Language:
switch to room list switch to menu My folders
Go to page: First ... 11 12 13 14 [15] 16 17 18 19 ... Last
[#] Sat Apr 24 2021 12:22:34 EDT from IGnatius T Foobar

Subject: Re: user auth

[Reply] [ReplyQuoted] [Headers] [Print]

Is anyone interested in explaining to a dangerous idiot (me) what
would be involved with causing citadel register/authenticate its
users via phpBB's mariaDB? I see that citadel uses BerkleyDB by

Your setup sounds fascinating and a lot of fun!

The existing Citadel Server code can authenticate using its own internal database, using LDAP, or using the underlying host system. It can also authenticate using OpenID, but I'm thinking in the future we probably want to change it to SAML because that's what most single sign-on systems are using these days.

For your application, it sounds like LDAP isn't an option for you, because there are parts of your system that do not speak LDAP. If your chat room can authenticate to phpBB, it sounds like you'd prefer phpBB to be the authoritative source of authentication.

I'm going to assume that you're not willing to write and maintain a separate authentication module here. So here are a couple of options:

1. If you can find a PAM module that allows users to log in to Linux itself using phpBB accounts, Citadel can easily be configured to follow that.

2. We could explore building a tool to synchronize the Citadel user database to the phpBB user database. You mentioned something about the latter being in a SQL database; do you know whether passwords are stored either in the clear or with reversible encryption? If you can get an external program running that scans phpBB user accounts, we can do some scripting to add/change/remove identical accounts in Citadel using its client protocol.

[#] Sat Apr 24 2021 12:23:13 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

I wanted to get things straight with the text mode. The main menu says

to type .Help SUMMARY, but that help file doesn't exist. I couldn't

I'm not sure what happened to the "summary" help file, but typing ".?" will give you the same output.

[#] Sat Apr 24 2021 23:57:42 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Good news! The text of ".Help SUMMARY" was still in there, it just didn't get indexed when we moved the help texts from separate files to embedded in the code. This has been fixed, and will appear in the next release.

[#] Sun Apr 25 2021 01:04:59 EDT from smashbot64

Subject: Re: user auth

[Reply] [ReplyQuoted] [Headers] [Print]

The reason phpBB is the entry point is because the chat server software (blabwspro, https://justblab.com) is a whole lot of php with a websocket server. Lots of what it does lives in a mysql database (mariaDB in my case). Blab was engineered to be "integrated" with many different types of deployments, phpBB happens to be one. The vision I had when Inl started this would be for the blab chat experience to be a Room within citadel. While I know all the source for both blab and citadel are open Source, my skills to mesh them are not up to speed. 

In playing with what I could get working, I found that phpBB could present my blab chat instance as a phpBB page, in an iframe. Options in blab allow it to be integrated into phpbb (or vbulletin, or a whole lot others) and then I tried to use phpbb to present the chat room, or citadel. I get that phpbb does some of the same things that citadel does but it doesn't do all of what citadel does. 

Cutting to the chase, my blabwspro chat app obtains its user auth from the php mysql database. Blabwspro ships with its own mysql authentication, but it can be configured to obey phpbb. If there were integration between blabwspro and citadel,  I'd not be trying to figure this out. I have discussed this with the developer of blabwspro and he has never tried to integrate it with a citadel install.

 

So... the path of least resistance I can see, to help in my case is to guide me on making citadel read phbBB's db for user tokens, since phpBB will be charged with generating the initial user account. Citadel would need to be able to read/write mysql entries. I have a disability that causes nonsense. Please do not get frustrated by my long drawn out exculpatory penchant complicity effigious Godzilla sauce and I didn't think the world would end this way.



