[ZendTo] Authentication Error - The username or password was incorrect
Jules
Jules at Zend.To
Wed Jul 22 09:50:47 BST 2020
Marlon,
On 21/07/2020 20:55, Marlon Deerr wrote:
>
> Hey Jules,
>
> Here is a portion of what was displayed after my attempt to re-send
> the dropoff. It failed (obviously), but I’m not sure why it is.
>
> 2020-07-21 16:51:21 CLIENT -> SERVER: STARTTLS
>
> 2020-07-21 16:51:21 SERVER -> CLIENT: 220 2.0.0 SMTP server ready
>
> SMTP Error: Could not connect to SMTP host.
>
> 2020-07-21 16:51:21 CLIENT -> SERVER: QUIT
>
> 2020-07-21 16:51:21 SERVER -> CLIENT:
>
> 2020-07-21 16:51:21 SMTP ERROR: QUIT command failed:
>
> SMTP connect() failed. Sta
>
You are doing TLS encryption over the connection (well, trying to). The
TLS handshake is failing.
Set the port number to 25 (as you did with your telnet session), and
switch off any encryption and switch off the username/password as well,
all in preferences.php.
Basically set it as simply as you can, using no more than what you gave
the telnet session.
> *_What I have done to troubleshoot_*
>
> *__*
>
> 1.Tried setting the SMTP port within preferences to 25, 465 & 587 –
> failed on each re-send
>
> 2.Opened a PowerShell prompt opened a telnet session to our mail
> server (on port 25) – success
>
> 3.Sent a simple email from myself to myself – success (my Outlook
> client received it right away)
>
> 4.Sent another simple test email but this time from another email
> address to myself - success
>
Check that you can send an email from yourself to someone outside your
organization, too.
> This tells me that technically I can connect to the server and send
> emails. Not sure why ZendTo is failing to connect.
>
>
> Marlon Deerr, Technology Manager
> 416-572-8795(direct) | MDeerr at hshlawyers.com
> <mailto:MDeerr at hshlawyers.com>
> <https://www.hshlawyers.com>
> <https://www.linkedin.com/company/howie-sacks-&-henry-llp---personal-injury-law/>
> <https://twitter.com/hshlawyers>
> <https://www.facebook.com/HSHPersonalInjuryLawyers/>
> <https://www.youtube.com/user/hshlawyers> 3500 - 20 Queen St. W.,
> Toronto, ON M5H 3R3
> Fax: 416-361-0083 | Toll Free: 877-474-5997 | www.hshlawyers.com
> <https://www.hshlawyers.com>
>
>
> This Howie Sacks & Henry e-mail is privileged, confidential and
> subject to copyright. Any unauthorized use or disclosure is prohibited.
>
>
>
> *From:* Jules [mailto:Jules at Zend.To]
> *Sent:* Tuesday, July 21, 2020 7:41 AM
> *To:* Marlon Deerr <MDeerr at hshlawyers.com>
> *Subject:* Re: [ZendTo] Authentication Error - The username or
> password was incorrect
>
> On 21/07/2020 12:32, Marlon Deerr wrote:
>
> You did the trick Jules. Removing “ldaps://” <ldaps://”> from
> hostname of the authLDAPSServers1 value worked. I thought that it
> was supposed to be there so I never even thought to remove that.
>
> Yay! You need to add the ldaps:// <ldaps://> when you are encrypting
> all the traffic to your AD server. Which you're not. In which case it
> just wants the hostname and nothing else.
>
>
> Now I just need to work on getting SMTP working. I was working on
> one problem at a time.
>
> There's a slightly curious but effective way of debugging this setup...
> Send yourself (or a test account) a drop-off.
> Through your ZendTo Outbox, view the drop-off.
> Edit preferences.php to set
> 'SMTPdebug' => true,
> (it's normally set to false, it will be near the bottom of the SMTP
> settings in preferences.php).
> Click on the "Resend Dropoff" button on the web page.
> You will see the entire SMTP conversation happen on the web page output.
