Results 1 to 5 of 5

Thread: Possible Cert / TLS problem in 5.0.2, suggested fixes not working

  1. #1
    Join Date
    Nov 2007
    Posts
    6
    Rep Power
    8

    Default Possible Cert / TLS problem in 5.0.2, suggested fixes not working

    I had tested Zimbra v4 on Ubuntu a while and then went up through the v5 betas. Ended up spending most of my time configuring LDAP and Samba so I did not even get the mail server live. Started working on testing the mail server after upgrading to Zimbra from 5.0.0_RC2_1745 to 5.0.2_GA_1975.

    Of course I could not get mail to send. I think the most telling errors are...

    lisa postfix/trivial-rewrite[9772]: warning: dict_ldap_connect: Unable to bind to server ldap://mail.themorrells.org:389 as uid=zmpostfix,cn=appaccts,cn=zimbra: 49 (Invalid credentials)
    lisa postfix/trivial-rewrite[12622]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem

    So I followed on the forums on fixing the TLS errors which seemed to be relevant with no luck. Can anyone help? Where should I start?

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Why do you think this is anything to do with TLS or a Certificate problem? The error line you've posted above contains: "Unable to bind to server" and that usually means that LDAP isn't running. Try and telnet to port 389 and see if you get a connection, if you don't try the wiki Troubleshooting tips. The usual reason for LDAP problems is that you don't have correct DNS A & MX records or your /etc/host file is incorrect, if you're behind a NAT device you'll also need a Split DNS set-up. As you mention mail sending problems I'd go with the suggestion that your DNS isn't right.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Nov 2007
    Posts
    6
    Rep Power
    8

    Default

    The reason I went down the certificate route is because the error

    lisa postfix/trivial-rewrite[12622]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem

    seems to be commonly associated with certificate problems in the forums.

    LDAP is at least working in general since Samba authenticates through it and I can access the webmail and admin interfaces with no problems. I checked with telnet and netstat and everything seems fine. This machine does have multiple IPs associated with it so SLAPD is only bound to one IP. Does Zimbra expect LDAP on the loopback too?

    Since, according to the errors, uid=zmpostfix,cn=appaccts,cn=zimbra is failing I tried checking by hand with no luck.

    zmlocalconfig -s ldap_postfix_password
    ldap_postfix_password = ...

    ldapwhoami -x -D"uid=zmpostfix,cn=appaccts,cn=zimbra" -W -h mail.themorrells.org

    ldap_bind: Invalid credentials (49)

    I do have a caching DNS setup behind the firewall so for Zimbra, mail.themorrells.org resolves correctly to the internal IP.
    Everything else about Zimbra, including integration with Samba, seems to work fine. I can log in to email accounts, fetch external mail, and use the admin interface but I cant send mail to internal or external accounts. Is there some other information I could provide to help figure this problem out?

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Well, let's start with confirmation that your DNS is correct. Run the following commands on the zimbra server:
    Code:
    host `hostname`   <-- use backticks not single quotes
    dig themorrells.org mx
    dig themorrells.org any
    and post the results.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    Nov 2007
    Posts
    6
    Rep Power
    8

    Default

    All right something is configured wrong. host does not find lisa correctly and dig is giving me my external mail servers. I will fix the dig results.

    Code:
    host `hostname`
    
    Host lisa not found: 3(NXDOMAIN)
    dig themorrells.org mx
    ; <<>> DiG 9.3.2 <<>> themorrells.org mx ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39346 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 5 ;; QUESTION SECTION: ;themorrells.org. IN MX ;; ANSWER SECTION: themorrells.org. 1097 IN MX 20 smtp.easydns.com. themorrells.org. 1097 IN MX 30 smtp2.easydns.com. themorrells.org. 1097 IN MX 0 mail2.themorrells.org. ;; AUTHORITY SECTION: themorrells.org. 712 IN NS remote2.easydns.com. themorrells.org. 712 IN NS ns1.easydns.com. themorrells.org. 712 IN NS remote1.easydns.com. themorrells.org. 712 IN NS ns2.easydns.com. ;; ADDITIONAL SECTION: mail2.themorrells.org. 712 IN A 209.177.155.19 ns1.easydns.com. 51733 IN A 66.225.199.10 remote1.easydns.com. 105171 IN A 209.200.131.4 ns2.easydns.com. 21932 IN A 209.200.151.4 remote2.easydns.com. 26058 IN A 205.210.42.19 ;; Query time: 1 msec ;; SERVER: 192.168.0.1#53(192.168.0.1) ;; WHEN: Mon Mar 17 19:44:39 2008 ;; MSG SIZE rcvd: 269
    Do you have any ideas why the hostname is showing up wrong? Zimbra is running on Ubuntu in a chroot jail off of Gentoo. It appears host returns the hostname defined under Gentoo and not Ubuntu.

Similar Threads

  1. TLS not working?
    By 3RiversTechAdmin in forum Installation
    Replies: 9
    Last Post: 04-06-2009, 07:12 AM
  2. [SOLVED] Upgraded to 5.0 OSS - Sendmail Problem
    By Chewie71 in forum Installation
    Replies: 11
    Last Post: 12-28-2007, 07:07 PM
  3. Certificate problem with SMTP using TLS
    By yuit in forum Installation
    Replies: 4
    Last Post: 11-02-2006, 06:03 PM
  4. SSL Cert Problem using SOAP API
    By pbwebguy in forum Developers
    Replies: 1
    Last Post: 06-06-2006, 06:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •