SAC Login impossible after upgrade to 10.0.1

[dkizirian]

I'm running Scalix 10.0.1 on Centos 4.3 (sorry, I know it's not supported). Everything was working well using 10.0.0. Just upgraded to 10.0.1, everything is great - except that the sac admin console does not allow me to login. FYI: When installing, you are promted for a sxqueryadmin password (ldap issue as described in the release notes). I chose the same password as for sxadmin@domainname.com.

You can still log into scalix web access, just not the sac. I've tried doing the following...

1. Reboot

2. ommodu -n 'sxadmin' -p 'password'
ommodu: The user was modified successfully
- But still cannot log in

3. ommodu -n 'sxadmin' -k
ommodu: The user was modified successfully
- But still cannot log in using SAC

I've documented my setup in all respects. I can post full specs if anyone wants to see, or needs a good howto on getting Scalix, ClamAV, SpamAssassin, and Rysnc all working together.

Dave

[dkizirian]

Here's the results of the omshowu -n sxadmin command on my system. Could the
Mailbox Admin Capabilites: NO
be part of the fault here? I see that Admin Capabilites is set to yes.

Dave

[root@webmail ~]# omshowu -n sxadmin
Authentication ID: sxadmin@webmail.wid.org
User Name : sxadmin /CN=sxadmin
MailNode : webmail,wid
Internet Address : sxadmin-webmail@wid.org
System Login : sxadmin
Password : set
Admin Capabilities : YES
Mailbox Admin Capabilities : NO
Language : C
Virtual Vault : Enabled (default)
Mail Account: Unlocked
Last Signon : 05.15.06 15:32:56
Receipt of mail : ENABLED
Service level : 0
Excluded from Tidying : NO
User Class : Limited

[dkizirian]

First off, sorry for not giving full details on the first post. There's nothing like discovering the SAC doesn't work just a few hours after going live. Frantic, AHHH! Hope I'm not unnecessarily starting a new thread. If there's a working solution out there, please send me there.

I've tried the following, still with no success...

1. Removed the SAC using Scalix Installer

2. Reconfigured SAC using Scalix Installer

- Still not able to use SAC, keeps giving a log on error "you might have forgotten to include you domain..."

3. Reconfigured Scalix using Installer

4. Restarted Scalix Service

- Still not able to use SAC. All Scalix services are running, minus Item Structure Server which is stopped.

Odd thing is that I can still log in using my sxadmin@sub.domain.com to webmail, but cannot log into SAC. So I know that there's not a password or "CAPSLOC" OR "NUMLOCK" problem with my keyboard. :wink: This also tells me that the server is authenticating properly, over web, local net, localhost on server. So again, this narrows things down to SAC. Everything else is working properly.

Server Details
Dell PowerEdge 700, 2.8GHz, 1GB RAM, 72GB SCSI, 300GB SATA (for backup).
Scalix is running on EXT3, not LVM
SATA drive is an LVM volume, mounted read only except when doing backups.
Other than Scalix, nothing is running on the server.

Here's an outline of my install documentation - just in case it provides hints.

Partition HD
/boot 100MB (Scalix Recommends 75MB)
/ 9GB (Scalix Recommends 6GB)
/swap 4GB
/var 56GB (Remaining Space)

Install Packages
X Windows
KDE
Editors
Graphical Internet
Text-based Internet
Server Configuration Tools
Web Server
Mail Server
Sendmail
SpamAssassin
Windows File Server
Network Servers
krb5-server
Development Tools
Legacy Software Development
Administration Tools
System Tools
Printing Support

Enable Firewall
Trusted Services:
WWW (HTTP)
MAIL (SMTP)
Other Ports:
5729:tcp, 389:tcp, 443:tcp, 110:tcp, 143:tcp
SELinux Disabled

Finish Centos Installation

Configure Network
System Settings > Network > Hosts
Edit
192.168.1.18 webmail.wid.org webmail
vi /etc/mail/local-host-names
192.168.1.18 webmail.wid.org webmail

Configure and Enable SSL
/usr/bin/openssl genrsa 1024 > /etc/httpd/conf/ssl.key/server.key
chmod go-rwx /etc/httpd/conf/ssl.key/server.key
umask 77 ; /usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -x509 -days 365 -out /etc/httpd/conf/ssl.crt/server.crt
service httpd restart

Update Centos
yum clean all
yum update
cp /etc/redhat-release /etc/redhat-release.orig
vi /etc/redhat-release
Red Hat Enterprise Linux ES release 4 (Nahant)


Configure Sendmail
- Check that Sendmail is only listening on the local loopback address.
cd /etc/mail
vi sendmail.mc
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') dnl

make -C /etc/mail

vi /etc/mail/access
192.168.1 RELAY

make access.db

Download and Install
spamass-milter
clamav

Enable Services
System Settings > Server Settings > Services
clamd
httpd
spamass-milter
spamassassin