[#] Sun Apr 25 2021 01:17:35 EDT from smashbot64

Subject: Re: user auth

[Reply] [ReplyQuoted] [Headers] [Print]

After typing all of what I did I realize that the solution is a module that allows citadel to authenticate on a phpBB database. I believe the passwords are Hashed, but user activities between and among apps are carried out via unique tokens. I'm not quite up to that chapter



[#] Mon Apr 26 2021 10:52:01 EDT from IGnatius T Foobar

Subject: Re: user auth

[Reply] [ReplyQuoted] [Headers] [Print]

Are you able to handle the phpBB side? If so, I can probably get you the Citadel client code to add.

[#] Wed Apr 28 2021 00:04:34 EDT from smashbot64

Subject: Re: user auth

[Reply] [ReplyQuoted] [Headers] [Print]

The phpBB side? Maybe...

here's what I know: 

I have phpBB 3.3.3 running on Debian 10 with Apache2, php 7.3.27-1~deb10u1, and MySQL(i) 10.3.27-MariaDB-0+deb10u1.

On the same linux instance lives citadel.smashbot.com, running Citadel 931 with WebCit 931, server build 931.

My chatroom software is in /var/www/html/smashbot.com/public_html/chat/  Because all the phpBB files are in ~/public_html/.

phpBB and the chat room are both in the same mysql database, the chatroom tables start with blabwspro_ and phpBB's tables start with phpBB_ .

Blabwspro has its own authentication system, but if you choose the option for BB/CMS integration and select phpBB, blabwspro instead lets phpBB be the authentication authority. From there, blabwspro reads the phpBB session/login cookies. 

I tell the blabwspro chatroom software the phpBB session cookie, and then use a phpBB extension called Pages to display the chatroom in an iframe with <iframe src="PATH_OR_URL_TO_BLAB/index.php" border="0" frameborder="0" style="width:100%;height:400px;border-width:0px"></iframe>

If, with your help, I could get citadel's authentication to work the same way, then citadel would not manage user accounts but simply translate what user account info is stored in the phpbb_users database and utilize the session cookies. I know you previously asked about the structure. I think the password part is hashed, but phpBB is open source and well documented. The problem is getting ME up to speed, I am learning as I go. At least I tell myself that. I suppose the only way to know, since YOU know the innards of citadel better than anyone else I know, would be for me to email you the database table from mysql so you can see for yourself how it works.

IF this does happen to work, it will let me use phpBB to glue together 3 of my favorite platforms (blabwspro_chat, citadel, and vice_emu for commodore) with a single entry and login point. Once that is done, I will be able to upload all of my precious content to engage users for extensive participation. At least that's the dream.

 




[#] Wed Apr 28 2021 00:23:58 EDT from smashbot64

Subject: Re: user auth

[Reply] [ReplyQuoted] [Headers] [Print]

I may have forgotten to mention- The MAIN reason I even use phpBB to glue together the 3 platforms is because phpBB can do the auth for 2 out of 3, so far. Right now the site is functional. The issue is the redundant logins currently needed when a user selects a "door" or forum or level or room called citadel. I want citadel to manage my forums and postings, not phpBB. I could just leave the forum management to phpBB but I want citadel to do it. 

The reverse option is possible- getting citadel to be the authenticator for blabwspro chat software which is all php and mysql. The convo between the chatroom developer and myself went like this:

ME: "I could ditch phpBB as a frontend and authenticator because ultimately, the forum software that I wish to integrate the chat room is Citadel. All the details of this forum groupware is explained at citadel.org

The major issue I can see is blabwspro runs on mysqldb and I forget, maybe it works with postgres but I forget. Citadel on the other hand uses berkeley db. I know there are debian translators available to parse queries and writes between mariadb and berkeley db , but I guess my question is,
would integrating blabwspro to a berkley db environment be a huge undertaking?"

BLAB DEVELOPER: "You have to connect from PHP to the other software database and run a query to verify the user using a session var or a cookie and in case of course the other software provides such cookies/sessions."

and that's where I am at. so far.



[#] Thu Apr 29 2021 00:18:40 EDT from ParanoidDelusions

Subject: Webcit unable to bind, failing with exit code, but still working?

[Reply] [ReplyQuoted] [Headers] [Print]

My turn.

Somehow, at some point the -g .skipgoto?=hello switch in my /etc/systemd/system/webcit-http.service and webcit-https.service files got reverted on my main machine - but also when I reran the easyinstall on the new VM.


After modifying these two files with vi - both versions were failing, saying that the ports (8916 and 443) were already bound.


I eventually resorted to re-running /usr/local/webcit/setup.


It saw webcit-http.service on port 2000. I have *never* set it on that port.

I reverted it in setup to 8916.


I accepted the default for HTTPS.


Now webcit is starting, both on 8916 and 443... but in the logs, I'm seeing this over and over again when connecting via HTTPS.

Apr 28 21:09:50 secure webcit[2151]: webcit[2151]: Can't bind: Address already in use
Apr 28 21:09:50 secure webcit[2151]: Can't bind: Address already in use
Apr 28 21:09:50 secure systemd[1]: webcit-https.service: Main process exited, code=exited, status=101/n/a
Apr 28 21:09:50 secure systemd[1]: webcit-https.service: Failed with result 'exit-code'.

Although it IS connecting on the default HTTPS port - you can check that here...

https://secure.wallofhate.com


It is almost like there are multiple copies of webcit being called and they're in port contention with themselves - like there are two instances running on port 443 and the one instance is exiting "failed with result 'exit-code'" because the other one already has that port bound?


Something is most definitely wrong. It is running. 




[#] Thu Apr 29 2021 11:00:53 EDT from ParanoidDelusions

Subject: Re: Webcit unable to bind, failing with exit code, but still working?

[Reply] [ReplyQuoted] [Headers] [Print]

So, this morning I looked at the webcit-https.service config, and it was pointing at a different port than :443. 

I changed it back to :443, and the issue immediately reoccurred. 
Changing it back to its previous setting didn't restore https: connectivity to the board, even with a reboot, and even going into setup. 

That led me to lsof -i :443 

Which showed me that webcit WAS listening on port :443, despite not responding. 

I killed that PID, and restarted the webcit service. 

Now it is working fine. BUT the webcit-https.service has the port listed as 4916 now 


And sure enough - Citadel will render a page on 443 *or* 4916, and webcit is running twice, once on 443 and once on 4916 (and also on 8916 in regular HTTP). 

Is there somewhere else in the config that launches webcit other than the config in systemd/system 

Now it isn't restarting and failing in syslog - but it is running twice, on either port. 

I'll copy the logs from console, I'm not on that machine now. 

 



[#] Thu Apr 29 2021 11:07:31 EDT from ParanoidDelusions

Subject: Re: Webcit unable to bind, failing with exit code, but still working?

[Reply] [ReplyQuoted] [Headers] [Print]

root@secure:/etc/systemd/system# sudo lsof -i :443
COMMAND PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
webcit  313 root    6u  IPv6  15532      0t0  TCP *:https (LISTEN)
root@secure:/etc/systemd/system# sudo lsof -i :8916
COMMAND PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
webcit  317 root    6u  IPv6  15529      0t0  TCP *:8916 (LISTEN)


They're both there, and listening - but PID 313 is refusing to respond on the web.

root@secure:/etc/systemd/system# sudo kill 313
root@secure:/etc/systemd/system# sudo lsof -i :443
root@secure:/etc/systemd/system# sudo service webcit restart
root@secure:/etc/systemd/system# sudo lsof -i :443
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
webcit  2219 root    6u  IPv6  41814      0t0  TCP *:https (LISTEN)

Now it is back, as PID 2219 - and it is responding.

BUT...


PID 2185 is also launched - by /etc/systemd/system/webcit-https.service and ALSO listening for SSL connections

root@secure:/etc/systemd/system# sudo lsof -i :4916
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
webcit  2185 root    6u  IPv6  40818      0t0  TCP *:4916 (LISTEN)


The bind errors aren't causing webcit to constantly exit and restart - so - this is good - but I'm wondering why it is launching twice, and what will happen in a reboot or restart at this point. 

