_bosh info New BOSH session, assigned it
sid
> '79f56519-4a1e-4bab-b156-86e71ff2efc2'
> Sep 24 19:32:36 bosh79f56519-4a1e-4bab-b156-86e71ff2efc2 info
> Authenticated as
> 626c374e-16ec-4fb2-9e62-3c0194ff1c31@guest.videokonf.domain.com
> Sep 24 19:32:37 c2s1212010 info Client connected
> Sep 24 19:32:38 c2s1212010 info Authenticated as
> testmathias@videokonf.domain.com
> Sep 24 19:32:55 mod_bosh info Client tried to use sid
> '614481cd-ff0c-4bce-b230-64fcabf47b29' which we don't know about
> Sep 24 19:32:57 mod_bosh info New BOSH session, assigned it
sid
> '68b91a83-e0da-4945-894c-058c6aefab13'
> Sep 24 19:32:58 bosh68b91a83-e0da-4945-894c-058c6aefab13 info
> Authenticated as
> e9998922-ac2b-486d-b844-0c954d5cad09@guest.videokonf.domain.com
> Sep 24 19:33:08 bosh68b91a83-e0da-4945-894c-058c6aefab13 info
  BOSH
> client disconnected
> Sep 24 19:33:23 mod_bosh info New BOSH session, assigned it
sid
> '26758970-7004-4945-b5eb-e0e49dab4bb2'
> Sep 24 19:33:23 bosh26758970-7004-4945-b5eb-e0e49dab4bb2 info
> Authenticated as
> b3445fb7-613d-43fe-a28a-298fcee1b9b7@guest.videokonf.domain.com
> Sep 24 19:33:39 mod_bosh info New BOSH session, assigned it
sid
> 'd0e14ba4-fcfd-4f8e-92d4-f3c2f62ded1d'
>
> The "Authenticated as"-line is a XMPP-client connecting to Prosody and
not
> the Jitsi-Meet. I don't know which logfiles to include and what
settings are
> important for you all to see in order to help...
>
> The /etc/prosody/conf.avail/videokonf.domain.com.cfg.lua file:
>
> VirtualHost "videokonf.domain.com"
> authentication = "ldap"
> ldap_base="dc=domain,dc=local"
> ldap_server="10.1.1.170:3268"
> ldap_rootdn="Jitsi@domain.local"
> ldap_password="[redacted]"
> ldap_filter="sAMAccountName=$user"
> ldap_scope="subtree"
> ldap_tls="false"
> ldap_mode="bind"
> -- Assign this host a certificate for TLS, otherwise it would
use
> the one
> -- set in the global section (if any).
> -- Note that old-style SSL on port 5223 only supports one
> certificate, and will always
> -- use the global one.
> ssl = {
> key = "/etc/prosody/certs/videokonf.domain.com.key";
> certificate =
"/etc/prosody/certs/videokonf.domain.com.crt";
> }
> -- we need bosh
> modules_enabled = {
> "bosh";
> "pubsub";
> "ping"; -- Enable mod_ping
> }
>
> Component "conference.videokonf.domain.com" "muc"
> admins = { "focus@auth.videokonf.domain.com" }
>
> Component "jitsi-videobridge.videokonf.domain.com"
> component_secret = "[redacted]"
>
> VirtualHost "auth.videokonf.domain.com"
> authentication = "internal_plain"
>
> VirtualHost "guest.videokonf.domain.com"
> authentication = "anonymous"
>
> Component "focus.videokonf.domain.com"
> component_secret = "[redacted]"
>
> ----
>
> Highest regards to you guys :slight_smile:
> //Mathias
>
>
>
> 2015-09-24 18:44 GMT+02:00 Stanislav Kopp <staskopp@gmail.com>:
>>
>> Hi Mathias,
>>
>> try to add option "consider_bosh_secure = true" to prosody.cfg.lua.
>> Make sure to use right username when logging in, it's
>> user.name@<your-jitsi-hostname>, e.g jonh.doe@meet.example.com
>>
>> Best,
>> Stan
>>
>> 2015-09-23 19:28 GMT+02:00 Mathias Friman <mathias@workplays.se>:
>> > Hi,
>> >
>> > I now have configured Prosody in my in-house Jitsi-meet-server to
>> > authenticate via Active Directory. I have also enabled the secure
domain
>> > following this guide: https://github.com/jitsi/jicofo#secure-domain
>> >
>> > So when creating a new conference I get a message saying:
>> >
>> > "
>> > Waiting for the host...
>> > The conference chat has not yet started. If you are the host then
please
>> > authenticate. Otherwise, please wait for the host to arrive."
>> >
>> > Clicking on "I am the host" and logging in with wrong username I get
>> >
>> > "Error
>> > Connection failed: host-unknown"
>> >
>> > However when logging in with correct username and correct _or_
incorrect
>> > password i get
>> >
>> > "Connecting
>> > Connecting"
>> >
>> > The jvb.log does not tell me anything and jicofo.log keeps
squirting out
>> >
>> > "2015-08-23 19:22:28.708 INFO: [58]
>> > org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().377 Focus
>> > request
>> > for room: chat5@conference.10.1.3.16"
>> >
>> > endlessly. prosody.err doesn't tell me anything either, but
prosody.log
>> > says
>> > this:
>> >
>> > Sep 23 19:25:00 bosh0cd5fa28-5a02-42ef-8453-f0310392eb3a info
BOSH
>> > client disconnected
>> > Sep 23 19:25:00 mod_bosh info Client tried to use sid
>> > '0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
>> > Sep 23 19:25:00 mod_bosh info Client tried to use sid
>> > '0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
>> > Sep 23 19:25:01 mod_bosh info New BOSH session, assigned it
sid
>> > '28a7f933-82a6-4bfd-b270-09d512b47231'
>> > Sep 23 19:25:01 bosh28a7f933-82a6-4bfd-b270-09d512b47231 info
>> > Authenticated as
9f97257a-5c24-42ca-a172-dd52ef4216e3@guest.10.1.3.16
>> >
>> > And after I try to login it says:
>> >
>> > Sep 23 19:25:26 mod_bosh info New BOSH session, assigned it
sid
>> > 'a4a1b27f-2403-468a-bf16-0d740710d073'
>> >
>> > And then it just sits there...
>> >
>> > I don't have any DNS name assigned to the server, can that be the
>> > problem?
>> >
>> > Kindest regards,
>> > Mathias
>> >
>> >
>> > _______________________________________________
>> > users mailing list
>> > users@jitsi.org
>> > Unsubscribe instructions and other list options:
>> > http://lists.jitsi.org/mailman/listinfo/users
>>
>> _______________________________________________
>> users mailing list
>> users@jitsi.org
>> Unsubscribe instructions and other list options:
>> http://lists.jitsi.org/mailman/listinfo/users
>
>
>
> _______________________________________________
> users mailing list
> users@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#8

Hi Mathias,

I think this is a wrong place, you need contact prosody guys about
the problem. http://prosody.im/discuss#mailing_lists

Best,
Stan

···

2015-09-28 17:14 GMT+02:00 Mathias Friman <mathias@workplays.se>:

Hello again,

I guess you are getting quite fed up with my postings by now, but I must
update the issue. Seems that my installation works when i use another
account than the one I was testing with the whole time.

When examining my debug-log for prosody I get this:

Sep 28 10:03:46
boshed479f56-6a3b-420c-b330-00c1b4ea4bc6 debug Received[c2s_unauthed]: <auth
mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
Sep 28 10:03:46 sasl debug Username or password violates SASLprep.
Sep 28 10:03:46 videokonf.domain.com:saslauth debug sasl reply: <failure
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><malformed-request/><text>Invalid
username or password.</text></failure>

For my test user I used a password containing the letter ö (that is & ouml;
in html-speak). The handling of characters for SASLprep (or somewhere) made
the user login fail. When using another user with a password not containing
special characters, the login went fine.

However, this bug should be fixed since I can't rely on people in Sweden to
not use åäö or ÅÄÖ in passwords... They are kind of part of our alphabet...

So, how do I go further with this?

Kindest regards,
Mathias

2015-09-28 11:17 GMT+02:00 Mathias Friman <mathias@workplays.se>:

Hi list!

Seems that I'm not the only one having a problem with LDAP-authentication.
AFAICT, Cyrus SASL authentication with LDAP has the exact same problem, and
I've added to this bug report my own setup:
https://github.com/jitsi/jicofo/issues/22#issuecomment-143073738

Hope this helps to clarify things, and not the opposite :slight_smile:

Kindest regards,
Mathias

2015-09-27 15:28 GMT+02:00 Mathias Friman <mathias@workplays.se>:

Hehe, the result for me was even worse than with the mod_auth_ldap
module, prosody faults with

Sep 27 12:55:48 mod_c2s error Traceback[c2s]:
/usr/lib/prosody/modules/ldap.lib.lua:217: attempt to index local 'ld' (a
nil value)
stack traceback:
    /usr/lib/prosody/modules/ldap.lib.lua:217: in function 'singlematch'
    /usr/lib/prosody/modules/ldap.lib.lua:187: in function
</usr/lib/prosody/modules/ldap.lib.lua:179>
    (tail call): ?
    /usr/lib/prosody/modules/mod_auth_ldap2.lua:54: in function
'plain_test'
    /usr/lib/prosody/util/sasl/plain.lua:72: in function
</usr/lib/prosody/util/sasl/plain.lua:38>
    (tail call): ?
    /usr/lib/prosody/modules/mod_saslauth.lua:77: in function
</usr/lib/prosody/modules/mod_saslauth.lua:66>
    (tail call): ?
    /usr/lib/prosody/util/events.lua:67: in function 'fire_event'
    /usr/lib/prosody/core/stanza_router.lua:149: in function
</usr/lib/prosody/core/stanza_router.lua:56>
    ...
    [C]: in function 'parse'
    /usr/lib/prosody/util/xmppstream.lua:255: in function 'feed'
    /usr/lib/prosody/modules/mod_c2s.lua:230: in function 'data'
    /usr/lib/prosody/modules/mod_c2s.lua:252: in function
</usr/lib/prosody/modules/mod_c2s.lua:249>
    (tail call): ?
    /usr/lib/prosody/net/server_select.lua:854: in function
</usr/lib/prosody/net/server_select.lua:836>
    [C]: in function 'xpcall'
    /usr/bin/prosody:376: in function 'loop'
    /usr/bin/prosody:407: in main chunk
    [C]: ?

and I'm unable to connect to prosody using a XMPP client.

