able to register but unable to login

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi All,
    Just installed ejabberd. The default ejabberd.cfg is what i am
using. I am running Ubuntu Edgy and installed ejabberd from the
repository.

   After installation, I tried to access it thru Gaim 2.0.0.Beta3.1. I
was able to register an admin account and also login to my web admin
page thru it after adding it to the admin tag in the cfg file. But I
am unable to login through Gaim. I am not sure what options I should
be selecting.

  This is the output of my ejabberd.log file

=INFO REPORT==== 2006-12-31 23:29:04 ===
I(<0.235.0>:ejabberd_listener:90): (#Port<0.727>) Accepted connection
{{192,168,0,107},1263} -> {{192,168,0,156},5223}

=ERROR REPORT==== 2006-12-31 23:29:04 ===
** State machine <0.735.0> terminating
** Last event in was {xmlstreamelement,
                         {xmlelement,"response",
                                     [{"xmlns",

"urn:ietf:params:xml:ns:xmpp-sasl"}],
                                     [{xmlcdata,

Re: able to register but unable to login

Oh, and this is the sasl.log file tail

=CRASH REPORT==== 31-Dec-2006::23:39:05 ===
  crasher:
    pid: <0.743.0>
    registered_name: []
    error_info: {badarg,[{ets,lookup,[crypto_server_table,port]},
                          {crypto,control,2},
                          {cyrsasl_digest,response,6},
                          {cyrsasl_digest,mech_step,2},
                          {cyrsasl,server_step,2},
                          {ejabberd_c2s,wait_for_sasl_response,2},
                          {gen_fsm,handle_msg,7},
                          {proc_lib,init_p,5}]}
    initial_call: {gen,init_it,
                      [gen_fsm,
                       <0.226.0>,
                       <0.226.0>,
                       ejabberd_c2s,
                       [{gen_tcp,#Port<0.732>},
                        [{access,c2s},
                         {max_stanza_size,65536},
                         tls,
                         {certfile,"/etc/ejabberd/ejabberd.pem"},
                         {shaper,c2s_shaper}]],
                       []]}
    ancestors: [ejabberd_c2s_sup,ejabberd_sup,<0.38.0>]
    messages: []
    links: [#Port<0.733>,<0.226.0>]

Active directory ldap auth problem

Hi:

 I am testing the ldap autentication using ejabber 1.1.2 on a debian 
Sarge,
there is some problem before to put on the production server i want to 
be
able to restrict the users who can use ejabberd as a client. Currently 
i
found no way to avoid administrator and others accounts to appear on 
the
roster and be able to login. I means accounts used by 
administrative
purpouses should not appear, maybe can be done using 
ldap_filter but i don't
find the way, if there is any help, i preciate 
it.

  I have no too many accounts , about 250 and five different 
organization
units on the Active Directory.
 Something i find hard to 
understand was that i need to put every user on
some group to appear, for 
that a global security group named jabberusers was
created, but any user who 
belongs to any other group also appear, that's
what i try to avoid. The 
administrative accounts also belongs to some groups
, i found no way to avoid 
this.

Re: Re: able to register but unable to login

Hello,

>From what I know the  Ubuntu packaging is broken as it does not seems to
have an Erlang compiled with crypto support.

--

-- 
Mickaël Rémond
 http://www.process-one.net/

Re: Re: able to register but unable to login

On 1/1/07, Mickael Remond <mickael.remond <at> process-one.net> wrote:
> Hello,
>
> >From what I know the  Ubuntu packaging is broken as it does not seems to
> have an Erlang compiled with crypto support.

It's not exactly true. Erlang in Ubuntu is built with crypto, but
loading crypto fails. See
https://bugs.launchpad.net/distros/ubuntu/+source/erlang/+bug/68163
for details.

I would say that using erlang in Ubuntu is not so good idea. The
package is just a rebuild of Debian erlang package, and it isn't paid
any attention from Ubuntu people (at least Edgy was released with this
critical bug without any doubts).

--

-- 
Sergei Golovan

Enabling verbose logging on Debian / Failing S2S with certain servers

Hi list

Does anybody know how I can enable verbose logging in Debian? The FAQ
says that I need to recompile ejabberd... surely there is an easier
way? :/

I need to debug something in ejabberd, as my server is failing to S2S
communicate with at least the servers operating on jabber.ru and
desrt.ca. The current logs just read:

=INFO REPORT==== 2007-01-01 14:59:26 ===
I(<0.6382.0>:ejabberd_s2s_out:106): started: {"weej.com",
                                              "conference.jabber.ru",
                                              {new,"3782444651"}}

=INFO REPORT==== 2007-01-01 15:00:35 ===
I(<0.6384.0>:ejabberd_s2s_out:106): started: {"weej.com",
                                              "desrt.ca",
                                              {new,"1709113412"}}

=INFO REPORT==== 2007-01-01 15:00:35 ===
I(<0.6384.0>:ejabberd_s2s_out:662): terminated: normal

Any help would be much appreciated.

Thanks!
--

-- 
Alex Jones <alex <at> weej.com>

Re: Re: able to register but unable to login

On mån, 2007-01-01 at 14:46 +0300, Sergei Golovan wrote:
> On 1/1/07, Mickael Remond <mickael.remond <at> process-one.net> wrote:
> > Hello,
> >
> > >From what I know the  Ubuntu packaging is broken as it does not seems to
> > have an Erlang compiled with crypto support.
> 
> It's not exactly true. Erlang in Ubuntu is built with crypto, but
> loading crypto fails. See
> https://bugs.launchpad.net/distros/ubuntu/+source/erlang/+bug/68163
> for details.
> 
> I would say that using erlang in Ubuntu is not so good idea. The
> package is just a rebuild of Debian erlang package, and it isn't paid
> any attention from Ubuntu people (at least Edgy was released with this
> critical bug without any doubts).
> 

One "solution" to the problem is installing the old erlang version from
dapper.

