FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 03-30-2012, 08:40 PM
Maurizio Marini
 
Default Authentication failed because the server was unable to generate authentication credentials. The authentication database could not be opened.

thsi was
already discussed on this thread:

http://lists.fedoraproject.org/pipermail/389-users/2009-April/009362.html

but there was clue to solve the issue.

this server is a CentOS 6 with following packages:

389-admin-1.1.25-1.el6.x86_64
389-ds-console-1.2.6-1.el6.noarch
389-adminutil-devel-1.1.14-2.el6.x86_64
389-ds-base-1.2.9.14-1.el6_2.2.x86_64
389-admin-console-1.1.8-1.el6.noarch
389-dsgw-1.1.7-2.el6.x86_64
389-ds-base-devel-1.2.9.14-1.el6_2.2.x86_64
389-admin-console-doc-1.1.8-1.el6.noarch
389-console-1.1.7-1.el6.noarch
389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64
389-adminutil-1.1.14-2.el6.x86_64
389-ds-console-doc-1.2.6-1.el6.noarch
389-ds-1.2.2-1.el6.noarch

I have configured dsgw using:
http://directory.fedoraproject.org/wiki/DSGW

when i try to authenticate a test user, using
/var/log/dirsrv/slapd-ds/access
i see authentication is ok:
[30/Mar/2012:22:30:23 +0200] conn=103 op=1 BIND dn="uid=xxx,ou=People,dc=xxx,dc=it" method=128 version=3
[30/Mar/2012:22:30:23+0200] conn=103 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=xxx,ou=people,dc=xxx,dc=it"

i use xxx to obfuscate real names to protect my customer privacy.
but something goes wrong after it, into dsgw
Is there any dsgw log to diagnose better the issue?

regards
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-30-2012, 08:45 PM
Rich Megginson
 
Default Authentication failed because the server was unable to generate authentication credentials. The authentication database could not be opened.

On 03/30/2012 02:40 PM, Maurizio Marini wrote:

thsi was
already discussed on this thread:

http://lists.fedoraproject.org/pipermail/389-users/2009-April/009362.html

but there was clue to solve the issue.

this server is a CentOS 6 with following packages:

389-admin-1.1.25-1.el6.x86_64
389-ds-console-1.2.6-1.el6.noarch
389-adminutil-devel-1.1.14-2.el6.x86_64
389-ds-base-1.2.9.14-1.el6_2.2.x86_64
389-admin-console-1.1.8-1.el6.noarch
389-dsgw-1.1.7-2.el6.x86_64
389-ds-base-devel-1.2.9.14-1.el6_2.2.x86_64
389-admin-console-doc-1.1.8-1.el6.noarch
389-console-1.1.7-1.el6.noarch
389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64
389-adminutil-1.1.14-2.el6.x86_64
389-ds-console-doc-1.2.6-1.el6.noarch
389-ds-1.2.2-1.el6.noarch

I have configured dsgw using:
http://directory.fedoraproject.org/wiki/DSGW

when i try to authenticate a test user, using
/var/log/dirsrv/slapd-ds/access
i see authentication is ok:
[30/Mar/2012:22:30:23 +0200] conn=103 op=1 BIND dn="uid=xxx,ou=People,dc=xxx,dc=it" method=128 version=3
[30/Mar/2012:22:30:23+0200] conn=103 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=xxx,ou=people,dc=xxx,dc=it"

i use xxx to obfuscate real names to protect my customer privacy.
but something goes wrong after it, into dsgw
Is there any dsgw log to diagnose better the issue?

ls -al /var/run/dirsrv/dsgw
ls -al /var/run/dirsrv/dsgw/cookies

the admin server logs are in /var/log/dirsrv/admin-serv


regards
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-31-2012, 08:20 AM
Maurizio Marini
 
Default Authentication failed because the server was unable to generate authentication credentials. The authentication database could not be opened.

