[Synapse] New install, can't login with Element, can't set up cross-signing/encryption

My YunoHost server

Hardware: Old laptop or computer - Proxmox LXC container
YunoHost version: 11.0.9.14
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hi Everyone, I hope you’re having a fantastic day :smile:

After installing Synapse, I am unable to login as an existing user or as a new testuser I created. Here is an excerpt from the log showing that the user does not exist in the matrix database.

2022-09-09 10:05:10,236 - synapse.rest.client.login - 283 - INFO - POST-5010- Got login request with identifier: {'type': 'm.id.user', 'user': 'testuser'}, medium: None, address: None, user: None
2022-09-09 10:05:10,239 - synapse.storage.database - 845 - WARNING - sentinel- Starting db txn 'get_users_by_id_case_insensitive' from sentinel context
2022-09-09 10:05:10,240 - synapse.storage.database - 910 - WARNING - sentinel- Starting db connection from sentinel context: metrics will be lost
2022-09-09 10:05:10,241 - synapse.handlers.auth - 1028 - WARNING - sentinel- Attempted to login as @testuser:schmidthaus.rocks but they do not exist
2022-09-09 10:05:10,241 - synapse.http.server - 169 - INFO - sentinel- <XForwardedForRequest at 0x7fb02c350970 method='POST' uri='/_matrix/client/r0/login' clientproto='HTTP/1.0' site='8008'> SynapseError: 403 - Invalid username or password
2022-09-09 10:05:10,241 - synapse.logging.context - 960 - WARNING - sentinel- Calling defer_to_threadpool from sentinel context: metrics will be lost
2022-09-09 10:05:10,242 - synapse.access.http.8008 - 450 - INFO - POST-5010- 192.168.1.1 - 8008 - {None} Processed request: 0.005sec/0.000sec (0.001sec, 0.000sec) (0.000sec/0.000sec/0) 64B 403 "POST /_matrix/client/r0/login HTTP/1.0" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Element/1.11.4 Chrome/104.0.5112.81 Electron/20.0.3 Safari/537.36" [0 dbevts]

What else can I look at to check for the problem? It seems that synapse is not checking the ldap user database.

Thanks :slight_smile:

[update]

I just tried uninstalling the app, removing the /home/yunohost.app/matrix-synapse directory and reinstalling synapse.

Here is the install log.

https://paste.yunohost.org/raw/owacebopoh

[update]

Following the guide here GitHub - matrix-org/matrix-synapse-ldap3: An LDAP3 auth provider for Synapse I adjusted the logging level for ldap. Here is an excerpt of an attempted login.

2022-09-09 13:10:38,007 - synapse.rest.client.login - 283 - INFO - POST-7- Got login request with identifier: {'type': 'm.id.user', 'user': 'testuser'}, medium: None, address: None, user: None
2022-09-09 13:10:38,007 - ldap_auth_provider - 138 - DEBUG -  POST-7- Attempting LDAP connection with ['ldap://localhost']
2022-09-09 13:10:38,008 - ldap_auth_provider - 518 - DEBUG - sentinel- Established LDAP connection in simple bind mode: ldap://localhost:389 - cleartext - user: synapse - not lazy - unbound - closed - <no socket> - tls not started - not listening - SyncStrategy - internal decoder
2022-09-09 13:10:38,010 - ldap_auth_provider - 535 - INFO - sentinel- Binding against LDAP failed for 'synapse' failed: invalidDNSyntax
2022-09-09 13:10:38,010 - ldap_auth_provider - 161 - DEBUG - sentinel- LDAP auth method authenticated search returned: False (conn: None)
2022-09-09 13:10:38,010 - synapse.storage.database - 845 - WARNING - sentinel- Starting db txn 'get_users_by_id_case_insensitive' from sentinel context
2022-09-09 13:10:38,010 - synapse.storage.database - 910 - WARNING - sentinel- Starting db connection from sentinel context: metrics will be lost
2022-09-09 13:10:38,012 - synapse.handlers.auth - 1028 - WARNING - sentinel- Attempted to login as @testuser:example.com but they do not exist
2022-09-09 13:10:38,012 - synapse.http.server - 169 - INFO - sentinel <XForwardedForRequest at 0x7f77a4633c40 method='POST' uri='/_matrix/client/r0/login' clientproto='HTTP/1.0' site='8008'> SynapseError: 403 - Invalid username or password
2022-09-09 13:10:38,013 - synapse.logging.context - 960 - WARNING - sentinel- Calling defer_to_threadpool from sentinel context: metrics will be lost
2022-09-09 13:10:38,013 - synapse.access.http.8008 - 450 - INFO - POST-7- 184.151.230.4 - 8008 - {None} Processed request: 0.006sec/0.000sec (0.002sec, 0.000sec) (0.000sec/0.000sec/0) 64B 403 "POST /_matrix/client/r0/login HTTP/1.0" "Element/1.4.34 (Linux; U; Android 12; Pixel 6 Build/SQ3A.220705.003.A; Flavour FDroid; MatrixAndroidSdk2 1.4.34)" [0 dbevts]
2022-09-09 13:10:38,866 - twisted - 274 - INFO - sentinel- Timing out client: IPv6Address(type='TCP', host='::ffff:92.27.70.80', port=59766, flowInfo=0, scopeID=0)

Looks like the LDAP auth provider is not connecting properly. invalidDNSyntax

Hi, cant help you with the logs, but maybe you can get some help from - https://federationtester.matrix.org/

1 Like

Thank you, I haven’t seen that before. It doesn’t help with my issue although it did confirm that my server is federated :blush:

1 Like

The solution is to use the “Continue with CAS” option. Do not use “Sign In” (Element Desktop on Linux) or “Next” (Android).

Thank you for this amazing self-hosting platform! I love it :smiley:

[update]

While this solved signing in, I am unable to set up cross-signing because using the CAS option means Element doesn’t know my password. Element asks for my password at the last step in setting up cross-signing. I put in my user’s yunohost password and it keeps telling me it is incorrect.

The temporary solution here works to use the regular sign in button. Cross-signing works as well! Thank you thardev :blush:

i have no continue with cas button

Please look through the link in my previous post marked as the solution. It describes how to fix the sign-in.