Cannot login as sxadmin on fresh install

[ericwk]

I just installed Scalix 10.0.1 on a FC4. However, sac keeps reporting could not login. I browsed through all entries in the forum, tried re-installed 4 times. Still fail.

Want to see if anyone can help us troubleshoot this.

caa.log reported the followings:

2006-05-30 20:02:02,085 ERROR [RbacAuthorizationHelper.authenticateUser:87] Exception:
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
at com.scalix.sac.ubermgr.ldap.LDAPQuery.initContext(LDAPQuery.java:71)
at com.scalix.sac.ubermgr.rbac.RbacAuthorizationHelper.authenticateUser(RbacAuthorizationHelper.java:58)
at com.scalix.sac.ubermgr.ldap.LDAPServiceHandler.Login(LDAPServiceHandler.java:112)
at com.scalix.sac.ubermgr.caa.RESService.authenticateAndAuthorizeUser(RESService.java:157)
at com.scalix.sac.ubermgr.caa.RESService.doRequest(RESService.java:83)
at com.scalix.caa.soap.SOAPDispatcherServlet.onMessage(SOAPDispatcherServlet.java:267)
at com.scalix.caa.soap.SAAJServlet.doPost(SAAJServlet.java:123)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:300)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:374)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:743)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:675)
at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Unknown Source)

/etc/hosts content:
[root@testhost bin]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.0.229 testhost.bearriver.com testhost

Nslookup result:
[root@testhost bin]# nslookup testhost.bearriver.com
Server: 192.168.0.3
Address: 192.168.0.3#53

Name: testhost.bearriver.com
Address: 192.168.0.229

/opt/scalix/global/config content:
[root@testhost bin]# cat /opt/scalix/global/config
OMNAME=testhost
OMHOSTNAME=testhost.bearriver.com
OMDATADIR=/var/opt/scalix
OMAUTOSTART=TRUE

User info:

[root@testhost ericw]# omshowu -n sxadmin/testhost,bearriver
Authentication ID: sxadmin@testhost.bearriver.com
User Name : sxadmin /CN=sxadmin
MailNode : testhost,bearriver
Internet Address : sxadmin-testhost@bearriver.com
System Login : sxadmin
Password : set
Admin Capabilities : YES
Mailbox Admin Capabilities : NO
Language : C
Virtual Vault : Enabled (default)
Mail Account: Unlocked
Last Signon : Never.
Receipt of mail : ENABLED
Service level : 0
Excluded from Tidying : NO
User Class : Limited
[root@testhost ericw]#

[root@testhost ericw]# omshowu -n sxqueryadmin/testhost,bearriver
Authentication ID: sxqueryadmin@testhost.bearriver.com
User Name : sxqueryadmin /CN=sxqueryadmin
MailNode : testhost,bearriver
Internet Address : sxqueryadmin-testhost@bearriver.com
System Login : 60534
Password : set
Admin Capabilities : YES
Mailbox Admin Capabilities : NO
Language : C
Virtual Vault : Enabled (default)
Mail Account: Unlocked
Last Signon : Never.
Receipt of mail : ENABLED
Service level : 0
Excluded from Tidying : NO
User Class : Limited

[ScalixSupport]

Are you using the authentication id of sxadmin@testhost.bearriver.com or just sxadmin?

Thanks,
Don

[julio]

See if you can authenticate using omldapsarch with the following command:

omldapsearch -D cn=sxqueryadmin,o=scalikx -w sxqueryadmin_password cn=*

if you get authentication error then your sxqueryadmin password set in /etc/opt/scalix/caa/scalix.res/config/psdata and the one in the directory does not match.

[alfista]

so what do you do if they don't match :-) ?

[julio]

If in the previous test you *do not* get an authentication error then update the psdata file with the correct password, stop the tomcat server, remove the tomcat_home/work/*/caa and tomcat_home/webapps/caa directory, and restart the tomcat server.

Basically, you want the password in the psdata file and whatever you set on the command line or by the installer for sxqueryadmin to be the same

Secondly, you may also want to turn on the debuggin for the caa.log file by doing the following:

1. cd /etc/opt/scalix/caa/config
2. edit the log4j.properties file
3. change the INFO --> DEBUG
4. restart tomcat.

[AussieOwner]

If they dont match, you need to

1) Uninstall RES using the scalix-installer
2) delete the sxqueryadmin user with omdelu from the cmdline. Should be "omdelu -n sxqueryadmin"
3) Reinstall RES using the scalix-installer. The fact that sxqueryadmin is does not exist will cause the RES install to recreate it.

Darrell

[alfista]

Darrell,

thanks for the reply. I tried #2, but to no avail.

Any other ideas?

Cheers,

Jason

[AussieOwner]

alfista

Are you saying that step #2 failed? or are you saying that you went thru the entire procedure (steps 1-3) and you still could not log on to SAC?

Darrell

[alfista]

I've also removed all services but Scalix Server, deleted the sxqueryadmin and then reinstalling these additional components (and being prompted for a sxadmin password) however, I still get invalid password for both sac and webmail.

[alfista]

Sorry Aussie - I didn't see your reply before my second post.

I tried the 'don't match' set of three steps.

I'm afraid I'm just doing something stupid so please ask basic questions.
Yes, however, I am adding the domain to the sxadmin user account at login.

thanks again!

Jason

[AussieOwner]

alfista

So lets rewind a bit and start over. I dont think that your problem is the same as the one experienced by the original poster. Namely, because you cant logon to sxadmin via webmail or SAC. Therefore i dont think this is related to sxqueryadmin.

So lets start out with something simple.. Lets change the sxadmin to something simple. The cmd to do this is:

ommodu -o "sxadmin" -p xxxx

where xxxx is a simple password such as pass.

Next, let try logging on from the cmdline with omlogon:

omlogon -h 127.0.0.1 -u sxadmin -p password

Please let me know the result of these steps and i will let you know where to go from here.

Darrell
The AussieOwner

[alfista]

Thanks Darrell,

I think I'm having some other problems as well - I believe related to the user that tomcat is running as but let me describe the situation.

In another thread (which I redirected here, but probably should have done the opposite) I was asked to check the caa logs. When I did, I noticed the system clock was wrong. So I corrected it using NTP. That didn't fix any logon problems (kerebos?) so I figured I'd reboot for fun. When the box came up, sac and webmail would not load (nor the default apache page).

I think if I add/remove scalix components then tomcat would start.

/opt/scalix-tomcat/logs/caa.log must be the wrong place because I don't see anything related to logins there.

Thanks,

Jason

[alfista]

and yes, I am able to log into mail from the command line using the commands you provided.

[alfista]

Tomcat was running, but running the installer and reconfiguring the SAC and SWA would put the pages back online. Still no login ability however.