Can't open a new room - Githubissues

ChicagoJay commented 4 years ago

When I try to open a new room, with an authorized LDAP (Active Directory) account, I get an error. Log file shows:


2020.11.10 11:33:30 INFO [org.jitsi.utils.concurrent.RecurringRunnableExecutor.thread-org.jitsi.videobridge.health.Health]: org.jitsi.videobridge.health.Health - Performed a successful health check in 7ms. Sticky failure: false
2020.11.10 11:33:37 INFO [org.jitsi.utils.concurrent.RecurringRunnableExecutor.thread-VideobridgeExpireThread]: org.jitsi.videobridge.VideobridgeExpireThread - Running expire()
2020.11.10 11:33:40 INFO [org.jitsi.utils.concurrent.RecurringRunnableExecutor.thread-org.jitsi.videobridge.health.Health]: org.jitsi.videobridge.Videobridge - CAT=stat create_conf,conf_id=7eebcf2fe6df0596 conf_name=null,logging=false,conf_count=1,ch_count=0,v_streams=0
2020.11.10 11:33:40 INFO [org.jitsi.utils.concurrent.RecurringRunnableExecutor.thread-org.jitsi.videobridge.health.Health]: org.jitsi.videobridge.health.Health - Performed a successful health check in 7ms. Sticky failure: false
2020.11.10 11:33:48 INFO [pool-45-thread-8]: org.jitsi.jicofo.xmpp.FocusComponent - Focus request for room: techtest@conference.d83.org
2020.11.10 11:33:48 INFO [pool-45-thread-8]: org.jitsi.jicofo.FocusManager - Created new focus for techtest@conference.d83.org@d83.org. Conference count 1,options: channelLastN=-1 enableLipSync=false useRoomAsSharedDocumentName=false startAudioMuted=9 stereo=false startBitrate=800 startVideoMuted=9 enforcedBridge=jitsi-videobridge.d83.org openSctp=true disableRtx=false
2020.11.10 11:33:48 INFO [pool-45-thread-8]: org.jitsi.jicofo.JitsiMeetConferenceImpl - Joining the room: techtest@conference.d83.org
2020.11.10 11:33:48 WARN [Smack-Single Threaded Executor 0 (0)]: org.jitsi.impl.protocol.xmpp.ChatRoomImpl - Unable to handle packet: <presence to='focus768522681345@d83.org/focus768522681345' from='techtest@conference.d83.org/focus' id='BhMbp-1923' type='error'><x xmlns='http://jabber.org/protocol/muc'><lobbyroom>techtest@lobby.d83.org</lobbyroom></x><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://jitsi.org/jicofo' ver='6dKlNV2hTmKYwGcTHveFMk15Ydg='/><error type='cancel'><not-allowed xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/><text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>You do not have permission to create a new room.</text></error></presence>
2020.11.10 11:33:48 INFO [pool-45-thread-8]: org.jitsi.jicofo.FocusManager - Disposed conference for room: techtest@conference.d83.org conference count: 0
2020.11.10 11:33:48 INFO [pool-45-thread-8]: org.jitsi.jicofo.FocusManager - Exception while trying to start the conference
net.java.sip.communicator.service.protocol.OperationFailedException: Failed to join the room
at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.joinAs(ChatRoomImpl.java:298) ~[jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.join(ChatRoomImpl.java:209) ~[jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
at org.jitsi.jicofo.JitsiMeetConferenceImpl.joinTheRoom(JitsiMeetConferenceImpl.java:581) ~[jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
at org.jitsi.jicofo.JitsiMeetConferenceImpl.start(JitsiMeetConferenceImpl.java:404) ~[jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
at org.jitsi.jicofo.FocusManager.conferenceRequest(FocusManager.java:477) [jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
at org.jitsi.jicofo.FocusManager.conferenceRequest(FocusManager.java:426) [jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
at org.jitsi.jicofo.FocusManager.conferenceRequest(FocusManager.java:401) [jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
at org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq(FocusComponent.java:417) [jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
