LinkBack URL
About LinkBacks
Senior Member
Zimbra 6.0.5: GetAllMTAAuthUrls returns 7071-ports
Hi everyone!
When I do a zmprov gamau I get:
https://<host1>:7071/service/admin/soap/ https://<host2>:7071/service/admin/soap/
(<host1> and <host2> are replaced with our hostnames)
This breaks my whole sasl configuration. I had to manually set the hosts in the conf.in-file.
Can somebody tell me, why he thinks, that he's supposed to go to the admin-services on 7071?
Thanks in advance.
Kind regards
Dennis
Moderator
Hi Dennis,
I see you are new to the Forums; welcome! Please update your profile with the output of zmcontrol -v.
To your question, perhaps I am misunderstanding it, but Zimbra's intention and design is to have the Admin Console accessible only via https on port 7071.
All the best,
Mark
___________________________________
L. Mark Stone, Managing Member
"Uptime. All the time."®
Ten Years In Business! 2003 - 2013!
477 Congress Street, Suite 812 | Portland, ME 04101 | (207) 772-5678
proactive maintenance and monitoring | technology consulting
Zimbra groupware | cloud hosting | business continuity
Maine's only managed services and cloud hosting provider with a
SOC 2 Type II audit covering Security, Availability and Confidentiality
Senior Member
Hi Mark!
I've been around the forums for some while, but haven actually posted it. But you're right, I've updated my profile.
I think, you misunderstand it. I know, that the admin console is only accessible via https. The problem is, that that connection is wrong for the MTA auth-urls (or at least it's not working here).Originally Posted by LMStone
It should be http://<host1>:80/service/soap (or https://<host1>:443/service/soap when using https), not :7071...
When I manually edit the saslauthd.conf.in and put the right urls in it, saslauth works, with the :7071-connection it doesn't work.
My question is, where Zimbra get's that information to return when doing a zmprov gamau.
Thanks.
Kind regards
Dennis
Release 8.0.2.GA.5569.UBUNTU12.64 UBUNTU12_64 NETWORK edition.
Moderator
On our hosting farm, running zmprov gamua generates a list of all of the servers, separated by spaces, in the same format you show:
Not sure why that breaks things on your end, but at least I can confirm that what you are seeing is correct.Code:https://<server1_fqdn>:7071/service/admin/soap/ https://<server1_fqdn>:7071/service/admin/soap/ https://<server2_fqdn>:7071/service/admin/soap/ https://<server3_fqdn>:7071/service/admin/soap/ https://<server4_fqdn>:7071/service/admin/soap/ https://<server5_fqdn>:7071/service/admin/soap/ https://<server6_fqdn>:7071/service/admin/soap/ https://<server7_fqdn>:7071/service/admin/soap/
Hope that helps,
Mark
___________________________________
L. Mark Stone, Managing Member
"Uptime. All the time."®
Ten Years In Business! 2003 - 2013!
477 Congress Street, Suite 812 | Portland, ME 04101 | (207) 772-5678
proactive maintenance and monitoring | technology consulting
Zimbra groupware | cloud hosting | business continuity
Maine's only managed services and cloud hosting provider with a
SOC 2 Type II audit covering Security, Availability and Confidentiality
Senior Member
That is strange. When I set up the system using the 7071-ports for saslauthd, nobody can do smtp-auth. In the logs all authenticate requests get an error 403...
Can you imagine what's wrong here? How can I debug that further?
Thanks.
Kind regards
Dennis
Release 8.0.2.GA.5569.UBUNTU12.64 UBUNTU12_64 NETWORK edition.
Moderator
What do mean by this? There's no end-user setup of saslauthd required.
Sorry to answer a question with a question, but to help I need to understand better exactly what you have done here.
All the best,
Mark
___________________________________
L. Mark Stone, Managing Member
"Uptime. All the time."®
Ten Years In Business! 2003 - 2013!
477 Congress Street, Suite 812 | Portland, ME 04101 | (207) 772-5678
proactive maintenance and monitoring | technology consulting
Zimbra groupware | cloud hosting | business continuity
Maine's only managed services and cloud hosting provider with a
SOC 2 Type II audit covering Security, Availability and Confidentiality
Senior Member
To clarify:
Zimbra automatically writes saslauthd.conf using the admin-ports like said earlier. When I use this configuration, I see 403-errors in the logs whenever a user tries to do smtp-auth.
When I manually rewrite saslauthd.conf.in to use port 80 and use that config, everything works fine.
You said, that in your configuration, the admin-ports are written in the saslauthd.conf and everything works fine.
I don't understand, why it doesn't work on my side.
Kind regards
Dennis
Release 8.0.2.GA.5569.UBUNTU12.64 UBUNTU12_64 NETWORK edition.
Moderator
So let's start from the beginning...
Did smtp_auth ever work on this server?
Is the server more than a year old?
In the admin console under the MTA tab for this server's configuration, are "Enable authentication" and "TLS authentication only" both checked?
Have you changed anything in the underlying operating system or with Zimbra's default install?
Please also post a log file snippet showing authentication failing.
Mark
___________________________________
L. Mark Stone, Managing Member
"Uptime. All the time."®
Ten Years In Business! 2003 - 2013!
477 Congress Street, Suite 812 | Portland, ME 04101 | (207) 772-5678
proactive maintenance and monitoring | technology consulting
Zimbra groupware | cloud hosting | business continuity
Maine's only managed services and cloud hosting provider with a
SOC 2 Type II audit covering Security, Availability and Confidentiality
Zimbra Employee
Going to the admin port in this case is the correct behavior. Did you block off access to port 7071? It is done to ensure that an https encrypted connection is always made.
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
