[04:37:37]
<iMattau_> Maranda (Aria Network): Seem to be having some issues connecting to Metronome on port 5223... Anything I should be looking for in the setup?
[06:52:52]
<Maranda> https://metronome.im/documentation/configuration/direct-tls
[10:27:45]
<iMattau_> Yeah... tried that... Still not allowing connections
[10:29:00]
<iMattau_> And that goes in the main metronome.cfg.lua file?
[10:35:50]
<Maranda (Aria Network)> Yep
[10:36:06]
<Maranda (Aria Network)> iMattau_: did you configure the direct TLS SRV records?
[10:37:07]
<iMattau_> Yep.. just had to delete the 5223 before as it was stopping clients from logging in, when they automatically chose Direct TLS
[10:37:49]
<iMattau_> Problem is that everything is failing silently
[10:38:39]
<Maranda> what does: ss -pln | grep 5223
[10:38:41]
<Maranda> shows?
[10:39:01]
<iMattau_> Is that like nmap?
[10:39:18]
<Maranda> iMattau_, run it on a shell in your yunohost instance
[10:39:55]
<Maranda> I want to check if Metronome is actually listening on the port or not.
[10:40:58]
<Maranda> if it does probably you didn't allow traffic on the port on your firewall.
[10:42:38]
<Maranda (Aria Network)> > <@_bifrost_imattau_=40projections.lightwitch.org:services.aria-net.org> Is that like nmap?
And no https://man7.org/linux/man-pages/man8/ss.8.html
[10:42:39]
<iMattau_> https://xmpp-upload.dcentralisedmedia.com/upload/yuWp9xOFEVfu5358/20210204_214238257_dbd3.jpg
[10:44:10]
<Maranda> @version dcentralisedmedia.com
[10:44:12]
<Echo1> Maranda: dcentralisedmedia.com is running Metronome version 3.14.1 on Linux
[10:44:42]
<iMattau_> Port 5223 is showing as open when running the firewall list command
[10:51:14]
<Maranda> iMattau_, I see no direct tls SRV records said so, there's a TLS misconfiguration
[10:51:26]
<Maranda> SSL_ERROR_NO_CYPHER_OVERLAP
[10:51:30]
<iMattau_> I just had to put them back now
[10:51:39]
<iMattau_> They were deleted before
[10:51:52]
<Maranda> curl https://dcentralisedmedia.com:5223
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
[10:53:10]
<iMattau_> Might take a few minutes for them to propagate again
[10:53:32]
<Maranda> An easy way to test is opening in a browser (firefox outputs everything), if it works you're supposed to either see an invalid HTTP error or:
<?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' id='' version='1.0' xmlns='jabber:client'><stream:error><not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>
[10:54:10]
<Maranda (Aria Network)> > <@_bifrost_imattau_=40projections.lightwitch.org:services.aria-net.org> Might take a few minutes for them to propagate again
don't matter for testing in a browser
[10:54:28]
<iMattau_> Ok
[10:54:29]
<Maranda (Aria Network)> it might also help to see your actual configuration.
[11:01:43]
<Maranda> But I think the culprit is that the certificate configuration is wrong or the certificate is not correctly chained.
[18:15:16]
<Elzen> Hi there. I'm using YunoHost, but I'd rather have a distinct password for XMPP than for other apps for my personal account. Is there a way to configure Metronome to not use LDAP for a specific account?
[19:30:44]
<Maranda> Elzen: not on the same host
[19:32:52]
<Elzen> Okay, so I need to fully disconnect Metronome from the LDAP? (I'm almost the only one using this server anyway, so it shouldn't be much of a problem)
[19:51:01]
<Maranda (Aria Network)> Not exactly you can have a domain where you don't use LDAP auth backend
[19:52:03]
<Maranda (Aria Network)> But that'll be unconfigurable and not manageable from within YuNoHost
[20:14:11]
<iMattau_> > Elzen wrote:
> Hi there. I'm using YunoHost, but I'd rather have a distinct password for XMPP than for other apps for my personal account. Is there a way to configure Metronome to not use LDAP for a specific account?
One option could be to add a new user, just for XMPP.. Turn off the email quota, and create a new user group just for that account, which only uses XMPP...
That might achieve what you want, without messing up Yunohost... ?
[20:15:55]
<iMattau_> Elzen wrote: > Hi there. I'm using YunoHost, but I'd rather have a distinct password for XMPP than for other apps for my personal account. Is there a way to configure Metronome to not use LDAP for a specific account? One option could be to add a new user, just for XMPP.. Turn off the email quota, and create a new user group just for that account, which only uses XMPP... That might achieve what you want, without messing up Yunohost... ?
[20:17:37]
<iMattau_> Elzen: More information on groups here -> https://yunohost.org/#/groups_and_permissions