 



[#] Fri Apr 30 2021 02:44:39 EDT from bartv

Subject: Re: SMTP authentication problem from outlook

[Reply] [ReplyQuoted] [Headers] [Print]

Any thougts on this ? still not possible to send mail from mail client, don't want to use webcit for repliying forever ....

Regards,

Bart

 

Mon Apr 19 2021 18:14:53 EDT from bartv Subject: Re: SMTP authentication problem from outlook

been testing with different style usernames and passwords - still no connection.

I'm not 100% sure if that's the reason or if i misinterpreted things, but since my testing i cannot get my phone to connect to smtp either, so it is not limited to outlook.

Bart

 

Fri Apr 16 2021 02:55:45 EDT from chrisskhc Subject: Re: SMTP authentication problem from outlook

Hello,

 

I have exactly the same problem since I updated to build 931 via easyinstall.

Everything works fine except the mail client connection to the SMTP.

 

I would also be very grateful for targeted tips on troubleshooting.

 

chrisskhc

 

 

Tue Apr 13 2021 09:56:56 EDT from bartv Subject: Re: SMTP authentication problem from outlook

 

Fri Apr 09 2021 06:07:11 EDT from bartv Subject: SMTP authentication problem from outlook

Hello all,

 

Could not find search function in this forum, so apologies if this is a recurring question.

 

Installed Citadel on my PI4, and most of it is working, except i have problems connecting outlook.

I have setup citadel as my mailserver, and i can send and receive email to external accounts (work, gmail, etc). (Test via Webcit)

 

I'm using outlook 2016 and connect via POP3/SMTP.

Outlook collects mail via POP3 fine from the server, using account settings either on port 110 and 995 no problem.

But is keeps asking for my credentials when using SMTP - controlpanel/mailsettings - test account setting - tries to send a test mail.

Tried SMTP via port 25 no encryption, but also using port 465 - with SSL enabled - keeps popping credentials question and port 587 STARTTLS - credentials quesions

'Your email server rejected your login. Verify your user name and password"

email server rejects login using username/password. But they work fine for POP3 logon......

 

Using the same credentials, sending from my Galaxy S10 via wifi on internal network using builtin mailclient using port 465 and SSL is no problem.

So Citadel & Pi should be configured correctly...

 

I'm lost. Any suggestions ?

 

Tnx

 

Bart

 

[Edit]

i've been testing  but no luck yet.

syslog has this error : bad password specified for <> Service <SMTP-MTA>

Should the username not be within those emty brackets ? that would mean the username is not forwarded by outlook to citedal ????

this is the log of one session , as you can see the pop3 session is ok....

Apr 13 15:18:18 raspix citserver[32694]: citserver[32694]: context: session (POP3) started from Laborix.bartscorner.local (192.168.1.117) uid=-1
Apr 13 15:18:18 raspix citserver[32694]: context: session (POP3) started from Laborix.bartscorner.local (192.168.1.117) uid=-1
Apr 13 15:18:18 raspix citserver[32694]: citserver[32694]: user_ops: <bartver> logged in
Apr 13 15:18:18 raspix citserver[32694]: user_ops: <bartver> logged in
Apr 13 15:18:18 raspix citserver[32694]: citserver[32694]: context: [12718]SRV[POP3] Session ended.
Apr 13 15:18:18 raspix citserver[32694]: context: [12718]SRV[POP3] Session ended.
Apr 13 15:18:18 raspix citserver[32694]: citserver[32694]: context: session (SMTP-MTA) started from Laborix.bartscorner.local (192.168.1.117) uid=-1
Apr 13 15:18:18 raspix citserver[32694]: context: session (SMTP-MTA) started from Laborix.bartscorner.local (192.168.1.117) uid=-1
Apr 13 15:18:18 raspix citserver[32694]: citserver[32694]: user_ops: bad password specified for <> Service <SMTP-MTA> Port <25> Remote <Laborix.bartscorner.local / 192.168.1.117>
Apr 13 15:18:18 raspix citserver[32694]: user_ops: bad password specified for <> Service <SMTP-MTA> Port <25> Remote <Laborix.bartscorner.local / 192.168.1.117>
Apr 13 15:18:18 raspix citserver[32694]: SMTP: client disconnected: ending session.
Apr 13 15:18:18 raspix citserver[32694]: citserver[32694]: SMTP: client disconnected: ending session.
Apr 13 15:18:18 raspix citserver[32694]: citserver[32694]: context: [12719]SRV[SMTP-MTA] Session ended.

 

 



 



 



 



 



[#] Mon May 03 2021 07:19:01 EDT from megagumbo

Subject: Citadel in Docker (prototype repo URL?)

[Reply] [ReplyQuoted] [Headers] [Print]

Hi,
some (long) time ago I expressed my interest in trying out Citadel within a Docker container and someone here pointed me to some repository where some sort of "prototype" was available. Now, I have lost that particular link and am now asking if anyone here can (once more) provide it to me?

Thank you,

Niels



[#] Mon May 03 2021 11:02:06 EDT from megagumbo

Subject: Re: Citadel in Docker (prototype repo URL?)

[Reply] [ReplyQuoted] [Headers] [Print]

Ah, found it here: code.citadel.org

Mon May 03 2021 07:19:01 AM EDT from megagumbo Subject: Citadel in Docker (prototype repo URL?)

Hi,
some (long) time ago I expressed my interest in trying out Citadel within a Docker container and someone here pointed me to some repository where some sort of "prototype" was available. Now, I have lost that particular link and am now asking if anyone here can (once more) provide it to me?

Thank you,

Niels



 



[#] Tue May 04 2021 01:27:28 EDT from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

Ok... I figured out part of the mystery on my pre and post login redirect.


This is what I had in my webcit-https.service config:

more webcit-https.service
[Unit]
Description=Citadel web service
After=citadel.target
[Service]
ExecStart=/usr/local/webcit/webcit -p8916 -g/dotgoto?room=hello uds /usr/local/c
itadel
ExecReload=/bin/kill
KillMode=process
Restart=always
RestartSec=3
[Install]
WantedBy=multi-user.target

 

So, that is why it was failing to startup. It was attempting to assign the https on port 8916, which is already selected as the http port.


But... it is ALSO launching it on port 443. And in either case, it is not redirecting to the "hello" room with the ExecStart command line above.

If I change the webcit-https to 4916 I get this error in Firefox connecting to locahost:4916

Secure Connection Failed

An error occurred during a connection to 127.0.0.1:4916. SSL received a record that exceeded the maximum permissible length.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

 

Set for localhost:443 - I just get the lobby - no redirect.

Should I be using service webcit restart or systemctl restart webcit to restart the service?

And is it possible in Debian 10 that Citadel is launching somewhere else, then also being called again in systemd, potentially in conflict with itself - with 4 instances of Webcit running, or maybe 3... one on 8916, one on 4916 and one on 443?







[#] Tue May 04 2021 19:06:08 EDT from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

Ok... so I've confirmed that I have /etc/systemd/system/webcit-https.service set correctly for port 443

I"ve ran setup in citadel and webcit

I get this

root@secure:/usr/local/webcit# netstat -ltnp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      466/sshd            

tcp        0      0 0.0.0.0:23              0.0.0.0:*               LISTEN      460/inetd           

tcp        0      0 0.0.0.0:504             0.0.0.0:*               LISTEN      8562/citserver      

tcp        0      0 0.0.0.0:5222            0.0.0.0:*               LISTEN      8562/citserver      

tcp6       0      0 :::80                   :::*                    LISTEN      481/apache2         

tcp6       0      0 :::8916                 :::*                    LISTEN      8872/webcit         

tcp6       0      0 :::4916                 :::*                    LISTEN      8711/webcit         

tcp6       0      0 :::22                   :::*                    LISTEN      466/sshd            

tcp6       0      0 :::443                  :::*                    LISTEN      8875/webcit         

root@secure:/usr/local/webcit# kill 8711

root@secure:/usr/local/webcit# netstat -ltnp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      466/sshd            

tcp        0      0 0.0.0.0:23              0.0.0.0:*               LISTEN      460/inetd           

tcp        0      0 0.0.0.0:504             0.0.0.0:*               LISTEN      8562/citserver      

tcp        0      0 0.0.0.0:5222            0.0.0.0:*               LISTEN      8562/citserver      

tcp6       0      0 :::80                   :::*                    LISTEN      481/apache2         

tcp6       0      0 :::4916                 :::*                    LISTEN      8925/webcit         

tcp6       0      0 :::8916                 :::*                    LISTEN      8872/webcit         

tcp6       0      0 :::22                   :::*                    LISTEN      466/sshd            

tcp6       0      0 :::443                  :::*                    LISTEN      8875/webcit         

root@secure:/usr/local/webcit# kill 8925

root@secure:/usr/local/webcit# netstat -ltnp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      466/sshd            

tcp        0      0 0.0.0.0:23              0.0.0.0:*               LISTEN      460/inetd           

tcp        0      0 0.0.0.0:504             0.0.0.0:*               LISTEN      8562/citserver      

tcp        0      0 0.0.0.0:5222            0.0.0.0:*               LISTEN      8562/citserver      

tcp6       0      0 :::80                   :::*                    LISTEN      481/apache2         

tcp6       0      0 :::8916                 :::*                    LISTEN      8872/webcit         

tcp6       0      0 :::22                   :::*                    LISTEN      466/sshd            

tcp6       0      0 :::443                  :::*                    LISTEN      8875/webcit         

root@secure:/usr/local/webcit# netstat -ltnp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      466/sshd            

tcp        0      0 0.0.0.0:23              0.0.0.0:*               LISTEN      460/inetd           

tcp        0      0 0.0.0.0:504             0.0.0.0:*               LISTEN      8562/citserver      

tcp        0      0 0.0.0.0:5222            0.0.0.0:*               LISTEN      8562/citserver      

tcp6       0      0 :::80                   :::*                    LISTEN      481/apache2         

tcp6       0      0 :::4916                 :::*                    LISTEN      8946/webcit         

tcp6       0      0 :::8916                 :::*                    LISTEN      8872/webcit         

tcp6       0      0 :::22                   :::*                    LISTEN      466/sshd            

 

tcp6       0      0 :::443                  :::*                    LISTEN      8875/webcit



[#] Tue May 04 2021 19:07:35 EDT from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

No matter what I do... Webcit respawns on 4916. 

I guess I can try a reboot of the server. 

 



[#] Tue May 04 2021 19:25:04 EDT from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

And here is something interesting... when webcit-https.service is spawning on 443, I get "Error Code: SSL_ERROR_RX_RECORD_TOO_LONG" with a fully formed URL in Firefox... 

e.g., https://127.0.0.1 or https://secure.wallofhate.com 

even if I specific the port... 

:443

but... if I change the URL in the address bar to 

http://secure.wallofhate.com:443 

It resolves fine. 




[#] Wed May 05 2021 00:26:28 EDT from ASCII Express

[Reply] [ReplyQuoted] [Headers] [Print]

Wonderful, thanks for fixing the .help summary issue!
Just one of those little things that stuck out...

[#] Wed May 05 2021 00:33:06 EDT from ASCII Express

[Reply] [ReplyQuoted] [Headers] [Print]

I had an issue connecting with XMPP. I wanted to use Bitlbee, and read the guide about that. It still fails with an invalid user name and password. Do I understand that I need to put an underscore in my name since it has a space, like ascii_express@disboardia.net?
The port works, and I use Bitlbee all the time, so I know that works.

Go to page: First ... 11 12 13 14 [15] 16 17 18 19 ... Last