Hardware: Old laptop or computer YunoHost version: 11.2.9.1 (stable) I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | … [all of it] Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Description of my issue
I wanted to use a separate domain for XMPP than the main one, but while YunoHost does not report any other issues, I cannot connect to it.
What I did:
turn off XMPP on monolith.wheremymonkeyis.at (I did test before that it did actually work, so yay!)
add campfire.wheremymonkeyis.at domain and enable XMPP there (nothing else is bound to that)
make sure DNS and ports are OK
try to connect to XMPP (fail)
Results from trying to log in:
if I try to log in as {user}@campfire.wheremymonkeyis.at and its YunoHost password ↦ Wrong username of password (Dino); Unauthorised (Conversations)
if I try to log in as {user}@monolith.wheremymonkeyis.at ↦ Could not connect to monolith.wheremymonkeyis.at (expected, it did work when I was running XMPP on that domain, of course)
Metronome YunoHost logs after trying to log in a few times:
There is a /etc/metronome/conf.d/campfire.wheremymonkeyis.at.cfg.lua and at a quick glance it seems to be set up OK. (I have never set up an XMPP server before though)
Will do.
If I run xmppc -vvv on the server itself, I get the following error:
And even later still, this is how it the metronome.log looks like when I try to log into campfire.:
Jan 03 19:57:10 socket debug accepted incoming client connection from: 89.142.188.11 44166 to 5222
Jan 03 19:57:10 c2s5601360348a0 info Client connected
Jan 03 19:57:10 c2s5601360348a0 debug Client sent opening <stream:stream> to campfire.wheremymonkeyis.at
Jan 03 19:57:10 c2s5601360348a0 debug Sent reply <stream:stream> to client
Jan 03 19:57:10 c2s5601360348a0 debug Received[c2s_unauthed]: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
Jan 03 19:57:10 socket debug try to start ssl at client id: 5601360348a0
Jan 03 19:57:10 socket debug ssl session delayed until writebuffer is empty...
Jan 03 19:57:10 c2s5601360348a0 debug TLS negotiation started for c2s_unauthed...
Jan 03 19:57:10 socket debug starting ssl handshake after writing
Jan 03 19:57:10 socket debug starting handshake...
Jan 03 19:57:10 socket debug ssl handshake of client with id:table: 0x5601360348a0, attempt:1
Jan 03 19:57:10 socket debug ssl handshake of client with id:table: 0x5601360348a0, attempt:2
Jan 03 19:57:10 socket debug ssl handshake of client with id:table: 0x5601360348a0, attempt:3
Jan 03 19:57:10 socket debug ssl handshake of client with id:table: 0x5601360348a0, attempt:4
Jan 03 19:57:10 socket debug ssl handshake of client with id:table: 0x5601360348a0, attempt:5
Jan 03 19:57:10 socket debug ssl handshake of client with id:table: 0x5601360348a0, attempt:6
Jan 03 19:57:10 socket debug ssl handshake done
Jan 03 19:57:10 c2s5601360348a0 debug Client sent opening <stream:stream> to campfire.wheremymonkeyis.at
Jan 03 19:57:10 c2s5601360348a0 debug Sent reply <stream:stream> to client
Jan 03 19:57:10 c2s5601360348a0 debug Received </stream:stream>
Jan 03 19:57:10 c2s5601360348a0 info c2s stream for <89.142.188.11> closed: session closed
Jan 03 19:57:10 c2s5601360348a0 debug Destroying session for (unknown) ((unknown)@campfire.wheremymonkeyis.at)
Jan 03 19:57:10 socket debug try to close client connection with id: 5601360348a0
Jan 03 19:57:10 socket debug closing delayed until writebuffer is empty
Jan 03 19:57:10 socket debug closing client after writing
Jan 03 19:57:10 socket debug closing client with id: 5601360348a0 client to close
Jan 03 19:57:10 c2s5601360348a0 info Client disconnected: connection closed
Jan 03 19:57:21 socket debug accepted incoming client connection from: 89.142.188.11 32860 to 5222
Jan 03 19:57:21 c2s560136295fc0 info Client connected
Jan 03 19:57:21 c2s560136295fc0 debug Client sent opening <stream:stream> to campfire.wheremymonkeyis.at
Jan 03 19:57:21 c2s560136295fc0 debug Sent reply <stream:stream> to client
Jan 03 19:57:22 c2s560136295fc0 debug Received[c2s_unauthed]: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
Jan 03 19:57:22 socket debug try to start ssl at client id: 560136295fc0
Jan 03 19:57:22 socket debug ssl session delayed until writebuffer is empty...
