For the purposes of this post, the root domain example.com.
I have an XMPP Server (ejabberd) running on Debian 6.
In Clients (Pidgin, Adium) when I try to add a gtalk xmpp account as a Contact, I get "Not Authorized" messages, along with 404 and 503 error (debugging output below).
While this would suggest a misconfiguration of ejabberd, if I configure the XMPP server to host chat.example.com, adding a gtalk user works just fine. Same is true if the XMPP server hosts secondexample.com.
Perhaps this is a DNS issue? Well, I've looked at DNS, hosts files, and I've either verified that they are correct. But I've removed them and replaced them just in case.
Server build? I've rebuilt it from scratch. Same problem.
Network? I've tried it on a different network.
I've run out of ideas.
Can gtalk blacklist servers? By mistake?
If you have any ideas, they'd be appreciated.
XMPP Console output from Pidgin client with 'exampleuser@example.com' when trying to add user 'gtalk@gmail.com':
<iq type='result' to='example.com' id='2188721256'/>
<iq type='set' id='purplec8d28432'>
<query xmlns='jabber:iq:roster'>
<item jid='gtalk@gmail.com' name=''>
<group>Buddies</group>
</item>
</query>
</iq>
<presence to='gtalk@gmail.com' type='subscribe'/>
<iq from='exampleuser@example.com' to='exampleuser@example.com/test' id='push524344776' type='set'>
<query xmlns='jabber:iq:roster'>
<item subscription='none' jid='gtalk@gmail.com'>
<group>Buddies</group>
</item>
</query>
</iq>
<iq type='result' id='push524344776'/>
<iq from='exampleuser@example.com' to='exampleuser@example.com/test' id='purplec8d28432' type='result'/>
<iq from='exampleuser@example.com' to='exampleuser@example.com/test' id='push1181680121' type='set'>
<query xmlns='jabber:iq:roster'>
<item ask='subscribe' subscription='none' jid='gtalk@gmail.com'>
<group>Buddies</group>
</item>
</query>
</iq>
<iq type='result' id='push1181680121'/>
<presence from='gtalk@gmail.com' to='exampleuser@example.com/test' type='error'>
<error code='404' type='cancel'>
<remote-server-not-found xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
</error>
</presence>
Best Answer
Resolved. The problem was gtalk's internal DNS.
Turns out a predecessor opened a (free) Google Apps account for the domain 6 years ago, stopped using it 5 years ago, never told anyone and probably forgot about it themselves.
This mean that when gtalk@gmail.com tried to chat with user@example.com, the internal records showed @example.com was using the gtalk service, not the ejabberd service I setup. There would then be no response, no authorization.
What was most vexing about this problem is that all the NS records I could find showed that I had set things up correctly, including dig srv _xmpp-server._tcp.example.com. @8.8.8.8
Anyway, once I discovered the account, I turned down the gtalk service and now everything works.