Giving up trying

Well, it’s now come to the point, that I’m wasting far to much time and effort in trying to fix the un-fixable, so therefore I have completely removed openfire from my server and looking elswhere for another IM package that’s specifically designed for SELinux.

I would like to thank everyone for trying to help, but no-one seems to have solutions to the same problems that don’t arise on their systems to be able to give the right help.

It’s the spark webchat for fastpath that needs severly being worked on, so if any one is interested, and want to use a live help system, other than fastpath, I would suggest using Crafty Syntax Live help, I’ve just installed and set it up with no problem at all, (which I can’t say for the fastpath feature of openfire).

selinux isn’t something used on every version of linux. so to say that openfire devs have to also be experts on selinux is wrong. you not being able to get it to work sounds like your misunderstanding of how to configure selinux. crafty syntax probably worked so much easier because you allowed apache in selinux when you installed.

I use debian and would rather openfire devs work on openfire features and not be experts on selinux.

I have just about every Linux distro that’s out there, (Debian, SuSe, Knoppix, Clark Connect, Redhat, Fedora, just to name a few), and I have tried every one of them on a test box, and only found Engarde as the easiest to operate and setup.

The best thing about Engarde is, using a small SELinux utility called ‘audit2allow’, one just installs an rpm using ‘rpm -ivh [prog-name-[version].rpm’ then run ‘watch audit2allow -d’ then run the prog, any security issues are then displayed as ‘allow’ lines, which then can be inserted into a custom policy, then the policy is re-compiled. All this I know how to do, but when it comes to fastpath’s webchat, there are no security issues even with SELinux completely disabled and no policies loaded, it just doesn’t know where to find the openfire server name, (see below for an explanation of an example server configuration).

I spent all day yesterday trying openfire on all the distros I have and the fastpath spark webchat still gives the same error, which indicates to me, that certain software for Linux is very version specific,

Here’s an example server configuration used for openfire.

server host name = test.com

openfire installs using that host name

Enterprise plugin installs, then spark webchat

Enterprise license is applied

Spark webchat setup is initiated

Openfire server name ‘test.com’ is inserted into the setup

Port 5222 is used

The ‘Save setup’ is clicked and nothing happens just an error stating ‘Can not connect to server, please make sure the host name and port is correct’, which indicates, openfire does know where to find the system host name, but spark webchat doesn’t know where to find openfire’s server name. People I’ve chatted to in either ignite and jive, can’t reproduce the same error, and therefore unable to find out how to fix it.

Use ‘localhost’ throughout the openfire and fastpath spark webchat setup, and everything is fine, except the group chat doesn’t work.

This is how it works:-

Fix groupchat and fastpath webchat don’t work, fix fastpath and the groupchat don’t work, there doesn’t seem to be any interactivity between the modules, if it’s a DNS issue, then the only possible explanation I can think of is, Engarde uses named to for bind configuration, and if spark webchat for fastpath is trying to obtain a record from a bind configuration, then it’s not going to work, which brings us back to being version specific.

aside from my live server I have a test server for openfire, I setup everything on debian with windows clients and its working just fine. all of my dns names are registered with dns and nslookup from the windows machine and linux machine all give the same results. I did deploy tomcat, which I didn’t see you mention, so that may be one difference. I used the tar.gz install also. Sorry it didn’t work for you.

I did the same nslookup on windows and linux, the DNS records check out fine.

My live server (running apache) not just runs the internal DNS, but also runs ftp, web, mysql and email, (mysql access is internal only), the live server has full support for java, php and perl. Outside access has to go through a hardware firewall and a router, but internal access is only limited to the access control of Engarde, which means only one pc on the network has full control over the server, which means I can test every aspect of openfire.

I’ve just opened up one of the files inside the webchat jar file, traced it to one of the classes that gets a DNS record, but which one, I don’t know.