Unauthorized to start the conference after enable Secure Domain config

freg · March 22, 2020, 10:38pm

I’m trying to set up Jitsi, Jicofo and Jibri so that only new meetings can be started by authenticated users. I followed the Secure domain documentation on https://github.com/jitsi/jicofo .

So when I try to start a meeting, I get asked for the login and password, but then it eternally hangs on “Connecting”. In the browser console I constantly see these messages:

2020-03-22T21:45:54.393Z [modules/xmpp/moderator.js] <d.prototype._allocateConferenceFocusError>:  Unauthorized to start the conference 
<iq id="a76206d3-72c4-4933-b2e1-5fffb94384c6:sendIQ" from="focus.host.mydomain.com" to="1rtcby_3fxwb1j9e@guest.host.mydomain.com/Dv31_l16" xmlns="jabber:client" type="error">
Logger.js:154:22
2020-03-22T21:45:54.409Z [conference.js] <_onConferenceFailed>:  CONFERENCE FAILED: conference.authenticationRequired

My prosody config looks like this:
VirtualHost “host.mydomain.com”
authentication = “ldap”
ldap_base = “ou=People,dc=mydomain,dc=com”
ldap_server = “localhost”
ssl = {
key = “/etc/prosody/certs/host.mydomain.com.key”;
certificate = “/etc/prosody/certs/host.mydomain.com.crt”;
}
– we need bosh
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
}
c2s_require_encryption = false
consider_bosh_secure = true
Component “conference.host.mydomain.com” “muc”
storage = “memory”
admins = { “focus@auth.host.mydomain.com” }
Component “jitsi-videobridge.host.mydomain.com”
component_secret = “ubegAKlw”
VirtualHost “auth.host.mydomain.com”
ssl = {
key = “/etc/prosody/certs/auth.host.mydomain.com.key”;
certificate = “/etc/prosody/certs/auth.host.mydomain.com.crt”;
}
authentication = “internal_plain”
Component “focus.host.mydomain.com”
component_secret = “mwcfxflW”
VirtualHost “guest.host.mydomain.com”
authentication = “anonymous”
c2s_require_encryption = false
Component “internal.auth.host.mydomain.com” “muc”
modules_enabled = {
“ping”;
}
storage = “memory”
muc_room_cache_size = 1000
VirtualHost “localhost”
VirtualHost “recorder.host.mydomain.com”
modules_enabled = {
“ping”;
}
authentication = “internal_plain”

LDAP authentication is working fine when connecting with an XMPP client to host.mydomain.com

How could I fix this?

reset · March 23, 2020, 12:10am

Just double your Jicofo config from the secured domain link you posted.

If you have Jicofo installed from the Debian package this should go directly to /etc/jitsi/jicofo/sip-communicator.properties file:

org.jitsi.jicofo.auth.URL=XMPP:jitsi-meet.example.com

Other things to try:
Restart prosody, jicofo, and jvb OR
Reboot the server if you can (I’ve seen the “connecting” window move to the next step after a reboot… don’t know why or how )

freg · March 23, 2020, 10:08am

Tried a reboot, did not help. /etc/jitsi/jicofo/sip-communicator.properties file looks like this:

org.jitsi.jicofo.jibri.BREWERY=JibriBrewery@internal.host.mydomain.com
org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90
org.jitsi.jicofo.auth.URL=XMPP:host.mydomain.com

AJ-Olive · April 25, 2020, 12:16am

I can confirm after hours of banging my head against the wall, restarting services and so forth and going over and over my ldap cfg lua file that a simple server reboot fixed this. No idea why either but a simple reboot and able to authenticate using LDAP to AD without issue.