Jan 03 19:57:22 c2s560136295fc0 debug TLS negotiation started for c2s_unauthed...
Jan 03 19:57:22 socket debug starting ssl handshake after writing
Jan 03 19:57:22 socket debug starting handshake...
Jan 03 19:57:22 socket debug ssl handshake of client with id:table: 0x560136295fc0, attempt:1
Jan 03 19:57:22 socket debug ssl handshake of client with id:table: 0x560136295fc0, attempt:2
Jan 03 19:57:22 socket debug ssl handshake of client with id:table: 0x560136295fc0, attempt:3
Jan 03 19:57:22 socket debug ssl handshake of client with id:table: 0x560136295fc0, attempt:4
Jan 03 19:57:22 socket debug ssl handshake of client with id:table: 0x560136295fc0, attempt:5
Jan 03 19:57:22 socket debug ssl handshake of client with id:table: 0x560136295fc0, attempt:6
Jan 03 19:57:22 socket debug ssl handshake done
Jan 03 19:57:22 c2s560136295fc0 debug Client sent opening <stream:stream> to campfire.wheremymonkeyis.at
Jan 03 19:57:22 c2s560136295fc0 debug Sent reply <stream:stream> to client
Jan 03 19:57:22 c2s560136295fc0 debug Received[c2s_unauthed]: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
Jan 03 19:57:22 campfire.wheremymonkeyis.at:auth_ldap2 debug _M.bind - no DN found for username = hook
Jan 03 19:57:22 campfire.wheremymonkeyis.at:saslauth debug sasl reply: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text>Unable to authorize you with the authentication credentials you've sent</text></failure>
Jan 03 19:57:22 c2s560136295fc0 debug Received </stream:stream>
Jan 03 19:57:22 c2s560136295fc0 info c2s stream for <89.142.188.11> closed: session closed
Jan 03 19:57:22 c2s560136295fc0 debug Destroying session for (unknown) ((unknown)@campfire.wheremymonkeyis.at)
Jan 03 19:57:22 socket debug try to close client connection with id: 560136295fc0
Jan 03 19:57:22 socket debug closing delayed until writebuffer is empty
Jan 03 19:57:22 socket debug closing client after writing
Jan 03 19:57:22 socket debug closing client with id: 560136295fc0 client to close
Jan 03 19:57:22 c2s560136295fc0 info Client disconnected: connection closed
Jan 03 19:57:51 c2s56013622d220 debug Handled incoming stanzas: 580
Jan 03 19:57:51 c2s56013622d220 debug Received[c2s]: <iq id='101d4260-b545-4ed6-8fcb-fae89244fdfd' type='get' to='monolith.wheremymonkeyis.at'>
Jan 03 19:57:51 c2s56013622d220 debug Received[c2s]: <r xmlns='urn:xmpp:sm:3'>
Jan 03 19:57:51 c2s56013622d220 debug Received ack request for 580
YunoHost Diagnosis says DNS is fine. Is there anything specific I should be looking for?
One thing that I am doing though is to workaround hairpin NAT by using the router’s DNS to point back any of the domains on the YunoHost server to the local IP of the server. It may be I have not added campfire. to the router’s DNS yet. But that should only be an issue from within the LAN, right?
I did not touch either.
