General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] Authentication Problem Using Samba4


Chronological Thread 
  • From: "Christian Naumer" ( ) < >
  • To:
  • Subject: Re: [SOGo] Authentication Problem Using Samba4
  • Date: Tue, 9 Apr 2019 21:06:44 +0200
  • Dmarc-filter: OpenDMARC Filter v1.2.0 mail.inverse.ca 9428A1DE516C
  • Openpgp: preference=signencrypt

Iam not 100% sure but you connect without ssl/TLS I don't know if Samba
AD permits this.
We use LDAPS and it works. You then need to configure
/etc/openldap/ldap.conf to accept your certificates.

Regards

Christian

Am 09.04.19 um 17:16 schrieb Keith Howard
( ):
> Hello,
>
> I am using Samba 4.9.4 compiled from source, MariaDB 5.5..60-1 (RPM), and
> SOGo 4.0.7 (nightly RPMs).
>
> sogo.conf:
>
> {
> /* ********************* Main SOGo configuration file
> **********************
>
> *
> *
> * Since the content of this file is a dictionary in OpenStep plist
> format, *
> * the curly braces enclosing the body of the configuration are
> mandatory. *
> * See the Installation Guide for details on the
> format. *
>
> *
> *
> * C and C++ style comments are
> supported. *
>
> *
> *
> * This example configuration contains only a subset of all
> available *
> * configuration parameters. Please see the installation guide more
> details. *
>
> *
> *
> * ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this
> file, *
> * make sure to move it away to avoid unwanted parameter
> overrides. *
>
> *
> *
> *
> **************************************************************************/
>
> /* Database configuration (mysql:// or postgresql://) */
> SOGoProfileURL =
> "mysql://sogo:<redacted>@localhost:3306/sogo/sogo_user_profile";
> OCSFolderInfoURL = "mysql://sogo: <redacted>
> @localhost:3306/sogo/sogo_folder_info";
> OCSSessionsFolderURL = "mysql://sogo: <redacted>
> @localhost:3306/sogo/sogo_sessions_folder";
>
> /* Mail */
> SOGoDraftsFolderName = Drafts;
> SOGoSentFolderName = Sent;
> SOGoTrashFolderName = Trash;
> SOGoIMAPServer = localhost;
> SOGoSieveServer = sieve://127.0.0.1:4190;
> SOGoSMTPServer = 127.0.0.1;
> SOGoMailDomain = medinaco.lan;
> SOGoMailingMechanism = smtp;
> //SOGoForceExternalLoginWithEmail = NO;
> //SOGoMailSpoolPath = /var/spool/sogo;
> //NGImap4ConnectionStringSeparator = "/";
>
> /* Notifications */
> //SOGoAppointmentSendEMailNotifications = NO;
> //SOGoACLsSendEMailNotifications = NO;
> //SOGoFoldersSendEMailNotifications = NO;
>
> /* Authentication */
> //SOGoPasswordChangeEnabled = YES;
>
> /* LDAP authentication example */
> //SOGoUserSources = (
> // {
> // type = ldap;
> // CNFieldName = cn;
> // UIDFieldName = uid;
> // IDFieldName = uid; // first field of the DN for direct binds
> // bindFields = (uid, mail); // array of fields to use for indirect
> binds
> // baseDN = "dc=medinaco,dc=lan";
> // bindDN = "uid=sogo,ou=users,dc=acme,dc=com";
> // bindPassword = qwerty;
> // canAuthenticate = YES;
> // displayName = "Shared Addresses";
> // hostname = ldap://127.0.0.1:389;
> // id = public;
> // isAddressBook = YES;
> // }
> //);
>
> /* LDAP AD/Samba4 example */
> SOGoUserSources = (
> {
> type = ldap;
> CNFieldName = cn;
> IDFieldName = sAMAccountName;
> UIDFieldName = sAMAccountName;
> baseDN = "CN=Users,DC=medinaco,DC =lan";
