<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Carlos,<br>
<br>
According to the part of the update of the serveradmin password, I
thought it was enough using 'oneuser passwd' command. It seems I was
wrong. Therefore, I've tried this:<br>
1. 'oneuser passwd 1 password'<br>
2. Editing sunstone_auth and modifying the password field (from
"32e5b0cdcc08c836dfac6a598695fd2e84acebc0" to "password").<br>
3. Log in to the Sunstone Web Interface with oneadmin credentials<br>
<br>
I think that matches the procedure explained in the documentation.
However, the result has been the same as previously (failure), but
in this case, oned.log showed a message related to the use of a key
length too short. This is the output:<br>
<br>
<small><font face="Helvetica, Arial, sans-serif">Mon Apr 9 16:28:17
2012 [ReM][D]: UserPoolInfo method invoked<br>
Mon Apr 9 16:28:17 2012 [AuM][D]: Message received: LOG I 0
Command execution fail:
/var/lib/one/remotes/auth/server_cipher/authenticate
'serveradmin' 'password'
JiInGlGUMB3IBo5GK9w3q9POxvRC8z/NdZLtEQpuno4jkwpY1kQDn0gO4ao3hol/<br>
Mon Apr 9 16:28:17 2012 [AuM][I]: Command execution fail:
/var/lib/one/remotes/auth/server_cipher/authenticate
'serveradmin' 'password'
JiInGlGUMB3IBo5GK9w3q9POxvRC8z/NdZLtEQpuno4jkwpY1kQDn0gO4ao3hol/<br>
Mon Apr 9 16:28:17 2012 [AuM][D]: Message received: LOG E 0 key
length too short<br>
Mon Apr 9 16:28:17 2012 [AuM][I]: key length too short<br>
Mon Apr 9 16:28:17 2012 [AuM][D]: Message received: LOG I 0
ExitCode: 255<br>
Mon Apr 9 16:28:17 2012 [AuM][I]: ExitCode: 255<br>
Mon Apr 9 16:28:17 2012 [AuM][D]: Message received:
AUTHENTICATE FAILURE 0 key length too short<br>
Mon Apr 9 16:28:17 2012 [AuM][E]: Auth Error: key length too
short<br>
Mon Apr 9 16:28:17 2012 [ReM][E]: [UserPoolInfo] User couldn't
be authenticated, aborting call.</font></small><br>
<br>
<br>
Additional information:<br>
<br>
### sunstone_auth ###<br>
<font face="Helvetica, Arial, sans-serif">serveradmin:password</font><br>
<br>
### 'oneuser list -x' ###<br>
<small><font face="Helvetica, Arial, sans-serif"><USER_POOL><br>
<USER><br>
<ID>0</ID><br>
<GID>0</GID><br>
<GNAME>oneadmin</GNAME><br>
<NAME>oneadmin</NAME><br>
<PASSWORD>b29f6e6fed87fb100ae2e5921d66eb76d5670af7</PASSWORD><br>
<AUTH_DRIVER>core</AUTH_DRIVER><br>
<ENABLED>1</ENABLED><br>
<TEMPLATE/><br>
</USER><br>
<USER><br>
<ID>1</ID><br>
<GID>0</GID><br>
<GNAME>oneadmin</GNAME><br>
<NAME>serveradmin</NAME><br>
<PASSWORD>password</PASSWORD><br>
<AUTH_DRIVER>server_cipher</AUTH_DRIVER><br>
<ENABLED>1</ENABLED><br>
<TEMPLATE/><br>
</USER><br>
</USER_POOL></font></small><br>
<br>
I thought it was enough using oneuser and editing sunstone-auth.