On Fri, 30 Mar 2012 14:45:28 -0600
Rich Megginson <rmeggins@redhat.com> wrote:

Hello Richard


> > Is there any dsgw log to diagnose better the issue?
> ls -al /var/run/dirsrv/dsgw
empty

> ls -al /var/run/dirsrv/dsgw/cookies
empty

>
> the admin server logs are in /var/log/dirsrv/admin-serv
there is nothing newer than 1 day ago


if i enter a wrong password, i get an error on
/var/log/dirsrv/slapd-ds/access
and using credentials i am able to exec ldap search

Code:
ldapsearch -x -b "ou=People,dc=xx,dc=it" -D "uid=xxx,ou=People,dc=xxx,dc=it" -w xxx  "(objectClass=person)"  uid 
# extended LDIF
#
# LDAPv3
# base <ou=People,dc=xxx,dc=it> with scope subtree
# filter: (objectClass=person)
# requesting: uid 
#

# udiprova, People, xxx.it
dn: uid=udiprova,ou=People,dc=xxx,dc=it
uid: udiprova

# bpb001, People, xxx.it
dn: uid=bpb001,ou=People,dc=xxx,dc=it
uid: bpb001

# xxx, People, xxx.it
dn: uid=xxx,ou=People,dc=xxx,dc=it
uid: xxx

# search result
search: 2
result: 0 Success

# numResponses: 4
# numEntries: 3
the issue is *after* authentication, the authentication with ldap is ok,
but after that, something into dsgw goes wrong

maybe there is something wrong in dsgw.conf:
Code:
baseurl ldap://localhost:389/ou%3DPeople,dc%3Dxxx,dc%3Dit
dirmgr "cn=Directory Manager"
location-suffix dc=xxx, dc=it
securitypath /etc/dirsrv/dsgw
htmldir /usr/share/dirsrv/dsgw/html/
configdir /usr/share/dirsrv/dsgw/config/
gwnametrans /dsgw/
authlifetime 7200
template group groupOfNames
template ntgroup groupOfUniqueNames ntGroup
template groupun groupOfUniqueNames
template org organization
template dc domain
template orgunit organizationalUnit
template ntperson person inetOrgPerson nTUser
template orgperson person inetOrgPerson
template person person
template country country
location country "Italy" "c=IT#"
location org "This Organization" ""
location dc "This Domaincomponent" ""
location groups "Groups" "ou=Groups"
location people "People" "ou=People"
location special "Special Users" "ou=Special Users"
charset UTF-8
include "/usr/share/dirsrv/dsgw/config/dsgw-l10n.confMaurizio Marini <maumar@cost.it>"
sadly, without a specific dsgw log, i cannot diagnose anything
there is no trace in any log of what is doing dsgw ;(
at this point, a dsgw specific log can be an RFE and as such it should filed on bugzilla
isn't it?

thnx for your attention
regards

-m
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-31-2012, 02:46 PM
Rich Megginson
 
Default Authentication failed because the server was unable to generate authentication credentials. The authentication database could not be opened.

On 03/31/2012 02:20 AM, Maurizio Marini wrote:

On Fri, 30 Mar 2012 14:45:28 -0600
Rich Megginson<rmeggins@redhat.com> wrote:

Hello Richard



Is there any dsgw log to diagnose better the issue?

ls -al /var/run/dirsrv/dsgw

empty


ls -al /var/run/dirsrv/dsgw/cookies

empty


This is the problem. How did you install dsgw? From yum? Did you run
setup-ds-dsgw after installing the packages?





the admin server logs are in /var/log/dirsrv/admin-serv

there is nothing newer than 1 day ago


if i enter a wrong password, i get an error on
/var/log/dirsrv/slapd-ds/access
and using credentials i am able to exec ldap search

Code:
ldapsearch -x -b "ou=People,dc=xx,dc=it" -D "uid=xxx,ou=People,dc=xxx,dc=it" -w xxx  "(objectClass=person)"  uid
# extended LDIF
#
# LDAPv3
# base<ou=People,dc=xxx,dc=it>  with scope subtree
# filter: (objectClass=person)
# requesting: uid
#

# udiprova, People, xxx.it
dn: uid=udiprova,ou=People,dc=xxx,dc=it
uid: udiprova

# bpb001, People, xxx.it
dn: uid=bpb001,ou=People,dc=xxx,dc=it
uid: bpb001

# xxx, People, xxx.it
dn: uid=xxx,ou=People,dc=xxx,dc=it
uid: xxx

# search result
search: 2
result: 0 Success

# numResponses: 4
# numEntries: 3
the issue is *after* authentication, the authentication with ldap is ok,
but after that, something into dsgw goes wrong

