Failed to authenticate with ma1sd Identity Server, but ma1sd logs tell me successfull to authenticate
s0p4LiN opened this issue · comments
Operating system
Windows 10 v19043.1387
Browser information
Google Chrome v96.0.4664.93
URL for webapp
Application version
Element version v1.9.6
Homeserver
Steps to reproduce
I have a working Matrix / Element chat server.
I want to use the password_provider: rest_auth_provider.RestAuthProvider
instead of the ldap_auth_provider.LdapAuthProvider
.
It will be working with ma1sd service.
Outcome
What did you expect?
Login with the Active Directory Credentials then use the Element chat.
What happened instead?
Failed to authenticate.
Here's the screenshot showing successful login with ma1sd and not successful from the Element web:
I did then a strace
command to follow the issue that may not appear in the default log file:
strace -f -s 200 -p PID
When I try to login:
[pid 8168] write(7, "2021-12-13 11:42:22,991 - synapse.rest.client.login - 267 - INFO - POST-18 - Got login request with identifier: {'type': 'm.id.user', 'user': 'user user'}, medium: None, address: None, user: None\n", 200) = 200
[pid 8168] write(7, "2021-12-13 11:42:22,991 - rest_auth_provider - 46 - INFO - POST-18 - Got password check for @user user:matrix-labo.company.lan\n", 133) = 133
[pid 8168] write(7, "2021-12-13 11:42:23,009 - rest_auth_provider - 58 - INFO - POST-18 - User not authenticated\n", 92) = 92
[pid 8168] write(7, "2021-12-13 11:42:23,013 - synapse.handlers.auth - 967 - WARNING - POST-18 - Attempted to login as @user user:matrix-labo.company.lan but they do not exist\n", 161) = 161
[pid 8168] getpid() = 8168
I found out that it was trying to connect with the Common Name instead of the sAMAccountName.
I change the ma1sd config file and change the name: value
attribute:
uid:
type: 'uid'
value: 'sAMAccountName'
#name: 'cn'
name: 'sAMAccountName'
Then the log strace show me now it try to log with the sAMAccountName:
[pid 10211] write(7, "2021-12-13 12:04:02,236 - synapse.rest.client.login - 267 - INFO - POST-16 - Got login request with identifier: {'type': 'm.id.user', 'user': 'user'}, medium: None, address: None, user: None\n", 194) = 194
[pid 10211] write(7, "2021-12-13 12:04:02,236 - rest_auth_provider - 46 - INFO - POST-16 - Got password check for @user:matrix-labo.company.lan\n", 127) = 127
[pid 10211] write(7, "2021-12-13 12:04:02,254 - rest_auth_provider - 62 - INFO - POST-16 - User @user:matrix-labo.company.lan authenticated\n", 123) = 123
[pid 10211] write(7, "2021-12-13 12:04:02,257 - rest_auth_provider - 76 - INFO - POST-16 - User @user:matrix-labo.company.lan already exists, registration skipped\n", 146) = 146
[pid 10211] write(7, "2021-12-13 12:04:02,257 - rest_auth_provider - 79 - INFO - POST-16 - Handling profile data\n", 91) = 91
[pid 10211] write(7, "2021-12-13 12:04:02,258 - synapse.handlers.auth - 2074 - WARNING - POST-16 - Failed to run module API callback <function load_single_legacy_password_auth_provider.<locals>.async_wrapper.<locals>.wrapp"..., 279) = 279
But now it gives me a API Module error.
In the chrome network dev tools, it return me a Forbidden error on the Headers
And it return in the Response
{"errcode":"M_FORBIDDEN","error":"Invalid password"}
Below are my configuration files:
- Matrix config file:
modules:
pid_file: "/var/run/matrix-synapse.pid"
public_baseurl: https://matrix-labo.company.lan/
presence:
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
bind_addresses: ['::1', '127.0.0.1']
resources:
- names: [client, federation]
compress: false
manhole_settings:
limit_usage_by_mau: false
mau_stats_only: false
limit_remote_rooms:
templates:
retention:
caches:
per_cache_factors:
database:
name: psycopg2
txn_limit: 10000
args:
user: synapse_test_user
password: password
database: synapse_db_test
host: 192.168.1.10
port: 5432
cp_min: 5
cp_max: 10
log_config: "/etc/matrix-synapse/log.yaml"
media_store_path: "/var/lib/matrix-synapse/media"
max_upload_size: 50M
url_preview_accept_language:
oembed:
enable_registration: false
registration_shared_secret: secret_pass
enable_set_displayname: false
metrics_flags:
room_prejoin_state:
macaroon_secret_key: secret_pass2
signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
old_signing_keys:
trusted_key_servers:
- server_name: "matrix.org"
saml2_config:
sp_config:
user_mapping_provider:
config:
oidc_providers:
cas_config:
sso:
password_config:
policy:
ui_auth:
email:
push:
user_directory:
search_all_users: true
stats:
opentracing:
redis:
password_providers:
- module: "rest_auth_provider.RestAuthProvider"
config:
endpoint: "http://192.168.1.20:8090"
- Mas1d config file
matrix:
domain: 'matrix-labo.company.lan'
v1: false
v2: true
enable_registration: false
key:
path: '/var/lib/ma1sd/keys'
storage:
provider:
sqlite:
database: '/var/lib/ma1sd/store.db'
ldap:
enabled: true
lookup: true
activeDirectory: true
defaultDomain: 'company.lan'
connection:
host: 'ad-01.company.lan'
port: 389
bindDn: 'cn=admin.user,ou=Users,dc=company,dc=lan'
bindPassword: 'password'
baseDNs:
- 'ou=Users,dc=company,dc=lan'
attribute:
uid:
type: 'uid'
value: 'sAMAccountName'
name: 'cn'
hashing:
enabled: true
pepperLength: 20
rotationPolicy: per_requests
hashStorageType: sql
algorithms:
- sha256
requests: 10
logging:
root: error
app: info
requests: false
- Element config file
{
"default_server_config": {
"m.homeserver": {
"base_url": "https://matrix-labo.company.lan",
"server_name": "matrix-labo.company.lan"
},
"m.identity_server": {
"base_url": "https://vector.im"
}
},
"disable_custom_urls": true,
"disable_guests": true,
"disable_login_language_selector": false,
"disable_3pid_login": true,
"brand": "Element Labo",
"integrations_ui_url": "",
"integrations_rest_url": "",
"integrations_widgets_urls": [
"https://scalar.vector.im/_matrix/integrations/v1",
"https://scalar.vector.im/api",
"https://scalar-staging.vector.im/_matrix/integrations/v1",
"https://scalar-staging.vector.im/api",
"https://scalar-staging.riot.im/scalar/api"
],
"bug_report_endpoint_url": "https://element.io/bugreports/submit",
"defaultCountryCode": "GB",
"showLabsSettings": false,
"features": { },
"default_federate": true,
"default_theme": "light",
"roomDirectory": {
"servers": [
"matrix.org"
]
},
"piwik": {
"url": "https://piwik.riot.im/",
"whitelistedHSUrls": ["https://matrix.org"],
"whitelistedISUrls": ["https://vector.im", "https://matrix.org"],
"siteId": 1
},
"enable_presence_by_hs_url": {
"https://matrix.org": false,
"https://matrix-client.matrix.org": false
},
"settingDefaults": {
"breadcrumbs": true
},
"jitsi": {
"preferredDomain": "jitsi.riot.im"
}
}
- Nginx config file (Matrix / Mas1d)
server {
listen 80;
server_name matrix-labo.company.lan;
return 301 https://matrix-labo.company.lan$request_uri;
}
server {
listen 443 ssl;
server_name matrix-labo.company.lan;
ssl_certificate /etc/ssl/certs/matrix-labo.pem;
ssl_certificate_key /etc/ssl/certs/matrix-labo-privkey.pem;
location /_matrix/client/r0/login {
proxy_pass http://localhost:8090;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
# location /_matrix/client/r0/user_directory {
# proxy_pass http://localhost:8090/_matrix/client/r0/user_directory;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $remote_addr;
# }
location /_matrix/identity {
proxy_pass http://localhost:8090/_matrix/identity;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location ~* ^(\/_matrix|\/_synapse\/client) {
# location \_matrix {
proxy_pass http://localhost:8008;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
#proxy_set_header X-Forwarded-Proto $scheme;
# Nginx by default only allows file uploads up to 1M in size
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
client_max_body_size 10M;
}
}
server {
listen 8448 ssl;
server_name matrix-labo.company.lan;
ssl_certificate /etc/ssl/certs/matrix-labo.pem;
ssl_certificate_key /etc/ssl/certs/matrix-labo-privkey.pem;
location / {
proxy_pass http://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
- Nginx config file (Element)
server {
listen 80;
server_name element-labo.company.lan;
return 301 https://element-labo.company.lan$request_uri;
}
server {
listen 443 ssl;
server_name element-labo.company.lan;
root /var/www/element/;
index index.html index.php index.htm;
ssl_certificate /etc/ssl/certs/element-labo.pem;
ssl_certificate_key /etc/ssl/certs/element-labo-pvkey.pem;
#ssl_dhparam /etc/ssl/certs/dhparam-chat.pem;
access_log /var/log/nginx/element-labo.company.lan.access.log;
error_log /var/log/nginx/element-labo.company.lan.error.log;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000";
# add_header Content-Security-Policy "frame-ancestors 'none'";
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 15m;
ssl_session_tickets off;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ecdh_curve X25519:P-521:P-384:P-256;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ =404;
}
}
Here's the full strace capture when I tried to login:
strace -f -s 200 -p PID_number
strace: Process 10211 attached with 13 threads
[pid 10227] futex(0x7f5f7c0011f0, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10226] futex(0x7f5f78001440, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10223] futex(0x7f5f88000db0, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10224] futex(0x7f5f8c0011f0, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10237] futex(0x7f5f700011f0, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10225] futex(0x7f5f800011f0, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10221] futex(0x7f5f9001e990, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10217] select(0, NULL, NULL, NULL, {tv_sec=3, tv_usec=925734} <unfinished ...>
[pid 10211] epoll_wait(4, <unfinished ...>
[pid 10219] futex(0x7f5f98010a30, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10218] futex(0x7f5fa001e460, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10222] futex(0x7f5f9401ded0, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10220] futex(0x7f5f9c010ea0, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10211] <... epoll_wait resumed>[], 4, 180) = 0
[pid 10211] epoll_wait(4, [{EPOLLIN, {u32=14, u64=140045998620686}}], 4, 1000) = 1
[pid 10211] accept4(14, {sa_family=AF_INET, sin_port=htons(57528), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_CLOEXEC) = 18
[pid 10211] getsockname(18, {sa_family=AF_INET, sin_port=htons(8008), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
[pid 10211] fcntl(18, F_GETFD) = 0x1 (flags FD_CLOEXEC)
[pid 10211] fcntl(18, F_SETFD, FD_CLOEXEC) = 0
[pid 10211] ioctl(18, FIONBIO, [1]) = 0
[pid 10211] epoll_ctl(4, EPOLL_CTL_ADD, 18, {EPOLLIN, {u32=18, u64=140045998620690}}) = 0
[pid 10211] epoll_wait(4, [{EPOLLIN, {u32=18, u64=140045998620690}}], 5, 526) = 1
[pid 10211] recvfrom(18, "OPTIONS /_matrix/client/r0/login HTTP/1.0\r\nHost: matrix-labo.company.lan\r\nX-Forwarded-For: 10.100.250.3\r\nConnection: close\r\nAccept: */*\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-H"..., 65536, 0, NULL, NULL) = 546
[pid 10211] getsockname(18, {sa_family=AF_INET, sin_port=htons(8008), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
