[one-users] Sunstone login failure - bad decrypt

Carlos Jiménez cjimenez at eneotecnologia.com
Sun Apr 8 06:21:20 PDT 2012 

Hello everybody,

I have four computers with CentOS 6.2: 1 running as a NFS Server, 2 as 
Host with KVM hypervisor installed and 1 as a Front-End with OpenNebula 
3.2.1 installed.
According to the documentation, ssh, oneadmin uid/gid, user profile 
(shared between all the computers by using NFS)... all of them have been 
set up.
Additionally, I've installed and configured the front-end server to use 
MySQL instead of SQLite. After granting the right permissions to the 
opennebula table for the oneadmin user and once I've modified 
/etc/one/oned.conf DB options, this part is running fine too.

I've used oneuser to modify the password of serveradmin and it seems 
that it was successful.
This is the output of 'oneuser list':

ID GROUP     NAME               
AUTH                                            PASSWORD
  0 oneadmin oneadmin        core               
b29f6e6fed87fb100ae2e5921d66eb76d5670af7
  1 oneadmin serveradmin    server_c         
a7d66b6799d29142042316cc8cee0f3c81eac33e


I've launched oned, oneacctd and sunstone-server as oneadmin and all of 
them are running:

oneadmin 11364  0.0  0.1 1460920 10476 ?       Sl   Apr04   0:20 
/usr/bin/oned -f
oneadmin 11389  0.0  0.0  43764  7020 ?        SNl  Apr04   3:29  \_ 
ruby /usr/lib/one/mads/one_vmm_exec.rb -t 15 -r 0 kvm
oneadmin 11400  0.0  0.0  39304  3984 ?        SNl  Apr04   3:28  \_ 
ruby /usr/lib/one/mads/one_im_exec.rb -r 0 -t 15 kvm
oneadmin 11410  0.0  0.0  39248  3932 ?        SNl  Apr04   3:27  \_ 
ruby /usr/lib/one/mads/one_tm.rb tm_shared/tm_shared.conf
oneadmin 11424  0.0  0.0  39212  3864 ?        SNl  Apr04   3:28  \_ 
ruby /usr/lib/one/mads/one_hm.rb
oneadmin 11435  0.0  0.0  39308  3988 ?        SNl  Apr04   3:36  \_ 
ruby /usr/lib/one/mads/one_image.rb fs -t 15
oneadmin 11445  0.2  0.0  39388  4104 ?        SNl  Apr04  13:16  \_ 
ruby /usr/lib/one/mads/one_auth_mad.rb --authn 
ssh,x509,ldap,server_cipher,server_x509
oneadmin 11365  0.0  0.0 192196  5424 ?        Sl   Apr04   0:19 
/usr/bin/mm_sched
oneadmin 11461  0.0  0.4 113828 32700 ?        S    Apr04   0:13 ruby 
/usr/lib/one/ruby/acct/acctd.rb
oneadmin 11471  0.0  0.5 163548 43708 ?        Sl   Apr04   5:29 ruby 
/usr/lib/one/sunstone/sunstone-server.rb


However, when I try to log in to Sunstone web interface using 
serveradmin or oneadmin credentials (or whatever else) it always fails. 
In the web it states that "OpenNebula is not running".
I've checked oned.log and this is the output of both attempts:


### serveradmin login attempt ###

Sun Apr  8 15:02:05 2012 [ReM][D]: UserPoolInfo method invoked
Sun Apr  8 15:02:05 2012 [AuM][D]: Message received: LOG I 9 Command 
execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate 
'serveradmin' 'a7d66b6799d29142042316cc8cee0f3c81eac33e' 
gmxtq1n6pxBEwnyjP94dU1EihSzqOU3bQgVxVpIEizqsxonauO8PP/sNTclxWciE
Sun Apr  8 15:02:05 2012 [AuM][I]: Command execution fail: 
/var/lib/one/remotes/auth/server_cipher/authenticate 'serveradmin' 
'a7d66b6799d29142042316cc8cee0f3c81eac33e' 
gmxtq1n6pxBEwnyjP94dU1EihSzqOU3bQgVxVpIEizqsxonauO8PP/sNTclxWciE
Sun Apr  8 15:02:05 2012 [AuM][D]: Message received: LOG E 9 bad decrypt
Sun Apr  8 15:02:05 2012 [AuM][I]: bad decrypt
Sun Apr  8 15:02:05 2012 [AuM][D]: Message received: LOG I 9 ExitCode: 255
Sun Apr  8 15:02:05 2012 [AuM][I]: ExitCode: 255
Sun Apr  8 15:02:05 2012 [AuM][D]: Message received: AUTHENTICATE 
FAILURE 9 bad decrypt
Sun Apr  8 15:02:05 2012 [AuM][E]: Auth Error: bad decrypt
Sun Apr  8 15:02:05 2012 [ReM][E]: [UserPoolInfo] User couldn't be 
authenticated, aborting call.


### oneadmin login attempt ###

Sun Apr  8 15:02:18 2012 [ReM][D]: UserPoolInfo method invoked
Sun Apr  8 15:02:18 2012 [AuM][D]: Message received: LOG I 10 Command 
execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate 
'serveradmin' 'a7d66b6799d29142042316cc8cee0f3c81eac33e' 
gmxtq1n6pxBEwnyjP94dU1EihSzqOU3bQgVxVpIEizqsxonauO8PP/sNTclxWciE
Sun Apr  8 15:02:18 2012 [AuM][I]: Command execution fail: 
/var/lib/one/remotes/auth/server_cipher/authenticate 'serveradmin' 
'a7d66b6799d29142042316cc8cee0f3c81eac33e' 
gmxtq1n6pxBEwnyjP94dU1EihSzqOU3bQgVxVpIEizqsxonauO8PP/sNTclxWciE
Sun Apr  8 15:02:18 2012 [AuM][D]: Message received: LOG E 10 bad decrypt
Sun Apr  8 15:02:18 2012 [AuM][I]: bad decrypt
Sun Apr  8 15:02:18 2012 [AuM][D]: Message received: LOG I 10 ExitCode: 255
Sun Apr  8 15:02:18 2012 [AuM][I]: ExitCode: 255
Sun Apr  8 15:02:18 2012 [AuM][D]: Message received: AUTHENTICATE 
FAILURE 10 bad decrypt
Sun Apr  8 15:02:18 2012 [AuM][E]: Auth Error: bad decrypt
Sun Apr  8 15:02:18 2012 [ReM][E]: [UserPoolInfo] User couldn't be 
authenticated, aborting call.
Sun Apr  8 15:02:22 2012 [ReM][D]: HostPoolInfo method invoked
Sun Apr  8 15:02:22 2012 [ReM][D]: VirtualMachinePoolInfo method invoked
Sun Apr  8 15:02:22 2012 [ReM][D]: AclInfo method invoked

I think that cipher_server is the right auth option in this case.
Notice that authenticate script in both cases receive 'serveradmin' 
credentials regardless of the use of oneadmin credentials in the second 
attempt.

Please, could anybody help me with this login failure issue?

Let me know if you need anything else.


Thanks in advance.

Carlos.

More information about the Users mailing list