I tested to change my /etc/prosody/conf.avail/domain.com.cfg.lua to use
'internal_plain' authentication and created a user
with "prosodyctl adduser prosodytest@videokonf.domain.com" and tried to
login. That worked flawlessly.

This is how jicofo.log looks then:

Sep 27, 2015 2:55:44 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:44 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authentication session created for prosodytest@videokonf.domain.com
SID: ced6ba4a-6e0b-4bc9-a658-dd628ef59040
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authenticated jid:
prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0 with
session: AuthSession[ID=prosodytest@videokonf.domain.com,
JID=prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0,
SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0,
R=test@conference.videokonf.domain.com]@1190029155
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Jid
prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0
authenticated as: prosodytest@videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Created new focus for
test@conference.videokonf.domain.com@auth.videokonf.domain.com conferences
count: 1 options:
    channelLastN: -1
    adaptiveLastN: false
    simulcastMode: rewriting
    adaptiveSimulcast: false
    bridge: jitsi-videobridge.videokonf.domain.com
    openSctp: true
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Joining the room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Auto owner feature enabled
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus role: OWNER init: true
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberJoined
sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@ae9bd16
member=org.jitsi.impl.protocol.xmpp.ChatMemberImpl@777cf4f2]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Member test@conference.videokonf.domain.com/focus joined.
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus role: OWNER init: false
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authenticated jid:
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
with session: AuthSession[ID=prosodytest@videokonf.domain.com,
JID=a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27,
SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0,
R=test@conference.videokonf.domain.com]@1190029155
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Jid
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
authenticated as: prosodytest@videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Authenticated jid:
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
with session: AuthSession[ID=prosodytest@videokonf.domain.com,
JID=a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27,
SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0,
R=test@conference.videokonf.domain.com]@1190029155
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Jid
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
authenticated as: prosodytest@videokonf.domain.com
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberJoined
sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@ae9bd16
member=org.jitsi.impl.protocol.xmpp.ChatMemberImpl@3e25065f]
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Grant owner to
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
INFO: Member test@conference.videokonf.domain.com/a6b934f3 joined.
Sep 27, 2015 2:55:54 PM net.java.sip.communicator.util.Logger error
SEVERE: Ping timeout for ID: GoY7U-731

LDAP connection works.

ldapsearch -D 'CN=Jitsi Servicekonto,OU=ServiceKonton,DC=domain,DC=com' l
-x -W -H ldap://10.1.1.170:3268 -b 'dc=domain,dc=com' 'sAMAccountName=*'

returns users so there is no problem with the LDAP-connection from the
server. Also I'm able to connect to prosody using an LDAP-account and for
example the Jitsi client or Empathy.

But when enabling ldap login in
/etc/prosody/conf.avail/videokonf.domain.com.cfg.lua I get a jicofo.log that
looks like this:

Sep 27, 2015 3:02:32 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 3:02:36 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 3:02:37 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com
Sep 27, 2015 3:02:41 PM net.java.sip.communicator.util.Logger info
INFO: Focus request for room: test@conference.videokonf.domain.com

endlessly.

When trying to login with Empathy (with ldap enabled), my debug-enabled
prosody.log looks like this:

Sep 27 15:10:31 videokonf.domain.com:auth_ldap debug
get_user("osdmatfri")
Sep 27 15:10:31 c2s10d9750 info Authenticated as
osdmatfri@videokonf.domain.com
Sep 27 15:10:31 rostermanager debug load_roster: asked for:
osdmatfri@videokonf.domain.com
Sep 27 15:10:31 rostermanager debug load_roster: loading for new
user: osdmatfri@videokonf.domain.com
Sep 27 15:10:31 c2s10d9750 debug Resource bound:
osdmatfri@videokonf.domain.com/85fbfde6
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='232003757585' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 videokonf.domain.com:presence debug outbound
presence probe from osdmatfri@videokonf.domain.com for
persun0@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug inbound
presence probe from osdmatfri@videokonf.domain.com for
persun0@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug broadcasted
presence of 0 resources from persun0@videokonf.domain.com to
osdmatfri@videokonf.domain.com/85fbfde6
Sep 27 15:10:31 videokonf.domain.com:presence debug outbound
presence probe from osdmatfri@videokonf.domain.com for
testmathias@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug inbound
presence probe from osdmatfri@videokonf.domain.com for
testmathias@videokonf.domain.com
Sep 27 15:10:31 videokonf.domain.com:presence debug broadcasted
presence of 1 resources from testmathias@videokonf.domain.com to
osdmatfri@videokonf.domain.com/85fbfde6
Sep 27 15:10:31 datamanager debug Assuming empty offline storage
('cannot open
/var/lib/prosody/videokonf%2edomain%2ecom/offline/osdmatfri.list: No such
file or directory') for user: osdmatfri@videokonf.domain.com
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='240204764539' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='disco'
type='result' to='osdmatfri@videokonf.domain.com'
from='osdmatfri@videokonf.domain.com/85fbfde6'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='237581766226' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='237650766294' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 jcpfcae40 debug Received[component]: <iq
id='239825768460' type='result' to='osdmatfri@videokonf.domain.com/85fbfde6'
from='jitsi-videobridge.videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='245780770067' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='245785770078' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
id='245786770086' type='get' to='osdmatfri@videokonf.domain.com'>
Sep 27 15:10:31 jcp111ba70 debug Received[component]: <iq
id='240212768588' type='result' to='osdmatfri@videokonf.domain.com/85fbfde6'
from='focus.videokonf.domain.com'>

Clearly something is awry, but I don't know what... And I'm deeply sorry
for a rather messy post, but I'm becoming desperate. :slight_smile:

Kindest regards,
Mathias

2015-09-24 21:09 GMT+02:00 Stanislav Kopp <staskopp@gmail.com>:

First of all, you prosody version is pretty old, update to 0.9.8 if
possible. Secondly, what ldap module do you use? I think "ldap2"
should work better than "ldap", I don't have experience with AD, but
here are my setup notes for OpenLDAP auth with prosody and jitsi-meet,
hope this can help you