> It often only stays there for a few seconds, so you might want to be
> ready with whatever keys you need to take a screenshot!
>
> Fix the problems and get the "Resend Dropoff" debug output looking
> right. You should see some "OK" type messages.
>
> Then reset
> 'SMTPdebug' => false,
> before trying anything else, such as creating a new drop-off.
> Having that 'SMTPdebug'set to true will break the new drop-off process.
>
> It's usually fairly straightforward to fix. Feel free to send me a
> screenshot or two if you can't see what's wrong (I've had 30 years
> experience running enterprise email systems, so what's easy/obvious to
> me may well not be to you. Sorry about that!).
>
> Cheers,
> Jules.
>
>
>
>
> Thanks so much for your assistance.
>
> *Marlon Deerr*, *Technology Manager*
> 416-572-8795(direct)| MDeerr at hshlawyers.com
> <mailto:MDeerr at hshlawyers.com>
> <https://www.hshlawyers.com>
>
> <https://www.linkedin.com/company/howie-sacks-&-henry-llp---personal-injury-law/>
> <https://twitter.com/hshlawyers>
> <https://www.facebook.com/HSHPersonalInjuryLawyers/>
> <https://www.youtube.com/user/hshlawyers>
>
>
>
> 3500 - 20 Queen St. W., Toronto, ON M5H 3R3
> Fax: 416-361-0083 | Toll Free: 877-474-5997| www.hshlawyers.com
> <https://www.hshlawyers.com>
>
> This Howie Sacks & Henry e-mail is privileged, confidential and
> subject to copyright. Any unauthorized use or disclosure is
> prohibited.
>
> *From:* Jules [mailto:Jules at Zend.To <mailto:Jules at Zend.To>]
> *Sent:* Tuesday, July 21, 2020 4:02 AM
> *To:* Marlon Deerr <MDeerr at hshlawyers.com>
> <mailto:MDeerr at hshlawyers.com>
> *Subject:* Re: [ZendTo] Authentication Error - The username or
> password was incorrect
>
> Marlon,
>
> Try changing this setting to the one below:
> 'authLDAPServers1' => array('hsh-dc.hsh.local'),
> What I've done is remove the "ldaps://" <ldaps://> from the
> hostname of the authLDAPServers1 value.
>
> If that doesn't fix it, can you send me the exact ldapsearch
> command you used that worked?
>
> Cheers,
> Jules.
>
>
> On 20/07/2020 20:52, Marlon Deerr wrote:
>
> Hello Jules,
>
> Thank you for following up on this issue I’m experiencing. To
> answer your question, yes, I meant to refer to my AD server
> not DNS. As for the ldapsearch utility, yes I am able to
> successfully show my details when I insert the correct values
> in the command. Also, as requested, I have copy/pasted the
> LDAP section of my preferences.php file for you to take a look at.
>
> Hopefully, you see something I’m missing.
>
> *Marlon Deerr*, *Technology Manager*
> 416-572-8795(direct)| MDeerr at hshlawyers.com
> <mailto:MDeerr at hshlawyers.com>
> <https://www.hshlawyers.com>
>
> <https://www.linkedin.com/company/howie-sacks-&-henry-llp---personal-injury-law/>
> <https://twitter.com/hshlawyers>
> <https://www.facebook.com/HSHPersonalInjuryLawyers/>
> <https://www.youtube.com/user/hshlawyers>
>
>
>
> 3500 - 20 Queen St. W., Toronto, ON M5H 3R3
> Fax: 416-361-0083 | Toll Free: 877-474-5997|
> www.hshlawyers.com <https://www.hshlawyers.com>
>
> This Howie Sacks & Henry e-mail is privileged, confidential
> and subject to copyright. Any unauthorized use or disclosure
> is prohibited.
