Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Can't get login to Meet: No Access

    Kopano Meet & WebMeetings
    3
    26
    1227
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • mniehren
      mniehren last edited by

      Hi,

      i am trying to setup kopano meet on self made linux system (LFS). After
      successfully setting up Kopano (i can login over webapp to Kopano), i followed
      the Youtube Video from Felix to setup Kopano-Meet.

      • Kopano-kwebd is running
      • Kopano-konnectd is runng
      • Kopano-grapi is running
      • Kopano-kavid is running
      • Kopano-Server is running

      If i call in the Browser the Meet-Link, i got an Login-Page like in the video.
      But i can not login. The credentials are ok, i always got the message:

      “Kein Zugriff”

      Sie haben keine Berechtigung für diese App. … bitten Sie den Administrator,
      den Zugriff freizuschalten.

      I see no errros in the Logs.
      Any ideas where to search for a solution ?

      best regards
      Michael

      fbartels longsleep 2 Replies Last reply Reply Quote 0
      • fbartels
        fbartels Kopano @mniehren last edited by

        Hi @mniehren,

        how exactly did you install and configure Meet? Did you compile it yourself (since you are running LFS) or are you using the (Docker) containers?

        It sounds like you are missing configured scopes.

        Regards Felix

        Resources:
        https://kopano.com/blog/how-to-get-kopano/
        https://documentation.kopano.io/
        https://kb.kopano.io/

        Support overview:
        https://kopano.com/support/

        1 Reply Last reply Reply Quote 0
        • mniehren
          mniehren last edited by

          Hi Felix,

          i compile kopano-core myself and use the binaries of kapid, konnectd, kwebd and
          kwmserverd from https://download.kopano.io/community/.

          Would it be better to compile them ?

          regards
          Michael

          1 Reply Last reply Reply Quote 0
          • longsleep
            longsleep Kopano @mniehren last edited by longsleep

            @mniehren said in Can't get login to Meet: No Access:

            But i can not login. The credentials are ok, i always got the message:

            “Kein Zugriff”

            Sie haben keine Berechtigung für diese App. … bitten Sie den Administrator,
            den Zugriff freizuschalten.

            This error means, that the access token does not grant the requires scopes for the given app. In your case Meet requires at the very least the kopano/kwm scope. It requests it from Konnect, and Konnect only grants scopes it knows about (for security reasons).

            Configure scopes in Konnect via the scopes.yaml file (–identifier-scopes-conf commandline parameter). Lilke so for example:

            ---
            scopes:
              kopano/kwm:
                description: "Access Kopano Webmeetings"
            
              kopano/kvs:
                description: "Access Kopano Key Value Store"
            
              kopano/gc:
                description: "Access Kopano Groupware"
            
              kopano/pubs:
                description: "Access Kopano Pubs"
            

            These are all the scopes which potentially can be used by Meet. @fbartels no idea if we have this somwhere in instructions / README if someone installs everything from source.

            1 Reply Last reply Reply Quote 0
            • mniehren
              mniehren last edited by

              Hi longsleep,

              that’s it, many thanks for you help, it runs !!!

              It would be nice to see that in the documentation.

              so, for now i will take a long sleep ;-)

              best regards
              Michael

              1 Reply Last reply Reply Quote 0
              • mniehren
                mniehren last edited by

                Sorry, one more issue.

                After successfully login into meet, i don’t got the contacts with the error:
                Failed to fetch contacts: Unexpected Status 502

                Should i see at this position the GAB ?

                in webapp i see all the users in the GAB.

                best regards
                Michael

                fbartels 1 Reply Last reply Reply Quote 0
                • fbartels
                  fbartels Kopano @mniehren last edited by

                  Hi @mniehren,

                  that sounds like grapi is not yet properly configured. You can for example have a look how the components are set up at https://github.com/zokradonh/kopano-docker and then copy the config values.

                  Regards Felix

                  Resources:
                  https://kopano.com/blog/how-to-get-kopano/
                  https://documentation.kopano.io/
                  https://kb.kopano.io/

                  Support overview:
                  https://kopano.com/support/

                  1 Reply Last reply Reply Quote 0
                  • mniehren
                    mniehren last edited by

                    Hi Felix,

                    thanks again for you help.
                    I found my bug, grapi was not startet with --insecure. Now the error of fetching contacts
                    is gone.
                    But i still see no contacts in Meet, neither the other kopano-users nor the contacts i
                    have added in the webapp. Do you have a tip, where to search ?