I tried compiling the newest otp*.tar.bz2 from erlang.org and using the
package from the ubuntu devel-verion, but the error didn't go away.

/Jonas

Re: ejabberd Digest, Vol 42, Issue 2

_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd

Re: Re: SSL/TLS with ICA

Jaco Kroon wrote:
>>Hello,
>>
>>Le 19 déc. 06 à 19:38, Jaco Kroon a écrit :
>>
>>
>>>Just applied to tlug.up.ac.za and the patch does indeed function
>>>correctly, by simply appending the intermediate certificate to the
>>>file
>>>the entire chain is properly passed to the client.
>>
>>Thank you for the feedback :)
>>We will also try it on our own production server, before considering
>>it for addition to the code base.
> 
> 
> However, it seems that the bug report had it correct.  After a while it
> simply stops responding.
> 
> tcpdump indicates that it actually does unclean teardowns of the
> connection, basically the SYN/ACK handshake happens, psi sends 124 bytes
> of data, the server ACKs it, and then immediate RSTs the connection. 
> Something dodgy is happening.

Hi guys,

I'm guessing it's time for some more feedback.

Not sure what the case was here, but it's been running for two weeks now
without issues, could simply be that the load was drastically lower of
Christmas/new-year and there might actually still be a problem or the
issue may have been caused by something else.

Jaco

_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd

RE: Active directory ldap auth problem

Jorge,

You want to pick the ldap_filter to filter on the security group
jabberusers.

{ldap_base, "DC=lan,DC=hab,DC=desoft,DC=cu"}.
{ldap_filter, "(memberOf=Jabberusers)"}.

That should only authenticate just the members of the Jabberusers
security group.

You can also look at the AD with:
ldapsearch -x -b "dc=lan,dc=hab,dc=desoft,dc=cu" -D
user <at> lan.hab.desoft.cu -h lan.hab.desoft.cu -W

-----------------------
Nathan Faust
Systems Administrator
Merchant Warehouse
Two International Place
Fourth Floor
Boston, MA  02110 
Phone:  617.896.5558
Fax:    617.854.8923
http://www.merchantwarehouse.com/ 

-----Original Message-----
From: ejabberd-bounces <at> jabber.ru [mailto:ejabberd-bounces <at> jabber.ru] On
Behalf Of Jorge Luis Becerra Peraza
Sent: Monday, January 01, 2007 2:38 AM
To: ejabberd <at> jabber.ru
Subject: [ejabberd] Active directory ldap auth problem

Hi:

 I am testing the ldap autentication using ejabber 1.1.2 on a debian
Sarge, there is some problem before to put on the production server i
want to be able to restrict the users who can use ejabberd as a client.
Currently i found no way to avoid administrator and others accounts to
appear on the roster and be able to login. I means accounts used by
administrative purpouses should not appear, maybe can be done using
ldap_filter but i don't find the way, if there is any help, i preciate
it.

  I have no too many accounts , about 250 and five different
organization units on the Active Directory.
 Something i find hard to
understand was that i need to put every user on some group to appear,
for that a global security group named jabberusers was created, but any
user who belongs to any other group also appear, that's what i try to
avoid. The administrative accounts also belongs to some groups , i found
no way to avoid this.

the relarted ldap part of ejabberd.conf look
like:

{auth_method, ldap}.
{ldap_servers,
["lan.hab.desoft.cu"]}.
{ldap_uidattr, "sAMAccountName"}.
{ldap_base,
"DC=lan,DC=hab,DC=desoft,DC=cu"}.
{ldap_rootdn,
"CN=someuser,CN=Users,DC=lan,DC=hab,DC=desoft,DC=cu"}.
{ldap_filter,
"(memberOf=*)"}.
{ldap_password, "passwordofsomeuser"}.

  
{mod_vcard_ldap,
    [{ldap_vcard_map,
    [{"NICKNAME", "%u", []},

{"GIVEN", "%s", ["givenName"]},
    {"MIDDLE", "%s", ["initials"]},

{"FAMILY", "%s", ["sn"]},
    {"FN", "%s", ["displayName"]},
    {"EMAIL",
"%s", ["mail"]},
    {"ORGNAME", "%s", ["company"]},
    {"ORGUNIT", "%s",
["department"]},
    {"CTRY", "%s", ["c"]},
    {"LOCALITY", "%s",
["l"]},
    {"STREET", "%s", ["streetAddress"]},
    {"REGION", "%s",
["st"]},
    {"PCODE", "%s", ["postalCode"]},
    {"TITLE", "%s",
["title"]},
    {"URL", "%s", ["wWWHomePage"]},
    {"DESC", "%s",
["description"]},
    {"TEL", "%s", ["telephoneNumber"]}]},

{ldap_search_fields,
    [{"User", "%u"},
    {"Name",
"givenName"},
    {"Family Name", "sn"},
    {"Email", "mail"},

{"Company", "company"},
    {"Department", "department"},
    {"Role",
"title"},
    {"Description", "description"},
    {"Phone",
"telephoneNumber"}]},
    {ldap_search_reported,
    [{"Full Name",
"FN"},
    {"Nickname", "NICKNAME"},
    {"Email", "EMAIL"}]}

]
    }.

{host_config, "hab.desoft.cu", [{auth_method, [anonymous, ldap]}]}.

  {mod_vcard_ldap,      [{search, true},

{allow_return_all, true},
      {matches, infinity},
      {host,
"jud.hab.desoft.cu"}]},

_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd