fbartels 9 Posted November 24, 2018 Share Posted November 24, 2018 (edited) Hi, Prelude: I am trying to configure the ldap plugin for emby running on a synology nas. I wanted to use the "active directory server" package in synology to share users between the nas and emby. The ads on Synology only allows logins over ssl, but this does not work with emby either, since the ads is using a self signed ssl certificate, which is not know to emby. When trying to login the following error is logged: 2018-11-24 19:06:38.582 Error UserManager: Error authenticating with provider LDAP *** Error Report *** Version: 3.5.3.0 Command line: /var/packages/EmbyServer/target/server/EmbyServer.exe -package synology -programdata /var/packages/EmbyServer/target/var -ffmpeg /var/packages/EmbyServer/target/ffmpeg/bin/ffmpeg -ffprobe /var/packages/EmbyServer/target/ffmpeg/bin/ffprobe -restartexitcode 121 Operating system: Unix 4.4.59.0 64-Bit OS: True 64-Bit Process: True User Interactive: False Mono: 5.14.0.177 (tarball Sun Nov 4 20:48:29 UTC 2018) Processor count: 4 Program data path: /var/packages/EmbyServer/target/var Application directory: /volume1/@appstore/EmbyServer/releases/3.5.3.0 System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED at /source/mono/external/boringssl/ssl/handshake_client.c:1132 at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00038] in <2e58ecde50444b6baf2e884bbf90860c>:0 at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status) [0x0003e] in <2e58ecde50444b6baf2e884bbf90860c>:0 at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus) at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in <2e58ecde50444b6baf2e884bbf90860c>:0 at Mono.Net.Security.AsyncProtocolRequest+<ProcessOperation>d__24.MoveNext () [0x000ff] in <2e58ecde50444b6baf2e884bbf90860c>:0 --- End of stack trace from previous location where exception was thrown --- at Mono.Net.Security.AsyncProtocolRequest+<StartOperation>d__23.MoveNext () [0x0008b] in <2e58ecde50444b6baf2e884bbf90860c>:0 --- End of inner exception stack trace --- at Novell.Directory.Ldap.AsyncExtensions.WaitAndUnwrap (System.Threading.Tasks.Task task, System.Int32 timeout) [0x00036] in <a536c9104cea481e979954db10659c7f>:0 at Novell.Directory.Ldap.Connection.connect (System.String host, System.Int32 port, System.Int32 semaphoreId) [0x000c3] in <a536c9104cea481e979954db10659c7f>:0 at Novell.Directory.Ldap.Connection.connect (System.String host, System.Int32 port) [0x00000] in <a536c9104cea481e979954db10659c7f>:0 at Novell.Directory.Ldap.LdapConnection.Connect (System.String host, System.Int32 port) [0x0006a] in <a536c9104cea481e979954db10659c7f>:0 at LDAP.AuthenticationProvider+<Authenticate>d__11.MoveNext () [0x000dc] in <a536c9104cea481e979954db10659c7f>:0 --- End of stack trace from previous location where exception was thrown --- at Emby.Server.Implementations.Library.UserManager+<AuthenticateWithProvider>d__57.MoveNext () [0x0011b] in <8252e50122f84f82af882c36d707f6ce>:0 System.Security.Authentication.AuthenticationException at Novell.Directory.Ldap.AsyncExtensions.WaitAndUnwrap (System.Threading.Tasks.Task task, System.Int32 timeout) [0x00036] in <a536c9104cea481e979954db10659c7f>:0 at Novell.Directory.Ldap.Connection.connect (System.String host, System.Int32 port, System.Int32 semaphoreId) [0x000c3] in <a536c9104cea481e979954db10659c7f>:0 at Novell.Directory.Ldap.Connection.connect (System.String host, System.Int32 port) [0x00000] in <a536c9104cea481e979954db10659c7f>:0 at Novell.Directory.Ldap.LdapConnection.Connect (System.String host, System.Int32 port) [0x0006a] in <a536c9104cea481e979954db10659c7f>:0 at LDAP.AuthenticationProvider+<Authenticate>d__11.MoveNext () [0x000dc] in <a536c9104cea481e979954db10659c7f>:0 --- End of stack trace from previous location where exception was thrown --- at Emby.Server.Implementations.Library.UserManager+<AuthenticateWithProvider>d__57.MoveNext () [0x0011b] in <8252e50122f84f82af882c36d707f6ce>:0 InnerException: Mono.Btls.MonoBtlsException Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED at /source/mono/external/boringssl/ssl/handshake_client.c:1132 at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00038] in <2e58ecde50444b6baf2e884bbf90860c>:0 at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status) [0x0003e] in <2e58ecde50444b6baf2e884bbf90860c>:0 at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus) at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in <2e58ecde50444b6baf2e884bbf90860c>:0 at Mono.Net.Security.AsyncProtocolRequest+<ProcessOperation>d__24.MoveNext () [0x000ff] in <2e58ecde50444b6baf2e884bbf90860c>:0 --- End of stack trace from previous location where exception was thrown --- at Mono.Net.Security.AsyncProtocolRequest+<StartOperation>d__23.MoveNext () [0x0008b] in <2e58ecde50444b6baf2e884bbf90860c>:0 at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00038] in <2e58ecde50444b6baf2e884bbf90860c>:0 at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status) [0x0003e] in <2e58ecde50444b6baf2e884bbf90860c>:0 at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus) at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in <2e58ecde50444b6baf2e884bbf90860c>:0 at Mono.Net.Security.AsyncProtocolRequest+<ProcessOperation>d__24.MoveNext () [0x000ff] in <2e58ecde50444b6baf2e884bbf90860c>:0 --- End of stack trace from previous location where exception was thrown --- at Mono.Net.Security.AsyncProtocolRequest+<StartOperation>d__23.MoveNext () [0x0008b] in <2e58ecde50444b6baf2e884bbf90860c>:0 I already tried importing the the ca of the certificate into openssl, but this had no effect. I would therefore welcome the possibility to specify and additional root ca within emby to mark this connection as trusted. EDIT: for the moment I have worked around this with a small stunnel docker container Edited November 25, 2018 by fbartels Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now