[pid 10211] getpid() = 10211
[pid 10211] write(7, "2021-12-13 12:04:02,220 - synapse.http.site - 479 - WARNING - sentinel - forwarded request lacks an x-forwarded-proto header: assuming https\n", 141) = 141
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=89624}, ru_stime={tv_sec=0, tv_usec=98000}, ...}) = 0
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=89670}, ru_stime={tv_sec=0, tv_usec=98004}, ...}) = 0
[pid 10211] epoll_ctl(4, EPOLL_CTL_MOD, 18, {EPOLLIN|EPOLLOUT, {u32=18, u64=18}}) = 0
[pid 10211] epoll_ctl(4, EPOLL_CTL_MOD, 18, {EPOLLOUT, {u32=18, u64=18}}) = 0
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=89920}, ru_stime={tv_sec=0, tv_usec=98027}, ...}) = 0
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=90000}, ru_stime={tv_sec=0, tv_usec=98034}, ...}) = 0
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=90062}, ru_stime={tv_sec=0, tv_usec=98039}, ...}) = 0
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=90125}, ru_stime={tv_sec=0, tv_usec=98045}, ...}) = 0
[pid 10211] epoll_wait(4, [{EPOLLOUT, {u32=18, u64=18}}], 5, 524) = 1
[pid 10211] sendto(18, "HTTP/1.0 204 No Content\r\nServer: Synapse/1.48.0\r\nDate: Mon, 13 Dec 2021 11:04:02 GMT\r\nContent-Length: 0\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, OPT"..., 291, 0, NULL, 0) = 291```
[pid 10211] epoll_ctl(4, EPOLL_CTL_DEL, 18, 0x7ffc6d662bb4) = 0
[pid 10211] shutdown(18, SHUT_RDWR) = 0
[pid 10211] close(18) = 0
[pid 10211] epoll_wait(4, [{EPOLLIN, {u32=14, u64=140045998620686}}], 4, 523) = 1
[pid 10211] accept4(14, {sa_family=AF_INET, sin_port=htons(57530), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_CLOEXEC) = 18
[pid 10211] getsockname(18, {sa_family=AF_INET, sin_port=htons(8008), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
[pid 10211] fcntl(18, F_GETFD) = 0x1 (flags FD_CLOEXEC)
[pid 10211] fcntl(18, F_SETFD, FD_CLOEXEC) = 0
[pid 10211] ioctl(18, FIONBIO, [1]) = 0
[pid 10211] epoll_ctl(4, EPOLL_CTL_ADD, 18, {EPOLLIN, {u32=18, u64=140045998620690}}) = 0
[pid 10211] accept4(14, 0x7ffc6d662cc0, [16], SOCK_CLOEXEC) = -1 EAGAIN (Resource temporarily unavailable)
[pid 10211] epoll_wait(4, [{EPOLLIN, {u32=18, u64=140045998620690}}], 5, 511) = 1
[pid 10211] recvfrom(18, "POST /_matrix/client/r0/login HTTP/1.0\r\nHost: matrix-labo.company.lan\r\nX-Forwarded-For: 10.100.250.3\r\nConnection: close\r\nContent-Length: 183\r\nsec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"96\", \"Go"..., 65536, 0, NULL, NULL) = 847
[pid 10211] getsockname(18, {sa_family=AF_INET, sin_port=htons(8008), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
[pid 10211] getpid() = 10211
[pid 10211] write(7, "2021-12-13 12:04:02,235 - synapse.http.site - 479 - WARNING - sentinel - forwarded request lacks an x-forwarded-proto header: assuming https\n", 141) = 141
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=91871}, ru_stime={tv_sec=0, tv_usec=98202}, ...}) = 0
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=92010}, ru_stime={tv_sec=0, tv_usec=98215}, ...}) = 0
[pid 10211] getpid() = 10211
[pid 10211] getpid() = 10211
[pid 10211] stat("/var/lib/matrix-synapse/.netrc", 0x7ffc6d65e3f0) = -1 ENOENT (No such file or directory)
[pid 10211] stat("/var/lib/matrix-synapse/_netrc", 0x7ffc6d65e3f0) = -1 ENOENT (No such file or directory)
[pid 10211] socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC, IPPROTO_TCP) = 19
[pid 10211] setsockopt(19, SOL_TCP, TCP_NODELAY, [1], 4) = 0
[pid 10211] ioctl(19, FIONBIO, [0]) = 0
[pid 10211] connect(19, {sa_family=AF_INET, sin_port=htons(8090), sin_addr=inet_addr("10.100.120.140")}, 16) = 0
[pid 10211] sendto(19, "POST /_matrix-internal/identity/v1/check_credentials HTTP/1.1\r\nHost: 10.100.120.140:8090\r\nUser-Agent: python-requests/2.26.0\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\nConte"..., 249, 0, NULL, 0) = 249
[pid 10211] sendto(19, "{\"user\": {\"id\": \"@user:matrix-labo.company.lan\", \"password\": \"password_user\"}}", 84, 0, NULL, 0) = 84
