Federation & MUC

Hi all,

We’ve had an Openfire server setup for a little over a year now, and it’s generally worked quite well for us. We’re now at a point where we want to federate with a third-party who also uses Openfire, and in preperation for that, I’ve setup a lab environment to try things out.

In the lab, I’ve found that the basics work as they did when I did my initial trial last year. Users between the two XMPP domains are able to IM each other, but buddy lists don’t propagate across XMPP domains. The unexpected surprise is that I can’t seem to get group chat to work across domains. I created a chat room in domain A, and had user A from domain A join the room, no problems. But in trying to add user B from domain B to the chat room hosted in domain A, nothing seems to go.

Is MUC a viable option with federation/S2S connections? We’re currently using Openfire 3.6.4, and upgrading to 3.7.0 isn’t an immediate option. I have seen a few threads in the past that suggest MUC and S2S are at least supposed to play nicely together, but I’ve also seen enough threads to suggest that it’s often times a problem. And with one-to-one chat working OK, I’m not quite sure what could be breaking MUC. A few logs from the server:

2011.06.14 11:07:11 Connect Socket[addr=/10.1.4.182,port=54179,localport=5269]

2011.06.14 11:07:11 ServerDialback: RS - Received dialback key from host: jabtest2.example.com to: jabtest1.example.com

2011.06.14 11:07:11 000046 (01/05/00) - Connection #2 tested: OK

2011.06.14 11:07:11 000047 (01/05/00) - Connection #2 tested: OK

2011.06.14 11:07:11 ServerDialback: RS - Trying to connect to Authoritative Server: jabtest2.example.com:5269(DNS lookup: jabtest2.example.com:5269)

2011.06.14 11:07:11 ServerDialback: RS - Connection to AS: jabtest2.example.com:5269 successful

2011.06.14 11:07:11 ServerDialback: RS - Asking AS to verify dialback key for id1bfbfb93

2011.06.14 11:07:11 ServerDialback: RS - Key was VERIFIED by the Authoritative Server for: jabtest2.example.com

2011.06.14 11:07:11 ServerDialback: RS - Closing connection to Authoritative Server: jabtest2.example.com

2011.06.14 11:07:11 ServerDialback: RS - Sending key verification result to OS: jabtest2.example.com

2011.06.14 11:07:11 LocalOutgoingServerSession: OS - Trying to connect to jabtest2.example.com:5269(DNS lookup: jabtest2.example.com:5269)

2011.06.14 11:07:11 LocalOutgoingServerSession: OS - Plain connection to jabtest2.example.com:5269 successful

2011.06.14 11:07:11 LocalOutgoingServerSession: OS - Indicating we want TLS to jabtest2.example.com

2011.06.14 11:07:11 LocalOutgoingServerSession: OS - Negotiating TLS with jabtest2.example.com

2011.06.14 11:07:11 LocalOutgoingServerSession: OS - TLS negotiation with jabtest2.example.com was successful

2011.06.14 11:07:11 LocalOutgoingServerSession: OS - About to try connecting using server dialback over TLS with: jabtest2.example.com

2011.06.14 11:07:11 ServerDialback: OS - Sent dialback key to host: jabtest2.example.com id: 127f63b6 from domain: jabtest1.example.com

2011.06.14 11:07:11 Connect Socket[addr=/10.1.4.182,port=54180,localport=5269]

2011.06.14 11:07:11 ServerDialback: AS - Verifying key for host: jabtest2.example.com id: 127f63b6

2011.06.14 11:07:11 ServerDialback: AS - Key was: VALID for host: jabtest2.example.com id: 127f63b6

2011.06.14 11:07:11 ServerDialback: AS - Connection closed for host: jabtest2.example.com id: 127f63b6

2011.06.14 11:07:11 Connection closed before session established

Socket[addr=/10.1.4.182,port=54180,localport=5269]

2011.06.14 11:07:11 ServerDialback: OS - Validation GRANTED from: jabtest2.example.com id: 127f63b6 for domain: jabtest1.example.com

2011.06.14 11:07:11 LocalOutgoingServerSession: OS - SERVER DIALBACK OVER TLS with jabtest2.example.com was successful

Any and all thoughts are welcome.

I managed to figure this out, I think. Despite having entries in each systems’ /etc/hosts file for the server itself, along with the MUC domain (i.e., conference.jabtest{1,2}.example.com), it didn’t seem to work.

Adding proper DNS entries, combined with explicitly allowing “conference.jabtest{1,2}.example.com” seemed to take care of the issue.

Now if only buddy lists would propagate between sites…