http://booting-rpi.blogspot.de/2015/09/using-ldap-authentication-with-jitsi.html

Best,
Stan

2015-09-24 19:45 GMT+02:00 Mathias Friman <mathias@workplays.se>:
> Thanks Stan,
>
> I got a little further. Now Jitsi-Meet says "Error: Authentication
> failed"
> instead of "Connecting". :slight_smile:
>
> prosody.log says:
> Sep 24 19:32:29 general info Hello and welcome to Prosody version
> 0.9.1
> Sep 24 19:32:29 general info Prosody is using the select backend
> for
> connection handling
> Sep 24 19:32:29 portmanager info Activated service 'component'
> on
> [127.0.0.1]:5347, [::1]:5347
> Sep 24 19:32:29 portmanager info Activated service 's2s' on
> [::]:5269, [*]:5269
> Sep 24 19:32:29 portmanager info Activated service 'c2s' on
> [::]:5222, [*]:5222
> Sep 24 19:32:29 portmanager info Activated service 'legacy_ssl'
> on no
> ports
> Sep 24 19:32:29 mod_posix info Prosody is about to detach
> from the
> console, disabling further console output
> Sep 24 19:32:29 mod_posix info Successfully daemonized to PID
> 989
> Sep 24 19:32:29 portmanager info Activated service 'http' on
> [::]:5280, [*]:5280
> Sep 24 19:32:29 portmanager info Activated service 'https' on
> [::]:5281, [*]:5281
> Sep 24 19:32:31 jcp144bb20 info Incoming Jabber component
> connection
> Sep 24 19:32:31 jitsi-videobridge.videokonf.domain.com:component
> info
> External component successfully authenticated
> Sep 24 19:32:33 jcp1455930 info Incoming Jabber component
> connection
> Sep 24 19:32:33 focus.videokonf.domain.com:component info External
> component successfully authenticated
> Sep 24 19:32:33 c2s145f1b0 info Client connected
> Sep 24 19:32:34 sasl warn Client is violating RFC 3920 (section
> 6.1,
> point 7).
> Sep 24 19:32:34 c2s145f1b0 info Authenticated as
> focus@auth.videokonf.domain.com
> Sep 24 19:32:35 mod_bosh info Client tried to use sid
> '614481cd-ff0c-4bce-b230-64fcabf47b29' which we don't know about
> Sep 24 19:32:36 mod_bosh info New BOSH session, assigned it
> sid
> '79f56519-4a1e-4bab-b156-86e71ff2efc2'
> Sep 24 19:32:36 bosh79f56519-4a1e-4bab-b156-86e71ff2efc2 info
> Authenticated as
> 626c374e-16ec-4fb2-9e62-3c0194ff1c31@guest.videokonf.domain.com
> Sep 24 19:32:37 c2s1212010 info Client connected
> Sep 24 19:32:38 c2s1212010 info Authenticated as
> testmathias@videokonf.domain.com
> Sep 24 19:32:55 mod_bosh info Client tried to use sid
> '614481cd-ff0c-4bce-b230-64fcabf47b29' which we don't know about
> Sep 24 19:32:57 mod_bosh info New BOSH session, assigned it
> sid
> '68b91a83-e0da-4945-894c-058c6aefab13'
> Sep 24 19:32:58 bosh68b91a83-e0da-4945-894c-058c6aefab13 info
> Authenticated as
> e9998922-ac2b-486d-b844-0c954d5cad09@guest.videokonf.domain.com
> Sep 24 19:33:08 bosh68b91a83-e0da-4945-894c-058c6aefab13 info
> BOSH
> client disconnected
> Sep 24 19:33:23 mod_bosh info New BOSH session, assigned it
> sid
> '26758970-7004-4945-b5eb-e0e49dab4bb2'
> Sep 24 19:33:23 bosh26758970-7004-4945-b5eb-e0e49dab4bb2 info
> Authenticated as
> b3445fb7-613d-43fe-a28a-298fcee1b9b7@guest.videokonf.domain.com
> Sep 24 19:33:39 mod_bosh info New BOSH session, assigned it
> sid
> 'd0e14ba4-fcfd-4f8e-92d4-f3c2f62ded1d'
>
> The "Authenticated as"-line is a XMPP-client connecting to Prosody and
> not
> the Jitsi-Meet. I don't know which logfiles to include and what
> settings are
> important for you all to see in order to help...
>
> The /etc/prosody/conf.avail/videokonf.domain.com.cfg.lua file:
>
> VirtualHost "videokonf.domain.com"
> authentication = "ldap"
> ldap_base="dc=domain,dc=local"
> ldap_server="10.1.1.170:3268"
> ldap_rootdn="Jitsi@domain.local"
> ldap_password="[redacted]"
> ldap_filter="sAMAccountName=$user"
> ldap_scope="subtree"
> ldap_tls="false"
> ldap_mode="bind"
> -- Assign this host a certificate for TLS, otherwise it would
> use
> the one
> -- set in the global section (if any).
> -- Note that old-style SSL on port 5223 only supports one
> certificate, and will always
> -- use the global one.
> ssl = {
> key = "/etc/prosody/certs/videokonf.domain.com.key";
> certificate =
> "/etc/prosody/certs/videokonf.domain.com.crt";
> }
> -- we need bosh
> modules_enabled = {
> "bosh";
> "pubsub";
> "ping"; -- Enable mod_ping
> }
>
> Component "conference.videokonf.domain.com" "muc"
> admins = { "focus@auth.videokonf.domain.com" }
>
> Component "jitsi-videobridge.videokonf.domain.com"
> component_secret = "[redacted]"
>
> VirtualHost "auth.videokonf.domain.com"
> authentication = "internal_plain"
>
> VirtualHost "guest.videokonf.domain.com"
> authentication = "anonymous"
>
> Component "focus.videokonf.domain.com"
> component_secret = "[redacted]"
>
> ----
>
> Highest regards to you guys :slight_smile:
> //Mathias
>
>
>
> 2015-09-24 18:44 GMT+02:00 Stanislav Kopp <staskopp@gmail.com>:
>>
>> Hi Mathias,
>>
>> try to add option "consider_bosh_secure = true" to prosody.cfg.lua.
>> Make sure to use right username when logging in, it's
>> user.name@<your-jitsi-hostname>, e.g jonh.doe@meet.example.com
>>
>> Best,
>> Stan
>>
>> 2015-09-23 19:28 GMT+02:00 Mathias Friman <mathias@workplays.se>:
>> > Hi,
>> >
>> > I now have configured Prosody in my in-house Jitsi-meet-server to
>> > authenticate via Active Directory. I have also enabled the secure
>> > domain
>> > following this guide: https://github.com/jitsi/jicofo#secure-domain
>> >
>> > So when creating a new conference I get a message saying:
>> >
>> > "
>> > Waiting for the host...
>> > The conference chat has not yet started. If you are the host then
>> > please
>> > authenticate. Otherwise, please wait for the host to arrive."
>> >
>> > Clicking on "I am the host" and logging in with wrong username I
>> > get
>> >
>> > "Error
>> > Connection failed: host-unknown"
>> >
>> > However when logging in with correct username and correct _or_
>> > incorrect
>> > password i get
>> >
>> > "Connecting
>> > Connecting"
>> >
>> > The jvb.log does not tell me anything and jicofo.log keeps
>> > squirting out
>> >
>> > "2015-08-23 19:22:28.708 INFO: [58]
>> > org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().377 Focus
>> > request
>> > for room: chat5@conference.10.1.3.16"
>> >
>> > endlessly. prosody.err doesn't tell me anything either, but
>> > prosody.log
>> > says
>> > this:
>> >
>> > Sep 23 19:25:00 bosh0cd5fa28-5a02-42ef-8453-f0310392eb3a info
>> > BOSH
>> > client disconnected
>> > Sep 23 19:25:00 mod_bosh info Client tried to use sid
>> > '0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
>> > Sep 23 19:25:00 mod_bosh info Client tried to use sid
>> > '0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
>> > Sep 23 19:25:01 mod_bosh info New BOSH session, assigned it
>> > sid
>> > '28a7f933-82a6-4bfd-b270-09d512b47231'
>> > Sep 23 19:25:01 bosh28a7f933-82a6-4bfd-b270-09d512b47231 info
>> > Authenticated as
>> > 9f97257a-5c24-42ca-a172-dd52ef4216e3@guest.10.1.3.16
>> >
>> > And after I try to login it says:
>> >
>> > Sep 23 19:25:26 mod_bosh info New BOSH session, assigned it
>> > sid
>> > 'a4a1b27f-2403-468a-bf16-0d740710d073'
>> >
>> > And then it just sits there...
>> >
>> > I don't have any DNS name assigned to the server, can that be the
>> > problem?
>> >
>> > Kindest regards,
>> > Mathias
>> >
>> >
>> > _______________________________________________
>> > users mailing list
>> > users@jitsi.org
>> > Unsubscribe instructions and other list options:
>> > http://lists.jitsi.org/mailman/listinfo/users
>>
>> _______________________________________________
>> users mailing list
>> users@jitsi.org
>> Unsubscribe instructions and other list options:
>> http://lists.jitsi.org/mailman/listinfo/users
>
>
>
> _______________________________________________
> users mailing list
> users@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#9

Hi again,

Yeah, I contacted them and found out using the Firefox developer console
that somewhere along the way the base64 encoded string gets a Latin1
character set, so that characters like åäö becomes � (diamond with a
questionmark). I tried to change charset by putting a <meta charset=utf-8>
in the index.html in Jitsi-Meet, which didn't solve the problem. So the
response I got was that the problem lies in Strophe.js:

"the underlying problem you're running into is that JavaScript strings are
UTF-16, not UTF-8. so unless strophe is explicitly doing conversion of
passwords to utf-8 before base64'ing them, there will be problems. the
characterset of the page itself does not affect that"

There is an issue named "Strophe corrupts unicode JID node names." that may
describe the same problem (sort of):
https://github.com/metajack/strophejs/issues/60

It has to do with Strophe.js using UTF-16 and not converting to UTF-8
before doing a base64 encoding.

A fix has been proposed for chinese jid's, I guess this could work for all
other characters as well:

https://github.com/strophe/strophejs/issues/147
https://github.com/strophe/strophejs/pull/136

Anyhoo, that's the story right now. :slight_smile:

Kindest regards,
Mathias

···

2015-09-28 17:21 GMT+02:00 Stanislav Kopp <staskopp@gmail.com>:

Hi Mathias,

I think this is a wrong place, you need contact prosody guys about
the problem. http://prosody.im/discuss#mailing_lists