                    By the way, where can i find the mail-webapp and the contacts-webapp to where
                    the Links in Meet leads. I can only find the calendar-webapp in the kopano-calendar
                    package ?

                    best regards
                    Michael

                    fbartels longsleep 2 Replies Last reply Reply Quote 0
                    • fbartels
                      fbartels Kopano @mniehren last edited by

                      @mniehren said in Can't get login to Meet: No Access:

                      grapi was not startet with --insecure

                      For a production deployment the usage of --insecure is not recommended. Instead you should make sure that certificates are trusted by all involved systems.

                      @mniehren said in Can't get login to Meet: No Access:

                      neither the other kopano-users nor the contacts i have added in the webapp

                      Even it it would work, you would only see users that are part of your gab. Meet does not show contacts from your personal contacts.

                      @mniehren said in Can't get login to Meet: No Access:

                      where can i find the mail-webapp and the contacts-webapp

                      These currently only exist as internal prototypes. The goal is to next properly release the calendar app and then probably get back to one of the others.

                      @mniehren said in Can't get login to Meet: No Access:

                      Do you have a tip, where to search ?

                      How about the logging of Kapi and Grapi?

                      Regards Felix

                      Resources:
                      https://kopano.com/blog/how-to-get-kopano/
                      https://documentation.kopano.io/
                      https://kb.kopano.io/

                      Support overview:
                      https://kopano.com/support/

                      1 Reply Last reply Reply Quote 0
                      • longsleep
                        longsleep Kopano @mniehren last edited by

                        @mniehren said in Can't get login to Meet: No Access:

                        But i still see no contacts in Meet, neither the other kopano-users nor the contacts i
                        have added in the webapp. Do you have a tip, where to search ?

                        Maybe there are more than 100 users? If so Meet does not pre-load any contacts and waits for search input.

                        1 Reply Last reply Reply Quote 0
                        • mniehren
                          mniehren last edited by

                          @longsleep: there are only 2 users, it’s a test environment

                          @fbartels

                          nothing in the grapi and kapid.log:

                          Insert Code Here2020-05-06_07:31:05.76403 INFO: 2020-05-06 09:31:05,763 - 3527 - starting kopano-mfr
                          2020-05-06_07:31:05.79599 INFO: 2020-05-06 09:31:05,795 - 3542 - starting notify worker: unix:/var/run/kopano-grapi/notify.sock
                          2020-05-06_07:31:06.13779 INFO: 2020-05-06 09:31:06,137 - 3534 - starting rest worker: unix:/var/run/kopano-grapi/rest0.sock
                          2020-05-06_07:31:06.17965 INFO: 2020-05-06 09:31:06,179 - 3538 - starting rest worker: unix:/var/run/kopano-grapi/rest4.sock
                          2020-05-06_07:31:06.18991 INFO: 2020-05-06 09:31:06,189 - 3535 - starting rest worker: unix:/var/run/kopano-grapi/rest1.sock
                          2020-05-06_07:31:06.19917 INFO: 2020-05-06 09:31:06,198 - 3539 - starting rest worker: unix:/var/run/kopano-grapi/rest5.sock
                          2020-05-06_07:31:06.21167 INFO: 2020-05-06 09:31:06,211 - 3536 - starting rest worker: unix:/var/run/kopano-grapi/rest2.sock
                          2020-05-06_07:31:06.21863 INFO: 2020-05-06 09:31:06,218 - 3537 - starting rest worker: unix:/var/run/kopano-grapi/rest3.sock
                          2020-05-06_07:31:06.22769 INFO: 2020-05-06 09:31:06,227 - 3541 - starting rest worker: unix:/var/run/kopano-grapi/rest7.sock
                          2020-05-06_07:31:06.29234 INFO: 2020-05-06 09:31:06,292 - 3540 - starting rest worker: unix:/var/run/kopano-grapi/rest6.sock
                          