>
> *From:* Jules [mailto:Jules at Zend.To <mailto:Jules at Zend.To>]
> *Sent:* Saturday, July 18, 2020 8:03 AM
> *To:* Marlon Deerr <MDeerr at hshlawyers.com>
> <mailto:MDeerr at hshlawyers.com>
> *Subject:* Re: [ZendTo] Authentication Error - The username or
> password was incorrect
>
> Marlon,
>
> On 17/07/2020 22:54, Marlon Deerr wrote:
>
> Jules,
>
> No, I didn’t type in < and > characters. I only did that
> to not show real usernames on my end. So to be clear, no
> I did not type in those characters as part of the username
> when using the /opt/zendto/bin/adduser command. As for
> certificates, I’m not sure as our DNS server
>
> I assume you mean your AD server, not your DNS server. DNS
> should have no impact on this at all.
>
>
>
>
> is actually managed by our MSP. With that said, when I do
> run the openssl command, I get the below output.
>
> That looks like they're not running any encryption on your AD
> traffic. Okay, but Microsoft are going to mandate encryption
> on AD traffic very soon. But in the mean time, you should be
> okay using it unencrypted.
>
> On zend.to/activedirectory, read section 2 and there is an
> ldapsearch command. Replacing the necessary bits of that, can
> you get it to show you your details?
>
> If you can send me your AD settings from preferences.php (all
> the LDAP settings whose names end in 1, 2 or 3), I can take a
> look and suggest an ldapsearch command that should work if
> your settings are correct.
>
>
>
>
> As for the log file at /var/log/zendto/zendto.log, if it
> says Warning: authorization failed for username, does that
> mean it wasn’t able to read from our AD Server. Not sure
> how to interpret that because before I ran the upgrade
> command after applying the latest patch, it seemed as
> though it was able to read from AD. Now I’m not sure
> what’s going on.
>
> It probably did manage to connect to your AD server, but
> couldn't get any further.
>
>
>
>
> _Output for _*_openssl s_client -connect
> your-ad-server.company.com:636_*
>
> From this output, it looks like you're running AD unencrypted.
>
> Cheers,
> Jules.
>
>
>
>
> CONNECTED(00000003)
>
> write:errno=104
>
> ---
>
> no peer certificate available
>
> ---
>
> No client certificate CA names sent
>
> ---
>
> SSL handshake has read 0 bytes and written 283 bytes
>
> Verification: OK
>
> ---
>
> New, (NONE), Cipher is (NONE)
>
> Secure Renegotiation IS NOT supported
>
> Compression: NONE
>
> Expansion: NONE
>
> No ALPN negotiated
>
> Early data was not sent
>
> Verify return code: 0 (ok)
>
> *Marlon Deerr*, *Technology Manager*
> 416-572-8795(direct)| MDeerr at hshlawyers.com
> <mailto:MDeerr at hshlawyers.com>
> <https://www.hshlawyers.com>
>
> <https://www.linkedin.com/company/howie-sacks-&-henry-llp---personal-injury-law/>
> <https://twitter.com/hshlawyers>
> <https://www.facebook.com/HSHPersonalInjuryLawyers/>
> <https://www.youtube.com/user/hshlawyers>
>
>
>
> 3500 - 20 Queen St. W., Toronto, ON M5H 3R3
> Fax: 416-361-0083 | Toll Free: 877-474-5997|
> www.hshlawyers.com <https://www.hshlawyers.com>
>
> This Howie Sacks & Henry e-mail is privileged,
> confidential and subject to copyright. Any unauthorized
> use or disclosure is prohibited.
>
> *From:* Jules [mailto:Jules at Zend.To <mailto:Jules at Zend.To>]
> *Sent:* Wednesday, July 15, 2020 12:35 PM
> *To:* Marlon Deerr <MDeerr at hshlawyers.com>
> <mailto:MDeerr at hshlawyers.com>; ZendTo Users
> <zendto at zend.to> <mailto:zendto at zend.to>
> *Subject:* Re: [ZendTo] Authentication Error - The
> username or password was incorrect
>
> Are you actually seeing the < and > characters?
> You didn't actually type those into the
> /opt/zendto/bin/adduser command, did you?