Best,
Stan

2015-09-28 17:14 GMT+02:00 Mathias Friman <mathias@workplays.se>:
> Hello again,
>
> I guess you are getting quite fed up with my postings by now, but I must
> update the issue. Seems that my installation works when i use another
> account than the one I was testing with the whole time.
>
> When examining my debug-log for prosody I get this:
>
> Sep 28 10:03:46
> boshed479f56-6a3b-420c-b330-00c1b4ea4bc6 debug
Received[c2s_unauthed]: <auth
> mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
> Sep 28 10:03:46 sasl debug Username or password violates SASLprep.
> Sep 28 10:03:46 videokonf.domain.com:saslauth debug sasl reply:
<failure
>
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><malformed-request/><text>Invalid
> username or password.</text></failure>
>
> For my test user I used a password containing the letter ö (that is &
ouml;
> in html-speak). The handling of characters for SASLprep (or somewhere)
made
> the user login fail. When using another user with a password not
containing
> special characters, the login went fine.
>
> However, this bug should be fixed since I can't rely on people in Sweden
to
> not use åäö or ÅÄÖ in passwords... They are kind of part of our
alphabet...
>
> So, how do I go further with this?
>
> Kindest regards,
> Mathias
>
>
> 2015-09-28 11:17 GMT+02:00 Mathias Friman <mathias@workplays.se>:
>>
>> Hi list!
>>
>> Seems that I'm not the only one having a problem with
LDAP-authentication.
>> AFAICT, Cyrus SASL authentication with LDAP has the exact same problem,
and
>> I've added to this bug report my own setup:
>> https://github.com/jitsi/jicofo/issues/22#issuecomment-143073738
>>
>> Hope this helps to clarify things, and not the opposite :slight_smile:
>>
>> Kindest regards,
>> Mathias
>>
>> 2015-09-27 15:28 GMT+02:00 Mathias Friman <mathias@workplays.se>:
>>>
>>> Hehe, the result for me was even worse than with the mod_auth_ldap
>>> module, prosody faults with
>>>
>>> Sep 27 12:55:48 mod_c2s error Traceback[c2s]:
>>> /usr/lib/prosody/modules/ldap.lib.lua:217: attempt to index local 'ld'
(a
>>> nil value)
>>> stack traceback:
>>> /usr/lib/prosody/modules/ldap.lib.lua:217: in function
'singlematch'
>>> /usr/lib/prosody/modules/ldap.lib.lua:187: in function
>>> </usr/lib/prosody/modules/ldap.lib.lua:179>
>>> (tail call): ?
>>> /usr/lib/prosody/modules/mod_auth_ldap2.lua:54: in function
>>> 'plain_test'
>>> /usr/lib/prosody/util/sasl/plain.lua:72: in function
>>> </usr/lib/prosody/util/sasl/plain.lua:38>
>>> (tail call): ?
>>> /usr/lib/prosody/modules/mod_saslauth.lua:77: in function
>>> </usr/lib/prosody/modules/mod_saslauth.lua:66>
>>> (tail call): ?
>>> /usr/lib/prosody/util/events.lua:67: in function 'fire_event'
>>> /usr/lib/prosody/core/stanza_router.lua:149: in function
>>> </usr/lib/prosody/core/stanza_router.lua:56>
>>> ...
>>> [C]: in function 'parse'
>>> /usr/lib/prosody/util/xmppstream.lua:255: in function 'feed'
>>> /usr/lib/prosody/modules/mod_c2s.lua:230: in function 'data'
>>> /usr/lib/prosody/modules/mod_c2s.lua:252: in function
>>> </usr/lib/prosody/modules/mod_c2s.lua:249>
>>> (tail call): ?
>>> /usr/lib/prosody/net/server_select.lua:854: in function
>>> </usr/lib/prosody/net/server_select.lua:836>
>>> [C]: in function 'xpcall'
>>> /usr/bin/prosody:376: in function 'loop'
>>> /usr/bin/prosody:407: in main chunk
>>> [C]: ?
>>>
>>> and I'm unable to connect to prosody using a XMPP client.
>>>
>>> I tested to change my /etc/prosody/conf.avail/domain.com.cfg.lua to use
>>> 'internal_plain' authentication and created a user
>>> with "prosodyctl adduser prosodytest@videokonf.domain.com" and tried
to
>>> login. That worked flawlessly.
>>>
>>> This is how jicofo.log looks then:
>>>
>>> Sep 27, 2015 2:55:44 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus request for room: test@conference.videokonf.domain.com
>>> Sep 27, 2015 2:55:44 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus request for room: test@conference.videokonf.domain.com
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus request for room: test@conference.videokonf.domain.com
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Authentication session created for
prosodytest@videokonf.domain.com
>>> SID: ced6ba4a-6e0b-4bc9-a658-dd628ef59040
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Authenticated jid:
>>> prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0
with
>>> session: AuthSession[ID=prosodytest@videokonf.domain.com,
>>> JID=
prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0,
>>> SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
>>> MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0,
>>> R=test@conference.videokonf.domain.com]@1190029155
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Jid
>>> prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0
>>> authenticated as: prosodytest@videokonf.domain.com
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Created new focus for
>>> test@conference.videokonf.domain.com@auth.videokonf.domain.com
conferences
>>> count: 1 options:
>>> channelLastN: -1
>>> adaptiveLastN: false
>>> simulcastMode: rewriting
>>> adaptiveSimulcast: false
>>> bridge: jitsi-videobridge.videokonf.domain.com
>>> openSctp: true
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Joining the room: test@conference.videokonf.domain.com
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Auto owner feature enabled
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus role: OWNER init: true
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Chat room event
ChatRoomMemberPresenceChangeEvent[type=MemberJoined
>>> sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@ae9bd16
>>> member=org.jitsi.impl.protocol.xmpp.ChatMemberImpl@777cf4f2]
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Member test@conference.videokonf.domain.com/focus joined.
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus role: OWNER init: false
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus request for room: test@conference.videokonf.domain.com
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Authenticated jid:
>>>
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
>>> with session: AuthSession[ID=prosodytest@videokonf.domain.com,
>>> JID=
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
,
>>> SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
>>> MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0,
>>> R=test@conference.videokonf.domain.com]@1190029155
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Jid
>>>
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
>>> authenticated as: prosodytest@videokonf.domain.com
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus request for room: test@conference.videokonf.domain.com
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Authenticated jid:
>>>
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
>>> with session: AuthSession[ID=prosodytest@videokonf.domain.com,
>>> JID=
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
,
>>> SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
>>> MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0,
>>> R=test@conference.videokonf.domain.com]@1190029155
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Jid
>>>
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
>>> authenticated as: prosodytest@videokonf.domain.com
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Chat room event
ChatRoomMemberPresenceChangeEvent[type=MemberJoined
>>> sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@ae9bd16
>>> member=org.jitsi.impl.protocol.xmpp.ChatMemberImpl@3e25065f]
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Grant owner to
>>>
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Member test@conference.videokonf.domain.com/a6b934f3 joined.
>>> Sep 27, 2015 2:55:54 PM net.java.sip.communicator.util.Logger error
>>> SEVERE: Ping timeout for ID: GoY7U-731
>>>
>>> LDAP connection works.
>>>
>>> ldapsearch -D 'CN=Jitsi
Servicekonto,OU=ServiceKonton,DC=domain,DC=com' l
>>> -x -W -H ldap://10.1.1.170:3268 -b 'dc=domain,dc=com'
'sAMAccountName=*'
>>>
>>> returns users so there is no problem with the LDAP-connection from the
>>> server. Also I'm able to connect to prosody using an LDAP-account and
for
>>> example the Jitsi client or Empathy.
>>>
>>> But when enabling ldap login in
>>> /etc/prosody/conf.avail/videokonf.domain.com.cfg.lua I get a
jicofo.log that
>>> looks like this:
>>>
>>> Sep 27, 2015 3:02:32 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus request for room: test@conference.videokonf.domain.com
>>> Sep 27, 2015 3:02:36 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus request for room: test@conference.videokonf.domain.com
>>> Sep 27, 2015 3:02:37 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus request for room: test@conference.videokonf.domain.com
>>> Sep 27, 2015 3:02:41 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus request for room: test@conference.videokonf.domain.com
>>>
>>> endlessly.
>>>
>>> When trying to login with Empathy (with ldap enabled), my debug-enabled
>>> prosody.log looks like this:
>>>
>>> Sep 27 15:10:31 videokonf.domain.com:auth_ldap debug
>>> get_user("osdmatfri")
>>> Sep 27 15:10:31 c2s10d9750 info Authenticated as
>>> osdmatfri@videokonf.domain.com
>>> Sep 27 15:10:31 rostermanager debug load_roster: asked for:
>>> osdmatfri@videokonf.domain.com
>>> Sep 27 15:10:31 rostermanager debug load_roster: loading for new
>>> user: osdmatfri@videokonf.domain.com
>>> Sep 27 15:10:31 c2s10d9750 debug Resource bound:
>>> osdmatfri@videokonf.domain.com/85fbfde6
>>> Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
>>> id='232003757585' type='get' to='osdmatfri@videokonf.domain.com'>
>>> Sep 27 15:10:31 videokonf.domain.com:presence debug outbound
>>> presence probe from osdmatfri@videokonf.domain.com for
>>> persun0@videokonf.domain.com
>>> Sep 27 15:10:31 videokonf.domain.com:presence debug inbound
>>> presence probe from osdmatfri@videokonf.domain.com for
>>> persun0@videokonf.domain.com
>>> Sep 27 15:10:31 videokonf.domain.com:presence debug broadcasted
>>> presence of 0 resources from persun0@videokonf.domain.com to
>>> osdmatfri@videokonf.domain.com/85fbfde6
>>> Sep 27 15:10:31 videokonf.domain.com:presence debug outbound
>>> presence probe from osdmatfri@videokonf.domain.com for
>>> testmathias@videokonf.domain.com
>>> Sep 27 15:10:31 videokonf.domain.com:presence debug inbound
>>> presence probe from osdmatfri@videokonf.domain.com for
>>> testmathias@videokonf.domain.com
>>> Sep 27 15:10:31 videokonf.domain.com:presence debug broadcasted
>>> presence of 1 resources from testmathias@videokonf.domain.com to
>>> osdmatfri@videokonf.domain.com/85fbfde6
>>> Sep 27 15:10:31 datamanager debug Assuming empty offline storage
>>> ('cannot open
>>> /var/lib/prosody/videokonf%2edomain%2ecom/offline/osdmatfri.list: No
such
>>> file or directory') for user: osdmatfri@videokonf.domain.com
>>> Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
>>> id='240204764539' type='get' to='osdmatfri@videokonf.domain.com'>