at org.jitsi.jicofo.xmpp.FocusComponent.handleIQSetImpl(FocusComponent.java:254) [jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
at org.jitsi.xmpp.component.ComponentBase.handleIQSet(ComponentBase.java:362) [jicoco-1.1-55-g3bc7f1d.jar:?]
at org.xmpp.component.AbstractComponent.processIQRequest(AbstractComponent.java:524) [tinder-2.0.0.jar:?]
at org.xmpp.component.AbstractComponent.processIQ(AbstractComponent.java:291) [tinder-2.0.0.jar:?]
at org.xmpp.component.AbstractComponent.processQueuedPacket(AbstractComponent.java:239) [tinder-2.0.0.jar:?]
at org.xmpp.component.AbstractComponent.access$100(AbstractComponent.java:80) [tinder-2.0.0.jar:?]
at org.xmpp.component.AbstractComponent$PacketProcessor.run(AbstractComponent.java:1058) [tinder-2.0.0.jar:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]
Caused by: org.jivesoftware.smack.XMPPException$XMPPErrorException: XMPP error reply received from techtest@conference.d83.org/focus: XMPPError: not-allowed - cancel
at org.jivesoftware.smack.XMPPException$XMPPErrorException.ifHasErrorThenThrow(XMPPException.java:132) ~[smack-core-4.2.4-47d17fc.jar:4.2.4-47d17fc]
at org.jivesoftware.smack.StanzaCollector.nextResultOrThrow(StanzaCollector.java:263) ~[smack-core-4.2.4-47d17fc.jar:4.2.4-47d17fc]
at org.jivesoftware.smackx.muc.MultiUserChat.enter(MultiUserChat.java:355) ~[smack-extensions-4.2.4-47d17fc.jar:4.2.4-47d17fc]
at org.jivesoftware.smackx.muc.MultiUserChat.createOrJoin(MultiUserChat.java:498) ~[smack-extensions-4.2.4-47d17fc.jar:4.2.4-47d17fc]
at org.jivesoftware.smackx.muc.MultiUserChat.createOrJoin(MultiUserChat.java:444) ~[smack-extensions-4.2.4-47d17fc.jar:4.2.4-47d17fc]
at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.joinAs(ChatRoomImpl.java:240) ~[jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
... 17 more
2020.11.10 11:33:48 ERROR [pool-45-thread-8]: org.jitsi.jicofo.xmpp.FocusComponent - net.java.sip.communicator.service.protocol.OperationFailedException: Failed to join the room
net.java.sip.communicator.service.protocol.OperationFailedException: Failed to join the room
at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.joinAs(ChatRoomImpl.java:298) ~[jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.join(ChatRoomImpl.java:209) ~[jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
at org.jitsi.jicofo.JitsiMeetConferenceImpl.joinTheRoom(JitsiMeetConferenceImpl.java:581) ~[jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
at org.jitsi.jicofo.JitsiMeetConferenceImpl.start(JitsiMeetConferenceImpl.java:404) ~[jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
at org.jitsi.jicofo.FocusManager.conferenceRequest(FocusManager.java:477) ~[jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
at org.jitsi.jicofo.FocusManager.conferenceRequest(FocusManager.java:426) ~[jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
at org.jitsi.jicofo.FocusManager.conferenceRequest(FocusManager.java:401) ~[jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
at org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq(FocusComponent.java:417) ~[jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
at org.jitsi.jicofo.xmpp.FocusComponent.handleIQSetImpl(FocusComponent.java:254) [jicofo-1.1-20200903.193811-189.jar:1.1-SNAPSHOT]
at org.jitsi.xmpp.component.ComponentBase.handleIQSet(ComponentBase.java:362) [jicoco-1.1-55-g3bc7f1d.jar:?]
at org.xmpp.component.AbstractComponent.processIQRequest(AbstractComponent.java:524) [tinder-2.0.0.jar:?]
at org.xmpp.component.AbstractComponent.processIQ(AbstractComponent.java:291) [tinder-2.0.0.jar:?]
at org.xmpp.component.AbstractComponent.processQueuedPacket(AbstractComponent.java:239) [tinder-2.0.0.jar:?]
at org.xmpp.component.AbstractComponent.access$100(AbstractComponent.java:80) [tinder-2.0.0.jar:?]
at org.xmpp.component.AbstractComponent$PacketProcessor.run(AbstractComponent.java:1058) [tinder-2.0.0.jar:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]```

