Fedora directory users - Mar 2006 - Can''t login to console

I am trying to setup Fedora Directory Server 1.0.1 on an x86 box running
RedHat ES4 in a VMWare session.

I''ve run setup.  I''ve created a user and group dsuser which is
set as the
server user.  I set the admin to be dsadmin.  I set the admin server to be
run as root.

setup completes and appears to start correctly.

I use the following line to launch the console:

./startconsole –x nologo –u dsadmin –a
http://rheles4rs1.forayadams.foray.com:45303

In the login window I enter the dsadmin password.  I then get a panel with
the following message:

Cannot logon because of incorrect User ID,
incorrect password or Directory problem.

HttpException:
Response: HTTP/1.1 401 Authorization Required
Status: 401
URL: http://rheles4rs1.forayadams.foray.com:45303/admin-serv/authenticate

I''m sure I''ve done something stupid and basic somewhere, but I
have no idea
what and I can''t find anything about this via search.

Does anyone have any ideas as to what I''ve done wrong?

Thanks,
-Mont

Mont Rothstein wrote:
>
> In the login window I enter the dsadmin password.  I then get a panel 
> with the following message:
>
> Cannot logon because of incorrect User ID,
> incorrect password or Directory problem.
FWIW, I got this exact same message until I turned iptables off (and 
then modified).  Possibly a coincidence, but this is just to suggest 
that the above message could result from port/reachability issues.

Jim

I have both the firewall and SELinux turned off.

-Mont

On 3/2/06, Jim Hogan <jimh@u.washington.edu>
wrote:
>
> Mont Rothstein wrote:
>
> >
> > In the login window I enter the dsadmin password.  I then get a panel
> > with the following message:
> >
> > Cannot logon because of incorrect User ID,
> > incorrect password or Directory problem.
>
> FWIW, I got this exact same message until I turned iptables off (and
> then modified).  Possibly a coincidence, but this is just to suggest
> that the above message could result from port/reachability issues.
>
> Jim
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

Mont Rothstein wrote:
> I am trying to setup Fedora Directory Server 1.0.1 on an x86 box 
> running RedHat ES4 in a VMWare session.
What version of Apache are you running on the system?
>
> I''ve run setup.  I''ve created a user and group dsuser
which is set as
> the server user.  I set the admin to be dsadmin.  I set the admin 
> server to be run as root.
>
> setup completes and appears to start correctly.
>
> I use the following line to launch the console:
>
> ./startconsole –x nologo –u dsadmin –a 
> http://rheles4rs1.forayadams.foray.com:45303
>
> In the login window I enter the dsadmin password.  I then get a panel 
> with the following message:
>
> Cannot logon because of incorrect User ID,
> incorrect password or Directory problem.
>
> HttpException:
> Response: HTTP/1.1 401 Authorization Required
> Status: 401
> URL: http://rheles4rs1.forayadams.foray.com:45303/admin-serv/authenticate
>
> I''m sure I''ve done something stupid and basic somewhere,
but I have no
> idea what and I can''t find anything about this via search.
>
> Does anyone have any ideas as to what I''ve done wrong?
Make sure that your directory server is up and running.  You should try 
doing an ldapsearch as the same user you are attempting to log into the 
Console as.  If all else fails, tail your DS access log when you attempt 
to log in via Console to see if the Directory is even getting hit.

-NGK
>
> Thanks,
> -Mont
>
>------------------------------------------------------------------------
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users@redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>

I''m having trouble using this extremely simple tool...

After running the script and looking at the log file it appears that the 
users were added correctly, but I can''t search for them in the console.

Anyone have any ideas?

thanks in advance!
steve

-- 
Steve Strong
Math and Computer Science
Washington High School
2205 Forest Dr. SE
Cedar Rapids, IA   52403
http://crwash.org
mailto:strong.s@crwash.org

I am running Apache 2.0.52

As far as verifying that my directory server is up and running:

ns-slapd is running under the dsuser account
httpd.worker is running under the dsuser account

I fear I need help with ldapsearch.

If I try the following as root:

ldapsearch -LLL "(cn=Directory Manager)"

I get:

ldap_sasl_interactive_bind_s: Can''t contact LDAP server (-1)

If I try the following:

ldapsearch -LLL "(cn=Directory Manager)" -x -W

it prompts me for a password. I enter the administrator (dsadmin) password
and get:

 ldap_bind: Can''t contact LDAP server (-1)

This may indicate something is wrong, ot simply that I am trying to use
ldapsearch incorrectly.

Your assistance is greatly appreciated.

-Mont


On 3/2/06, Nathan Kinder <nkinder@redhat.com>
wrote:
>
> Mont Rothstein wrote:
>
> > I am trying to setup Fedora Directory Server 1.0.1 on an x86 box
> > running RedHat ES4 in a VMWare session.
>
> What version of Apache are you running on the system?
>
> >
> > I''ve run setup.  I''ve created a user and group
dsuser which is set as
> > the server user.  I set the admin to be dsadmin.  I set the admin
> > server to be run as root.
> >
> > setup completes and appears to start correctly.
> >
> > I use the following line to launch the console:
> >
> > ./startconsole –x nologo –u dsadmin –a
> > http://rheles4rs1.forayadams.foray.com:45303
> >
> > In the login window I enter the dsadmin password.  I then get a panel
> > with the following message:
> >
> > Cannot logon because of incorrect User ID,
> > incorrect password or Directory problem.
> >
> > HttpException:
> > Response: HTTP/1.1 401 Authorization Required
> > Status: 401
> > URL:
> http://rheles4rs1.forayadams.foray.com:45303/admin-serv/authenticate
> >
> > I''m sure I''ve done something stupid and basic
somewhere, but I have no
> > idea what and I can''t find anything about this via search.
> >
> > Does anyone have any ideas as to what I''ve done wrong?
>
> Make sure that your directory server is up and running.  You should try
> doing an ldapsearch as the same user you are attempting to log into the
> Console as.  If all else fails, tail your DS access log when you attempt
> to log in via Console to see if the Directory is even getting hit.
>
> -NGK
>
> >
> > Thanks,
> > -Mont
> >
>
>------------------------------------------------------------------------
> >
> >--
> >Fedora-directory-users mailing list
> >Fedora-directory-users@redhat.com
> >https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

Steve Strong wrote:
> I''m having trouble using this extremely simple tool...
>
> After running the script and looking at the log file it appears that 
> the users were added correctly, but I can''t search for them in the
> console.
>
> Anyone have any ideas?
What user are you logging into the console as?  If you login to the 
console as directory manager, do you see your users?
>
> thanks in advance!
> steve
>

I''m logged in as "admin" -- logging in as "Directory
Manager" results in
an error claiming that that object is not in the directory (even though 
i added it during setup).
steve

Richard Megginson wrote:
> Steve Strong wrote:
>
>> I''m having trouble using this extremely simple tool...
>>
>> After running the script and looking at the log file it appears that 
>> the users were added correctly, but I can''t search for them in
the
>> console.
>>
>> Anyone have any ideas?
>
>
> What user are you logging into the console as?  If you login to the 
> console as directory manager, do you see your users?
>
>>
>> thanks in advance!
>> steve
>>
>------------------------------------------------------------------------
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users@redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>
-- 
Steve Strong
Math and Computer Science
Washington High School
2205 Forest Dr. SE
Cedar Rapids, IA   52403
http://crwash.org
mailto:strong.s@crwash.org

Steve Strong wrote:
> I''m logged in as "admin" -- logging in as
"Directory Manager" results
> in an error claiming that that object is not in the directory (even 
> though i added it during setup).
> steve
You should be logging in as "cn=Directory Manager".
>
> Richard Megginson wrote:
>
>> Steve Strong wrote:
>>
>>> I''m having trouble using this extremely simple tool...
>>>
>>> After running the script and looking at the log file it appears
that
>>> the users were added correctly, but I can''t search for
them in the
>>> console.
>>>
>>> Anyone have any ideas?
>>
>>
>>
>> What user are you logging into the console as?  If you login to the 
>> console as directory manager, do you see your users?
>>
>>>
>>> thanks in advance!
>>> steve
>>>
>>
------------------------------------------------------------------------
>>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>  
>>
>

tried that, no change.
steve

Nathan Kinder wrote:
> Steve Strong wrote:
>
>> I''m logged in as "admin" -- logging in as
"Directory Manager" results
>> in an error claiming that that object is not in the directory (even 
>> though i added it during setup).
>> steve
>
>
> You should be logging in as "cn=Directory Manager".
>
>>
>> Richard Megginson wrote:
>>
>>> Steve Strong wrote:
>>>
>>>> I''m having trouble using this extremely simple tool...
>>>>
>>>> After running the script and looking at the log file it appears
>>>> that the users were added correctly, but I can''t
search for them in
>>>> the console.
>>>>
>>>> Anyone have any ideas?
>>>
>>>
>>>
>>>
>>> What user are you logging into the console as?  If you login to the
>>> console as directory manager, do you see your users?
>>>
>>>>
>>>> thanks in advance!
>>>> steve
>>>>
>>>
------------------------------------------------------------------------
>>>
>>>
>>> -- 
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users@redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>  
>>>
>>
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>
-- 
Steve Strong
Math and Computer Science
Washington High School
2205 Forest Dr. SE
Cedar Rapids, IA   52403
http://crwash.org
mailto:strong.s@crwash.org

admin-serv/logs/access gives me:

 192.168.1.115 - - [02/Mar/2006:12:38:03 -0800] "GET
/admin-serv/authenticate HTTP/1.0" 401 488

admin-serv/logs/error gives me:

[Thu Mar 02 12:38:03 2006] [notice] [client 192.168.1.115]
admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.1.115
[Thu Mar 02 12:38:03 2006] [notice] [client 192.168.1.115]
admserv_host_ip_check: host [rheles4rs1.foray.com] did not match pattern
[*.forayadams.foray.com] -will scan aliases
[Thu Mar 02 12:38:03 2006] [notice] [client 192.168.1.115]
admserv_host_ip_check: host alias [rheles4rs1] did not match pattern
[*.forayadams.foray.com]
[Thu Mar 02 12:38:03 2006] [notice] [client 192.168.1.115]
admserv_host_ip_check: Unauthorized host ip=192.168.1.115, connection
rejected

Looking at the above log entries I am not sure what to make of them.  I can
do a reverse lookup on the IP address via the host command.  I have no idea
where it is getting "rheles4rs1.foray.com" from.  This is missing the
forayadams subdomain.

Since that is so odd, I would suspect that is the problem, except that I
have no idea where it is getting that incorrect FQDN from.

Do these logs entries say more to you than they do to me?

Thanks,
-Mont



On 3/2/06, Richard Megginson <rmeggins@redhat.com>
wrote:
>
> Mont Rothstein wrote:
>
> > I am trying to setup Fedora Directory Server 1.0.1 on an x86 box
> > running RedHat ES4 in a VMWare session.
> >
> > I''ve run setup.  I''ve created a user and group
dsuser which is set as
> > the server user.  I set the admin to be dsadmin.  I set the admin
> > server to be run as root.
> >
> > setup completes and appears to start correctly.
> >
> > I use the following line to launch the console:
> >
> > ./startconsole –x nologo –u dsadmin –a
> > http://rheles4rs1.forayadams.foray.com:45303
> >
> > In the login window I enter the dsadmin password.  I then get a panel
> > with the following message:
> >
> > Cannot logon because of incorrect User ID,
> > incorrect password or Directory problem.
> >
> > HttpException:
> > Response: HTTP/1.1 401 Authorization Required
> > Status: 401
> > URL:
> http://rheles4rs1.forayadams.foray.com:45303/admin-serv/authenticate
> >
> > I''m sure I''ve done something stupid and basic
somewhere, but I have no
> > idea what and I can''t find anything about this via search.
>
> tail admin-serv/logs/error
> tail admin-serv/logs/access
>
> >
> > Does anyone have any ideas as to what I''ve done wrong?
> >
> > Thanks,
> > -Mont
> >
>
>------------------------------------------------------------------------
> >
> >--
> >Fedora-directory-users mailing list
> >Fedora-directory-users@redhat.com
> >https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>
>

OK, I obviously have something fundamental skrewed up.

If I try either the ldapsearch or ldapmodify commands on the wikipedia page
I get the following error:

ldap_simple_bind: Can''t connect to the LDAP server - Connection reset
by
peer

Does anyone have a guess as to what I might have skrewed up?

Thanks,
-Mont


On 3/2/06, Richard Megginson <rmeggins@redhat.com>
wrote:
>
> Mont Rothstein wrote:
>
> > admin-serv/logs/access gives me:
> >
> > 192.168.1.115 <http://192.168.1.115> - - [02/Mar/2006:12:38:03
-0800]
> > "GET /admin-serv/authenticate HTTP/1.0" 401 488
> >
> > admin-serv/logs/error gives me:
> >
> > [Thu Mar 02 12:38:03 2006] [notice] [client 192.168.1.115
> > <http://192.168.1.115>] admserv_host_ip_check:
ap_get_remote_host
> > could not resolve 192.168.1.115 <http://192.168.1.115>
> > [Thu Mar 02 12:38:03 2006] [notice] [client 192.168.1.115
> > <http://192.168.1.115>] admserv_host_ip_check: host
> > [rheles4rs1.foray.com <http://rheles4rs1.foray.com>] did not
match
> > pattern [*.forayadams.foray.com] -will scan aliases
> > [Thu Mar 02 12:38:03 2006] [notice] [client 192.168.1.115
> > <http://192.168.1.115>] admserv_host_ip_check: host alias
[rheles4rs1]
> > did not match pattern [*.forayadams.foray.com]
> > [Thu Mar 02 12:38:03 2006] [notice] [client 192.168.1.115
> > <http://192.168.1.115>] admserv_host_ip_check: Unauthorized host
> > ip=192.168.1.115 <http://192.168.1.115>, connection rejected
> >
> > Looking at the above log entries I am not sure what to make of them.
> > I can do a reverse lookup on the IP address via the host command.  I
> > have no idea where it is getting "rheles4rs1.foray.com
> > <http://rheles4rs1.foray.com>" from.  This is missing the
forayadams
> > subdomain.
>
> It seems like a DNS problem, but if you just want to disable this
> checking in the meantime, see
> http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt
>
> >
> > Since that is so odd, I would suspect that is the problem, except that
> > I have no idea where it is getting that incorrect FQDN from.
> >
> > Do these logs entries say more to you than they do to me?
> >
> > Thanks,
> > -Mont
> >
> >
> >
> > On 3/2/06, *Richard Megginson* <rmeggins@redhat.com
> > <mailto:rmeggins@redhat.com>> wrote:
> >
> >     Mont Rothstein wrote:
> >
> >     > I am trying to setup Fedora Directory Server 1.0.1 on an x86
box
> >     > running RedHat ES4 in a VMWare session.
> >     >
> >     > I''ve run setup.  I''ve created a user and
group dsuser which is
> >     set as
> >     > the server user.  I set the admin to be dsadmin.  I set the
admin
> >     > server to be run as root.
> >     >
> >     > setup completes and appears to start correctly.
> >     >
> >     > I use the following line to launch the console:
> >     >
> >     > ./startconsole –x nologo –u dsadmin –a
> >     > http://rheles4rs1.forayadams.foray.com:45303
> >     >
> >     > In the login window I enter the dsadmin password.  I then get
a
> >     panel
> >     > with the following message:
> >     >
> >     > Cannot logon because of incorrect User ID,
> >     > incorrect password or Directory problem.
> >     >
> >     > HttpException:
> >     > Response: HTTP/1.1 401 Authorization Required
> >     > Status: 401
> >     > URL:
> >    
http://rheles4rs1.forayadams.foray.com:45303/admin-serv/authenticate
> >     >
> >     > I''m sure I''ve done something stupid and
basic somewhere, but I
> >     have no
> >     > idea what and I can''t find anything about this via
search.
> >
> >     tail admin-serv/logs/error
> >     tail admin-serv/logs/access
> >
> >     >
> >     > Does anyone have any ideas as to what I''ve done
wrong?
> >     >
> >     > Thanks,
> >     > -Mont
> >     >
> >
>
>------------------------------------------------------------------------
> >     >
> >     >--
> >     >Fedora-directory-users mailing list
> >     > Fedora-directory-users@redhat.com
> >     <mailto:Fedora-directory-users@redhat.com>
> >     >https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >     >
> >     >
> >
> >
> >     --
> >     Fedora-directory-users mailing list
> >     Fedora-directory-users@redhat.com
> >     <mailto:Fedora-directory-users@redhat.com>
> >     https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >    
<https://www.redhat.com/mailman/listinfo/fedora-directory-users>
> >
> >
> >
> >
>
>------------------------------------------------------------------------
> >
> >--
> >Fedora-directory-users mailing list
> >Fedora-directory-users@redhat.com
> >https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>
>

> I''m logged in as "admin" -- logging in as
"Directory Manager" results in
> an error claiming that that object is not in the directory (even though
> i added it during setup).
User "cn=Directory Manager" is an special user and thus you
won''t be
able to find it if you look for it in the DIT. It is configured
statically, along with its password. Anyways, logging in as
"cn=Directory Manager" is discouraged. Log instead as
''admin": there
ACLs in the DIT will give admin power enough to peform administration
while stopping your from shooting at your feet.

If I use the FQDN I get the following:

ldap_simple_bind: Can''t connect to the LDAP server - No route to host

However, if I use the IP address, localhost or just the server name (not the
FQDN) it sits there for several minutes (5?) and then comes back with:

ldap_simple_bind: Can''t connect LDAP server

It is totally possible that I have something hosed in DNS but I''ve run
every
test I can think of and it seems to work.

Any ideas?

-Mont


On 3/2/06, Richard Megginson <rmeggins@redhat.com>
wrote:
>
>
> Try putting in your host and port explicitly e.g.
> ldapsearch -x -h yourhost -p yourport -s base -b ""
"objectclass=*"
>
>

OK, I figured this out.  I had two problems.

1) The FQDN in my hosts file was wrong.  After I fixed this I stopped seeing
entries in admin-serv/logs/errors but it still wasn''t working.
2) I edited my /etc/nsswitch.conf and put dns before files on the hosts
line.

Once I did that the console started up.

Thanks to everyone for their suggestions.

-Mont


On 3/3/06, Mont Rothstein <mont.rothstein@gmail.com>
wrote:
>
> If I use the FQDN I get the following:
>
> ldap_simple_bind: Can''t connect to the LDAP server - No route to
host
>
> However, if I use the IP address, localhost or just the server name (not
> the FQDN) it sits there for several minutes (5?) and then comes back with:
>
> ldap_simple_bind: Can''t connect LDAP server
>
> It is totally possible that I have something hosed in DNS but I''ve
run
> every test I can think of and it seems to work.
>
> Any ideas?
>
> -Mont
>
>
>
> On 3/2/06, Richard Megginson <rmeggins@redhat.com > wrote:
> >
> >
> > Try putting in your host and port explicitly e.g.
> > ldapsearch -x -h yourhost -p yourport -s base -b ""
"objectclass=*"
> >
> >
>