>>> Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='disco'
>>> type='result' to='osdmatfri@videokonf.domain.com'
>>> from='osdmatfri@videokonf.domain.com/85fbfde6'>
>>> Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
>>> id='237581766226' type='get' to='osdmatfri@videokonf.domain.com'>
>>> Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
>>> id='237650766294' type='get' to='osdmatfri@videokonf.domain.com'>
>>> Sep 27 15:10:31 jcpfcae40 debug Received[component]: <iq
>>> id='239825768460' type='result' to='
osdmatfri@videokonf.domain.com/85fbfde6'
>>> from='jitsi-videobridge.videokonf.domain.com'>
>>> Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
>>> id='245780770067' type='get' to='osdmatfri@videokonf.domain.com'>
>>> Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
>>> id='245785770078' type='get' to='osdmatfri@videokonf.domain.com'>
>>> Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
>>> id='245786770086' type='get' to='osdmatfri@videokonf.domain.com'>
>>> Sep 27 15:10:31 jcp111ba70 debug Received[component]: <iq
>>> id='240212768588' type='result' to='
osdmatfri@videokonf.domain.com/85fbfde6'
>>> from='focus.videokonf.domain.com'>
>>>
>>> Clearly something is awry, but I don't know what... And I'm deeply
sorry
>>> for a rather messy post, but I'm becoming desperate. :slight_smile:
>>>
>>> Kindest regards,
>>> Mathias
>>>
>>> 2015-09-24 21:09 GMT+02:00 Stanislav Kopp <staskopp@gmail.com>:
>>>>
>>>> First of all, you prosody version is pretty old, update to 0.9.8 if
>>>> possible. Secondly, what ldap module do you use? I think "ldap2"
>>>> should work better than "ldap", I don't have experience with AD, but
>>>> here are my setup notes for OpenLDAP auth with prosody and jitsi-meet,
>>>> hope this can help you
>>>>
>>>>
http://booting-rpi.blogspot.de/2015/09/using-ldap-authentication-with-jitsi.html
>>>>
>>>> Best,
>>>> Stan
>>>>
>>>> 2015-09-24 19:45 GMT+02:00 Mathias Friman <mathias@workplays.se>:
>>>> > Thanks Stan,
>>>> >
>>>> > I got a little further. Now Jitsi-Meet says "Error: Authentication
>>>> > failed"
>>>> > instead of "Connecting". :slight_smile:
>>>> >
>>>> > prosody.log says:
>>>> > Sep 24 19:32:29 general info Hello and welcome to Prosody version
>>>> > 0.9.1
>>>> > Sep 24 19:32:29 general info Prosody is using the select backend
>>>> > for
>>>> > connection handling
>>>> > Sep 24 19:32:29 portmanager info Activated service
'component'
>>>> > on
>>>> > [127.0.0.1]:5347, [::1]:5347
>>>> > Sep 24 19:32:29 portmanager info Activated service 's2s' on
>>>> > [::]:5269, [*]:5269
>>>> > Sep 24 19:32:29 portmanager info Activated service 'c2s' on
>>>> > [::]:5222, [*]:5222
>>>> > Sep 24 19:32:29 portmanager info Activated service
'legacy_ssl'
>>>> > on no
>>>> > ports
>>>> > Sep 24 19:32:29 mod_posix info Prosody is about to detach
>>>> > from the
>>>> > console, disabling further console output
>>>> > Sep 24 19:32:29 mod_posix info Successfully daemonized to
PID
>>>> > 989
>>>> > Sep 24 19:32:29 portmanager info Activated service 'http' on
>>>> > [::]:5280, [*]:5280
>>>> > Sep 24 19:32:29 portmanager info Activated service 'https' on
>>>> > [::]:5281, [*]:5281
>>>> > Sep 24 19:32:31 jcp144bb20 info Incoming Jabber component
>>>> > connection
>>>> > Sep 24 19:32:31 jitsi-videobridge.videokonf.domain.com:component
>>>> > info
>>>> > External component successfully authenticated
>>>> > Sep 24 19:32:33 jcp1455930 info Incoming Jabber component
>>>> > connection
>>>> > Sep 24 19:32:33 focus.videokonf.domain.com:component info
External
>>>> > component successfully authenticated
>>>> > Sep 24 19:32:33 c2s145f1b0 info Client connected
>>>> > Sep 24 19:32:34 sasl warn Client is violating RFC 3920
(section
>>>> > 6.1,
>>>> > point 7).
>>>> > Sep 24 19:32:34 c2s145f1b0 info Authenticated as
>>>> > focus@auth.videokonf.domain.com
>>>> > Sep 24 19:32:35 mod_bosh info Client tried to use sid
>>>> > '614481cd-ff0c-4bce-b230-64fcabf47b29' which we don't know about
>>>> > Sep 24 19:32:36 mod_bosh info New BOSH session, assigned
it
>>>> > sid
>>>> > '79f56519-4a1e-4bab-b156-86e71ff2efc2'
>>>> > Sep 24 19:32:36 bosh79f56519-4a1e-4bab-b156-86e71ff2efc2 info
>>>> > Authenticated as
>>>> > 626c374e-16ec-4fb2-9e62-3c0194ff1c31@guest.videokonf.domain.com
>>>> > Sep 24 19:32:37 c2s1212010 info Client connected
>>>> > Sep 24 19:32:38 c2s1212010 info Authenticated as
>>>> > testmathias@videokonf.domain.com
>>>> > Sep 24 19:32:55 mod_bosh info Client tried to use sid
>>>> > '614481cd-ff0c-4bce-b230-64fcabf47b29' which we don't know about
>>>> > Sep 24 19:32:57 mod_bosh info New BOSH session, assigned
it
>>>> > sid
>>>> > '68b91a83-e0da-4945-894c-058c6aefab13'
>>>> > Sep 24 19:32:58 bosh68b91a83-e0da-4945-894c-058c6aefab13 info
>>>> > Authenticated as
>>>> > e9998922-ac2b-486d-b844-0c954d5cad09@guest.videokonf.domain.com
>>>> > Sep 24 19:33:08 bosh68b91a83-e0da-4945-894c-058c6aefab13 info
>>>> > BOSH
>>>> > client disconnected
>>>> > Sep 24 19:33:23 mod_bosh info New BOSH session, assigned
it
>>>> > sid
>>>> > '26758970-7004-4945-b5eb-e0e49dab4bb2'
>>>> > Sep 24 19:33:23 bosh26758970-7004-4945-b5eb-e0e49dab4bb2 info
>>>> > Authenticated as
>>>> > b3445fb7-613d-43fe-a28a-298fcee1b9b7@guest.videokonf.domain.com
>>>> > Sep 24 19:33:39 mod_bosh info New BOSH session, assigned
it
>>>> > sid
>>>> > 'd0e14ba4-fcfd-4f8e-92d4-f3c2f62ded1d'
>>>> >
>>>> > The "Authenticated as"-line is a XMPP-client connecting to Prosody
and
>>>> > not
>>>> > the Jitsi-Meet. I don't know which logfiles to include and what
>>>> > settings are
>>>> > important for you all to see in order to help...
>>>> >
>>>> > The /etc/prosody/conf.avail/videokonf.domain.com.cfg.lua file:
>>>> >
>>>> > VirtualHost "videokonf.domain.com"
>>>> > authentication = "ldap"
>>>> > ldap_base="dc=domain,dc=local"
>>>> > ldap_server="10.1.1.170:3268"
>>>> > ldap_rootdn="Jitsi@domain.local"
>>>> > ldap_password="[redacted]"
>>>> > ldap_filter="sAMAccountName=$user"
>>>> > ldap_scope="subtree"
>>>> > ldap_tls="false"
>>>> > ldap_mode="bind"
>>>> > -- Assign this host a certificate for TLS, otherwise it
would
>>>> > use
>>>> > the one
>>>> > -- set in the global section (if any).
>>>> > -- Note that old-style SSL on port 5223 only supports one
>>>> > certificate, and will always
>>>> > -- use the global one.
>>>> > ssl = {
>>>> > key = "/etc/prosody/certs/videokonf.domain.com.key";
>>>> > certificate =
>>>> > "/etc/prosody/certs/videokonf.domain.com.crt";
>>>> > }
>>>> > -- we need bosh
>>>> > modules_enabled = {
>>>> > "bosh";
>>>> > "pubsub";
>>>> > "ping"; -- Enable mod_ping
>>>> > }
>>>> >
>>>> > Component "conference.videokonf.domain.com" "muc"
>>>> > admins = { "focus@auth.videokonf.domain.com" }
>>>> >
>>>> > Component "jitsi-videobridge.videokonf.domain.com"
>>>> > component_secret = "[redacted]"
>>>> >
>>>> > VirtualHost "auth.videokonf.domain.com"
>>>> > authentication = "internal_plain"
>>>> >
>>>> > VirtualHost "guest.videokonf.domain.com"
>>>> > authentication = "anonymous"
>>>> >
>>>> > Component "focus.videokonf.domain.com"
>>>> > component_secret = "[redacted]"
>>>> >
>>>> > ----
>>>> >
>>>> > Highest regards to you guys :slight_smile:
>>>> > //Mathias
>>>> >
>>>> >
>>>> >
>>>> > 2015-09-24 18:44 GMT+02:00 Stanislav Kopp <staskopp@gmail.com>:
>>>> >>
>>>> >> Hi Mathias,
>>>> >>
>>>> >> try to add option "consider_bosh_secure = true" to prosody.cfg.lua.
>>>> >> Make sure to use right username when logging in, it's
>>>> >> user.name@<your-jitsi-hostname>, e.g jonh.doe@meet.example.com
>>>> >>
>>>> >> Best,
>>>> >> Stan
>>>> >>
>>>> >> 2015-09-23 19:28 GMT+02:00 Mathias Friman <mathias@workplays.se>:
>>>> >> > Hi,
>>>> >> >
>>>> >> > I now have configured Prosody in my in-house Jitsi-meet-server to
>>>> >> > authenticate via Active Directory. I have also enabled the secure
>>>> >> > domain
>>>> >> > following this guide:
https://github.com/jitsi/jicofo#secure-domain
>>>> >> >
>>>> >> > So when creating a new conference I get a message saying:
>>>> >> >
>>>> >> > "
>>>> >> > Waiting for the host...
>>>> >> > The conference chat has not yet started. If you are the host then
>>>> >> > please
>>>> >> > authenticate. Otherwise, please wait for the host to arrive."
>>>> >> >
>>>> >> > Clicking on "I am the host" and logging in with wrong username I
>>>> >> > get
>>>> >> >
>>>> >> > "Error
>>>> >> > Connection failed: host-unknown"
>>>> >> >
>>>> >> > However when logging in with correct username and correct _or_
>>>> >> > incorrect
>>>> >> > password i get
>>>> >> >
>>>> >> > "Connecting
>>>> >> > Connecting"
>>>> >> >
>>>> >> > The jvb.log does not tell me anything and jicofo.log keeps
>>>> >> > squirting out
>>>> >> >
>>>> >> > "2015-08-23 19:22:28.708 INFO: [58]
>>>> >> > org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().377
Focus
>>>> >> > request
>>>> >> > for room: chat5@conference.10.1.3.16"
>>>> >> >
>>>> >> > endlessly. prosody.err doesn't tell me anything either, but
>>>> >> > prosody.log
>>>> >> > says
>>>> >> > this:
>>>> >> >
>>>> >> > Sep 23 19:25:00 bosh0cd5fa28-5a02-42ef-8453-f0310392eb3a info
>>>> >> > BOSH
>>>> >> > client disconnected
>>>> >> > Sep 23 19:25:00 mod_bosh info Client tried to use sid
>>>> >> > '0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
>>>> >> > Sep 23 19:25:00 mod_bosh info Client tried to use sid
>>>> >> > '0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
>>>> >> > Sep 23 19:25:01 mod_bosh info New BOSH session, assigned it
>>>> >> > sid
>>>> >> > '28a7f933-82a6-4bfd-b270-09d512b47231'
>>>> >> > Sep 23 19:25:01 bosh28a7f933-82a6-4bfd-b270-09d512b47231 info
>>>> >> > Authenticated as
>>>> >> > 9f97257a-5c24-42ca-a172-dd52ef4216e3@guest.10.1.3.16
>>>> >> >
>>>> >> > And after I try to login it says:
>>>> >> >
>>>> >> > Sep 23 19:25:26 mod_bosh info New BOSH session, assigned it
>>>> >> > sid
>>>> >> > 'a4a1b27f-2403-468a-bf16-0d740710d073'
>>>> >> >
>>>> >> > And then it just sits there...
>>>> >> >
>>>> >> > I don't have any DNS name assigned to the server, can that be the
>>>> >> > problem?
>>>> >> >
>>>> >> > Kindest regards,
>>>> >> > Mathias
>>>> >> >
>>>> >> >
>>>> >> > _______________________________________________
>>>> >> > users mailing list
>>>> >> > users@jitsi.org
>>>> >> > Unsubscribe instructions and other list options:
>>>> >> > http://lists.jitsi.org/mailman/listinfo/users
>>>> >>
>>>> >> _______________________________________________
>>>> >> users mailing list
>>>> >> users@jitsi.org
>>>> >> Unsubscribe instructions and other list options:
>>>> >> http://lists.jitsi.org/mailman/listinfo/users
>>>> >
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > users mailing list
>>>> > users@jitsi.org
>>>> > Unsubscribe instructions and other list options:
>>>> > http://lists.jitsi.org/mailman/listinfo/users
>>>>
>>>> _______________________________________________
>>>> users mailing list
>>>> users@jitsi.org
>>>> Unsubscribe instructions and other list options:
>>>> http://lists.jitsi.org/mailman/listinfo/users
>>>
>>>
>>
>
>
> _______________________________________________
> users mailing list
> users@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#10