maybe there is something wrong in dsgw.conf:
Code:
baseurl ldap://localhost:389/ou%3DPeople,dc%3Dxxx,dc%3Dit
dirmgr "cn=Directory Manager"
location-suffix dc=xxx, dc=it
securitypath /etc/dirsrv/dsgw
htmldir /usr/share/dirsrv/dsgw/html/
configdir /usr/share/dirsrv/dsgw/config/
gwnametrans /dsgw/
authlifetime 7200
template group groupOfNames
template ntgroup groupOfUniqueNames ntGroup
template groupun groupOfUniqueNames
template org organization
template dc domain
template orgunit organizationalUnit
template ntperson person inetOrgPerson nTUser
template orgperson person inetOrgPerson
template person person
template country country
location country "Italy" "c=IT#"
location org "This Organization" ""
location dc "This Domaincomponent" ""
location groups "Groups" "ou=Groups"
location people "People" "ou=People"
location special "Special Users" "ou=Special Users"
charset UTF-8
include "/usr/share/dirsrv/dsgw/config/dsgw-l10n.confMaurizio Marini<maumar@cost.it>"
sadly, without a specific dsgw log, i cannot diagnose anything
there is no trace in any log of what is doing dsgw ;(
at this point, a dsgw specific log can be an RFE and as such it should filed on bugzilla
isn't it?

thnx for your attention
regards

-m


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-31-2012, 02:50 PM
Rich Megginson
 
Default Authentication failed because the server was unable to generate authentication credentials. The authentication database could not be opened.

On 03/31/2012 02:20 AM, Maurizio Marini wrote:

On Fri, 30 Mar 2012 14:45:28 -0600
Rich Megginson<rmeggins@redhat.com> wrote:

Hello Richard



Is there any dsgw log to diagnose better the issue?

ls -al /var/run/dirsrv/dsgw

empty


ls -al /var/run/dirsrv/dsgw/cookies

empty


But they exist? I wanted to see the ownership and permissions on these
directories. If you ran setup-ds-admin.pl and chose the defaults, these
directories should be owned by nobody:nobody and should be mode 0700
(-rwx------)






the admin server logs are in /var/log/dirsrv/admin-serv

there is nothing newer than 1 day ago


if i enter a wrong password, i get an error on
/var/log/dirsrv/slapd-ds/access
and using credentials i am able to exec ldap search

Code:
ldapsearch -x -b "ou=People,dc=xx,dc=it" -D "uid=xxx,ou=People,dc=xxx,dc=it" -w xxx  "(objectClass=person)"  uid
# extended LDIF
#
# LDAPv3
# base<ou=People,dc=xxx,dc=it>  with scope subtree
# filter: (objectClass=person)
# requesting: uid
#

# udiprova, People, xxx.it
dn: uid=udiprova,ou=People,dc=xxx,dc=it
uid: udiprova

# bpb001, People, xxx.it
dn: uid=bpb001,ou=People,dc=xxx,dc=it
uid: bpb001

# xxx, People, xxx.it
dn: uid=xxx,ou=People,dc=xxx,dc=it
uid: xxx

# search result
search: 2
result: 0 Success

# numResponses: 4
# numEntries: 3
the issue is *after* authentication, the authentication with ldap is ok,
but after that, something into dsgw goes wrong

maybe there is something wrong in dsgw.conf:
Code:
baseurl ldap://localhost:389/ou%3DPeople,dc%3Dxxx,dc%3Dit
dirmgr "cn=Directory Manager"
location-suffix dc=xxx, dc=it
This should not have a space in it - it should be dc=xxx,dc=it - if 
there are spaces in the values, then quote it like this:


location-suffix "dc=xxx, dc=it"



securitypath /etc/dirsrv/dsgw
htmldir /usr/share/dirsrv/dsgw/html/
configdir /usr/share/dirsrv/dsgw/config/
gwnametrans /dsgw/
authlifetime 7200
template group groupOfNames
template ntgroup groupOfUniqueNames ntGroup
template groupun groupOfUniqueNames
template org organization
template dc domain
template orgunit organizationalUnit
template ntperson person inetOrgPerson nTUser
template orgperson person inetOrgPerson
template person person
template country country
location country "Italy" "c=IT#"

Does this really have a "#" in it?

location org "This Organization" ""
location dc "This Domaincomponent" ""
location groups "Groups" "ou=Groups"
location people "People" "ou=People"
location special "Special Users" "ou=Special Users"
charset UTF-8
include "/usr/share/dirsrv/dsgw/config/dsgw-l10n.confMaurizio Marini<maumar@cost.it>"

Does this really have the string "Maurizio Marini <maumar@cost.it>" in it?
sadly, without a specific dsgw log, i cannot diagnose anything
there is no trace in any log of what is doing dsgw ;(
at this point, a dsgw specific log can be an RFE and as such it should filed on bugzilla
isn't it?