                          
                          I2020-05-06_07:31:05.94470 time="2020-05-06T09:31:05+02:00" level=warning msg="received signal" signal=terminated
                          2020-05-06_07:31:05.94470 time="2020-05-06T09:31:05+02:00" level=info msg="clean server shutdown start"
                          2020-05-06_07:31:05.94484 time="2020-05-06T09:31:05+02:00" level=debug msg="grapi: close"
                          2020-05-06_07:31:05.94484 time="2020-05-06T09:31:05+02:00" level=debug msg="kvs: close"
                          2020-05-06_07:31:05.94497 time="2020-05-06T09:31:05+02:00" level=debug msg="http listener stopped"
                          2020-05-06_07:31:05.94497 time="2020-05-06T09:31:05+02:00" level=debug msg="pubs: close"
                          2020-05-06_07:31:06.29881 time="2020-05-06T09:31:06+02:00" level=info msg="serve start"
                          2020-05-06_07:31:06.29882 time="2020-05-06T09:31:06+02:00" level=info msg="loading plugins from /usr/lib/kopano/kapi-plugins"
                          2020-05-06_07:31:06.29882 time="2020-05-06T09:31:06+02:00" level=debug msg="all plugins enabled"
                          2020-05-06_07:31:06.29884 time="2020-05-06T09:31:06+02:00" level=warning msg="insecure mode, TLS client connections are susceptible to man-in-the-middle attacks"
                          2020-05-06_07:31:06.29885 time="2020-05-06T09:31:06+02:00" level=debug msg="http2 client support is disabled (insecure mode)"
                          2020-05-06_07:31:06.31357 time="2020-05-06T09:31:06+02:00" level=info msg="plugin loaded: /usr/lib/kopano/kapi-plugins/grapi.so" build="2020-05-05T12:46:41Z" plugin=grapi version=
                          2020-05-06_07:31:06.32215 time="2020-05-06T09:31:06+02:00" level=info msg="plugin loaded: /usr/lib/kopano/kapi-plugins/kvs.so" build="2020-05-05T12:46:41Z" plugin=kvs version=
                          2020-05-06_07:31:06.33194 time="2020-05-06T09:31:06+02:00" level=info msg="plugin loaded: /usr/lib/kopano/kapi-plugins/pubs.so" build="2020-05-05T12:46:41Z" plugin=pubs version=
                          2020-05-06_07:31:06.33195 time="2020-05-06T09:31:06+02:00" level=info msg="plugin registered" plugin=grapi
                          2020-05-06_07:31:06.33195 time="2020-05-06T09:31:06+02:00" level=info msg="plugin registered" plugin=kvs
                          2020-05-06_07:31:06.33197 time="2020-05-06T09:31:06+02:00" level=info msg="plugin registered" plugin=pubs
                          2020-05-06_07:31:06.33197 time="2020-05-06T09:31:06+02:00" level=info msg="serve started"
                          2020-05-06_07:31:06.33201 time="2020-05-06T09:31:06+02:00" level=debug msg="grapi: initialize"
                          2020-05-06_07:31:06.33206 time="2020-05-06T09:31:06+02:00" level=info msg="grapi: access requirements set up" required_scopes="[profile email kopano/gc]"
                          2020-05-06_07:31:06.33215 time="2020-05-06T09:31:06+02:00" level=debug msg="grapi: looking for proxy rest*.sock files in /var/run/kopano-grapi"
                          2020-05-06_07:31:06.33217 time="2020-05-06T09:31:06+02:00" level=info msg="kvs: access requirements set up" required_scopes="[kopano/kvs]"
                          2020-05-06_07:31:06.33220 time="2020-05-06T09:31:06+02:00" level=debug msg="kvs: initialize"
                          2020-05-06_07:31:06.33224 time="2020-05-06T09:31:06+02:00" level=debug msg="grapi: looking for proxy notify*.sock files in /var/run/kopano-grapi"
                          2020-05-06_07:31:06.33295 time="2020-05-06T09:31:06+02:00" level=debug msg="kv: database version: 1 dirty: false"
                          2020-05-06_07:31:06.33317 time="2020-05-06T09:31:06+02:00" level=debug msg="kvs: store initialize complete"
                          2020-05-06_07:31:06.33345 time="2020-05-06T09:31:06+02:00" level=warning msg="pubs: using random secret key"
                          2020-05-06_07:31:06.33350 time="2020-05-06T09:31:06+02:00" level=info msg="pubs: access requirements set up" required_scopes="[kopano/pubs]"
                          2020-05-06_07:31:06.33354 time="2020-05-06T09:31:06+02:00" level=debug msg="pubs: initialize with 512 bits HMAC-SHA256 key" broadcast="aY99IMWAUidK8yZfS8H1mmRRbNA3EzQ8VvQAtDeLq8U="
                          2020-05-06_07:31:06.34633 time="2020-05-06T09:31:06+02:00" level=debug msg="OIDC provider initialized" iss="https://kopano2.tuxlan.de"
                          2020-05-06_07:31:06.34634 time="2020-05-06T09:31:06+02:00" level=info msg="starting http listener" listenAddr="127.0.0.1:8039"
                          2020-05-06_07:31:06.34641 time="2020-05-06T09:31:06+02:00" level=info msg="ready to handle requests"
                          2020-05-06_07:31:07.33322 time="2020-05-06T09:31:07+02:00" level=debug msg="grapi: found 1 notify*.sock upstream proxy workers"
                          2020-05-06_07:31:07.33324 time="2020-05-06T09:31:07+02:00" level=debug msg="grapi: enabled subscription proxy"
                          2020-05-06_07:31:07.33351 time="2020-05-06T09:31:07+02:00" level=debug msg="grapi: found 8 rest*.sock upstream proxy workers"
                          2020-05-06_07:31:07.33352 time="2020-05-06T09:31:07+02:00" level=debug msg="grapi: enabled default api proxy"
                          