Hello,

me again... I've modified a local copy of strophe.js according to this pull
request https://github.com/strophe/strophejs/pull/136 and I can confirm
that passwords with swedish characters (like åäö and ÅÄÖ) works.

Seems that was the problem all along. May I humbly suggest that this patch
be incorporated into Jitsi-Meet asap? After upstream fixes it, of course. :slight_smile:

Kindest regards,
Mathias

···

2015-09-28 21:14 GMT+02:00 Mathias Friman <mathias@workplays.se>:

Hi again,

Yeah, I contacted them and found out using the Firefox developer console
that somewhere along the way the base64 encoded string gets a Latin1
character set, so that characters like åäö becomes � (diamond with a
questionmark). I tried to change charset by putting a <meta
charset=utf-8> in the index.html in Jitsi-Meet, which didn't solve the
problem. So the response I got was that the problem lies in Strophe.js:

"the underlying problem you're running into is that JavaScript strings
are UTF-16, not UTF-8. so unless strophe is explicitly doing conversion of
passwords to utf-8 before base64'ing them, there will be problems. the
characterset of the page itself does not affect that"

There is an issue named "Strophe corrupts unicode JID node names." that
may describe the same problem (sort of):
https://github.com/metajack/strophejs/issues/60

It has to do with Strophe.js using UTF-16 and not converting to UTF-8
before doing a base64 encoding.

A fix has been proposed for chinese jid's, I guess this could work for all
other characters as well:

https://github.com/strophe/strophejs/issues/147
https://github.com/strophe/strophejs/pull/136

Anyhoo, that's the story right now. :slight_smile:

Kindest regards,
Mathias

2015-09-28 17:21 GMT+02:00 Stanislav Kopp <staskopp@gmail.com>:

Hi Mathias,

I think this is a wrong place, you need contact prosody guys about
the problem. http://prosody.im/discuss#mailing_lists