>
> Have a read of the AD troubleshooting steps on
> zend.to/activedirectory
>
> Do you know if you're running with a locally-signed
> certificate on your AD servers?
>
> Assuming you have the hostname and port number (636
> usually) of your AD server, try
> *openssl s_client -connect your-ad-server.company.com:636*
>
> That will show you the initial SSL/TLS handshake involving
> all the certificates.
> You'll need to Ctrl-C it at the end, but what it prints
> out should be very useful so you can see exactly what is
> using which certs.
>
> Hope that helps,
> Jules.
>
> On 15/07/2020 16:50, Marlon Deerr wrote:
>
> OK, my user seems to be unlocked now but now I am
> getting the following errors below. I must be missing
> something else in my setup:
>
> Warning: admin authorization failed for <username1>
>
> And for other users I still get the following error:
>
> Warning: authorization failed for <username2>
>
> Note: I believe I added <username1> as an admin.
>
> *Marlon Deerr*, *Technology Manager*
> 416-572-8795(direct)| MDeerr at hshlawyers.com
> <mailto:MDeerr at hshlawyers.com>
> <https://www.hshlawyers.com>
>
> <https://www.linkedin.com/company/howie-sacks-&-henry-llp---personal-injury-law/>
> <https://twitter.com/hshlawyers>
> <https://www.facebook.com/HSHPersonalInjuryLawyers/>
> <https://www.youtube.com/user/hshlawyers>
>
>
>
> 3500 - 20 Queen St. W., Toronto, ON M5H 3R3
> Fax: 416-361-0083 | Toll Free: 877-474-5997|
> www.hshlawyers.com <https://www.hshlawyers.com>
>
> This Howie Sacks & Henry e-mail is privileged,
> confidential and subject to copyright. Any
> unauthorized use or disclosure is prohibited.
>
> *From:* Jules [mailto:Jules at Zend.To
> <mailto:Jules at Zend.To>]
> *Sent:* Wednesday, July 15, 2020 7:09 AM
> *To:* ZendTo Users <zendto at zend.to>
> <mailto:zendto at zend.to>
> *Cc:* Marlon Deerr <MDeerr at hshlawyers.com>
> <mailto:MDeerr at hshlawyers.com>
> *Subject:* Re: [ZendTo] Authentication Error - The
> username or password was incorrect
>
> Marlon,
>
> The crucial bit in the log is the "locked-out user" bit.
>
> ZendTo has a security feature in it to stop it being
> used as a method of brute-force attacking your
> accounts from outside.
> If the same user has several failed logins in a row,
> that user is locked out for the next 24 hours by default.
>
> If you can login as an admin user, one of the extra
> admin red buttons shows you the locked out users and
> lets you reset them.
>
> Alternatively, you can unlock all locked users from
> the command line with
> /opt/zendto/bin/unlockuser -a
>
> Cheers,
> Jules.
>
> On 14/07/2020 18:45, Marlon Deerr via ZendTo wrote:
>
> Ok, so I think I finally (or almost finally) got
> my AD authentication settings correct. I have
> installed the ldapsearch utility to confirm that
> I’m able to successful search the OU where my
> users reside, however when I attempt to log in
> with a valid user, ZendTo keeps erroring with:
>
> Authentication Error
>
> The username or password was incorrect
>
> I checked the /var/log/zendto/zendto.log and it
> says the following:
>
> “….Warning: authorization attempt for locked-out
> user <username1>
>
> Then when I try logging in as another user, I see
> the following in the log
>
> “…Warning: authorization failed for <username2>
>
> I know that I have both username/password correct
> so I must be missing something. Anyone know what
> setting I may have applied incorrectly?
>
>
>
>
>
>
>
> _______________________________________________
>
> ZendTo mailing list
>
> ZendTo at zend.to <mailto:ZendTo at zend.to>
>
> http://jul.es/mailman/listinfo/zendto <http://jul.es/mailman/listinfo/zendto>
>
>
>
>
>
>
>
> Jules
>
>
>
> --
>
> Julian Field MEng CEng CITP MBCS MIEEE MACM
>
>
>
> 'When a man points a finger at someone else, he should remember
>
> that four of his fingers are pointing at himself.' - Louis Nizer
>
>
>
> www.Zend.To <http://www.Zend.To>
>
> Twitter: @JulesFM
>
>
>
>
>
>
> Jules
>
>
>
> --
>
> Julian Field MEng CEng CITP MBCS MIEEE MACM
>
>
>
> 'There is silent poetry in the stillness of morning;
>
> in the calm, the cries & sighs of life sound like gentle music.'
>
> - @Astro_Wheels
>
>
>
> www.Zend.To <http://www.Zend.To>
>
> Twitter: @JulesFM
>
>
>
>
>
> Jules
>
>
>
> --
>
> Julian Field MEng CEng CITP MBCS MIEEE MACM
>
>
>
> The current UK shipping forecast:
>
> South Utsire, Forties: Southwesterly veering westerly 3 or 4. Mainly moderate.
>
> Rain at first. Moderate or poor, becoming good.
>
>
>
> www.Zend.To <http://www.Zend.To>
>
> Twitter: @JulesFM
>
>
>
>
> Jules
>
>
>
> --
>
> Julian Field MEng CEng CITP MBCS MIEEE MACM
>
>
>
> 'Every morning when I wake,
>
> Dear Lord, a little prayer I make,
>
> O please do keep Thy lovely eye
>
> On all poor creatures born to die
>
>
>
> And every evening at sun-down
>
> I ask a blessing on the town,
>
> For whether we last the night or no
>
> I'm sure is always touch-and-go.
>
>
>
> We are not wholly bad or good
>
> Who live our lives under Milk Wood,
>
> And Thou, I know, wilt be the first
>
> To see our best side, not our worst.
>
>
>
> O let us see another day!
>
> Bless us all this night, I pray,
>
> And to the sun we all will bow
>
> And say, good-bye - but just for now!'
>
> - Dylan Thomas
>
>
>
> www.Zend.To <http://www.Zend.To>
>
> Twitter: @JulesFM
>
>
>
> Jules
> --
> Julian Field MEng CEng CITP MBCS MIEEE MACM
> 'All programs have a desire to be useful' - Tron, 1982
> www.Zend.To <http://www.Zend.To>
> Twitter: @JulesFM
Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
'Intelligence is quickness to apprehend as distinct from ability,
which is capacity to act wisely on the thing apprehended.'
- Alfred North Whitehead
www.Zend.To
Twitter: @JulesFM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20200722/acd18e71/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: imagee5148c.JPG
Type: image/jpeg
Size: 125353 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200722/acd18e71/attachment-0005.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image68fc40.JPG
Type: image/jpeg
Size: 7976 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200722/acd18e71/attachment-0006.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image1bceaa.JPG
Type: image/jpeg
Size: 7843 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200722/acd18e71/attachment-0007.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image9de8c6.JPG
Type: image/jpeg
Size: 7268 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200722/acd18e71/attachment-0008.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image163859.JPG
Type: image/jpeg
Size: 7059 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200722/acd18e71/attachment-0009.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 12435 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200722/acd18e71/attachment-0010.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 777 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200722/acd18e71/attachment-0011.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 768 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200722/acd18e71/attachment-0012.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.jpg
Type: image/jpeg
Size: 756 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200722/acd18e71/attachment-0013.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image010.jpg
Type: image/jpeg
Size: 752 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200722/acd18e71/attachment-0014.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image011.jpg
Type: image/jpeg
Size: 12435 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200722/acd18e71/attachment-0015.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image012.jpg
Type: image/jpeg
Size: 777 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200722/acd18e71/attachment-0016.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image013.jpg
Type: image/jpeg
Size: 768 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200722/acd18e71/attachment-0017.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image014.jpg
Type: image/jpeg
Size: 756 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200722/acd18e71/attachment-0018.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image015.jpg
Type: image/jpeg
Size: 752 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20200722/acd18e71/attachment-0019.jpg>
More information about the ZendTo
mailing list