I have a java client using javamail and google example code to connect to gmail IMAP server using a client secret and OAuth token. The issue is that about 1/3 of the time, the com.sun.mail.imap.IMAPStore.protocolConnect call fails with an AuthenticationFailedException: Invalid Credentials (Failure) exception.
In the log there are the following lines for each failure:
DEBUG IMAPS: SASL client XOAUTH2
DEBUG IMAPS: SASL callback length: 1
DEBUG IMAPS: SASL callback 0: javax.security.auth.callback.NameCallback#12cdcf4
DEBUG IMAPS: SASL no response
2023-01-04 08:45:55 WARN ImapStoreFactory.getImapStore.140 - Failed to authenticate to 74.125.142.108 after 5 attempts.
(I have a retry loop that backs off after each try up to 5 tries to see if that would help.)
The (partial) stack trace is:
javax.mail.AuthenticationFailedException: Authentication failed to 74.125.142.108 after 5 attempts.
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:732)
at javax.mail.Service.connect(Service.java:366)
at com.google.code.samples.oauth2.OAuth2Authenticator.connectToImap(OAuth2Authenticator.java:91)
The issue is the SASL no response from the server.
This same code, with the same credentials, works all the other times on the first connection attempt, including to the same IP address, both before and after the failed attempts.
imap.gmail.com resolves to (at least?) 24 different IP addresses that I have seen, and they are all open and accessible from the client machine.
I have tried connecting to a known IP address directly (as opposed to connecting to imap.gmail.com) but then I get a HTTPS certificate failure.
Any ideas as to why this is happening, or how to mitigate or work around would be appreciated.
Thanks!
Linus
15 minutes after login, when trying again to do authorization using keycloack-authz-client, I am receiving an exception: Caused by: java.net.SocketException: Connection reset.
Maybe some settings need to update from keycloak admin console or maybe from the Java configuration, I could not find any solution.
Has anyone encountered such problems?
I am trying to do authorization and expect to receive access and refresh tokens.
I want to force our office users to enter their LDAP credentials when connecting to the WiFi in our office. So I installed FreeRadius as instructed at:
Using FreeIPA and FreeRadius .
Using radtest, I can successfully authenticate against our FreeIPA server using PAP. Moving on I configured a WiFi connection on my Windows 10 laptop to use EAP-TTLS as the authentication method along with selecting PAP as the non-EAP method. Again I can successfully authenticate against our FreeIPA server when connecting to the WiFi AP. But I realize that is not safe since passwords are sent as clear-text.
So next I configured a WiFi connection on my Windows 10 laptop to use PEAP as the authentication method with EAP method of EAP-MSCHAP v2. But now authentication fails. An excerpt from the FreeRadius debug log shows:
(8) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password
(8) mschap: WARNING: No Cleartext-Password configured. Cannot create LM-Password
(8) mschap: Creating challenge hash with username: test55
(8) mschap: Client is using MS-CHAPv2
(8) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication
(8) mschap: ERROR: MS-CHAP2-Response is incorrect
I’m struggling to figure out a solution. I have found various configurations of eap, mschap & ldap files online but so far I have not solved my issue.
I’m not sure if I’m asking the right question but is the password hash sent by the Windows client incompatible with the password hash used by FreeIPA?
It turns out mschapv2 is a challenge response protocol, and that does not work with an LDAP bind in the basic configuration of FreeRadius.
However I did find a solution where FreeRadius looks up a user by their LDAP DN, then reads (not bind) the NTHash of the user. From there, FreeRADIUS is able to process the challenge response.
First permissions have to be given to service accounts:
https://fy.blackhats.net.au/blog/html/2015/07/06/FreeIPA:_Giving_permissions_to_service_accounts..html
After performing these steps users will need to change their password in order to generate an ipaNTHash.
Then configure FreeRadius to use mschapv2 with FreeIPA:
https://fy.blackhats.net.au/blog/html/2016/01/13/FreeRADIUS:_Using_mschapv2_with_freeipa.html
After completing all the steps described in both links, this radtest cli command should return an Access-Accept response.
radtest -t mschap <ldap-user-uid> <ldap-user-password> 127.0.0.1:1812 0 <FreeRadius-secret>
I am getting below error while sending test mail through outlook. SSL is disabled. While I am sending mail through Gmail it's OK, but not able to send mail through outlook because of below error:
com.sun.mail.smtp.SMTPSendFailedException: 530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM [MA1PR0101CA0012.INDPRD01.PROD.OUTLOOK.COM]
I have configured:
smtp server port: 587 and also checked 28
User Name and password also configured.