Configure Firefox
Edit > Preferences > Web Features
Uncheck Block Popup Windows

Install Scalix 10.0.0

Configure Virus Scanning Ruleset
vi /etc/group
clamav:n:xx:scalix
scalix:n:xx:clamav

cd /var/opt/scalix/rules
vi ALL-ROUTES.VIR
VIRUS-FOUND=1 ACTION=DISCARD
VIRUS-FOUND=0 ACTION=ALLOW

omoff -s sr
omon -s sr

cp /opt/scalix/examples/general/omvscan.map /var/opt/scalix/rules/omvscan.map
chown root omvscan.map
chgrp scalix omvscan.map
chmod 555 omvscan.map

vi /var/opt/scalix/sys/omvscan.cfg
[GENERAL]
ANTI_VIRUS_ENGINE="ClamAV"

Configured spamassassin according to Scalix Technote

Installed rules_du_jour script

Setup backup using Rsync

Added all users and groups using SAC

Changed DNS through ISP to make webmail.wid.org a secondary, lower priority MX

Waited 2 weeks, allowed spammers to test my system. They do a much better job than me using telnet.

___________________________________________________________

May 16
yum update
Installed scalix 10.0.1 - next time will do this on a test server.
Everything seemed to be working - (forgot to test SAC)
Tried to log onto SAC - failed
Changed sxadmin password - still couldn't log on
Changed sxadmin password back to original password - still couldn't log onto SAC, but could log onto webmail.
Added admin privilege to my scalix account - also couldnt' log onto SAC.
Reconfigured Scalix - still no go on SAC

May 17
omshut
Removed SAC
Installed SAC - still couldn't log on
Reconfigured SAC using installer - still couldn't log on

________________________________________________________

Scalix gurus Dave, Dan, Florian, Rachel and the rest... Any words of wisdom on this? I can do everything via command line, but SAC is a really nice tool. Any help or things to think about - even random suggestions - will be greatly appreciated.

Dave

[dkizirian]

Here's the error that I'm getting when I look in the Tomcat caa.log file each time there is an unsuccessful login attempt through SAC.

______________________________________________________________



2006-05-17 11:05:28,453 INFO [NotificationEventListener$WorkerThread.run:50] Event Notification: heartbeat|http://webmail.w
id.org/res/RESDispatcher|LISTEN|300|webmail|webmail.wid.org|10.0.0 from host:webmail.wid.org
2006-05-17 11:05:46,191 ERROR [LDAPHelperUtils.getTargetHost:362] javax.naming.AuthenticationException: [LDAP: error code 49
- Invalid Credentials]
2006-05-17 11:05:46,278 ERROR [RbacAuthorizationHelper.isScalixUser:240] Exception:
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
at com.scalix.sac.ubermgr.ldap.LDAPQuery.initContextWithCN(LDAPQuery.java:88)
at com.scalix.sac.ubermgr.rbac.RbacAuthorizationHelper.isScalixUser(RbacAuthorizationHelper.java:224)
at com.scalix.sac.ubermgr.ldap.LDAPServiceHandler.Login(LDAPServiceHandler.java:122)
at com.scalix.sac.ubermgr.caa.RESService.authenticateAndAuthorizeUser(RESService.java:157)
at com.scalix.sac.ubermgr.caa.RESService.doRequest(RESService.java:83)
at com.scalix.caa.soap.SOAPDispatcherServlet.onMessage(SOAPDispatcherServlet.java:267)
at com.scalix.caa.soap.SAAJServlet.doPost(SAAJServlet.java:123)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:300)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:374)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:743)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:675)
at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Unknown Source)
2006-05-17 11:06:16,017 INFO [RESMonitor.run:115] Server webmail.wid.org up 53 mins, 52 secs
2006-05-17 11:06:28,476 INFO [NotificationEventListener$WorkerThread.run:50] Event Notification: heartbeat|http://webmail.w
id.org/res/RESDispatcher|LISTEN|300|webmail|webmail.wid.org|10.0.0 from host:webmail.wid.org

[dkizirian]

Thanks to poster rtroth and you scalix folks, things are finally working!

If you're having trouble SAC to run after installing 10.0.1, view the following post...

http://www.scalix.com/community/viewtopic.php?t=2021

I did the following...

1. Uninstall SAC and RES

2. omdelu -n sxqueryadmin

3. Install SAC and RES

***** Use a password that differs from the one for sxadmin@host.domain.com *****

4. OK!!! Things are up and running!!!!

[fireking]

Hello,

i have a problem too kind of like this....
I am totaly new in scalix.....i have just installed......

Evrything is working except SAC over web......

I use Debain (testing).....and i have installed scalix community raw edition....

How should i reinstall SAC modul? i have used this wiki for installing, and there is no entry for reinstalling modules...

http://www.scalix.com/wiki/index.php?ti ... stallation

Best Regards,
Darvi

[fireking]

Hello,

I have reread the forum, and my sac is working atm, but i have some problem with latin2 charsets name ;) i have asked about this in an other topic.