I've upgraded my ejabberd to 17.04-4 (debian 8 packages from apt.jabber.at), and cannot connect to other XMPP servers anymore. The log contains:
@ejabberd_s2s_out:init:292 Outbound s2s connection started: cweiske.de -> jabber.org @ejabberd_s2s_out:handle_auth_failure:242 (tls|<0.997.0>) Failed outbound s2s EXTERNAL authentication cweiske.de -> jabber.org (208.68.163.218): Authentication failed: Peer provided no SASL mechanisms @ejabberd_s2s_out:process_auth_result:134 Failed to establish outbound s2s connection cweiske.de -> jabber.org: authentication failed; bouncing for 216 seconds
I have no SSL problems when connecting to the server as a client, and my letsencrypt certificate file I'm using for ejabberd is a combination of privkey.pem + fullchain.pem.
What could the reason for this error be?
Maybe that package includes a
Maybe that package includes a configuration file with some options enabled that are too restrictive, specifically s2s options, and more specific I mean s2s_use_starttls. Check what options you have enabled regarding s2s, and try to desactivate them. Once you find which one is relevant to your problem, you decide if it's a serious problem that requires a proper fix, or you don't both about reducing the strictness of that option.
Another thing to look is how many servers have you problem connecting. If it's several ones, check what software they run.
And last, it may happen that you found a bug in ejabberd or jabber.org's software.
Here is the solution:
Here is the solution:https://github.com/processone/ejabberd/issues/1700
Simply, enable mod_s2s_dialback: {} in the modules section of ejabberd configuration.
I have the same problem.
I have the same problem. Isn't using mod_s2s_dialback not solving the real problem?
Is it preferred to use SASL? I'm trying to understand the best-practice here.
Here is the solution:https://github.com/processone/ejabberd/issues/1700
Simply, enable mod_s2s_dialback: {} in the modules section of ejabberd configuration.
And mod_legacy_auth: {}
And mod_legacy_auth: {} enable bunch of old servers, on behalf with s2s_use_starttls: optional