[one-users] Sunstone login failure - bad decrypt
Carlos Martín Sánchez
cmartin at opennebula.org
Mon Apr 9 01:51:26 PDT 2012
Hi,
serveradmin is a special user that the servers, like sunstone, use to
forward user requests to the core. You can't login with that user.
You have more information about the opennebula authentication here [1], and
what is the serveradmin account here [2]. In that second link you will also
find how to configure the servers to use the updated serveradmin password
you set.
Regards
[1] http://www.opennebula.org/documentation:rel3.2:external_auth
[2] http://www.opennebula.org/documentation:rel3.2:cloud_auth
--
Carlos Martín, MSc
Project Engineer
OpenNebula - The Open-source Solution for Data Center Virtualization
www.OpenNebula.org | cmartin at opennebula.org |
@OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>
2012/4/8 Carlos Jiménez <cjimenez at eneotecnologia.com>
> Hello everybody,
>
> I have four computers with CentOS 6.2: 1 running as a NFS Server, 2 as
> Host with KVM hypervisor installed and 1 as a Front-End with OpenNebula
> 3.2.1 installed.
> According to the documentation, ssh, oneadmin uid/gid, user profile
> (shared between all the computers by using NFS)... all of them have been
> set up.
> Additionally, I've installed and configured the front-end server to use
> MySQL instead of SQLite. After granting the right permissions to the
> opennebula table for the oneadmin user and once I've modified
> /etc/one/oned.conf DB options, this part is running fine too.
>
> I've used oneuser to modify the password of serveradmin and it seems that
> it was successful.
> This is the output of 'oneuser list':
>
> ID GROUP NAME AUTH
> PASSWORD
> 0 oneadmin oneadmin core
> b29f6e6fed87fb100ae2e5921d66eb**76d5670af7
> 1 oneadmin serveradmin server_c a7d66b6799d29142042316cc8cee0f
> **3c81eac33e
>
>
> I've launched oned, oneacctd and sunstone-server as oneadmin and all of
> them are running:
>
> oneadmin 11364 0.0 0.1 1460920 10476 ? Sl Apr04 0:20
> /usr/bin/oned -f
> oneadmin 11389 0.0 0.0 43764 7020 ? SNl Apr04 3:29 \_ ruby
> /usr/lib/one/mads/one_vmm_**exec.rb -t 15 -r 0 kvm
> oneadmin 11400 0.0 0.0 39304 3984 ? SNl Apr04 3:28 \_ ruby
> /usr/lib/one/mads/one_im_exec.**rb -r 0 -t 15 kvm
> oneadmin 11410 0.0 0.0 39248 3932 ? SNl Apr04 3:27 \_ ruby
> /usr/lib/one/mads/one_tm.rb tm_shared/tm_shared.conf
> oneadmin 11424 0.0 0.0 39212 3864 ? SNl Apr04 3:28 \_ ruby
> /usr/lib/one/mads/one_hm.rb
> oneadmin 11435 0.0 0.0 39308 3988 ? SNl Apr04 3:36 \_ ruby
> /usr/lib/one/mads/one_image.rb fs -t 15
> oneadmin 11445 0.2 0.0 39388 4104 ? SNl Apr04 13:16 \_ ruby
> /usr/lib/one/mads/one_auth_**mad.rb --authn ssh,x509,ldap,server_cipher,**
> server_x509
> oneadmin 11365 0.0 0.0 192196 5424 ? Sl Apr04 0:19
> /usr/bin/mm_sched
> oneadmin 11461 0.0 0.4 113828 32700 ? S Apr04 0:13 ruby
> /usr/lib/one/ruby/acct/acctd.**rb
> oneadmin 11471 0.0 0.5 163548 43708 ? Sl Apr04 5:29 ruby
> /usr/lib/one/sunstone/**sunstone-server.rb
>
>
> However, when I try to log in to Sunstone web interface using serveradmin
> or oneadmin credentials (or whatever else) it always fails. In the web it
> states that "OpenNebula is not running".
