I am libstrophe example client program bot.c and trying to connect with ejabberd server.
I am facing authentication failure. Please refer the log below.
xmpp DEBUG Connecting via altdomain.
xmpp DEBUG sock_connect() to 127.0.0.1:5222 returned 3
xmpp DEBUG Attempting to connect to 127.0.0.1
xmpp DEBUG connection successful
conn DEBUG SENT: <?xml version="1.0"?><stream:stream to="prakash.com" xml:lang="en" version="1.0" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams">
xmpp DEBUG RECV: <stream:stream id="16900185530209358531" version="1.0" lang="en" from="prakash.com">
xmpp DEBUG RECV: <features xmlns="http://etherx.jabber.org/streams"><c hash="sha-1" xmlns="http://jabber.org/protocol/caps" node="http://www.process-one.net/en/ejabberd/" ver="LSc28EBBWo2uA2P3nRDU+sBlbsc="/><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>X-OAUTH2</mechanism><mechanism>SCRAM-SHA-1</mechanism></mechanisms></features>
conn DEBUG SENT: <auth mechanism="SCRAM-SHA-1" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">biwsbj1CVlAscj0zZjMwOTQ5N2IyYTEwZDYzNjUwZTRiNzEwMmY3Zjk1</auth>
xmpp DEBUG RECV: <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>
xmpp DEBUG handle SCRAM-SHA-1 (challenge) called for failure
xmpp DEBUG SASL SCRAM-SHA-1 auth failed
conn DEBUG SENT: <auth mechanism="DIGEST-MD5" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/>
xmpp DEBUG RECV: <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">bm9uY2U9IjcwOTEwMTI1NzE1NzkzNzMyOTkiLHFvcD0iYXV0aCIsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=</challenge>
xmpp DEBUG handle digest-md5 (challenge) called for challenge
conn DEBUG SENT: <response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dXNlcm5hbWU9IkJWUCIscmVhbG09InByYWthc2guY29tIixub25jZT0iNzA5MTAxMjU3MTU3OTM3MzI5OSIsY25vbmNlPSJhMjZkZWQ0M2Y4MmMiLG5jPTAwMDAwMDAxLHFvcD1hdXRoLGRpZ2VzdC11cmk9InhtcHAvcHJha2FzaC5jb20iLHJlc3BvbnNlPWEyYTVlMDIwYTNkZjc1NmY1NTAxZDBkYzMyMDliOGQ5LGNoYXJzZXQ9dXRmLTg=</response>
xmpp DEBUG RECV: <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>
xmpp DEBUG handle digest-md5 (rspauth) called for failure
xmpp DEBUG SASL DIGEST-MD5 auth failed
conn DEBUG SENT: <auth mechanism="PLAIN" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">AEJWUABhZG1pbjEyMw==</auth>
xmpp DEBUG RECV: <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>
xmpp DEBUG SASL PLAIN auth failed
auth ERROR Cannot authenticate without resource
conn DEBUG SENT: </stream:stream>
xmpp DEBUG RECV: </stream:stream>
xmpp DEBUG Closing socket.
DEBUG: disconnected
event DEBUG Stopping event loop.
event DEBUG Event loop completed.
Can someone help me on this how to resolve this authentication problem?
Libstrophe tries supported authentication mechanisms one by one until one succeeds or all fail. The problem is on server side and given logs don't provide enough information to reveal it.
SCRAM-SHA-1 mechanism fails after the 1st stanza. This means that server rejects authentication when only username is sent. I would suggest to check if such a user exists (I'm not sure if it case-sensitive). If this doesn't help look at ejabberd logs.
Take into account that PLAIN mechanism sends base64-encoded login/password and anyone can decode it. Therefore, I would suggest to remove encoded password from libstrophe's logs like this:
conn DEBUG SENT: <auth mechanism="PLAIN" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">*REDACTED*</auth>
When all authentication mechanisms fail libstrophe tries legacy client authentication. In this case it needs a resource to build <iq> stanza. Logs show the next error message since a resource was not added to jid:
auth ERROR Cannot authenticate without resource
When login/password are correct and there is no problem with jabber server the authentication should succeed on the 1st supported mechanism and legacy authentication shouldn't be called. Therefore, it is safe to ignore the last error message.
Edit the below parameters in ejabbered.yml file.
auth_password_format: scram
s2s_protocol_options:
- "no_sslv3"
save the file .
Stop and start the ejabbered Server.
Now Register the user in the server side and run the bot example in the libstrophe library.
Related
I have Keycloak running in a Kubernetes cluster. Authentication works but I need to set up e-mail to be able to send e-mails for verification and password reset.
I have SendGrid set up as an SMTP Relay. These settings (host, port and api key) work when I send mail using the SendGrid java client. However, when pressing Test connection in KeyCloak I get:
[Error] Failed to load resource: the server responded with a status of 500 ()
[Debug] Remove message (services.js, line 14)
[Debug] Added message (services.js, line 15)
[Error] Can't find variable: error
https://<domain>/auth/resources/ong8v/admin/keycloak/js/controllers/realm.js:76 – "Possibly unhandled rejection: {}"
[Debug] Remove message (services.js, line 14)
There isn't much to go on here. I have an e-mail address set up for the currently logged in user. I've also tried resetting the password in case the Test connection functionality was broken but that didn't work either.
The Realm Settings settings user for email are as such:
host: smtp.sendgrid.net
port: 587
from: test#<domain>
Enable StartTLS: true
Username: "apikey"
Password: <api key>
Any idea what can be wrong? Or how to find out? For instance, maybe I can get a more meaningful error message somehow.
Edit:
I got the server logs.
