[SOLVED] User couldn't be authenticated - Sunstone

solved
#1

Hi,

I have a problem with Sunstone authentication. When an user try authenticate in Sunstone, occurs this error:

OpenNebula is not running or there was a server exception. Please check the server logs

In oned.log have:
Wed May 8 03:01:58 2019 [Z0][ReM][D]: Req:4560 UID:0 one.user.info invoked , -1
Wed May 8 03:01:58 2019 [Z0][ReM][D]: Req:4560 UID:0 one.user.info result SUCCESS, “0<GID…”
Wed May 8 03:01:58 2019 [Z0][ReM][D]: Req:2112 UID:-1 one.user.info invoked , -1
Wed May 8 03:01:58 2019 [Z0][ReM][E]: Req:2112 UID:- one.user.info result FAILURE
[one.user.info] User couldn’t be authenticated, aborting call.

I’ve already checked it the credential of serveradmin user in files stored in /var/lib/one/.one/ and comparated with database information:

# oneuser show 1
USER 1 INFORMATION
ID              : 1
NAME            : serveradmin
GROUP           : oneadmin
PASSWORD        : xxxxd5b02cb1c3b9d39a2dad7aab5b7f733exxxx
AUTH_DRIVER     : core
ENABLED         : Yes

# cat /var/lib/one/.one/sunstone_auth
serveradmin:<sanitized_pass>

# echo -n "<sanitized_pass>" | sha1sum
xxxxd5b02cb1c3b9d39a2dad7aab5b7f733exxxx

It was working perfectly, and I suspect that the problem may have occurred after an “oneuser chauth” command.
In command line, one* commands working perfectly.
I’ve already tried restore user_pool table and restart opennebula and opennebula-sunstone services, but the problem persist.

I using Opennebula 5.6.2. Can anyone help-me please??

(Alejandro Huertas) #2

Hello @gbernardes

Try the following:

  • cat /var/lib/one/.one/sunstone_auth this is serveradmin:password
  • oneuser passwd serveradmin password --sha1
  • Restart opennebula.
  • Restart sunstone.
#3

Hi @ahuertas.

I tried:
# cat /var/lib/one/.one/sunstone_auth
serveradmin:–password–
# oneuser passwd serveradmin --password-- --sha1
# systemctl restart opennebula
# systemctl restart opennebula-sunstone

But the same error persists. Do you have any other ideas? Is there any way to get more information (debug level is already in 3)?

(Alejandro Huertas) #4

Is the PASSWORD field of oneuser show serveradmin the same as the sha1 of the password in the sunstone_auh?

#5

@ahuertas,

Yes. See:

# oneuser show 1
USER 1 INFORMATION
ID              : 1
NAME            : serveradmin
GROUP           : oneadmin
PASSWORD        : xxxxd5b02cb1c3b9d39a2dad7aab5b7f733exxxx
AUTH_DRIVER     : core
ENABLED         : Yes

# echo -n "=password=" | sha1sum
xxxxd5b02cb1c3b9d39a2dad7aab5b7f733exxxx
#6

Hi @ahuertas and others ,
Seeing here, the error is generated by line 272 of the file sunstone_server.rb. So the check that fails is line 270. How to know exactly what failed?
Any have ideas or suggestions?

265: client  = $cloud_auth.client(result, session[:active_zone_endpoint])
266: user_id = OpenNebula::User::SELF
267: 
268:  user    = OpenNebula::User.new_with_id(user_id, client)
269:  rc = user.info
270:  if OpenNebula.is_error?(rc)
271:       logger.error { rc.message }
272:       return [500, ""]  <=== This is the return
273:  end
(Alejandro Huertas) #7

It’s seems that the password is wrong.

Try the following (don’t do it in production environment):

  • Backup your database and /var/lib/one/.one.
  • Remove your database and the content of .one folder.
  • Restart everything again.

Does it work?

#8

@ahuertas,

I’m using MySQL database. In this case, I should create a empty database for this test?

(Alejandro Huertas) #9

Yes, drop the current one and create an empty one.

1 Like
#10

@ahuertas,

Yes, with a empty DB and removed .one files was possbile to login. How do fix the production?

#11

The problem was solved! :grinning:

I did this:

  • Copied the value of field ‘body’ of table user_pool of serveradmin user in test database;
    testDB: mysql> SELECT body FROM user_pool where uid=‘1’
    <USER><ID>1…</TEMPLATE></USER>
  • Updated in production DB the field ‘body’ of table user_pool of serveradmin;
    productionDB: mysql> UPDATE user_pool set body=’<USER><ID>1…</TEMPLATE>
    </USER>’ WHERE uid=‘1’;
  • Copied file sunstone_auth of test for production.
    # cp /var/lib/one/.one-test/sunstone_auth /var/lib/one/.one/sunstone_auth

@ahuertas Many thanks for your help and cooperation!

(Alejandro Huertas) #12

That was the solution I was going to give you, nice to hear the problem is solved!

1 Like