[pid 10211] ioctl(19, FIONBIO, [0]) = 0
[pid 10211] recvfrom(19, "HTTP/1.1 200 OK\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization\r\nContent-Type: application/json\r\nCo"..., 8192, 0, NULL, NULL) = 424
[pid 10211] close(19) = 0
[pid 10211] getpid() = 10211
[pid 10211] futex(0x7f5f9001e990, FUTEX_WAKE_PRIVATE, 1) = 1
[pid 10221] <... futex resumed>) = 0
[pid 10221] futex(0x93db48, FUTEX_WAIT_BITSET_PRIVATE, 0, {tv_sec=247399, tv_nsec=429822686}, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=95158}, ru_stime={tv_sec=0, tv_usec=98498}, ...}) = 0
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=95230}, ru_stime={tv_sec=0, tv_usec=98504}, ...}) = 0
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=95300}, ru_stime={tv_sec=0, tv_usec=98510}, ...}) = 0
[pid 10211] futex(0x93db48, FUTEX_WAKE_PRIVATE, 1) = 1
[pid 10221] <... futex resumed>) = 0
[pid 10211] epoll_wait(4, <unfinished ...>
[pid 10221] futex(0x93db50, FUTEX_WAKE_PRIVATE, 1) = 0
[pid 10221] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=0, tv_usec=6064}, ru_stime={tv_sec=0, tv_usec=6064}, ...}) = 0
[pid 10221] sendto(11, "\27\3\3\0C\243\211\233V\r\255\267\27C\326\31\212r\250\33#\207&\332\322=\216\3400h|\222u#\353U\331\201\376&8\377=\213-\24E\355uo\240\320i0q#\3367\301.\200\25\317\266\7\27\23V\311\224\300\264", 72, MSG_NOSIGNAL, NULL, 0) = 72
[pid 10221] poll([{fd=11, events=POLLIN|POLLERR}], 1, -1) = 1 ([{fd=11, revents=POLLIN}])
[pid 10221] recvfrom(11, "\27\3\3\0)", 5, 0, NULL, NULL) = 5
[pid 10221] recvfrom(11, "5\351S\214\f2]\366T\fU\273VX\377x\242|\350\324\322xE\335b+\265\277\0\245P\353\241\36\367\3zm \372\345", 41, 0, NULL, NULL) = 41
[pid 10221] sendto(11, "\27\3\3\0\203\243\211\233V\r\255\267\30\349\226ww\250\365%W10\"\325\340\367\23\247D\257\236\16\350S\326\372\356\350g\20!\26,5:\317|\17\335\217H\235\203_VZ\207\360\314\310pt:|%\204\373i\351\20D\373{D>\223\251\25p\\\24\367\n\276\236\323K\246\2\374\7c\212\333\210L\220\216\245\205,\370A\330\256_\372\323M\256JU\212\347\265\17\316uEJ\377\336\16\273>:\277\312?\202m\25L.", 136, MSG_NOSIGNAL, NULL, 0) = 136
[pid 10221] poll([{fd=11, events=POLLIN|POLLERR}], 1, -1) = 1 ([{fd=11, revents=POLLIN}])
[pid 10221] recvfrom(11, "\27\3\3\0\233", 5, 0, NULL, NULL) = 5
[pid 10221] recvfrom(11, "5\351S\214\f2]\367Z\235\372}L\251u6\36u\205o\21M\353h;\1\3652\0\365<\312\10hF\177\68\377\244f\326e;29\2660\236<\7\246\0\367\371m\21\344\350\236\305\265\212\vT\310\250\244&\273\2569Oa\312aL\212Ti\360E\354\376\306\241\212\267UQ\212\260\200\320S\352\277E\370\213*8Z\253\206w%\6\37}\244\265\377E\272\2619\371\271\2\237\360\34\356\215\233\243G\272\2062\214\304\270XW\213\271\346?\255\265\251\304=\27\232+\25\347\233C&f\325", 155, 0, NULL, NULL) = 155
[pid 10221] sendto(11, "\27\3\3\0$\243\211\233V\r\255\267\31\240\226\357\35\4\206\\\200\0322\305$\320\270#OJ=\375d\337\244:C\355\256kY", 41, MSG_NOSIGNAL, NULL, 0) = 41
[pid 10221] poll([{fd=11, events=POLLIN|POLLERR}], 1, -1) = 1 ([{fd=11, revents=POLLIN}])
[pid 10221] recvfrom(11, "\27\3\3\0*", 5, 0, NULL, NULL) = 5
[pid 10221] recvfrom(11, "5\351S\214\f2]\370\343\2475\322\315Z\315A*j\315\326\346\333\307'@\20-\315}\350\267\235\321\2557K\26~P\226\245\265", 42, 0, NULL, NULL) = 42
[pid 10221] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=0, tv_usec=6486}, ru_stime={tv_sec=0, tv_usec=6064}, ...}) = 0
[pid 10221] write(6, "x", 1) = 1
[pid 10211] <... epoll_wait resumed>[{EPOLLIN, {u32=5, u64=140045998620677}}], 5, 491) = 1
[pid 10211] futex(0x93db4c, FUTEX_WAIT_BITSET_PRIVATE, 0, {tv_sec=247399, tv_nsec=432502103}, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10221] futex(0x93db4c, FUTEX_WAKE_PRIVATE, 1) = 1
[pid 10211] <... futex resumed>) = 0
[pid 10221] futex(0x7f5f9001e990, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10211] futex(0x93db50, FUTEX_WAKE_PRIVATE, 1) = 0
[pid 10211] read(5, "x", 8192) = 1
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=95885}, ru_stime={tv_sec=0, tv_usec=98563}, ...}) = 0
[pid 10211] getpid() = 10211
[pid 10211] getpid() = 10211
