When registering with the XMPP gateway I get constant “The password you registered with is incorrect.” messages, even though the username and password are correct and I can use them when connecting directly my client. The server is running ejabberd.
I have tried using tcpdump, but starttls kicks in before any useful info can be seen. And server log files aren’t helping.
All that shows in the log file is:
2008.06.12 15:02:35 xmpp user’s login/password does not appear to be correct: mac@tlug.up.ac.za
SASL authentication failed: at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 327) at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:438) at org.jivesoftware.openfire.gateway.protocols.xmpp.XMPPSession$1.run(XMPPSession. java:203)
Does anyone have an idea what would be causing the gateway to not want to log into the server. It does correctly log into an openfire server.
Unfortunately this is a known issue that I’ve yet to track down. It works great if you point at an Openfire, Jabberd1, or Jabberd2 server, but not at ejabberd for some reason. Doesn’t make a lot of sense! Especially since Spark can connect to an ejabberd server and they’re using the same freakin’ library! I’m almost certain there’s some little stupid thing I’m doing.
We are seeing the same problem here. We have some customers trying to connect to an ejabberd server. Have you been able to track this one down?
It is a little difficult to get some useful debugging info, just as Malcolm mentioned. tcpdump is of no use.
I haven’t had any time to research it unfortunately.
I patched the gateway to set SecurityMode to disabled to turn off TLS and this is what I get:
T 87.230.101.51:54453 → 194.97.3.151:5222 [AP]
<stream:stream to=“jabber.freenet.de” xmlns=“jabber:client” xmlns:stream=“http://etherx.jabber.org/streams” version=“1.0”>
T 194.97.3.151:5222 → 87.230.101.51:54453 [AP]
<?xml version='1.0'?>
T 194.97.3.151:5222 → 87.230.101.51:54453 [AP]
stream:featuresDIGEST-MD5PLAIN</stream:features>
T 87.230.101.51:54453 → 194.97.3.151:5222 [AP]
T 194.97.3.151:5222 → 87.230.101.51:54453 [AP]
T 87.230.101.51:54453 → 194.97.3.151:5222 [AP]
T 87.230.101.51:54453 → 194.97.3.151:5222 [AFP]
</stream:stream>
T 194.97.3.151:5222 → 87.230.101.51:54453 [AP]
</stream:stream>
Where does CRAM-MD5 come from? Is this the only authentication method offered when using TLS? When I log in using Spark it just offers PLAIN (on the TLS link though)?
Just tried using the latest Spark 2.6.0 beta to connect to the ejabberd server. Does not work either. It also tries to use CRAM-MD5. So this looks like something has been broken in Smack?
I reenabled TLS and made the following changes in Smack’s SASLAuthentication.java
static {
// Register SASL mechanisms supported by Smack
// registerSASLMechanism(“EXTERNAL”, SASLExternalMechanism.class);
// registerSASLMechanism(“GSSAPI”, SASLGSSAPIMechanism.class);
registerSASLMechanism(“DIGEST-MD5”, SASLDigestMD5Mechanism.class);
registerSASLMechanism(“CRAM-MD5”, SASLCramMD5Mechanism.class);
registerSASLMechanism(“PLAIN”, SASLPlainMechanism.class);
// registerSASLMechanism(“ANONYMOUS”, SASLAnonymous.class);
// supportSASLMechanism("GSSAPI",0);
// supportSASLMechanism("DIGEST-MD5",1);
// supportSASLMechanism("CRAM-MD5",2);
// supportSASLMechanism("PLAIN",3);
// supportSASLMechanism("ANONYMOUS",4);
supportSASLMechanism("PLAIN",0);
supportSASLMechanism("DIGEST-MD5",1);
supportSASLMechanism("CRAM-MD5",2);
}
We can now connect to an ejabberd server. We do not need the other authentication mechanisms, so this works for us.
Maybe this will help you find a general fix for the XMPP transport.
Henrik
Had any time to research this yet, or had a look at Henrik’s suggestion?