1 Topic by bdushok

  • bdushok
  • Member
  • Offline
  • Registered: 2019-03-25
  • Posts: 55

Topic: Authentication no longer working

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.99
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version: Centos 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes -
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I've been setting up iRedMail for deployment later this month.   I had to move on to other projects so this server has been idle for about 2 weeks.  When I moved back to it today I found I was unable to authenticate with SOGo or iRedMailAdminPro.   Existing users do not work.   

I rebooted the server.   No change.

I attempted to bind to the LDAP server using an LDAP browser, it worked fine.   I used the vmailadmin user when binding.

I have no idea what happened over the past two weeks when the server was idle.   

Does authentication between iRedMailAdmin-Pro and the LDAP get logged?    When attempting to login the following appears in /var/log/messages:
May  2 13:28:53 stmail uwsgi: stmail.luzerne.edu [pid: 6337|app: 1|req: 7/8] 10.3.138.2 () {60 vars in 1795 bytes} [Thu May  2 13:28:53 2019] POST /iredadmin/login => generated 0 bytes in 15 msecs (HTTP/1.1 303) 3 headers in 230 bytes (2 switches on core 0)
May  2 13:28:53 stmail uwsgi: stmail.luzerne.edu [pid: 6337|app: 1|req: 8/9] 10.3.138.2 () {56 vars in 1727 bytes} [Thu May  2 13:28:53 2019] GET /iredadmin/login?msg=INVALID_CREDENTIALS => generated 5307 bytes in 169 msecs (HTTP/1.1 200) 2 headers in 145 bytes (2 switches on core 0)

The credentials I'm entering are correct.

When attempting to login using SOGo I received the following in /var/log/messages:
May  2 13:29:01 stmail systemd: Created slice User Slice of sogo.
May  2 13:29:01 stmail systemd: Started Session 192 of user sogo.
May  2 13:29:02 stmail systemd: Removed slice User Slice of sogo.
May  2 13:29:04 stmail php-fpm: [02-May-2019 13:29:04] NOTICE: [pool inet] child 25793 exited with code 0 after 30.002257 seconds from start
May  2 13:29:04 stmail php-fpm: [02-May-2019 13:29:04] NOTICE: [pool inet] child 25845 started

These errors don't seem to helpful.   Is there any middleware between LDAP and iRedAdminPro and/or SOGo?

Thanks,
Bob

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,011

Re: Authentication no longer working

The error message "INVALID_CREDENTIALS " means username or password is wrong.
Could you try to reset password and try again? FYI:
https://docs.iredmail.org/reset.user.password.html

3 Reply by bdushok

  • bdushok
  • Member
  • Offline
  • Registered: 2019-03-25
  • Posts: 55

Re: Authentication no longer working

ZhangHuangbin wrote:

The error message "INVALID_CREDENTIALS " means username or password is wrong.
Could you try to reset password and try again? FYI:
https://docs.iredmail.org/reset.user.password.html

Yes, that makes sense.   It seems unlikely that I forgot the passwords.   I haven't changed the postmaster account and I'm using the one I set on install and listed in the tips file.

As a test I just reset two account passwords, including postmaster, using the instructions you've linked to.   I'm not able to login to either account using SOGo.   The messages log still shows similar messages as before:
May  6 14:58:37 stmail php-fpm: [06-May-2019 14:58:37] NOTICE: [pool inet] child 29950 started
May  6 14:59:01 stmail systemd: Created slice User Slice of sogo.
May  6 14:59:01 stmail systemd: Started Session 7236 of user sogo.
May  6 14:59:02 stmail systemd: Removed slice User Slice of sogo.
May  6 14:59:04 stmail php-fpm: [06-May-2019 14:59:04] NOTICE: [pool inet] child 29887 exited with code 0 after 29.998921 seconds from start
May  6 14:59:04 stmail php-fpm: [06-May-2019 14:59:04] NOTICE: [pool inet] child 30480 started

Oddly, postmaster can now login to iRedAdminPro.   

Are there any logs which might explain what is causing the SOGo problem?

Thanks,
Bob

4 Reply by bdushok

  • bdushok
  • Member
  • Offline
  • Registered: 2019-03-25
  • Posts: 55

Re: Authentication no longer working

The password change I mentioned earlier enabled login for the postmaster account to iRedAdminPro, nothing else.    This password change was done at a command line using the link within ZhangHaungbin's message.   I changed all passwords (I only have three users!) but none could be used to login to SOGo.

I discovered if I use iRedAdminPro to change passwords the change also enables login to SOGo.   

It seems like my fix was to change the postmaster password from a command line and then to change all passwords via iRedAdminPro.

I'm hoping to someday figure out what happened.   I know I didn't forget these passwords in the two weeks or so I was off this project.

Bob


bdushok wrote:
ZhangHuangbin wrote:

The error message "INVALID_CREDENTIALS " means username or password is wrong.
Could you try to reset password and try again? FYI:
https://docs.iredmail.org/reset.user.password.html

Yes, that makes sense.   It seems unlikely that I forgot the passwords.   I haven't changed the postmaster account and I'm using the one I set on install and listed in the tips file.

As a test I just reset two account passwords, including postmaster, using the instructions you've linked to.   I'm not able to login to either account using SOGo.   The messages log still shows similar messages as before:
May  6 14:58:37 stmail php-fpm: [06-May-2019 14:58:37] NOTICE: [pool inet] child 29950 started
May  6 14:59:01 stmail systemd: Created slice User Slice of sogo.
May  6 14:59:01 stmail systemd: Started Session 7236 of user sogo.
May  6 14:59:02 stmail systemd: Removed slice User Slice of sogo.
May  6 14:59:04 stmail php-fpm: [06-May-2019 14:59:04] NOTICE: [pool inet] child 29887 exited with code 0 after 29.998921 seconds from start
May  6 14:59:04 stmail php-fpm: [06-May-2019 14:59:04] NOTICE: [pool inet] child 30480 started

Oddly, postmaster can now login to iRedAdminPro.   

Are there any logs which might explain what is causing the SOGo problem?

Thanks,
Bob

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,011

Re: Authentication no longer working

You need to enable debug mode in SOGo or OpenLDAP to see what LDAP queries it sends to OpenLDAP server.

FYI:

- https://docs.iredmail.org/debug.sogo.html
- https://docs.iredmail.org/debug.openldap.html