                          The GAB seems to be ok, i see in the Webapp the 2 users (michael, edgar) and SYSTEM and Everyone …

                          best regards
                          Michael

                          1 Reply Last reply Reply Quote 0
                          • mniehren
                            mniehren last edited by

                            i found it, the hidden-Flag in the LDAP-Database was not set correctly,

                            after fixing i see entries in the GAB

                            thanks for your help
                            Michael

                            1 Reply Last reply Reply Quote 0
                            • mniehren
                              mniehren last edited by mniehren

                              maybe 1 last problem left.

                              I try to configure guest support in meet according to the description in
                              “Special configuration”

                              Everything works until i create an config.json file. If i call the Meet-Link in the browser,
                              i only see “prepare (Vorbereiten)” and nothing more happens.

                              First i copy from config.json.in:

                              {
                                "apiPrefix": "/api/gc/v1",
                                "oidc": {
                                  "iss": "",
                                  "clientID": ""
                                },
                                "kwm": {
                                  "url": ""
                                },
                                "guests": {
                                        "enabled": true,
                                        "default": null
                                },
                                "disableFullGAB": false
                              }
                              

                              But i don’t know, what other value has to be there (iss is clear).

                              so i tried only

                              {
                                "guests": {
                                  "enabled": "true"
                                }
                              }
                              

                              same result, even if i put an empty config.json nothing is changed.

                              As soon as i delete the file, the login prompt arrives.

                              I put the file under /usr/share/kopano-meet/config/kopano/meet.json as my
                              web_root in kwebd is /usr/share/kopano-meet. Is that right ?

                              Again, nothing in the logs.

                              Could you help ?

                              best regards
                              Michael

                              1 Reply Last reply Reply Quote 0
                              • mniehren
                                mniehren last edited by

                                i see in the request-log of kwebd the following:

                                192.168.70.10 - - [07/May/2020:08:52:25 +0200] "GET /api/config/v1/kopano/meet/config.json HTTP/2.0" 200 158 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.114 Safari/537.36"
                                192.168.70.10 - - [07/May/2020:08:52:26 +0200] "GET /api/config/v1/kopano/meet/config.json HTTP/2.0" 200 158 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.114 Safari/537.36"
                                192.168.70.10 - - [07/May/2020:08:52:28 +0200] "GET /api/config/v1/kopano/meet/config.json HTTP/2.0" 200 158 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.114 Safari/537.36"
                                192.168.70.10 - - [07/May/2020:08:52:31 +0200] "GET /api/config/v1/kopano/meet/config.json HTTP/2.0" 200 158 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.114 Safari/537.36"
                                192.168.70.10 - - [07/May/2020:08:52:36 +0200] "GET /api/config/v1/kopano/meet/config.json HTTP/2.0" 200 158 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.114 Safari/537.36"
                                192.168.70.10 - - [07/May/2020:08:52:41 +0200] "GET /api/config/v1/kopano/meet/config.json HTTP/2.0" 200 158 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.114 Safari/537.36"
                                192.168.70.10 - - [07/May/2020:08:52:46 +0200] "GET /api/config/v1/kopano/meet/config.json HTTP/2.0" 200 158 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.114 Safari/537.36"
                                192.168.70.10 - - [07/May/2020:08:52:51 +0200] "GET /api/config/v1/kopano/meet/config.json HTTP/2.0" 200 158 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.114 Safari/537.36"
                                192.168.70.111 - - [07/May/2020:08:52:53 +0200] "GET /.well-known/openid-configuration HTTP/1.1" 200 524 "-" "Go-http-client/1.1"
                                192.168.70.111 - - [07/May/2020:08:52:53 +0200] "GET /konnect/v1/jwks.json HTTP/1.1" 200 410 "-" "Go-http-client/1.1"
                                192.168.70.10 - - [07/May/2020:08:52:56 +0200] "GET /api/config/v1/kopano/meet/config.json HTTP/2.0" 200 158 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.114 Safari/537.36"
                                192.168.70.10 - - [07/May/2020:08:53:01 +0200] "GET /api/config/v1/kopano/meet/config.json HTTP/2.0" 200 158 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.114 Safari/537.36"
                                192.168.70.10 - - [07/May/2020:08:53:06 +0200] "GET /api/config/v1/kopano/meet/config.json HTTP/2.0" 200 158 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.114 Safari/537.36"
                                