I granted the AD Group D83SysAdmins (when I am presented an authentication pop-up, I use my personal AD credentials, and I am a member of that AD group) admin rights in Group Chat > Group Chat Settings > *subdomain* > Administrators, as well as Room Creation Permissions, so I am perplexed as to why the log shows I don't have rights to create a room.

Also, if there is a permissions issue, it would be cool if openfire gave me something more informative than "Unfortunately, something went wrong."

Thanks for any advice...  Shout-out to @gjaekel for helping me overcome the java issue in my last bug!

gjaekel commented 4 years ago

A conference room always is created by the so-called focus user. The first participant entering a room get's the "Admin"-role for this XMPP-room granted by this focus user. This is totally different to the "Admin"-role concerning the OpenFire server administration! During a conference, the focus user "watch" the Audio streams and broadcast this information to the clients of the participants. There, this information will switch the speaker marker and/or window.

Maybe I misunderstand, but is the account and password configured at "Meetings|Settinngs|Security" to be used as the focus user allowed to "browse" the LDAP directory?
Did you perform all the testcases offered while setting up the LDAP connection?

ChicagoJay commented 4 years ago

Interestingly, this worked after the new log4j2.xml file. But, today - the first time I have touched it since Tuesday, it's refusing to authenticate. The all.log shows:


org.jivesoftware.openfire.user.UserNotFoundException: null
at org.jivesoftware.openfire.ldap.LdapUserProvider.loadUser(LdapUserProvider.java:170) ~[xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.user.UserManager.getUser(UserManager.java:277) ~[xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.plugin.rest.sasl.OfChatSaslServer.evaluateResponse(OfChatSaslServer.java:66) [pade-1.0.2.jar:?]
at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java:370) [xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.SessionPacketRouter.route(SessionPacketRouter.java:60) [xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.http.HttpSession.sendPendingPackets(HttpSession.java:612) [xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.http.HttpSession$HttpPacketSender.run(HttpSession.java:1329) [xmppserver-4.6.0.jar:4.6.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]```

I'm using the same credentials I use to log into the admin interface.

gjaekel commented 4 years ago

But you're able to enter the GUI? Strange ... At the "session" tab, Is the Focus user authenticated?

Switch on the ldap.ldapDebugEnabled at "Server|Server Manager|System Properties" to get details.

As the next resort, you may raise the global debug level dynamically at runtime. Edit the logfile configuration:

-        <Root level="info">
+       <Root level="debug">

ChicagoJay commented 4 years ago

munged email deleted for cleanliness of the thread

gjaekel commented 4 years ago

It's not clear to me when this log was taken. There seems at least one restart in the middle; please rotate the log while stop and start. Also, please surround your pasted log here at top and bottom with a line containg three backticks (```) to ease reading.

20201113-091347.517 ERROR [pool-7-thread-2] [o.j.o.p.o.FocusPlugin] Unable to provision a 'focus' user.
java.lang.UnsupportedOperationException: User provider is read-only

As usual, the LDAP is read-only by OpenFire. Have you provided the focus user in you LDAP?

20201113-091347.934 WARN  [pool-7-thread-3] [o.j.v.o.PluginImpl] An unexpected error occurred while checking the native libraries.
java.lang.NoSuchFieldException: sys_paths

I don't konw what happens here, but it don't look good.

But I can't find any LDAP logging dealing with your user authentication...

ChicagoJay commented 4 years ago

Sorry - I just attached the file to the email. I'll start over again, and respond via the github site.

ChicagoJay commented 4 years ago

I guess github totally munged my email. Here is what I originally responded:

The user is Anonymous, but authenticated.

Session Details

Session ID: | focus207128281770@d83.org/focus207128281770 User Name & Resource: | Anonymous - focus207128281770 Using Anonymous Authentication: | Yes Node | Local Stream Management: | Disabled Connection Type: | Unknown Message Carbons: | Disabled Flexible Offline Message Retrieval: | Disabled Status: | Authenticated Presence: | Online Priority | 0 Session Created: | Nov 12, 2020, 4:13:44 PM Session Last Active: | Nov 13, 2020, 9:02:36 AM Session Statistics: | Packets Received/Sent: 6,116/0 Client IP / Hostname: | ofchat8114262 / ofchat8114262

I've attached the all.log file, with Debug turned on. I see an error with focus(long decimal number - not the one above) not being in LDAP. I have a user, called focus, in AD - but not focus(long decimal number). Do I need to modify the account to have the number at the end? That number appears to change, so that can't be right.

I turned on debugging through the GUI, then restarted the openfire service. I am attaching the all.log, with everything before the restart deleted.

all.log

Also, oddly, I can no longer view the logs in the admin GUI... I may have to roll back to my last snapshot...

gjaekel commented 4 years ago

Also, oddly, I can no longer view the logs in the admin GUI... I may have to roll back to my last snapshot...

I never used the GUI log viewer. That's probably because of the changed line formater in my version of log4j2.xml. You may try to replace the date format patter back, %d{yyyy.MM.dd HH:mm:ss} ...

The user focus is still not found in your LDAP:

20201113-141442.567 DEBUG [pool-7-thread-2] [o.j.o.l.LdapManager] Created hashtable with context values, attempting to create context...
20201113-141442.691 DEBUG [pool-7-thread-2] [o.j.o.l.LdapManager] ... context created successfully, returning.
20201113-141442.692 DEBUG [pool-7-thread-2] [o.j.o.l.LdapManager] Starting LDAP search for username 'focus'...
20201113-141442.694 DEBUG [pool-7-thread-2] [o.j.o.l.LdapManager] ... search finished for username 'focus'.
20201113-141442.695 DEBUG [pool-7-thread-2] [o.j.o.l.LdapManager] User DN based on username 'focus' not found.

Without an working focus user appering at the "Sessions" tab, the video bridge will not work at all: All rooms are managed by the focus user, it will create the rooms, and and manage the participants clients.

ChicagoJay commented 3 years ago

I think the log viewer problem has to do with Chrome, and one of my plugins. It's working fine in Firefox.

I reverted to my snapshot from before I installed Pade. I then installed the stock ofMeet plugin (which will not work with ofFocus, as ofFocus is now built into ofMeet) and my rooms are working again.

However, the whole point of this exercise is to get Breakout Rooms, which - it seems - Pade is the only way to get them.

Can I use Pade with the regular ofMeet plugin? (I'm about to find out). Answer - not really. OF got very confused. The plug-in system stopped working. I had to delete all the plugins, then I was able to install the Pade ones.

ChicagoJay commented 3 years ago

So, going back to the start, with the 3 Pade plugins loaded, I can again not open a room:


net.java.sip.communicator.service.protocol.OperationFailedException: Failed to join the room
at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.joinAs(ChatRoomImpl.java:298) ~[?:?]
at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.join(ChatRoomImpl.java:209) ~[?:?]
at org.jitsi.jicofo.JitsiMeetConferenceImpl.joinTheRoom(JitsiMeetConferenceImpl.java:581) ~[?:?]
at org.jitsi.jicofo.JitsiMeetConferenceImpl.start(JitsiMeetConferenceImpl.java:404) ~[?:?]
at org.jitsi.jicofo.FocusManager.conferenceRequest(FocusManager.java:477) ~[?:?]
at org.jitsi.jicofo.FocusManager.conferenceRequest(FocusManager.java:426) ~[?:?]
at org.jitsi.jicofo.FocusManager.conferenceRequest(FocusManager.java:401) ~[?:?]
at org.jitsi.jicofo.xmpp.FocusComponent.handleConferenceIq(FocusComponent.java:417) ~[?:?]
at org.jitsi.jicofo.xmpp.FocusComponent.handleIQSetImpl(FocusComponent.java:254) ~[?:?]
at org.jitsi.xmpp.component.ComponentBase.handleIQSet(ComponentBase.java:362) ~[?:?]
at org.xmpp.component.AbstractComponent.processIQRequest(AbstractComponent.java:524) ~[tinder-2.0.0.jar:?]
at org.xmpp.component.AbstractComponent.processIQ(AbstractComponent.java:291) [tinder-2.0.0.jar:?]
at org.xmpp.component.AbstractComponent.processQueuedPacket(AbstractComponent.java:239) [tinder-2.0.0.jar:?]
at org.xmpp.component.AbstractComponent.access$100(AbstractComponent.java:80) [tinder-2.0.0.jar:?]
at org.xmpp.component.AbstractComponent$PacketProcessor.run(AbstractComponent.java:1058) [tinder-2.0.0.jar:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at java.lang.Thread.run(Thread.java:832) [?:?]
Caused by: org.jivesoftware.smack.XMPPException$XMPPErrorException: XMPP error reply received from techtest@conference.d83.org/focus: XMPPError: not-allowed - cancel
at org.jivesoftware.smack.XMPPException$XMPPErrorException.ifHasErrorThenThrow(XMPPException.java:132) ~[?:?]
at org.jivesoftware.smack.StanzaCollector.nextResultOrThrow(StanzaCollector.java:263) ~[?:?]
at org.jivesoftware.smackx.muc.MultiUserChat.enter(MultiUserChat.java:355) ~[?:?]
at org.jivesoftware.smackx.muc.MultiUserChat.createOrJoin(MultiUserChat.java:498) ~[?:?]
at org.jivesoftware.smackx.muc.MultiUserChat.createOrJoin(MultiUserChat.java:444) ~[?:?]
at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.joinAs(ChatRoomImpl.java:240) ~[?:?]
... 17 more```

deleolajide commented 3 years ago

Can you please check your openfire client sessions and confirm it looks like this with a logged in focus user. Compare and report the client-ip for the focus user. Thanks

deleolajide commented 3 years ago

Also confirm you have disabled Windows NTLM authentication and enabled focus user to be a chat room admin

ChicagoJay commented 3 years ago

It's close to that:

Confirmed, that Windows NTLM Authentication is unchecked.

gjaekel commented 3 years ago

'''2020.11.16 12:51: BTW: You have to use ```, not ''' and you have to enter it on a separate line. Please refer to the common markdown docs.

gjaekel commented 3 years ago

Also confirm you have disabled Windows NTLM authentication and enabled focus user to be a chat room admin

deleolajide commented 3 years ago

This is the problem. Focus user is not registered on Openfire and Jitsi is using an anonymous connection instead

ChicagoJay commented 3 years ago

When I try to open a room, it asks me to authenticate (which is desired) and looks like this:

@deleolajide - I made sure there is a user, called focus, in my AD, and the password is confirmed. What else can I try? @gjaekel - I fixed the ``` - sorry! :)

ChicagoJay commented 3 years ago

I think I got it! The service account in AD was not within the search parameters (mail=*). I gave the account a fake email address, and now it is showing up as a user:

I restarted OF, and I'm in!!!

ChicagoJay commented 3 years ago

YES! This issue is CLOSED!

Thank you both for your help!

gjaekel commented 3 years ago

Great news! Feel free to contact me for further fine-tuning.

igniterealtime / openfire-pade-plugin

Can't open a new room #86

Session Details