Does it require additional actions?<br>
<br>
<br>
Thanks,<br>
<br>
Carlos.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
On 04/09/2012 10:51 AM, Carlos Martín Sánchez wrote:
<blockquote
cite="mid:CAEPYvF+FsusFzeVoDJ4wrznBrgSLkMK4h=PEWfpvSHwqmgnwPQ@mail.gmail.com"
type="cite">Hi,
<div><br>
</div>
<div>serveradmin is a special user that the servers, like
sunstone, use to forward user requests to the core. You can't
login with that user.</div>
<div><br>
</div>
<div>You have more information about the opennebula authentication
here [1], and what is the serveradmin account here [2]. In that
second link you will also find how to configure the servers to
use the updated serveradmin password you set.</div>
<div><br>
</div>
<div>Regards</div>
<div><br>
</div>
<div>[1] <a moz-do-not-send="true"
href="http://www.opennebula.org/documentation:rel3.2:external_auth">http://www.opennebula.org/documentation:rel3.2:external_auth</a></div>
<div>[2] <a moz-do-not-send="true"
href="http://www.opennebula.org/documentation:rel3.2:cloud_auth">http://www.opennebula.org/documentation:rel3.2:cloud_auth</a></div>
<div><br>
<div>--<br>
Carlos Martín, MSc<br>
Project Engineer<br>
OpenNebula - The Open-source Solution for Data Center
Virtualization
<div><span
style="border-collapse:collapse;color:rgb(136,136,136);font-family:arial,sans-serif;font-size:13px"><a
moz-do-not-send="true" href="http://www.OpenNebula.org"
target="_blank">www.OpenNebula.org</a> | <a
moz-do-not-send="true"
href="mailto:cmartin@opennebula.org" target="_blank">cmartin@opennebula.org</a>
| <a moz-do-not-send="true"
href="http://twitter.com/opennebula" target="_blank">@OpenNebula</a></span><span
style="border-collapse:collapse;color:rgb(136,136,136);font-family:arial,sans-serif;font-size:13px"></span></div>
<br>
<br>
<br>
<div class="gmail_quote">2012/4/8 Carlos Jiménez <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:cjimenez@eneotecnologia.com">cjimenez@eneotecnologia.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello everybody,<br>
<br>
I have four computers with CentOS 6.2: 1 running as a NFS
Server, 2 as Host with KVM hypervisor installed and 1 as a
Front-End with OpenNebula 3.2.1 installed.<br>
According to the documentation, ssh, oneadmin uid/gid,
user profile (shared between all the computers by using
NFS)... all of them have been set up.<br>
Additionally, I've installed and configured the front-end
server to use MySQL instead of SQLite. After granting the
right permissions to the opennebula table for the oneadmin
user and once I've modified /etc/one/oned.conf DB options,
this part is running fine too.<br>
<br>
I've used oneuser to modify the password of serveradmin
and it seems that it was successful.<br>
This is the output of 'oneuser list':<br>
<br>
ID GROUP NAME AUTH
PASSWORD<br>
0 oneadmin oneadmin core
b29f6e6fed87fb100ae2e5921d66eb76d5670af7<br>
1 oneadmin serveradmin server_c
a7d66b6799d29142042316cc8cee0f3c81eac33e<br>
<br>
<br>
I've launched oned, oneacctd and sunstone-server as
oneadmin and all of them are running:<br>
<br>
oneadmin 11364 0.0 0.1 1460920 10476 ? Sl Apr04
0:20 /usr/bin/oned -f<br>
oneadmin 11389 0.0 0.0 43764 7020 ? SNl Apr04
3:29 \_ ruby /usr/lib/one/mads/one_vmm_exec.rb -t 15 -r
0 kvm<br>
oneadmin 11400 0.0 0.0 39304 3984 ? SNl Apr04
3:28 \_ ruby /usr/lib/one/mads/one_im_exec.rb -r 0 -t
15 kvm<br>
oneadmin 11410 0.0 0.0 39248 3932 ? SNl Apr04
3:27 \_ ruby /usr/lib/one/mads/one_tm.rb
tm_shared/tm_shared.conf<br>
oneadmin 11424 0.0 0.0 39212 3864 ? SNl Apr04
3:28 \_ ruby /usr/lib/one/mads/one_hm.rb<br>
oneadmin 11435 0.0 0.0 39308 3988 ? SNl Apr04
3:36 \_ ruby /usr/lib/one/mads/one_image.rb fs -t 15<br>
oneadmin 11445 0.2 0.0 39388 4104 ? SNl Apr04
13:16 \_ ruby /usr/lib/one/mads/one_auth_mad.rb --authn
ssh,x509,ldap,server_cipher,server_x509<br>
oneadmin 11365 0.0 0.0 192196 5424 ? Sl Apr04
0:19 /usr/bin/mm_sched<br>
oneadmin 11461 0.0 0.4 113828 32700 ? S Apr04
0:13 ruby /usr/lib/one/ruby/acct/acctd.rb<br>
oneadmin 11471 0.0 0.5 163548 43708 ? Sl Apr04
5:29 ruby /usr/lib/one/sunstone/sunstone-server.rb<br>
<br>
<br>
However, when I try to log in to Sunstone web interface
using serveradmin or oneadmin credentials (or whatever
else) it always fails. In the web it states that
"OpenNebula is not running".<br>
I've checked oned.log and this is the output of both
attempts:<br>
<br>
<br>
### serveradmin login attempt ###<br>
<br>
Sun Apr 8 15:02:05 2012 [ReM][D]: UserPoolInfo method
invoked<br>
Sun Apr 8 15:02:05 2012 [AuM][D]: Message received: LOG I
9 Command execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate
'serveradmin' 'a7d66b6799d29142042316cc8cee0f3c81eac33e'
gmxtq1n6pxBEwnyjP94dU1EihSzqOU3bQgVxVpIEizqsxonauO8PP/sNTclxWciE<br>
Sun Apr 8 15:02:05 2012 [AuM][I]: Command execution fail:
/var/lib/one/remotes/auth/server_cipher/authenticate
'serveradmin' 'a7d66b6799d29142042316cc8cee0f3c81eac33e'
gmxtq1n6pxBEwnyjP94dU1EihSzqOU3bQgVxVpIEizqsxonauO8PP/sNTclxWciE<br>
Sun Apr 8 15:02:05 2012 [AuM][D]: Message received: LOG E
9 bad decrypt<br>
Sun Apr 8 15:02:05 2012 [AuM][I]: bad decrypt<br>
Sun Apr 8 15:02:05 2012 [AuM][D]: Message received: LOG I
9 ExitCode: 255<br>
Sun Apr 8 15:02:05 2012 [AuM][I]: ExitCode: 255<br>
Sun Apr 8 15:02:05 2012 [AuM][D]: Message received:
AUTHENTICATE FAILURE 9 bad decrypt<br>
Sun Apr 8 15:02:05 2012 [AuM][E]: Auth Error: bad decrypt<br>
Sun Apr 8 15:02:05 2012 [ReM][E]: [UserPoolInfo] User
couldn't be authenticated, aborting call.<br>
<br>
<br>
### oneadmin login attempt ###<br>
<br>
Sun Apr 8 15:02:18 2012 [ReM][D]: UserPoolInfo method
invoked<br>
Sun Apr 8 15:02:18 2012 [AuM][D]: Message received: LOG I
10 Command execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate
'serveradmin' 'a7d66b6799d29142042316cc8cee0f3c81eac33e'
gmxtq1n6pxBEwnyjP94dU1EihSzqOU3bQgVxVpIEizqsxonauO8PP/sNTclxWciE<br>
Sun Apr 8 15:02:18 2012 [AuM][I]: Command execution fail:
/var/lib/one/remotes/auth/server_cipher/authenticate
'serveradmin' 'a7d66b6799d29142042316cc8cee0f3c81eac33e'
gmxtq1n6pxBEwnyjP94dU1EihSzqOU3bQgVxVpIEizqsxonauO8PP/sNTclxWciE<br>
Sun Apr 8 15:02:18 2012 [AuM][D]: Message received: LOG E
10 bad decrypt<br>
Sun Apr 8 15:02:18 2012 [AuM][I]: bad decrypt<br>
Sun Apr 8 15:02:18 2012 [AuM][D]: Message received: LOG I
10 ExitCode: 255<br>
Sun Apr 8 15:02:18 2012 [AuM][I]: ExitCode: 255<br>
Sun Apr 8 15:02:18 2012 [AuM][D]: Message received:
AUTHENTICATE FAILURE 10 bad decrypt<br>
Sun Apr 8 15:02:18 2012 [AuM][E]: Auth Error: bad decrypt<br>
Sun Apr 8 15:02:18 2012 [ReM][E]: [UserPoolInfo] User
couldn't be authenticated, aborting call.<br>
Sun Apr 8 15:02:22 2012 [ReM][D]: HostPoolInfo method
invoked<br>
Sun Apr 8 15:02:22 2012 [ReM][D]: VirtualMachinePoolInfo
method invoked<br>
Sun Apr 8 15:02:22 2012 [ReM][D]: AclInfo method invoked<br>
<br>
I think that cipher_server is the right auth option in
this case.<br>
Notice that authenticate script in both cases receive
'serveradmin' credentials regardless of the use of
oneadmin credentials in the second attempt.<br>
<br>
Please, could anybody help me with this login failure
issue?<br>
<br>
Let me know if you need anything else.<br>
<br>
<br>
Thanks in advance.<br>
<br>
Carlos.<br>
_______________________________________________<br>
Users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a><br>
<a moz-do-not-send="true"
href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org"
target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
</body>
</html>