                                
                                1 Reply Last reply Reply Quote 0
                                • fbartels
                                  fbartels Kopano last edited by

                                  Hi @mniehren,

                                  did you have a look at the example deployment I’ve linked to above?

                                  The document you have pasted here looks ok and also parses as valid json. It would be interesting to know what your browser reports (in the network console) when loading it. are there any others errors in there?

                                  This is the config we are using for the public service: https://use.meet-app.io/api/config/v1/kopano/meet/config.json

                                  Regards Felix

                                  Resources:
                                  https://kopano.com/blog/how-to-get-kopano/
                                  https://documentation.kopano.io/
                                  https://kb.kopano.io/

                                  Support overview:
                                  https://kopano.com/support/

                                  1 Reply Last reply Reply Quote 0
                                  • mniehren
                                    mniehren last edited by mniehren

                                    in the Web-Console of Firefox i see

                                    Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.  config.json
                                    failed to fetch config: Error: unexpected Content-Type, retrying in 5000ms actions.js:111:22
                                    Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.  config.json
                                    failed to fetch config: Error: unexpected Content-Type, retrying in 5000ms actions.js:111:22
                                    

                                    Network show’s only

                                    	config.json	fetch	plain	636 B	237 B	2 ms  200	GET kopano2.tuxlan.de
                                    	config.json	fetch	plain	636 B	237 B	8 ms200 	GET kopano2.tuxlan.de
                                    	config.json	fetch	plain	636 B	237 B	2 ms
                                    

                                    and so on

                                    nothing else

                                    I tried it with Firefox under Linux and Win7 and with Vivaldi unter Linux

                                    fbartels 1 Reply Last reply Reply Quote 0
                                    • mniehren
                                      mniehren last edited by

                                      here are some screenshots from the vivaldi console …vivaldi1.png
                                      vivaldi2.png vivaldi3.png vivaldi4.png

                                      1 Reply Last reply Reply Quote 0
                                      • fbartels
                                        fbartels Kopano @mniehren last edited by fbartels

                                        @mniehren said in Can't get login to Meet: No Access:

                                        The connection to the site is untrustworthy

                                        Why is the connection untrustworthy?

                                        @mniehren said in Can't get login to Meet: No Access:

                                        failed to fetch config: Error: unexpected Content-Typ

                                        The kweb package has a dependency on the mailcap package. this package provides identification for the various mime types. you seem be be missing this.

                                        PS: your screenshots are tiny and not really readable. but copy pasting error messages from screenshots is a pain anyways. https://birdeatsbug.com/ produces a nice browser extension to more easily debug web applications. for one it offers the ability to record what is exactly going on on the screen.

                                        Regards Felix

                                        Resources:
                                        https://kopano.com/blog/how-to-get-kopano/
                                        https://documentation.kopano.io/
                                        https://kb.kopano.io/

                                        Support overview:
                                        https://kopano.com/support/

                                        longsleep 1 Reply Last reply Reply Quote 0
                                        • longsleep
                                          longsleep Kopano @fbartels last edited by

                                          @fbartels said in Can't get login to Meet: No Access:

                                          The kweb package has a dependency on the mailcap package. this package provides identification for the various mime types. you seem be be missing this.

                                          Technically kweb serves static file content type by looking at the extension and then resolving a mime type by looking at the /etc/mime.types file. So make sure that file exists and includes json.

                                          cat /etc/mime.types|grep json
                                          application/json                                json
                                          

                                          On Debian and its derivates this can for example be achieved by installing the mime-support package.

                                          1 Reply Last reply Reply Quote 0
                                          • mniehren
                                            mniehren last edited by

                                            Great, now i got an login again.

                                            thanks for you help
                                            Michael

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post