On 11/29/2010 03:43 AM, Gerrard Geldenhuis wrote: > Hi Eric, > The console has given me a few headaches in the past but so has my own mistakes... :) > > Obvious things that can be wrong include: > Firewall issues > Is the admin server running, that may sound obvious but you will be surprised the number of times it has caught me. > If you have anonymous access disabled and ssl only access then the console will not work without doing some extra things. There is a bug related to this were the internals still try to use anonymous which will fail for obvious reasons because you have disallowed it. > > Please feel free to contact me via msn or yahoo as per the private email or alternatively if you can give a complete listing of what settings you have set and configured that might help to shed light on the problem. > > Can you access 9830 with curl locally on the box? have a look in the admin server's logs for why you are getting 401 errors. Also try to disable SELinux and see if that helps, and check the selinux log. > Regards > >> -----Original Message----- >> From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users- >> bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Eric Donkersloot >> Sent: 29 November 2010 09:51 >> To: General discussion list for the 389 Directory server project. >> Subject: Re: [389-users] New 389 ds install - cannot logon to adm console >> >> Hi Gerrard, >> >> Unfortunately it doesn't. I tried to login as the admin user using the fqdn. >> The debug console output gives me: >> >> 389-Management-Console/1.1.5 B2010.123.2251 >> CommManager> New CommRecord >> (http://bla.blablabla.bla:9830/admin-serv/authenticate) >> http://bla.blablabla.bla:9830/[0:0] open> Ready >> http://bla.blablabla.bla:9830/[0:0] accept> >> http://bla.blablabla.bla:9830/admin-serv/authenticate >> http://bla.blablabla.bla:9830/[0:0] send> GET \ >> http://bla.blablabla.bla:9830/[0:0] send> /admin-serv/authenticate \ >> http://bla.blablabla.bla:9830/[0:0] send> HTTP/1.0 >> http://bla.blablabla.bla:9830/[0:0] send> Host: bla.blablabla.bla:9830 >> http://bla.blablabla.bla:9830/[0:0] send> Connection: Keep-Alive >> http://bla.blablabla.bla:9830/[0:0] send> User-Agent: >> 389-Management-Console/1.1.5 >> http://bla.blablabla.bla:9830/[0:0] send> Accept-Language: en >> http://bla.blablabla.bla:9830/[0:0] send> Authorization: Basic \ >> http://bla.blablabla.bla:9830/[0:0] send> YWRtaW46U1VSRm5ldDIwMTA= \ >> http://bla.blablabla.bla:9830/[0:0] send> http://bla.blablabla.bla:9830/[0:0] >> send> http://bla.blablabla.bla:9830/[0:0] recv> HTTP/1.1 401 Authorization >> Required http://bla.blablabla.bla:9830/[0:0] error> HttpException: >> Response: HTTP/1.1 401 Authorization Required >> Status: 401 >> URL: http://bla.blablabla.bla:9830/admin-serv/authenticate >> http://<our>.<testserver>.<suffix>:9830/[0:0] close> Closed >> >> /var/log/dirsrv/admin-serv/error: >> >> [Mon Nov 29 10:48:07 2010] [crit] openLDAPConnection(): util_ldap_init >> failed for ldap://:389 [Mon Nov 29 10:48:07 2010] [warn] Unable to open >> initial LDAPConnection to populate LocalAdmin tasks into cache. >> [Mon Nov 29 10:48:08 2010] [notice] Apache/2.2.17 (Unix) configured -- >> resuming normal operations [Mon Nov 29 10:48:08 2010] [crit] >> openLDAPConnection(): util_ldap_init failed for ldap://:389 [Mon Nov 29 >> 10:48:08 2010] [warn] Unable to open initial LDAPConnection to populate >> LocalAdmin tasks into cache. >> [Mon Nov 29 10:48:51 2010] [notice] [client xxx.xx.xxx.xx] >> admserv_host_ip_check: Unauthorized host ip=xxx.xx.xxx.xx, connection >> rejected >> >> Kind regards, >> >> Eric >> >> Gerrard Geldenhuis wrote: >>> Hi Eric, As a start always use the fqdn of the host rather than >>> 127.0.0.1 when connecting via the console. Secondly, 389-console has a >>> debug flag available that you can use while connecting that will shed >>> additional light on any other problems that may be causing issues. >>> >>> Regards >> -- >> Eric Donkersloot >> >> SURFnet >> Radboudkwartier 273 >> 3511 CK Utrecht >> M +31 6 4115 4547 >> eric.donkersloot@xxxxxxxxxx >> >> -- >> 389 users mailing list >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/389-users > ________________________________________________________________________ > In order to protect our email recipients, Betfair Group use SkyScan from > MessageLabs to scan all Incoming and Outgoing mail for viruses. > > ________________________________________________________________________ > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