Trac - https://fedorahosted.org/389


thnx for your attention
regards

-m


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-31-2012, 03:12 PM
Rich Megginson
 
Default Authentication failed because the server was unable to generate authentication credentials. The authentication database could not be opened.

On 03/31/2012 02:20 AM, Maurizio Marini wrote:

On Fri, 30 Mar 2012 14:45:28 -0600
Rich Megginson<rmeggins@redhat.com> wrote:

Hello Richard



Is there any dsgw log to diagnose better the issue?

ls -al /var/run/dirsrv/dsgw

empty


ls -al /var/run/dirsrv/dsgw/cookies

empty


But they exist? I wanted to see the ownership and permissions on these
directories. If you ran setup-ds-admin.pl and chose the defaults, these
directories should be owned by nobody:nobody and should be mode 0700
(-rwx------)






the admin server logs are in /var/log/dirsrv/admin-serv

there is nothing newer than 1 day ago


if i enter a wrong password, i get an error on
/var/log/dirsrv/slapd-ds/access
and using credentials i am able to exec ldap search

Code:
ldapsearch -x -b "ou=People,dc=xx,dc=it" -D "uid=xxx,ou=People,dc=xxx,dc=it" -w xxx  "(objectClass=person)"  uid
# extended LDIF
#
# LDAPv3
# base<ou=People,dc=xxx,dc=it>  with scope subtree
# filter: (objectClass=person)
# requesting: uid
#

# udiprova, People, xxx.it
dn: uid=udiprova,ou=People,dc=xxx,dc=it
uid: udiprova

# bpb001, People, xxx.it
dn: uid=bpb001,ou=People,dc=xxx,dc=it
uid: bpb001

# xxx, People, xxx.it
dn: uid=xxx,ou=People,dc=xxx,dc=it
uid: xxx

# search result
search: 2
result: 0 Success

# numResponses: 4
# numEntries: 3
the issue is *after* authentication, the authentication with ldap is ok,
but after that, something into dsgw goes wrong

maybe there is something wrong in dsgw.conf:
Code:
baseurl ldap://localhost:389/ou%3DPeople,dc%3Dxxx,dc%3Dit
dirmgr "cn=Directory Manager"
location-suffix dc=xxx, dc=it
This should not have a space in it - it should be dc=xxx,dc=it - if 
there are spaces in the values, then quote it like this:


location-suffix "dc=xxx, dc=it"



securitypath /etc/dirsrv/dsgw
htmldir /usr/share/dirsrv/dsgw/html/
configdir /usr/share/dirsrv/dsgw/config/
gwnametrans /dsgw/
authlifetime 7200
template group groupOfNames
template ntgroup groupOfUniqueNames ntGroup
template groupun groupOfUniqueNames
template org organization
template dc domain
template orgunit organizationalUnit
template ntperson person inetOrgPerson nTUser
template orgperson person inetOrgPerson
template person person
template country country
location country "Italy" "c=IT#"

Does this really have a "#" in it?

location org "This Organization" ""
location dc "This Domaincomponent" ""
location groups "Groups" "ou=Groups"
location people "People" "ou=People"
location special "Special Users" "ou=Special Users"
charset UTF-8
include "/usr/share/dirsrv/dsgw/config/dsgw-l10n.confMaurizio Marini<maumar@cost.it>"

Does this really have the string "Maurizio Marini <maumar@cost.it>" in it?
sadly, without a specific dsgw log, i cannot diagnose anything
there is no trace in any log of what is doing dsgw ;(
at this point, a dsgw specific log can be an RFE and as such it should filed on bugzilla
isn't it?

Trac - https://fedorahosted.org/389


thnx for your attention
regards

-m


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-31-2012, 05:13 PM
Maurizio Marini
 
Default Authentication failed because the server was unable to generate authentication credentials. The authentication database could not be opened.

On Sat, 31 Mar 2012 09:12:43 -0600
Rich Megginson <rmeggins@redhat.com> wrote:


> > This is the problem. How did you install dsgw? From yum? Did you run
> setup-ds-dsgw after installing the packages?

no, i didn't, my fault
Now i did, and all went well, all is working smoothly
this is the wiki to be used first of all:
http://directory.fedoraproject.org/wiki/WebApps_Install
as pointed out at the bottom of the wiki i started with:
http://directory.fedoraproject.org/wiki/DSGW



best regards

-m



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 11:24 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org