[pid 10211] getpid() = 10211
[pid 10211] write(7, "2021-12-13 12:04:02,236 - synapse.rest.client.login - 267 - INFO - POST-16 - Got login request with identifier: {'type': 'm.id.user', 'user': 'user'}, medium: None, address: None, user: None\n", 194) = 194
[pid 10211] write(7, "2021-12-13 12:04:02,236 - rest_auth_provider - 46 - INFO - POST-16 - Got password check for @user:matrix-labo.company.lan\n", 127) = 127
[pid 10211] write(7, "2021-12-13 12:04:02,254 - rest_auth_provider - 62 - INFO - POST-16 - User @user:matrix-labo.company.lan authenticated\n", 123) = 123
[pid 10211] write(7, "2021-12-13 12:04:02,257 - rest_auth_provider - 76 - INFO - POST-16 - User @user:matrix-labo.company.lan already exists, registration skipped\n", 146) = 146
[pid 10211] write(7, "2021-12-13 12:04:02,257 - rest_auth_provider - 79 - INFO - POST-16 - Handling profile data\n", 91) = 91
[pid 10211] write(7, "2021-12-13 12:04:02,258 - synapse.handlers.auth - 2074 - WARNING - POST-16 - Failed to run module API callback <function load_single_legacy_password_auth_provider.<locals>.async_wrapper.<locals>.wrapp"..., 279) = 279
[pid 10211] futex(0x7f5f9401ded0, FUTEX_WAKE_PRIVATE, 1) = 1
[pid 10222] <... futex resumed>) = 0
[pid 10211] getrusage(RUSAGE_THREAD, <unfinished ...>
[pid 10222] futex(0x93db48, FUTEX_WAIT_BITSET_PRIVATE, 0, {tv_sec=247399, tv_nsec=434105323}, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10211] <... getrusage resumed>{ru_utime={tv_sec=1, tv_usec=96799}, ru_stime={tv_sec=0, tv_usec=98645}, ...}) = 0
[pid 10211] futex(0x93db48, FUTEX_WAKE_PRIVATE, 1 <unfinished ...>
[pid 10222] <... futex resumed>) = 0
[pid 10211] <... futex resumed>) = 1
[pid 10222] futex(0x93db50, FUTEX_WAIT_PRIVATE, 2, NULL <unfinished ...>
[pid 10211] futex(0x93db50, FUTEX_WAKE_PRIVATE, 1 <unfinished ...>
[pid 10222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable)
[pid 10211] <... futex resumed>) = 0
[pid 10222] futex(0x93db50, FUTEX_WAKE_PRIVATE, 1 <unfinished ...>
[pid 10211] epoll_wait(4, <unfinished ...>
[pid 10222] <... futex resumed>) = 0
[pid 10222] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=0, tv_usec=9324}, ru_stime={tv_sec=0, tv_usec=4659}, ...}) = 0
[pid 10222] sendto(16, "\27\3\3\0C\232z\242\312\316\315\22\317\275\376\277\270\304\362\2142\313\256~yL\231\305\377\221\240\325*\233X\226\363, \226\177\255\317\200\243\24\365J\215#\31E\257\327=\235\206\370\366\325r2G\300\222\223>}\374w\346\220", 72, MSG_NOSIGNAL, NULL, 0) = 72
[pid 10222] poll([{fd=16, events=POLLIN|POLLERR}], 1, -1) = 1 ([{fd=16, revents=POLLIN}])
[pid 10222] recvfrom(16, "\27\3\3\0)", 5, 0, NULL, NULL) = 5
[pid 10222] recvfrom(16, "KA\33\300\315\357\26M\17T/\254\v\201\20\216{\324\212\223\257j\37\243\373\7\277}\352\336\346\26\342\3;\223\t\30|\257\266", 41, 0, NULL, NULL) = 41
[pid 10222] sendto(16, "\27\3\3\0\203\232z\242\312\316\315\22\320\262\270\37G\237\274\rT}X\265F\353\354\375\265\246\352\320Xv\243\252\\.\317\352\334\273\236C\2159\252\314\320\243\263\22\23\2416\257\4\206\245\371\332C\317{\277\316)q\355\243E~t\341BMr\252(\274\338;-\326T\22\264yNxR~\r\372\240f\0276Yy=+\204\270y\275\3553h\316\251\207\1\232\213\311\313F\322lQ\270#\25\246\342E\225\377\350G%\355Z`", 136, MSG_NOSIGNAL, NULL, 0) = 136
[pid 10222] poll([{fd=16, events=POLLIN|POLLERR}], 1, -1) = 1 ([{fd=16, revents=POLLIN}])
[pid 10222] recvfrom(16, "\27\3\3\0\233", 5, 0, NULL, NULL) = 5
[pid 10222] recvfrom(16, "KA\33\300\315\357\26N]\3k\30\222\367L[\317\263/\212\216Dm`\331\337?U\253\345\212\340u\246\6v4\334\240`\"\352\211\\;'\6\373n!O\325h\0)\"t?\330\304\v\312\270\343\200\305\335\21\361y\252\237\334\20\200\322\278;\236Z\227\301\354\326\255\223\233\2109M\302~\3702{\34\3\20\264\361lZZD^\256\257\272\266\240\341\324\307x\312C_fS.\\0\322wR\224Bs\312\33\234\261H\34\277\177\0c\261\273h\221\331\302\260\276u\245\302\27\316\36\35\\", 155, 0, NULL, NULL) = 155
[pid 10222] sendto(16, "\27\3\3\0$\232z\242\312\316\315\22\321M\242\333\227\34\216zc\367\3\208T\255\341\1\227\367\210?\336EJDlpq\263", 41, MSG_NOSIGNAL, NULL, 0) = 41