> bindDN = "CN=Administrator,CN=Users,DC=medinaco,DC=lan";
> bindFields = (sAMAccountName,mail,userPrincipalName);
> bindPassword = <redacted> ;
> canAuthenticate = YES;
> displayName = "Public";
> hostname = "ldap://localhost";;
> id = public;
> isAddressBook = YES;
> scope = SUB;
>
> }
> );
>
>
> /* SQL authentication example */
> /* These database columns MUST be present in the view/table:
> * c_uid - will be used for authentication - it's the username or
> )
> * c_name - which can be identical to c_uid - will be used to
> uniquely identify entries
> * c_password - password of the user, plain-text, md5 or sha encoded
> for now
> * c_cn - the user's common name - such as "John Doe"
> * mail - the user's mail address
> * See the installation guide for more details
> */
> //SOGoUserSources =
> // (
> // {
> // type = sql;
> // id = directory;
> // viewURL = "postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_view";
> // canAuthenticate = YES;
> // isAddressBook = YES;
> // userPasswordAlgorithm = md5;
> // }
> // );
>
> /* Web Interface */
> SOGoPageTitle = SOGo;
> SOGoVacationEnabled = YES;
> SOGoForwardEnabled = YES;
> SOGoSieveScriptsEnabled = YES;
> //SOGoMailAuxiliaryUserAccountsEnabled = YES;
> //SOGoTrustProxyAuthentication = NO;
> //SOGoXSRFValidationEnabled = YES;
>
> /* General - SOGoTimeZone *MUST* be defined */
> SOGoLanguage = English;
> SOGoTimeZone = America/New_York;
> //SOGoCalendarDefaultRoles = (
> // PublicDAndTViewer,
> // ConfidentialDAndTViewer
> //);
> SOGoSuperUsernames = (khoward); // This is an array - keep the parens!
> SxVMemLimit = 1000;
> //WOPidFile = "/var/run/sogo/sogo.pid";
> SOGoMemcachedHost = "/var/run/memcached.sock";
>
> /* Debug */
> //SOGoDebugRequests = YES;
> //SoDebugBaseURL = YES;
> //ImapDebugEnabled = YES;
> //LDAPDebugEnabled = YES;
> //PGDebugEnabled = YES;
> //MySQL4DebugEnabled = YES;
> //SOGoUIxDebugEnabled = YES;
> //WODontZipResponse = YES;
> //WOLogFile = /var/log/sogo/sogo.log;
> }
> ***** END SOGO.CONF*****
>
> The sogod service starts, and I goto http://medinaco.lan/SOGo, to which I
> am presented with the SOGo login page.
> I attempt to login and receive a wrong username or password error.
>
> In my sogo.log:
> 2019-04-09 11:10:39.298 sogod[17938:17938] Creating NGLdapConnection
> instance for bindDN 'CN=Administrator,CN=Users,DC=medinaco,DC=lan'
> Apr 09 11:10:39 sogod [17938]: SOGoRootPage Login from '172.16.42.253' for
> user 'khoward' might not have worked - password policy: 65535 grace: -1
> expire: -1 bound: 0
> Apr 09 11:10:39 sogod [17938]: 172.16.42.253 "POST /SOGo/connect HTTP/1.1"
> 403 34/67 0.046 - - 40K
>
> I can login to mariadb using sogo user/pass and view/edit tables.
> I can login to Windows authenticating with SAMBA AD username/password.
>
> I don't know what else to do to get this to work.
> Could someone assist me with this?
>
> Thanks.
>
> Keith
>

--
Dr. Christian Naumer
Research Scientist
Plattform-Koordinator Bioprozesstechnik

B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail
,
homepage www.brain-biotech.de
fon +49-6251-9331-30 / fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Dr. Juergen Eck (Vorsitzender), Manfred Bender,
Ludger Roedder
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen



Archive powered by MHonArc 2.6.18.

Top of page