[one-users] Sunstone login failure - bad decrypt
Carlos Jiménez
cjimenez at eneotecnologia.com
Sun Apr 8 06:21:20 PDT 2012
Hello everybody,
I have four computers with CentOS 6.2: 1 running as a NFS Server, 2 as
Host with KVM hypervisor installed and 1 as a Front-End with OpenNebula
3.2.1 installed.
According to the documentation, ssh, oneadmin uid/gid, user profile
(shared between all the computers by using NFS)... all of them have been
set up.
Additionally, I've installed and configured the front-end server to use
MySQL instead of SQLite. After granting the right permissions to the
opennebula table for the oneadmin user and once I've modified
/etc/one/oned.conf DB options, this part is running fine too.
I've used oneuser to modify the password of serveradmin and it seems
that it was successful.
This is the output of 'oneuser list':
ID GROUP NAME
AUTH PASSWORD
0 oneadmin oneadmin core
b29f6e6fed87fb100ae2e5921d66eb76d5670af7
1 oneadmin serveradmin server_c
a7d66b6799d29142042316cc8cee0f3c81eac33e
I've launched oned, oneacctd and sunstone-server as oneadmin and all of
them are running:
oneadmin 11364 0.0 0.1 1460920 10476 ? Sl Apr04 0:20
/usr/bin/oned -f
oneadmin 11389 0.0 0.0 43764 7020 ? SNl Apr04 3:29 \_
ruby /usr/lib/one/mads/one_vmm_exec.rb -t 15 -r 0 kvm
oneadmin 11400 0.0 0.0 39304 3984 ? SNl Apr04 3:28 \_
ruby /usr/lib/one/mads/one_im_exec.rb -r 0 -t 15 kvm
oneadmin 11410 0.0 0.0 39248 3932 ? SNl Apr04 3:27 \_
ruby /usr/lib/one/mads/one_tm.rb tm_shared/tm_shared.conf
oneadmin 11424 0.0 0.0 39212 3864 ? SNl Apr04 3:28 \_
ruby /usr/lib/one/mads/one_hm.rb
oneadmin 11435 0.0 0.0 39308 3988 ? SNl Apr04 3:36 \_
ruby /usr/lib/one/mads/one_image.rb fs -t 15
oneadmin 11445 0.2 0.0 39388 4104 ? SNl Apr04 13:16 \_
ruby /usr/lib/one/mads/one_auth_mad.rb --authn
ssh,x509,ldap,server_cipher,server_x509
oneadmin 11365 0.0 0.0 192196 5424 ? Sl Apr04 0:19
/usr/bin/mm_sched
oneadmin 11461 0.0 0.4 113828 32700 ? S Apr04 0:13 ruby
/usr/lib/one/ruby/acct/acctd.rb
oneadmin 11471 0.0 0.5 163548 43708 ? Sl Apr04 5:29 ruby
/usr/lib/one/sunstone/sunstone-server.rb
However, when I try to log in to Sunstone web interface using
serveradmin or oneadmin credentials (or whatever else) it always fails.
In the web it states that "OpenNebula is not running".
I've checked oned.log and this is the output of both attempts:
### serveradmin login attempt ###
Sun Apr 8 15:02:05 2012 [ReM][D]: UserPoolInfo method invoked
Sun Apr 8 15:02:05 2012 [AuM][D]: Message received: LOG I 9 Command
execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate
'serveradmin' 'a7d66b6799d29142042316cc8cee0f3c81eac33e'
gmxtq1n6pxBEwnyjP94dU1EihSzqOU3bQgVxVpIEizqsxonauO8PP/sNTclxWciE
Sun Apr 8 15:02:05 2012 [AuM][I]: Command execution fail:
/var/lib/one/remotes/auth/server_cipher/authenticate 'serveradmin'
'a7d66b6799d29142042316cc8cee0f3c81eac33e'
gmxtq1n6pxBEwnyjP94dU1EihSzqOU3bQgVxVpIEizqsxonauO8PP/sNTclxWciE
Sun Apr 8 15:02:05 2012 [AuM][D]: Message received: LOG E 9 bad decrypt
Sun Apr 8 15:02:05 2012 [AuM][I]: bad decrypt
Sun Apr 8 15:02:05 2012 [AuM][D]: Message received: LOG I 9 ExitCode: 255
Sun Apr 8 15:02:05 2012 [AuM][I]: ExitCode: 255
Sun Apr 8 15:02:05 2012 [AuM][D]: Message received: AUTHENTICATE
FAILURE 9 bad decrypt
Sun Apr 8 15:02:05 2012 [AuM][E]: Auth Error: bad decrypt
Sun Apr 8 15:02:05 2012 [ReM][E]: [UserPoolInfo] User couldn't be
authenticated, aborting call.
### oneadmin login attempt ###
Sun Apr 8 15:02:18 2012 [ReM][D]: UserPoolInfo method invoked
Sun Apr 8 15:02:18 2012 [AuM][D]: Message received: LOG I 10 Command
execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate
'serveradmin' 'a7d66b6799d29142042316cc8cee0f3c81eac33e'
gmxtq1n6pxBEwnyjP94dU1EihSzqOU3bQgVxVpIEizqsxonauO8PP/sNTclxWciE
Sun Apr 8 15:02:18 2012 [AuM][I]: Command execution fail:
/var/lib/one/remotes/auth/server_cipher/authenticate 'serveradmin'
'a7d66b6799d29142042316cc8cee0f3c81eac33e'
gmxtq1n6pxBEwnyjP94dU1EihSzqOU3bQgVxVpIEizqsxonauO8PP/sNTclxWciE
Sun Apr 8 15:02:18 2012 [AuM][D]: Message received: LOG E 10 bad decrypt
Sun Apr 8 15:02:18 2012 [AuM][I]: bad decrypt
Sun Apr 8 15:02:18 2012 [AuM][D]: Message received: LOG I 10 ExitCode: 255
Sun Apr 8 15:02:18 2012 [AuM][I]: ExitCode: 255
Sun Apr 8 15:02:18 2012 [AuM][D]: Message received: AUTHENTICATE
FAILURE 10 bad decrypt
Sun Apr 8 15:02:18 2012 [AuM][E]: Auth Error: bad decrypt
Sun Apr 8 15:02:18 2012 [ReM][E]: [UserPoolInfo] User couldn't be
authenticated, aborting call.
Sun Apr 8 15:02:22 2012 [ReM][D]: HostPoolInfo method invoked
Sun Apr 8 15:02:22 2012 [ReM][D]: VirtualMachinePoolInfo method invoked
Sun Apr 8 15:02:22 2012 [ReM][D]: AclInfo method invoked
I think that cipher_server is the right auth option in this case.
Notice that authenticate script in both cases receive 'serveradmin'
credentials regardless of the use of oneadmin credentials in the second
attempt.
Please, could anybody help me with this login failure issue?
Let me know if you need anything else.
Thanks in advance.
Carlos.
More information about the Users
mailing list