> I've checked oned.log and this is the output of both attempts:
>
>
> ### serveradmin login attempt ###
>
> Sun Apr 8 15:02:05 2012 [ReM][D]: UserPoolInfo method invoked
> Sun Apr 8 15:02:05 2012 [AuM][D]: Message received: LOG I 9 Command
> execution fail: /var/lib/one/remotes/auth/**server_cipher/authenticate
> 'serveradmin' '**a7d66b6799d29142042316cc8cee0f**3c81eac33e'
> gmxtq1n6pxBEwnyjP94dU1EihSzqOU**3bQgVxVpIEizqsxonauO8PP/**sNTclxWciE
> Sun Apr 8 15:02:05 2012 [AuM][I]: Command execution fail:
> /var/lib/one/remotes/auth/**server_cipher/authenticate 'serveradmin' '**
> a7d66b6799d29142042316cc8cee0f**3c81eac33e' gmxtq1n6pxBEwnyjP94dU1EihSzqOU
> **3bQgVxVpIEizqsxonauO8PP/**sNTclxWciE
> Sun Apr 8 15:02:05 2012 [AuM][D]: Message received: LOG E 9 bad decrypt
> Sun Apr 8 15:02:05 2012 [AuM][I]: bad decrypt
> Sun Apr 8 15:02:05 2012 [AuM][D]: Message received: LOG I 9 ExitCode: 255
> Sun Apr 8 15:02:05 2012 [AuM][I]: ExitCode: 255
> Sun Apr 8 15:02:05 2012 [AuM][D]: Message received: AUTHENTICATE FAILURE
> 9 bad decrypt
> Sun Apr 8 15:02:05 2012 [AuM][E]: Auth Error: bad decrypt
> Sun Apr 8 15:02:05 2012 [ReM][E]: [UserPoolInfo] User couldn't be
> authenticated, aborting call.
>
>
> ### oneadmin login attempt ###
>
> Sun Apr 8 15:02:18 2012 [ReM][D]: UserPoolInfo method invoked
> Sun Apr 8 15:02:18 2012 [AuM][D]: Message received: LOG I 10 Command
> execution fail: /var/lib/one/remotes/auth/**server_cipher/authenticate
> 'serveradmin' '**a7d66b6799d29142042316cc8cee0f**3c81eac33e'
> gmxtq1n6pxBEwnyjP94dU1EihSzqOU**3bQgVxVpIEizqsxonauO8PP/**sNTclxWciE
> Sun Apr 8 15:02:18 2012 [AuM][I]: Command execution fail:
> /var/lib/one/remotes/auth/**server_cipher/authenticate 'serveradmin' '**
> a7d66b6799d29142042316cc8cee0f**3c81eac33e' gmxtq1n6pxBEwnyjP94dU1EihSzqOU
> **3bQgVxVpIEizqsxonauO8PP/**sNTclxWciE
> Sun Apr 8 15:02:18 2012 [AuM][D]: Message received: LOG E 10 bad decrypt
> Sun Apr 8 15:02:18 2012 [AuM][I]: bad decrypt
> Sun Apr 8 15:02:18 2012 [AuM][D]: Message received: LOG I 10 ExitCode: 255
> Sun Apr 8 15:02:18 2012 [AuM][I]: ExitCode: 255
> Sun Apr 8 15:02:18 2012 [AuM][D]: Message received: AUTHENTICATE FAILURE
> 10 bad decrypt
> Sun Apr 8 15:02:18 2012 [AuM][E]: Auth Error: bad decrypt
> Sun Apr 8 15:02:18 2012 [ReM][E]: [UserPoolInfo] User couldn't be
> authenticated, aborting call.
> Sun Apr 8 15:02:22 2012 [ReM][D]: HostPoolInfo method invoked
> Sun Apr 8 15:02:22 2012 [ReM][D]: VirtualMachinePoolInfo method invoked
> Sun Apr 8 15:02:22 2012 [ReM][D]: AclInfo method invoked
>
> I think that cipher_server is the right auth option in this case.
> Notice that authenticate script in both cases receive 'serveradmin'
> credentials regardless of the use of oneadmin credentials in the second
> attempt.
>
> Please, could anybody help me with this login failure issue?
>
> Let me know if you need anything else.
>
>
> Thanks in advance.
>
> Carlos.
> ______________________________**_________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/**listinfo.cgi/users-opennebula.**org<http://lists.opennebula.org/listinfo.cgi/users-opennebula.org>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120409/d7010c2c/attachment-0002.htm>
More information about the Users
mailing list