Running a diff /etc/metronome/conf.d/*.wheremymonkeyis.at the two look identical apart from /s/monolith/campfire/
… could it be that YunoHost simply did not create the accounts for Metronome on campfire.?
This is what happens now when I try to log into campfire. using Gajim:
Jan 06 16:36:05 socket debug accepted incoming client connection from: 192.168.88.82 56554 to 5222
Jan 06 16:36:05 c2s55b8b7fb5540 info Client connected
Jan 06 16:36:05 c2s55b8b7fb5540 debug Client sent opening <stream:stream> to campfire.wheremymonkeyis.at
Jan 06 16:36:05 c2s55b8b7fb5540 debug Sent reply <stream:stream> to client
Jan 06 16:36:05 c2s55b8b7fb5540 debug Received[c2s_unauthed]: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
Jan 06 16:36:05 socket debug try to start ssl at client id: 55b8b7fb5540
Jan 06 16:36:05 socket debug ssl session delayed until writebuffer is empty...
Jan 06 16:36:05 c2s55b8b7fb5540 debug TLS negotiation started for c2s_unauthed...
Jan 06 16:36:05 socket debug starting ssl handshake after writing
Jan 06 16:36:05 socket debug starting handshake...
Jan 06 16:36:05 socket debug ssl handshake of client with id:table: 0x55b8b7fb5540, attempt:1
Jan 06 16:36:05 socket debug ssl handshake of client with id:table: 0x55b8b7fb5540, attempt:2
Jan 06 16:36:05 socket debug ssl handshake of client with id:table: 0x55b8b7fb5540, attempt:3
Jan 06 16:36:05 socket debug ssl handshake of client with id:table: 0x55b8b7fb5540, attempt:4
Jan 06 16:36:05 socket debug ssl handshake of client with id:table: 0x55b8b7fb5540, attempt:5
Jan 06 16:36:05 socket debug ssl handshake done
Jan 06 16:36:05 c2s55b8b7fb5540 debug Client sent opening <stream:stream> to campfire.wheremymonkeyis.at
Jan 06 16:36:05 c2s55b8b7fb5540 debug Sent reply <stream:stream> to client
Jan 06 16:36:05 c2s55b8b7fb5540 debug Received[c2s_unauthed]: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
Jan 06 16:36:05 campfire.wheremymonkeyis.at:auth_ldap2 debug _M.bind - no DN found for username = hook
Jan 06 16:36:05 campfire.wheremymonkeyis.at:saslauth debug sasl reply: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text>Unable to authorize you with the authentication credentials you've sent</text></failure>
Jan 06 16:36:05 c2s55b8b7fb5540 debug Received[c2s_unauthed]: <abort xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
Jan 06 16:36:05 c2s55b8b7fb5540 debug Received </stream:stream>
Jan 06 16:36:05 c2s55b8b7fb5540 info c2s stream for <192.168.88.82> closed: session closed
Jan 06 16:36:05 c2s55b8b7fb5540 debug Destroying session for (unknown) ((unknown)@campfire.wheremymonkeyis.at)
Jan 06 16:36:05 socket debug try to close client connection with id: 55b8b7fb5540
Jan 06 16:36:05 socket debug closing delayed until writebuffer is empty
Jan 06 16:36:05 socket debug closing client after writing
Jan 06 16:36:05 socket debug closing client with id: 55b8b7fb5540 client to close
Jan 06 16:36:05 c2s55b8b7fb5540 info Client disconnected: connection closed
I may be wrong, but this part strikes me:
Jan 06 16:36:05 campfire.wheremymonkeyis.at:auth_ldap2 debug _M.bind - no DN found for username = hook
It was! (thanks to Aleks via XMPP for confirming this)
So the solution was in YunoHost WebUI to go to Users ↦ {my_user} ↦ Edit {my_user}’s account and there add an e-mail alias to which JID you actually want to use – in my case this was hook @ campfire.wheremymonkeyis.at
This would need to be done for every user that would want to use that domain as their JID though.
(Honestly, sounds counter-intuitive to me. But at least this is a fix/work-around)