Failed to send email: com.sun.mail.util.MailConnectException: Couldn't connect to host, port: smtp.sendgrid.net, 587; timeout 10000;
nested exception is: java.net.SocketTimeoutException: connect timed out
Edit 2:
I've tried sending mail using Telnet using the exact same settings and that works. So apparently it's something with Keycloak or its underlying Java libraries that's causing issues sending e-mail.
Turns out that Keycloak works and that emails were blocked by the hosting provider.
I am working with Java Mail API, i am getting this strange error: "Initial Access check failure"
My configuration looks fine, URL, user, pwd, etc. Just cannot figure out why this message comes up.
550 5.7.1 Initial access check failure
DEBUG SMTP: got response code 550, with response: 550 5.7.1 Initial access check failure
RSET
250 2.5.0 Ok.
DEBUG SMTP: MessagingException while sending, THROW:
com.sun.mail.smtp.SMTPSendFailedException: 550 5.7.1 Initial access check failure
;
nested exception is:
com.sun.mail.smtp.SMTPSenderFailedException: 550 5.7.1 Initial access check failure
at com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:2133)
at com.sun.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:1630)
at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:1132)
at javax.mail.Transport.send0(Transport.java:254)
at javax.mail.Transport.send(Transport.java:124)
at com.mrd.utilities.SendMailMessage.sendNewsMobileDeviceAlert(SendMailMessage.java:277)
at DBManager.sendLowVolumeEmailAlert(DBManager.java:241)
at DBManager.executeQuery(DBManager.java:168)
at DBManager.getConnection(DBManager.java:109)
at MainClass.main(MainClass.java:37)
Caused by: com.sun.mail.smtp.SMTPSenderFailedException: 550 5.7.1 Initial access check failure
at com.sun.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:1637)
... 8 more
QUIT
221 2.3.0 Bye received. Goodbye.
I got this issue and resolved it by providing access to my server and sender email id on SMTP server. SMTP servers are restricted as to which server can send email from what sender email id. Contact with your SMTP administrator have them grant permission to your server ip and sender email id.
I want to send an email via GMail server.
TRY
SMTP.Connect; // <---- This is TIdSMTP
EXCEPT
Log.AddError('Cannot connect to the email server.');
END;
if SMTP.Connected then
TRY
SMTP.Send(MailMessage);
EXCEPT
on E:Exception DO
begin
Log.AddError('Connected to server but could not send email!');
Log.AddError(E.Message);
end;
END;
if SMTP.Connected
then SMTP.Disconnect;
This piece of code worked in 2014 with Delphi XE.
The program connects to the server ok but in the end it says "SSL is not available on this server":
Resolving hostname smtp.Gmail.com.
Connecting to 74.125.xxx.xxx
Connected.
Connected to SMTP server...
SSL status: "before/connect initialization"
SSL status: "before/connect initialization"
SSL status: "SSLv3 write client hello A"
SSL status: "SSLv3 read server hello A"
SSL status: "SSLv3 read server hello A"
Disconnected.
Connected to server but could not send email!
SSL is not available on this server.
I have the latest version of OpenSSL (downloaded today) and Delphi XE7.
The WireShark says:
Alert (Level: Fatal, Description: Protocol version)
Why I cannot send email?
I have tried all: no TSL, implicit, explicit, startTSL...
SOLUTION: sslvTLSv1 must be included in the SSLIOHandler.SSLVersions property.
I am trying to decrypt the https traffic by fiddler2 which has just been upgraded.
What is the problem to get this errror?
17:27:45:6821 !SecureClientPipeDirect failed: System.IO.IOException Unable to read data from the transport connection: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. < A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond on pipe to (CN=192.168.0.100, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
Thanks
The error message indicates that the client failed to complete the HTTPS handshake. What was the client? This message typically indicates that the client isn't configured to trust Fiddler's Root Certificate.
What, if any, other messages are shown on the Log tab?
I have set up the following publisher in CruiseControl:
<jabber host="my.network.local"
port="5222"
username="cruisecontrol"
password="cruisecontrol"
recipient="builds#conference.my.network.local"
chatroom="true"
buildresultsurl="http://cruise.control.net:7070/dashboard/tab/build/detail/customer" />
If I set chatroom to FALSE and enter a single recipient, everything works great. The problem I have is sending sending the build notification to a chat room. I set the chatroom value to TRUE and enter the fully qualified chatroom name I get the following error:
2009-10-16 13:34:10,818 [Thread-70897] ERROR JabberPublisher - Could not send message to recipient or chat room
No response from server.:
at org.jivesoftware.smack.GroupChat.join(GroupChat.java:162)
at org.jivesoftware.smack.GroupChat.join(GroupChat.java:123)
at net.sourceforge.cruisecontrol.publishers.JabberPublisher.init(JabberPublisher.java:146)
at net.sourceforge.cruisecontrol.publishers.JabberPublisher.publish(JabberPublisher.java:201)
at net.sourceforge.cruisecontrol.Project.publish(Project.java:742)
at net.sourceforge.cruisecontrol.Project.build(Project.java:264)
at net.sourceforge.cruisecontrol.Project.execute(Project.java:147)
at net.sourceforge.cruisecontrol.ProjectConfig.execute(ProjectConfig.java:402)
at net.sourceforge.cruisecontrol.ProjectWrapper.run(ProjectWrapper.java:69)
at java.lang.Thread.run(Thread.java:619)
Has anyone been able to send build messages to a Jabber chatroom using this method?
I haven't used Jabber with CruiseControl, but have you tried connecting to that port manually from your server running CC?
Like:
telnet my.network.local 5222
Can you log any of the xmpp / jabber packets from the client to server and back? We can see the CruiseControl config file and the java error, but we can't see what xmpp packets are actually being sent and received. That may be key in the troubleshooting.