Re: Unable to login to admin console after upgrade

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 7/18/19 1:53 PM, Leonard wrote:

Trying to use "admin"

{SUBJECT_DN=CN=LDAPSERVER, SUBJECT={CN=LDAPSERVER}, SERIAL=3572, AFTERDATE=Tue Jan 02 12:01:36 2029, ISSUER={CN=389 DS}, SIGNATURE=SHA256withRSA, BEFOREDATE=Wed Jan 02 12:01:36 2019, KEYTYPE=RSA, REASONS={}, VERSION=3, ISSUER_DN=CN=389 DS}
https://LDAPSERVER:9830/[0:0] open> Ready
https://LDAPSERVER:9830/[0:0] accept> https://LDAPSERVER:9830/admin-serv/authenticate
https://LDAPSERVER:9830/[0:0] send> GET  \
https://LDAPSERVER:9830/[0:0] send> /admin-serv/authenticate \
https://LDAPSERVER:9830/[0:0] send>  HTTP/1.0
https://LDAPSERVER:9830/[0:0] send> Host: LDAPSERVER:9830
https://LDAPSERVER:9830/[0:0] send> Connection: Keep-Alive
https://LDAPSERVER:9830/[0:0] send> User-Agent: 389-Management-Console/1.1.17
https://LDAPSERVER:9830/[0:0] send> Accept-Language: en
https://LDAPSERVER:9830/[0:0] send> Authorization: Basic  \
https://LDAPSERVER:9830/[0:0] send> <REDACTED> \
https://LDAPSERVER:9830/[0:0] send>
https://LDAPSERVER:9830/[0:0] send>
https://LDAPSERVER:9830/[0:0] recv> HTTP/1.1 200 OK
https://LDAPSERVER:9830/[0:0] recv> Date: Thu, 18 Jul 2019 17:44:35 GMT
https://LDAPSERVER:9830/[0:0] recv> Server: Apache/2.2
HttpChannel.invoke: admin version = 2.2
https://LDAPSERVER:9830/[0:0] recv> Admin-Server: 389-Administrator/1.1.38
HttpChannel.invoke: admin version = 1.1.38
https://LDAPSERVER:9830/[0:0] recv> Content-Length: 314
https://LDAPSERVER:9830/[0:0] recv> Connection: close
https://LDAPSERVER:9830/[0:0] recv> Content-Type: text/html
https://LDAPSERVER:9830/[0:0] recv>
https://LDAPSERVER:9830/[0:0] recv> Reading 314 bytes...
https://LDAPSERVER:9830/[0:0] recv> 314 bytes read
Console.replyHandler: adminVersion = 1.1.38

Trying to use "uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot"

CommManager> New CommRecord (https://LDAPSERVER:9830/admin-serv/authenticate)
CREATE JSS SSLSocket
https://LDAPSERVER:9830/[1:0] open> Ready
https://LDAPSERVER:9830/[1:0] accept> https://LDAPSERVER:9830/admin-serv/authenticate
https://LDAPSERVER:9830/[1:0] send> GET  \
https://LDAPSERVER:9830/[1:0] send> /admin-serv/authenticate \
https://LDAPSERVER:9830/[1:0] send>  HTTP/1.0
https://LDAPSERVER:9830/[1:0] send> Host: LDAPSERVER:9830
https://LDAPSERVER:9830/[1:0] send> Connection: Keep-Alive
https://LDAPSERVER:9830/[1:0] send> User-Agent: 389-Management-Console/1.1.17
https://LDAPSERVER:9830/[1:0] send> Accept-Language: en
https://LDAPSERVER:9830/[1:0] send> Authorization: Basic  \
https://LDAPSERVER:9830/[1:0] send> <REDACTED> \
https://LDAPSERVER:9830/[1:0] send>
https://LDAPSERVER:9830/[1:0] send>
https://LDAPSERVER:9830/[1:0] recv> HTTP/1.1 401 Authorization Required
https://LDAPSERVER:9830/[1:0] error> HttpException:
Response: HTTP/1.1 401 Authorization Required
Status:   401
URL:      https://LDAPSERVER:9830/admin-serv/authenticate
https://LDAPSERVER:9830/[1:0] close i/o stream
https://LDAPSERVER:9830/[1:0] close socket
https://LDAPSERVER:9830/[1:0] close> Closed

I am not seeing a bind attempt in the access log when specifying the full DN.
Are you sure?  I forgot to mention that there is log buffering. You have to wait 30 seconds before the action is actually written to disk for the access log.  Also what is in the Admin Server access and error logs?  /var/log/dirsrv/admin-serv/ 


Also, have you tried logging in as "cn=directory manager"?


_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx


--

389 Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux