new install cannot login to sac or webmail

[marcdm]

Hello everyone, I completed a new install of version 11.4.6 on Debian Lenny (AMD64).

I can't login at all. And I really don't know where to look for a solution. I've tried everything I could find on the forums, but to no avail.

Everything seems to work as expected, but in scalix-caa.log I keep getting :

Code: Select all

ERROR [LDAPHelperUtils.findUser:374] javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
2010-03-08 09:31:29,466  INFO [RESService.authenticateUser:422] ERROR: Unable to find user = sxadmin

Even if I try to use the sxadmin@fqdn. it still fails.

I've tried sxpamauth and that gives me good results. This is my pamcheck file :

Code: Select all

auth   required om_debug
account required om_debug
session required om_debug
password required om_debug

auth     required om_auth nullok
account  required om_auth


And the output :

Code: Select all

mail1:/var/opt/scalix/xr/tomcat/logs# sxpamauth -vvv sxadmin
pam_start_om("pamcheck", "sxadmin")
pam_authenticate()
om_auth: authenticate:
    nullok: yes
    recordbad: no
Scalix password:
om_auth: save non-empty password in PAM_AUTHTOK
pam_acct_mgmt()
om_auth: acct_mgmt
    max_age=-1
    exclude=<default>
    nocheck=<default>
    expiry

Authenticated


Some other outputs that I've seen people ask for :

Code: Select all

mail1:/var/opt/scalix/xr/tomcat/logs# omsearch -e cn=sxadmin -v
S=sxadmin
OU1=xlcrschool
CN=sxadmin
INTERNET-ADDR="sxadmin" <sxadmin@xlcrschool.org>
ENTRY-TYPE=1
UL-AUTHID=sxadmin@xlcrschool.org
UL-CAPS=7
UL-CLASS=Limited
UL-IL=C

#-----------------

mail1:/var/opt/scalix/xr/tomcat/logs# omshowu sxadmin
Authentication ID: sxadmin@xlcrschool.org
Globally Unique ID: 15000000599e49b4-81.6.02.271
User Name : sxadmin /CN=sxadmin
MailNode : xlcrschool
Internet Address : "sxadmin" <sxadmin@xlcrschool.org>
System Login : 8000
Password : set
Admin Capabilities : YES
Mailbox Admin Capabilities : NO
Language : C
Mail Account: Unlocked
Last Signon : Never.
Receipt of mail : ENABLED
Service level : 0
Excluded from Tidyall : NO
Recovery Folder visible : NO
User Class : Limited
SIS URL : sxidx://mail1.xlcr/05000000599e49b4-81.6.02.271


Can anyone give me a clue as to why I can't login? Or can someone tell me how to enable some more logs (some debugging) so I can at least try to solve this.

I can't login to webmail nor sac.

[marcdm]

Then I took a break, and executed :

Code: Select all

echo "sxqueryadmin-password" > scalix.res/config/psdata

and now I can login with sxadmin@fqdn.

just now to find out how to login without the @fqdn part.

[les]

just now to find out how to login without the @fqdn part.

To do this globally....

login to sac -> settings -> Mailserver: <mailservername> -> untick "Add domain to authentication id" -> save changes.

From memory, already added accounts like sxadmin might have an authid which still includes the domain. To check...

login to sac, go to the sxadmin user - advanced and check/change the authetication id if necessary.

p.s. the authid is case sensitive.

[marcdm]

yeah, sxadmin has the @fqdn as part of his auth-id. I created another admin user named sysadmin that can login to SAC quite fine without the domain part.

The problem now is that I cannot login to webmail as any user.

I've checked log after log, but the only thing I can see is in tomcat/logs/scalix-swa.log :

Code: Select all

2010-03-09 07:49:18,463 DEBUG [AbstractBeanFactory.getBean:203] Returning cached instance of singleton bean 'platformLocator'
2010-03-09 07:49:18,677 DEBUG [HttpRequestHandler.sendResponse:300] ip: (ip unavailable); username: sysadmin; message: <SOAP-ENV:Fault><faultcode>SOAP-ENV:CLIENT.BadUserName</faultcode><faultstring>The username or password is incorrect. Note that passwords are case sensitive. Try again.</faultstring><detail><e:BadUserName xmlns:e="http://scalix.com/errors"><message>The username or password is incorrect. Note that passwords are case sensitive. Try again.</message><debug>user: sysadmin
request method(s): login
XML:
&lt;?xml version="1.0" encoding="UTF-8"?&gt;
&lt;SOAP-ENV:Envelope SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"&gt;&lt;SOAP-ENV:Header&gt;&lt;credentials xmlns="http://scalix.com/schemas/gofish" SOAP-ENV:mustUnderstand="1"&gt;&lt;username xmlns=""&gt;sysadmin&lt;/username&gt;&lt;emailDomain xmlns=""&gt;xlcrschool.org&lt;/emailDomain&gt;&lt;fugu xmlns=""&gt;Ox7b6b6679326a3e6f2c263327272c2e2231303208&lt;/fugu&gt;&lt;ts xmlns=""&gt;0&lt;/ts&gt;&lt;/credentials&gt;&lt;/SOAP-ENV:Header&gt;&lt;SOAP-ENV:Body&gt;&lt;m:login xmlns:m="http://scalix.com/methods"/&gt;&lt;/SOAP-ENV:Body&gt;&lt;/SOAP-ENV:Envelope&gt;</debug></e:BadUserName></detail></SOAP-ENV:Fault>
2010-03-09 07:49:18,678 DEBUG [Log4jNestedDiagnosticContextFilter.afterRequest:75] After request [/webmail/jsoap?module=account]
2010-03-09 07:49:26,606 DEBUG [Log4jNestedDiagnosticContextFilter.beforeRequest:52] Before request [/webmail/jsoap?module=account]
2010-03-09 07:49:26,606 DEBUG [SoapServlet.logRequest:56] ip: (ip unavailable); username: (username unavailable); message: HTTP Request received: /webmail/jsoapmodule=account
2010-03-09 07:49:26,607 DEBUG [AbstractAutowireCapableBeanFactory.createBean:344] Creating instance of bean 'httpRequestHandler' with merged definition [Root bean: class [com.oddpost.server.HttpRequestHandler]; scope=prototype; abstract=false; lazyInit=false; autowireCandidate=true; autowireMode=0; dependencyCheck=0; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in ServletContext resource [/WEB-INF/applicationContext.xml]]
2010-03-09 07:49:26,608 DEBUG [AbstractAutowireCapableBeanFactory.createBean:344] Creating instance of bean 'account' with merged definition [Root bean: class [com.oddpost.server.module.Account]; scope=prototype; abstract=false; lazyInit=false; autowireCandidate=true; autowireMode=0; dependencyCheck=0; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in ServletContext resource [/WEB-INF/applicationContext.xml]]
2010-03-09 07:49:26,609 DEBUG [AbstractAutowireCapableBeanFactory.createBean:344] Creating instance of bean 'contacts' with merged definition [Root bean: class [com.oddpost.server.module.Contacts]; scope=prototype; abstract=false; lazyInit=false; autowireCandidate=true; autowireMode=0; dependencyCheck=0; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in ServletContext resource [/WEB-INF/applicationContext.xml]]
2010-03-09 07:49:26,609 DEBUG [AbstractAutowireCapableBeanFactory.createBean:344] Creating instance of bean 'calendar' with merged definition [Root bean: class [com.oddpost.server.module.Calendar]; scope=prototype; abstract=false; lazyInit=false; autowireCandidate=true; autowireMode=0; dependencyCheck=0; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in ServletContext resource [/WEB-INF/applicationContext.xml]]
2010-03-09 07:49:26,610 DEBUG [AbstractAutowireCapableBeanFactory.createBean:344] Creating instance of bean 'soapmail' with merged definition [Root bean: class [com.oddpost.server.module.SoapMail]; scope=prototype; abstract=false; lazyInit=false; autowireCandidate=true; autowireMode=0; dependencyCheck=0; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in ServletContext resource [/WEB-INF/applicationContext.xml]]
2010-03-09 07:49:26,610 DEBUG [AbstractBeanFactory.getBean:203] Returning cached instance of singleton bean 'remotelog'
2010-03-09 07:49:26,611 DEBUG [AbstractBeanFactory.getBean:203] Returning cached instance of singleton bean 'ping'
2010-03-09 07:49:26,611 DEBUG [AbstractBeanFactory.getBean:203] Returning cached instance of singleton bean 'soapAuth'
2010-03-09 07:49:26,612 DEBUG [AbstractAutowireCapableBeanFactory.createBean:344] Creating instance of bean 'com.oddpost.xml.NamespaceMap#2773a64a' with merged definition [Root bean: class [com.oddpost.xml.NamespaceMap]; scope=prototype; abstract=false; lazyInit=false; autowireCandidate=true; autowireMode=0; dependencyCheck=0; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in ServletContext resource [/WEB-INF/applicationContext.xml]]
2010-03-09 07:49:26,675 DEBUG [HttpRequestHandler.sendResponse:300] ip: (ip unavailable); username: sysadmin; message: <SOAP-ENV:Fault><faultcode>SOAP-ENV:CLIENT.BadUserName</faultcode><faultstring>The username or password is incorrect. Note that passwords are case sensitive. Try again.</faultstring><detail><e:BadUserName xmlns:e="http://scalix.com/errors"><message>The username or password is incorrect. Note that passwords are case sensitive. Try again.</message><debug>user: sysadmin
request method(s): login
XML:
&lt;?xml version="1.0" encoding="UTF-8"?&gt;
&lt;SOAP-ENV:Envelope SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"&gt;&lt;SOAP-ENV:Header&gt;&lt;credentials xmlns="http://scalix.com/schemas/gofish" SOAP-ENV:mustUnderstand="1"&gt;&lt;username xmlns=""&gt;sysadmin&lt;/username&gt;&lt;emailDomain xmlns=""&gt;xlcrschool.org&lt;/emailDomain&gt;&lt;fugu xmlns=""&gt;a159b7ae81ba3552af61e9731b20870515944538&lt;/fugu&gt;&lt;ts xmlns=""&gt;0&lt;/ts&gt;&lt;/credentials&gt;&lt;/SOAP-ENV:Header&gt;&lt;SOAP-ENV:Body&gt;&lt;m:login xmlns:m="http://scalix.com/methods"/&gt;&lt;/SOAP-ENV:Body&gt;&lt;/SOAP-ENV:Envelope&gt;</debug></e:BadUserName></detail></SOAP-ENV:Fault>
2010-03-09 07:49:26,675 DEBUG [Log4jNestedDiagnosticContextFilter.afterRequest:75] After request [/webmail/jsoap?module=account]
2010-03-09 07:49:46,525 DEBUG [ManagerBase.processExpires:677] Start expire sessions StandardManager at 1268138986524 sessioncount 1
2010-03-09 07:49:46,525 DEBUG [ManagerBase.processExpires:685] End expire sessions StandardManager processingTime 1 expired sessions: 0
2010-03-09 07:50:46,570 DEBUG [ManagerBase.processExpires:677] Start expire sessions StandardManager at 1268139046570 sessioncount 1
2010-03-09 07:50:46,571 DEBUG [ManagerBase.processExpires:685] End expire sessions StandardManager processingTime 1 expired sessions: 0
2010-03-09 07:51:46,597 DEBUG [ManagerBase.processExpires:677] Start expire sessions StandardManager at 1268139106596 sessioncount 1
2010-03-09 07:51:46,597 DEBUG [ManagerBase.processExpires:685] End expire sessions StandardManager processingTime 1 expired sessions: 0
2010-03-09 07:52:46,629 DEBUG [ManagerBase.processExpires:677] Start expire sessions StandardManager at 1268139166629 sessioncount 1
2010-03-09 07:52:46,630 DEBUG [ManagerBase.processExpires:685] End expire sessions StandardManager processingTime 1 expired sessions: 0

Which seems to only indicate that the password is incorrect. But I can login to SAC with that same password. sxpamauth also still works fine. And, I can't login to imap either.

Any ideas or suggestions?

[les]

Which seems to only indicate that the password is incorrect. But I can login to SAC with that same password. sxpamauth also still works fine. And, I can't login to imap either.

Any ideas or suggestions?

Try accessing via pop3 with the same user/password. At least you'll know if its an imap problem or a scalix problem.

I'd restart scalix and scalix-tomcat anyway and verify that the user account authid is correct (case and whether it has the domain appended).

[marcdm]

I just tested, and POP3 and SMTP does indeed work.
It's just the SWA and imap it seems that's not letting me in.

Still trying to figure where to look.

[les]

I just tested, and POP3 and SMTP does indeed work.
It's just the SWA and imap it seems that's not letting me in.

Still trying to figure where to look.

swa uses imap which is why neither works.

Did you restart the services?

What happens if you create a completely new user via sac. Can that user login on swa/imap?

Its not likely as you have a new server and it doesn't sound like you're user accounts have been able to login via imap/swa, but resetting imap-cache may be necessary. See here........http://www.scalix.com/wiki/index.php?title=HowTos/AdminScripts#reset_the_imap-cache_for_a_mailbox

There is some good diagnostics info here which should help you also.....

http://www.scalix.com/wiki/index.php?title=Diagnostics

[marcdm]

Thanks a lot Les. Those Diagnostics tips were really helpful.

I was able to track down the problem to being an IMAPD AUTH capability issue. This meant that my sasl libraries were out of whack.

Sure enough, the links in /opt/scalix/lib/security/ were pointing to the 64bit libs in /usr/lib/sasl2/
I downloaded the 32bit version of sasl2-modules : libsasl2-modules_2.1.22.dfsg1-23+lenny1_i386.deb
Then placed the modules in /emul/ia32-linux/ using :

Code: Select all

dpkg -X libsasl2-modules_2.1.22.dfsg1-23+lenny1_i386.deb /emul/ia32-linux/
# then run
ldconfig

Now I can login to SWA and imap and sac. There are more issues to solve, but I think I'm well on my way. Just now to go configure the smarthost and external ldap auth. Yipeee