[pid 10222] poll([{fd=16, events=POLLIN|POLLERR}], 1, -1) = 1 ([{fd=16, revents=POLLIN}])
[pid 10222] recvfrom(16, "\27\3\3\0*", 5, 0, NULL, NULL) = 5
[pid 10222] recvfrom(16, "KA\33\300\315\357\26O\230\316\"X\240\265\374\211O\214\7\312s\350dcv\234H<\310\235\315\261\254}g:G\0Y\321\315\207", 42, 0, NULL, NULL) = 42
[pid 10222] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=0, tv_usec=9637}, ru_stime={tv_sec=0, tv_usec=4815}, ...}) = 0
[pid 10222] write(6, "x", 1) = 1
[pid 10222] futex(0x7f5f9401ded0, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10211] <... epoll_wait resumed>[{EPOLLIN, {u32=5, u64=140045998620677}}], 5, 487) = 1
[pid 10211] read(5, "x", 8192) = 1
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=97059}, ru_stime={tv_sec=0, tv_usec=98669}, ...}) = 0
[pid 10211] futex(0x7f5f98010a30, FUTEX_WAKE_PRIVATE, 1) = 1
[pid 10219] <... futex resumed>) = 0
[pid 10219] futex(0x93db4c, FUTEX_WAIT_BITSET_PRIVATE, 0, {tv_sec=247399, tv_nsec=436888178}, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=97312}, ru_stime={tv_sec=0, tv_usec=98691}, ...}) = 0
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=97358}, ru_stime={tv_sec=0, tv_usec=98696}, ...}) = 0
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=97419}, ru_stime={tv_sec=0, tv_usec=98701}, ...}) = 0
[pid 10211] futex(0x93db4c, FUTEX_WAKE_PRIVATE, 1) = 1
[pid 10219] <... futex resumed>) = 0
[pid 10219] futex(0x93db50, FUTEX_WAIT_PRIVATE, 2, NULL <unfinished ...>
[pid 10211] futex(0x93db50, FUTEX_WAKE_PRIVATE, 1) = 1
[pid 10219] <... futex resumed>) = 0
[pid 10219] futex(0x93db50, FUTEX_WAKE_PRIVATE, 1) = 0
[pid 10211] epoll_wait(4, <unfinished ...>
[pid 10219] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=0, tv_usec=14149}, ru_stime={tv_sec=0, tv_usec=0}, ...}) = 0
[pid 10219] sendto(15, "\27\3\3\0m\206a$\27*\275\324\364\202eR\306\34\23(2\225\25\r\227\257:E\375\264\340\220\232\327\26\342\244\0341\fdC\340\356\265\222\350aj\271\260\260kO*\266<\261\343\257\t\316\342h\177\320\261\231\256\"vWXA2Ho\332'h-K\237\342\353e\335\257\206\35}\264/\247\204\222\f\370y>Ea\n}\227\17\4\256L\226\337\376\204\n", 114, MSG_NOSIGNAL, NULL, 0) = 114
[pid 10219] poll([{fd=15, events=POLLIN|POLLERR}], 1, -1) = 1 ([{fd=15, revents=POLLIN}])
[pid 10219] recvfrom(15, "\27\3\3\0]", 5, 0, NULL, NULL) = 5
[pid 10219] recvfrom(15, "?\240S\263\3611\231\354\202\321\7\264\350\261$s\331\202VO.e\265\322f(\377\305\344N\fIyi\366Hg\254d\340D\360\1\224\225\304\363\311s\22\242C\223\r\225r0\30\203\275\344\250\215'\243C\2059/T\267j\23?\177\4\2558;\244\350\2611\221q\275\206\230\22\240\374\274\224", 93, 0, NULL, NULL) = 93
[pid 10219] sendto(15, "\27\3\3\0J\206a$\27*\275\324\365\250\363\313\200O{\235\302<\34\361\353j\10\261\177\323\3572\307`\324\356\26\7I\327\37\231)!\267L\33\5\272\vL\212K\371m\31$\300\315\27\2474 W\3142\366+\5\177\232\213\313\5\252|\6\335\316", 79, MSG_NOSIGNAL, NULL, 0) = 79
[pid 10219] poll([{fd=15, events=POLLIN|POLLERR}], 1, -1) = 1 ([{fd=15, revents=POLLIN}])
[pid 10219] recvfrom(15, "\27\3\3\0'", 5, 0, NULL, NULL) = 5
[pid 10219] recvfrom(15, "?\240S\263\3611\231\3558\360\261\344\354\231\343\221\333\373\35\3779\365\374.=,\331\277\307/\326\10\362\36\327\246)\336\356", 39, 0, NULL, NULL) = 39
[pid 10219] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=0, tv_usec=14529}, ru_stime={tv_sec=0, tv_usec=0}, ...}) = 0
[pid 10219] write(6, "x", 1) = 1
[pid 10211] <... epoll_wait resumed>[{EPOLLIN, {u32=5, u64=140045998620677}}], 5, 484) = 1
[pid 10219] futex(0x7f5f98010a30, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10211] read(5, "x", 8192) = 1
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=97419}, ru_stime={tv_sec=0, tv_usec=98961}, ...}) = 0
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=97419}, ru_stime={tv_sec=0, tv_usec=99063}, ...}) = 0
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=97419}, ru_stime={tv_sec=0, tv_usec=99197}, ...}) = 0
[pid 10211] getpid() = 10211
