[one-users] Sunstone login failure - bad decrypt

Carlos Martín Sánchez cmartin at opennebula.org
Mon Apr 9 01:51:26 PDT 2012


Hi,

serveradmin is a special user that the servers, like sunstone, use to
forward user requests to the core. You can't login with that user.

You have more information about the opennebula authentication here [1], and
what is the serveradmin account here [2]. In that second link you will also
find how to configure the servers to use the updated serveradmin password
you set.

Regards

[1] http://www.opennebula.org/documentation:rel3.2:external_auth
[2] http://www.opennebula.org/documentation:rel3.2:cloud_auth

--
Carlos Martín, MSc
Project Engineer
OpenNebula - The Open-source Solution for Data Center Virtualization
www.OpenNebula.org | cmartin at opennebula.org |
@OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>



2012/4/8 Carlos Jiménez <cjimenez at eneotecnologia.com>

> Hello everybody,
>
> I have four computers with CentOS 6.2: 1 running as a NFS Server, 2 as
> Host with KVM hypervisor installed and 1 as a Front-End with OpenNebula
> 3.2.1 installed.
> According to the documentation, ssh, oneadmin uid/gid, user profile
> (shared between all the computers by using NFS)... all of them have been
> set up.
> Additionally, I've installed and configured the front-end server to use
> MySQL instead of SQLite. After granting the right permissions to the
> opennebula table for the oneadmin user and once I've modified
> /etc/one/oned.conf DB options, this part is running fine too.
>
> I've used oneuser to modify the password of serveradmin and it seems that
> it was successful.
> This is the output of 'oneuser list':
>
> ID GROUP     NAME               AUTH
>      PASSWORD
>  0 oneadmin oneadmin        core
> b29f6e6fed87fb100ae2e5921d66eb**76d5670af7
>  1 oneadmin serveradmin    server_c         a7d66b6799d29142042316cc8cee0f
> **3c81eac33e
>
>
> I've launched oned, oneacctd and sunstone-server as oneadmin and all of
> them are running:
>
> oneadmin 11364  0.0  0.1 1460920 10476 ?       Sl   Apr04   0:20
> /usr/bin/oned -f
> oneadmin 11389  0.0  0.0  43764  7020 ?        SNl  Apr04   3:29  \_ ruby
> /usr/lib/one/mads/one_vmm_**exec.rb -t 15 -r 0 kvm
> oneadmin 11400  0.0  0.0  39304  3984 ?        SNl  Apr04   3:28  \_ ruby
> /usr/lib/one/mads/one_im_exec.**rb -r 0 -t 15 kvm
> oneadmin 11410  0.0  0.0  39248  3932 ?        SNl  Apr04   3:27  \_ ruby
> /usr/lib/one/mads/one_tm.rb tm_shared/tm_shared.conf
> oneadmin 11424  0.0  0.0  39212  3864 ?        SNl  Apr04   3:28  \_ ruby
> /usr/lib/one/mads/one_hm.rb
> oneadmin 11435  0.0  0.0  39308  3988 ?        SNl  Apr04   3:36  \_ ruby
> /usr/lib/one/mads/one_image.rb fs -t 15
> oneadmin 11445  0.2  0.0  39388  4104 ?        SNl  Apr04  13:16  \_ ruby
> /usr/lib/one/mads/one_auth_**mad.rb --authn ssh,x509,ldap,server_cipher,**
> server_x509
> oneadmin 11365  0.0  0.0 192196  5424 ?        Sl   Apr04   0:19
> /usr/bin/mm_sched
> oneadmin 11461  0.0  0.4 113828 32700 ?        S    Apr04   0:13 ruby
> /usr/lib/one/ruby/acct/acctd.**rb
> oneadmin 11471  0.0  0.5 163548 43708 ?        Sl   Apr04   5:29 ruby
> /usr/lib/one/sunstone/**sunstone-server.rb
>
>
> However, when I try to log in to Sunstone web interface using serveradmin
> or oneadmin credentials (or whatever else) it always fails. In the web it
> states that "OpenNebula is not running".
> I've checked oned.log and this is the output of both attempts:
>
>
> ### serveradmin login attempt ###
>
> Sun Apr  8 15:02:05 2012 [ReM][D]: UserPoolInfo method invoked
> Sun Apr  8 15:02:05 2012 [AuM][D]: Message received: LOG I 9 Command
> execution fail: /var/lib/one/remotes/auth/**server_cipher/authenticate
> 'serveradmin' '**a7d66b6799d29142042316cc8cee0f**3c81eac33e'
> gmxtq1n6pxBEwnyjP94dU1EihSzqOU**3bQgVxVpIEizqsxonauO8PP/**sNTclxWciE
> Sun Apr  8 15:02:05 2012 [AuM][I]: Command execution fail:
> /var/lib/one/remotes/auth/**server_cipher/authenticate 'serveradmin' '**
> a7d66b6799d29142042316cc8cee0f**3c81eac33e' gmxtq1n6pxBEwnyjP94dU1EihSzqOU
> **3bQgVxVpIEizqsxonauO8PP/**sNTclxWciE
> Sun Apr  8 15:02:05 2012 [AuM][D]: Message received: LOG E 9 bad decrypt
> Sun Apr  8 15:02:05 2012 [AuM][I]: bad decrypt
> Sun Apr  8 15:02:05 2012 [AuM][D]: Message received: LOG I 9 ExitCode: 255
> Sun Apr  8 15:02:05 2012 [AuM][I]: ExitCode: 255
> Sun Apr  8 15:02:05 2012 [AuM][D]: Message received: AUTHENTICATE FAILURE
> 9 bad decrypt
> Sun Apr  8 15:02:05 2012 [AuM][E]: Auth Error: bad decrypt
> Sun Apr  8 15:02:05 2012 [ReM][E]: [UserPoolInfo] User couldn't be
> authenticated, aborting call.
>
>
> ### oneadmin login attempt ###
>
> Sun Apr  8 15:02:18 2012 [ReM][D]: UserPoolInfo method invoked
> Sun Apr  8 15:02:18 2012 [AuM][D]: Message received: LOG I 10 Command
> execution fail: /var/lib/one/remotes/auth/**server_cipher/authenticate
> 'serveradmin' '**a7d66b6799d29142042316cc8cee0f**3c81eac33e'
> gmxtq1n6pxBEwnyjP94dU1EihSzqOU**3bQgVxVpIEizqsxonauO8PP/**sNTclxWciE
> Sun Apr  8 15:02:18 2012 [AuM][I]: Command execution fail:
> /var/lib/one/remotes/auth/**server_cipher/authenticate 'serveradmin' '**
> a7d66b6799d29142042316cc8cee0f**3c81eac33e' gmxtq1n6pxBEwnyjP94dU1EihSzqOU
> **3bQgVxVpIEizqsxonauO8PP/**sNTclxWciE
> Sun Apr  8 15:02:18 2012 [AuM][D]: Message received: LOG E 10 bad decrypt
> Sun Apr  8 15:02:18 2012 [AuM][I]: bad decrypt
> Sun Apr  8 15:02:18 2012 [AuM][D]: Message received: LOG I 10 ExitCode: 255
> Sun Apr  8 15:02:18 2012 [AuM][I]: ExitCode: 255
> Sun Apr  8 15:02:18 2012 [AuM][D]: Message received: AUTHENTICATE FAILURE
> 10 bad decrypt
> Sun Apr  8 15:02:18 2012 [AuM][E]: Auth Error: bad decrypt
> Sun Apr  8 15:02:18 2012 [ReM][E]: [UserPoolInfo] User couldn't be
> authenticated, aborting call.
> Sun Apr  8 15:02:22 2012 [ReM][D]: HostPoolInfo method invoked
> Sun Apr  8 15:02:22 2012 [ReM][D]: VirtualMachinePoolInfo method invoked
> Sun Apr  8 15:02:22 2012 [ReM][D]: AclInfo method invoked
>
> I think that cipher_server is the right auth option in this case.
> Notice that authenticate script in both cases receive 'serveradmin'
> credentials regardless of the use of oneadmin credentials in the second
> attempt.
>
> Please, could anybody help me with this login failure issue?
>
> Let me know if you need anything else.
>
>
> Thanks in advance.
>
> Carlos.
> ______________________________**_________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/**listinfo.cgi/users-opennebula.**org<http://lists.opennebula.org/listinfo.cgi/users-opennebula.org>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120409/d7010c2c/attachment-0003.htm>


More information about the Users mailing list