Best,
Stan

2015-09-28 17:14 GMT+02:00 Mathias Friman <mathias@workplays.se>:
> Hello again,
>
> I guess you are getting quite fed up with my postings by now, but I must
> update the issue. Seems that my installation works when i use another
> account than the one I was testing with the whole time.
>
> When examining my debug-log for prosody I get this:
>
> Sep 28 10:03:46
> boshed479f56-6a3b-420c-b330-00c1b4ea4bc6 debug
Received[c2s_unauthed]: <auth
> mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
> Sep 28 10:03:46 sasl debug Username or password violates SASLprep.
> Sep 28 10:03:46 videokonf.domain.com:saslauth debug sasl reply:
<failure
>
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><malformed-request/><text>Invalid
> username or password.</text></failure>
>
> For my test user I used a password containing the letter ö (that is &
ouml;
> in html-speak). The handling of characters for SASLprep (or somewhere)
made
> the user login fail. When using another user with a password not
containing
> special characters, the login went fine.
>
> However, this bug should be fixed since I can't rely on people in
Sweden to
> not use åäö or ÅÄÖ in passwords... They are kind of part of our
alphabet...
>
> So, how do I go further with this?
>
> Kindest regards,
> Mathias
>
>
> 2015-09-28 11:17 GMT+02:00 Mathias Friman <mathias@workplays.se>:
>>
>> Hi list!
>>
>> Seems that I'm not the only one having a problem with
LDAP-authentication.
>> AFAICT, Cyrus SASL authentication with LDAP has the exact same
problem, and
>> I've added to this bug report my own setup:
>> https://github.com/jitsi/jicofo/issues/22#issuecomment-143073738
>>
>> Hope this helps to clarify things, and not the opposite :slight_smile:
>>
>> Kindest regards,
>> Mathias
>>
>> 2015-09-27 15:28 GMT+02:00 Mathias Friman <mathias@workplays.se>:
>>>
>>> Hehe, the result for me was even worse than with the mod_auth_ldap
>>> module, prosody faults with
>>>
>>> Sep 27 12:55:48 mod_c2s error Traceback[c2s]:
>>> /usr/lib/prosody/modules/ldap.lib.lua:217: attempt to index local
'ld' (a
>>> nil value)
>>> stack traceback:
>>> /usr/lib/prosody/modules/ldap.lib.lua:217: in function
'singlematch'
>>> /usr/lib/prosody/modules/ldap.lib.lua:187: in function
>>> </usr/lib/prosody/modules/ldap.lib.lua:179>
>>> (tail call): ?
>>> /usr/lib/prosody/modules/mod_auth_ldap2.lua:54: in function
>>> 'plain_test'
>>> /usr/lib/prosody/util/sasl/plain.lua:72: in function
>>> </usr/lib/prosody/util/sasl/plain.lua:38>
>>> (tail call): ?
>>> /usr/lib/prosody/modules/mod_saslauth.lua:77: in function
>>> </usr/lib/prosody/modules/mod_saslauth.lua:66>
>>> (tail call): ?
>>> /usr/lib/prosody/util/events.lua:67: in function 'fire_event'
>>> /usr/lib/prosody/core/stanza_router.lua:149: in function
>>> </usr/lib/prosody/core/stanza_router.lua:56>
>>> ...
>>> [C]: in function 'parse'
>>> /usr/lib/prosody/util/xmppstream.lua:255: in function 'feed'
>>> /usr/lib/prosody/modules/mod_c2s.lua:230: in function 'data'
>>> /usr/lib/prosody/modules/mod_c2s.lua:252: in function
>>> </usr/lib/prosody/modules/mod_c2s.lua:249>
>>> (tail call): ?
>>> /usr/lib/prosody/net/server_select.lua:854: in function
>>> </usr/lib/prosody/net/server_select.lua:836>
>>> [C]: in function 'xpcall'
>>> /usr/bin/prosody:376: in function 'loop'
>>> /usr/bin/prosody:407: in main chunk
>>> [C]: ?
>>>
>>> and I'm unable to connect to prosody using a XMPP client.
>>>
>>> I tested to change my /etc/prosody/conf.avail/domain.com.cfg.lua to
use
>>> 'internal_plain' authentication and created a user
>>> with "prosodyctl adduser prosodytest@videokonf.domain.com" and tried
to
>>> login. That worked flawlessly.
>>>
>>> This is how jicofo.log looks then:
>>>
>>> Sep 27, 2015 2:55:44 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus request for room: test@conference.videokonf.domain.com
>>> Sep 27, 2015 2:55:44 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus request for room: test@conference.videokonf.domain.com
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus request for room: test@conference.videokonf.domain.com
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Authentication session created for
prosodytest@videokonf.domain.com
>>> SID: ced6ba4a-6e0b-4bc9-a658-dd628ef59040
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Authenticated jid:
>>> prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0
with
>>> session: AuthSession[ID=prosodytest@videokonf.domain.com,
>>> JID=
prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0,
>>> SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
>>> MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0,
>>> R=test@conference.videokonf.domain.com]@1190029155
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Jid
>>> prosodytest@videokonf.domain.com/b002db2e-e1d6-45cb-9b63-c07eedcba1d0
>>> authenticated as: prosodytest@videokonf.domain.com
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Created new focus for
>>> test@conference.videokonf.domain.com@auth.videokonf.domain.com
conferences
>>> count: 1 options:
>>> channelLastN: -1
>>> adaptiveLastN: false
>>> simulcastMode: rewriting
>>> adaptiveSimulcast: false
>>> bridge: jitsi-videobridge.videokonf.domain.com
>>> openSctp: true
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Joining the room: test@conference.videokonf.domain.com
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Auto owner feature enabled
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus role: OWNER init: true
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Chat room event
ChatRoomMemberPresenceChangeEvent[type=MemberJoined
>>> sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@ae9bd16
>>> member=org.jitsi.impl.protocol.xmpp.ChatMemberImpl@777cf4f2]
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Member test@conference.videokonf.domain.com/focus joined.
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus role: OWNER init: false
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus request for room: test@conference.videokonf.domain.com
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Authenticated jid:
>>>
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
>>> with session: AuthSession[ID=prosodytest@videokonf.domain.com,
>>> JID=
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
,
>>> SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
>>> MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0,
>>> R=test@conference.videokonf.domain.com]@1190029155
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Jid
>>>
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
>>> authenticated as: prosodytest@videokonf.domain.com
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus request for room: test@conference.videokonf.domain.com
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Authenticated jid:
>>>
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
>>> with session: AuthSession[ID=prosodytest@videokonf.domain.com,
>>> JID=
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
,
>>> SID=ced6ba4a-6e0b-4bc9-a658-dd628ef59040,
>>> MUID=dada63fa2635840017fbacef1df503ca, LIFE_TM_SEC=0,
>>> R=test@conference.videokonf.domain.com]@1190029155
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Jid
>>>
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
>>> authenticated as: prosodytest@videokonf.domain.com
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Chat room event
ChatRoomMemberPresenceChangeEvent[type=MemberJoined
>>> sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@ae9bd16
>>> member=org.jitsi.impl.protocol.xmpp.ChatMemberImpl@3e25065f]
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Grant owner to
>>>
a6b934f3-6d0c-4771-a038-7608b62975d4@guest.videokonf.domain.com/42a789f2-5868-4cd4-99c3-435ce0252a27
>>> Sep 27, 2015 2:55:49 PM net.java.sip.communicator.util.Logger info
>>> INFO: Member test@conference.videokonf.domain.com/a6b934f3 joined.
>>> Sep 27, 2015 2:55:54 PM net.java.sip.communicator.util.Logger error
>>> SEVERE: Ping timeout for ID: GoY7U-731
>>>
>>> LDAP connection works.
>>>
>>> ldapsearch -D 'CN=Jitsi
Servicekonto,OU=ServiceKonton,DC=domain,DC=com' l
>>> -x -W -H ldap://10.1.1.170:3268 -b 'dc=domain,dc=com'
'sAMAccountName=*'
>>>
>>> returns users so there is no problem with the LDAP-connection from the
>>> server. Also I'm able to connect to prosody using an LDAP-account and
for
>>> example the Jitsi client or Empathy.
>>>
>>> But when enabling ldap login in
>>> /etc/prosody/conf.avail/videokonf.domain.com.cfg.lua I get a
jicofo.log that
>>> looks like this:
>>>
>>> Sep 27, 2015 3:02:32 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus request for room: test@conference.videokonf.domain.com
>>> Sep 27, 2015 3:02:36 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus request for room: test@conference.videokonf.domain.com
>>> Sep 27, 2015 3:02:37 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus request for room: test@conference.videokonf.domain.com
>>> Sep 27, 2015 3:02:41 PM net.java.sip.communicator.util.Logger info
>>> INFO: Focus request for room: test@conference.videokonf.domain.com
>>>
>>> endlessly.
>>>
>>> When trying to login with Empathy (with ldap enabled), my
debug-enabled
>>> prosody.log looks like this:
>>>
>>> Sep 27 15:10:31 videokonf.domain.com:auth_ldap debug
>>> get_user("osdmatfri")
>>> Sep 27 15:10:31 c2s10d9750 info Authenticated as
>>> osdmatfri@videokonf.domain.com
>>> Sep 27 15:10:31 rostermanager debug load_roster: asked for:
>>> osdmatfri@videokonf.domain.com
>>> Sep 27 15:10:31 rostermanager debug load_roster: loading for new
>>> user: osdmatfri@videokonf.domain.com
>>> Sep 27 15:10:31 c2s10d9750 debug Resource bound:
>>> osdmatfri@videokonf.domain.com/85fbfde6
>>> Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
>>> id='232003757585' type='get' to='osdmatfri@videokonf.domain.com'>
>>> Sep 27 15:10:31 videokonf.domain.com:presence debug outbound
>>> presence probe from osdmatfri@videokonf.domain.com for
>>> persun0@videokonf.domain.com
>>> Sep 27 15:10:31 videokonf.domain.com:presence debug inbound
>>> presence probe from osdmatfri@videokonf.domain.com for
>>> persun0@videokonf.domain.com
>>> Sep 27 15:10:31 videokonf.domain.com:presence debug broadcasted
>>> presence of 0 resources from persun0@videokonf.domain.com to
>>> osdmatfri@videokonf.domain.com/85fbfde6
>>> Sep 27 15:10:31 videokonf.domain.com:presence debug outbound
>>> presence probe from osdmatfri@videokonf.domain.com for
>>> testmathias@videokonf.domain.com
>>> Sep 27 15:10:31 videokonf.domain.com:presence debug inbound
>>> presence probe from osdmatfri@videokonf.domain.com for
>>> testmathias@videokonf.domain.com
>>> Sep 27 15:10:31 videokonf.domain.com:presence debug broadcasted
>>> presence of 1 resources from testmathias@videokonf.domain.com to
>>> osdmatfri@videokonf.domain.com/85fbfde6
>>> Sep 27 15:10:31 datamanager debug Assuming empty offline storage
>>> ('cannot open
>>> /var/lib/prosody/videokonf%2edomain%2ecom/offline/osdmatfri.list: No
such
>>> file or directory') for user: osdmatfri@videokonf.domain.com
>>> Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