While searching through Google I saw to set;
edit file: "/etc/default/jenkins"
sudo vim /etc/default/jenkins
add the line:
JAVA_ARGS="-Djava.awt.headless=true -Dmail.smtp.starttls.enable=true" but I am not have etc in my program file/Jenkins. I assume if ssl is disabled then this is not the error.
I'm trying to use email sending in jenkins. I leave default values, click on 'Test configuration' button and get error:
Failed to send out e-mail
javax.mail.MessagingException: Could not connect to SMTP host:
localhost, port: 25; nested exception is: java.net.SocketException:
Permission denied: connect
at
com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1934)
at
com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:638)
What I missed? It's not working by default?
I configured Jenkins with my gmail account using the settings as given in the image below.
I had similar problem couldn't send email via zoho. The configurations were: SMPT TLS Zoho Configurations
I just need to change system admin address in jenkins configurations to the same one in email-notifications.
Here you can find the system admin e-mail:
Manage Jenkins -> Configure System -> Jenkins Location -> System Admin e-mail address
If anyone is still having issues with emails in Jenkins, a lot has changed since then.
If you have a custom domain name for g-mail and it requires a 2-step authentication to login, for example you#yourcompany.com,
SMTP server should still be smtp.gmail.com
Default user e-mail suffix should be #yourcompany.com
Because Google no longer allows you to simply use your default e-mail password to login via any outside apps, in this case Jenkins. It is a lot more secure to let Google create a custom password for Jenkins rather than turning off G-Mail's security features to allow Jenkins access to your account.
Create the App Password here:
https://security.google.com/settings/security/apppasswords
Use the generated password in Jenkins -> Configure Systems -> E-Mail Configuration
I was also struggling with this error. Here is how I resolved it.
1. Google account settings:
Go to Gmail account settings -> Forwarding and POP/IMAP -> IMAP Access -> Enable IMAP (This is to enable both IMAP & SMTP settings)
Check configuration details that are mentioned as:
Outgoing Mail (SMTP) Server: smtp.gmail.com
Requires SSL: Yes
Requires TLS: Yes (if available)
Requires Authentication: Yes
Port for SSL: 465
Port for TLS/STARTTLS: 587
(Rather than going with settings mentioned by anyone, please checkout your account for this info as settings/configurations keep on changing. )
2. Jenkins (2.121.3) settings:
Manage Jenkins -> Configure System -> Scroll down to E-mail Notification tab -> Advanced
Use SMTP Authentication: checked
User Name: <your gmail id>
Password: <your password>
Use SSL: checked
SMTP Port: 465
Reply-To Address: Optional (I left it blank. You can give any email id you want)
Charset: UTF-8
Enable "Test configuration by sending test e-mail", give test email id and hit "test configuration" button
NOTE:
Make sure you are connected to open network (that is not antivirus protected or antivirus may block your emails). I used my phone internet instead of office internet for testing this.
I didn't change any McAfee settings for doing this. Just switch your internet to open one.
There is no SMTP server running on localhost or you don't have the permission to connect to it.
Check the configuration of Jenkins.
You probably don't have SMTP running on your machine, which is the usual state for Windows or Mac servers.
To test this, use any known mail-server for that, for example - if you have a gmail account, try this:
SMTP server: smtp.gmail.com
Default user e-mail suffix: #something.something
Sender E-mail Address: your-mail#gmail.com
If planning to use the mail-notifications as part of your build-process,
it is best to set the SMTP properly, or maybe move the Jenkins/Hudson server to a machine that supports this.
Check if your provider blocks port 25.
In order to make a proper test
telnet smtp.gmail.com 25
If you receive an answer like this:
telnet: connect to address 74.125.206.108: Connection refused
You should go with smtp authentication as described in harikrishna-pai's answer
I had same issue and managed to resolved by following,
Generate Gmail App Password,
Gmail App
In Jenkins use the app password,
Jenkin's Configuration
I Had the same issue.
After witch hunting a lot, I found a solution as below:
even turn on - less secure apps, I was struggling since 6 hour.
the second option:
And go to
https://accounts.google.com/DisplayUnlockCaptcha
and click Continue.
this resolved the issue.
I had the same issue as i was using avast it blocked smtp mails so i disabled it and it worked