General discussion on installation and configuration of SOGo

Text archives Help


[SOGo] Authentication Problem Using Samba4


Chronological Thread 
  • From: "Keith Howard" ( ) < >
  • To:
  • Subject: [SOGo] Authentication Problem Using Samba4
  • Date: Tue, 9 Apr 2019 11:16:06 -0400
  • Dmarc-filter: OpenDMARC Filter v1.2.0 mail.inverse.ca C6E861DE5060

Hello,

I am using Samba 4.9.4 compiled from source, MariaDB 5.5..60-1 (RPM), and SOGo 4.0.7 (nightly RPMs).

sogo.conf:

{
  /* *********************  Main SOGo configuration file  **********************
   *                                                                           *
   * Since the content of this file is a dictionary in OpenStep plist format,  *
   * the curly braces enclosing the body of the configuration are mandatory.   *
   * See the Installation Guide for details on the format.                     *
   *                                                                           *
   * C and C++ style comments are supported.                                   *
   *                                                                           *
   * This example configuration contains only a subset of all available        *
   * configuration parameters. Please see the installation guide more details. *
   *                                                                           *
   * ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this file,    *
   * make sure to move it away to avoid unwanted parameter overrides.          *
   *                                                                           *
   * **************************************************************************/

  /* Database configuration (mysql:// or postgresql://) */
  SOGoProfileURL = "mysql://sogo:<redacted>@localhost:3306/sogo/sogo_user_profile";
  OCSFolderInfoURL = "mysql://sogo: <redacted> @localhost:3306/sogo/sogo_folder_info";
  OCSSessionsFolderURL = "mysql://sogo: <redacted> @localhost:3306/sogo/sogo_sessions_folder";

  /* Mail */
  SOGoDraftsFolderName = Drafts;
  SOGoSentFolderName = Sent;
  SOGoTrashFolderName = Trash;
  SOGoIMAPServer = localhost;
  SOGoSieveServer = sieve://127.0.0.1:4190;
  SOGoSMTPServer = 127.0.0.1;
  SOGoMailDomain = medinaco.lan;
  SOGoMailingMechanism = smtp;
  //SOGoForceExternalLoginWithEmail = NO;
  //SOGoMailSpoolPath = /var/spool/sogo;
  //NGImap4ConnectionStringSeparator = "/";

  /* Notifications */
  //SOGoAppointmentSendEMailNotifications = NO;
  //SOGoACLsSendEMailNotifications = NO;
  //SOGoFoldersSendEMailNotifications = NO;

  /* Authentication */
  //SOGoPasswordChangeEnabled = YES;

  /* LDAP authentication example */
  //SOGoUserSources = (
  //  {
  //    type = ldap;
  //    CNFieldName = cn;
  //    UIDFieldName = uid;
  //    IDFieldName = uid; // first field of the DN for direct binds
  //    bindFields = (uid, mail); // array of fields to use for indirect binds
  //    baseDN = "dc=medinaco,dc=lan";
  //    bindDN = "uid=sogo,ou=users,dc=acme,dc=com";
  //    bindPassword = qwerty;
  //    canAuthenticate = YES;
  //    displayName = "Shared Addresses";
  //    hostname = ldap://127.0.0.1:389;
  //    id = public;
  //    isAddressBook = YES;
  //  }
  //);

  /* LDAP AD/Samba4 example */
  SOGoUserSources = (
    {
      type = ldap;
      CNFieldName = cn;
      IDFieldName = sAMAccountName;
      UIDFieldName = sAMAccountName;
      baseDN = "CN=Users,DC=medinaco,DC    =lan";
      bindDN = "CN=Administrator,CN=Users,DC=medinaco,DC=lan";
      bindFields = (sAMAccountName,mail,userPrincipalName);
      bindPassword =  <redacted> ;
      canAuthenticate = YES;
      displayName = "Public";
      hostname = "ldap://localhost";
      id = public;
      isAddressBook = YES;
      scope = SUB;

    }
  );


  /* SQL authentication example */
  /*  These database columns MUST be present in the view/table:
   *    c_uid - will be used for authentication -  it's the username or )
   *    c_name - which can be identical to c_uid -  will be used to uniquely identify entries
   *    c_password - password of the user, plain-text, md5 or sha encoded for now
   *    c_cn - the user's common name - such as "John Doe"
   *    mail - the user's mail address
   *  See the installation guide for more details
   */
  //SOGoUserSources =
  //  (
  //    {
  //      type = sql;
  //      id = directory;
  //      viewURL = "postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_view";
  //      canAuthenticate = YES;
  //      isAddressBook = YES;
  //      userPasswordAlgorithm = md5;
  //    }
  //  );

  /* Web Interface */
  SOGoPageTitle = SOGo;
  SOGoVacationEnabled = YES;
  SOGoForwardEnabled = YES;
  SOGoSieveScriptsEnabled = YES;
  //SOGoMailAuxiliaryUserAccountsEnabled = YES;
  //SOGoTrustProxyAuthentication = NO;
  //SOGoXSRFValidationEnabled = YES;

  /* General - SOGoTimeZone *MUST* be defined */
  SOGoLanguage = English;
  SOGoTimeZone = America/New_York;
  //SOGoCalendarDefaultRoles = (
  //  PublicDAndTViewer,
  //  ConfidentialDAndTViewer
  //);
  SOGoSuperUsernames = (khoward); // This is an array - keep the parens!
  SxVMemLimit = 1000;
  //WOPidFile = "/var/run/sogo/sogo.pid";
  SOGoMemcachedHost = "/var/run/memcached.sock";
 
  /* Debug */
  //SOGoDebugRequests = YES;
  //SoDebugBaseURL = YES;
  //ImapDebugEnabled = YES;
  //LDAPDebugEnabled = YES;
  //PGDebugEnabled = YES;
  //MySQL4DebugEnabled = YES;
  //SOGoUIxDebugEnabled = YES;
  //WODontZipResponse = YES;
  //WOLogFile = /var/log/sogo/sogo.log;
}
***** END SOGO.CONF*****

The sogod service starts, and I goto http://medinaco.lan/SOGo, to which I am presented with the SOGo login page.
I attempt to login and receive a wrong username or password error.

In my sogo.log:
2019-04-09 11:10:39.298 sogod[17938:17938] Creating NGLdapConnection instance for bindDN 'CN=Administrator,CN=Users,DC=medinaco,DC=lan'
Apr 09 11:10:39 sogod [17938]: SOGoRootPage Login from '172.16.42.253' for user 'khoward' might not have worked - password policy: 65535  grace: -1  expire: -1  bound: 0
Apr 09 11:10:39 sogod [17938]: 172.16.42.253 "POST /SOGo/connect HTTP/1.1" 403 34/67 0.046 - - 40K

I can login to mariadb using sogo user/pass and view/edit tables.
I can login to Windows authenticating with SAMBA AD username/password.

I don't know what else to do to get this to work.
Could someone assist me with this?

Thanks.

Keith



Archive powered by MHonArc 2.6.18.

Top of page