>>> id='240204764539' type='get' to='osdmatfri@videokonf.domain.com'>
>>> Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq id='disco'
>>> type='result' to='osdmatfri@videokonf.domain.com'
>>> from='osdmatfri@videokonf.domain.com/85fbfde6'>
>>> Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
>>> id='237581766226' type='get' to='osdmatfri@videokonf.domain.com'>
>>> Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
>>> id='237650766294' type='get' to='osdmatfri@videokonf.domain.com'>
>>> Sep 27 15:10:31 jcpfcae40 debug Received[component]: <iq
>>> id='239825768460' type='result' to='
osdmatfri@videokonf.domain.com/85fbfde6'
>>> from='jitsi-videobridge.videokonf.domain.com'>
>>> Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
>>> id='245780770067' type='get' to='osdmatfri@videokonf.domain.com'>
>>> Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
>>> id='245785770078' type='get' to='osdmatfri@videokonf.domain.com'>
>>> Sep 27 15:10:31 c2s10d9750 debug Received[c2s]: <iq
>>> id='245786770086' type='get' to='osdmatfri@videokonf.domain.com'>
>>> Sep 27 15:10:31 jcp111ba70 debug Received[component]: <iq
>>> id='240212768588' type='result' to='
osdmatfri@videokonf.domain.com/85fbfde6'
>>> from='focus.videokonf.domain.com'>
>>>
>>> Clearly something is awry, but I don't know what... And I'm deeply
sorry
>>> for a rather messy post, but I'm becoming desperate. :slight_smile:
>>>
>>> Kindest regards,
>>> Mathias
>>>
>>> 2015-09-24 21:09 GMT+02:00 Stanislav Kopp <staskopp@gmail.com>:
>>>>
>>>> First of all, you prosody version is pretty old, update to 0.9.8 if
>>>> possible. Secondly, what ldap module do you use? I think "ldap2"
>>>> should work better than "ldap", I don't have experience with AD, but
>>>> here are my setup notes for OpenLDAP auth with prosody and
jitsi-meet,
>>>> hope this can help you
>>>>
>>>>
http://booting-rpi.blogspot.de/2015/09/using-ldap-authentication-with-jitsi.html
>>>>
>>>> Best,
>>>> Stan
>>>>
>>>> 2015-09-24 19:45 GMT+02:00 Mathias Friman <mathias@workplays.se>:
>>>> > Thanks Stan,
>>>> >
>>>> > I got a little further. Now Jitsi-Meet says "Error: Authentication
>>>> > failed"
>>>> > instead of "Connecting". :slight_smile:
>>>> >
>>>> > prosody.log says:
>>>> > Sep 24 19:32:29 general info Hello and welcome to Prosody
version
>>>> > 0.9.1
>>>> > Sep 24 19:32:29 general info Prosody is using the select backend
>>>> > for
>>>> > connection handling
>>>> > Sep 24 19:32:29 portmanager info Activated service
'component'
>>>> > on
>>>> > [127.0.0.1]:5347, [::1]:5347
>>>> > Sep 24 19:32:29 portmanager info Activated service 's2s' on
>>>> > [::]:5269, [*]:5269
>>>> > Sep 24 19:32:29 portmanager info Activated service 'c2s' on
>>>> > [::]:5222, [*]:5222
>>>> > Sep 24 19:32:29 portmanager info Activated service
'legacy_ssl'
>>>> > on no
>>>> > ports
>>>> > Sep 24 19:32:29 mod_posix info Prosody is about to detach
>>>> > from the
>>>> > console, disabling further console output
>>>> > Sep 24 19:32:29 mod_posix info Successfully daemonized to
PID
>>>> > 989
>>>> > Sep 24 19:32:29 portmanager info Activated service 'http' on
>>>> > [::]:5280, [*]:5280
>>>> > Sep 24 19:32:29 portmanager info Activated service 'https'
on
>>>> > [::]:5281, [*]:5281
>>>> > Sep 24 19:32:31 jcp144bb20 info Incoming Jabber component
>>>> > connection
>>>> > Sep 24 19:32:31 jitsi-videobridge.videokonf.domain.com:component
>>>> > info
>>>> > External component successfully authenticated
>>>> > Sep 24 19:32:33 jcp1455930 info Incoming Jabber component
>>>> > connection
>>>> > Sep 24 19:32:33 focus.videokonf.domain.com:component info
External
>>>> > component successfully authenticated
>>>> > Sep 24 19:32:33 c2s145f1b0 info Client connected
>>>> > Sep 24 19:32:34 sasl warn Client is violating RFC 3920
(section
>>>> > 6.1,
>>>> > point 7).
>>>> > Sep 24 19:32:34 c2s145f1b0 info Authenticated as
>>>> > focus@auth.videokonf.domain.com
>>>> > Sep 24 19:32:35 mod_bosh info Client tried to use sid
>>>> > '614481cd-ff0c-4bce-b230-64fcabf47b29' which we don't know about
>>>> > Sep 24 19:32:36 mod_bosh info New BOSH session, assigned
it
>>>> > sid
>>>> > '79f56519-4a1e-4bab-b156-86e71ff2efc2'
>>>> > Sep 24 19:32:36 bosh79f56519-4a1e-4bab-b156-86e71ff2efc2
info
>>>> > Authenticated as
>>>> > 626c374e-16ec-4fb2-9e62-3c0194ff1c31@guest.videokonf.domain.com
>>>> > Sep 24 19:32:37 c2s1212010 info Client connected
>>>> > Sep 24 19:32:38 c2s1212010 info Authenticated as
>>>> > testmathias@videokonf.domain.com
>>>> > Sep 24 19:32:55 mod_bosh info Client tried to use sid
>>>> > '614481cd-ff0c-4bce-b230-64fcabf47b29' which we don't know about
>>>> > Sep 24 19:32:57 mod_bosh info New BOSH session, assigned
it
>>>> > sid
>>>> > '68b91a83-e0da-4945-894c-058c6aefab13'
>>>> > Sep 24 19:32:58 bosh68b91a83-e0da-4945-894c-058c6aefab13
info
>>>> > Authenticated as
>>>> > e9998922-ac2b-486d-b844-0c954d5cad09@guest.videokonf.domain.com
>>>> > Sep 24 19:33:08 bosh68b91a83-e0da-4945-894c-058c6aefab13
info
>>>> > BOSH
>>>> > client disconnected
>>>> > Sep 24 19:33:23 mod_bosh info New BOSH session, assigned
it
>>>> > sid
>>>> > '26758970-7004-4945-b5eb-e0e49dab4bb2'
>>>> > Sep 24 19:33:23 bosh26758970-7004-4945-b5eb-e0e49dab4bb2
info
>>>> > Authenticated as
>>>> > b3445fb7-613d-43fe-a28a-298fcee1b9b7@guest.videokonf.domain.com
>>>> > Sep 24 19:33:39 mod_bosh info New BOSH session, assigned
it
>>>> > sid
>>>> > 'd0e14ba4-fcfd-4f8e-92d4-f3c2f62ded1d'
>>>> >
>>>> > The "Authenticated as"-line is a XMPP-client connecting to Prosody
and
>>>> > not
>>>> > the Jitsi-Meet. I don't know which logfiles to include and what
>>>> > settings are
>>>> > important for you all to see in order to help...
>>>> >
>>>> > The /etc/prosody/conf.avail/videokonf.domain.com.cfg.lua file:
>>>> >
>>>> > VirtualHost "videokonf.domain.com"
>>>> > authentication = "ldap"
>>>> > ldap_base="dc=domain,dc=local"
>>>> > ldap_server="10.1.1.170:3268"
>>>> > ldap_rootdn="Jitsi@domain.local"
>>>> > ldap_password="[redacted]"
>>>> > ldap_filter="sAMAccountName=$user"
>>>> > ldap_scope="subtree"
>>>> > ldap_tls="false"
>>>> > ldap_mode="bind"
>>>> > -- Assign this host a certificate for TLS, otherwise it
would
>>>> > use
>>>> > the one
>>>> > -- set in the global section (if any).
>>>> > -- Note that old-style SSL on port 5223 only supports one
>>>> > certificate, and will always
>>>> > -- use the global one.
>>>> > ssl = {
>>>> > key =
"/etc/prosody/certs/videokonf.domain.com.key";
>>>> > certificate =
>>>> > "/etc/prosody/certs/videokonf.domain.com.crt";
>>>> > }
>>>> > -- we need bosh
>>>> > modules_enabled = {
>>>> > "bosh";
>>>> > "pubsub";
>>>> > "ping"; -- Enable mod_ping
>>>> > }
>>>> >
>>>> > Component "conference.videokonf.domain.com" "muc"
>>>> > admins = { "focus@auth.videokonf.domain.com" }
>>>> >
>>>> > Component "jitsi-videobridge.videokonf.domain.com"
>>>> > component_secret = "[redacted]"
>>>> >
>>>> > VirtualHost "auth.videokonf.domain.com"
>>>> > authentication = "internal_plain"
>>>> >
>>>> > VirtualHost "guest.videokonf.domain.com"
>>>> > authentication = "anonymous"
>>>> >
>>>> > Component "focus.videokonf.domain.com"
>>>> > component_secret = "[redacted]"
>>>> >
>>>> > ----
>>>> >
>>>> > Highest regards to you guys :slight_smile:
>>>> > //Mathias
>>>> >
>>>> >
>>>> >
>>>> > 2015-09-24 18:44 GMT+02:00 Stanislav Kopp <staskopp@gmail.com>:
>>>> >>
>>>> >> Hi Mathias,
>>>> >>
>>>> >> try to add option "consider_bosh_secure = true" to
prosody.cfg.lua.
>>>> >> Make sure to use right username when logging in, it's
>>>> >> user.name@<your-jitsi-hostname>, e.g jonh.doe@meet.example.com
>>>> >>
>>>> >> Best,
>>>> >> Stan
>>>> >>
>>>> >> 2015-09-23 19:28 GMT+02:00 Mathias Friman <mathias@workplays.se>:
>>>> >> > Hi,
>>>> >> >
>>>> >> > I now have configured Prosody in my in-house Jitsi-meet-server
to
>>>> >> > authenticate via Active Directory. I have also enabled the
secure
>>>> >> > domain
>>>> >> > following this guide:
https://github.com/jitsi/jicofo#secure-domain
>>>> >> >
>>>> >> > So when creating a new conference I get a message saying:
>>>> >> >
>>>> >> > "
>>>> >> > Waiting for the host...
>>>> >> > The conference chat has not yet started. If you are the host
then
>>>> >> > please
>>>> >> > authenticate. Otherwise, please wait for the host to arrive."
>>>> >> >
>>>> >> > Clicking on "I am the host" and logging in with wrong username I
>>>> >> > get
>>>> >> >
>>>> >> > "Error
>>>> >> > Connection failed: host-unknown"
>>>> >> >
>>>> >> > However when logging in with correct username and correct _or_
>>>> >> > incorrect
>>>> >> > password i get
>>>> >> >
>>>> >> > "Connecting
>>>> >> > Connecting"
>>>> >> >
>>>> >> > The jvb.log does not tell me anything and jicofo.log keeps
>>>> >> > squirting out
>>>> >> >
>>>> >> > "2015-08-23 19:22:28.708 INFO: [58]
>>>> >> > org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq().377
Focus
>>>> >> > request
>>>> >> > for room: chat5@conference.10.1.3.16"
>>>> >> >
>>>> >> > endlessly. prosody.err doesn't tell me anything either, but
>>>> >> > prosody.log
>>>> >> > says
>>>> >> > this:
>>>> >> >
>>>> >> > Sep 23 19:25:00 bosh0cd5fa28-5a02-42ef-8453-f0310392eb3a info
>>>> >> > BOSH
>>>> >> > client disconnected
>>>> >> > Sep 23 19:25:00 mod_bosh info Client tried to use sid
>>>> >> > '0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
>>>> >> > Sep 23 19:25:00 mod_bosh info Client tried to use sid
>>>> >> > '0cd5fa28-5a02-42ef-8453-f0310392eb3a' which we don't know about
>>>> >> > Sep 23 19:25:01 mod_bosh info New BOSH session, assigned
it
>>>> >> > sid
>>>> >> > '28a7f933-82a6-4bfd-b270-09d512b47231'
>>>> >> > Sep 23 19:25:01 bosh28a7f933-82a6-4bfd-b270-09d512b47231 info
>>>> >> > Authenticated as
>>>> >> > 9f97257a-5c24-42ca-a172-dd52ef4216e3@guest.10.1.3.16
>>>> >> >
>>>> >> > And after I try to login it says:
>>>> >> >
>>>> >> > Sep 23 19:25:26 mod_bosh info New BOSH session, assigned
it
>>>> >> > sid
>>>> >> > 'a4a1b27f-2403-468a-bf16-0d740710d073'
>>>> >> >
>>>> >> > And then it just sits there...
>>>> >> >
>>>> >> > I don't have any DNS name assigned to the server, can that be
the
>>>> >> > problem?
>>>> >> >
>>>> >> > Kindest regards,
>>>> >> > Mathias
>>>> >> >
>>>> >> >
>>>> >> > _______________________________________________
>>>> >> > users mailing list
>>>> >> > users@jitsi.org
>>>> >> > Unsubscribe instructions and other list options:
>>>> >> > http://lists.jitsi.org/mailman/listinfo/users
>>>> >>
>>>> >> _______________________________________________
>>>> >> users mailing list
>>>> >> users@jitsi.org
>>>> >> Unsubscribe instructions and other list options:
>>>> >> http://lists.jitsi.org/mailman/listinfo/users
>>>> >
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > users mailing list
>>>> > users@jitsi.org
>>>> > Unsubscribe instructions and other list options:
>>>> > http://lists.jitsi.org/mailman/listinfo/users
>>>>
>>>> _______________________________________________
>>>> users mailing list
>>>> users@jitsi.org
>>>> Unsubscribe instructions and other list options:
>>>> http://lists.jitsi.org/mailman/listinfo/users
>>>
>>>
>>
>
>
> _______________________________________________
> users mailing list
> users@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users