[pid 10211] write(7, "2021-12-13 12:04:02,264 - synapse.handlers.auth - 1317 - WARNING - POST-16 - Failed password login for user @user:matrix-labo.company.lan\n", 143) = 143
[pid 10211] getpid() = 10211
[pid 10211] futex(0x7f5f700011f0, FUTEX_WAKE_PRIVATE, 1) = 1
[pid 10237] <... futex resumed>) = 0
[pid 10211] getrusage(RUSAGE_THREAD, <unfinished ...>
[pid 10237] futex(0x93db48, FUTEX_WAIT_BITSET_PRIVATE, 0, {tv_sec=247399, tv_nsec=440197778}, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10211] <... getrusage resumed>{ru_utime={tv_sec=1, tv_usec=97419}, ru_stime={tv_sec=0, tv_usec=99771}, ...}) = 0
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=97419}, ru_stime={tv_sec=0, tv_usec=99814}, ...}) = 0
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=97419}, ru_stime={tv_sec=0, tv_usec=99860}, ...}) = 0
[pid 10211] futex(0x93db48, FUTEX_WAKE_PRIVATE, 1) = 1
[pid 10237] <... futex resumed>) = 0
[pid 10211] epoll_wait(4, <unfinished ...>
[pid 10237] futex(0x93db50, FUTEX_WAKE_PRIVATE, 1) = 0
[pid 10237] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=0, tv_usec=2863}, ru_stime={tv_sec=0, tv_usec=0}, ...}) = 0
[pid 10237] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=0, tv_usec=2904}, ru_stime={tv_sec=0, tv_usec=0}, ...}) = 0
[pid 10237] write(6, "x", 1) = 1
[pid 10211] <... epoll_wait resumed>[{EPOLLIN, {u32=5, u64=140045998620677}}], 5, 481) = 1
[pid 10237] futex(0x93db4c, FUTEX_WAIT_BITSET_PRIVATE, 0, {tv_sec=247399, tv_nsec=440756030}, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10211] futex(0x93db4c, FUTEX_WAKE_PRIVATE, 1 <unfinished ...>
[pid 10237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable)
[pid 10211] <... futex resumed>) = 0
[pid 10211] read(5, <unfinished ...>
[pid 10237] futex(0x93db50, FUTEX_WAKE_PRIVATE, 1 <unfinished ...>
[pid 10211] <... read resumed>"x", 8192) = 1
[pid 10237] <... futex resumed>) = 0
[pid 10211] futex(0x93db48, FUTEX_WAIT_BITSET_PRIVATE, 0, {tv_sec=247399, tv_nsec=440891269}, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10237] futex(0x93db48, FUTEX_WAKE_PRIVATE, 1) = 1
[pid 10211] <... futex resumed>) = 0
[pid 10237] futex(0x7f5f700011f0, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 0, NULL, FUTEX_BITSET_MATCH_ANY <unfinished ...>
[pid 10211] futex(0x93db50, FUTEX_WAKE_PRIVATE, 1) = 0
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=97419}, ru_stime={tv_sec=0, tv_usec=100066}, ...}) = 0
[pid 10211] epoll_ctl(4, EPOLL_CTL_MOD, 18, {EPOLLIN|EPOLLOUT, {u32=18, u64=18}}) = 0
[pid 10211] epoll_ctl(4, EPOLL_CTL_MOD, 18, {EPOLLOUT, {u32=18, u64=18}}) = 0
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=97419}, ru_stime={tv_sec=0, tv_usec=100335}, ...}) = 0
[pid 10211] getpid() = 10211
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=97419}, ru_stime={tv_sec=0, tv_usec=100472}, ...}) = 0
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=97419}, ru_stime={tv_sec=0, tv_usec=100516}, ...}) = 0
[pid 10211] getrusage(RUSAGE_THREAD, {ru_utime={tv_sec=1, tv_usec=97419}, ru_stime={tv_sec=0, tv_usec=100575}, ...}) = 0
[pid 10211] epoll_wait(4, [{EPOLLOUT, {u32=18, u64=18}}], 5, 479) = 1
[pid 10211] sendto(18, "HTTP/1.0 403 Forbidden\r\nServer: Synapse/1.48.0\r\nDate: Mon, 13 Dec 2021 11:04:02 GMT\r\nContent-Type: application/json\r\nCache-Control: no-cache, no-store, must-revalidate\r\nAccess-Control-Allow-Origin: *\r"..., 407, 0, NULL, 0) = 407
[pid 10211] epoll_ctl(4, EPOLL_CTL_DEL, 18, 0x7ffc6d662bb4) = 0
[pid 10211] shutdown(18, SHUT_RDWR) = 0
[pid 10211] close(18) = 0
[pid 10211] epoll_wait(4, [], 4, 478) = 0
[pid 10211] epoll_wait(4, ^Cstrace: Process 10211 detached
I found the issue... during my testing labs, I did a mistake and downloaded the wrong rest_auth python script
I installed the wrong one ! The bad one was the rest_auth of this project:
https://github.com/kamax-matrix/matrix-synapse-rest-password-provider
The one I needed was this one: https://github.com/ma1uta/matrix-synapse-rest-password-provider
I can now login with AD users without any issue !
Big bad mistake of mine